Re: hardware issues on sparc64
[EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/stand/ofwboot/obj open /[EMAIL PROTECTED],0/SUNW,[EMAIL PROTECTED],880/[EMAIL PROTECTED],0:f/kernel/sparcv9/unix: No such file or directory The above path is to a solrais kernel. If you want to rid of it then hit stop-a and type help. You need to change the boot-file parameter (i think). But if it isnt stopping you from working, then dont fix it. (right?) Regards Edd
Regarding pthread_init
Hello, I'm compiling MPI on 64 bit AIX-5.3L(power 5). After successful compilation, simple MPI program fails to execute. It gives segmentation fault in pthread_init(). I'm using xcl_r, xlf_r and xlC_r(native AIX compilers). I've compiled the code with -q64 option and building shared libraries(ex. libmpi.so). Now, when I execute a simple MPI program, it fails in pthread_init() before entering main(). But when i make my library static(libmpi.a), program executes properly. Could you please suggest me what could be the problem? Regards, Vanamala. V
IBM Developer Works article on FreeBSD why not OpenBSD?
Hello List, Just read this article on FreeBSD and a little history on BSD. http://www-128.ibm.com/developerworks/opensource/library/os-freebsd/?ca=dgr-lnxw01FreeBSD I tried FreeBSD and NetBSD before but after trying OpenBSD they were just ugly to work with IMO. I find OpenBSD clean and enjoyable to install and work with and this is someone that is coming from pure Windows and very little Linux use. And warm fuzzy feeling to boot! Thanks OpenBSD devs and community! Best regards, rogern _ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
Regarding pthread_init
__ Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com Received: from [203.200.36.253] by web52408.mail.yahoo.com via HTTP; Tue, 16 Aug 2005 23:28:27 PDT Date: Tue, 16 Aug 2005 23:28:26 -0700 (PDT) From: Vanamala Reddy [EMAIL PROTECTED] Subject: Regarding pthread_init To: [EMAIL PROTECTED] MIME-Version: 1.0 X-Security: message sanitized on shear.ucar.edu See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.147 $Date: 2004-10-02 11:16:26-07 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit Content-Length: 645 X-Converted-To-Plain-Text: from multipart/alternative by demime 1.01d X-Converted-To-Plain-Text: Alternative section used was text/plain Hello, I'm compiling MPI on 64 bit AIX-5.3L(power 5). After successful compilation, simple MPI program fails to execute. It gives segmentation fault in pthread_init(). I'm using xcl_r, xlf_r and xlC_r(native AIX compilers). I've compiled the code with -q64 option and building shared libraries(ex. libmpi.so). Now, when I execute a simple MPI program, it fails in pthread_init() before entering main(). But when i make my library static(libmpi.a), program executes properly. Could you please suggest me what could be the problem? Regards, Vanamala. V - Start your day with Yahoo! - make it your home page
Re: Regarding pthread_init
On Wednesday 17 August 2005 07:02, Vanamala.V wrote: Hello, I'm compiling MPI on 64 bit AIX-5.3L(power 5). After successful compilation, simple MPI program fails to execute. It gives segmentation fault in pthread_init(). This list is about OpenBSD, not AIX; you're unlikely to get much help with your problem here. Could you please suggest me what could be the problem? I can recommend that you contact IBM India and ask them for help with AIX; their contact details are at http://www.ibm.com/contact/in/ -- Simon Farnsworth [demime 1.01d removed an attachment of type application/pgp-signature]
Keyboard issue
Hi all. I have installed OpenBSD 3.7 on SparcStation 4. The installation process finished successfully. But I have a issue with keyboard. My keyboard is type5 spanish. In the login field, X or console, I can write the Q letter. After I login with normal user this key don4t work, only beep. When I4m root this key work as spected, but arrows keys don4t work From normal user I tried wsconsctl to turn to spanish encoding and I have no errors, but this key Q, only beep. I do the same with kbd but I have no differences. In a X, I tried XKeycaps, and the keyboard detected is a PC with 104 keys. When I change this by keyboard Sun Microsystems Type 5 OpenWindows Spanish layout and write changes, there are no working keys. All the keys are mapping different that I can see in Xkeycaps. For example, if I press H the key obtained by xkeycaps is 7. Where is the problem? This is my first post and I hope to help you in a few time. Thank you very much. Carlos. This is my dmesg result: OpenBSD 3.7 (GENERIC) #312: Mon Mar 21 00:14:33 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc/compile/GENERIC real mem = 33214464 avail mem = 25190400 using 200 buffers containing 1658880 bytes of memory bootpath: /[EMAIL PROTECTED],1000/[EMAIL PROTECTED],10001000/[EMAIL PROTECTED],840/[EMAIL PROTECTED],880/[EMAIL PROTECTED],0 mainbus0 (root): SUNW,SPARCstation-4 cpu0 at mainbus0: MB86904 @ 110 MHz, on-chip FPU cpu0: 16K instruction (32 b/l), 8K data (16 b/l) cache enabled obio0 at mainbus0 clock0 at obio0 addr 0x7120: mk48t08 (eeprom) timer0 at obio0 addr 0x71d0 delay constant 52 zs0 at obio0 addr 0x7110 pri 12, softpri 6 zstty0 at zs0 channel 0 zstty1 at zs0 channel 1 zs1 at obio0 addr 0x7100 pri 12, softpri 6 zskbd0 at zs1 channel 0: keyboard, type 5, layout 0x2a wskbd0 at zskbd0: console keyboard zstty2 at zs1 channel 1: mouse slavioconfig at obio0 addr 0x7180 not configured auxreg0 at obio0 addr 0x7190 power0 at obio0 addr 0x7191 fdc0 at obio0 addr 0x7140 pri 11, softpri 4: chip 82077 iommu0 at mainbus0 addr 0x1000: version 0x4/0x0, page-size 4096, range 64MB sbus0 at iommu0: clock = 22 MHz dma0 at sbus0 slot 4 offset 0x840: rev 2 esp0 at dma0 offset 0x880 pri 4: ESP200, 40MHz, SCSI ID 7 scsibus0 at esp0: 8 targets sd0 at scsibus0 targ 3 lun 0: FUJITSU, MAN3184MC, 5508 SCSI3 0/direct fixed sd0: 17366MB, 29694 cyl, 2 head, 598 sec, 512 bytes/sec, 35566478 sec total cd0 at scsibus0 targ 6 lun 0: TOSHIBA, XM-4101TASUNSLCD, 1755 SCSI2 5/cdrom removable bpp0 at sbus0 slot 4 offset 0xc80: DMA2 ledma0 at sbus0 slot 4 offset 0x8400010: rev 2 le0 at ledma0 offset 0x8c0 pri 6: address 08:00:20:7b:13:e6 le0: 16 receive buffers, 4 transmit buffers tcx0 at sbus0 slot 2 offset 0x80: 1152x900, id 0, rev 2, sense 0 wsdisplay0 at tcx0: console (std, sun emulation), using wskbd0 power-management at sbus0 slot 3 offset 0xa00 not configured root on sd0a rootdev=0x700 rrootdev=0x1100 rawdev=0x1102
Re: Keyboard issue
do you have problem in bash, ksh, csh, emacs ? Each of the apps has its own tricks for 8 bit or uft-8 handling. --- Carlos Zumajo [EMAIL PROTECTED] wrote: Hi all. I have installed OpenBSD 3.7 on SparcStation 4. The installation process finished successfully. But I have a issue with keyboard. My keyboard is type5 spanish. In the login field, X or console, I can write the Q letter. After I login with normal user this key don4t work, only beep. When I4m root this key work as spected, but arrows keys don4t work From normal user I tried wsconsctl to turn to spanish encoding and I have no errors, but this key Q, only beep. I do the same with kbd but I have no differences. In a X, I tried XKeycaps, and the keyboard detected is a PC with 104 keys. When I change this by keyboard Sun Microsystems Type 5 OpenWindows Spanish layout and write changes, there are no working keys. All the keys are mapping different that I can see in Xkeycaps. For example, if I press H the key obtained by xkeycaps is 7. Where is the problem? This is my first post and I hope to help you in a few time. Thank you very much. Carlos. This is my dmesg result: OpenBSD 3.7 (GENERIC) #312: Mon Mar 21 00:14:33 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc/compile/GENERIC real mem = 33214464 avail mem = 25190400 using 200 buffers containing 1658880 bytes of memory bootpath: /[EMAIL PROTECTED],1000/[EMAIL PROTECTED],10001000/[EMAIL PROTECTED],840/[EMAIL PROTECTED],880/[EMAIL PROTECTED],0 mainbus0 (root): SUNW,SPARCstation-4 cpu0 at mainbus0: MB86904 @ 110 MHz, on-chip FPU cpu0: 16K instruction (32 b/l), 8K data (16 b/l) cache enabled obio0 at mainbus0 clock0 at obio0 addr 0x7120: mk48t08 (eeprom) timer0 at obio0 addr 0x71d0 delay constant 52 zs0 at obio0 addr 0x7110 pri 12, softpri 6 zstty0 at zs0 channel 0 zstty1 at zs0 channel 1 zs1 at obio0 addr 0x7100 pri 12, softpri 6 zskbd0 at zs1 channel 0: keyboard, type 5, layout 0x2a wskbd0 at zskbd0: console keyboard zstty2 at zs1 channel 1: mouse slavioconfig at obio0 addr 0x7180 not configured auxreg0 at obio0 addr 0x7190 power0 at obio0 addr 0x7191 fdc0 at obio0 addr 0x7140 pri 11, softpri 4: chip 82077 iommu0 at mainbus0 addr 0x1000: version 0x4/0x0, page-size 4096, range 64MB sbus0 at iommu0: clock = 22 MHz dma0 at sbus0 slot 4 offset 0x840: rev 2 esp0 at dma0 offset 0x880 pri 4: ESP200, 40MHz, SCSI ID 7 scsibus0 at esp0: 8 targets sd0 at scsibus0 targ 3 lun 0: FUJITSU, MAN3184MC, 5508 SCSI3 0/direct fixed sd0: 17366MB, 29694 cyl, 2 head, 598 sec, 512 bytes/sec, 35566478 sec total cd0 at scsibus0 targ 6 lun 0: TOSHIBA, XM-4101TASUNSLCD, 1755 SCSI2 5/cdrom removable bpp0 at sbus0 slot 4 offset 0xc80: DMA2 ledma0 at sbus0 slot 4 offset 0x8400010: rev 2 le0 at ledma0 offset 0x8c0 pri 6: address 08:00:20:7b:13:e6 le0: 16 receive buffers, 4 transmit buffers tcx0 at sbus0 slot 2 offset 0x80: 1152x900, id 0, rev 2, sense 0 wsdisplay0 at tcx0: console (std, sun emulation), using wskbd0 power-management at sbus0 slot 3 offset 0xa00 not configured root on sd0a rootdev=0x700 rrootdev=0x1100 rawdev=0x1102 Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Re: The Care and Feeding of OpenBSD
Will H. Backman [EMAIL PROTECTED] writes: 4. Version Upgrades: This will usually happen once a year given the life cycle of OpenBSD. As far as I can tell, the best practice is to read the upgrade FAQ that comes out with each release, and in general fresh install with hand merging of old config files is preferred. FAQ 1.7. - The OpenBSD team makes a new release every six months, with target release dates in May and November. Sorry, I should have been more specific. Yes, OpenBSD produces a new release more often, but many people don't want to upgrade until support ends for their release. Given the length of support for any particular release, one can expect to be at least upgrading every year. You should upgrade as often as you can. small steps often hurt much less than big steps rarely. //art
Re: OpenBSD on Dell Dimension 2400 or 3000?
