Re: Brain wash for live partition, or directory mirroring concept idea(s)?
On 2/2/06, Ray Lai [EMAIL PROTECTED] wrote: On Wed, Feb 01, 2006 at 11:37:19PM -0500, Daniel Ouellet wrote: snip This way, continuous live mirroring can be done and no need for cronjob, etc. And this would be much more efficient as well. snip https://marc.theaimsgroup.com/?l=openbsd-miscm=86187916316 https://marc.theaimsgroup.com/?l=openbsd-miscm=105358689405500 -Ray- I love how on BSD there is a simple solution for everything built upon tools that already exist! Is there any centralized place for these sort of details? The only problem I can see is that there's a very steep learning curve largely due to it being hard to match up man pages to what you want to do. //Kousu
AccesD Securite
[IMAGE] Cher(e) membre Desjardins/ AcchsD Le dipartement de virification comptable du Groupe Desjardins a ditecti un problhme de transaction dans votre compte. Un montant a iti diposi et retiri par notre systhme comptable. Nous vous avisons de cette erreur afin que vous ne soyez pas surpris quand vous verrez ces transactions sur votre relevi transactionnel. Nous avons repris le montant total sans appliquer les frais de transactions. Ne divulguez jamais vos renseignements personnels sur un site autre que le site sicurisi Desjardins. Si vous constatez une autre erreur, communiquez avec votre institution durant les heures normales de bureau. Pour accider ` votre compte et virifier que tout soit normal, cliquez sur ce lien sicurisi: https://accesd.desjardins.com/ Le Groupe Desjardins vous remercie de votre clienthle et appricie votre comprihension. Desjardins / AcchsD Conjuguer avoirs et jtres Please do not reply to this e-mail as this is only a notification. Mail sent to this address cannot be answered. Copyright ) 2005 Mouvement des caisses Desjardins. Tous droits riservis.
Re: Windows CLI FTP and OBSD 3.9 ftp-proxy
On Thu, Feb 02, 2006 at 11:21:02AM +1100, Karl Kopp wrote: Hi Everyone! I just upgraded one of our firewalls from 3.0 OBSD (I know, I know, I've been busy, for 4 years :) to 3.8 (which took 30 mins - LOVE that!). I've also added ftp-proxy from current to handle all our FTP connections. Things are working MUCH better now (browsers can hit FTP servers on the outside world) but I'm still having problems with the ftp cmd in Windows (XP for example). BSD / Linux boxes can use their CLI FTP command no probs (seem to default to PASV), but Windows just wont connect. I've used the info from here http://www.openbsd.org/cgi-bin/man.cgi?query=ftp-proxysektion=8 and here http://www.openbsd.org/faq/current.html#20051116 but still can't seem to connect. ftp-proxy is running, and I have the following lines in my pf.conf: scrub in all ## # FTP bits nat-anchor ftp-proxy/* rdr-anchor ftp-proxy/* rdr pass on $int_if proto tcp from $internal_net to any port 21 - 127.0.0.1por t 8021 ... ### # Begin filtering ruleset # For FTP anchor ftp-proxy/* pass out proto tcp from $external_addr to any port 21 keep state Well, as you noted, all FTP clients you used use PASV, but the Windows CLI ftp client doesn't support that (and a lot of other things, BTW). I'm not up to speed on the new ftp-proxy, but try setting a non-Windows-CLI client to use active FTP and see if the same thing happens - it'll at least isolate the error. Joachim
Re: Pf que for voip
[EMAIL PROTECTED] wrote: Before tinkering with queues, you might like to figure out your usable upload bandwidth to know what you're playing with. I would consider my VoIP altq rules a work in progress at the moment, but defining the upload bandwidths seem to be quite sensitive. I have ADSL PPPoA 1536/256 kbit/s and define my upload bandwidth as 212kbit/s and VoIP seems to be working great (quality at both ends). However if I define my upload bandwidth as 213kbit/s then it is as if I have just switched altq off. Setting it lower than 212kbit/s then gradually hurts download speeds (with pri of empty acks to minimize that problem coming second to VoIP). So it might be a good idea to know what you have to play with first. If you estimate too high, your VoIP queues are not going to be effective and you might waste lots of time trying to figure out why queues which should be working fine, are not. This begs the question, what should you do if your bandwidth is variable? In my neck of the woods ADSL2 has been rolled out, which allows theoretical 24000/1000 kbit/s. Of course, actual speeds depend on the distance from the exchange. When the line resynchs, speeds change. One day I might get 8000/900, another day its 7500/850. How do I tune altq for that? I suppose those on dialup have similar problems. Graham
pppoe loopback
Hi!
Today one of my clients' firewall lost its pppoe connection and had to be
manually restarted (ifconfig pppoe0 down/up). The funny thing was this log
message:
Feb 2 04:57:08 wall /bsd: pppoe0: loopback
Feb 2 04:57:08 wall /bsd: pppoe0: phase terminate
Feb 2 04:57:08 wall /bsd: pppoe0: phase dead
I traced the loopback message to the state engine in
/usr/src/sys/net/if_spppsubr.c
if (nmagic == sp-lcp.magic) {
/* Line loopback mode detected. */
printf(SPP_FMT loopback\n, SPP_ARGS(ifp));
/* Shut down the PPP link. */
lcp.Close(sp);
break;
}
Can in this case the link be reinitialized automatically or at least retry a
couple of times?
Regards, Mitja
Re: pppoe loopback
Today one of my clients' firewall lost its pppoe connection 3.8-stable, dmesg follows: OpenBSD 3.8-stable (GENERIC) #0: Wed Nov 30 15:41:10 CET 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache) 349 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR real mem = 133787648 (130652K) avail mem = 115462144 (112756K) using 1658 buffers containing 6791168 bytes (6632K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 07/19/01, BIOS32 rev. 0 @ 0xfd801 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf1c50/176 (9 entries) pcibios0: PCI Interrupt Router at 000:02:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x03 ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x03 pci1 at ppb0 bus 1 vga1 at pci1 dev 1 function 0 S3 Trio3D AGP rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 2 function 0 Intel 82371AB PIIX4 ISA rev 0x02 pciide0 at pci0 dev 2 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: WDC AC26400B wd0: 16-sector PIO, LBA, 6149MB, 12594960 sectors atapiscsi0 at pciide0 channel 0 drive 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: LG, CD-ROM CRD-8322B, 1.06 SCSI0 5/cdrom removable wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 cd0(pciide0:0:1): using PIO mode 4, DMA mode 2 pciide0: channel 1 ignored (disabled) uhci0 at pci0 dev 2 function 2 Intel 82371AB USB rev 0x01: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered Intel 82371AB Power rev 0x02 at pci0 dev 2 function 3 not configured fxp0 at pci0 dev 3 function 0 Intel 82557 rev 0x05, i82558: irq 11, address 00:04:ac:d9:eb:b5 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 0 rl0 at pci0 dev 20 function 0 Realtek 8139 rev 0x10: irq 10 address 00:40:f4:b4:0d:86 rlphy0 at rl0 phy 0: RTL internal phy isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 sysbeep0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec isapnp0 at isa0 port 0x279: read port 0x203 wss1 at isapnp0 Crystal Audio, CSC0100, , WSS/SB port 0x534/4,0x388/4,0x220/16 irq 5 drq 1,0: CS4236/CS4236B (vers 0) audio0 at wss1 Crystal Audio, CSC010F, , Disabled at isapnp0 not configured Crystal Audio, CSC0110, , CTRL at isapnp0 port 0x120/8 not configured biomask eb45 netmask ef45 ttymask ffc7 pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 WARNING: / was not properly unmounted pppoe0: phase establish pppoe0: phase authenticate pppoe0: phase network pppoe0: phase terminate pppoe0: phase dead pppoe0: phase establish pppoe0: phase dead pppoe0: phase establish pppoe0: up pppoe0: phase authenticate pppoe0: phase terminate pppoe0: phase authenticate pppoe0: phase terminate pppoe0: phase authenticate pppoe0: phase network pppoe0: LCP keepalive timeout6pppoe0: phase terminate pppoe0: phase establish pppoe0: phase dead pppoe0: phase establish pppoe0: up pppoe0: phase authenticate pppoe0: phase network pppoe0: phase terminate pppoe0: phase dead pppoe0: phase establish pppoe0: phase authenticate pppoe0: phase network pppoe0: LCP keepalive timeout6pppoe0: phase terminate pppoe0: phase establish pppoe0: phase dead pppoe0: phase establish pppoe0: up pppoe0: phase authenticate pppoe0: phase network pppoe0: loopback pppoe0: phase terminate pppoe0: phase dead pppoe0: phase establish pppoe0: phase authenticate pppoe0: phase network
Re: Making FAT play nice
Nick Guenther wrote: On 2/1/06, Alexander Hall [EMAIL PROTECTED] wrote: Nick Guenther wrote: I dual boot OpenBSD with Windows and have a third partition for data which is mounted on /home. The data partition is FAT32 since that's the only type that both OSes support well. I am not rally happy to use FAT partitions from OBSD. There has been recently fixed issues, and I seem to stumble over corruptions from time to time, and although I cannot be sure that FAT is to blame, I have no issues when using non-FAT partitions. Hmm, I know it's not the greatest set up but it lets both OSes live reasonably harmoniously. Yeah. I have the same setup on this laptop. :-) I try to avoid using that partition if I can, though (Thus the noauto mount option). 1) how can I set the permissions on /home|why can't I set them? You cannot. It is not supported by the file system. From my /etc/fstab: /dev/wd0p /data msdos rw,-l,-m=777,nodev,nosuid,noauto 0 0 ^^ :) You can add switches like -m above. Ah! Thank you very much. That's exactly what I was looking for. That little detail isn't explicitly documented anywhere I could see. Not too simple to spot it, but a combination of the following could give you a hint: From fstab(5): The fourth field, fs_mntops, describes the mount options associated with the filesystem. It is formatted as a comma separated list of options. It contains at least the type of mount (see fs_type below) plus any additional options appropriate to the filesystem type. From mount(8): Any additional options specific to a given file system type (see the -t option) may be passed as a comma separated list; these options are distinguished by a leading ``-'' (dash). Options that take a value are specified using the syntax -option=value. For example, the mount command: # mount -t mfs -o nosuid,-s=4000 /dev/sd0b /tmp causes mount to execute the equivalent of: # /sbin/mount_mfs -o nosuid -s 4000 /dev/sd0b /tmp Also, I'm an idiot. I was trying to use chmod while /home was mounted. The following 'solved' my problem: #umount /home #chmod g+w /home #mount -t msdos -g=users /dev/wd0h /home This is not really useful, since the properties of a mount point is determined by the mounted file system. E.g: $ ls -dlF /data drwxr-xr-x 2 root wheel 512 Sep 7 2004 /data/ $ sudo mount /data $ ls -dlF /data drwxrwx--- 1 root staff 4096 Jan 1 1980 /data/ $ grep data /etc/fstab /dev/wd0p /data msdos rw,-l,-g=staff,-m=770,nodev,nosuid,noauto 0 0 Now since I added all my user accounts to the users group they can all write to /home. Hooray! Thank you everyone for your help. NP! :) /Alexander
Tapedrives with USB?
