Traffic shaping with a box OBSD with only Layer 2
Hi to all. Question : Is it possible to make a bridge with box OBSD that it to do traffic shaping ? In the 6.9 FAQ tthere is a Filtering on a bridge, but there is the possibility of Traffic shaping on a bridge ? ( only traffic shaping ) ( I would to make this : my_net - taffic shaping box -- firewall/nat -- Internet ) Ale ( Sorry for my ba english )
Re: OpenBSD Metastore: New kit, thanks
Martin Schrvder wrote: On 2005-10-13 07:15:26 -0800, Szechuan Death wrote: there's nothing I care about in Taiwan enough to do so. Alternately, Then stop buying anything manufactured in Taiwan (or China). HTH. HAND. Martin I'm sorry - by what theory do you claim that I have to listen to packets from Taiwan or China because I purchase items made there? Sorry, wrong answer. One has nothing to do with the other. Ohyeah: SD, STFU, FOAD, HTH, HAND! -- (c) 2005 Unscathed Haze via Central Plexus [EMAIL PROTECTED] I am Chaos. I am alive, and I tell you that you are Free. -Eris Big Brother is watching you. Learn to become Invisible. | Your message must be this wide to ride the Internet. |
Re: OpenBSD Metastore: New kit, thanks
frantisek holop wrote: hmm, on Thu, Oct 13, 2005 at 07:15:26AM -0800, Szechuan Death said that Yup, looks like. Sorry, Charlie. Take a flight to Taipei and snuff a spammer or scriptkiddie, if everybody does that TW can be put back on the Civilized Net Nation list. Arguments that US contains the most spam lords will be directed to /dev/null, I invite anybody who wants to what i can't really understand is, why bother making a tool like this, if you are afraid that it is going to be used, or that someone will ssh scan you from taiwan? so let's just block all the non us countries or what? I'm not afraid that it's going to be used. I _want_ it to be used, I never suggested otherwise. I'm not blocking non-US countries, I'm blocking shitholes. The more people blackhole shitholes, the better off the world is in the long run, this provides shitholes with an incentive to no longer be shitholes. (What do you mean, I can't download the latest Britney video? DAAAD, the neighborhood spammer is making my Internet stop again! All right, honey. Grab the machete, let's go take out that guy on the corner who sells penis pills. When he's gone, the network will come back.) I choose to block some places. The rest may be blocked or not at my leisure. The tool makes that oh so easy. I wish I had a way to break it down into U.S. states (Florida would be GONE, another notorious shithole), but can't do that w/o reference to ARIN's WHOIS secret sauce database. We'll see how it goes. Don't hold your breath for that one. I made it because I'm a scorched earth kind of a guy. I have received enough SSH scans, spams, and other miscellaneous malicious traffic from certain countries that I simply do not care to hear anything else from them, ever again. I am this close to blocking some of the Eastern European countries, they irritate me. if you are afraid of the big bad internet, turn off your machine. See, astonishingly enough, from any of those netblocks, it appears that that is precisely what I have done. Amazing, huh? I think you need a serious education about what rights you actually have. I do not _have_ to listen to or respond to any traffic from anybody, the end. I respond to whom I choose. you know, smtp and ssh do not use port 80 maybe you could open it up. the horror, the horror. I was afraid this might happen. See, here's the problem: I DO NOT CARE WHAT YOU THINK IS 'REASONABLE'. I DO NOT HAVE TO. YOUR OPINION IS OF ZERO IMPORTANCE TO ANYBODY OTHER THAN YOU. GET USED TO THIS IDEA. It is *my* network connection. I have determined that these countries do not carry traffic worth listening to, that the costs of listening to them (time, energy, frustration, money, etc.) exceeds the costs of not doing so. Fiat obscurum.[1] I have also determined that it is not worth removing those blocks for the purpose of this project, since I do not plan to host it longer than I absolutely have to. I am merely developing this resource, I do not possess the resources to host it myself past initial development/beta stage. If you would like to host it on a We Are The World-enabled host, by all means, feel free, I'd love to get it on a decent connection. If there are people out there in TeeVeeLand from those countries who have a clue and are interested in viewing it, as I said, use Tor or another proxy not inside one of those netblocks. I do value your input, but not enough to grab my ankles. Sorry. Thank your countrymen. Yes, I am an asshole. Yes, I am sorry for the clued who live in these benighted countries, I am sympathetic to their plight. No, I am not sympathetic enough to unblock these places. Yes, I do recommend staking spammers and scriptkiddies to fix this problem instead, for a variety of ethical and aesthetic reasons. Until the happy Day of the Stake, however, I will continue blocking these countries until they begin acting in aggregate like human beings on the Internet. If you have any useful comments about other aspects of the Metastore, on the other hand, feel free to let me know. This one is a non-starter, though. -- (c) 2005 Unscathed Haze via Central Plexus [EMAIL PROTECTED] I am Chaos. I am alive, and I tell you that you are Free. -Eris Big Brother is watching you. Learn to become Invisible. | Your message must be this wide to ride the Internet. | [1] Me no speak Latin good. Someone want to provide the proper Latin for Let there be dark?
Re: OpenBSD Metastore: New kit, thanks
On Thu, 13 Oct 2005 07:15:26 -0800 Szechuan Death [EMAIL PROTECTED] wrote: Alternately, find an ISP that is not so braindamaged that they get netblocks from another country. Well, we ARE the ISP and no, it's not braindamaged of us to get netblocks from Taiwan (for numerous reasons that is beyond the scope of this discussion). I really dont feel like renumbering our entire network and all our clients so getting different IP's arent a solution. Using Tor is though, had completely forgot that I have Tor installed. --- Lars Hansson
Re: OpenBSD Metastore: New kit, thanks
hmm, on Thu, Oct 13, 2005 at 11:06:35PM -0800, Szechuan Death said that I think you need a serious education about what rights you actually have. I do not _have_ to listen to or respond to any traffic from anybody, the end. I respond to whom I choose. never said a word about rights. you make an application to collect data worldwide then you block half of it. Yes, I am an asshole. couldn't agree more. asinus ad lyram -f -- selfishness is a vice we see only in others.
Re: VPN setup
Isn't this in the FAQ (yet/still)? It definitely is in the archives... If you have a tunnel between the networks traffic between the networks is the *only* traffic to be encrypted. See 'netstat -rn -f encap', source and destination fields. As soon as any of the gateways are involved, either the one pinging or the one being pinged, it will use the IP address of the network between the gateways (i.e 192.168.2.x) -- and as that IP is not part of the tunnel it will not be encrypted. (This is really IP routing 101. :) You probably have something blocking the cleartext traffic, such as pf, as the network stack will accept an unecrypted ping response packet to an encrypted ping packet. To solve the problem you will need to add tunnels from gateway 1 to net 2, also gateway 2 to net 1 and possibly gateway 1 to gateway 2 (for completeness). /H On 14 okt 2005, at 06.55, Josh Webb wrote: if it's not the sysctl, can gateway1 ping client2 || gateway2 ping client1 ? no or client1 ping 192.168.2.1 || client2 ping 192.168.2.2 ? yes also, client1 can't ping 192.168.2.2 || client2 can't ping 192.168.2.1. /H
Compiling perl pkg_* to c
Hi, I'm working on a installation where I can't install perl and I need to be able to install packages using pkg_add, pkg_delete etc. There are two solutions to my problem: 1. If anyone have a c-based pkg_add or pkg_delete that works, this would be great. (It seems like this was done in c a while back) 2. Try to compile the perl-source into a c-application using perlcc. So, the best thing would be to get a c-version, does anyone have one of these? My second option seems to fail with a core dump: # perlcc -c pkg_add /usr/bin/perlcc: pkg_add did not compile, which can't happen: Starting compile Walking tree OpenBSD::PackingElement::SpecialFile saved (it is in OpenBSD::PackingElement::FMTREE_DIRS's @ISA) OpenBSD::PackingElement::Unique saved (it is in OpenBSD::PackingElement::SpecialFile's @ISA) OpenBSD::PackingElement::Meta saved (it is in OpenBSD::PackingElement::Unique's @ISA) OpenBSD::PackingElement saved (it is in OpenBSD::PackingElement::Meta's @ISA) Exporter saved (it is in Symbol's @ISA) OpenBSD::PackingElement::DirBase saved (it is in OpenBSD::PackingElement::Dir's @ISA) OpenBSD::PackingElement::DirlikeObject saved (it is in OpenBSD::PackingElement::DirBase's @ISA) OpenBSD::PackingElement::FileObject saved (it is in OpenBSD::PackingElement::DirlikeObject's @ISA) OpenBSD::PackingElement::Object saved (it is in OpenBSD::PackingElement::FileObject's @ISA) OpenBSD::PackingElement::Action saved (it is in OpenBSD::PackingElement::ExeclikeAction's @ISA) OpenBSD::PackageLocation saved (it is in OpenBSD::PackageLocation::SCP's @ISA) OpenBSD::PackageLocation::FTPorSCP saved (it is in OpenBSD::PackageLocation::SCP's @ISA) OpenBSD::PackingElement::Option saved (it is in OpenBSD::PackingElement::NoDefaultConflict's @ISA) OpenBSD::PackingElement::Annotation saved (it is in OpenBSD::PackingElement::Ignore's @ISA) OpenBSD::PackingElement::Sample saved (it is in OpenBSD::PackingElement::Sampledir's @ISA) OpenBSD::PackingElement::Comment saved (it is in OpenBSD::PackingElement::ExtraInfo's @ISA) OpenBSD::PackingElement::Extra saved (it is in OpenBSD::PackingElement::Extradir's @ISA) IO::Handle saved (it is in IO::File's @ISA) OpenBSD::PackageLocation::HTTPorFTP saved (it is in OpenBSD::PackageLocation::HTTP's @ISA) Prescan Saving methods Bootstrap File::Glob /usr/libdata/perl5/i386-openbsd/5.8.6/XSLoader.pm Segmentation fault (core dumped) # Rickard.
