Upgrade 4.8 -> 4.10

So once more I upgraded my system. It gets smother and smother. This time, the only problem I had was that I could not the machine to route any traffic through. It turned out that I should not remove the IPDIVERT option from the kernel config. I dont really understand why since what I read on hte man-pages it should only be used if you divert traffic to a specific socket. I dont think I do that… but I must since I need it.

EDIT: Should have read the firewall configuration more carefully!
# Network Address Translation. This rule is placed here deliberately
# so that it does not interfere with the surrounding address-checking
# rules. If for example one of your internal LAN machines had its IP
# address set to then an incoming packet for it after being
# translated by natd(8) would match the `deny’ rule above. Similarly
# an outgoing packet originated from it before being translated would
# match the `deny’ rule below.
case ${natd_enable} in
if [ -n ”${natd_interface}” ]; then
${fwcmd} add divert natd all from any to any via ${natd_interface}

There is the rule that use DIVERT!

Traffic Shaping

According to this article it is a good idea to shape the traffic if one has a asymmetric line. As I have a ADSL line 8 Mbit down and 1 Mbit up I thought it would be good to give it a try. I already have IPFW running so all I had to do was to add the traffic shaping configuration into the firewall configuration. I had to recompile the kernel also to include DummyNet but that was quickly done as I have done it before.

Now it is just to wait and see if I notice any difference.

MX records

So I was about to help Josef to setup his zone file for his domain seger.nu(used by named ) which I host in my DNS server. I was confused with the entries in his file and had to look in the one for my domain. It was still not clear but looking the man pages of named and some of the RFC’s refered there I started to get a grip again about the situation.

This is how my zone file looks like for yelloworb.com:

$TTL    3600
@ IN SOA ns.yelloworb.com. karl-petter.home.se. ( 200311201 ; serial 1800 ; refresh every 30 min 300 ; retry every 5 min 604800 ; expire after a week 86400 ) ; minimum of a day TXT "YellowOrb DNS" IN NS ns.yelloworb.com. IN NS gatekeeper.home.pp.se.

IN MX 10 mail IN A

mail IN CNAME yelloworb.com.
ns IN CNAME yelloworb.com.
ftp IN CNAME yelloworb.com.

; some virtual webservers
www IN CNAME yelloworb.com.
ao IN CNAME www.yelloworb.com.

The main thing that I was confused was how the MX record would look like. Some googling didnt help much but going back to the roots and reading some of teh RFC’s explained it all, specifically RFC974

Josef zone file looks like this now and I’m quite sure it will work:

$TTL    3600
@       IN      SOA     ns.yelloworb.com.       karl-petter.home.se.    (
                                200311201       ; serial
                                1800            ; refresh every 30 min
                                300             ; retry every 5 min
                                604800          ; expire after a week
                                86400 )         ; minimum of a day
                TXT             "Seger.NU DNS"

; name servers for seger.nu

IN NS ns.yelloworb.com. IN NS gatekeeper.home.pp.se. IN MX 10 mail

seger.nu. IN A

www IN CNAME seger.nu.
mail IN CNAME seger.nu.
josef IN CNAME seger.nu.
anki IN CNAME seger.nu.
privat IN CNAME seger.nu.
ftp IN CNAME seger.nu.
alexander IN CNAME seger.nu.
telnet IN CNAME seger.nu.
malin IN CNAME seger.nu.

So now all should be setup right for josef to recieve emails at seger.nu directly and not mail.seger. nu but the mailserver has to be configured as well as this page explains.

USB Mass Storage device

So I just had 4.8 installed and all seemed to work since I did not get any errors as before but…

I could not mount the device… Though after a bit of struggling why i got the Invalid Argument response eash time I tried to mount it I realized the error.

I tried to mount the disk as a MSDOS disk but it was NTFS!!

Now it works all just fine!

Upgrade 4.7-> 4.8

Some programs like TeamSpeak does not work with 4.7, neither did the USB mass storage device work eitehr so see if 4.8 will help fix this. I’m using /stadn/sysinstall to upgrade. The process seems quite straight forward.

But turned out to take much longer time…
After doing the upgrade I realized that I actually had an older kernel than before, even older than the release. It was 4.7 Generic kernel, I had not set the configure option to 4.8-RELEASE and thus just downloaded 4.7 once more.

After changing the option to 4.8-RELEASE I ran into another problem or misshapp. Somehow the upgrade process failed and hang during the ftp session. I aborted the upgrade but it turned out that all files in /etc had been replaced with the ones from the upgrade, thus I could not login to the machine remotely since no users exsisted anymore. Had to drag out the box out of the closet and plugin in the keyboard and a monitor. Login in locally worked. But how to get the backup(Yes I had a backup made in case…) of etc/ was not soo easy. Finally I figured out I could use a friends ftp site and uploade the backup from my PC and download it to the server. Replaced all files and we were back!

But still only had 4.7… So another try at /stand/sysinstall, changed options and this time it worked.

Time to reboot the system.
FAIL: Got “Device not Configured” for one of the harddrives. Turned out after some investigation that my 4.7 kernel did not use static numbering of ata drives while the new did. So boot the old kernel and modify fstab to the new drive numbering and now it worked just fine.

At this point of the upgrade my outside access did not work because the GENERIC kernel does not include.

I had to build a new kernel and install it. I used the same Kernel config as for 4.7 but checked it for changes, there were only a few. Though while editing the file I made sure that the new kernel also would have static ATA device numberign to make it easier next time.

To configure the kernel:

  1. cd /usr/src/sys/i386/conf

Make a copy of GENERIC called NEWKER and modify it to your taste.

To start the build process use the config command :

  1. config NEWKER

After this step you will get the following message

Don’t forget to do make depend

If you get any errors in this step, then there is a problem in your configuration file. Check the file again and edit it. Refer to GENERIC and LINT for more details regarding device drivers.

Go to the following directory and compile the kernel.

  1. cd /usr/src/sys/compile/NEWKER

Do the following steps to compile the kernel:

  1. make depend
  2. make
  3. make install

After rebooting the system all worked, even TeamSpeak and USB mass!


So I have not been able to connect with VPN to SICS from home lately so I tried to fix that now.

Have not been able to figure out what was wrong really but I noticed by cealring the logs in the firewall with:

ipfw resetlog

that it denied IP protocol 47(GRE) which was really strange since there is a rule to let that in and out.

${fwcmd} add pass gre from any to ${vpn} via ${oif}<br>${fwcmd} add pass gre from ${vpn} to any via ${oif}

Though I took time to add some other new rules for mainly stopping my log to flood wiht useless information, added deny to port 135, 137, 139 and 445 all related to SMB according to Kurt Seifried’s ports list.

So I reloaded all the rules into the IPFW with:

sh /etc/ipfw.conf > /tmp/ipfw.txt &

and all seems to work now.

Cricket again

Okey, so last time I just got to download Cricket. Unpacked the downloaded file and started to read the documentation. After a while trying to install the Perl modules needed I realized Cricket already existed in the FreeBSD ports… should have looked there from the beginning. Ok, so thats about it for tonight.

Edited: Hmm should have read my blog! Then I would have seen that Cricket is in the ports…. Ok, I hope I read this the next time since now Cricket is installed as well as the RRD tool so now I just need to configure them.