Hello together, is it impossible to run USB driven tapedrives under OpenBSD? The hardware list shows them to be officially not supported. My questions are: Aren4t they not detected as tapedrives under USB under OpenBSD? Or are there other reasons they are not mentioned in the hardware list? In case some people have tested it, any experiences to share? Can4t built-in tools like tar (or other ones?) be used? Have a nice day Michael -- Michael Schmidt MIRRORS: DJGPP ftp://ftp.fh-koblenz.de/pub/DJGPP/ Ghostscript ftp://ftp.fh-koblenz.de/pub/Ghostscript/
Re: Brain wash for live partition, or directory mirroring concept idea(s)?
Ray Lai wrote: On Wed, Feb 01, 2006 at 11:37:19PM -0500, Daniel Ouellet wrote: snip This way, continuous live mirroring can be done and no need for cronjob, etc. And this would be much more efficient as well. snip https://marc.theaimsgroup.com/?l=openbsd-miscm=86187916316 https://marc.theaimsgroup.com/?l=openbsd-miscm=105358689405500 Thanks for this! It is rather interesting for sure, but still not fully provide what I would like to do and I am not sure of the following as well. - Mirroring on multiple servers, more then 2. Man page said you need an even amount of devices, fair, but all I read look like indicate it would mirror a to b and that's it, even if a could be maid of multiples drives if you like, so two copy is the limit. - On servers reboot, (master or slaves) unknown stage after restart and I am not sure you could consider the data proper here. The only way I guess would be to destroy the ccd, recreate it and put the data back, but then, very long down time. - Now on remote server, the point is to be able to use the data locally. Master - slaves. Meaning multiple slaves where the source is one, live mirroring on multiple slaves and usage of local data to be served locally from there own local copy of the mirror. If I understand this properly, I am not sure you possibly mount that file part of the ccd device from the master on the local (slave server) and use the data as normal. I would say no. I am not saying this is a bad idea to use ccd, but reading for the last few hours on it, I am not sure it would fit the needs. But I sure could be wrong. Been able to add more mirrors at will is a plus and have each mirror be a simple OpenBSD setup for reliability is important. Plus looks like all would need to be done via nfs and if I could avoid it, I would prefer that for security reason. I much prefer using ssh for all communications between servers. But again, may be I overlook nfs as the last time I used it, was many years ago for these same reasons. Never the less, I very much appreciate your suggestion for sure and it maid very interesting reading tonight. I will however try this for fun and see what I get from it. It deserve at a minimum that. Daniel
keyword mediaopt half-duplex gone?
Hi, it seems so, that the keyword half-duplex is gone, but it is referenced in all (?) manpages from ethernet drivers. Maybe it should be removed? If it is wrong, please ignore this mail and sorry for the noise. Ulrich
Re: Brain wash for live partition, or directory mirroring concept idea(s)?
I have not played with it, but isn't it possible to use libevent (man event) to notify a userspace daemon that scps the changed files over to another server(s)? Just a thought. Tobias
Re: Pf que for voip
Quoting Graham Gower [EMAIL PROTECTED]: Hi Graham, This begs the question, what should you do if your bandwidth is variable? I've wondered that myself. I figured someone in that situation might have to settle for an upload bandwidth limited to the worst case? Shane This email was sent from Netspace Webmail: http://www.netspace.net.au
Re: Pf que for voip
On Wed, 01 Feb 2006 23:45:24 +1030 Graham Gower [EMAIL PROTECTED] wrote: This begs the question, what should you do if your bandwidth is variable? In my neck of the woods ADSL2 has been rolled out, which allows theoretical 24000/1000 kbit/s. Of course, actual speeds depend on the distance from the exchange. When the line resynchs, speeds change. One day I might get 8000/900, another day its 7500/850. How do I tune altq for that? You'd have to manually tune it. There's no way for altq/pf to know what speed you get on a given day/week/moment, it only knows about the physcial speed (or whatever you set manually) for the interface. --- Lars Hansson
Re: Pf que for voip
On 2006/02/02 22:08, [EMAIL PROTECTED] wrote: Quoting Graham Gower [EMAIL PROTECTED]: This begs the question, what should you do if your bandwidth is variable? I've wondered that myself. I figured someone in that situation might have to settle for an upload bandwidth limited to the worst case? It's usually possible to monitor the router's reported connection speed (maybe available by SNMP or logged to syslog, which might be easier than connecting to the router's cli or web interface to retrieve the information) and use the correct value in the ruleset. It shoulddn't be used raw as ATM overheads need to be allowed for. A shell script and standard tools should just about do the trick, though e.g. Perl is probably simpler.
Re: Making FAT play nice
On Tuesday 31 January 2006 02:59, Nick Guenther wrote: I dual boot OpenBSD with Windows and have a third partition for data which is mounted on /home. The data partition is FAT32 since that's the only type that both OSes support well. Just an idea, I didn't try it, but... http://www.fs-driver.org/ -- viq -- Kobiety i samochody... piekne! http://link.interia.pl/f18f5
Re: keyword mediaopt half-duplex gone?
On Thu, Feb 02, 2006 at 12:05:03PM +0100, Ulrich Kahl wrote: Hi, it seems so, that the keyword half-duplex is gone, but it is referenced in all (?) manpages from ethernet drivers. Maybe it should be removed? If it is wrong, please ignore this mail and sorry for the noise. Not all interfaces are capable of forcing half-duplex. I quick grep showed that be(4), xl(4), tl(4) and txp(4) should have mediaopt half-duplex added to the the list of possible medias. -- :wq Claudio
Re: Brain wash for live partition, or directory mirroring concept idea(s)?
On 2/2/06, Daniel Ouellet [EMAIL PROTECTED] wrote: The idea is to configure a directory on a master server to copy the file that are change in it's monitor directory to one or multiple other server(s) in the same directory structure. Hi! Did you already had a look at Gamin/FAM? http://www.gnome.org/~veillard/gamin/index.html Unfortunately it's not in the ports tree but if you are able to build it under OpenBSD (looks like there is a FreeBSD port - devel/libgamin) at least the notification part is done. After that you can use rsync, scp or whatever. regards, bernhard
Re: Small pauses with a trunk(4) interface
Yeah ! Using your third suggested configuration on my old cisco 2950, I now have a very responsive system... Thank you for your fantastic work on trunk and these information (the need for a switch configuration (etherchannel, HP trunking, etc.) should be somewhere in manpages, in my mind...) Best regards, Bruno. On 2/1/06, Reyk Floeter [EMAIL PROTECTED] wrote: hi, On Wed, Feb 01, 2006 at 06:42:47PM +0400, Bruno Carnazzi wrote: I use OpenBSD/i386 3.8 with GENERIC.MP. trunk(4) support in OpenBSD 3.8 was quite new and there were some bugfixes and improvements during the last development cycle. these fixes, like trunkproto failover and multicast support for things like pfsync or carp, will be available in OpenBSD 3.9. I use a trunk interface based on 2 physical devices as you can see here : -//- trunk0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:02:a5:29:15:f0 trunk: trunkproto roundrobin trunkport xl0 trunkport fxp0 master groups: trunk egress media: Ethernet autoselect status: active inet 172.20.3.100 netmask 0xfe00 broadcast 172.20.3.255 -//- fxp0 at pci0 dev 2 function 0 Intel 82557 rev 0x08, i82559: apic 8 int 11 (irq 11), address 00:02:a5:29:15:f0 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 -//- xl0 at pci0 dev 5 function 0 3Com 3c905C 100Base-TX rev 0x78: apic 8 int 5 (irq 5)xl0: reset didn't complete , address 00:0a:5e:5a:c9:a4 exphy0 at xl0 phy 24: 3Com internal media interface xl0: reset didn't complete there's a problem with your 3com nic which is not related to trunk, you should replace the nic ie. with a second fxp(4). With this configuration, I can see small network pauses (1s) when SSHing or downloading something through the local running squid. I figure the trunk works this way : packet are sent through the member interfaces with the trunk IP address and with the master NIC MAC@ and packet are received on all trunk members thanks to the promiscuous mode. As my NIC are plugged on the same L2 switch (for testing purpose, maybe I'll use 2 different switch on a production configuration), I suggest it bothers the switch with the same MAC@ on 2 ports. All error counters are null on this switch. I didn't configure something like etherchannel or 802.3ad on these interface. trunk(4) operates on layer 2, it is (not yet) related to any IP stuff. it uses one MAC address borrowed from the master interface (currently the first trunkport you add). in roundrobin mode, it distributes the outgoing packets through all attached and active interfaces and receives packets for this MAC from any active port. as you noticed, your switch will get confused if you don't configure a trunk group (cizzco calls it etherchannel or port group; hp procurve calls it trunk). OpenBSD 3.8 only supported trunk(4) in roundrobin mode, but i added a failover mode in 3.8-current for the next release. failover mode only uses the first active interface (primarily the master interface) for packet distribution and does a failover to the next active interface if the port's state link goes down. this works with stupid switches or even hubs. the switch will probably take some time to learn the mac address on a new port but only once in case of a failover. IEEE 802.3ad is not supported at the moment, it just works fine in simple roundrobin or in failover mode without any dynamic link aggregation protocols (i don't really see the point for 802.3ad at the moment, it adds no benefit just some dynamic plug and play foo). Does trunk operate this way ? Is there a way to avoid this phenomenon ? - try again with enabling a trunk group on your switch - try again with 3.9-beta - try again in failover mode my development is focussed on hp procurve switches because their trunk implementation works pretty well and i can probably play with 802.3ad/LACP later (and they use openssh in their switches ;-)). examples: (1) openbsd trunkproto roundrobin - hp trunk HPswitch(config)# no interface c4-c5 lacp HPswitch(config)# interface c4-c5 trk1 trunk openbsd# ifconfig trunk0 trunk0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:5a:9f:31:d6 trunk: trunkproto roundrobin trunkport sk1 trunkport sk0 master groups: trunk media: Ethernet autoselect status: active inet6 fe80::200:5aff:fe9f:31d6%trunk0 prefixlen 64 scopeid 0x9 inet 172.23.5.70 netmask 0xff00 broadcast 172.23.5.255 the cizzco world is a bit more complex, ie.: (2) openbsd trunkproto failover - plain cizzco 3750 switch cizzco's 'trunk' is not related to port trunking, it's the description for interfaces with multiple tagged and untagged vlans... don't get confused by these terms! cizzco's trunk mode is _not_ required for openbsd trunk(4)
