is 15.0 stable version?

warsoul 15.0-RELEASE is the latest stable version, 15.0-STABLE, not.

kind of stuck trying to figure out why fstab in jails won't mount rclone mounts on jail startup

that seems like something that should work

would anybody happen to know how on earth you get the fstab in a jail to mount rclone? i can't seem to get it to mount on jail startup even though it mounts in the jail just fine with mount /dir

wow. i added a @reboot /sbin/mount /dir to do it.. that seems like such a terrible way to do it

but the only way i could figure out how to get it mounted on jail start from within the jail

Macer, And you say that mounting with /etc/jail.conf file fails? Any error messages to /var/log/messaages when the mount in /etc/jail.conf fails?

am i able to dl and test the kde-plasma installer thats going to be out with the main installer ?

i just installed 15.0 didnt see anything

this is what i was looking for from osnews "FreeBSD 15.0’s installer to gain option to install a full KDE Plasma desktop environment"

rwp: I am actually mounting from within the jail using rclone and its internal fstab.

I can nullfs mount find from the host into the jail but I want to avoid doing that so the host can stay independent of the jails.

And rclone works just fine when I manually mount. It’s the auto mounting that doesn’t work when it starts.

The only way I was able to automount in a jail was by adding that mount to jail.conf (in the host)

it was a tmpfs, btw, cannot comment about rclone

ek, git svn clone? I never knew such a contraption existed. Will try.

Hello guys, which books do you guys recommend to learn how to develop the freebsd kernel, userland, etc...

The Design and Implementation of the FreeBSD Operating System, by Kirk Marshall Mckusick

Thank you

np

mzar despite good books age well, I guess it would be nice to have a new edition covering the last 11+ years of FreeBSD developments!

cavok: there are old and new editions

I still enjoy reading the BSD 4.2 and BSD 4.3 versions of that book.

Hello. I have two network interfaces on different networks on the same VPS. I want to use one of the interfaces as primary, and regarding the other just listen on it for servers and daemons. This is me /etc/rc.conf: plaster.tymoon.eu/v/7JETJZTMY#5023 I can work with the 185.x.x.x interface but not the other one. Even when I configure network gateway to the gateway of that network.

I'm a (Free)BSD noob. So please let me know if any other information is needed.

mns, If you were to recommend either BSD 4.3 book or FreeBSD internals book, which one has better educational value?

For just learning how a UNIX OS works. I could also go for other BSDs.

Farooq: this is not a UNIX issue; you cannot have multiple default gateways

I didn't say multiple default gateways. One default. The other interface only for incoming TCP connections. Like a server could listen on it.

So for instance sshd should listen on both of them

Farooq: your host has to route packets from that interface

Using a firewall. right?

you can use policy routing for this

you will need a second routing table with the other interface's default gateway

oh I see

and that's for the connections on that network. right?

Farooq: the problem isn't listening, the problem is your server's responses reaching the client

yeah but if the client is coming from the other network, it is supposed to reply to the same network. not the default one

if the clients are on the same subnet, that is not an issue, but I assume you want to serve clients from outside?

yeah it's a VPS

both IPs are public

yep

[15:36:13] <Farooq> yeah but if the client is coming from the other network, it is supposed to reply to the same network. not the default one <- but there is only one default gateway.

without policy routing anything outbound will go to your only default gateway

not outbound. inbount

inbound*

i have heard of some people using ipfw to force traffic to go down a second FIB, which I think is called policy routing

no Farooq, inbound is also chained to outbound

oh

Farooq: do you understand that anything YOUR server sends BACK is outbound?

the server NEEDS TO KNOW WHERE TO SEND RESPONSES.

the IP stack does not know where the packet came from — the protocol does not have fields for ‘it arrived via gateway X’

But the protocol does know this packet is coming to IP x or y. right?

yes, and the packets going BACK from your server will go via the default gateway

which does not know what to do with them

exactly. And I need to specify an exception here

which is what policy routing is. right?

