00:16:32 I lost track of who maintains the service, we might reasonably assume that it's no longer maintained. It's also in at least one other topic. 00:17:08 I'll ping koobs in Discord. 00:17:18 (About the topics.) 00:53:55 shoot me an e-mail when that is done and i'll take us for hot chocolate 00:54:38 ;) 00:54:46 what did bsd.to do? google just gives me results about bahamian dollars 01:10:37 looks like a pastebin and etherpad 01:16:02 so, looks like I've hit upon a bug specific to Alder Lake. Pretty low-level, causes panics for various reasons, mainly page faults. It looks similar to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261169 01:17:56 the thing is, the latest ufs corruption happened when I was deleting a backup copy of /usr/ports. And now I am stuck with a /usr/ports.old that appears empty or non-empty (2 files) depending on which ls options I'll use. rmdir and rm -rf both think the directory is not empty. Any ideas on how to fix this? 01:23:29 johnjaye: You didn't find "Bungo Stray Dogs" :D 01:28:55 nope. just bahamian dollars. and bitsend 01:31:27 what is vtnet0 interface? Is that just another interface like bge0 or em0 ? 01:32:47 I see it in a lot of jail related documentation 01:33:18 mns: Yes. It's the Virtual Network interface. It will act just like any other physical interface as far as configuration is concerned. 01:34:38 ek: is that something I need to have for vnet based jails? 01:35:59 mns: vtnet is virtio interface created by KVM/qemu jails 01:36:07 mns: nothing to do for vnet, for vnet you use epair interfaces 01:36:21 er, i mean "KVM/qemu virtual machines" - not jails 01:36:33 mns: Not necessarily. You jails can be configured many different ways. I generally use something different and "vnet" naming tends to be for VirtIO interfaces. 01:36:50 Whoopsie-doodle! 01:36:57 ivy beat me to it. ;) 01:37:09 do you need the book on jails. or does the handbook cover it enough? 01:37:17 michael lucas book that is 01:38:20 you can technically put a vtnet interface in a vnet jail, i actually do that on one VM here, but that's no different from putting em0 or ix0 or whatever in a jail 01:38:21 johnjaye: the handbook does a good job, barring networking when using vnets. I followed the handbook, but I can't ping either from the inside or the outisde of the jail. 01:38:24 The handbook covers it just fine (FreeBSD's documentation is serious second-to-none.) However, supporting authors that do write FBSD books is always appreciated! 01:39:11 ok. my braingpt interprets that as i'll be fine with the free resources until I need serious networking tasks 01:39:38 mns: You likely either need to re-route some stuff on the host side using a firewall for the jails, or just toss the jails on the same network/bridge. 01:40:17 johnjaye: You'll be fine. For very simple, everyday jails, the handbook is plenty informative. 01:40:36 If you're going to do some really crazy stuff, a book with details would certainly benefit. 01:40:46 ek: I did put the jail on the same network/bridge. But I'm sure I've screwed up something somewhere. 01:41:06 most likely in how I translated interface names in the documentation to what I have on my system 01:41:09 mns: Are you using VNET? 01:41:44 ek: yes. I'm not doing anything crazy. Just simple web server on https. no other jails or anything. 01:42:00 mns: paste somewhere, 'ifconfig' from host and from vm, 'netstat -rn' from host and from vm 01:42:27 this is the minimum information required to debug vnet routing issues 01:42:38 and by 'vm' i mean 'jail' obviously 01:43:00 obviously :-) 01:43:11 OBVIOUSLY! 01:43:16 yeah let me do that. need to find a good paste place. 01:43:20 There are a lot of different configs you can use. 01:43:26 distinguishing related but distinct semantics concepts is hard, let's go shopping 01:43:27 paste.purplehat.org 01:44:14 I've always found vnet with bridge and epair to be the easiest if I want literally nothing between my jails and physical systems. 01:45:42 And, completely off-topic, I'm going to tune in to (hopefully) watch Tyson knock Jake's block off. 01:45:57 Nearly 60-year-old Tyson... Crazy. 01:53:04 when dealing with these mysql clones like postgres or mariadb, how faithful are they? 01:53:14 is it like if you learn one you can mostly use the others? 