Re: how to manage big pf-rulesets in a comfortable way
Hi Marc, Thanks for your advice but i have already tested fwbuilder. The builder is nice to edit a big ruleset, but i dislike the concept of global- and interface-policy. In global policy-section i missed the direction for packets. An example: If you want to edit some antispoof rules, you have to use the interface policies because of the direction and so you have to write more rules than only say antispoof for $ext_if inet in pf.conf. Futhermore i missed some features like synproxy, statefull tracking options an bandwith management. cheers Joerg. Am Donnerstag, den 02.02.2006, 14:17 +0100 schrieb Marc Peters: hi joerg, you may want to have a look at firewall builder (www.fwbuilder.org). it can produce rulesets for pf, but you should have a look at the conf later on and check the ruleset if it fits your needs. hth, marc -- Joerg Streckfuss, DFN-CERT Services GmbH PGP RSA/2048, E0D4BD3F, 90 C3 FB 4A CB D3 20 70 6B 04 47 84 B5 3C 28 8C [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
Re: Windows CLI FTP and OBSD 3.9 ftp-proxy
Joachim Schipper wrote: On Thu, Feb 02, 2006 at 11:21:02AM +1100, Karl Kopp wrote: Hi Everyone! I just upgraded one of our firewalls from 3.0 OBSD (I know, I know, I've been busy, for 4 years :) to 3.8 (which took 30 mins - LOVE that!). I've also added ftp-proxy from current to handle all our FTP connections. Things are working MUCH better now (browsers can hit FTP servers on the outside world) but I'm still having problems with the ftp cmd in Windows (XP for example). BSD / Linux boxes can use their CLI FTP command no probs (seem to default to PASV), but Windows just wont connect. I've used the info from here http://www.openbsd.org/cgi-bin/man.cgi?query=ftp-proxysektion=8 and here http://www.openbsd.org/faq/current.html#20051116 but still can't seem to connect. ftp-proxy is running, and I have the following lines in my pf.conf: scrub in all ## # FTP bits nat-anchor ftp-proxy/* rdr-anchor ftp-proxy/* rdr pass on $int_if proto tcp from $internal_net to any port 21 - 127.0.0.1por t 8021 ... ### # Begin filtering ruleset # For FTP anchor ftp-proxy/* pass out proto tcp from $external_addr to any port 21 keep state Well, as you noted, all FTP clients you used use PASV, but the Windows CLI ftp client doesn't support that (and a lot of other things, BTW). I'm not up to speed on the new ftp-proxy, but try setting a non-Windows-CLI client to use active FTP and see if the same thing happens - it'll at least isolate the error. Joachim I spent hours working on this problem one day. I could be wrong, but my guess it's related to the mighty Windows firewall. When the Windows firewall was disabled, the FTP client would connect fine through the FTP proxy. My guess is that the Windows firewall is expecting the response to come from the site that you are FTP'ing from, but the response is actually coming back from the FTP proxy, prompting the Windows firewall to drop the incoming packets. Dan
Help: Java plugin for mozilla firefox
I don't know how to install java plugin on Mozilla Firefox (I missed the messages @ install and I cannot reproduce them). Can someone tell me how to do this? Yours, George POPA
Re: Help: Java plugin for mozilla firefox
On Thu, 02 Feb 2006 16:37:05 +0200 Gabriel George POPA [EMAIL PROTECTED] wrote: I don't know how to install java plugin on Mozilla Firefox (I missed the messages @ install and I cannot reproduce them). Can someone tell me how to do this? http://www.openbsd.org/faq/faq13.html#javaflash Yours, George POPA -- Security is decided by quality -- Theo de Raadt [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Help: Java plugin for mozilla firefox
I don't know how to create those symlinks. That's the problem. Jasper Lievisse Adriaanse wrote: On Thu, 02 Feb 2006 16:37:05 +0200 Gabriel George POPA [EMAIL PROTECTED] wrote: I don't know how to install java plugin on Mozilla Firefox (I missed the messages @ install and I cannot reproduce them). Can someone tell me how to do this? http://www.openbsd.org/faq/faq13.html#javaflash Yours, George POPA
Re: Help: Java plugin for mozilla firefox
pkg_info -D packagename Will show you the install messages -Original Message- From: Gabriel George POPA [mailto:[EMAIL PROTECTED] Sent: Thursday, February 02, 2006 9:37 AM To: misc@openbsd.org Subject: Help: Java plugin for mozilla firefox I don't know how to install java plugin on Mozilla Firefox (I missed the messages @ install and I cannot reproduce them). Can someone tell me how to do this? Yours, George POPA
Re: Help: Java plugin for mozilla firefox
It works! Thank you! It's wolderful this OpenBSD community. Now, honestly, I could do this, but I was too tired and I couldn't figure out a way to do this. Thank you! Wade, Daniel wrote: pkg_info -D packagename Will show you the install messages -Original Message- From: Gabriel George POPA [mailto:[EMAIL PROTECTED] Sent: Thursday, February 02, 2006 9:37 AM To: misc@openbsd.org Subject: Help: Java plugin for mozilla firefox I don't know how to install java plugin on Mozilla Firefox (I missed the messages @ install and I cannot reproduce them). Can someone tell me how to do this? Yours, George POPA
Re: Help: Java plugin for mozilla firefox
I know HOW to create them, ln -s x y. I didn't know what x and y to put for mozilla. (So I needed directory names). Jonas Lindskog wrote: Symbolic links are created with ln -s where_to_link_to link_name /Jonas I don't know how to create those symlinks. That's the problem. Jasper Lievisse Adriaanse wrote: On Thu, 02 Feb 2006 16:37:05 +0200 Gabriel George POPA [EMAIL PROTECTED] wrote: I don't know how to install java plugin on Mozilla Firefox (I missed the messages @ install and I cannot reproduce them). Can someone tell me how to do this? http://www.openbsd.org/faq/faq13.html#javaflash Yours, George POPA
Slow disk access ?
Hi all, I'm running OpenBSD/i386 3.8 with GENERIC.MP on a Compaq Proliant DL380, powered by 2 PIII-866. All my partitions lives on a 3 ULTRA320 SCSI 10K RPM disk RAID-5 array. When I untar ports.tar.gz, it took about 4 minutes for a 8Mb archive (lots of small files)... I feel this is a bit poor performance : $ time tar -xzf ports.tar.gz 3m57.80s real 0m1.85s user 0m4.52s system $ ls -l total 17188 drwxr-xr-x 44 bcarnazzi bcarnazzi 1024 Sep 2 05:08 ports -rw-r--r-- 1 bcarnazzi bcarnazzi 8775929 Feb 2 17:01 ports.tar.gz I already use softupdate, as mount reports : /dev/sd0a on / type ffs (local, softdep) /dev/sd0h on /home type ffs (local, nodev, nosuid, softdep) /dev/sd0d on /tmp type ffs (local, nodev, nosuid, softdep) /dev/sd0g on /usr type ffs (local, nodev, softdep) /dev/sd0e on /var type ffs (local, nodev, nosuid, softdep) Here is the dmesg : OpenBSD 3.8 (GENERIC.MP) #298: Sat Sep 10 15:51:54 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel Pentium III (GenuineIntel 686-class) 864 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 2147049472 (2096728K) avail mem = 1953083392 (1907308K) using 4278 buffers containing 107454464 bytes (104936K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf pcibios0 at bios0: rev 2.1 @ 0xf/0x2000 pcibios0: PCI BIOS has 7 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:15:0 (ServerWorks ROSB4 SouthBridge rev 0x00) pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x4000! 0xcc000/0x800 0xe8000/0x6000 0xee000/0x2000! mainbus0: Intel MP Specification (Version 1.4) (COMPAQ PROLIANT) cpu0 at mainbus0: apid 1 (boot processor) cpu0: apic clock running at 132 MHz cpu1 at mainbus0: apid 0 (application processor) cpu1: Intel Pentium III (GenuineIntel 686-class) 864 MHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE mainbus0: bus 0 is type PCI mainbus0: bus 3 is type PCI mainbus0: bus 9 is type ISA ioapic0 at mainbus0: apid 8 pa 0xfec0, version 11, 35 pins ioapic0: misconfigured as apic 0, remapped to apic 8 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 ServerWorks CNB20LE Host rev 0x05 pchb1 at pci0 dev 0 function 1 ServerWorks CNB20LE Host rev 0x05 pci1 at pchb1 bus 3 cac0 at pci0 dev 1 function 0 Symbios Logic 53c1510 rev 0x02: apic 8 int 10 (irq 10) Compaq Integrated Array scsibus0 at cac0: 1 targets sd0 at scsibus0 targ 0 lun 0: Compaq, RAID5 volume #, SCSI2 0/direct fixed sd0: 69455MB, 17432 cyl, 255 head, 32 sec, 512 bytes/sec, 142245120 sec total fxp0 at pci0 dev 2 function 0 Intel 82557 rev 0x08, i82559: apic 8 int 11 (irq 11), address 00:02:a5:29:15:f0 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 vga1 at pci0 dev 3 function 0 ATI Mach64 GV rev 0x7a wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Compaq Netelligent ASMC rev 0x00 at pci0 dev 4 function 0 not configured xl0 at pci0 dev 5 function 0 3Com 3c905C 100Base-TX rev 0x78: apic 8 int 5 (irq 5)xl0: reset didn't complete , address 00:0a:5e:5a:c9:a4 exphy0 at xl0 phy 24: 3Com internal media interface xl0: reset didn't complete pcib0 at pci0 dev 15 function 0 ServerWorks ROSB4 SouthBridge rev 0x4f pciide0 at pci0 dev 15 function 1 ServerWorks OSB4 IDE rev 0x00: DMA atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: COMPAQ, CD-224E, 9.0B SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, DMA mode 2 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 sysbeep0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask 0 netmask 0 ttymask 0 pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: sd0 matches BIOS drive 0x80 root on sd0a rootdev=0x400 rrootdev=0xd00 rawdev=0xd02 Is this normal OpenBSD performance ? I feel an ext3 fs a bit faster on linux-2.6 running the same hardware : mount : /dev/ida/disc0/part3 on / type ext3 (rw,noatime) time : [EMAIL PROTECTED] tmp $ time tar -xzf ports.tar.gz real1m29.349s user0m2.700s sys 0m4.460s 2 times faster :( While in my case, FS performance is not very important, I'd like to know if this difference can be reduced and if not, why this difference (noatime plays in favor of linux) ? Thank you, Bruno.
Re: Brain wash for live partition, or directory mirroring concept idea(s)?
Is there any centralized place for these sort of details? http://google.com/bsd -- Mathieu Sauve-Frankel
Re: Brain wash for live partition, or directory mirroring concept idea(s)?
