Older blog entries for berend (starting at number 355)

Installing pfSense on a Gigabit motherboard. Core dump with ohci_add_done. Seems to have been present since 7.0 and this is FreeBSD 7.2. Not nice. You have to unplug the USB keyboard and then FreeBSD will boot.

Had an issue with OpenOffice 3 not wanting to open files on an nfs mounted drive. It appeared that my FreeBSD NFS server wasn't running the lock and stat daemons. After that it was perfect.

26 May 2010 (updated 26 May 2010 at 20:29 UTC) »

Still having trouble with my new firewall rules. Sometimes web pages take a long time to load (up to a minute), just looks like connections open very slowly or packets travel slowly.

Not sure what this is. Have no increased my network buffers and max sockets, which did help with my network speed. I can now transfer 20MB/s on my Gigabyte lan. Far short from the supposed 100MB/s I should get, I know. But currently don't have the time to figure out why I don't get that speed.

Also played with turning off net.inet.ip.dummynet.io_fast, that might have effect as well. Currently it's on again, so let's see how it behaves. Those intermittent lags are quite noticeable: you click on a link, and nothing happens, so let's see if I get that today or not.

Maybe I should upgrade to FreeBSD 8 as I'm still on FreeBSD 6.4. Could do in-kernel nat as well.

Our school also needs better internet, so I'm thinking of deploying a pfsense box with a cheap ADSL modem. I could do traffic shaping with lowest bandwidth for the students and higher priority for staff and voip. And of course have Squid, so browsing experience should become much better.

15 May 2010 (updated 15 May 2010 at 07:24 UTC) »

Spent an entire day trying to get traffic shaping working with FreeBSD. Had to recompile kernel to allow traffic shaping. Next good experiments in actually limiting rates.

But hit a road block to see how I could limit only outgoing packets. Started to play with my firewall settings and got nowhere. In the end I decided to start afresh with the one from the FreeBSD manual as I understood I might have issues between the dynamic rules and nat. Anyway, now back to exactly where I was (I hope I didn't break anything), and my firewall script has become a bit leaner, and a bit clearer.

Installed the 2talk voip client on Windows, which worked out of the box. On Ubuntu Empathy and Ekiga got me nowhere. Installed a STUN daemon, but that didn't help.

Installed twinkle and that worked out of the box.

Basically a day where I only learned what doesn't work.

To continue with my VOIP musings, one of the things I'm looking into is using FreeBSD's traffic shaping. Which is ridiculously easy.

Tomorrow my throttle comes off, so I will be trying Ekiga.

I have an ISP that gives me only 40GB. While the rest of the world rolls over laughing, this is pretty much the norm in NZ. However, this provider won't give you anymore, but throttles you at 64kbps once the limit is reached.

That's mad especially when you get hit by a small issue eating 4GB in 4 hours...

So it's clear to me I need to have another ISP. And need to get my phone line unbundled so I'm free to swap ISPs when needed. Which means ditch the land line and go for VOIP. That's a bewildering landscape it appears.

After some checking out it appears I need to go with 2talk. After I had made that selection I talked to another company who were already with 2talk, unknown to me, although I knew they had VOIP.

So need to step through these things slowly. Would like to keep my existing DECT phones. In order to do that I need an adapter, which I selected as the Linksys SPA2102 and 2talk actually recommended that in a later email.

The award for the most confusing message I've seen in a quite a while. Added 2GB more to my Dell D820 laptop, so it now has 4GB. Boot. Then it says:

The amount of system memory has changed. If you did not change your memory... To resolve this issue, try to reseat the memory.

Hmmm. Take out the memory. Reboot. Message comes back. So what now? System screwed?

But Google is my friend.

Weird issue with connecting to my own network using openvpn. Could read, but upload things stalled at 192KB. Exactly similar as to what this gy describes.

The solution, after a lot of trial and error, is to set only mssfix on the client. I've set it to 1300. I didn't need to set fragment as that would require a change to all clients. I found out that I could even increase it to 1364.

The cause appears to be that MTU path discovery is broken for an unknown reason. I'm perhaps behind an old wifi router, or perhaps there are other weird things in between.

Problem solving day I think. Needed to make a copy of DVD on FreeBSD. Used the command:


growisofs -Z /dev/acd0 -dvd-video /path/

But this aborted with:


:-( unable to CAMGETPASSTHRU for /dev/acd0: 
Inappropriate ioctl for device

It appeared I had to do two things: make sure the atapicam driver is loaded and when done, use the proper device, i.e. the cd not the ac0 driver:


kldload atapicam
growisofs -Z /dev/cd0 -dvd-video /path/

Loading this driver is best done at boot in /boot/loader.conf where I also enabled dma:


hw.ata.atapi_dma="1"
atapicam_load="YES"

That was a struggle. Installed Ubuntu 9.10 Karmic which should postgresql for user authentication. Had this worked out perfectly on Ubuntu 8.04 but things have changed considerably since then. Just copying the files let to really weird errors.

For example just typing in passwd would give:


passwd: Authentication token manipulation error
passwd: password unchanged

This was actually caused by me loading pam_pgsql as before:


password   required     pam_pgsql.so

But now it needs to be:


password        [success=1 user_unknown=ignore default=die]     
pam_pgsql.so use_authtok try_first_pass

etc. Users couldn't login any more, only if you used ssh keys.

Googled for hours. Now I understand the issues better, I understand this guy has his settings correct if you're looking for an example (he uses ldap, but just replace that with pgsql).

The only thing that worries me is that it seems that pam_pgsql.conf needs to be world-readable now. That didn't use to be the case somehow.

346 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!