Farooq: I suggest you read docs.freebsd.org/en/books/handbook/advanced-networking

starting with 34.2. Gateways and Routes and not skipping 34.2.1

with FreeBSD you can have multiple routing tables and firewalls like pf and ipfw let you reassign packets between them

pf has route-to which makes it even easier I think

but

in your case you will simply match established only, and use the src IP address as the condition

it is a bit more complex for UDP as you will definitely need keep-state

(in general, this stuff is rather complicated, because multi-homed systems are generally not well supported by TCP/IP)

hmmm

Can't routed already do so?

routed is not for that

you seem to be labouring under a misunderstanding: routed and the like are for managing route tables on a router, to optimise traffic flow

and to make stuff like routed work on a multi-homed system you must run a firewall and NAT your LAN, or have some sort BGP announcements going

(for public IPs)

I see

> The routed utility is a daemon invoked at boot time to manage the network routing tables. It uses Routing Information Protocol, RIPv1 (RFC 1058), RIPv2 (RFC 1723), and Internet Router Discovery Protocol (RFC 1256) to maintain the kernel routing table. The RIPv1 protocol is based on the reference 4.3BSD daemon.

it adds/removes routes dynamically

which is decidedly not what you need

you need pf with route-to, or ipfw with multiple fibs

the forum post you posted earlier has good examples I think

I did this on my home router to make certain hosts bypass IPsec and such

Farooq: in my case I had several FIBs and did stuff like `pass in quick on $LAN inet from <r_direct> to any rtable $rt_direct` in pf.conf

I guess r_direct is the client IP you want it to bypass IPsec?

it is a table of IPs

oh so pf supports that too

nice

yes, like `table <r_direct> persist { 10.10.0.242 }`

I think that was the PS5 haha

or maybe the Bravia…

hmm a random question. Do you know or have any gaming console with FreeBSD or another BSD?

All of them have got Linux

playstation is based on bsd?

PS3, 4 and 5 all run on FreeBSD hypervisor

PS Vita too I think

no Linux involved, outside the hypervisor it's custom stuff

Farooq: thinking about your case, you could probably just use route-to in pf and match src of the packets, as it will always be the same one as the dst that the clients used

multiple FIBs are for more complex scenarios where you want to manage several routing tables

checking the configuration I remembered that I actually had three: one regular (IPsec based on BGP), one bypass, and one forced IPsec

okay what about this? plaster.tymoon.eu/v/7JGRK0VNU#5024

2nd rule will not run

probably

‘quick’ means stop matching

hmm what if I drop `quick`?

wait, if you have just these 2 rules

it should be fine

sorry, I'm blind, I did not notice in/out

shouldn't I also add rules for the first interface?

no

what does not match will use the routing table

oh

thanks

Farooq: please note that if you are hosting DNS or SMTP or anything like that on your 2nd IP this set-up will not work for connections initiated by your server

hmm it is giving a syntax error for this line: "pass out quick tagged IP2 route-to ($VT1_IF $VT1_GW)"

Remilia, you mean UDP?

no

if you set up an SMTP daemon on that IP specifically, without also binding to the first one, it will not go out

since you're only doing tagging

What's special about SMTP daemon?

`pass out ip from $IP2 route-to .....` would cover that though

nothing?

literally anything bound to IP2 and not bound to IP1 will not be able to reach outside

[16:05:10] <Farooq> okay what about this? plaster.tymoon.eu/v/7JGRK0VNU#5024 <- also this definitely requires a stateful firewall

and you have to match on those flags

in the 2nd rule

because your two rules are like this: 'tag packets that come in on interface 2'

'route tagged packets that come out of my system'

hmmmm

but packets that come in and packets that are leaving your system are not the same

of course I just wanted to say it

they are not linked in any way

(from the firewall's point of view)

how to go for connections rather than packets? The firewall does not know that?

like, yes, this is an established TCP connexion but the firewall does not know it without keep-state

oh

research stateful firewall using pf or ipfw

sorry, as I said, this is not a trivial topic

okie dokie

thanks so far

this is why you really shouldn't use different subnets on the same host without a real good cause :(

a side note: you *could* do with just multiple routing tables and no firewall whatsoever if you spawned each service twice, on different interfaces

because FreeBSD has `setfib`

basically if do something like `setfib 1 service apache24 start` that service will be started with routing table 1 instead of 0

if you*

but this is complicated to set up too

the rc subsystem does not do this for you

btw I may be off in some respects and I hope others correct me, I have not had to deal with policy routing for nearly 3 years now

there's also ipfw rules with the setfib action which can be of use in a scenario like this

heh i was about to say, oo you can tell services which fib to use in rc.conf

buuuut that doesn't get you two instances of the service

LXGHTNXNG: they are the same as ipfw rtable

errr

pf rtable

maybe if I were an IT person I would be able to sketch you a pf.conf quick but I'm as far from STEM as I am from my hometown now

:)

I'm thankful so far

maybe I simply go for setfib

just match outgoing packets from IP2

Farooq: OH right before I leave for groceries and forget, if you DO end up using multiple routing tables