On Wednesday, February 1, Daniel Ouellet wrote: The idea is to configure a directory on a master server to copy the file that are change in it's monitor directory to one or multiple other server(s) in the same directory structure. nfs? You keep the master copy on the nfs server, and the slave copies on the clients... You export the portion that you want to be able to mount. It's all there... :) Well, ok, except the part about what happens when the server goes down. --Toby.
Re: Pf que for voip
On Thursday 02 February 2006 04:20, you wrote: Greets You'd have to manually tune it. There's no way for altq/pf to know what speed you get on a given day/week/moment, it only knows about the physcial speed (or whatever you set manually) for the interface. Absolutely correct regarding manual tuning. One of my clients is at the end of the line regarding attenuation (114) and signal over noise of 2, both extremely poor readings. Good is in the range of 40 and 15 respectively. Talk to you ISP and they should be able to give you those line condition readings without issue. I haven't found one that doesn't. The ADSL service package my client has is 2.5Mb D/L and 1 U/L, however, due to the poor line conditions the slightest issue anywhere in the network circuit causes voice dropoff among other things. They have G729 on the voip system which has reduced the traffic by a huge amount 80kb down to 8kb per conversation. Tuning the queue for all of these conditions of course is best guess and go from there, the next step for us is to drop the service package down to 1.5Mb and 640kb allowing a much lower stress level on the line making it much less prone to breakdown as there is no way to change the attenuation and signall over noise ratios. Get to know your ISP and I sure you'll find they can be helpful. ( be nice to them even if they are clearly inexperienced ). Do the math on the amount of bandwidth you actually need for your phone(s) Do the math on how much bandwidth your remaining services require ( or can at least get by on) Make an educated guess on the initial settings and go from there. Try to make sure you get those line readings as you can waste a LOT of time tracking down queue gremlins that don't exist ;-) Hope this helps Bob
Re: keyword mediaopt half-duplex gone?
Am Thu, 2 Feb 2006 13:13:28 +0100 schrieb Claudio Jeker [EMAIL PROTECTED]: On Thu, Feb 02, 2006 at 12:05:03PM +0100, Ulrich Kahl wrote: Hi, it seems so, that the keyword half-duplex is gone, but it is referenced in all (?) manpages from ethernet drivers. Maybe it should be removed? If it is wrong, please ignore this mail and sorry for the noise. Not all interfaces are capable of forcing half-duplex. I quick grep showed that be(4), xl(4), tl(4) and txp(4) should have mediaopt half-duplex added to the the list of possible medias. Ok, what I have written is not very precise. What I tried to explain is, that it seems so, that the keyword half-duplex isn't used anymore to switch to half-duplex mode, so the manpages should be altered to reflect this. See also this: http://marc.theaimsgroup.com/?l=openbsd-miscm=112430506805304w=2 I hope this explanation is better :) Ulrich
Re: how to manage big pf-rulesets in a comfortable way
On 01/02/06, Joerg Streckfuss [EMAIL PROTECTED] wrote: Hi list, i need some hints to manage a pf ruleset of about more than 150 rules. In my company we want to design a firewall-cluster with about 10 interfaces. We plan to use two dell 1850 with two DFE-580TX quad port NIC's. Each interface points to a separate subnet. The cluster should use carp for redundancy. The problem is to manage the hole ruleset in a comfortable way. One of my ideas is to put the ruleset of each subnet into an extra file and load it into pf with anchors. This will reduce the main ruleset extremely. The disadvantage is that all macros listed in the main ruleset have to be listed in the subnet ruleset too - this is a little bit error-prone. In my opinion bandwith managment with separate files is not an elegant way as well. Interface groups are not the solution, because the subnet rulesets are too different. At the end, i have to put all rules into a single file. So is there a better way to handle big rulesets? Being able to manage large firewalls with pf (and others) is about ruleset design. Make a design where you know where the rule is(or should be) by just knowing the rule. Splitting it into multiple files will not help you much if the design to start with is inconsistent. I use external files to store the tables in so we can add remove stuff like syslog clients without poking around in the rules. I have managed many boxes with lots of interfaces and rules, and I found pf to be the easiest to work with once I understood how states actually were handled and could make a design for it. My vlan firewalls are a breeze to manage, especially with excellent tools like CVS/RCS. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-
Re: RAIDframe question
On Wed, 1 Feb 2006, Nick Holland wrote: SNIP Welcome to the REALITY of RAID. If you rely on RAID to always work, and never go down, you Just Don't Understand. SNIP Doesn't matter about drive type, doesn't really matter about device drivers, there are PLENTY of things that CAN and WILL cause every drive on the same channel with the failed drive to go down. There are even plenty of things that can fail on the drive which will jump across channels (imagine a nice little despiking cap shorting out, slamming your 5v line to ground for a moment until it turns into a puff of smoke. yes, I've seen this). RAID can help you get back up faster, but it can't keep you from ever going down. Yep, it's amazing what happens to a hard drive when you pull out your FiveSeven and pop off a few rounds into the system. diana
Re: RAIDframe question
Nick Holland wrote: Welcome to the REALITY of RAID. If you rely on RAID to always work, and never go down, you Just Don't Understand. ... If hardware breaks, don't expect everything else to keep working. Hope, sure. Expect? No. I don't care if you are talking about ccd, RAIDframe, or hardware RAID. Your machine can still go down due to a disk failure. People who don't believe me have just been lucky. So far. Further, if you wait until a disk fails to find out how things work, you are a fool. Worst down-time disasters I've seen involved RAID systems where people expected magic to happen when something went wrong. I come from a mainframe world that deals in non stop transaction processing. That world expects disks to die, and the system to keep on running. Hardware mirroring is done within a disk controller, and software mirroring is done between controllers. Software mirror is done largely to protect from controller failure, not disk failure. It is the norm in such an environment to add and remove disks and disk controllers on the fly. Now, I know I should not expect the reliability on a pc vs. a mainframe, but I have had twice had disks fail on Windows servers using software mirroring and both times those systems survived. For about the last three years, whenever I order workstation I always spend a bit extra to get mirroring. (Its about $25 extra plus the price of the disk drive) I also advise everyone I know to do the same. I have yet to have a windows machine die because of a disk failure when mirrored. I have also yet to see any loss of data. I have had many people thank me for my advise. I am careful when I set up a software raid. The two disk must be on separate IDE controllers. The master/slave jumpers screw up when one disk dies. Even cable select seems to cause troubles. My believe is if a system dies, as a result of a mirrored disk's death on a properly configured system, there is bug. I chose OpenBSD for its security, I use it for my name servers, fire wall, mail and web, and I have set others up with it for the same reason. I completely believe that OpenBSD is the best choice for protecting again intrusion. I just wish my data was more security against its loss. P.S. For some strange reason, Microsoft allows mirror, stripping and concatenation, with disk on the server, but the work station only allow stripping and concatenation. So hardware mirror is the only option for XP. I prefer software mirroring, because it allows for controller failure. I have had a hardware raid system controllers failure and write garbage over the disks. I have also had a power supply screw up and cause multiple disk failure on another hardware raid system. Recently I have seen a lot of ide controller failures. If you use raid you still have to do backups!
Re: Windows CLI FTP and OBSD 3.9 ftp-proxy
The windows firewall expects the originating port of the ftp data to be port ftpdata, if it isn't the firewall rejects the packet. The ftp rfc does say that the originating port should be ftpdata.
Broadcom BCM5752 NIC
Hi, Have recently got an HP Compaq dc7600 to be used as DHCP Server. OpenBSD 3.8 install couldn't properly work with the Broadcom BCM5752 NIC! The Error says: bge0: firmware handshake timed out After installation was complete, now each time I reboot the system it takes a long time for the system to boot. It waits during initial boot and a second time while trying to configure the NIC with IP parameters, until it times out (both times with the same error as above). After the boot process is complete the NIC works!! I mean I can ping the box. I haven't tested the throughput of the NIC though. Here is an excerpt from dmesg: # dmesg | grep bge bge0 at pci2 dev 0 function 0 Broadcom BCM5752 rev 0x01, BCM5752 A1 (0x6001): irq 10bge0: firmware handshake timed out brgphy0 at bge0 phy 1: BCM5752 10/100/1000baseT PHY, rev. 0 bge0: firmware handshake timed out # And here is an excerpt from man brgphy: DESCRIPTION The brgphy driver supports Broadcom BCM5400 100/1000TX Ethernet PHY in- terfaces, as well as the BCM5401, BCM5411, BCM5421S, BCM5701, BCM5703, BCM5704, BCM5705, BCM5714, BCM5750 and BCM5752 10/100/1000baseTX Ethernet PHY interfaces. I would greatly appreciate any help? Amir
nForce4/amd64 x2: wd/console problems [jan 30 snapshot]
hello, i think i saw something similar on the list a bit earlier. tried nForce4 mobo with amd64 x2 cpu and bsd.mp (jan 30 snapshot). have got lotsa wd problems so serious so the system even drops to ddb (see below). yeah, and there are problems besides wdX - i could not login to the system, since when i entered login/password for root the console locked up hardly and it looked like return key stuck and generates key pressed events. uniprocessor kernel boots and seems to be working okay. bsd.mp i386 (seems to be a jan 24 snapshots), boots and seems to be working okay. i have unlimited access to the box, so i can check whatever version needed. OpenBSD/amd64 BOOT 2.11 boot bsd.mp booting hd0a:bsd.mp: 3730180+693964+598712+0+428752 [80+313992+194403]=0x9b100c entry point at 0x1001e0 [7205c766, 3404, 24448b12, 5e60a304]B*C?[ using 509248 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2006 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 3.9-beta (GENERIC.MP) #710: Mon Jan 30 13:49:52 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 1073278976 (1048124K) avail mem = 908484608 (887192K) using 22937 buffers containing 107536384 bytes (105016K) of memory mainbus0 (root) mainbus0: Intel MP Specification (Version 1.4) (OEM0 PROD) cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+, 2010.52 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG, 3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: apic clock running at 201MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+, 2010.30 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG, 3DNOW2,3DNOW cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative mpbios: bus 0 is type PCI mpbios: bus 1 is type PCI mpbios: bus 2 is type PCI mpbios: bus 3 is type PCI mpbios: bus 4 is type PCI mpbios: bus 5 is type PCI mpbios: bus 6 is type ISA ioapic0 at mainbus0 apid 2: pa 0x81ba5f24, version 11, 24 pins ioapic0: misconfigured as apic 0 ioapic0: remapped to apic 2 pci0 at mainbus0 bus 0: configuration mode 1 Nvidia nForce4 DDR rev 0xa3 at pci0 dev 0 function 0 not configured pcib0 at pci0 dev 1 function 0 Nvidia nForce4 ISA rev 0xa3 nviic0 at pci0 dev 1 function 1 Nvidia nForce4 SMBus rev 0xa2 iic0 at nviic0 iic1 at nviic0 lm1 at iic1 addr 0x2f: W83791SD ohci0 at pci0 dev 2 function 0 Nvidia nForce4 USB rev 0xa2: apic 2 int 5 (irq 5), version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: Nvidia OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 10 ports with 10 removable, self powered ehci0 at pci0 dev 2 function 1 Nvidia nForce4 USB rev 0xa3: apic 2 int 3 (irq 3) usb1 at ehci0: USB revision 2.0 uhub1 at usb1 uhub1: Nvidia EHCI root hub, rev 2.00/1.00, addr 1 uhub1: 10 ports with 10 removable, self powered auich0 at pci0 dev 4 function 0 Nvidia nForce4 AC97 rev 0xa2: apic 2 int 11 (irq 11), nForce4 AC97 ac97: codec id 0x414c4790 (Avance Logic ALC850) audio0 at auich0 pciide0 at pci0 dev 6 function 0 Nvidia nForce4 IDE rev 0xf2: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: ST32122A wd0: 16-sector PIO, LBA, 2014MB, 4124736 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: LITE-ON, DVDRW SHW-16H5S, LS0N SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 4 pciide1 at pci0 dev 7 function 0 Nvidia nForce4 SATA 1 rev 0xf3: DMA pciide1: using apic 2 int 5 (irq 11) for native-PCI interrupt pciide2 at pci0 dev 8 function 0 Nvidia nForce4 SATA 2 rev 0xf3: DMA pciide2: using apic 2 int 11 (irq 5) for native-PCI interrupt ppb0 at pci0 dev 9 function 0 Nvidia nForce4 PCI-PCI rev 0xa2 pci1 at ppb0 bus 5 Texas Instruments TSB43AB22 FireWire rev 0x00 at pci1 dev 11 function 0 not configured skc0 at pci1 dev 12 function 0 Marvell Yukon 88E8001/8003/8010 rev 0x13, Marvell Yukon Lite (0x9): apic 2 int 5 (irq 5) sk0 at skc0 port A, address 00:15:f2:1d:20:34 eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5 ppb1 at pci0 dev 11 function 0 Nvidia nForce4 PCIE rev 0xa3 pci2 at ppb1 bus 4 ppb2 at pci0 dev 12
Re: Brain wash for live partition, or directory mirroring concept idea(s)?