02:06:02 i recommend asking about that in the postgres channel. let us know what happens 02:07:01 (be sure to phrase your question exactly as you have here) 02:07:16 popcorn time 02:07:46 lol i lost my nerve... 02:11:34 johnjaye: To give a generic answer for here (because I've run (and still run) all of the mentioned DB's,) yes. They're all very similar. Slight syntax differences, but mostly very relatable between them. 02:12:01 It would be like script simple bourne sheel and Bash. Similar. 02:12:39 Wow. I butchered that! 02:12:47 Stupid alcohol. 02:13:08 ivy: ek: https://paste.debian.net/1335685/ 02:13:45 apologies for the bad formatting in places. not sure why that happened 02:18:43 mns: The conifiguration doesn't look wrong. But, if you're trying to accomplish what I think you are, maybe take a look at https://forums.freebsd.org/threads/jail-networking.91341/ ? 02:18:57 to build on ek's analogy, mysql and mariadb would be like /bin/sh and bash; postgres would be like t/csh 02:19:25 You're attempting jails on the same subnet/VLAN, correct? Just like adding a physical machine without firewall on the host? 02:20:02 ek, yes 02:20:37 mns: Kinda, yes. Postgres seems to care a little less about certain things (syntax-wise,) but command are very similar from the user point of view. 02:22:35 mns: for some reason, jail0 is not keeping the address you give it, that's probably the issue with the pings you showed 02:23:19 so try ifconfig jail0 inet 192.168.70.150/24 02:26:51 jmnbtsls1E: do that on the host side? 02:27:05 yeah 02:28:27 ek: thanks. bingAI just told me that they were not clones at all and in fact focus on optimizing very different areas. a very weaselly answer of the type i've come to expect from AI 02:29:55 never ever trust AI machines 02:30:29 johnjaye: They are certainly not "clones." Maria is a fork of MySQL and Postgres is an entirely different beast. 02:31:04 well i would have to interrogate chatgpt and google for a few minutes to come to the same conclusion that ek just told me because he knows the answer. 02:31:05 They are definitely all different. but they respond the same... if that makes sense. 02:31:10 right 02:31:14 ... from a user command-side. 02:31:18 jmnbtsls1E: I can ping .150 from the host now. From inside the jail I still get the same results, which is nothing 02:31:19 the API is a common standard 02:31:23 they do the same job very very different ways 02:32:05 mns: if you get no response from 70.150, maybe it's a firewall issue. no response from 70.1, maybe it's net.inet.ip.forwarding needs to be 1 02:32:28 in my defense i'm not writing large blocks of code with chatbots, then when finding it's wrong instead of fixing it trying to just redefine the chat prompt. this is a thing that actually happens 02:32:48 mns: for debugging jail ping to 70.150, check tcpdump on the relevant interfaces 02:33:57 let me check on ip.forwarding 02:34:00 It certainly seems like an issue with routing. Especially if you can ping from the host. So, the host needs to allow the route out and in. 02:34:58 If keeping it as simple as possible, there should be no firewall issue (unless it's exposed with an external IP?) 02:35:12 So, IP forwarding allowance may fix it. 02:35:33 but ip forwarding won't fix inability to get 70.150 from the jail 02:36:37 so I enabled ip.forwarding on the host. 02:37:00 but the jail can't ping 70.1 02:37:18 I'm guessing I don't need to restart the jail 02:38:25 ah, they're all on the same subnet, so if you want that, you have to bridge it. you might want to put your jail subnet on a different subnet then add a route on 70.1 for that subnet 02:38:52 70.1 has no way of knowing where 70.151 is 02:38:59 jmnbtsls1E: Nope. It won't. I was hoping, if it wasn't already set, that it would allow any routing on the subnet to just continue going. 02:40:10 mns: No need for a jail restart. That has nothing to do with the network allowance/routing. 