Re: VPN setup
Woo-hoo! I figured it out. On gateway1 I had to do, 'route add 192.168.3 192.168.1.1', and on gateway2, 'route add 192.168.1 192.168.3.1'. I know I should send stuff about the man pages to hshoexer@, but is that @openbsd.org, @cvs.openbsd.org, or what? If any kind soul wants to tell me how to get that route to stick around after a reboot, that would be great. Otherwise, I'll just look it up after I get some sleep. Thanks everyone.
Re: Happy Birthday OpenBSD ! 10 years !
Oct 14 OpenBSD born, Saturday 16:36 MST, 1995 Nah, today is Niklas' birthday. Or his weddings' anniversary. I never remember. Miod
Re: carp-sasync-isakmpd failover problem...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stefan Sczekalla-Waldschmidt wrote: Do you actually see the SAs being synced over? This should happen as soon as the connection gets established. ipsecctl -v -s all should show the same result on both cluster members and the Remote Host. Done that - sa where equal on both machines ... The ipsec-tunnel from LocalLAN to RemoteLAN is running well until I break up e.g. the ( WAN ) Connection on Host (M) Carp1 to the Remote Host. How do you break it? we where pulling the Plug at the NIC ... HOST(B) gets Carp-Master as expected, SA's seems to get synced too but the tunnel fails to failover and the RemoteHost complains about dropped messages due to notification type invalid_cookie. I suppose carp is preempting. yes, we'd set the switch in sysctl.conf Use ipsecctl -v -s all again to check the sadb on all hosts. I've seen occasions where a new tunnel got created during failover and the outgoing packets still used the old tunnel, while incoming packets were sent over the new tunnel by the remote host. Looked like. What is the best way to go on if the above mentioned happens ? Looked like what? Do you see two SA pairs after failover? Tcpdump will show you the SPI that each packet is using: tcpdump -vv host RemoteHost and esp (check syntax first) Hmm, I don't have access to my lab right now. I remember fixing it somehow, but have to look it up first. Did you configure anything to happen automatically (e.g. restart isakmpd or run ipsecctl/ipsecadm etc.) in case of a failover? This might create the second tunnel. Who initiates the tunnel and how? (again, tcpdump will help you) krgds /markus ps: taking it back to misc@, since I suppose that's what it's for. iD8DBQFDT4ku8BX/d8pVi/cRAiPNAKCROuN7v9UAuCVzrm/RXyhdUtu3nQCgj4+q 2Vu7A88BfAgqsLgO3eP0C4Y= =VVyi -END PGP SIGNATURE-
Re: VPN setup
On Fri, Oct 14, 2005 at 04:31:36AM -0500, Josh Webb wrote:
I know I should send stuff about the man pages to hshoexer@, but is
that @openbsd.org, @cvs.openbsd.org, or what?
someone will correct me if this is the wrong way, but can
also do a sendbug(1) and submit your diff to the manpage as a doc-bug
If any kind soul wants to tell me how to get that route to stick around
after a reboot, that would be great. Otherwise, I'll just look it up
after I get some sleep.
this is how i do it:
(/etc/hostname.sis0)
inet 192.168.7.27 0xffe0 NONE
(/etc/hostname.enc0)
up
inet 172.16.7.30 0x NONE
(/etc/rc.local)
---
#the vpn!
if [ -p /var/run/isakmpd.fifo ]; then
echo -n 'adding VPN 192.168 routes:'
for VPNDEST in 192.168.23.0/25 192.168.23.128/25; {
/sbin/route add -net ${VPNDEST} -interface 192.168.7.27 /dev/null
21
echo -n ${VPNDEST};
};
echo done.
echo -n 'adding VPN 172.16 routes:'
for VPNDEST in 172.16.222.1 172.16.196.1 172.16.4.1 172.16.24.1
172.16.23.1 172.16.23.129; {
/sbin/route add -host ${VPNDEST} -interface 172.16.7.30 /dev/null
21
echo -n ${VPNDEST};
};
echo done.
fi
---
you could also do the '!' syntax for hostname.if(5) and 'route add' that way.
Re: Traffic shaping with a box OBSD with only Layer 2
On Fri, Oct 14, 2005 at 07:59:00AM +0200, Alessandro Coppelli wrote: Hi to all. Question : Is it possible to make a bridge with box OBSD that it to do traffic shaping ? In the 6.9 FAQ tthere is a Filtering on a bridge, but there is the possibility of Traffic shaping on a bridge ? ( only traffic shaping ) it might end up doing the actual filtering decisions above layer2, but you can use tags in your bridge config based on whatever criteria you choose, and then create a pf.conf who does nothing other than act on tagged packets, queueing however you wish. jared -- [ openbsd 3.8 GENERIC ( sep 27 ) // i386 ]
Re: VPN setup
On Fri, 14 Oct 2005 04:34:54 -0600
jared r r spiegel [EMAIL PROTECTED] wrote:
(/etc/rc.local)
---
#the vpn!
if [ -p /var/run/isakmpd.fifo ]; then
echo -n 'adding VPN 192.168 routes:'
for VPNDEST in 192.168.23.0/25 192.168.23.128/25; {
/sbin/route add -net ${VPNDEST} -interface 192.168.7.27
/dev/null 21
You might want to use the -static option to route. I found out the hard way
that if you don't the route will be removed from the routing table if,
for example, the carrier drops on the interface.
---
Lars Hansson
Re: wireless pci card problem
On Fri, Oct 14, 2005 at 10:29:01AM +0800, man Chan wrote: Hello, I got a pci wireless yesterday. After the installation, the system reported that the following message:- rtw0 at pci0 dev 8 function 0 Realtek 8185 rev 0x20: irq 11 rtw0: ver RTL8185, rtw0: could not recall EEPROM in 1us rtw0: could not recall EEPROM in 1us Does this mean that the card is not supported at the moment. It is surecom 9321g/2A I never heard a report of the original 802.11b rtw PCI cards actually working. For RTL8185 the code to talk to the RF tranceiver is not yet working, so it can not possibly work right now. This is the first I've heard of RTL8185 products being available in the retail market. So no, not supported for the moment.