On 8/17/05, Chris Zakelj [EMAIL PROTECTED] wrote: Kevin wrote: A friend needs to order a basic computer with a good warranty, to run as a very basic OpenBSD 3.7 firewall for a cablemodem. I'd put one together from parts, but I don't relish doing won't boot hardware support from 1600 miles away. Looking at the Dell Dimension line (probably the 2400 or 3000) one concern is that I don't see *any* reports, success or failure, running OpenBSD on this particular product? One reason to choose the Dell (with a CPU that is way overkill) is that the box may be eventually repurposed as an XP desktop... Alternately, any other suggestions for a US mail order PC vendor with fair prices, quick turnaround, a hardware warranty and a pre-built small tower which will reliably run OpenBSD? This is just going to get shoved under a desk, so rackmount is not a consideration, and it doesn't need to be perfectly quiet. Thanks, Kevin I used one of the Dell Optiplex line about 2 years ago to build a firewall at a chemical plant. I specifically asked my boss to get me the bloody cheapest thing he could that had a PCI slot, and that's what I ended up with. As long as you stick to the hardware compatibility list, you shouldn't have any trouble. I will note that when I built that firewall, the embedded NIC was an xl, which of course threw out all sorts of Command not completed errors. Whether or not that is still a problem on current kernels (this was built in the 3.3 days), I couldn't tell you, as my current home firewall has an rl and an fxp in it. I still use (in 3.7-release) several 3Com 3C905B-TX fast etherlink PCI boards and I don't see any errs as far as I can tell.
Downloading Theo's Video
Hi, The Link http://video.hackinthebox.org/ refferred to at http://undeadly.org/cgi?action=articlesid=20050308040714 seems to be non-existant could some one please tell me where else I can download the video?? Thankyou so much kind Regards Siju
Re: Keyboard issue
Well, in csh, the key Q (n tilde) work fine, but don4t arrow keys. In sh, the key Q (n tilde) don4t work but ok with arrow keys. It seems that the problem is the one that you say, at least each shell behaves with the keyboard of different form, but none of them works well absolutely. Now I need how to configure this. I am going to search information about this, because I don4t know doing it. Thanks. Carlos. Vladislav Belogrudov wrote: do you have problem in bash, ksh, csh, emacs ? Each of the apps has its own tricks for 8 bit or uft-8 handling. --- Carlos Zumajo [EMAIL PROTECTED] wrote: Hi all. I have installed OpenBSD 3.7 on SparcStation 4. The installation process finished successfully. But I have a issue with keyboard. My keyboard is type5 spanish. In the login field, X or console, I can write the Q letter. After I login with normal user this key don4t work, only beep. When I4m root this key work as spected, but arrows keys don4t work From normal user I tried wsconsctl to turn to spanish encoding and I have no errors, but this key Q, only beep. I do the same with kbd but I have no differences. In a X, I tried XKeycaps, and the keyboard detected is a PC with 104 keys. When I change this by keyboard Sun Microsystems Type 5 OpenWindows Spanish layout and write changes, there are no working keys. All the keys are mapping different that I can see in Xkeycaps. For example, if I press H the key obtained by xkeycaps is 7. Where is the problem? This is my first post and I hope to help you in a few time. Thank you very much. Carlos. This is my dmesg result: OpenBSD 3.7 (GENERIC) #312: Mon Mar 21 00:14:33 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc/compile/GENERIC real mem = 33214464 avail mem = 25190400 using 200 buffers containing 1658880 bytes of memory bootpath: /[EMAIL PROTECTED],1000/[EMAIL PROTECTED],10001000/[EMAIL PROTECTED],840/[EMAIL PROTECTED],880/[EMAIL PROTECTED],0 mainbus0 (root): SUNW,SPARCstation-4 cpu0 at mainbus0: MB86904 @ 110 MHz, on-chip FPU cpu0: 16K instruction (32 b/l), 8K data (16 b/l) cache enabled obio0 at mainbus0 clock0 at obio0 addr 0x7120: mk48t08 (eeprom) timer0 at obio0 addr 0x71d0 delay constant 52 zs0 at obio0 addr 0x7110 pri 12, softpri 6 zstty0 at zs0 channel 0 zstty1 at zs0 channel 1 zs1 at obio0 addr 0x7100 pri 12, softpri 6 zskbd0 at zs1 channel 0: keyboard, type 5, layout 0x2a wskbd0 at zskbd0: console keyboard zstty2 at zs1 channel 1: mouse slavioconfig at obio0 addr 0x7180 not configured auxreg0 at obio0 addr 0x7190 power0 at obio0 addr 0x7191 fdc0 at obio0 addr 0x7140 pri 11, softpri 4: chip 82077 iommu0 at mainbus0 addr 0x1000: version 0x4/0x0, page-size 4096, range 64MB sbus0 at iommu0: clock = 22 MHz dma0 at sbus0 slot 4 offset 0x840: rev 2 esp0 at dma0 offset 0x880 pri 4: ESP200, 40MHz, SCSI ID 7 scsibus0 at esp0: 8 targets sd0 at scsibus0 targ 3 lun 0: FUJITSU, MAN3184MC, 5508 SCSI3 0/direct fixed sd0: 17366MB, 29694 cyl, 2 head, 598 sec, 512 bytes/sec, 35566478 sec total cd0 at scsibus0 targ 6 lun 0: TOSHIBA, XM-4101TASUNSLCD, 1755 SCSI2 5/cdrom removable bpp0 at sbus0 slot 4 offset 0xc80: DMA2 ledma0 at sbus0 slot 4 offset 0x8400010: rev 2 le0 at ledma0 offset 0x8c0 pri 6: address 08:00:20:7b:13:e6 le0: 16 receive buffers, 4 transmit buffers tcx0 at sbus0 slot 2 offset 0x80: 1152x900, id 0, rev 2, sense 0 wsdisplay0 at tcx0: console (std, sun emulation), using wskbd0 power-management at sbus0 slot 3 offset 0xa00 not configured root on sd0a rootdev=0x700 rrootdev=0x1100 rawdev=0x1102 Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Re: Keyboard issue
If you want internationalization, start your xterm with -en UTF-8 and -fn -misc-fixed-medium-r-normal--15-140-75-75-c-90-iso10646-1 Then install bash from packages. type in bash set meta-flag on set output-meta on set convert-meta off And enjoy :) csh does not allow editing so arrows and tab will not work, but tildas and umlauts will do, tcsh and ksh have lousy support for UTF-8, all of them just good for 8-bit encodings and need special settings to use 8th bit. PS: these settings can go to .Xdefaults and .inputrc . Utf-8 fonts for xterm can be grepped with xlsfonts | grep 10646 --- Carlos Zumajo [EMAIL PROTECTED] wrote: Well, in csh, the key Q (n tilde) work fine, but don4t arrow keys. In sh, the key Q (n tilde) don4t work but ok with arrow keys. It seems that the problem is the one that you say, at least each shell behaves with the keyboard of different form, but none of them works well absolutely. Now I need how to configure this. I am going to search information about this, because I don4t know doing it. Thanks. Carlos. Vladislav Belogrudov wrote: do you have problem in bash, ksh, csh, emacs ? Each of the apps has its own tricks for 8 bit or uft-8 handling. --- Carlos Zumajo [EMAIL PROTECTED] wrote: Hi all. I have installed OpenBSD 3.7 on SparcStation 4. The installation process finished successfully. But I have a issue with keyboard. My keyboard is type5 spanish. In the login field, X or console, I can write the Q letter. After I login with normal user this key don4t work, only beep. When I4m root this key work as spected, but arrows keys don4t work From normal user I tried wsconsctl to turn to spanish encoding and I have no errors, but this key Q, only beep. I do the same with kbd but I have no differences. In a X, I tried XKeycaps, and the keyboard detected is a PC with 104 keys. When I change this by keyboard Sun Microsystems Type 5 OpenWindows Spanish layout and write changes, there are no working keys. All the keys are mapping different that I can see in Xkeycaps. For example, if I press H the key obtained by xkeycaps is 7. Where is the problem? This is my first post and I hope to help you in a few time. Thank you very much. Carlos. This is my dmesg result: OpenBSD 3.7 (GENERIC) #312: Mon Mar 21 00:14:33 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc/compile/GENERIC real mem = 33214464 avail mem = 25190400 using 200 buffers containing 1658880 bytes of memory bootpath: /[EMAIL PROTECTED],1000/[EMAIL PROTECTED],10001000/[EMAIL PROTECTED],840/[EMAIL PROTECTED],880/[EMAIL PROTECTED],0 mainbus0 (root): SUNW,SPARCstation-4 cpu0 at mainbus0: MB86904 @ 110 MHz, on-chip FPU cpu0: 16K instruction (32 b/l), 8K data (16 b/l) cache enabled obio0 at mainbus0 clock0 at obio0 addr 0x7120: mk48t08 (eeprom) timer0 at obio0 addr 0x71d0 delay constant 52 zs0 at obio0 addr 0x7110 pri 12, softpri 6 zstty0 at zs0 channel 0 zstty1 at zs0 channel 1 zs1 at obio0 addr 0x7100 pri 12, softpri 6 zskbd0 at zs1 channel 0: keyboard, type 5, layout 0x2a wskbd0 at zskbd0: console keyboard zstty2 at zs1 channel 1: mouse slavioconfig at obio0 addr 0x7180 not configured auxreg0 at obio0 addr 0x7190 power0 at obio0 addr 0x7191 fdc0 at obio0 addr 0x7140 pri 11, softpri 4: chip 82077 iommu0 at mainbus0 addr 0x1000: version 0x4/0x0, page-size 4096, range 64MB sbus0 at iommu0: clock = 22 MHz dma0 at sbus0 slot 4 offset 0x840: rev 2 esp0 at dma0 offset 0x880 pri 4: ESP200, 40MHz, SCSI ID 7 scsibus0 at esp0: 8 targets sd0 at scsibus0 targ 3 lun 0: FUJITSU, MAN3184MC, 5508 SCSI3 0/direct fixed sd0: 17366MB, 29694 cyl, 2 head, 598 sec, 512 bytes/sec, 35566478 sec total cd0 at scsibus0 targ 6 lun 0: TOSHIBA, XM-4101TASUNSLCD, 1755 SCSI2 5/cdrom removable bpp0 at sbus0 slot 4 offset 0xc80: DMA2 ledma0 at sbus0 slot 4 offset 0x8400010: rev 2 le0 at ledma0 offset 0x8c0 pri 6: address 08:00:20:7b:13:e6 le0: 16 receive buffers, 4 transmit buffers tcx0 at sbus0 slot 2 offset 0x80: 1152x900, id 0, rev 2, sense 0 wsdisplay0 at tcx0: console (std, sun emulation), using wskbd0 power-management at sbus0 slot 3 offset 0xa00 not configured root on sd0a rootdev=0x700 rrootdev=0x1100 rawdev=0x1102 Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Re: [OpenBSD 3.7] Wireless - D-Link and Netgear WG 511T (dmesg + ifconfig -A)
* Z L [EMAIL PROTECTED] [2005-08-17 12:11]: I tried Netgear WG 511T adapter today in one laptop (old Compaq Prosignia 150) and the card gets detected on the fly. I tried it in a new Toshiba Satellite laptop, which has built-in Aetheros driver, and it does not get detected on the fly! How will I know that this card will work in this laptop? Why it doesn't get detected on the fly? What script or configuration file should I look at? cbb0 at pci2 dev 4 function 0 ENE CB-1410 CardBus rev 0x01pci_intr_map: no mapping for pin A : couldn't map interrupt cardbus doesn't work in that machine. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: The Care and Feeding of OpenBSD
I have the following line in my crontab '(/usr/src/ cvs -q update -PAd -rOPENBSD_3_7)' If there are any updates, cron will email them to you (cron automattically emails any output to the user that owns the cron job, so setup your aliases and optionally your .forward file) I'm curious about the cvs options, specifically the -A. The FAQ's don't use it in their examples. Is the -A flag preferred? I can see why it might be according to the cvs man page.
Re: OpenBSD on Dell Dimension 2400 or 3000?