02:40:29 Something on the host in limiting it. 02:40:40 yeah so, mns, one solution is to do ifconfig bridge0 addm bge0...that should work 02:42:49 another solution depending on what you want to do is to use a different jail subnet and add a static route on 70.1 for your new jail subnet via 70.4 02:43:08 ok so adding bge0 to bridge0 allows for pinging 70.150 from inside the jail, but I can't ping 70.1 from inside the jail 02:44:08 ensure firewall is disabled and check tcpdump on bge0 02:44:17 yeah firewall is disabled 02:44:34 guess this is a good time to re-learn tcpdump 02:44:50 tcpdump -ni bge0 icmp and host 192.168.70.1 02:45:53 then probably tcpdump -ni bge0 arp 02:46:59 nothing happened when pinging from inside the jail to 70.1 02:47:17 check icmp again on jail0 02:47:18 tcpdump (running on the host) didn't see anything 02:48:00 same, nothing 02:49:26 weird. that doesn't seem consistent with the output you pasted 02:50:32 ah well, check arp also on jail0 02:51:58 with arp on bge0 I do see some output 02:52:02 let me try jail0 as well 02:52:26 you see a who-has with no reply? 02:53:21 i haven't done this setup much so i think i'm getting something wrong about how it should be setup. i recommend using a different subnet and adding a route on 70.1 02:53:54 jmnbtsls1E: correct. on bge0 and jail0 ARP who-has does not get a reply when 70.151 is asking 02:54:01 i think the big problem i didn't realise is you need to take the address off of bge0 and put it elsewhere 02:55:36 (so you would need to put bge0's address on some other bridge and connect the two bridges together) 02:56:32 bge0 is the physical interface on the host. 02:57:05 yeah, you would need to take the address off bge0, put it on a bridge1, and do ifconfig bridge0 addm bridge1 02:57:19 ahh ok 02:57:23 so that might complicate other things 02:57:29 hmmm 02:58:10 this is why I wanted to do jails without jail managers, to get an understanding of all this. I guess I have some more learnign and reading to do. 02:58:42 if this is a small site, i'd just use a different /24 for your jail and add a route to it from any host on 70.0/24 that needs to access it. this becomes bad if you have lots of hosts on 70.0/24 that need to access it. 02:59:40 (nuclear solution is to use do nat on bge0 and keep your jail subnet hidden from the outside. outside thinks it's talking to 70.4) 03:02:29 but, nothing that we just did should have changed anything about the jail's ability to get to 70.150 03:02:45 its a small site, just static personal pages being served. As I had mentioned before, nothing fancy. There are no other usable hosts on 70.0/24, except for phones, tables, etc. 03:03:54 if you have a gateway modem device, there is probably a setting there to add a static route for a separate subnet, via 70.4. now, whether it will allow you to port forward and such, to that new subnet, not sure. 03:04:17 I'll have to take a step back. I'm sure I'm missing something. This all worked when I was using Bastille, and I had it working after I stopped using bastille as well. But it stopped around end of October. Will have to see what my upgrading to 14.1Rp6 might have done 03:06:19 I'll have to check the gateway modem, but I doubt Comcast will let me do that 03:07:06 OK. in theory this current "addm bge0" should work without taking the address off bge0, but that's what occurred to me to try to fix it 03:07:14 I'll have to pick this up tomorrow. Thank you for the help, jmnbtsls1E, ek 03:07:31 it shouldn't matter for your ISP, it's really internal to your network 03:07:34 OK 03:08:47 it seems that your jail manager did some setup, since the way it was when we started, it could not have worked 03:15:42 yeah I am sure it did. I'll have to see if I have notes from then to see what exactly I did. 03:16:56 has nyone compiled grub 2.12 recenltY? 11:53:29 I have freebsd on this raspberry pi 2b and every time i try to make a bridge and add an epair to it it kernel panics 12:23:08 i'm installing freebsd 14.1 on a laptop with no ethernet, in the dmesg, it shows rtw880 failed to download firmware but i need to connect to the wifi to download it. how do i do it? 12:40:12 im starting to use public key encryption for ssh access instead of passwords. question is, on a box that i can't transfer the private key to, but i still want to ssh from, can i recreate the private key on the box using the pw i used to create the pub/priv key originally? 