Re: Happy Birthday OpenBSD ! 10 years !
yay.. viel Gl|ck zum Geburstag f|r OpenBSD :) On 10/14/05, Frank Denis (Jedi/Sector One) [EMAIL PROTECTED] wrote: Oct 14 OpenBSD born, Saturday 16:36 MST, 1995 Happy Birthday OpenBSD \ \ | . . |L /| _ . |\ _| \--+._/| . / ||\| Y J ) / |/| ./ J |)'( | ` F`.'/ -| F __ .- | / .-'. `. /-. L___ J \ \ | | O\|.-' _J \ .- \/ O | | \ |F '-F -_. \ .-' `-' L__ __J _ _. -' )._. |-' `-|.' /_. \_| F /.- . _. /' /.' .' `\ /L /' |/ _.-'-\ /'J ___.---'\| |\ .--' V | `. ` |/`. `-. `._) / .-.\ \ ( `\ `.\ -- Frank - my stupid blog: http://00f.net L'annuaire des professionnels de la manucure et de la pedicure : http://www.manucure-pro.com -- hky@ OpenBSD is suck, but you gonna love it
Re: OpenBSD Metastore: New kit, thanks
what i can't really understand is, why bother making a tool like this, if you are afraid that it is going to be used, or that someone will ssh scan you from taiwan? so let's just block all the non us countries or what? I'm not afraid that it's going to be used. I _want_ it to be used, I never suggested otherwise. I'm not blocking non-US countries, I'm blocking shitholes. The more people blackhole shitholes, the better off the world is in the long run, this provides shitholes with an incentive to no longer be shitholes. (What do you mean, I can't through the magick of PF's ordered filtering, you could allow all inbound on port 80, and THEN block your desired ranges.
Re: OpenBSD Metastore: New kit, thanks
On Fri, 14 Oct 2005 07:19:49 -0400, Matt Rowley wrote: what i can't really understand is, why bother making a tool like this, if you are afraid that it is going to be used, or that someone will ssh scan you from taiwan? so let's just block all the non us countries or what? I'm not afraid that it's going to be used. I _want_ it to be used, I never suggested otherwise. I'm not blocking non-US countries, I'm blocking shitholes. The more people blackhole shitholes, the better off the world is in the long run, this provides shitholes with an incentive to no longer be shitholes. (What do you mean, I can't through the magick of PF's ordered filtering, you could allow all inbound on port 80, and THEN block your desired ranges. Matt, I really don't know why you bother. He is rabid and beyond logic, poor baby. I block smtp access using spamd from .kr and .cn and spews1 and I don't get more than 1 or 2 spams a month except from lists that I am subscribed to. I can del one or two a day without getting hypertensive but I don't think the little Tourettes baby can make that kind of connection with reality. I use the don't let in Linux to ssh pf capability on one machine and the connection rate facility on the newer ones. He would rather rave than use whatever is left of his brain to do something like that. Probably hormonal ego tripping or a giant inferiority complex overcorrection. Leave him be. Thanks, In the beginning was The Word and The Word was Content-type: text/plain The Word of Rod. Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.
Happy Birthday OpenBSD
HAPPY BIRTHDAY OPENBSD \ ^__^ \ (oo)\___ (__)\ )\/\ ||w | || || 10`s years :)
Re: Happy Birthday OpenBSD ! 10 years !
So happy birthday OpenBSD http://www.chatou-informatic.com/obsdbirthday.htm Thanks to all involved persons in Obsd Oct 14 OpenBSD born, Saturday 16:36 MST, 1995 Happy Birthday OpenBSD \ \ |. . |L /| _ . |\ _| \--+._/| . / ||\| Y J ) / |/| ./ J |)'( |` F`.'/ -| F __ .- | / .-'. `. /-. L___ J \ \ | | O\|.-' _J \ .-\/ O | | \ |F '-F -_. \ .-' `-' L__ __J _ _. -' )._. |-' `-|.' /_. \_| F /.- ._. /'/.' .' `\ /L /' |/ _.-'-\ /'J ___.---'\| |\ .--' V | `. ` |/`. `-. `._) / .-.\ \ ( `\ `.\ -- Frank - my stupid blog: http://00f.net L'annuaire des professionnels de la manucure et de la pedicure : http://www.manucure-pro.com --
Re: Happy Birthday OpenBSD
HAPPY BIRTHDAY OPENBSD !!! Thank You Theo De Raadt for 10 years of hard work under OpenBSD! Thank You community for support, hacking learning OpenBSD! VIVA LA OpenBSD! Wszystkiego najlepszego! At 11:53 2005-10-14, you wrote: HAPPY BIRTHDAY OPENBSD \ ^__^ \ (oo)\___ (__)\ )\/\ ||w | || || 10`s years :)
zebra/ospf example config files
I've been trying for the last couple of days to get a very simple OS{F
setup going using the ospfd that comes with 3.7, and an updated one from a
snapshot. It can probably be made to work, but I can't seem to do it.
In any case, I've decidedto try to set this up with zebra. Here's my
scenario. I've go a corporate OSPF cloud (which really boils down to one
router from my point of view). Then I have 2 3.7 machines that function as
gateways from a corporate supporte network to one I support. These machines
use CARP to provide redundacny. All I _really_ need this setup to do is
advertise the route to our network. I'd prefer that the advertised route
was to the CARP interface.
Can anyone point me to an example of working zebra config files for
something like this?
--
U.S. Encouraged by Vietnam Vote - Officials Cite 83% Turnout Despite Vietcong
Terror
- New York Times 9/3/1967
Re: wireless pci card problem
http://www.openbsd.org/i386.html#hardware From: man Chan [EMAIL PROTECTED] To: misc@openbsd.org Subject: wireless pci card problem Date: Fri, 14 Oct 2005 10:29:01 +0800 (CST) Hello, I got a pci wireless yesterday. After the installation, the system reported that the following message:- rtw0 at pci0 dev 8 function 0 Realtek 8185 rev 0x20: irq 11 rtw0: ver RTL8185, rtw0: could not recall EEPROM in 1us rtw0: could not recall EEPROM in 1us Does this mean that the card is not supported at the moment. It is surecom 9321g/2A Thanks. Clarence ___ 7Q'Y.I,(l7s email 3q*!H $U8| Yahoo! Messenger http://messenger.yahoo.com.hk
Re: Searching for Unix based point of sale systems without much success
On 10/13/05, Roger Neth Jr [EMAIL PROTECTED] wrote: Hello List, I have been trying to find some Unix based point of sale systems for restaurants and retailers. Mostly independents, mom and pops. http://www.openbsd.org/products.html Look at My Restaurant Terry
Re: Happy Birthday OpenBSD
Brazilian community wish you happy birthday!! Feliz Aniversario OpenBSD! On 10/14/05, Marcin Wilk [EMAIL PROTECTED] wrote: HAPPY BIRTHDAY OPENBSD !!! Thank You Theo De Raadt for 10 years of hard work under OpenBSD! Thank You community for support, hacking learning OpenBSD! VIVA LA OpenBSD! Wszystkiego najlepszego! At 11:53 2005-10-14, you wrote: HAPPY BIRTHDAY OPENBSD \ ^__^ \ (oo)\___ (__)\ )\/\ ||w | || || 10`s years :) -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://salvatti.expert.com.br e-mail: [EMAIL PROTECTED]
Re: Happy Birthday OpenBSD ! 10 years !
Making, drinking tea and reading an opus magnum from Miod Vallat: [Charset ISO-8859-1 unsupported, filtering to ASCII...] Oct 14 OpenBSD born, Saturday 16:36 MST, 1995 Nah, today is Niklas' birthday. Or his weddings' anniversary. I never remember. that's on 18th! (: cu -- paranoic mickey (my employers have changed but, the name has remained)
Re: making packages out of the portstree
okay, i updated all versions to recent -current and now pkg_add works like expected; the versions were too different, obviously. sorry for the noise. Marc Espie schrieb: On Wed, Oct 12, 2005 at 05:04:56PM +0200, Marc Peters wrote: hi all, i wanted to install a package on an box, which i built out of the portstree via make package. everything goes fine and the package is available in /usr/ports/packages/i386/cdrom/ and ../ftp/. i copied the .tgz to the machine, where i wanted to install it on, but it failed with the following error: # pkg_add nut-2.0.0p0.tgz Unknown element: @pkgpath sysutils/nut,no_cgi i looked untarred it and looked through +CONTENTS and found following lines regarding @pkgpath: @pkgpath sysutils/nut,no_cgi @pkgpath sysutils/nut,snmp @pkgpath sysutils/nut,no_cgi,snmp in other packages' +CONTENT, e.g. wget from ftp.openbsd.org, there are no lines referring to this pkgpath. am i missing something in the buildprocess for a package? i read the man page of bsd.port.mk(5), ports(7) and pkg_add(1) but didn't find anything regarding this element and how to turn this of in the process of make package and i didn't find anything in the archives of marc.theaimsgroup.com regarding this problem. @pkgpath is a fairly recent addition to the package tools. The stuff on the machines you built packages on obviously knows about it, since pkg_create was able to create the packages. The machines you try to add the package on doesn't know about it. -stable vs. -current looks like the more likely explanation. You won't find a way to turn this off. The OpenBSD ports tree doesn't work that way, you don't turn stuff off. @pkgpath is a very useful addition for the update process...