Hi. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Sent: Tuesday, August 16, 2005 9:59 PM To: OpenBSD Misc Subject: OpenBSD on Dell Dimension 2400 or 3000? A friend needs to order a basic computer with a good warranty, to run as a very basic OpenBSD 3.7 firewall for a cablemodem. I'd put one together from parts, but I don't relish doing won't boot hardware support from 1600 miles away. Looking at the Dell Dimension line (probably the 2400 or 3000) one concern is that I don't see *any* reports, success or failure, running OpenBSD on this particular product? One reason to choose the Dell (with a CPU that is way overkill) is that the box may be eventually repurposed as an XP desktop... Alternately, any other suggestions for a US mail order PC vendor with fair prices, quick turnaround, a hardware warranty and a pre-built small tower which will reliably run OpenBSD? This is just going to get shoved under a desk, so rackmount is not a consideration, and it doesn't need to be perfectly quiet. Here is a dmesg from an Dimension 3000. Snapshot was from today taken off of rt.fm. OpenBSD 3.8-beta (GENERIC) #95: Tue Aug 16 18:44:40 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz (GenuineIntel 686-class) 2.80 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CF LUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,PNI,MWAIT,CNXT-ID real mem = 534818816 (522284K) avail mem = 481087488 (469812K) using 4278 buffers containing 26845184 bytes (26216K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 11/08/04, BIOS32 rev. 0 @ 0xffe90 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfeae0/160 (8 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801EB/ER LPC rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xa800 0xca800/0x1800! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82865G/PE/P CPU-I/0-1 rev 0x02 vga1 at pci0 dev 2 function 0 Intel 82865G Video rev 0x02: aperture at 0xe8000 000, size 0x800 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 3 Intel 82801EB/ER USB rev 0x02: irq 11 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB rev 0x02: irq 9 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 8 ports with 8 removable, self powered ppb0 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xc2 pci1 at ppb0 bus 1 fxp0 at pci1 dev 8 function 0 Intel PRO/100 VE rev 0x02: irq 10, address 00:13 :20:53:4e:bd inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0 ichpcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02 pciide0 at pci0 dev 31 function 1 Intel 82801EB/ER IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: ST340014A wd0: 16-sector PIO, LBA48, 38146MB, 78125000 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, CD-ROM GCR-8485B, 1.05 SCSI0 5/cdrom r emovable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 Intel 82801EB/ER SMBus rev 0x02 at pci0 dev 31 function 3 not configured auich0 at pci0 dev 31 function 5 Intel 82801EB/ER AC97 rev 0x02: irq 3, ICH5 A C97 ac97: codec id 0x41445370 (Analog Devices AD1980) ac97: codec features headphone, 20 bit DAC, No 3D Stereo audio0 at auich0 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 sysbeep0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo biomask ef65 netmask ef65 ttymask ffe7 pctr: user-level cycle counter enabled dkcsum: wd0 matches BIOS drive 0x80 root on
isakmp vpn configuration
Hi there I have an OpenBSD box that is configured as firewall and vpn gateway. The box has two physical interfaces. One interface is the WAN interface that connects to the internet. The other interface connects to the LAN switch and has defined several virtual VLAN interfaces for different LAN subnets. The basic vpn configuration works. I can connect with the Greenbow vpn client from Windows host and reach the hosts on the LAN interfaces. In the Greenbow vpn client configuration I can define the subnet to which I want to tunnel to. So if I define the subnet of the vlan 2 interface in the Greenbow vpn client, I can reach the hosts that are in the vlan 2 subnet, if I define the subnet of the vlan 3 interface, I can reach the hosts that are in the vlan 3 subnet. I have no control to which subnet the vpn client has access. My isakmpd.conf looks like thist: # # Defaults section # [General] Default-phase-1-lifetime= 3600,60:86400 Default-phase-2-lifetime= 1200,60:86400 # --- # Connections # --- [Phase 1] Default=ISAKMP-clients [Phase 2] Passive-Connections=IPsec-clients # - # Phase 1 peer sections # - [ISAKMP-clients] Phase= 1 Transport= udp Configuration= default-main-mode Authentication= mekmitasdigoat # # Phase 2 sections # [IPsec-clients] Phase= 2 Configuration= default-quick-mode Local-ID= default-route Remote-ID= dummy-remote # -- # Client ID sections # -- [default-route] ID-type=IPV4_ADDR_SUBNET Network=0.0.0.0 Netmask=0.0.0.0 [dummy-remote] ID-type=IPV4_ADDR Address=0.0.0.0 [default-main-mode] DOI=IPSEC EXCHANGE_TYPE= ID_PROT Transforms= AES-SHA-GRP2 [default-quick-mode] DOI=IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-AES-SHA-PFS-GR2-SUITE I have tried to change Network and Netmask in the [default-route] section from 0.0.0.0 to the network and netmask of one of the vlan subnetworks, but it does not help. I can still connect to the other subnet if I define them in the client. Anyone knows how I can restrict access to only one of the vlan subnets? Thanks, Daniel
Re: The Care and Feeding of OpenBSD
On Wednesday 17 August 2005 09:48 am, Will H. Backman wrote: I have the following line in my crontab '(/usr/src/ cvs -q update -PAd -rOPENBSD_3_7)' If there are any updates, cron will email them to you (cron automattically emails any output to the user that owns the cron job, so setup your aliases and optionally your .forward file) I'm curious about the cvs options, specifically the -A. The FAQ's don't use it in their examples. Is the -A flag preferred? I can see why it might be according to the cvs man page. The -A option resets any tags, so you have to remember to specify the revision each time you run CVS. It is found in the section for the update command. Tim Donahue
Re: bgpd and two CARPed routers
Thanks for clarifying this to me Manon --On 16. August 2005 11:12:03 +0200 Henning Brauer [EMAIL PROTECTED] wrote: * Manon Goo [EMAIL PROTECTED] [2005-08-16 05:53]: instead, on your backup, use something like # we're the inactive one, do prepend match to group uplinks set prepend-self 1 to make the AS path for routes announced by your backup router worse. Or use MED, that is actualy intended for these situations. Perhaps I have not understood the Implementation correctly but this looks like a bug to me: network XX.XX.64.0/22 set med +10 this applies to your announcements neighbor $ISP1_ROUTER1 { descr Peer ISP1 R1 local-address XX.XX.213.27 announce self tcp md5sig password XX depend on sk0 holdtime 25 set med +10 and this applies to the routes received from that peer. } will not result in a med of 20 but only in a med of 10 of course, see above :) -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) [demime 1.01d removed an attachment of type application/pgp-signature]
Re: The Care and Feeding of OpenBSD
-Original Message- From: Timothy Donahue [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 17, 2005 10:08 AM To: Will H. Backman Cc: misc@openbsd.org Subject: Re: The Care and Feeding of OpenBSD On Wednesday 17 August 2005 09:48 am, Will H. Backman wrote: I have the following line in my crontab '(/usr/src/ cvs -q update -PAd -rOPENBSD_3_7)' If there are any updates, cron will email them to you (cron automattically emails any output to the user that owns the cron job, so setup your aliases and optionally your .forward file) I'm curious about the cvs options, specifically the -A. The FAQ's don't use it in their examples. Is the -A flag preferred? I can see why it might be according to the cvs man page. The -A option resets any tags, so you have to remember to specify the revision each time you run CVS. It is found in the section for the update command. Tim Donahue Ok. I was looking at http://www.openbsd.org/anoncvs.html#EXAMPLE
Re: BSD PPPoA Hardware
Hi, You beat me to the post. Unfortunately for me it doesn't support ADSL over ISDN. I'm one of those poor souls that uses iDSL to connect to the Big-I, to far away from the CO, then I could ditch my ancient iDSL router. you could give this one a try. http://accoom.kd85.com/ iDSL is very similar to SDSL at 144kbit/s, physical layer is identical, the differences are at the protocol layer. there is no guarantee there, but one could experiment... bye, Siggi.
Re: 8/13 snapshot and DHCP
Nuzaihan Kamalluddin wrote: Maybe you should try a workaround, like manual setup of the ip address and routing, ifconfig wi0 192.168.1.x netmask 255.255.255.0 route add default 192.168.1.1 Should work, maybe there is something blocking the dhcpoffer packets from your router, or maybe since it works in openbsd 3.7, the one that you downloaded and comes with dhclient is probably buggy. Regards, Zaihan I successfully installed the 8/16 snapshot at the office (which uses a different DHCP server) and dhclient acquires a lease with no problem. However, at home (using a Linksys router as the DHCP server), dhclient fails to get a lease. As noted earlier, dhclient from 3.7 works fine at both locations. There's nothing suspicious in /etc/dhclient.conf or /var/db/dhclient.leases.wi0. I'm at a loss as to how to help debug this. Any suggestions? Thanks, Emmett Buddy Pate
extracting new login.conf from /usr/src/etc in -current
Hello, since the switch to generate login.conf, things became quite a bit less comfortable for those following -current manually... well, at least for me. Since I stick to defaults whenever possible, /etc updates used to be quite hassle-free -- I'd simply copy over the updated file and be done with it, when possible. That accounts for pretty much everything, except for the user database, rc.local and maybe one or two other things. I was hoping to politely convince TPTB to provide pre-generated login.conf files in /usr/src/etc/etc.arch in CVS, similar to the MAKEDEV script. Thanks, Moritz
Re: 8/13 snapshot and DHCP
I successfully installed the 8/16 snapshot at the office (which uses a different DHCP server) and dhclient acquires a lease with no problem. However, at home (using a Linksys router as the DHCP server), dhclient fails to get a lease. As noted earlier, dhclient from 3.7 works fine at both locations. There's nothing suspicious in /etc/dhclient.conf or /var/db/dhclient.leases.wi0. I'm at a loss as to how to help debug this. Any suggestions? Thanks, Emmett Buddy Pate Maybe tcpdump -X -iem0 on the interface during dhcp requests. Change the em0 to whatever your interface is.
