I remember those days when everyone was using qmail, but due to the license, the place I was at wanted to stick with sendmail. And then came postfix.

if i don't use nat my machine does not resolve url. what could be the issue?

*pf nat

neither root nor any of jails

oh sorry I figured out. thanks

can i see translation detail by pflog on pf nat? i log via tcpdump but it is just the packet reading nothing about translation mechanism

luke_jobless_sb: pflog only logs rules with the 'log' flag

possibly you want 'pfctl -ss' which will show nat rules like this: all tcp 81.187.47.206:52351 (172.20.1.38:46114) -> 139.177.227.229:443 ESTABLISHED:FIN_WAIT_2

ivy: you've got some wizardry

no i don't, this is literally in the manpage

ivy: oh it's states abbreviated I thought it was some kind of out of document commnad

"He's a witch!" :D

jeez you scared me

yes, you can abbreviate things like -s rules and -s states to -ss and -sr

yes i do in my argparse too

Client: HexChat 2.16.2 • OS: FreeBSD 14.1-RELEASE-p6 • Storage: 0 bytes / 0 bytes (0 bytes Free)

if I need to check a large number software projects (BitBucket, GitHub, GitLab) mostly daily, is project version checker (pvc) best or is a URL update checker good?

Does anyone know how to set the ACPI debug level in 14.1 release? I am trying to get rid of a couple of repeating ACPI messages that look like those in this bug: forums.freebsd.org/threads/acpi-errors-all-the-time.60912

the documented solution in the bug report wasn't that clear to me though

Read this:

rafe: I am aware of debug.acpi.level but it's not mentioned in the output of sysctl

are there any more helpful pointers?

kpel, seach for debug.acpi.level in acpi(4).

search even

hey there i am trying to use vbox to launch up a windows guest but no matter which guest i try or how i try vbox refuses to start up any type of guest with error message

VirtualBox can't operate in VMX root mode. Please close all other virtualization programs. (VERR_VMX_IN_VMX_ROOT_MODE).

Result Code:

NS_ERROR_FAILURE (0x80004005)

Component: ConsoleWrap

Interface: IConsole {872da645-4a9b-1727-bee2-5585105b9eed}

even though there is no other virtualization program running and i have set up vbox properly

added the user that is trying to launch vbox to the vboxusers group

added vboxdrv_load="YES" line to /boot/loader.conf

made sure that the kmod vmm isn't loaded or in /etc/rc.conf

any help will be really appreciated, thanks

have you tried closing all o ther virtualization programs ?

as i said before there is no other virtualization program running

freebsd 14.1 release btw

polyduekes: pastebin the output of `kldstat`

rtprio: pastebin.com/26UwPdaa

26 1 0xffffffff83200000 33e438 vmm.ko

there's your problem

oh, just a minute, lemma check, i was sure i had removed it from kldlist :/

yes, it isn't in kldlist in /etc/rc.conf, lemme try rebooting

you can try unloading it

modules can dynamically load so perhaps you triggered it by... running bhyve a few days ago

🤷

let's see, i rebooted after vmm wasn't in /etc/rc.conf, why else should it load automatically on startup?

vmm still appears in kldstat

can you unload it?

yes i can, let's see if it reappear after reboot now

it probably will

but unload it and see if it fixes your vbox

then figure out what's loading it

yeah, unloading it indeed does fix vbox but why even is it getting loaded on it's own lol

well, what do you have in rc.conf

Hi! I'm using a freebsd 13.3-rel-p7 jail as a borg backup server. When I run borg extract on a client, the connection dies after a couple of files have been transferred, and the server crashes.

I don't currently have access to the console

After a couple of minutes the server comes back up again. I see nothing of value in /var/log/messages and no dumps in /var/crash

I'm not sure where to start looking, any ideas?

(it is a vnet jail)

rtprio: fixed it, it was due to "vm_dir" line in /etc/rc.conf

yep

sjk: is borg up to date?

If I want to re-compile a dynamic kernel module with custom changes, how do I go about that?

what sort of changes / what module?

What's the general rule when creating a new port that has the same name as an existing port?

I am trying to fix a problem with a DisplayLink device in udl. So I added the device ID in /usr/src/sys/dev/usb/usbdevs and in /usr/src/sys/dev/usb/video/udl.c. Does the first one mean I'll have to recompile the kernel entirely? Or can I just recompile the udl module?

you can try with just the module first

Great! How should I do that? (This is my first foray into this -- sorry!)

that said, a new kernel shouldn't take very long

Hi, I got FreeBSD 14.1 running on a Thinkpad X230 - what do I need to do to change the display backlight brightness? Having to use sudo/doas is okay.

fm2279: as if you start building the module, of course the source needs to match the kernel exactly

armin: check the wiki

if you haven't already

fm2279: docs.freebsd.org/en/books/handbook/kernelconfig

rtprio: Thanks. I guess I am confused -- are there instructions on rebuilding a kernel module in the handbook? I have looked and don't see it, though it's not unlikely I am missing it.

rtprio: just found acpi_ibm, thank you.