Re: Happy Birthday OpenBSD ! 10 years !
Oct 14 OpenBSD born, Saturday 16:36 MST, 1995 Sorry, but so many of you are uninformed. RCS file: /cvs/src/Makefile,v revision 1.1 date: 1995/10/18 08:37:01; author: deraadt; state: Exp; branches: 1.1.1; Initial revision That is when the repository was created. That is the official date. I don't know where people get the other date from.
Re: Happy Birthday OpenBSD ! 10 years !
On Fri, Oct 14, 2005 at 08:39:15AM -0600, Theo de Raadt wrote: Oct 14 OpenBSD born, Saturday 16:36 MST, 1995 Sorry, but so many of you are uninformed. date: 1995/10/18 08:37:01; author: deraadt; state: Exp; That is when the repository was created. That is the official date. I don't know where people get the other date from. This is the calendar.openbsd entry for Oct 14.
Re: Happy Birthday OpenBSD ! 10 years !
On Fri, 14 Oct 2005 07:48:28 -0700 Peter Hessler [EMAIL PROTECTED] wrote: On Fri, 14 Oct 2005 08:39:15 -0600 Theo de Raadt [EMAIL PROTECTED] wrote: : Oct 14 OpenBSD born, Saturday 16:36 MST, 1995 : : Sorry, but so many of you are uninformed. : : RCS file: /cvs/src/Makefile,v : revision 1.1 : date: 1995/10/18 08:37:01; author: deraadt; state: Exp; : branches: 1.1.1; : Initial revision : : : That is when the repository was created. That is the official : date. I don't know where people get the other date from. : /usr/share/calendar/calendar.openbsd It has been there since it's initial import: http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/calendar/calendars/calendar.openbsd?rev=1.1content-type=text/plain Jasper -- Security is decided by quality -- Theo de Raadt
Re: High Interrupt Mode Reported by 'Top' for Soekris 4801
* William Bloom [EMAIL PROTECTED] [2005-10-07 01:16]: then wouldn't there be more problems like mine mentioned in the lists? And I'm running into high interrupts with only about 4Mbs throughput while others have claimed much higher values. bandwidth is (almost) irrelevant. packet rates matter. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Sysctls for message queues?
Hello People, I've just setup a squid proxy at a local school. It's been humming along fine for two weeks now. Today it started to work rather sporadically. I'm using squid-2.5.STABLE10-transparent from ports, on an OpenBSD snapshot from 1st september (too be upgraded to -stable on Nov 1st). /var/squid/logs/cache.log tells me this: 2005/10/14 08:56:55| storeDiskdSend OPEN: (35) Resource temporarily unavailable 2005/10/14 08:56:55| storeDiskdSend: msgsnd: (35) Resource temporarily unavailable So for some reason diskd is choking. Through google I found this thread, discussing the same symptoms: http://squid.bilkent.edu.tr/mail-archive/squid-users/200212/0354.html As told there, it's problably IPC settings that should be adjusted. The squid FAQ tells me to fiddle in the kernel config: http://www.squid-cache.org/Doc/FAQ/FAQ-22.html#ss22.6 But since GENERIC is holy for me, I'd rather not poke around and have to run a custom kernel. Is there any other way to change these values? With config -e /bsd I found that SHMSEG and SHMMAXPGS could be changed, but I'm not sure these are the ones I should touch? In sysctl there seems to be a bunch of values in kern.seminfo. But again, those are not named like the values in the squid FAQ. Any tips/pointers on how to make squid a more happy fish? squid.conf: http_port 8080 icp_port 0 cache_mem 64 MB cache_effective_user _squid cache_effective_group _squid logfile_rotate 0 pid_filename /var/run/squid.pid visible_hostname proxy.media.sundsvall.se httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on cache_replacement_policy heap GDSF memory_replacement_policy heap GDSF cache_dir diskd /var/squid/cache 4096 16 256 cache_access_log /var/squid/logs/access.log cache_log /var/squid/logs/cache.log cache_store_log none acl net-media src 192.168.5.0/24 acl net-hvfoto src 192.168.4.0/24 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 acl CONNECT method CONNECT # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports http_access allow net-media http_access allow net-hvfoto http_access allow localhost http_access deny all == dmesg: OpenBSD 3.8 (GENERIC) #137: Thu Sep 1 17:41:20 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Celeron(R) CPU 2.53GHz (GenuineIntel 686-class) 2.53 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,TM2,CNXT-ID real mem = 258084864 (252036K) avail mem = 228601856 (223244K) using 3176 buffers containing 13008896 bytes (12704K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 02/09/05, BIOS32 rev. 0 @ 0xffe90 apm0 at bios0: Power Management spec V1.2 apm0: APM get power status: unknown error code? (83) apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfeb00/240 (13 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x8086 product 0x2640 pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #4 is the last bus bios0: ROM list: 0xc/0xa800! 0xca800/0x1800! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 915G/P/GV Host rev 0x04 ppb0 at pci0 dev 1 function 0 Intel 915G/P/GV PCIE rev 0x04 pci1 at ppb0 bus 1 vga1 at pci0 dev 2 function 0 Intel 915G/P/GV Video rev 0x04: aperture at 0xdff0, size 0x800 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) vendor Intel, unknown product 0x2782 (class display subclass miscellaneous, rev 0x04) at pci0 dev 2 function 1 not configured ppb1 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x04 pci2 at ppb1 bus 2 bge0 at pci2 dev 0 function 0 Broadcom BCM5751 rev 0x01, BCM5750 A1 (0x4001): irq 11 address 00:11:43:7d:7f:0d brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb2 at pci0 dev 28 function 1 Intel 82801FB PCIE rev 0x04 pci3 at ppb2 bus 3 uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x04: irq 9 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x04: irq 5 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x04: irq 3 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2
Re: Happy Birthday OpenBSD ! 10 years !
Mickey's calendar is not telling the truth. There problem is there are a few things which happened in the days beforehands (13th, 14th, 17th) as the decision to setup a repository started being taken. It took a few days to get things imported just right. Machines were slow back in those days, too. There are teeny artifacts of those attempts, for instance in ChangeLog.1 you can see the import attempts (I think on the 13th cvs was crashing because of some large files in the repository). The repository we use today is marked Oct 18, 1995 throughout, as the 1.1 revision is many files. Many other things are that way too. For a project so large, how else should we date it. First time I used the name OpenBSD? Date the DNS record was allocated? Date web page went up? Date other developers got accounts? Or should we set the date based on some previous conversation with the NetBSD guys? So, with that said, CVSROOT:/cvs Module name:src Changes by: [EMAIL PROTECTED] 2005/10/14 09:06:10 Modified files: usr.bin/calendar/calendars: calendar.openbsd Log message: assume niklas's dating for openbsd birth CVSROOT:/cvs Module name:src Changes by: [EMAIL PROTECTED] 2005/10/14 09:09:25 Modified files: usr.bin/calendar/calendars: calendar.openbsd Log message: doh! it was a wednesday. and fix the time as well then And that is: Oct 18 OpenBSD born, Wednesday 08:37:01 GMT, 1995 It's more important that we agree ;)
Re: Happy Birthday OpenBSD ! 10 years !