Re: ntpd could not parse pool.ntp.org
Before try the solution of Nick I tried what you said: - There is a typo in one of the nameserver ip's posted here. 194.22_5_.52.4 does not exist. Yes correct, are 194.224.52.6 and 194.224.52.4 --8-- nameserver 194.224.52.4 nameserver 192.94.163.152 --8-- Please try to do a nslookup www.google.com. Does it work? Doesn t work If it doesn't, first make sure your router is up and then try with any of the IPs above: $ nslookup server IP www.google.com Doesn t work. Really I don t understand what s happenning Salutes, Mike Tobias Ulmer escribis: Hmmm imho the dns problem should be solved before routing :) - Mikes internet connection is up and running. He confirmed he can traceroute one of googles ips from the openbsd box. - There is a typo in one of the nameserver ip's posted here. 194.22_5_.52.4 does not exist. - These are the nameservers of telefonica gathered per dig, their ips and the result of a www.google.com lookup: esifw3.tsai.es 194.224.52.26 OK artemis.ttd.net 213.0.184.69 *** Can't find www.google.com: No answer cpi-telefonica.telefonica.es 194.179.42.12 OK ineco.nic.es 194.69.254.2 *** Can't find www.google.com: No answer Mikes second: esifw1.tsai.es 194.224.52.4 OK Mikes first: esifw2.tsai.es 194.224.52.6 ;; connection timed out; no servers could be reached I can't really test what is going on and I'm not inside the telefonica network, but Mikes first nameserver seems to be firewalled (as nmap tells) and does not always respond. Mike can you please edit your /etc/resolv.conf that it looks like this: --8-- nameserver 194.224.52.4 nameserver 192.94.163.152 --8-- The second nameserver is an open nameserver in Barcelona witch works for me. Please try to do a nslookup www.google.com. Does it work? If it doesn't, first make sure your router is up and then try with any of the IPs above: $ nslookup server IP www.google.com If you find a working one put it in your resolv.conf and try nslookup www.google.com again until it works :) Tobias
Re: ksh + utf-8
Vladislav Belogrudov [EMAIL PROTECTED] wrote: I use xterm with utf-8 support and ksh. Whenever I start typing fast or editing in some non-latin language I get randomly squares instead of characters. Is utf-8 and pdksh compatible enough? pdksh's command line editor isn't aware of UTF-8 and assumes that each byte corresponds to exactly one character. Yes, it will screw up and show garbage if you write text that doesn't fit this assumption. -- Christian naddy Weisgerber [EMAIL PROTECTED]
Re: make breakage in /usr/src
On Wed, 17 Aug 2005 11:43:42 -0400 Timothy Donahue [EMAIL PROTECTED] wrote: On Wednesday 17 August 2005 11:06 am, Dave Feustel wrote: I just updated via cvs(sudo cvs -q -d $CVSROOT up -r OPENBSD_3_7), did a 'cd /ports/src;sudo make' and got the following error: [snip] Ummm... you mean cd /usr/src; sudo make build right? Have you done an make obj? Anyway, your tree is borked I get no errors in /usr/src/sbin/wsconsctl after running a cvs update. I would start by dumping your cvs tree and cvs get it again. Same here, so re-fetch the tree and you should be out of probs. Tim Donahue Jasper -- Security is decided by quality -- Theo de Raadt
Re: ntpd could not parse pool.ntp.org
Mike Henker wrote: Before try the solution of Nick I tried what you said: - There is a typo in one of the nameserver ip's posted here. 194.22_5_.52.4 does not exist. Yes correct, are 194.224.52.6 and 194.224.52.4 --8-- nameserver 194.224.52.4 nameserver 192.94.163.152 --8-- Please try to do a nslookup www.google.com. Does it work? Doesn t work If it doesn't, first make sure your router is up and then try with any of the IPs above: $ nslookup server IP www.google.com Doesn t work. Really I don t understand what s happenning Salutes, Mike Tobias Ulmer escribis: Hmmm imho the dns problem should be solved before routing :) - Mikes internet connection is up and running. He confirmed he can traceroute one of googles ips from the openbsd box. - There is a typo in one of the nameserver ip's posted here. 194.22_5_.52.4 does not exist. - These are the nameservers of telefonica gathered per dig, their ips and the result of a www.google.com lookup: esifw3.tsai.es 194.224.52.26 OK artemis.ttd.net 213.0.184.69 *** Can't find www.google.com: No answer cpi-telefonica.telefonica.es 194.179.42.12 OK ineco.nic.es 194.69.254.2 *** Can't find www.google.com: No answer Mikes second: esifw1.tsai.es 194.224.52.4 OK Mikes first: esifw2.tsai.es 194.224.52.6 ;; connection timed out; no servers could be reached I can't really test what is going on and I'm not inside the telefonica network, but Mikes first nameserver seems to be firewalled (as nmap tells) and does not always respond. Mike can you please edit your /etc/resolv.conf that it looks like this: --8-- nameserver 194.224.52.4 nameserver 192.94.163.152 --8-- The second nameserver is an open nameserver in Barcelona witch works for me. Please try to do a nslookup www.google.com. Does it work? If it doesn't, first make sure your router is up and then try with any of the IPs above: $ nslookup server IP www.google.com If you find a working one put it in your resolv.conf and try nslookup www.google.com again until it works :) Tobias Hi, When you type nslookupenter does it truly say... server IP on the screen?? That really should be something like: # nslookup Default Server: somenameserver.com Address: a.b.c.d If it does not look like this, then you have a very fundamental problem, unless your particular OS does something strange... I would recommend the following... # nslookup Default Server: somenameserver.com Address: a.b.c.d server ip_from_resolv.conf www.google.com and see what happens Cheers, Steve
Shtoom
Hi, pp. Has anyone tried running Shtoom (http://divmod.org/projects/shtoom) on OpenBSD? Any success/failure story? []'s, Rafael.
Re: ntpd could not parse pool.ntp.org
Forget the last message I can add to the router the static address and also allow to specify a gateway. I ll do what you said Nick: 192.168.1.0 netmask 255.255.255.0 gateway 192.168.0.9 Salutes, Mike Nick Ryan escribis: The static route you'll need to add will be for your internal lan eg: 192.168.1.0 netmask 255.255.255.0 gateway 192.168.0.9 This'll tell your adsl router that to get to the 192.168.1. network it needs to go through the 192.168.0.9 interface of your openbsd box. Note this is outside interface IP address. A quick basic networking explanation - routers aren't too intelligent. They cannot find devices with IP addresses outside their ip and subnet mask range - eg your adsl router will automatically find devices with IP addresses 192.168.0.1 to 254 but to find any other devices with an IP address outside this range it needs help - this is where static routes and gateways come in. The gateway address is effectively a default place that the router can go to to find other IP addresses devices, but it can be overridden by a static route. In your case the router doesn't know where the 192.168.1.0/24 network is so it goes to your ISP's router but as it's an reserved internal range, plus the fact that your ISP doesn't know your lan - the packets just get timed/dropped out as the ISP's router doesn't know what to do with them. The static route will point the adsl router to your openbsd box which as the internal interface is on the 192.168.1.0/24 network it knows where to route the packets. (Hopefully that makes sense - for a proper in depth explanation, google terms like mac addresses, arp packets, broadcasts) If it doesn't make sense let me know and I'll explain it again. This should allow your adsl router to return packets destined for your internal lan to the right place. I've just seen your reply to Diana so we know that pf isn't used. Once you add this static route to your adsl router your internal PC's should be able to access the internet. We've still got the dns resolving issue though. It's all a bit odd and I'm a bit stumped. Try the static route on the adsl router test with a machine on your internal lan while I try to think what to do next. Your internal lan pc will need to have a gateway of the 192.168.1.3 address of your openbsd box. Note this is the internal ip address. The PC will need the DNS addresses from your ISP. This is how I understand it should be: ADSL Router 192.168.0.1 subnet 255.255.255.0 Static route 192.168.1.0 255.255.255.0 gateway 192.168.0.9 | | DMZ | OpenBSD box external interface 192.168.0.9 subnet 255.255.255.0 Default gateway in /etc/mygate of 192.168.0.1 DNS servers in /etc/resolv.conf of 194.224.52.6 and 194.225.52.4 internal interface 192.168.1.3 subnet 255.255.255.0 | | INTERNAL LAN | Your PC's 192.168.1.x addresses subnet 255.255.255.0 DNS servers of 194.224.52.6 and 194.225.52.4 Default gateway of 192.168.1.3 Cheers. Mike Henker wrote: Answering all the points: Just type nslookup www.google.com and see what response you get. connection timed out; no servers could be reached One of google's IPs is 66.102.7.99 if you want to test a traceroute. Traceroute works fine with google's IPs (66.102.7.99) but if I do a traceroute www.google.com says connection timed out; no servers could be reached Just type nslookup www.google.com and see what response you get. says: connection timed out; no servers could be reached Can you see if you can add static routes on your adsl router? Yes I can add static routes, I suppose then I must to add 192.168.1.3? Your internal PC's will need to be configured with a 192.168.1.x address (255.255.255.0 subnet) and a gateway of 192.168.1.3, and dns server IP's of 194.224.52.6 and 194.225.52.4 They should then be able to connect to the internet. Actually doesn t work I suppose when I add the static route to the router (192.168.1.3) will work right? Salutes, Mike Nick escribis: That all looks fine. Ping isn't really a great test of network connectivity outside of your own lan anymore. Most sites tend to block ping nowadays as a matter of course. What you can do is usually ping your ISP's router and you can find this from a traceroute www.google.com command - the first hop past your adsl router will tend to be your isps router. You can then use this as a ping test. One of google's IPs is 66.102.7.99 if you want to test a traceroute. Can you test your dns lookups now from your openbsd box please? I think it'll work as you're not getting the ntpd errors any longer. Just type nslookup www.google.com and see what response you get. To get your machines behind the openbsd box routing through it we'll either need to use nat'ing or get your adsl router to static route all 192.168.1.x traffic through the openbsd server. Can you see if you can add static routes on your adsl router? There's usually a configuration
Re: extracting new login.conf from /usr/src/etc in -current
Is it really so difficult to run mklogin.conf? - todd
interface groups and altq
Do interface groups support altq? It would appear that they do not, but I might have a borked kernel/pfctl utility, so wanted to ask the list to make sure. When I try to put altq on an interface group, i get the following when parsing my pf.conf: $ sudo pfctl -f /etc/pf.conf -n pfctl: SIOCGIFDATA: Device not configured $ However if I change the altq line to use the actual interface, it works: $ sudo pfctl -f /etc/pf.conf -n $ here is my pf.conf and dmesg, although the simple answer will probably be either, yes or no. ### MACROS ### ext_if=egress int_if=intnet ext_ip=( $ext_if ) int_ip=( $int_if ) kyle=172.17.101.7/32 terrance=172.17.101.1/32 kenny=192.168.17.5/32 tweak=192.168.17.62/32 craig=192.168.17.61/32 wendy=192.168.17.60/32 table high_hosts { $kyle, $kenny } table low_hosts { $tweak, $craig, $wendy } ext_net=$ext_if:network int_net=$int_if:network unpriv== 1024 ### OPTIONS ### set limit states 2 set optimization aggressive set block-policy drop set skip on lo0 ### TRAFFIC NORMALIZATION ### scrub in all no-df random-id fragment reassemble ### QUEUEING ### # external interface queue list #altq on $ext_if priq queue { std_ext, high_ext, low_ext } #queue std_ext on $ext_if priq( default, red ) #queue high_ext on $ext_if priority 10 priq( red ) #queue low_ext on $ext_if priority 0 priq( red ) # internal interface queue list altq on le2 priq queue { std_int, high_int, low_int } queue std_int on le2 priq( default, red ) queue high_int on le2 priority 10 priq( red ) queue low_int on le2 priority 0 priq( red ) ### TRANSLATION ### ### PACKET FILTERING ### block in log all block out log all pass in quick on $ext_if inet proto tcp from high_hosts port $unpriv to $ext_ip port ssh flags S/FSRPA modulate state queue high_ext pass in quick on $ext_if inet proto tcp from low_hosts port $unpriv to $ext_ip port ssh flags S/FSRPA modulate state queue low_ext pass in quick on $ext_if inet proto tcp from any port $unpriv to $ext_ip port ssh flags S/FSRPA modulate state queue std_ext pass in quick on $int_if inet proto tcp from high_hosts port $unpriv to $int_ip port ssh flags S/FSRPA modulate state queue high_int pass in quick on $int_if inet proto tcp from low_hosts port $unpriv to $int_ip port ssh flags S/FSRPA modulate state queue low_int pass out quick on $ext_if inet proto udp from $ext_ip to $kyle port ntp modulate state queue high_ext pass out quick on $ext_if inet proto udp from $ext_ip to $terrance port domain modulate state queue high_ext pass out quick on $ext_if inet proto tcp from $ext_ip port $unpriv to anoncvs_hosts port 5999 flags S/FSRPA modulate state queue high_ext pass out quick on $ext_if inet proto tcp from $ext_ip port $unpriv to any port www flags S/FSRPA modulate state queue std_ext OpenBSD 3.8-beta (GENERIC) #85: Sun Aug 14 13:55:19 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 3.20GHz (GenuineIntel 686-class) 3.20 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,PNI real mem = 133734400 (130600K) avail mem = 115433472 (112728K) using 1658 buffers containing 6791168 bytes (6632K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(77) BIOS, date 04/21/04, BIOS32 rev. 0 @ 0xfd880 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries) pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1a00! 0xca000/0x1000 0xcb000/0x1000 0xdc000/0x4000! 0xe4000/0x4000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x01 ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x01 pci1 at ppb0 bus 1 pcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x08 pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 ignored (disabled) atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: NECVMWar, VMware IDE CDR10, 1.00 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 Intel 82371AB Power rev 0x08 at pci0 dev 7 function 3 not configured vga1 at pci0 dev 15 function 0 VMware Virtual SVGA II rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) bha3 at pci0 dev 16 function 0 BusLogic MultiMaster rev 0x01: irq 11, BusLogic 9xxC SCSI bha3: model BT-958, firmware 5.07B bha3: sync, parity scsibus1 at bha3: 8 targets sd0 at scsibus1 targ 0 lun 0: VMware,, VMware Virtual S, 1.0 SCSI2 0/direct fixed sd0: 2048MB, 261 cyl, 255 head, 63 sec, 512 bytes/sec, 4194304 sec total sd1 at scsibus1 targ
Re: extracting new login.conf from /usr/src/etc in -current
Todd C. Miller wrote: Is it really so difficult to run mklogin.conf? Actually, it isn't... Sorry, I managed to actively ignore mklogin.conf somehow. Thanks for the pointer. Moritz
Re: SCSI stuff
Solved in the sense that 'the stuff is in the mail'. Not yet in the sense 'hey, it's here and working!'. :-). Ken --- J.C. Roberts [EMAIL PROTECTED] wrote: Ken, Did the needed eclosure/carrier stuff get solved? JCR
Re: The Care and Feeding of OpenBSD
2. Disaster Recovery: Dump and Restore, or make a tar file for use as an install set? make a release for every upgrade (-stable) you do, add your packages to sitexx.tgz. backup your data and config files regularly. OK. Looking at the release(8) man page...yikes! Is this really the best way to start backing up an OpenBSD system?