rtprio: The module in question is in use presently with my existing kernel, and I am changing only one or two lines in the module source.

armin: 👍

fm2279: docs.freebsd.org/en/books/handbook/…kernelconfig/#kernelconfig-building

make yoru changes, build the kernel, reboot

rtprio: So the dynamic module isn't built separately?

it could be, but personally i'd start from a fresh fully built kernel

if the /usr/src slightly differs than the kernel you're running you're going to have a bad time

rtprio: OK. Thanks for the tips! I'll likely check back in.

once the first one is build, then you could just build the module, probably

Anyone have a suggestion on a USB enclosure, with support for UASP/SAT, for SATA drives? I have a box of drives I need to test and don't want to setup a system to plug them into SATA. Needs to support FreeBSD (smartctl) of course.

_xor: I have yet to encounter a USB enclosure that supports SMART. If you find one, I'd love to know what it is.

Seems there are plenty of USB enclosers that support smart, but they're for NVMe drives, not SATA.

sendmail (for sending ~1 mail a day) stopped working on my 14.2 RPi a few days ago

getting authentification errors and mail bounces

worked for about a year or so previously

any ideas what might have changed?

no problem on my amd64 machine (with an older sendmail config)

CrtxReavr: I found it, I even tried it - just for a laugh - and it doesn't work because the issue is an error message, not an info or debug etc.

so... is there any way to turn off acpi tracing, preferably on-the-fly without rebooting?

from what I've seen so far the only solution seems to be to disable tracing at compile time. Although the generic config file doesn't seem to have it enabled to begin with.

kpel, I think that would be a pre-kernel thing, so. . . no.

i wanna prevent my isp from profiling my traffic and selling my data, so that means i buy a freebsd vps and install a proxy on it? or a wireguard server AND a proxy, or?

How much data are they going to have to sell if you use encrypted protocols?

I mean, they can see what you connect to, but now what you're passing.

not what i asked

after running make a few times in /etc/mail and rebooting sendmail now seems to want to talk with my ISP

l00py: That actually is quite related to what you'd asked. CrtxReavr's question and comment are quite relevant. In fact, if you have a good DNSSEC setup going, your ISP wouldn't really see anything you do at all. It would *ALMOST* be the same as a secure proxy/VPN/WireGuard/Tailscale/etc... setup without having to deal with any of it.

The only mishap would be using non-encrypted protocols.

Anyhow, aside from that and to answer your question directly, sure! A VPS with a VPN/proxy/WireGuard/whatever-you-want-as-long-as-it's-an-encrypted-end-node-connection... will keep your ISP from doing most spying.

They can still likely get tiny bits of info using DPS on crappily-secured requests. I doubt it would be enough info to "sell" or really care about at all, though.

ek so i set up wireguard server on vps, then connect to it, and all my traffic will pass through encrypted tunnel to vps then out to internet and back in, i don't need a traffic proxy as well? just the wg server

l00py: it's possible, but you have to configure everyghing correctly

mzar possible with just wg server you mean?

mzar: Of course! That was kinda my intent of my comments. Maybe I didn't make it all that clear.

is there an easier way to effectively proxy all of my traffic through a vps?

more than just http, full traffic

no leakage

l00py: Yes. Just a WG connect setup as an end-node (from the client-side) and the only thing your ISP will see is encrypted data to WG.

But, what you do from the VPS could be seen from other listeners.

very cool. and wg server runs nice on freebsd?

(ya for sure)

l00py: Yes. Runs absolutely fine.

man that's cool. happen to know how much ram wg server needs? usually only xx mbps of traffic, sometimes bursting to xxx mbps

l00py: Using "0.0.0.0/0" from the client side as "AllowedIPs" will route all traffic from the client through the VPN.

I always setup a root-only DNS server on the VPN (or VPN network somewhere) to add to the requests just to be safe. But, it'll route everything.

l00py: The resource amount is vastly independent on client usage. However, even with many clients connected and moving pretty good amounts of data, I've never seen WG (or OVPN or IPSEC) strangle the system really at all.

it'll just be me but i'll be putting hundreds of connections through it (p2p :D)

If I'm making small changes to a single kernel module, do I have to do a full `make buildkernel` each time? Or is there a way to simply rebuild the module in question?

tyvm

Enter the module folder and type 'make' ?

TurtleCrazy: Then just copy the object file into /boot/kernel?

fm2279: unload the former one, and call kldload with the full pathname of the new object file

TurtleCrazy: Oh, sweet. So just test by loading the module dynamically, then, to lock it in, do the full kernel rebuild?

fm2279: exactly

TurtleCrazy: Makes sense! Thanks!

fm2279: To be fair, you could run an installkernel each time, too. But, it'd be overkill. If everything else is already built, though, you can just run a "make installkernel" at the end to lock it in. No need to rebuild everything.

ek: Thanks!

Is it possible to unload a module built into the kernel?

fm2279: kldunload

but it's not always possible.

rtprio: Thanks. Looks like a no-go in my case. Guess I'll just rebuild the kernel...