On Fri, 14 Oct 2005 17:01:16 +0200 Jasper Lievisse Adriaanse [EMAIL PROTECTED] wrote: On Fri, 14 Oct 2005 07:48:28 -0700 Peter Hessler [EMAIL PROTECTED] wrote: On Fri, 14 Oct 2005 08:39:15 -0600 Theo de Raadt [EMAIL PROTECTED] wrote: : Oct 14 OpenBSD born, Saturday 16:36 MST, 1995 : : Sorry, but so many of you are uninformed. : : RCS file: /cvs/src/Makefile,v : revision 1.1 : date: 1995/10/18 08:37:01; author: deraadt; state: Exp; : branches: 1.1.1; : Initial revision : : : That is when the repository was created. That is the official : date. I don't know where people get the other date from. : /usr/share/calendar/calendar.openbsd It has been there since it's initial import: http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/calendar/calendars/calendar.openbsd?rev=1.1content-type=text/plain Jasper And in the time between sending this e-mail and receiving it via the list, mickey@ has already fixed it. :-) -- Security is decided by quality -- Theo de Raadt
Problems with dial-up on Open 3.7
Hi All, I'm trying connect on internet via modem( dial-up) with Openbsd 3.7. Did the configuration as tell the manual (I guess) but something is wrong on my chatscript. Below I put my ppp.conf, options, chatscript, ppp.secrets and chat-secrets to you take a look. The symptom is: The modem do the dial and I get a request ( user and pass ) after term , at and atdt(number) command, but this is the end. Don`t establish connection, get Ip address or another configurations about ISP. The error is: Warning: Chat script failed I really appreciate if someone help me on that... The files: ## [EMAIL PROTECTED] ppp]# more ppp.conf # # PPP Sample Configuration File # Originally written by Toshiharu OHNO # Simplified 5/14/1999 by [EMAIL PROTECTED] # # See /usr/share/examples/ppp/ for some examples # # $OpenBSD: src/etc/ppp/ppp.conf,v 1.2.2.4 2001/02/22 23:28:42 brian Exp $ # default: ident user-ppp VERSION (built COMPILATIONDATE) set device /dev/cua01 set speed 115200 set dial ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 20 \\ AT \ OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 60 RING ATA CONNECT set redial 5 10 set log Phase Chat LCP IPCP CCP tun command # edit the next three lines and replace the items in caps with # the values which have been assigned by your ISP. terra: set phone 46498433 set login TIMEOUT 10 ogin:--ogin: my_user word: my_pass set authname my_user set authkey my_pass set timeout 30 add 0 0 HISADDR enable dns [EMAIL PROTECTED] ppp]# ## [EMAIL PROTECTED] ppp]# more pap-secrets my_user * my_pass [EMAIL PROTECTED] ppp]# # [EMAIL PROTECTED] ppp]# more options lock auth defaultroute modem 115200 crtscts [EMAIL PROTECTED] ppp]# ## [EMAIL PROTECTED] ppp]# more chatscript ABORT BUSY ABORT 'NO CARRIER' '' ATZ OK ATDT46498433 CONNECT '' '' '' '' '' Userid:--Userid: my_user assword?--assword? my_pass [EMAIL PROTECTED] ppp]# # $OpenBSD: ppp.secret.sample,v 1.4 2002/06/09 06:15:15 todd Exp $ # ## # Authname Authkey Peer's IP address Label Callback my_user my_pass 192.2.18.34 ## My modem is a USRobotics v90 56k external Thank you Alexandre
in-kernel pppoe and no automatic reconnect
Hello, recently my ISP had trouble with my DSL-line. I think there was a problem with the authentification servers. To check whether it works again I brought the pppoe-device down and up. Later I rebooted the machine and it worked. Does pppoe0: phase dead mean that it has given up trying to connect? If yes what can I do except for rebooting? Thanks for any hints. MartinD: ps: my roomie had to cope with 6 hours without net because of my ignorance. dont want that to happen again
Re: Happy Birthday OpenBSD ! 10 years !
Neat now OpenBSD and I share the same birthday :-) On Fri, Oct 14, 2005 at 09:11:00AM -0600, Theo de Raadt wrote: Mickey's calendar is not telling the truth. There problem is there are a few things which happened in the days beforehands (13th, 14th, 17th) as the decision to setup a repository started being taken. It took a few days to get things imported just right. Machines were slow back in those days, too. There are teeny artifacts of those attempts, for instance in ChangeLog.1 you can see the import attempts (I think on the 13th cvs was crashing because of some large files in the repository). The repository we use today is marked Oct 18, 1995 throughout, as the 1.1 revision is many files. Many other things are that way too. For a project so large, how else should we date it. First time I used the name OpenBSD? Date the DNS record was allocated? Date web page went up? Date other developers got accounts? Or should we set the date based on some previous conversation with the NetBSD guys? So, with that said, CVSROOT:/cvs Module name:src Changes by: [EMAIL PROTECTED] 2005/10/14 09:06:10 Modified files: usr.bin/calendar/calendars: calendar.openbsd Log message: assume niklas's dating for openbsd birth CVSROOT:/cvs Module name:src Changes by: [EMAIL PROTECTED] 2005/10/14 09:09:25 Modified files: usr.bin/calendar/calendars: calendar.openbsd Log message: doh! it was a wednesday. and fix the time as well then And that is: Oct 18 OpenBSD born, Wednesday 08:37:01 GMT, 1995 It's more important that we agree ;)
Re: Happy Birthday OpenBSD ! 10 years !
At 11:11 AM 10/14/05, Theo de Raadt wrote: There problem is there are a few things which happened in the days beforehands (13th, 14th, 17th) as the decision to setup a repository started being taken. Roughly equivalent to birthing pains? For a project so large, how else should we date it. First time I used the name OpenBSD? Date the DNS record was allocated? Date web page went up? Date other developers got accounts? Or should we set the date based on some previous conversation with the NetBSD guys? When code becomes available. A baby can have a name before it's born. The other dates probably have corresponding events in a child's life. Web page = birth announcement? It's more important that we agree ;) Agreed.
Re: Happy Birthday OpenBSD ! 10 years !
On Fri, 14 Oct 2005, Theo de Raadt wrote: Mickey's calendar is not telling the truth. For this particular case i am going to make 2 assumptions: 1- this year OpenBSD gets 2 birthdays - the former, incorrect one, and the new, correct one. 2- the best way to say happy birthday is through donations: http://www.openbsd.org/donations.html Would be good for other users to at least follow #2. Happy birthday OpenBSD; your present is on its way, today and again on the 18th! -f http://www.blackant.net/
Re: Happy Birthday OpenBSD ! 10 years !
I remember walking around with Theo in SunnySide after he got kicked out of NetBSD, talking about code openness and code quality, and his making a decision to eat ramen for a year or so to make this happen. Congrats! - a On Fri, 14 Oct 2005, Marco Peereboom wrote: Neat now OpenBSD and I share the same birthday :-) On Fri, Oct 14, 2005 at 09:11:00AM -0600, Theo de Raadt wrote: Mickey's calendar is not telling the truth. There problem is there are a few things which happened in the days beforehands (13th, 14th, 17th) as the decision to setup a repository started being taken. It took a few days to get things imported just right. Machines were slow back in those days, too. There are teeny artifacts of those attempts, for instance in ChangeLog.1 you can see the import attempts (I think on the 13th cvs was crashing because of some large files in the repository). The repository we use today is marked Oct 18, 1995 throughout, as the 1.1 revision is many files. Many other things are that way too. For a project so large, how else should we date it. First time I used the name OpenBSD? Date the DNS record was allocated? Date web page went up? Date other developers got accounts? Or should we set the date based on some previous conversation with the NetBSD guys? So, with that said, CVSROOT:/cvs Module name:src Changes by: [EMAIL PROTECTED] 2005/10/14 09:06:10 Modified files: usr.bin/calendar/calendars: calendar.openbsd Log message: assume niklas's dating for openbsd birth CVSROOT:/cvs Module name:src Changes by: [EMAIL PROTECTED] 2005/10/14 09:09:25 Modified files: usr.bin/calendar/calendars: calendar.openbsd Log message: doh! it was a wednesday. and fix the time as well then And that is: Oct 18 OpenBSD born, Wednesday 08:37:01 GMT, 1995 It's more important that we agree ;)
Re: Happy Birthday OpenBSD ! 10 years !