Re: OpenBSD on Dell Dimension 2400 or 3000?
On Tue, Aug 16, 2005 at 11:32:49PM -0500, Emilio Perea wrote: I've run OpenBSD on a Dimension 2400 for a short time without problems. Will send you a dmesg if I find one available in the morning. Unfortunately, I was not able to find an unused one to install OpenBSD on, but this is the dmesg from the 3.7 boot CD: OpenBSD 3.7 (RAMDISK_CD) #573: Sun Mar 20 00:27:05 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: Intel(R) Celeron(R) CPU 2.40GHz (GenuineIntel 686-class) 2.40 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID real mem = 266399744 (260156K) avail mem = 237285376 (231724K) using 3277 buffers containing 13422592 bytes (13108K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 12/02/03, BIOS32 rev. 0 @ 0xffe90 apm0 at bios0: Power Management spec V1.2 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfeae0/144 (7 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801DB LPC rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xb800 0xcb800/0x1800! 0xcd000/0x3000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82845G/GL rev 0x01 vga1 at pci0 dev 2 function 0 Intel 82845G/GL Video rev 0x01 wsdisplay0 at vga1: console (80x25, vt100 emulation) uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x01: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x01: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x01: irq 9 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x01: irq 5 ehci0: EHCI version 1.0 ehci0: companion controllers, 2 ports each: uhci0 uhci1 uhci2 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 uhub3: single transaction translator uhub3: 6 ports with 6 removable, self powered ppb0 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x81 pci1 at ppb0 bus 1 bce0 at pci1 dev 9 function 0 Broadcom BCM4401 rev 0x01: irq 3, address 00:0d:56:62:3b:67 bmtphy0 at bce0 phy 1: BCM4401 10/100baseTX PHY, rev. 0 ichpcib0 at pci0 dev 31 function 0 Intel 82801DB LPC rev 0x01 pciide0 at pci0 dev 31 function 1 Intel 82801DB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: ST380011A wd0: 16-sector PIO, LBA48, 76293MB, 15625 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SAMSUNG, CD-ROM SC-148A, B402 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 Intel 82801DB SMBus rev 0x01 at pci0 dev 31 function 3 not configured Intel 82801DB AC97 rev 0x01 at pci0 dev 31 function 5 not configured isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using wsdisplay0 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask ffe5 netmask ffed ttymask ffef rd0: fixed, 3800 blocks wd0: no disk label root on rd0a rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02
GMT / BST Question
hi all, i've noticed my obsd box hasn't altered it's time (BST). I'm linked using: ln -fs /usr/share/zoneinfo/GMT /etc/localtime and i'm using the uk pool of ntp servers. but that's an hour behind. Is there a recommended way to get this to BST (I've noticed the date -dst option and the kernel options, but I've not used them). ideally, i would like it to automatically adjust itself when BST ends, etc. apologies if i've missed something and thanks in advance. cheers, g
Success with LinksysWPC11 v4 PCMCIA Wireless
Just wanted to write in about success with the Linksys WPC11 v4 PCMCIA Wireless B card. These were on sale at Staples for $5 USD. Plugged it in to a 3.7 release i386 laptop. Detected as rtw0. Set it for dhcp to connect to an unsecured network. Worked like a charm. Thanks OpenBSD. -- Will Backman - Network Administrator Coastal Enterprises, Inc. http://www.ceimaine.org
Re: The Care and Feeding of OpenBSD
On Wednesday 17 August 2005 12:59 pm, Will H. Backman wrote: 2. Disaster Recovery: Dump and Restore, or make a tar file for use as an install set? make a release for every upgrade (-stable) you do, add your packages to sitexx.tgz. backup your data and config files regularly. OK. Looking at the release(8) man page...yikes! Is this really the best way to start backing up an OpenBSD system? Best Who quantifies what makes the best backup system. I gave you one option which will rapidly get your system running after something like a HD failure or a fat-fingered 'rm -rf /*' instead of 'rm -rf ./*'. You need to decide which method works best for you, for me it was the sitexx.tgz with the newly installed system and tar archives of the latest and greatest configuration. For you, you might want to keep a DLT tape with the packages you install, the release you installed, and a cpio archive of the configs/data. Or you may not even care about the installed system/packages and may just want to keep the configs/data that you need should disaster strike. This is all subjective and needs to be reviewed based upon your company's requirements or personal need. Tim Donahue
Re: GMT / BST Question
Well, I know when I set /etc/localtime to /usr/share/zoneinfo/US/Eastern, it automatically compensates for daylight savings time, so I imagine if you set /etc/localtime to /usr/share/zoneinfo/GB it would do the same, unless I'm completely misunderstanding how the time zone files work (or that GB is Great Britain). Jason On 8/17/05, Gerald Davies [EMAIL PROTECTED] wrote: hi all, i've noticed my obsd box hasn't altered it's time (BST). I'm linked using: ln -fs /usr/share/zoneinfo/GMT /etc/localtime and i'm using the uk pool of ntp servers. but that's an hour behind. Is there a recommended way to get this to BST (I've noticed the date -dst option and the kernel options, but I've not used them). ideally, i would like it to automatically adjust itself when BST ends, etc. apologies if i've missed something and thanks in advance. cheers, g
Re: GMT / BST Question
At 01:21 PM 8/17/05, Gerald Davies wrote: i've noticed my obsd box hasn't altered it's time (BST). I'm linked using: ln -fs /usr/share/zoneinfo/GMT /etc/localtime Last time I checked BST GMT. Didn't someone ask this same question last week? Try looking at alternatives in /usr/share/zoneinfo/ Like GB or Europe/London perhaps?
Sample PF Rulesets for three interface network (cable modem, wireless, wired)
Does anyone have a sample ruleset for PF for a network that looks like this A wired internal network that is nat'd to the outside world on one range (192.168.4.10-20) and another range that is unrouteable and can only go out through squid/dante (20-50). A wireless network interface that actually can't route at all by default and connects through software SSL-VPN and then goes out. I'm actually using a netgear access point plugged straight into the interface. DHCP gives out ip addresses via wireless, but does not allow an end-user to actually route without hitting the SSL-VPN first. An external interface connected to a cable modem using dhcp.
Re: The Care and Feeding of OpenBSD
Best Who quantifies what makes the best backup system. I gave you one option which will rapidly get your system running after something like a HD failure or a fat-fingered 'rm -rf /*' instead of 'rm -rf ./*'. Sorry. I shouldn't have used the word Best. What I am looking to do with this thread is to bring out some working options from the OpenBSD community and perhaps find some consensus around a simple and robust way to maintain OpenBSD systems. In the end, I'd like to produce a simple list of steps that anyone can follow, based on tools in the base system.
Matrikon Open Letter: Subscription Verification
To Our Valued Readers and Clients, The problem of unsolicited email has become more than just an annoyance to individuals and industry. To combat this issue, we have integrated a new Email Verification Process so only those who want to receive and download our software, industry resources, multimedia tutorials and documents are able to so. [Email verification link below] Matrikon's resources are designed for engineers, IT personnel, maintenance operations managers, project supervisors, executives and others working in power, petrochemical, oil gas, pulp paper, mining and other industries. Our new mandate is to allow only those who verify their email address access to: - Industrial connectivity software - Troubleshooting and testing utilities - Process control trending and reporting software - Demonstration software - Multimedia tutorials - Whitepapers datasheets With the primary focus on: - Alarm management - Advanced process control - Industrial connectivity - Asset management - IT security - Process monitoring and data analysis Email Verification Process You are currently subscribed as [EMAIL PROTECTED] To continue to access Matrikon software, resources, and technical documents, automatically verify your email address by sending us an email using the following link: Link: mailto:[EMAIL PROTECTED] (Do not modify the subject line. If you are unable to use this link, please send an email to [EMAIL PROTECTED] and type 'Subscribe' in the subject.) Please Note: If you do NOT click on this link, you will NOT receive any further mailings from Matrikon. This new Email Verification Process illustrates Matrikon's continued commitment to ensure you only receive information that is important to you. Please contact me directly if you have any questions. Kind regards, Randy Kondor Vice President of Marketing Matrikon Inc. Tel: (780) 448-1010 [EMAIL PROTECTED] *** This open letter is a one-time request to verify that you wish to receive access to Matrikon resources. Matrikon, Inc. 10405 Jasper Avenue Edmonton, Alberta, Canada, T5J 3N4 We protect your privacy: http://www.matrikon.com/main/privacy.asp
No Sound with IBM Thinkpad 600e
Hi! I am using an IBM Thinkpad 600e (2645-4AU) with a cs4610 soundchip, running a OpenBSD 3.7 (nothing special, default installation). (Before 3.7 i installed a 3.6 which shows the same errors as above while booting, but the sound works, till i rebooted the first time (the strangest part of the story).) While booting i get a lot of errors, sound does not work. If i start a player (mpg123) i dont get any errors, it just do not start. I Also did not get the sound running with any linux, with windows it works fine. here is my dmesg: OpenBSD 3.7-current (GENERIC) #66: Mon Aug 8 00:04:30 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Celeron (GenuineIntel 686-class, 256KB L2 cache) 364 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR real mem = 200712192 (196008K) avail mem = 176291840 (172160K) using 2475 buffers containing 10137600 bytes (9900K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(95) BIOS, date 11/20/99, BIOS32 rev. 0 @ 0xfd820 apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 97% apm0: AC on, battery charge high apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd880/0x800 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf9e20/112 (5 entries) pcibios0: PCI Exclusive IRQs: 11 pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371AB PIIX4 ISA rev 0x00) pcibios0: PCI bus #3 is the last bus bios0: ROM list: 0xc/0xc000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x03 ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x03 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 Neomagic Magicgraph NM2200 rev 0x20 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) cbb0 at pci0 dev 2 function 0 Texas Instruments PCI1251 CardBus rev 0x00: irq 11 cbb1 at pci0 dev 2 function 1 Texas Instruments PCI1251 CardBus rev 0x00: irq 11 clcs0 at pci0 dev 6 function 0 Cirrus Logic CS4610 SoundFusion rev 0x01: irq 11 reset_codec: AC97 inputs slot ready timeout clcs0: AC97 write fail (DCV!=0) for add=0x26 data=0x clcs0: AC97 write fail (DCV!=0) for add=0x00 data=0x clcs0: AC97 write fail (DCV!=0) for add=0x00 data=0x clcs0: AC97 write fail (DCV!=0) for add=0x00 data=0x clcs0: AC97 write fail (DCV!=0) for add=0x00 data=0x clcs0: AC97 write fail (DCV!=0) for add=0x02 data=0x8000 clcs0: AC97 write fail (DCV!