On Thu, Feb 02, 2006 at 09:01:04AM -0700, Tobias Weingartner wrote: On Wednesday, February 1, Daniel Ouellet wrote: The idea is to configure a directory on a master server to copy the file that are change in it's monitor directory to one or multiple other server(s) in the same directory structure. nfs? You keep the master copy on the nfs server, and the slave copies on the clients... You export the portion that you want to be able to mount. It's all there... :) Well, ok, except the part about what happens when the server goes down. AFS solves part of the problem, too - if you keep everything read-only, it can be replicated very easily. Of course, true multi-writable filesystems would be really, really cool... Joachim
Re: Windows CLI FTP and OBSD 3.9 ftp-proxy
On Thu, Feb 02, 2006 at 01:28:03PM -0500, Peter Fraser wrote: The windows firewall expects the originating port of the ftp data to be port ftpdata, if it isn't the firewall rejects the packet. The ftp rfc does say that the originating port should be ftpdata. There's an option in ftp-proxy to change this behaviour - at least, it is in 3.8; I hope it survived the rewrite... Joachim
Re: Brain wash for live partition, or directory mirroring concept idea(s)?
Daniel Ouellet wrote: I would like to try to break my teeth on a small ( hopefully) project that is missing for me in the OpenBSD kernel. A way to have live mirror of pre determine directory, or may be if that's easier to implement, full partition(s). Do you know DRBD for Linux (www.drbd.org)? Something like this, together with CARP, would be great for highly available OpenBSD servers :-) Holger
Re: Brain wash for live partition, or directory mirroring concept idea(s)?
On Thu, Feb 02, 2006 at 05:44:54AM -0500, Daniel Ouellet wrote: Ray Lai wrote: On Wed, Feb 01, 2006 at 11:37:19PM -0500, Daniel Ouellet wrote: snip This way, continuous live mirroring can be done and no need for cronjob, etc. And this would be much more efficient as well. snip https://marc.theaimsgroup.com/?l=openbsd-miscm=86187916316 https://marc.theaimsgroup.com/?l=openbsd-miscm=105358689405500 Thanks for this! It is rather interesting for sure, but still not fully provide what I would like to do and I am not sure of the following as well. - Mirroring on multiple servers, more then 2. Man page said you need an even amount of devices, fair, but all I read look like indicate it would mirror a to b and that's it, even if a could be maid of multiples drives if you like, so two copy is the limit. I'm fairly certain you can run a ccd over a ccd. Or, better, raid over vnd. - On servers reboot, (master or slaves) unknown stage after restart and I am not sure you could consider the data proper here. The only way I guess would be to destroy the ccd, recreate it and put the data back, but then, very long down time. See the above raid comment. - Now on remote server, the point is to be able to use the data locally. Master - slaves. Meaning multiple slaves where the source is one, live mirroring on multiple slaves and usage of local data to be served locally from there own local copy of the mirror. If I understand this properly, I am not sure you possibly mount that file part of the ccd device from the master on the local (slave server) and use the data as normal. I would say no. I am not saying this is a bad idea to use ccd, but reading for the last few hours on it, I am not sure it would fit the needs. But I sure could be wrong. Been able to add more mirrors at will is a plus and have each mirror be a simple OpenBSD setup for reliability is important. Plus looks like all would need to be done via nfs and if I could avoid it, I would prefer that for security reason. I much prefer using ssh for all communications between servers. But again, may be I overlook nfs as the last time I used it, was many years ago for these same reasons. In the worst case, create an IPsec mesh (i.e., one connection per server). It will take care of quite a few issues. That being said, I don't think there is a really good solution to what you want to do. drbd looked promising, some time ago, but is Linux-only... Joachim
Re: Tapedrives with USB?
On Thu, Feb 02, 2006 at 11:44:20AM +0100, Michael Schmidt wrote: Hello together, is it impossible to run USB driven tapedrives under OpenBSD? The hardware list shows them to be officially not supported. My questions are: Aren4t they not detected as tapedrives under USB under OpenBSD? Or are there other reasons they are not mentioned in the hardware list? In case some people have tested it, any experiences to share? Can4t built-in tools like tar (or other ones?) be used? *If* the tapedrive is recognized as, at least, a character device, it is possible to use it with tar, dump, or AMANDA (much preferable, IMNSHO, as it does a lot of the work that would otherwise need to be scripted away; but it does assume some things, too, most importantly that the host is usually on). Joachim
Re: MAC filter Bridge
On Wednesday, February 1, Badbanchi Hossein wrote: Basing security policies on something as easily changable as a MAC address (and as public as a MAC address) is stupid. Thanks for the complement. You're welcome. Honestly though, what would you call it? Although this might seem (or actually BE) stupid in environments publicly accessible, but for a closed environment like our company LAN, this is good enough. Here I don't want to protect the LAN against the extreme hacker, but against our legitimate guests who come to visit someone or take part in some meeting, and simply open their laptop and connect the NIC to the nearest free LAN socket. This could be because they want to download the latest PowerPoint file for their presentation! Our policy is to provide Internet Access to our guests (of course while logging every activity), but we need to first distinguish them in order to provide them with at least an initial AUP (Acceptable User Policy), or even scan the machine for vulnerabilities and the like. And who's to say they actually read the AUP? Personally I'd do it slightly different. 1) Mac-lock the switch ports of the machines that are supposed to be connected permanently. (Yes, not perfect, but what can you do...) 2) vlan the ports that are plug-and-play to their own vlan 3) Use authpf to authenticate them, at least then you can ply them with your AUP before they accept (type a password). It will be a lot less implied, but an active action taken on their part. Rethink your approach. Other approaches like 802.1x is also known to me. But our need is more modest . Have a look at authpf. It's not the end-all be-all, but it does solve a lot of problems in a very elegant fashion. --Toby.
Re: Brain wash for live partition, or directory mirroring concept idea(s)?
On 2/2/06, Holger Mauermann [EMAIL PROTECTED] wrote: Daniel Ouellet wrote: I would like to try to break my teeth on a small ( hopefully) project that is missing for me in the OpenBSD kernel. A way to have live mirror of pre determine directory, or may be if that's easier to implement, full partition(s). Do you know DRBD for Linux (www.drbd.org)? Something like this, together with CARP, would be great for highly available OpenBSD servers :-) you could start here: http://marc.theaimsgroup.com/?l=openbsd-techm=108663340015236w=2
Re: Tapedrives with USB?
On 2/2/06, Michael Schmidt [EMAIL PROTECTED] wrote: Hello together, is it impossible to run USB driven tapedrives under OpenBSD? I tried it. Worked a couple times (sorta). The system would periodically lock up with errors about a disconnected SCSI device. I had my company spring for a SCSI drive, and did away with the very unreliable USB. Maybe it's improved since (that was on 3.5 IIRC), but I don't care to mess with it anymore. --Bryan
Re: MAC filter Bridge
Thanks for the clue. I will sure have a closer look at authpf. By the way I am also having a look at: http://acs-wiki.andrew.cmu.edu/twiki/bin/view/NGCoverage/AuthBridge and http://netpass.sourceforge.net/ (http://wings.buffalo.edu/computing/Documentation/gen/UBNetPass.html) Even commercial products like CounterAct from ForeScout and the like. Amir -Original Message- From: Tobias Weingartner [mailto:[EMAIL PROTECTED] Sent: Thursday, February 02, 2006 20:40 To: Badbanchi Hossein Cc: misc@openbsd.org Subject: Re: MAC filter Bridge On Wednesday, February 1, Badbanchi Hossein wrote: Basing security policies on something as easily changable as a MAC address (and as public as a MAC address) is stupid. Thanks for the complement. You're welcome. Honestly though, what would you call it? Although this might seem (or actually BE) stupid in environments publicly accessible, but for a closed environment like our company LAN, this is good enough. Here I don't want to protect the LAN against the extreme hacker, but against our legitimate guests who come to visit someone or take part in some meeting, and simply open their laptop and connect the NIC to the nearest free LAN socket. This could be because they want to download the latest PowerPoint file for their presentation! Our policy is to provide Internet Access to our guests (of course while logging every activity), but we need to first distinguish them in order to provide them with at least an initial AUP (Acceptable User Policy), or even scan the machine for vulnerabilities and the like. And who's to say they actually read the AUP? Personally I'd do it slightly different. 1) Mac-lock the switch ports of the machines that are supposed to be connected permanently. (Yes, not perfect, but what can you do...) 2) vlan the ports that are plug-and-play to their own vlan 3) Use authpf to authenticate them, at least then you can ply them with your AUP before they accept (type a password). It will be a lot less implied, but an active action taken on their part. Rethink your approach. Other approaches like 802.1x is also known to me. But our need is more modest . Have a look at authpf. It's not the end-all be-all, but it does solve a lot of problems in a very elegant fashion. --Toby.