Marco Peereboom wrote: Neat now OpenBSD and I share the same birthday :-) Neat in fact! But we won't wish you happy 10th birthday right? Or you sure would have started to bang on that keyboard very early for sure! (; May be that's where some of the early bugs came from! (; Unless you were already thinking OpenBSD before you see the light! (: Always possible I guess... I know some of the OpenBSD guys really spend their life on the project, but that would be way to much... Happy birthday to both of you early then! Daniel
Re: Happy Birthday OpenBSD ! 10 years !
Making, drinking tea and reading an opus magnum from francisco: On Fri, 14 Oct 2005, Theo de Raadt wrote: Mickey's calendar is not telling the truth. For this particular case i am going to make 2 assumptions: 1- this year OpenBSD gets 2 birthdays - the former, incorrect one, and the new, correct one. they are both correct. it's like yom kippur -- celebrate it the whole week! cu -- paranoic mickey (my employers have changed but, the name has remained)
Re: Happy Birthday OpenBSD
HAPPY BIRTHDAY OPENBSD! from Monterey, California. On 10/14/05, Joco Salvatti [EMAIL PROTECTED] wrote: Brazilian community wish you happy birthday!! Feliz Aniversario OpenBSD! On 10/14/05, Marcin Wilk [EMAIL PROTECTED] wrote: HAPPY BIRTHDAY OPENBSD !!! Thank You Theo De Raadt for 10 years of hard work under OpenBSD! Thank You community for support, hacking learning OpenBSD! VIVA LA OpenBSD! Wszystkiego najlepszego! At 11:53 2005-10-14, you wrote: HAPPY BIRTHDAY OPENBSD \ ^__^ \ (oo)\___ (__)\ )\/\ ||w | || || 10`s years :) -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://salvatti.expert.com.br e-mail: [EMAIL PROTECTED] -- Roger D Neth Jr Owner MR Services 651Cannery Row, Suite 11 Monterey, CA 93940 Office 831-641-9255 Fax 831-641-9255 e-mail [EMAIL PROTECTED]
Re: Motherboard Recommendation
Abit A8XV Pro work fine. On 10/11/05, Simon Morgan [EMAIL PROTECTED] wrote: Hi, I'm interested in building a machine for use as an OpenBSD workstation and would appreciate any recommendations on AMD64 motherboards that are well supported. I assume there are people on this list using OpenBSD as their primary OS and would be interested to hear what you're using. This would be a damned sight easier if manufacturers didn't insist on including everything but the kitchen sink on-board and failing to document which chipsets they're using. Can you even buy desktop motherboards that don't come with on-board sound and network these days? Any advice is appreciated. Simon -- Half Moon tonight. (At least it's better than no Moon at all.) -- --- BSD - Unix simplicity. Francisco Valladolid Hdez. [EMAIL PROTECTED]
Re: Happy Birthday OpenBSD
HAPPY BIRTHDAY OPENBSD! from Monterey, California. If any of you visit my way please look me up. On 10/14/05, Joco Salvatti [EMAIL PROTECTED] wrote: Brazilian community wish you happy birthday!! Feliz Aniversario OpenBSD! On 10/14/05, Marcin Wilk [EMAIL PROTECTED] wrote: HAPPY BIRTHDAY OPENBSD !!! Thank You Theo De Raadt for 10 years of hard work under OpenBSD! Thank You community for support, hacking learning OpenBSD! VIVA LA OpenBSD! Wszystkiego najlepszego! At 11:53 2005-10-14, you wrote: HAPPY BIRTHDAY OPENBSD \ ^__^ \ (oo)\___ (__)\ )\/\ ||w | || || 10`s years :) -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://salvatti.expert.com.br e-mail: [EMAIL PROTECTED]
HOWTO on spamd+transparent bridge under OpenBSD
For anyone who is interested, I've written up a document on how to install OpenBSD, configure it as a transparent bridge, then install spamd on it. It was written primarily for our campus computer center who want to know how to do it if something happens to me (like I get a better job elsewhere for example ;-) ) but I think I've written it generally enough that it will be of use to anyone. The page is here: http://wiki.utpa.edu/InfoSec/GreyListingInstall?action=print regards Graham
Re: HOWTO on spamd+transparent bridge under OpenBSD
Graham Toal wrote: For anyone who is interested, I've written up a document on how to install OpenBSD, configure it as a transparent bridge, then install spamd on it. It was written primarily for our campus computer center who want to know how to do it if something happens to me (like I get a better job elsewhere for example ;-) ) but I think I've written it generally enough that it will be of use to anyone. The page is here: http://wiki.utpa.edu/InfoSec/GreyListingInstall?action=print Thanks much, Your post comes at a great time for me because I've just setup spamd greylisting on two of our mailservers at my work. I'll read through it and hopefully take something from it. Thanks again, Brandon
Re: HOWTO on spamd+transparent bridge under OpenBSD
You've got a couple of weird things and errors on your page: - You say OpenBSD doesn't support multiple consoles: ctrl+alt+f2 - Using the 3.7 ports tree on 3.6 is not recommended. - tarring and untarring fake-i386 to install a port is just weird. make install should already do that - Why not install screen from a package like jove? - sh /etc/netstart bridge0 will fire up your new bridge without rebooting. That's all I can think of at the moment. _ME On 10/14/05, Graham Toal [EMAIL PROTECTED] wrote: For anyone who is interested, I've written up a document on how to install OpenBSD, configure it as a transparent bridge, then install spamd on it. It was written primarily for our campus computer center who want to know how to do it if something happens to me (like I get a better job elsewhere for example ;-) ) but I think I've written it generally enough that it will be of use to anyone. The page is here: http://wiki.utpa.edu/InfoSec/GreyListingInstall?action=print regards Graham -- http://erdelynet.com/ Support OpenBSD! http://www.openbsd.org/orders.html
Re: HOWTO on spamd+transparent bridge under OpenBSD
On Fri, Oct 14, 2005 at 03:11:59PM -0500, Graham Toal wrote: For anyone who is interested, I've written up a document on how to install OpenBSD, configure it as a transparent bridge, then install spamd on it. It was written primarily for our campus computer center who want to know how to do it if something happens to me (like I get a better job elsewhere for example ;-) ) but I think I've written it generally enough that it will be of use to anyone. The page is here: http://wiki.utpa.edu/InfoSec/GreyListingInstall?action=print Some quick feedback... You write (allow me to turn off caps): The disk formatting is a major pain. Why? [...] password for root acct? write it down, you'll need it later Writing down passwords, are you serious? [...] OpenBSD doesn't appear to support multiple consoles using the F keys the way linux does. Try CTRL+ALT+F2/F3... it's in the FAQ. Also, I don't see the need for a ports tree on this type of system, and your installation of the screen application looks horrible. Wouldn't it be better to skip the installation part, and point people to the OpenBSD FAQ (especially faq4.html), and to the afterboot(8) manual page? When you copy over pf.conf, do you set its owner/permissions correctly? Anyway, /etc/security will let you know if you didn't. :) -- steven Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
Re: HOWTO on spamd+transparent bridge under OpenBSD
You've got a couple of weird things and errors on your page: - You say OpenBSD doesn't support multiple consoles: ctrl+alt+f2 Yup! Thanks. Linux uses ALT-Fkey which I tried. Didn't try adding CTRL. :-/ Assumed it didn't have it, and too busy getting everything else working to go look for it. I've now documented it. - Using the 3.7 ports tree on 3.6 is not recommended. The only install disk I have is 3.6. I assume that by doing an install over the net, I get the 3.7 system - but some trace of 3.6 seems to have remained because some funny things happened later... - tarring and untarring fake-i386 to install a port is just weird. make install should already do that It didn't, it gave an error and did a fake install. It appears to be related to the 3.6/2.7 problem. Other packages installed cleanly. - Why not install screen from a package like jove? I'd rather forget about packages and use ports for everything, but I thought it was worth mentioning for newbies like myself who spent hours looking for apt-get and yum and emerge etc etc - i.e coming from a linux environment... - sh /etc/netstart bridge0 will fire up your new bridge without rebooting. Thanks, didn't know that. Actually I just found out that ifconfig bridge0 create was the crucial missing step I didn't know. That's all I can think of at the moment. Apreciate it, thanks. G PS I'm marking all these comments up in he wiki as I reply. Two more emails pending from folks who sent similar corrections...