=0) for add=0x06 data=0x8000 clcs0: AC97 write fail (DCV!=0) for add=0x20 data=0x clcs0: AC97 write fail (DCV!=0) for add=0x04 data=0x8000 clcs0: AC97 write fail (DCV!=0) for add=0x08 data=0x0f0f clcs0: AC97 write fail (DCV!=0) for add=0x08 data=0x0f0f clcs0: AC97 write fail (DCV!=0) for add=0x0a data=0x clcs0: AC97 write fail (DCV!=0) for add=0x0c data=0x8008 clcs0: AC97 write fail (DCV!=0) for add=0x0e data=0x8008 clcs0: AC97 write fail (DCV!=0) for add=0x0e data=0x8008 clcs0: AC97 write fail (DCV!=0) for add=0x20 data=0x clcs0: AC97 write fail (DCV!=0) for add=0x10 data=0x8808 clcs0: AC97 write fail (DCV!=0) for add=0x12 data=0x8808 clcs0: AC97 write fail (DCV!=0) for add=0x14 data=0x8808 clcs0: AC97 write fail (DCV!=0) for add=0x16 data=0x8808 clcs0: AC97 write fail (DCV!=0) for add=0x18 data=0x8808 clcs0: AC97 write fail (DCV!=0) for add=0x1a data=0x clcs0: AC97 write fail (DCV!=0) for add=0x1c data=0x8000 clcs0: AC97 write fail (DCV!=0) for add=0x1e data=0x8000 clcs0: AC97 write fail (DCV!=0) for add=0x20 data=0x clcs0: AC97 write fail (DCV!=0) for add=0x20 data=0x clcs0: AC97 write fail (DCV!=0) for add=0x22 data=0x clcs0: AC97 write fail (DCV!=0) for add=0x22 data=0x clcs0: AC97 write fail (DCV!=0) for add=0x38 data=0x8080 clcs0: AC97 write fail (DCV!=0) for add=0x36 data=0x8080 clcs0: AC97 write fail (DCV!=0) for add=0x36 data=0x8080 clcs0: AC97 read prob. (DCV!=0) for add=0x7c clcs0: AC97 read prob. (DCV!=0) for add=0x7e clcs0: AC97 read prob. (DCV!=0) for add=0x00 ac97: codec id not read clcs0: AC97 read prob. (DCV!=0) for add=0x28 clcs0: AC97 read prob. (DCV!=0) for add=0x02 clcs0: AC97 write fail (DCV!=0) for add=0x02 data=0x clcs0: AC97 read prob. (DCV!=0) for add=0x18 clcs0: AC97 write fail (DCV!=0) for add=0x18 data=0x0808 clcs0: AC97 read prob. (DCV!=0) for add=0x1c clcs0: AC97 write fail (DCV!=0) for add=0x1c data=0x clcs0: AC97 read prob. (DCV!=0) for add=0x1a clcs0: AC97 write fail (DCV!=0) for add=0x1a data=0x pcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x02 pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: IBM-DJSA-220 wd0: 16-sector PIO, LBA, 19077MB, 39070080 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TOSHIBA, DVD-ROM SD-C2102,
Re: Success with LinksysWPC11 v4 PCMCIA Wireless
Will H. Backman wrote: Just wanted to write in about success with the Linksys WPC11 v4 PCMCIA Wireless B card. These were on sale at Staples for $5 USD. Plugged it in to a 3.7 release i386 laptop. Detected as rtw0. Set it for dhcp to connect to an unsecured network. Worked like a charm. Thanks OpenBSD. Does anyone know off-hand if these work on sparc64? I don't see that driver specifically mentioned at http://www.openbsd.org/sparc64.html although I do see previous versions of the same Linksys product. I've got an Ultra5 doing firewall duties; it'd be nice to add WAP functionality for $5. --psi0nik
Re: Need Opinion
Stuart Henderson wrote: --On 16 August 2005 16:56 +, Carlos A. Garcia G. wrote: i have users internal with private ip and others internal with public ip addresses lets say: public net usr private net usr 148.233.82.0/24 10.1.0.0/16 | | internal segment | int_if 10.1.0.1 OpenBSD 148.233.82.2 ext_if | GATEWAY===INTERNET I think you'll want to have two internal network interfaces, one for each network. Then bridge the network with public addresses to ext_if, and NAT the private addresses. These two internal interfaces can either be physical, or (if you have a suitable switch) they can be vlan. in the int_if and port redirection to have an transparent squid here rdr on a bridge can be difficult (I never managed to find the correct way to use ftp-proxy on a bridging firewall and ended up using ftpsesame instead) - you'll make life a lot simpler by not using transparent proxy on the network with private addresses, if that's possible. do i need to set up routing daemons? No, not for this. ok what i have done is this private users 172.16.0.0/16 +=== int_ifPRIVATE 172.16.0.1/32 public users switch += ext_if 148.233.81.2==ROUTER 148.233.82.0/24=== +===int_ifPUBLIC 148.233.82.254/32 now from the internal i can do everithign private ping and get to internet, but the public ip get to te int_ifPUBLIC and even to ext_if but can not reach to internet not mention the ROUTER so what can be the problem?
Re: problem with fxp and half-duplex
On Wed, 17 Aug 2005 17:11:08 +0200 Ulrich Kahl [EMAIL PROTECTED] wrote: Hello, I have tried to configure an intel PRO/100 S nic (intel 82550) to use 10baseT (works) and half-duplex (don't work). I use the following command line: $ ifconfig fxp0 media 10baseT mediaopt half-duplex and get the message: ifconfig: SIOCSIFMEDIA: Invalid argument If I use full-duplex instead, no error message appears. It doesn't make a difference, if the interface is put down first or settings added to /etc/hostname.fxp0. Do I miss here anything or is it a bug or my system? If you don't set full-duplex, then it is half-duplex. Just do: ifconfig fxp0 media 10baseT Adam
Re: The Care and Feeding of OpenBSD
* Will H. Backman [EMAIL PROTECTED] [2005-08-17 20:18]: Best Who quantifies what makes the best backup system. I gave you one option which will rapidly get your system running after something like a HD failure or a fat-fingered 'rm -rf /*' instead of 'rm -rf ./*'. Sorry. I shouldn't have used the word Best. What I am looking to do with this thread is to bring out some working options from the OpenBSD community and perhaps find some consensus around a simple and robust way to maintain OpenBSD systems. In the end, I'd like to produce a simple list of steps that anyone can follow, based on tools in the base system. like, reading the dump and restore manpages? -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: interface groups and altq
* Jason Crawford [EMAIL PROTECTED] [2005-08-17 18:47]: Do interface groups support altq? in the sense of queuing on interface groups, no, not really. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: tinyproxy on soekris
* Bolke de Bruin [EMAIL PROTECTED] [2005-08-17 20:12]: I have been trying to get 'tinyproxy' working on a soekris box Now as this works on the GENERIC kernel on a standard install well, then just use a GENERIC kernel and a standard install on the soekris and stop masturbating over a few saved bytes -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: ntpd could not parse pool.ntp.org
Congratulations!! I don't know what else we can try with getting dns lookups to work on your openbsd box. We've: Checked /etc/resolv.conf --this should have been the likely cause Checked /etc/hostname.rl1 and rl0 --subnets are ok Checked /etc/mygate --this is the adsl router IP Checked that pf isn't running --proved by running pfctl -vvsall We've not looked in /etc/hosts but its really unlikely this'd be a problem as we've been testing with different hosts. Is there anyone else on the mailing list with any suggestions? We know that the network is routing properly and that the dnsservers work as other machines are working both through the openbsd and without it. Cheers - Nick Mike Henker wrote: Something begin to work! Nick after add the static route: 192.168.1.0 netmask 255.255.255.0 gateway 192.168.0.9 And put my wife PC with the config you said: Your PC's 192.168.1.x addresses subnet 255.255.255.0 DNS servers of 194.224.52.6 and 194.225.52.4 Default gateway of 192.168.1.3 It works!! I m trying what Steve Williams said about to try nslookup from the firewall but doesn t work. I had an idea, I have a linux machine and used 2 different IPs and the nslookup works without probs, for this reason I suppose must to be a problem from the firewall, exactly what I did was: With the PC with Linux installed: - I used the IP 192.168.0.50 (conecting the PC directly to the router) - I used the IP 192.168.1.50 (conecting the PC directly to the hub -the internal LAN where is also connected my wife's PC) And with both IP the nslookup works correctly, I can t understand why if I do the nslookup from the firewall says all the time connection timed out; no servers could be reached. Regards, Mike Nick Ryan escribis: The static route you'll need to add will be for your internal lan eg: 192.168.1.0 netmask 255.255.255.0 gateway 192.168.0.9 This'll tell your adsl router that to get to the 192.168.1. network it needs to go through the 192.168.0.9 interface of your openbsd box. Note this is outside interface IP address. A quick basic networking explanation - routers aren't too intelligent. They cannot find devices with IP addresses outside their ip and subnet mask range - eg your adsl router will automatically find devices with IP addresses 192.168.0.1 to 254 but to find any other devices with an IP address outside this range it needs help - this is where static routes and gateways come in. The gateway address is effectively a default place that the router can go to to find other IP addresses devices, but it can be overridden by a static route. In your case the router doesn't know where the 192.168.1.0/24 network is so it goes to your ISP's router but as it's an reserved internal range, plus the fact that your ISP doesn't know your lan - the packets just get timed/dropped out as the ISP's router doesn't know what to do with them. The static route will point the adsl router to your openbsd box which as the internal interface is on the 192.168.1.0/24 network it knows where to route the packets. (Hopefully that makes sense - for a proper in depth explanation, google terms like mac addresses, arp packets, broadcasts) If it doesn't make sense let me know and I'll explain it again. This should allow your adsl router to return packets destined for your internal lan to the right place. I've just seen your reply to Diana so we know that pf isn't used. Once you add this static route to your adsl router your internal PC's should be able to access the internet. We've still got the dns resolving issue though. It's all a bit odd and I'm a bit stumped. Try the static route on the adsl router test with a machine on your internal lan while I try to think what to do next. Your internal lan pc will need to have a gateway of the 192.168.1.3 address of your openbsd box. Note this is the internal ip address. The PC will need the DNS addresses from your ISP. This is how I understand it should be: ADSL Router 192.168.0.1 subnet 255.255.255.0 Static route 192.168.1.0 255.255.255.0 gateway 192.168.0.9 | | DMZ | OpenBSD box external interface 192.168.0.9 subnet 255.255.255.0 Default gateway in /etc/mygate of 192.168.0.1 DNS servers in /etc/resolv.conf of 194.224.52.6 and 194.225.52.4 internal interface 192.168.1.3 subnet 255.255.255.0 | | INTERNAL LAN | Your PC's 192.168.1.x addresses subnet 255.255.255.0 DNS servers of 194.224.52.6 and 194.225.52.4 Default gateway of 192.168.1.3 Cheers. Mike Henker wrote: Answering all the points: Just type nslookup www.google.com and see what response you get. connection timed out; no servers could be reached One of google's IPs is 66.102.7.99 if you want to test a traceroute. Traceroute works fine with google's IPs (66.102.7.99) but if I do a traceroute www.google.com says connection timed out; no servers could be reached Just type nslookup www.google.com and see
Re: interface groups and altq
On 8/17/05, Henning Brauer [EMAIL PROTECTED] wrote: * Jason Crawford [EMAIL PROTECTED] [2005-08-17 18:47]: Do interface groups support altq? in the sense of queuing on interface groups, no, not really. Is this a work in progress? Planned but after 3.8? Or is this not possible? Thanks, Jason
Re: The Care and Feeding of OpenBSD
list of steps that anyone can follow, based on tools in the base system. like, reading the dump and restore manpages? Do you use dump and restore, or are you just giving and example? What about partition table backup?