Re: Broadcom BCM5752 NIC
Actually the NIC doesn't work properly. I can ssh to the box, but even output of a simple ls command takes seconds to appear on the screen, and gets interrupted in between. Does anyone know of any patch for this? Here is the output of ifconfig: # ifconfig -a lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:15:60:4f:22:e4 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet 172.22.11.235 netmask 0xfc00 broadcast 172.22.11.255 inet6 fe80::215:60ff:fe4f:22e4%bge0 prefixlen 64 scopeid 0x1 pflog0: flags=0 mtu 33224 pfsync0: flags=0 mtu 1348 enc0: flags=0 mtu 1536 Thanks for any assistance. Amir -Original Message- From: Badbanchi Hossein Sent: Thursday, February 02, 2006 19:36 To: misc@openbsd.org Subject: Broadcom BCM5752 NIC Hi, Have recently got an HP Compaq dc7600 to be used as DHCP Server. OpenBSD 3.8 install couldn't properly work with the Broadcom BCM5752 NIC! The Error says: bge0: firmware handshake timed out After installation was complete, now each time I reboot the system it takes a long time for the system to boot. It waits during initial boot and a second time while trying to configure the NIC with IP parameters, until it times out (both times with the same error as above). After the boot process is complete the NIC works!! I mean I can ping the box. I haven't tested the throughput of the NIC though. Here is an excerpt from dmesg: # dmesg | grep bge bge0 at pci2 dev 0 function 0 Broadcom BCM5752 rev 0x01, BCM5752 A1 (0x6001): irq 10bge0: firmware handshake timed out brgphy0 at bge0 phy 1: BCM5752 10/100/1000baseT PHY, rev. 0 bge0: firmware handshake timed out # And here is an excerpt from man brgphy: DESCRIPTION The brgphy driver supports Broadcom BCM5400 100/1000TX Ethernet PHY in- terfaces, as well as the BCM5401, BCM5411, BCM5421S, BCM5701, BCM5703, BCM5704, BCM5705, BCM5714, BCM5750 and BCM5752 10/100/1000baseTX Ethernet PHY interfaces. I would greatly appreciate any help? Amir
OpenBSD hardware router
I'm looking for something that which I can slap OpenBSD 3.8 on and use it as a router. This will be used for a house (~ 4 people) and I'm looking for something small in form factor and that which doesn't run hot because it will run in a closet. I'm seeking to replace our D-Link router because it seems to lock up on an occasion and this seem like a fun little project to do. I'd also like it to have wireless capabilities as well. Anyone know where I can start looking or can point in a direction to start? Or are my hopes too high and I should just get a PC and make it happen that route (pun not intended)? Kenny Mann
Re: OpenBSD hardware router
On Feb 2, 2006, at 3:41 PM, Kenny Mann wrote: I'm looking for something that which I can slap OpenBSD 3.8 on and use it as a router. This will be used for a house (~ 4 people) and I'm looking for something small in form factor and that which doesn't run hot because it will run in a closet. I'm seeking to replace our D-Link router because it seems to lock up on an occasion and this seem like a fun little project to do. I'd also like it to have wireless capabilities as well. Anyone know where I can start looking or can point in a direction to start? Or are my hopes too high and I should just get a PC and make it happen that route (pun not intended)? You must be new around here. :) http://www.soekris.com -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: OpenBSD hardware router
Kenny Mann wrote: I'm looking for something that which I can slap OpenBSD 3.8 on and use it as a router. This will be used for a house (~ 4 people) and I'm looking for something small in form factor and that which doesn't run hot because it will run in a closet. I'm seeking to replace our D-Link router because it seems to lock up on an occasion and this seem like a fun little project to do. I'd also like it to have wireless capabilities as well. Anyone know where I can start looking or can point in a direction to start? Or are my hopes too high and I should just get a PC and make it happen that route (pun not intended)? You could look at www.soekris.com. They're underpowered, but it should be able to handle home router/firewall duties. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: OpenBSD hardware router
Have you checked out the Soekris boxes at kd85.com? Regards, Craig On Thu, 2006-02-02 at 14:41 -0600, Kenny Mann wrote: I'm looking for something that which I can slap OpenBSD 3.8 on and use it as a router. This will be used for a house (~ 4 people) and I'm looking for something small in form factor and that which doesn't run hot because it will run in a closet. I'm seeking to replace our D-Link router because it seems to lock up on an occasion and this seem like a fun little project to do. I'd also like it to have wireless capabilities as well. Anyone know where I can start looking or can point in a direction to start? Or are my hopes too high and I should just get a PC and make it happen that route (pun not intended)? Kenny Mann
Re: OpenBSD hardware router
Kenny Mann wrote: I'm looking for something that which I can slap OpenBSD 3.8 on and use it as a router. This will be used for a house (~ 4 people) and I'm looking for something small in form factor and that which doesn't run hot because it will run in a closet. I'm seeking to replace our D-Link router because it seems to lock up on an occasion and this seem like a fun little project to do. I'd also like it to have wireless capabilities as well. Anyone know where I can start looking or can point in a direction to start? Or are my hopes too high and I should just get a PC and make it happen that route (pun not intended)? Kenny Mann This was posted just yesterday on undeadly.org, from the article you can see this: http://www.kd85.com/ Just scroll down three images and then start looking. You also have the URL for the hardware, that look plenty small to me and very nice. I don't think you need that many ports, but just the base version would give you three, Internet, DMZ and home LAN. Perfect for the job! Plus I think it is definitely not to expensive and as for power, well, no fan in there, not much power required there. Daniel
Re: Broadcom BCM5752 NIC
Try a -current snapshot. Some important bge(4) fixes went into the tree after 3.8. On 2/2/06, Badbanchi Hossein [EMAIL PROTECTED] wrote: Actually the NIC doesn't work properly. I can ssh to the box, but even output of a simple ls command takes seconds to appear on the screen, and gets interrupted in between. Does anyone know of any patch for this? Here is the output of ifconfig: # ifconfig -a lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:15:60:4f:22:e4 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet 172.22.11.235 netmask 0xfc00 broadcast 172.22.11.255 inet6 fe80::215:60ff:fe4f:22e4%bge0 prefixlen 64 scopeid 0x1 pflog0: flags=0 mtu 33224 pfsync0: flags=0 mtu 1348 enc0: flags=0 mtu 1536 Thanks for any assistance. Amir -Original Message- From: Badbanchi Hossein Sent: Thursday, February 02, 2006 19:36 To: misc@openbsd.org Subject: Broadcom BCM5752 NIC Hi, Have recently got an HP Compaq dc7600 to be used as DHCP Server. OpenBSD 3.8 install couldn't properly work with the Broadcom BCM5752 NIC! The Error says: bge0: firmware handshake timed out After installation was complete, now each time I reboot the system it takes a long time for the system to boot. It waits during initial boot and a second time while trying to configure the NIC with IP parameters, until it times out (both times with the same error as above). After the boot process is complete the NIC works!! I mean I can ping the box. I haven't tested the throughput of the NIC though. Here is an excerpt from dmesg: # dmesg | grep bge bge0 at pci2 dev 0 function 0 Broadcom BCM5752 rev 0x01, BCM5752 A1 (0x6001): irq 10bge0: firmware handshake timed out brgphy0 at bge0 phy 1: BCM5752 10/100/1000baseT PHY, rev. 0 bge0: firmware handshake timed out # And here is an excerpt from man brgphy: DESCRIPTION The brgphy driver supports Broadcom BCM5400 100/1000TX Ethernet PHY in- terfaces, as well as the BCM5401, BCM5411, BCM5421S, BCM5701, BCM5703, BCM5704, BCM5705, BCM5714, BCM5750 and BCM5752 10/100/1000baseTX Ethernet PHY interfaces. I would greatly appreciate any help? Amir
Re: Windows CLI FTP and OBSD 3.9 ftp-proxy
* Joachim Schipper [EMAIL PROTECTED] [2006-02-02 12:19]: On Thu, Feb 02, 2006 at 01:28:03PM -0500, Peter Fraser wrote: The windows firewall expects the originating port of the ftp data to be port ftpdata, if it isn't the firewall rejects the packet. The ftp rfc does say that the originating port should be ftpdata. There's an option in ftp-proxy to change this behaviour - at least, it is in 3.8; I hope it survived the rewrite... and ftp-proxy(8) will show you the way grasshoppers... man pages are your friends -Bob
Re: Brain wash for live partition, or directory mirroring concept idea(s)?
On 2/2/06, Ted Unangst [EMAIL PROTECTED] wrote: you could start here: http://marc.theaimsgroup.com/?l=openbsd-techm=108663340015236w=2 i suppose the link would be more useful if you could get the code. if somebody is seriously interested (as in, fixing it, not just using it), i can mail you a copy.
Re: Broadcom BCM5752 NIC
Badbanchi Hossein wrote: Actually the NIC doesn't work properly. I can ssh to the box, but even output of a simple ls command takes seconds to appear on the screen, and gets interrupted in between. I would try current first, as in the last two days there was a lots of work and still some is going on now that may actually address your problem, but without proper testing and dmesg send back with the latest current, that's not going to help much now. Trust me, it's worth the time to test and send the feedback. I can tell you that in my case, it wasn't working two days ago and now I saturate my switch big time! So, do your share and test, you will love the results. It's worth to invest some of your time if you care about your results. Daniel
Re: Brain wash for live partition, or directory mirroring concept idea(s)?
Holger Mauermann wrote: Do you know DRBD for Linux (www.drbd.org)? Something like this, together with CARP, would be great for highly available OpenBSD servers :-) I knew about the project and looked at it in the pass. I wanted something simpler I guess but definitely OpenBSD oriented. Plus I kind of want to see if I can do a little project, hopefully good I hope. And their license is GPL and LGPL...
Re: OpenBSD hardware router
Kenny Mann wrote: I'm looking for something that which I can slap OpenBSD 3.8 on and use it as a router. This will be used for a house (~ 4 people) and I'm looking for something small in form factor and that which doesn't run hot because it will run in a closet. I'm seeking to replace our D-Link router because it seems to lock up on an occasion and this seem like a fun little project to do. I'd also like it to have wireless capabilities as well. Anyone know where I can start looking or can point in a direction to start? Or are my hopes too high and I should just get a PC and make it happen that route (pun not intended)? Kenny Mann If you are trying not to spend a lot of money, you could find an almost free laptop (200 - 300 mhz) and use that. Cost will go up if you don't already have some PCMCIA or USB ethernet and wireless cards.