Re: HOWTO on spamd+transparent bridge under OpenBSD
steven mestdagh [EMAIL PROTECTED] wrote: On Fri, Oct 14, 2005 at 03:11:59PM -0500, Graham Toal wrote: For anyone who is interested, I've written up a document on how to install OpenBSD, configure it as a transparent bridge, then install spamd on it. It was written primarily for our campus computer center who want to know how to do it if something happens to me (like I get a better job elsewhere for example ;-) ) but I think I've written it generally enough that it will be of use to anyone. The page is here: http://wiki.utpa.edu/InfoSec/GreyListingInstall?action=print Some quick feedback... You write (allow me to turn off caps): The disk formatting is a major pain. Why? I don't know why, I just know that both myself (experienced in BSD and BSDI from days gone by, and linux in recent years, but not OpenBSD at all) plus a colleague at work who has a fair bit of OpenBSD experience both have wasted literally days with formatting problems. So having found a working recipe that seems easy, I thought it was worth pointing out to folks that if you do something else, you might hit the hassles we did. I had tried to reuse an old partition table and failed even though it sure looked OK to me - the install program wouldn't progress past the formatting section; my friend had problems when he formatted the swap partition before the data partition. password for root acct? write it down, you'll need it later Writing down passwords, are you serious? To each his own :-) I generally find that if you create a 'strong' password, you pretty much have to write it down until you remember it. Then dispose of the note properly. But that's an argument for another forum. By the way I'm not alone in this heresy. At least one person whose opinions I respect agrees with me: http://www.schneier.com/blog/archives/2005/06/write_down_your.html OpenBSD doesn't appear to support multiple consoles using the F keys the way linux does. Try CTRL+ALT+F2/F3... it's in the FAQ. So I've been told :-/ Unless you know something is there to go look for it, you don't come across it (especially when all the searching you are doing is on pf and rdr etc :-) ) I've fixed the doc. Also, I don't see the need for a ports tree on this type of system, and your installation of the screen application looks horrible. Problem with 3.6 boot CD and 3.7 installation I think. The Jove ports install was smooth, but for some reason screen screamed. Wouldn't it be better to skip the installation part, and point people to the OpenBSD FAQ (especially faq4.html), and to the afterboot(8) manual page? No, but I'll certainly add those pointers. And it *is* a wiki page. If you feel that what I've said is just plain wrong or misleading, please feel free to go in there yourself and correct it. Just bear in mind it was written by someone who needed to use OpenBSD to support a specific tool and who before this had no OpenBSD experience, for an audience who are in the same boat. It's definitely not a proper guide, it's a How I managed to make it work after two weeks of struggling, so that hopefully you can make it work in two hours of slavishly typing exactly what I say :-) When you copy over pf.conf, do you set its owner/permissions correctly? Anyway, /etc/security will let you know if you didn't. :) Good point. I guess I was lucky that the defaults worked OK. G
Re: HOWTO on spamd+transparent bridge under OpenBSD
From: Graham Toal [mailto:[EMAIL PROTECTED] You've got a couple of weird things and errors on your page: - You say OpenBSD doesn't support multiple consoles: ctrl+alt+f2 Yup! Thanks. Linux uses ALT-Fkey which I tried. Didn't try adding CTRL. :-/ Assumed it didn't have it, and too busy getting everything else working to go look for it. I've now documented it. - Using the 3.7 ports tree on 3.6 is not recommended. The only install disk I have is 3.6. I assume that by doing an install over the net, I get the 3.7 system - but some trace of 3.6 seems to have remained because some funny things happened later... You can't mix versions. If you installed a 3.6 ports tree on 3.7, you made a mistake. Further, you didn't read the documentation which clearly states how to get the proper ports tree. - tarring and untarring fake-i386 to install a port is just weird. make install should already do that It didn't, it gave an error and did a fake install. It appears to be related to the 3.6/2.7 problem. Other packages installed cleanly. Probably because of a mismatch between the version of the ports tree and the operating system. - Why not install screen from a package like jove? I'd rather forget about packages and use ports for everything, but I thought it was worth mentioning for newbies like myself who spent hours looking for apt-get and yum and emerge etc etc - i.e coming from a linux environment... Again, a failure to read the docs. Read the FAQ where it says OpenBSD is not Linux. Newbie or not - Linux or not - the concepts are the same. What works on one system will not work on another. 'emerge' is a Portage / Gentoo Linux thing. Won't work on other systems unless they are Gentoo based or have Portage ported. If that is true between Linux distros, then it is certainly true between a Linux distro and a BSD flavor. - sh /etc/netstart bridge0 will fire up your new bridge without rebooting. Thanks, didn't know that. Actually I just found out that ifconfig bridge0 create was the crucial missing step I didn't know. That's all I can think of at the moment. Apreciate it, thanks. G PS I'm marking all these comments up in he wiki as I reply. Two more emails pending from folks who sent similar corrections... Look, everyone can appreciate your effort. It really is good and no one wants to discourage contributions. Really. But the one thing worse than no resources is bad (inaccurate) resources. This is what Linux has plenty of. Lots of poorly done documentation from newbies who have a faint idea of what they're talking about, and so produce a document that has so little of a useful lifetime but remains out there indefinately, leading others down the wrong path. (TLDP?) OpenBSD already has good documentation. Most of it is in the manual pages. The majority of the rest is in the FAQs. It is current. It is maintained. And it is general enough that you can glean what you need from it without having to resort to a step-by-step HOWTO if you'll just look at the right information. If I wanted to set up a transparent spamd proxy, I'd read some man pages for spamd things, bridge things, and pf things. A small amount of putting 2 and 2 together and you see how it fits together. Putting out poorly done, uninformed HOWTOs like this do more harm than good. We've already seen it on openbsdsupport.org - I could reference several threads in the archive that have been a result of someone following outdated, vague and uninformed HOWTOs from that site. In fact, stuff that I've contributed falls in this category. I've got docs up there that link to a server that is no longer up, and reference older versions of OpenBSD and do stuff that is no longer supported or else was the wrong way to do it anyway. And the longer its there the worse it will get. I'm certainly not as good of a documentation writer as I must have thought I was then. So while in some ways its a good community resource, in other ways it has a negative effect. There's a reason Nick is handling the FAQ. ;) DS
Re: RAID for dummies
On Thu, Oct 13, 2005 at 11:00:59PM -0400, the unit calling itself Nick Holland wrote: J Moore wrote: On Thu, Oct 13, 2005 at 07:47:48AM -0400, the unit calling itself Nick Holland wrote: Not quite sure what point you're trying to make here... are you advocating that one develop expertise in all areas to become totally self-sufficient? If so, I suppose you are all at once: thoracic surgeon, firefighter, psychiatrist, tax lawyer, microbiologist, etc, etc, etc. No, I'm advocating that if you pick of a scalpel, that you understand how to perform surgery on the species you are going to be cutting on. If you pick up a fire hose, you understand what happens when the water hits full pressure. Etc. Taxes? ok, got me there, no one understands tax law. And I'm suggesting that trying to be an expert in everything is not a realistic goal... why pick up a scalpel at all (to haul your butt out of the fire) if your neighbor has invested years in becoming a thoracic surgeon? If surgery is required, I would choose to let the experienced surgeon haul my butt out of the fire, and concentrate my energy in my field of interest. Sorry if I confused you on that point. From your original post, you said you did not desire to become an expert on RAID. You didn't talk about farming the maintenance of this system to other people. No - I can't afford to farm it out. Again, the *only* point I was trying to make is that expertise in a particular field is not a necessary condition to benefit from that field. RAID systems in the hands of people who assume magic will happen cause massive down-time problems. In the hands of people who know how to do it, yes, good things really can happen. But I doubt there are any truly mindless RAID options available. Now I'm confused... are you suggesting that the investment required to successfully use an ACS-7500 even approaches that required for the do-it-yourself RAID setup? Not at all. snip Thanks - I appreciate your views on that. Jay
Re: HOWTO on spamd+transparent bridge under OpenBSD