Re: The Care and Feeding of OpenBSD
On 8/17/05, Will H. Backman [EMAIL PROTECTED] wrote: OK. Looking at the release(8) man page...yikes! Is this really the best way to start backing up an OpenBSD system? it is not _that_ hard. do it once, and you'll know how. --knitti
Re: The Care and Feeding of OpenBSD
On 8/17/05, Will H. Backman [EMAIL PROTECTED] wrote: list of steps that anyone can follow, based on tools in the base system. like, reading the dump and restore manpages? Do you use dump and restore, or are you just giving and example? What about partition table backup? well, this also depends. I use pax with cpio. you can dump, you can rsync, whatever. i don't worry about the partition table, the installer takes care of making a new one. obviously, I don't need to have the exact same layout. --knitti
Re: extracting new login.conf from /usr/src/etc in -current
Moritz Grimm [EMAIL PROTECTED] wrote: since the switch to generate login.conf, things became quite a bit less comfortable for those following -current manually... well, at least for me. Since I stick to defaults whenever possible, /etc updates used to be quite hassle-free -- I'd simply copy over the updated file and be done with it, when possible. # cd /usr/src/etc # export DESTDIR=/var/tmp/temproot # mkdir $DESTDIR # make distribution-etc-root-var # unset DESTDIR ... and compare /etc vs $DESTDIR/etc. Or use ports/sysutils/mergemaster, which does all that. -- Christian naddy Weisgerber [EMAIL PROTECTED]
altq on multiple interfaces
Hi I'm currently trying to enhance my altq-rules and I apologize in advance if this is a FAQ, but I definitly googled: So far, I used priq on my internal and external interface to prioritize VoIP over SSH over mail over everything else. But now I have a third interface that sometimes consumes a lot of traffic and is thus killing VoIP. Is there a simple way to basically say everything that enters my router, no matter which internal interface it uses, has to follow these rules? The two internal interfaces are different Class-C nets and they have to stay this way. And traffic that comes from the router but not from the internet should be able to use the full FastEthernet bandwidth and not just the SDSL-speed configured in altq. Is there any way to do this without having to use two sets of rules for incoming traffic? The FAQ only lists a CBQ example for a system with more than 2 interfaces and I'd really like to stay with priq. Or do I have to switch to CBQ? Thanks :) -- Fridtjof Busse
Re: GMT / BST Question
i've noticed my obsd box hasn't altered it's time (BST). I'm linked using: ln -fs /usr/share/zoneinfo/GMT /etc/localtime Try /usr/share/zoneinfo/GB instead. -- ach
Re: The Care and Feeding of OpenBSD
On Wed, Aug 17, 2005 at 03:25:56PM -0400, Will H. Backman wrote: like, reading the dump and restore manpages? Do you use dump and restore, or are you just giving and example? Can't speak for Henning, but I use dump(8) and restore(8) at home, on a server I rented from Strato, and for some boxes at our customer (the latter running linux). Depending on hardware and infrastructure, you can dump(8) to tape, to a separate disk (that's not very safe, though), to a remote machine via ssh, or to an ftp server. I do this all day from /etc/daily.local or via a separate cronjob, and I never had any problems, even when dumping mounted filesystems. IMHO, one of the neat things in dump(8) and restore(8) is that you get an file listing really fast in contrast to backups based on tar(1), where you have to read the *complete* archive. What about partition table backup? Why? If you have some files removed or destroyed by accident, you don't need the partition table for a restore. If one of your disks is damaged, you get a new one and have to use fdisk(8) and disklabel(8) anyways, and the labels of all mounted disks are in /var/backups, i.e. at least on the archive of your last full dump. Ciao, Kili
Re: The Care and Feeding of OpenBSD
Will H. Backman said the following on 2005-08-17 21:25: Do you use dump and restore, or are you just giving and example? What about partition table backup? I do it using this script below. its proved to be sufficient for a restore, except for re-creating the mysql.sock on recovery. I recall somebody else had a bootable CD with an embedded SSH server, that would actually be pretty handy too... _*DRP method:*_ boot from official CD. don't install but drop to shell. use files in $dump/configuration to create disklabel then, to recover each filesystem, I do: newfs /dev/wd0x mount /dev/wd0x /mnt cd /mnt /sbin/restore -vrf 20050626.full.partition.dump that was enough. YMMV but at least you can get started. cheers, scorch -- out of the frying pan and into the fire #/bin/sh echo full dump of var root home usr echo === dump=/tmp/backup/`hostname -s` today=`/bin/date +%Y%m%d` rm -rf $dump mkdir -p $dump/configuration /sbin/chown -R root:wheel $dump /bin/chmod -R g+rw $dump cd $dump echo backing up configuration echo === /sbin/disklabel wd0 configuration/disklabel 21 /bin/cp /etc/fstab configuration/ /bin/cp /etc/host* configuration/ /bin/cp /etc/my* configuration/ /bin/cp /etc/resolv.conf configuration/ /bin/cp /var/run/dmesg.boot configuration/ /bin/df -ih configuration/df /bin/tar cpf - /etc configuration | bzip2 -c9 $today.configuration.tar.bz2 echo backing up mysql echo === mysqldump --user root --password='your_pwd_here' --all-databases --verbose --single-transaction --flush-logs=TRUE --compress=TRUE | bzip2 -c9 $today.full.mysql.bz2 echo backing up core filesystems echo === /sbin/dump -0uaf - /var | bzip2 $today.full.var.dump.bz2 /sbin/dump -0uaf - / | bzip2 $today.full.root.dump.bz2 /sbin/dump -0uaf - /home | bzip2 $today.full.home.dump.bz2 /sbin/dump -0uaf - /usr | bzip2 $today.full.usr.dump.bz2 echo === echo dump completed
Re: The Care and Feeding of OpenBSD
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthias Kilian Sent: Wednesday, August 17, 2005 4:18 PM To: misc@openbsd.org Subject: Re: The Care and Feeding of OpenBSD On Wed, Aug 17, 2005 at 03:25:56PM -0400, Will H. Backman wrote: like, reading the dump and restore manpages? Do you use dump and restore, or are you just giving and example? Can't speak for Henning, but I use dump(8) and restore(8) at home, on a server I rented from Strato, and for some boxes at our customer (the latter running linux). Depending on hardware and infrastructure, you can dump(8) to tape, to a separate disk (that's not very safe, though), to a remote machine via ssh, or to an ftp server. I do this all day from /etc/daily.local or via a separate cronjob, and I never had any problems, even when dumping mounted filesystems. IMHO, one of the neat things in dump(8) and restore(8) is that you get an file listing really fast in contrast to backups based on tar(1), where you have to read the *complete* archive. What about partition table backup? Why? If you have some files removed or destroyed by accident, you don't need the partition table for a restore. If one of your disks is damaged, you get a new one and have to use fdisk(8) and disklabel(8) anyways, and the labels of all mounted disks are in /var/backups, i.e. at least on the archive of your last full dump. Ciao, Kili I want to thank people for their input so far. Here is what I have so far: Seems like the FAQ http://www.openbsd.org/faq/faq14.html#Backup gives a good script for basic system backup and restore. As for change management, it looks like adding files to /etc/changelist might work fairly well for starters. Tracking stable seems to be a matter of unpacking the source and then keeping up to date using cron job to fetch through anoncvs. Because there might be some confusion about the need to reboot after building updates, reboot just in case. A generic plan would assume that src, XF4, and ports are all part of the picture. Packages can now be updated instead of removed and re-installed thanks to new pkg_add options, although config files might still need hand merging. Release upgrades should be done at every release through the upgrade option during the install, merge config files by hand. Special cases may require fresh install, so read the release notes first.
Re: The Care and Feeding of OpenBSD
* Will H. Backman [EMAIL PROTECTED] [2005-08-17 21:50]: list of steps that anyone can follow, based on tools in the base system. like, reading the dump and restore manpages? Do you use dump and restore of course What about partition table backup? there is a copy of the disklabel in /var/backups and thus in the backup -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: Major Surprise with xdm on 3.7
Henning Brauer wrote: * Matthias Kilian [EMAIL PROTECTED] [2005-08-16 22:58]: On Tue, Aug 16, 2005 at 07:26:38PM +, Baldur Sigurpsson wrote: [...] Clever. A password-protected power switch... Actually, I have configured the bios on my laptop to ask for a password before even loading any kernel or doing anything, and it was quite simple actually. not only is it good for security reasons, but it also gives me time to hit f12 or f2 to choose the boot-device or enter bios-setup;) Indeed, very secure. If I've physical access to your laptop, all I need is a screwdriver to open it, pull out the disk and connect it to another machine. hmm... I have to say, you got me there :/ /me opens his head with a screwdriver at least it is good for the timing thing, and one could not do this without some time alone with the laptop, anonther computer, and, ofcourse, a screwdriver;) this hack would be easy if the someone would steel the laptop, but if someone would want a short look into it behind my back in a sneaky manner, _that_ would become quite hard;) why the hassle, there are master passwords for those biosses, and they're not that hard to find out. Didn't I make it clear that I choose the password myself, or am I misunderstanding something? Regards, Baldur
Re: Major Surprise with xdm on 3.7
:why the hassle, there are master passwords for those biosses, and :they're not that hard to find out. : : :Didn't I make it clear that I choose the password myself, or am I :misunderstanding something? : :Regards, Baldur : The master password is in addition to the password that you chose. Either/or will allow you access.
Re: GMT / BST Question
On 8/17/05, Jason Crawford [EMAIL PROTECTED] wrote: Well, I know when I set /etc/localtime to /usr/share/zoneinfo/US/Eastern, it automatically compensates for daylight savings time, so I imagine if you set /etc/localtime to /usr/share/zoneinfo/GB it would do the same, unless I'm completely misunderstanding how the time zone files work (or that GB is Great Britain). Jason doh, ta. my mistake :D
Re: The Care and Feeding of OpenBSD
* Matthias Kilian [EMAIL PROTECTED] [2005-08-17 22:42]: Depending on hardware and infrastructure, you can dump(8) to tape, to a separate disk (that's not very safe, though), to a remote machine via ssh, or to an ftp server. for larger scale, I am still (after years) happy with what we do: get a backup machine with a decent raid system, and have it fetch dumps from the individual machines daily, written to the raid. we do this over ssh pipes, ymmv. It basically boils down to system(ssh -c $cipher -l $login $sshopt -i /path/to/key $host . \$dump - . $level . uf - . $partition . \ | gzip -9 -f -v /backup/$host/$dumpfile 2$statsfile); works with openbsd, solaris and linux hosts here. the gzips eat CPU for breakfast, i get acceptable backup times using an amd64 on the backup host, an SMP amd64 could lower them further - boils down to what backup times are acceptable versus what you're willing to invest. when this is done backup the raid to tape. gives fast access to last night's backup (it is still on the raid, after all), and only for the rare case where you need an older dump you have to dig out the right tape. we also store the monthly tapes at our bank, just in case. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: interface groups and altq
* Jason Crawford [EMAIL PROTECTED] [2005-08-17 21:55]: On 8/17/05, Henning Brauer [EMAIL PROTECTED] wrote: * Jason Crawford [EMAIL PROTECTED] [2005-08-17 18:47]: Do interface groups support altq? in the sense of queuing on interface groups, no, not really. Is this a work in progress? Planned but after 3.8? Or is this not possible? in theory it should be possible, but it is everything but trivial. I have no plans in that direction myself currently. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
rxvt-2.7.10
Hey folks, i have obsd 3.7 installed with X i got from the official CD distro. I have installed openmotiff in my desktop. Everything would be ok except for the fact that rxvt does not log to utmp the user when i invoke it from the mwm .mwmrc configuration file or from the .xession. Example: When i : $ rxvt +ut Everything work ok, but if i do the same from .xsession, the user is not show when i issue the w command. Did anybody already face such a problem? thanks.
Re: Major Surprise with xdm on 3.7
On Wednesday, August 17, 2005, 17:15:37, Baldur Sigurpsson wrote: ... Didn't I make it clear that I choose the password myself, or am I misunderstanding something? Google for bios master password -- [EMAIL PROTECTED] The avalanche has already started, it is too Rod Dorman late for the pebbles to vote. Ambassador Kosh
Re: Major Surprise with xdm on 3.7
On Wednesday 17 August 2005 16:15, Baldur Sigurpsson wrote: Indeed, very secure. If I've physical access to your laptop, all I need is a screwdriver to open it, pull out the disk and connect it to another machine. The disk password is part of the ATA interface spec. I would like you to actually try your thought experiment of setting the password on a laptop drive, then moving the drive to another laptop, and then trying to read the contents of the drive without supplying the password. Let me know if it works.