12:42:14 If by recreate you mean generate a new one, yes. You'll get a new and different key pair that way, so you'll need to transfer that public key too to the places you wish to authenticate to 12:43:49 no i want to recreate the priv key on a box that i can't transfer it to 12:44:12 not possible i guess? 12:45:00 I suggest not spreading your private keys around. I have a key pair (in some cases more than one) generated on each of my client I use to ssh out from. I never share privates. 12:45:18 What is stopping you from transferring the key btw? 12:47:07 ssh key generation does NOT use the same type of mechanism as hashing a password, thus supplying the same passphrase will not give you an identical key. That would make the whole idea useless. 12:47:35 that's a good idea. i can just generate a new keypair on the troublesome box then add the public key to the box i wanna ssh to 12:47:54 i don't wanna make any usb connections to it to keep it kinda isolated 12:47:58 You can also allow agent forwarding on that host if you deem it safe 12:48:04 what's that? 12:48:20 Familiar with ssh-agent? 12:48:40 not other than you preserve a key in it after unlocking with pw so it can be reused during the session 12:48:48 Exactly 12:48:59 ah ok 12:49:02 tyvm 12:49:41 Allowing agent forwarding lets you ssh from, say, hostA to hostB to host C, using that loaded-in-memory-key on hostA to authenticate all the way to host C 12:51:06 I am assuming that you ssh into that host you can't transfer your privkey to. Is that a wrong assumption? 12:51:29 no i only intend to ssh out 12:51:37 so i'll sneakernet its pub key over to the destination box 12:52:28 Ok, I see. In that case I'd generate its own set of keys and sneakernet the pub key out. Or ssh-using-password it out once. 12:52:50 awesome ty! 12:53:13 Or curl it to a pastebin or whatever. The pubkey doesn't need to be secret 14:16:03 how do i enable touchpad in the console? 15:01:05 jnth: was there a psm0 in the dmsg? 15:01:15 iirc you just start moused 15:01:37 volumes: 15:01:37 - name: cache 15:01:37 path: /cache 15:01:56 Hi, I'm getting errors while trying to run an application using Linux compatibility layer, but I wonder if the system is actually running it as FreeBSD. How can I know if it is picking up compatibility layer instead of trying to run as FreeBSD? 15:14:39 what's the error? 16:36:36 jmnbtsls1E: ek: thanks for the help last night with jails and vnet. Turns out what we did, was good enough apparently. This morning everything is working as expected. Now just have to go over those steps and see which ones did what. 16:55:24 ooh, someone else playing around with vnet jails today 16:56:03 I'm the sort of weirdo who likes to run things from the ground up so I worked out how to create a bridge and add an epair to it and then use the `jail` command in the raw to get that sucker up and running 16:56:05 tremendous fun :) 17:03:28 markmcb, If your home desktop is solid for your NAS disks then there is no reason not to do it. 17:08:13 rtprio: so there is no alternative than to split your DNS for this issue? 17:08:18 I thought so but I wanted to make sure :/ 19:06:58 jmnbtsls1E: ek: ivy: so it seems that the solution was to add the bge0 to the bridge0. I was already doing that in my /etc/rc.conf (as per the Handbook). The problem was with this line in my /etc/rc.conf: ifconfig_bridge0_name="jail0" If comment that line out, everythign works as expected. bge0 becomes a member of bridge0, bridge0 has the 70.150 ip address, etc. If I keep that line in there, then 19:07:04 bge0 is not a member of bridge0 (even though I have that in the line prior). 19:08:11 for reference you can look at https://paste.debian.net/1335685/ just commenting out line 14, and changing line 51, fixes everything. 20:07:11 mns, I think (not sure) that if you rename a bridge that you should do the addm using the renamed bridge name. I think. I would need to test it to verify as I don't rename my bridges. 20:07:17 cloned_interfaces="bridge0" ifconfig_bridge0_name="jail0" ifconfig_jail0="inet 192.168.70.150/24 addm bge0 up" 20:07:30 But I think that is the problem you are hitting. 20:08:51 rwp I'll try that out. I realised that I hadn't tested that sceanrio before posting my message earlier. 