Re: OpenBSD hardware router
On Thu, Feb 02, 2006 at 03:50:08PM -0500, Jason Dixon wrote: You must be new around here. :) http://www.soekris.com Those boards are just cute (I got a net4801 from Wim last year), but I wish they were a little bit cheaper. Ciao, Kili
Re: Brain wash for live partition, or directory mirroring concept idea(s)?
- Mirroring on multiple servers, more then 2. Man page said you need an even amount of devices, fair, but all I read look like indicate it would mirror a to b and that's it, even if a could be maid of multiples drives if you like, so two copy is the limit. I'm fairly certain you can run a ccd over a ccd. Or, better, raid over vnd. I will continue to read on it. In the worst case, create an IPsec mesh (i.e., one connection per server). It will take care of quite a few issues. Yes, but then the simplicity is going away doesn't it? Not that it is bad, but OpenBSD reinforce on my the golden rules. KISS. So, if there was/is a simpler and more secure solutions, I would go for it. Don't get me wrong, not that I think this is bad, it sure is great! But may be I ws/am looking for a bit more. That being said, I don't think there is a really good solution to what you want to do. drbd looked promising, some time ago, but is Linux-only... Yeap. And you bet I am not going to switch! (;
Re: Slow disk access ?
There were several patches past 3.8 for cac that made it better. Try -current. On Feb 2, 2006, at 9:29 AM, Bruno Carnazzi wrote: Hi all, I'm running OpenBSD/i386 3.8 with GENERIC.MP on a Compaq Proliant DL380, powered by 2 PIII-866. All my partitions lives on a 3 ULTRA320 SCSI 10K RPM disk RAID-5 array. When I untar ports.tar.gz, it took about 4 minutes for a 8Mb archive (lots of small files)... I feel this is a bit poor performance : $ time tar -xzf ports.tar.gz 3m57.80s real 0m1.85s user 0m4.52s system $ ls -l total 17188 drwxr-xr-x 44 bcarnazzi bcarnazzi 1024 Sep 2 05:08 ports -rw-r--r-- 1 bcarnazzi bcarnazzi 8775929 Feb 2 17:01 ports.tar.gz I already use softupdate, as mount reports : /dev/sd0a on / type ffs (local, softdep) /dev/sd0h on /home type ffs (local, nodev, nosuid, softdep) /dev/sd0d on /tmp type ffs (local, nodev, nosuid, softdep) /dev/sd0g on /usr type ffs (local, nodev, softdep) /dev/sd0e on /var type ffs (local, nodev, nosuid, softdep) Here is the dmesg : OpenBSD 3.8 (GENERIC.MP) #298: Sat Sep 10 15:51:54 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel Pentium III (GenuineIntel 686-class) 864 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3 6,MMX,FXSR,SSE real mem = 2147049472 (2096728K) avail mem = 1953083392 (1907308K) using 4278 buffers containing 107454464 bytes (104936K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf pcibios0 at bios0: rev 2.1 @ 0xf/0x2000 pcibios0: PCI BIOS has 7 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:15:0 (ServerWorks ROSB4 SouthBridge rev 0x00) pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x4000! 0xcc000/0x800 0xe8000/0x6000 0xee000/0x2000! mainbus0: Intel MP Specification (Version 1.4) (COMPAQ PROLIANT) cpu0 at mainbus0: apid 1 (boot processor) cpu0: apic clock running at 132 MHz cpu1 at mainbus0: apid 0 (application processor) cpu1: Intel Pentium III (GenuineIntel 686-class) 864 MHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3 6,MMX,FXSR,SSE mainbus0: bus 0 is type PCI mainbus0: bus 3 is type PCI mainbus0: bus 9 is type ISA ioapic0 at mainbus0: apid 8 pa 0xfec0, version 11, 35 pins ioapic0: misconfigured as apic 0, remapped to apic 8 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 ServerWorks CNB20LE Host rev 0x05 pchb1 at pci0 dev 0 function 1 ServerWorks CNB20LE Host rev 0x05 pci1 at pchb1 bus 3 cac0 at pci0 dev 1 function 0 Symbios Logic 53c1510 rev 0x02: apic 8 int 10 (irq 10) Compaq Integrated Array scsibus0 at cac0: 1 targets sd0 at scsibus0 targ 0 lun 0: Compaq, RAID5 volume #, SCSI2 0/ direct fixed sd0: 69455MB, 17432 cyl, 255 head, 32 sec, 512 bytes/sec, 142245120 sec total fxp0 at pci0 dev 2 function 0 Intel 82557 rev 0x08, i82559: apic 8 int 11 (irq 11), address 00:02:a5:29:15:f0 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 vga1 at pci0 dev 3 function 0 ATI Mach64 GV rev 0x7a wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Compaq Netelligent ASMC rev 0x00 at pci0 dev 4 function 0 not configured xl0 at pci0 dev 5 function 0 3Com 3c905C 100Base-TX rev 0x78: apic 8 int 5 (irq 5)xl0: reset didn't complete , address 00:0a:5e:5a:c9:a4 exphy0 at xl0 phy 24: 3Com internal media interface xl0: reset didn't complete pcib0 at pci0 dev 15 function 0 ServerWorks ROSB4 SouthBridge rev 0x4f pciide0 at pci0 dev 15 function 1 ServerWorks OSB4 IDE rev 0x00: DMA atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: COMPAQ, CD-224E, 9.0B SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, DMA mode 2 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 sysbeep0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask 0 netmask 0 ttymask 0 pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: sd0 matches BIOS drive 0x80 root on sd0a rootdev=0x400 rrootdev=0xd00 rawdev=0xd02 Is this normal OpenBSD performance ? I feel an ext3 fs a bit faster on linux-2.6 running the same hardware : mount : /dev/ida/disc0/part3 on / type ext3 (rw,noatime) time : [EMAIL PROTECTED] tmp $ time tar -xzf ports.tar.gz real1m29.349s user0m2.700s sys 0m4.460s 2 times faster :( While in my case, FS performance is
Re: OpenBSD hardware router
On Thursday 02 February 2006 15:54, Darrin Chandler wrote: Kenny Mann wrote: I'm looking for something that which I can slap OpenBSD 3.8 on and use it as a router. This will be used for a house (~ 4 people) and I'm looking for You could look at www.soekris.com. They're underpowered, but it should be able to handle home router/firewall duties. Underpowered? I think that is a really relative term. Underpowered for datamining a 1 TB database? Yeah it probably is, however from my experience I could saturate a 1.5 Mb SDSL or T-1 link using an IPSEC VPN on between a Soekris 4501 and a 1GHz Dell POS. If all you are looking to do is run a firewall for a DSL/Cable connection at home, the 4501 is likely overpowered. Tim Donahue
Re: Brain wash for live partition, or directory mirroring concept idea(s)?
Ted Unangst wrote: you could start here: http://marc.theaimsgroup.com/?l=openbsd-techm=108663340015236w=2 Thank you!!! Thank you!!! Thank you!!! Thank you!!! I will be reading this code for sure and see what come of it.
Re: Brain wash for live partition, or directory mirroring concept idea(s)?
Tobias Ulmer wrote: I have not played with it, but isn't it possible to use libevent (man event) to notify a userspace daemon that scps the changed files over to another server(s)? Many thanks for this one. It's already in the base, so may be a very good start. I love the suggestion. Thank you! More reading to come! (;
Re: OpenBSD hardware router
On Thu, 02 Feb 2006 16:07:51 -0500 Will H. Backman [EMAIL PROTECTED] wrote: Kenny Mann wrote: I'm looking for something that which I can slap OpenBSD 3.8 on and use it as a router. This will be used for a house (~ 4 people) and I'm looking for something small in form factor and that which doesn't run hot because it will run in a closet. I'm seeking to replace our D-Link router because it seems to lock up on an occasion and this seem like a fun little project to do. I'd also like it to have wireless capabilities as well. Anyone know where I can start looking or can point in a direction to start? Or are my hopes too high and I should just get a PC and make it happen that route (pun not intended)? Kenny Mann If you are trying not to spend a lot of money, you could find an almost free laptop (200 - 300 mhz) and use that. Cost will go up if you don't already have some PCMCIA or USB ethernet and wireless cards. Nah, laptop aren't designed for those uses. As mention before, by quite some people :-), go for soekris. -- Security is decided by quality -- Theo de Raadt [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Brain wash for live partition, or directory mirroring concept idea(s)?
Bernhard Leiner wrote: Did you already had a look at Gamin/FAM? http://www.gnome.org/~veillard/gamin/index.html This may be interesting for a start anyway. I will check how this works for ideas. Thanks for the suggestion.
Re: Brain wash for live partition, or directory mirroring concept idea(s)?
Tobias Weingartner wrote: nfs? You keep the master copy on the nfs server, and the slave copies on the clients... You export the portion that you want to be able to mount. It's all there... :) I was/am trying to stay away of nfs. Again, not that it is bad, just call me paranoid and that's fair!
Re: OpenBSD hardware router
Any chance of buying one of those here from Brazil? On 2/2/06, Will H. Backman [EMAIL PROTECTED] wrote: Kenny Mann wrote: I'm looking for something that which I can slap OpenBSD 3.8 on and use it as a router. This will be used for a house (~ 4 people) and I'm looking for something small in form factor and that which doesn't run hot because it will run in a closet. I'm seeking to replace our D-Link router because it seems to lock up on an occasion and this seem like a fun little project to do. I'd also like it to have wireless capabilities as well. Anyone know where I can start looking or can point in a direction to start? Or are my hopes too high and I should just get a PC and make it happen that route (pun not intended)? Kenny Mann If you are trying not to spend a lot of money, you could find an almost free laptop (200 - 300 mhz) and use that. Cost will go up if you don't already have some PCMCIA or USB ethernet and wireless cards. -- Felipe Brant Scarel PATUX/OpenBSD Project Leader (http://www.patux.cic.unb.br)
Re: OpenBSD hardware router
Matthias Kilian wrote: On Thu, Feb 02, 2006 at 03:50:08PM -0500, Jason Dixon wrote: You must be new around here. :) http://www.soekris.com Those boards are just cute (I got a net4801 from Wim last year), but I wish they were a little bit cheaper. Ciao, Kili I'm surfing those links and they seem to be exactly what I was seeking. Thanks! Kenny Mann
pf question
After getting pf working with a block in all rule,
I am now trying to add a rule to allow local and internet access to my
webserver.
I have been able to access the web server from a computer on a subnet,
I copied a rule from the OpenBSD pf faq which would seem to accomplish this,
(see ruleset below) but nothing comes back even to my browser running on the
same computer.
What pf rule(s) do I have to change/add to permit my browser and others on the
internet to access the web server?