I *think* they do not get populated automatically

Thank you

Farooq: there is definitely some better way for this but I just had /etc/rc.local with this pastee.dev/p/n25nIkdM

where 93.X was my public PC

IP*

hmmmmmmmmmmmmmmmmm

I think you can do this with static routes in rc.conf

yeah I think I can do so. But me mind is blowing so far. I need a break

it's complicated :D

oh

a couple line pf conf with route-to is going to be the easiest and since the initial ask was to "listen on it for servers and daemons" you should be all set.

yes

match on src IP2 and that's it

because for multiple FIBs you also have to add net.fibs="2" (or however many you want) to /boot/loader.conf

and reboot

Silly question maybe but how do I do vlan tagging on bridges?

zip: do you mean the entire bridge or just members?

Right now I create a vlan interface and then attach it to a bridge and then hand epairs from that to vnet jails

But then I want to bridge extra vlans including the untagged one

So either I make three bridges locally

Or I make one bridge and tag the members?

I ran vlans on my home router hmm lemme see what I did there

I guess knowing the members can be tagged is helpful

It'd be nice to hand them to the jails and vms as separate interfaces but not mandatory

I think I just added vlan interfaces

like `addm igb1.2`

right, I'll never get groceries this way, bbl

:D

xD

Okay, thanks!

It looks like I may be able to set tagging on members so maybe I'll try that and run one bridge instead of two

I think I was having issues mixing two bridges last time I played with it

Maybe I'll learn netfilter

zip, I have a bridge per vlan. There used to be a bug (not sure if it still exists) that when you have an untagged bridge, the tagged bridges wouldn't work anymore.

I remember having difficulty doing that with one tastes and one untagged

s/tastes/tagged/

#theyearofthefreebsddesktop

indeed

meanwhile my GPU doesn't even work

i just installed 15.0 and literally 2 commands later had a kde-plasma desktop up wow i love it

LXGHTNXNG: nvidia?

intel. going to try nvidia next though

guru_meditations: amdgpu

it works if i set hw.dri.debug to some value before loading the GPU driver, though

I never had experience running amd gpus on freebsd

the "nvidia?" reply was really just a shot in the dark lol

Farooq: in terms of educational value, BSD 4.3 book had come out while I was in college, helped me understand things as I was mostly working with SunOS 4 and Ultrix (from DEC) mostly. There were a couple of other BSD-ish systems as well. I got the BSD 4.4 book when it came out just to see the changes and the FreeBSD one just for sake of completeness in my collection. For me the 4.3 and 4.4 books were

helpful and educational.

mns: do you know any books that covers the history of the unix war and the USL v BSDi lawsuit?

I'm too dumb to understand kernel development but the history is interesting

guru_meditations: 25 years of Unix I think covers some of that

more acurately: A Quarter Century of UNIX by Peter Salus

oh yeah! I think I have saw that book while browsing on amazon.

the memoir/history written by Kernighan is more personal and revolves around the bell lab mostly

should really give both a read one of these days

unix wars on grokipedia - grokipedia.com/page/Unix_wars

not sure if I would use grokipedia, but the same exists on Wikipedia as well.

grok is generally more informative and reliable, im ,y bombastic opinion. Yt's generated by AI (grok)

argh stupid keyboard

'reliable' at generating statistically probable chains of words?

well have a look, you may be right or not. Can't hurt to compare

shbrngdo: I prefer to keep generated text as far away from my eidetic memory as humanly possible

some people like everything being turned into averages, I do not because it actively interferes with my job

the purpose of LLMs and their ilk is giving you the most statistically probable response to a starting word sequence, which usually means something utterly average and uninspired

(and, obviously, not necessarily factual)

so yeah, hard pass

Stochasit parrot.

Not necessarily factual -- sure, the LLM does not care about coorectness of its generated out, which is why it is technically Frankfurtean bullshit: <scientificamerican.com/article/chat…isnt-hallucinating-its-bullshitting> .

What would be an OK blocksize for a database ?

for zfs.

s2r: which database?

I'm going through a two-disk ZFS mirror set and deleting .sparsebundle backup-disk directories (a gazillion files in them, each 8.4 MB apiece). Every time I delete a .sparsebundle directory, `zpool list` says the fragmentation goes up. Why?

s2r, See the db section in this article: klarasystems.com/articles/zfs-perfo…tuning-optimizing-for-your-workload

s2r, I am NOT an expert on this topic but this is what I used for a mariadb installation: zfs create -o sync=disabled -o logbias=throughput -o primarycache=metadata -o recordsize=16k -o xattr=sa -o redundant_metadata=most ...