20:09:41 The best way to think of yet another possible solution is to post something and then it is inevitable! :-) 20:10:51 that happens to me far more than it should. I'll be half-way writting through the scneario and then the solution will hit me! 20:11:22 In /etc/rc.conf, does the order of the settings matter? I'm guessing not. 20:11:33 It's the method of the stuffed monkey. We are all like that. 20:11:55 Order does not matter in /etc/rc.conf file as it is all just setting variables and variables can be set in any order. 20:12:05 Assuming one is not using a variable to set another variable. 20:14:16 bbiab, going to try rebooting and seeing what happens 20:23:57 rwp: that worked! thanks. 20:53:55 mns, \o/ 20:57:44 mns, in general, no. .. unless you're doing stuff like giving interfaces aliases, like rwp. 20:58:35 rc.conf just sets a bunch of environment variables for the /etc/rc script. 21:03:06 The strategy used in the rc scripts which includes rc.conf is that string names are used to name variables which are expanded perform the configuration. 21:04:00 For example cloned_interfaces="bridge0 bridge1" and so on is going to be used in a for int in $cloned_interfaces; do ifconfig create $int; done loop to create each of those named things. 21:04:51 And ifconfig itself has a naming strategy. If you look at the ifconfig man page things named bridge become a bridge (obviously) but other named things become other named things. I think the "clone" part of the cloned_interfaces is a poor naming. It really should be something like created_interfaces or something. 21:05:43 And then the rc scripts know what interfaces it creates and so will know it created bridge0 and then will look to see if [ -n "$ifconfig_bridge0_name" ]; then ...do rename...; fi 21:06:44 And it knows the new name of the interface and so then will perform more actions on the interface. eval ifconfig \$ifconfig_bridge0_name \${ifconfig_${ifconfig_bridge0_name}} 21:07:10 And it just keeps going like that until it has worked through all of the specified configuration. 21:07:54 This strategy of scripting created a declarative rc.conf interface where everything is just variables and all of the procedural action is done based upon it. 21:09:18 I'm just typing this in off the top of my head so please forgive me leaving "rename" out of the above rename syntax! It's the idea that counts here. :-) 21:17:07 polarian: that's how i solve it. it wouldn't be a problem if wireguard was on the router rather than behind it 22:04:49 rwp: thanks for the explanation, that helps out a lot. 22:07:05 next step will be to learn pf, then combine that with the knowledge about bridges and vnets to create logical data centers. Each bridge would have its on subnet/s to handle, etc. Have pf do the routing, or maybe something like haproxy. Just thinking out loud here. 22:08:26 but that's for some other time. 22:33:25 14.0 bsdinstall got fancy? 22:34:16 looks cooler I don't remember how cli was before exactly but something looks differnt 23:25:50 I need to figure out how to get my home network to properly route to VMs and jails on the freebsd box tbh 23:26:12 just adding a route on the router seems to do the trick but with a lot of IGMP "hey, wrong gateway dipshit" messages 23:26:23 perhaps that's fine 23:30:37 interestingly enough someone else recently had a similar situation. ICMP Redirect is acceptable. the alternative is to bridge your internal network to the outer (home) network 23:38:20 rtprio: wireguard IS on the router 23:38:23 you are missing the point 23:38:43 the server is behind the router, the wireguard server is on the router, if I connect to my email it goes through the same router as my wireguard tunnel 23:40:05 UGHS wlan0 23:40:12 is whats in the routing table 23:40:24 now wireguard adds a route for 0.0.0.0/1 to go via wg0 23:40:36 anything not in the routing table, should go via wg0 23:41:22 but the wireguard server IP *IS* In the routing table... so my email server, which is behind the same IP as the IP the wireguard daemon is bound to (but the email server is port forwarded) the packet goes via wlan0 first, not wg0 23:45:59 jmnbtsls1E: lol that someone was me.