On Fri, Oct 14, 2005 at 04:54:24PM -0500, Graham Toal wrote: The disk formatting is a major pain. Why? I don't know why, I just know that both myself (experienced in BSD and BSDI from days gone by, and linux in recent years, but not OpenBSD at all) plus a colleague at work who has a fair bit of OpenBSD experience both have wasted literally days with formatting problems. So having found a working recipe that seems easy, I thought it was worth pointing out to folks that if you do something else, you might hit the hassles we did. I had tried to reuse an old partition table and failed even though it sure looked OK to me - the install program wouldn't progress past the formatting section; my friend had problems when he formatted the swap partition before the data partition. never had any such problems. really, the FAQ covers disk setup quite extensively! Writing down passwords, are you serious? To each his own :-) I generally find that if you create a 'strong' password, you pretty much have to write it down until you remember it. that sounds really funny. have you really written down everything that is now stored in your brain? :) Try CTRL+ALT+F2/F3... it's in the FAQ. So I've been told :-/ Unless you know something is there to go look for it, you don't come across it well, the FAQ index is really not that long to have a quick look. Also, I don't see the need for a ports tree on this type of system, and your installation of the screen application looks horrible. Problem with 3.6 boot CD and 3.7 installation I think. The Jove ports install was smooth, but for some reason screen screamed. you can just skip screen since you now know you can use multiple terminals with ctrl+alt+F2 etc. Wouldn't it be better to skip the installation part, and point people to the OpenBSD FAQ (especially faq4.html), and to the afterboot(8) manual page? No, but I'll certainly add those pointers. And it *is* a wiki page. If you feel that what I've said is just plain wrong or misleading, please feel free to go in there yourself and correct it. Just bear in mind it was written by someone who needed to use OpenBSD to support a specific tool and who before this had no OpenBSD experience, for an audience who are in the same boat. It's definitely not a proper it's a How I managed to make it work after two weeks of struggling, so that hopefully you can make it work in two hours of slavishly typing exactly what I say :-) Well... that will encourage people to not think, which is an evil thing! If you take a look at the OpenBSD documentation (manuals and FAQ), you will see it has been written very carefully, and it never just lists a bunch of commands that people can blindly copy. Instead it explains what is happening, so people _understand_. I'm not sure people will really save time with this document. You fetch the ports tree (the wrong one, even if it worked for you it is the wrong one) from CVS, while you do not need it. No need to make coffee then, either. :) Using pkg_add and PKG_PATH will work fine. People also don't need bash, ksh is fine. If you're really worried about Linux users, point them to faq9.html. Where you point people to lynx, it's easier to use ftp(1), and it's also useless since your next line is saying pkg_add. Instead of releasing this worked for me type of documents, maybe your efforts would be better spent writing a clean document that does not suffer factual inaccuracies, does not deviate too much from the actual topic, adds explanations where appropriate, etc. Yes, it's not an easy task. :) -- steven Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
Re: HOWTO on spamd+transparent bridge under OpenBSD
On 2005/10/14 16:41:22, Graham Toal wrote: - Using the 3.7 ports tree on 3.6 is not recommended. The only install disk I have is 3.6. Any reason not to use cd37.iso? I'd rather forget about packages and use ports for everything (Speaking as someone compiling ports for -current on another tty on the zaurus I'm typing on...) If packages are available, compiling standard software yourself from ports is a waste of time and electricity. Given that many useful configure options are available from packages with flavors, there aren't too may times it's needed. http://www.openbsd.org/faq/faq8.html#PortsvsPkgs Incidentally, window(1) (in base) does some of the things you might want screen for. You can fetch the ports tree in a gzipped tar, which saves a lot of time fetching by cvs. Using softdep helps too... Coming from Linux, you may find quite a different mindset here, the emphasis is more on learning for yourself than finding someone who already knows how to do what you want, as often seems to be the case there. You get pointers but you have to work a bit harder, in exchange you get to know more about how things work. That said, you might want to investigate no rdr to help with your temp hack.
Re: Sysctls for message queues?
On 10/14/05, Johan Fredin [EMAIL PROTECTED] wrote: Hello People, I've just setup a squid proxy at a local school. It's been humming along fine for two weeks now. Today it started to work rather sporadically. I'm using squid-2.5.STABLE10-transparent from ports, on an OpenBSD snapshot from 1st september (too be upgraded to -stable on Nov 1st). /var/squid/logs/cache.log tells me this: 2005/10/14 08:56:55| storeDiskdSend OPEN: (35) Resource temporarily unavailable 2005/10/14 08:56:55| storeDiskdSend: msgsnd: (35) Resource temporarily unavailable So for some reason diskd is choking. Through google I found this thread, discussing the same symptoms: http://squid.bilkent.edu.tr/mail-archive/squid-users/200212/0354.html As told there, it's problably IPC settings that should be adjusted. The squid FAQ tells me to fiddle in the kernel config: http://www.squid-cache.org/Doc/FAQ/FAQ-22.html#ss22.6 But since GENERIC is holy for me, I'd rather not poke around and have to run a custom kernel. Is there any other way to change these values? With config -e /bsd I found that SHMSEG and SHMMAXPGS could be changed, but I'm not sure these are the ones I should touch? In sysctl there seems to be a bunch of values in kern.seminfo. But again, those are not named like the values in the squid FAQ. man 3 sysctl, then find the values that match up. not all systems have the same set of knobs or call them the same, but there's no need to change all of them.
Re: HOWTO on spamd+transparent bridge under OpenBSD
Graham Toal wrote: steven mestdagh [EMAIL PROTECTED] wrote: On Fri, Oct 14, 2005 at 03:11:59PM -0500, Graham Toal wrote: For anyone who is interested, I've written up a document on how to install OpenBSD, configure it as a transparent bridge, then install spamd on it. It was written primarily for our campus computer center who want to know how to do it if something happens to me (like I get a better job elsewhere for example ;-) ) but I think I've written it generally enough that it will be of use to anyone. The page is here: http://wiki.utpa.edu/InfoSec/GreyListingInstall?action=print Some quick feedback... You write (allow me to turn off caps): The disk formatting is a major pain. Why? I don't know why, I just know that both myself (experienced in BSD and BSDI from days gone by, and linux in recent years, but not OpenBSD at all) we see that. plus a colleague at work who has a fair bit of OpenBSD experience both have wasted literally days with formatting problems. So having found a working recipe that seems easy, I thought it was worth pointing out to folks that if you do something else, you might hit the hassles we did. I had tried to reuse an old partition table and failed even though it sure looked OK to me - the install program wouldn't progress past the formatting section; my friend had problems when he formatted the swap partition before the data partition. SNIP Oh. My. Gawd. This disk layout section is so wrong. Your explaination of problems are wrong (hint: you don't format the swap partition at all!). There's nothing here to even correct. Your almost every step is just plain WRONG. You have successfully designed a system that some platforms won't even boot, and you have defeated a lot of OpenBSD security. Your working recipe is a disaster. I can't make myself read further. Stop. You clearly have no idea what you are doing. If you have something that works for you, fine, go ahead, use it. PLEASE DO NOT ATTEMPT TO GUIDE PEOPLE UNTIL YOU UNDERSTAND WHAT THE HECK YOU ARE DOING, UNTIL YOU HAVE READ (and understood) THE EXISTING DOCUMENTATION. I fear what will happen if people follow your advice. Good documentation for what you are trying to help people with exists, you are leading them into very unhappy directions. Writing crap like this and pretending to help people makes you into a menace. Please stop. Nick.
Re: wireless pci card problem
On Fri, Oct 14, 2005 at 09:04:06PM +1000, Jonathan Gray wrote: rtw0 at pci0 dev 8 function 0 Realtek 8185 rev 0x20: irq 11 rtw0: ver RTL8185, rtw0: could not recall EEPROM in 1us rtw0: could not recall EEPROM in 1us Is it true? Drool... I never heard a report of the original 802.11b rtw PCI cards actually working. I have one that works: rtw0 at pci2 dev 5 function 0 D-Link Systems DWL-610 rev 0x20: irq 12 rtw0: ver RTL8180F, radio SA2400A, amp SA2411, address xx:xx:xx:xx Unfortunately, these cards are a little hard to find new :-( This is the first I've heard of RTL8185 products being available in the retail market. Yes, me too. Finally! bc -- Benjamin A. Collins [EMAIL PROTECTED] [demime 1.01d removed an attachment of type application/pgp-signature]
