port-cobalt: Qube 2 running well, couple questions yet....

Subject: Qube 2 running well, couple questions yet....
To: None <port-cobalt@NetBSD.org>
From: Brian <bmcewen@comcast.net>
List: port-cobalt
Date: 02/06/2004 05:45:13
Thanks to all for the help in the last month; the little Qube 2 is up 
and running well with postfix, sshd, and apache.  Thanks again to 
Dennis for the 1.6.1 net boot .iso, and to Andreas for the FAQ preview 
that showed up just as I was booting for the first time.

I have a couple things yet to set up, and some questions for the list 
yet:

-sshd is handling my sftp connections by rolling over to sftp-server (I 
believe so, anyway it works ;)
  but would I gain anything by running proftpd tunnelled through ssh?  
I'm not allowing insecure ftp, and I'd really like to chroot sftp users 
to their own directory.  I haven't found a page yet that tells how to 
do that for sftp-server, and there's not a conf file for sftp-server, 
and the only chroot I find for sshd is that which is enforced right 
before login authentication takes place, which isn't what I am after.  
Advice on any of this topic welcomed.  Should I just make sure my sshd 
is current and not worry about it?

- Anyone want to share their favorite choice for POP3 daemon and why?  
Any reason Qpopper would not be a good choice?  I would like to put 
something up this weekend.

- every couple minutes or so, one of the ISPs DNS servers opens a port 
53 to my server, what's up with that?
  I'm running with a static IP behind a firewall, I don't have named 
running, I'm just using a hosts file.  I don't even have port 53 being 
forwarded thru my firewall; but netstat shows a TIME-WAIT every so 
often with my ISP's DNS IP as the foreign address.  I can't see how I 
could have some sort of loop effect running... but this must be coming 
from internal somehow (?).

- I'd like to try putting X11 on, but I can't find any BSD-specific X11 
base.  Will the .tar files from X11.org compile readily?  They say the 
MIPS.cf hasn't been tested for "a while" and might need work.

- I need to revisit the ices 0.3 icecast streamer; I've not had time to 
do that yet, but appreciate the help so far.

- any comments on using snort or tripwire?   How many people here use 
these?

-other to-do items include routing outgoing mail thru my ISPs 
mailserver instead of directly sending from mine,  getting SCSI support 
going, and playing with providing a PPP dialup (ppp0 is already 
configured in the kernel I built).

	Thanks for the help so far,


	Brian