Re: tinyproxy on soekris
Henning Brauer wrote: * Bolke de Bruin [EMAIL PROTECTED] [2005-08-17 20:12]: I have been trying to get 'tinyproxy' working on a soekris box Now as this works on the GENERIC kernel on a standard install well, then just use a GENERIC kernel and a standard install on the soekris and stop masturbating over a few saved bytes Haha, nah it wouldn't be able to handle MY size ;-)
Hard Disk Password Security Info
c't 8/2005, S. 172: Hard Disk Security At Your Disservice How ATA security functions jeopardize your data With most notebooks it is possible to secure the hard disk against unauthorized access with the aid of a password. Without the latter the disk, even when inserted into another computer, won't divulge its data. In the meantime this security function has become a feature of all 3.5 ATA hard disks and can hence be used - and abused - on desktop PCs! http://www.heise.de/ct/english/05/08/172/
Re: Major Surprise with xdm on 3.7
On Wednesday 17 August 2005 16:15, Baldur Sigurpsson wrote: Indeed, very secure. If I've physical access to your laptop, all I need is a screwdriver to open it, pull out the disk and connect it to another machine. excerpted from http://www.rockbox.org/lock.html === Still locked? If the above suggestions don't work, here's some background info about the disk lock feature: The disk lock is a built-in security feature in the disk. It is part of the ATA specification, and thus not specific to any brand or device. A disk always has two passwords: A User password and a Master password. Most disks support a Master Password Revision Code, which can tell you if the Master password has been changed, or it it still the factory default. The revision code is word 92 in the IDENTIFY response. A value of 0xFFFE means the Master password is unchanged. A disk can be locked in two modes: High security mode or Maximum security mode. Bit 8 in word 128 of the IDENTIFY response tell you which mode your disk is in: 0 = High, 1 = Maximum. In High security mode, you can unlock the disk with either the user or master password, using the SECURITY UNLOCK DEVICE ATA command. There is an attempt limit, normally set to 5, after which you must power cycle or hard-reset the disk before you can attempt again. In Maximum security mode, you cannot unlock the disk! The only way to get the disk back to a usable state is to issue the SECURITY ERASE PREPARE command, immediately followed by SECURITY ERASE UNIT. The SECURITY ERASE UNIT command requires the Master password and will completely erase all data on the disk. The operation is rather slow, expect half an hour or more for big disks. (Word 89 in the IDENTIFY response indicates how long the operation will take.)
Re: binpatch
2005/8/16, Ingo Schwarze [EMAIL PROTECTED]: Hi Gerardo, hi Gaby, Gerardo Santana Gsmez Garrido wrote on Tue, Aug 16, 2005 at 08:56:39AM -0500: On 8/16/05, Gaby vanhegan [EMAIL PROTECTED] wrote: http://www.openbsd.org.mx/pub/binpatch/ Has not built any patches for 3.7, despite there being 4 security advisories published about it. I stop to build them [ironically] because of lack of resources. I lost them some months ago when I was unemployed (in January). But you can always donate to help me buy a new hard disk/PC and pay my Internet bill :) Are there any other binpatch providers out there the people use? Not yet. But recently, i ported binpatch to OpenBSD 3.7 for my own use. Gerardo, would you think it useful if i put the result public on www.studis.de? Would you be willing to cross-check in order to identify possible bugs? It's ok for me. I think it would be useful for many people. I already got your changes, but I haven't had the time to check them. From the summary, they look very important. I'm looking forward to rethink binpatch, since I built it the first time for a more complex scenario that is not relevant. Coincidentally, I was studying the great pkgtools by Marc Espie and it has given me some ideas to create the patchtools ;-) With a framework like that, users would be able to install/uninstall patches, track the patches installed and automate updates easily, things I have been asked for many times. We do have fast Ethernet (100 Mb/s) access to the german Wissenschaftsnetz and are allowed to use it for research study puposes - which should in this case apply, imho. Of course, i cannot guarantee that our server will stand the load if *very* many people start using that - but i doubt it will generate more traffic than the several dozen mailing lists we are already running... Great. It's a pitty I'm too far from Germany to benefit from it (uploading the binary patches). But if you can afford serving the binary patches, it would be nice to have a mirror. I'm ordering a new hard disk right now. Thanks Ingo. Yours, Ingo -- Ingo Schwarze [EMAIL PROTECTED] University of Karlsruhe student organisation -- Gerardo Santana
Re: Success with LinksysWPC11 v4 PCMCIA Wireless
On Wed, Aug 17, 2005 at 02:05:05PM -0400, psi0nik wrote: Will H. Backman wrote: Just wanted to write in about success with the Linksys WPC11 v4 PCMCIA Wireless B card. These were on sale at Staples for $5 USD. Plugged it in to a 3.7 release i386 laptop. Detected as rtw0. Set it for dhcp to connect to an unsecured network. Worked like a charm. Thanks OpenBSD. Does anyone know off-hand if these work on sparc64? I don't see that driver specifically mentioned at http://www.openbsd.org/sparc64.html although I do see previous versions of the same Linksys product. I've got an Ultra5 doing firewall duties; it'd be nice to add WAP functionality for $5. CardBus doesn't work on sparc64 as far as I know.
Re: 8/13 snapshot and DHCP
On 8/17/05, Emmett Pate [EMAIL PROTECTED] wrote: I successfully installed the 8/16 snapshot at the office (which uses a different DHCP server) and dhclient acquires a lease with no problem. However, at home (using a Linksys router as the DHCP server), dhclient fails to get a lease. As noted earlier, dhclient from 3.7 works fine at both locations. I had similar (nearly identical) problems about a month ago using a then-current snapshot, also with a Linksys router, with a wi(4) card, a problem I didn't see in 3.7. I further would recieve a console message Discarding packet with invalid hlen at each (I think) DHCPOFFER. It's been a while, but I switched to static addressing and didn't follow up (though it's on my list of bugs to report/ask about after I have the time to put together a real report). There's been discussion before that some features of Linksys routers/access points are fairly broken, and more than likely the OS won't be changed to work with something nonstandard and unfriendly. I'll try to get to a tcpdump and a real bug report this weekend, if anyone else will find it helpful. CDJ -- Christian Jones [EMAIL PROTECTED] http://www.aleph0.com/~chjones
Re: [OpenBSD 3.7] Wireless - D-Link and Netgear WG 511T
cbb0 at pci2 dev 4 function 0 ENE CB-1410 CardBus rev 0x01pci_intr_map: no mapping for pin A : couldn't map interrupt cardbus doesn't work in that machine. What do you suggest I should do? Any tips, recommendation?
Two Weird Isakmpd Issues
Tiamat -- Brutus -- Finance Tiamat: OpenBSD 3.7 i386 Brutus: OpenBSD 3.7 AMD64 Finance: SonicWall Issues are with Brutus First Issue: Isakmpd unexpectly exits without any error, however, sometimes the VPN session between brutus and tiamat keeps working but no isakmpd process. No core dump is generated... See http://www.ualberta.ca/~charford/debug.txt for the debug (isakmpd -d -D A=99). Tiamat has clients behind on nat. Other times it does not, I just get the following error message: Aug 17 20:52:35 brutus isakmpd[25209]: exchange_run: doi-initiator (0x45367200) failed ps -aux | grep isa = blank A quick check via tcpdump http://www.ualberta.ca/~charford/tcpdump.txt From netstat -rn Encap: Source Port DestinationPort Proto SA(Address/Proto/Type/Direction) 192.168.1/24 0 XXX.xXX.XXX/24 0 0 XXX.XXX.XXX.XXX/50/use/in XXX.XXX.XXX/24 0 192.168.1/24 0 0 XXX.XXX.XXX.XXX/50/require/out Second Issue is setting up a VPN session between Brutus and Finance: Isakmpd.conf and isakmpd.policy are bellow, screen shot of Finance config see http://www.ualberta.ca/~charford/sonicwall.jpg See the debug file (http://www.ualberta.ca/~charford/debug.txt for its transacation as well... # cat isakmpd.conf # $OpenBSD: VPN-3way-template.conf,v 1.11 2004/02/11 08:55:22 jmc Exp $ # $EOM: VPN-3way-template.conf,v 1.8 2000/10/09 22:08:30 angelos Exp $ # # A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon. # # This is a template file of a VPN setup between three nodes in # a fully meshed 'three-way' configuration. Suggested use is to copy # this file to all three nodes and then edit them accordingly. # # These nodes are initially called XXX, YYY and ZZZ. # # In pseudographics: XXX --- YYY # \ / # ZZZ # # In cases where IP/network addresses should be defined values like # 192.168.XXX.nnn have been used. # # Incoming phase 1 negotiations are multiplexed on the source IP # address. In the three-way VPN, we have two possible peers. [Phase 1] Xxx.xxx.xxx.xxx= ISAKMP-peer-node-tiamat Xxx.xxx.xxx.xxx= ISAKMP-peer-node-finance # These connections are walked over after config file parsing and # told to the application layer so that it will inform us when # traffic wants to pass over them. This means we can do on-demand # keying. In the three-way VPN, each node knows two connections. [Phase 2] Connections=IPsec-Conn-TIAMAT,IPsec-Conn-Finance # ISAKMP Phase 1 peer sections ## [ISAKMP-peer-node-tiamat] Phase= 1 Transport= udp Address=xxx.xxx.xxx.xxx Configuration= Default-main-mode Authentication= keyhere [ISAKMP-peer-node-finance] Phase= 1 Transport= udp Address=xxx.xxx.xxx.xxx Configuration= Finance-main-mode Authentication= keyhere # IPsec Phase 2 sections [IPsec-Conn-Finance] Phase= 2 ISAKMP-peer=ISAKMP-peer-node-finance Configuration= Finance-quick-mode Local-ID= BRUTUS Remote-ID= FINANCE [IPsec-Conn-TIAMAT] Phase= 2 ISAKMP-peer=ISAKMP-peer-node-tiamat Configuration= Default-quick-mode Local-ID= BRUTUS Remote-ID= TIAMAT # Client ID sections [BRUTUS] ID-type=IPV4_ADDR_SUBNET Network=XXX.XXX.XXX.1 Netmask=255.255.255.0 [FINANCE] ID-type=IPV4_ADDR_SUBNET Network=XXX.XXX.XXX.1 Netmask=255.255.255.0 [TIAMAT] ID-type=IPV4_ADDR_SUBNET Network=192.168.1.0 Netmask=255.255.255.0 # # There is no more node-specific configuration below this point. # # Main mode descriptions [Default-main-mode] DOI=IPSEC EXCHANGE_TYPE= ID_PROT Transforms= 3DES-SHA,3DES-MD5 [Finance-main-mode] DOI=IPSEC EXCHANGE_TYPE= ID_PROT Transforms= 3DES-MD5 # Quick mode description [Default-quick-mode] DOI=IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-AES-SHA-PFS-SUITE [Finance-quick-mode] DOI=IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-3DES-MD5-GRP2 # cat isakmpd.policy Keynote-version: 2 Authorizer: POLICY Conditions: app_domain == IPsec policy esp_present == yes esp_enc_alg != null - true;
Re: No Sound with IBM Thinkpad 600e
On Wed, Aug 17, 2005 at 08:17:29PM +0200, Enno Lenze wrote: I am using an IBM Thinkpad 600e (2645-4AU) with a cs4610 soundchip, running a OpenBSD 3.7 (nothing special, default installation). No, you're not. The 600e doesn't have a cs4610 in it. clcs0 at pci0 dev 6 function 0 Cirrus Logic CS4610 SoundFusion rev Disable this device and your sound will work correctly. It is an incorrect hardware detection on the part of the kernel. A minimal amount of Google would have told you this. -- Marc Wilson | How come everyone's going so slow if it's called [EMAIL PROTECTED] | rush hour?