I think the Noto emoji font is in ports and packages. Works well on my laptop

ohh thanks duncan and appledash .. noto font fixed it

anyone good with serial setup at boot? i could use some help: privatebin.io/?0cc62cb7c4f3a811#FgA…wQyK637kcpPhN6rpList2BmUi24ey6jZ68y

markmcb: is a keyboard attached to the system?

rtprio, no

does anything happen with no loader.conf ?

I can't get that far. I'm trying to install from a usb stick. Is there a way to tell loader to ignore whatever is on the installer image?

if theres no keyboard it should default to "serial,video"

I have a remote keyboard. I can boot the USB, see the loader, and interact. However, once I "boot" I see the "kernel" line and then no more output.

So I can set whatever I like in loader by pressing 3

But no combination I've tried seems to work

oh, it's a vm or something

i would skip ,efi

no, it's a Decisio DEC2700

have you read docs.freebsd.org/en/books/handbook/serialcomms/#serialconsole-setup ?

yeah, none of that seems to work

it was originally an OPNsense appliance so maybe i'll trying installing that and looking at whatever loader.conf settings they use ... maybe there's some special tweak

so strange. opnsense installer boots no problem (also 14.2 kernel) and the loader.conf shows nothing obviously different ... hmm

odd

i wonder if it's something to do with using the boot only ISO file. i'll try with the full installer tomorrow and see if that helps.

i install all my vms on the console and it never needs any loader commands

rtprio: i do that as well under bhyve, but recently installing under kvm in CSM mode i noticed that the installer doesn't enable the serial console by default. i assume this is because under bhyve it's using the EFI console...

w

err

mzar: Grüß Gott.

mzar: I have watched a recording of the Polish military parade at YouTube.com, recently.

Grüß Gott Aedil

mzar: Have a good day with your FreeBSD desk!

ty

does anyone know off hand if dummynet works on wg(4)? i don't really want to waste an hour rebuilding to find it's not supported

I don't know, but I don't see why there would be a problem. Why do you need to build anything?

[tj]: the reason i ask is because altq(9) does not (which is why i'm looking at dummynet instead). i need to build because my kernel doesn't currently include dummyney

ivy: altq is super weird and requires driver support

I have dummynet as a kernel module

sure, one can load dummynet and use it with ipfw and pf, both alike

[tj]: so dummynet doesn't require driver support?

but IIRC dummynet not only shapes the traffic but makes processing as one-core in some parts of network stack

ATLQ and dummynet are different things, IIRC ALTQ requires driver support

but I could be wrong

yes, altq requires driver support

at least the dummynet man page doesn't mentoin requiring special driver support (the altq one does)

Dummynet hooks into a firewall

Hello! Do you think it's possible to NAT inside a Jail? I would like to forward pkts incoming on wg0 as 192.168.100.x/24 through vnet0 toward 192.168.1.x/24

I have this rule in /etc/pf.conf: nat on $ext_if from $wg_if:network to any -> ($ext_if)

sure, it's possible

mzar: do you know how that would work?

what does running wireguard in a jail possibly buy you

I created a bridge and connected a VNET jail. Furthermore, I add the neccessary routes and configured NAT, and internet access works. However, when I try to download a larger file, like bootstrapping pkg, I see on the external interface "unreachable - need to frag (mtu 1500)". But the packets are never fragmented. Does anyone had a similar issue and know what I'm missing?

it's saying it would have to fragment, but the packets are marked up as "Don't Frag". This is normal; the sender should see the ICMP "need frag" and use the smaller MSS (assuming it's TCP... UDP-using applications ought to do that too but are often Too Dumb)

The whole loop is "PMTU Discovery"

jgh: Hmm that's what I thought too (and yes, in this example it's only TCP traffic). But the sender is for what ever reasons not fragmenting the packets...

jails are outside my ken. Can you tell if the TCP stack in there saw the ICMP?

I just tried to connect to another server of mine, and it looks like the icmp messages get through. And no worries, thank you for your help :)

If I'm not mistaken, for IPv4, the previous router needs to fragment the packet not the original source. For IPv6 the actual sender needs to fragment the packets.

Since it is some kine of MTU issue, the actual issue might be where the packets leave the network stack of the host system and enter the network stack of the jail.

I have a 13.0 box. I want to get to 14.2 with it. Do i have to upgrade to the various 13.x point releases to get to 14, or can I jump straight to 14, or 14.2?

nacelle: generally it's a better idea to jump to the latest minor on your current branch first before you hop a major version

(older releases in the branch may notably not have fixes necessary for the major hop rolled in to update tooling if you use that)

ah ok

so 13.0 to 13.5, then to 14.0?

(this is all different to me, openbsd is point by point upgrades only, most of the other stuff is "warp from wherever in the past to the present"

)

well it could work

nacelle: 13.0 -> 13.5 -> 14.2

if you were on 12.x instead, it'd probably be worth hopping just a single major branch of a time, but there's no reason to go any further back than the latest supported release on the target branch that I can think of

thank you

hey, was there a broken postfix package a while ago?

because I seen some postfix package that had no permissions set and then I removed it and reinstalled and I noticed he did not take it from cache but downloaded it again and then it worked

and I am on the quarterly one, so that should not happen, normally

10+ years going, I never saw a broken postfix anything.

see

me neither, until now

but maybe it was because I was installing it from host into a jail, pkg -r install postfix

after I installed pkg install postfix on a host and then again on the jail pkg -r jail install postfix, it worked

very strange

I tried to reproduce it now with the same steps and now I can not

however, the logs from the past say there was a problem, it somehow magically disappeared