Thanks,
Dave Feustel
===current pf ruleset
ext_if = xl0
#ext_ad = 71.97.201.76
ext_ad = (xl0)
web_server = (xl0)
pr1 = 192.168.1.1/24
pr2 = 192.168.2.1/24
pr3 = 192.168.3.1/24
pr4 = 192.168.4.1/24
nat_proto = {tcp, udp, icmp}
# options
set require-order yes
set block-policy drop
set optimization normal
set loginterface none
# scrubbing
scrub in all
scrub out all
# nat rules
nat on $ext_if inet proto $nat_proto \
from {$pr1, $pr2, $pr3, $pr4} to any - $ext_ad
# filtering
pass in quick on sis1
block in log all
pass in on $ext_if proto tcp to $web_server \
port www flags S/SA keep state \
(max 200, source-track rule, max-src-nodes 100, max-src-states 3)
pass out log quick on $ext_if inet \
from ($ext_if) to any flags S/SA keep state
antispoof for $ext_if
===
Re: OpenBSD hardware router
Underpowered? I think that is a really relative term. Underpowered for datamining a 1 TB database? Yeah it probably is, however from my experience I could saturate a 1.5 Mb SDSL or T-1 link using an IPSEC VPN on between a Soekris 4501 and a 1GHz Dell POS. If all you are looking to do is run a firewall for a DSL/Cable connection at home, the 4501 is likely overpowered. Underpowered as a firewall in front of a large web site. fwiw, having one as a carp/cluster front end to www.ualberta.ca runs it at the blding edge - I did it temporarily to solve a problem and it worked, but was pretty much balls to the wall frequently. after swapping it out with a real machine it was fine. Basically for home nets to normal broadband connectivity they are ok as a firewall. They are borderline on 10mbit links depending on your ruleset. Simplle pf rulesets (at least in my experience) will run one out of jam at about 40 mbit of traffic, so just be aware of what the limitations are. If you want something with a little more grunt try nexcomm or comell, but for home use (and it's *just* a firewall) a soekris will do fine. (and is cheaper than those other things) -Bob -- | | | The ASCII Fork Campaign \|/ against gratuitous use of threads. |
Re: OpenBSD hardware router
Tim Donahue wrote: On Thursday 02 February 2006 15:54, Darrin Chandler wrote: Kenny Mann wrote: I'm looking for something that which I can slap OpenBSD 3.8 on and use it as a router. This will be used for a house (~ 4 people) and I'm looking for You could look at www.soekris.com. They're underpowered, but it should be able to handle home router/firewall duties. Underpowered? I think that is a really relative term. Underpowered for datamining a 1 TB database? Yeah it probably is, however from my experience I could saturate a 1.5 Mb SDSL or T-1 link using an IPSEC VPN on between a Soekris 4501 and a 1GHz Dell POS. If all you are looking to do is run a firewall for a DSL/Cable connection at home, the 4501 is likely overpowered. Tim Donahue I'm remembering some load problems, and a holdoff patch. Perhaps it's not an issue now. Don't forget that I said it should work as a home router. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: OpenBSD hardware router
On 2/2/06, Kenny Mann [EMAIL PROTECTED] wrote: I'm looking for something that which I can slap OpenBSD 3.8 on and use it as a router. This will be used for a house (~ 4 people) and I'm looking for something small in form factor and that which doesn't run hot because it will run in a closet. I'm seeking to replace our D-Link router because it seems to lock up on an occasion and this seem like a fun little project to do. I'd also like it to have wireless capabilities as well. Anyone know where I can start looking or can point in a direction to start? Or are my hopes too high and I should just get a PC and make it happen that route (pun not intended)? Kenny Mann Don't forget the wrap: http://www.pcengines.ch/wrap.htm They're slightly cheaper than the soekris. I use one with 3.8 and it runs as a cable router/firewall and runs ipsec between home and work.
Re: RAIDframe question
On 2/2/06, Peter Fraser [EMAIL PROTECTED] wrote: I have yet to have a windows machine die because of a disk failure when mirrored. ok, I'll take the bait. you are documenting simply, that you had luck in the past, perhaps also due to some good hardware (although I do not trust those $25 hardware-raid-controllers, be it onboard or on an extra card. I've seen windows die on soft raid and also on hard raid. the latter one was especially nice. one disk died, the controller either didn't recognize it or the driver didn't ask the controller, so no one knew the drive was dead. severaly minutes after rebooting the system locked completely up (again). cheap hard raid. bad driver. *cough* adaptec *cough* when I use raid, I want to know when something is wrong, and I want come back up asap. when I want hyper-availability, I have to do something duplicating entire machines, routers/firewalls have carp, and server have either some application-clustering or a hack simulating something like that. --knitti
pf question - solved
I found the solution in the pf faq: skip lo0. This rule is not mentioned in Artymiak's book which I had been reading. I will now read the complete pf faq to see what I have not been aware of. Dave Feustel
Re: dhcpd pid file
Thanks Henning. That did the trick for me. pkill works wonderfully. Henning Brauer wrote: * Matthew S Elmore [EMAIL PROTECTED] [2006-01-27 20:55]: Though I have been successfully running dhcpd myself for a few years now, it has come to my attention when writing some scripts to help maintain systems that there is no /var/run/dhcpd.pid file. Is this by design? yes. pid files are useless. I understand many are not fans of having lots of pid files laying around their box. What then is the recommended way of killing and restarting the daemon? pkill(1)
Re: OpenBSD hardware router
Jasper Lievisse Adriaanse wrote: On Thu, 02 Feb 2006 16:07:51 -0500 Will H. Backman [EMAIL PROTECTED] wrote: If you are trying not to spend a lot of money, you could find an almost free laptop (200 - 300 mhz) and use that. Cost will go up if you don't already have some PCMCIA or USB ethernet and wireless cards. Nah, laptop aren't designed for those uses. As mention before, by quite some people :-), go for soekris. Says who? Been doing this with a 75 dollar 233MHz laptop at home for almost three years now... Granted, the laptop HD crashed a few months ago, but now this WAP/firewall has 60GB of shared storage... and sits quietly on the top shelf of my laundry room.
Re: OpenBSD hardware router
On 2006/02/02 15:36, Darrin Chandler wrote: Underpowered? I think that is a really relative term. Underpowered for datamining a 1 TB database? Yeah it probably is, however from my experience I could saturate a 1.5 Mb SDSL or T-1 link using an IPSEC VPN on between a Soekris 4501 and a 1GHz Dell POS. If all you are looking to do is run a firewall for a DSL/Cable connection at home, the 4501 is likely overpowered. I'm remembering some load problems, and a holdoff patch. Perhaps it's not an issue now. Don't forget that I said it should work as a home router. Holdoff helps only a little. Using better nics helps only a little. Polling helps quite a lot more on these, but that's on some other OS, I forget which. They're very good at some things (low-power system for controlling other kit via gpio(4), ADSL firewall, etc) and bad at others (high network throughput, fast fileserving, etc). WRAP boards are somewhat similar, cheaper but more barebones e.g. no battery amongst other things, and the standard cases are uglier.
FreeBSD NIS client X OpenBSD NIS server: yppasswd
Hi, I have set up a NIS server using OpenBSD and a NIS client using FreeBSD. I can authenticate without problems. But when I try to change a user password with yppasswd on the FreeBSD client, after retyping the new password, after a somewhat long period, I get an error like: yppasswd: pam_chauthtok(): error in service module and the change fails. Now if I instead use the following command: yppasswd -h `ypwhich` It works immediatelly. With an OpenBSD client, it always work. So I guess the FreeBSD box is trying to talk to the rpc.ypasswdd from another server. I would be thankful to anyone who can help to find what is going on. Best regards, Josi -- ___ Play 100s of games for FREE! http://games.mail.com/
Re: OpenBSD hardware router
Kenny Mann wrote: I'm looking for something that which I can slap OpenBSD 3.8 on and use it as a router. I have had great experience with VIA's Mini-itx boards. My home router is a VIA EPIA 500, and it is overpowered for a home, but it is fun to play with! Luke
RSA ACE Authentication
Ok, before I get flamed up, I know this isnt supported, I just want to know if anyone has tried it. I would like to use an RSA / ACE server to authenticate locally on 3.8 (through radius). And I would like to run the RSA Authentication Agent 5.2 for Web on Apache. It is only supported for RH Linux and Sun. I was able to hack up the install and config command scripts enough to where it will install, but I can't get apache to run when I try adding the module. I have it running on IIS, but I'd really like to to move away from M$ / IIS. Again, I realize it isnt supported, I am just curious if anyone has tried / had any success with it. I'd be happy to discuss off the group, or to be pointed to another list / url. Thanks!
pf sunfire v120 and iperf poor performance
hi, im testing my sunfire v120 firewall and im very disapointed of the performance, look at this numbers: this is a fastethernet switch : ** this is with pf disabled ** - using the iperf's representative streams fwprueba# /usr/local/bin/iperf -c 10.10.10.2 Client connecting to 10.10.10.2, TCP port 5001 TCP window size: 32.5 KByte (default) [ 3] local 10.10.100.2 port 61201 connected with 10.10.10.2 port 5001 [ 3] 0.0-10.0 sec 86.4 MBytes 72.5 Mbits/sec fwprueba# 75.5 Mbits/sec?, is this spected behavior? - using a real stream (280 Mb file ) fwprueba# /usr/local/bin/iperf -c 10.10.10.2 -F 280_Mb.file Client connecting to 10.10.10.2, TCP port 5001 TCP window size: 32.5 KByte (default) [ 4] local 10.10.100.2 port 56651 connected with 10.10.10.2 port 5001 [ 4] 0.0-10.0 sec 68.1 MBytes 57.1 Mbits/sec fwprueba# 57.1 Mbits/sec? , WTF...?? ** this is with pf enabled ** - using the iperf's representative streams fwprueba# /usr/local/bin/iperf -c 10.10.10.2 Client connecting to 10.10.10.2, TCP port 5001 TCP window size: 32.5 KByte (default) [ 3] local 10.10.100.2 port 49897 connected with 10.10.10.2 port 5001 [ 3] 0.0-10.0 sec 86.9 MBytes 72.9 Mbits/sec 72.9 Mbit/sec ? , again, is this normal - using a real stream (280 Mb file ) fwprueba# /usr/local/bin/iperf -c 10.10.10.2 -F 280_Mb.file Client connecting to 10.10.10.2, TCP port 5001 TCP window size: 32.5 KByte (default) [ 4] local 10.10.100.2 port 62964 connected with 10.10.10.2 port 5001 [ 4] 0.0-10.0 sec 68.4 MBytes 57.4 Mbits/sec 57.4 Mbits/sec ?... better performance with the rules enabled?, i think i have something misconfigured somewhere. this is a sunfire v120 with a sun quad ethernet card, openbsd 3.8 any comments?
kernel debugging when booted off install cd
Hello all, I'm still not able to get OpenBSD 3.4-3.8 loaded on my old firewall box. It either freezes or panics when probing (or creating?) rd0, which I assume is the ramdisk used in the install. It runs 3.3 fine. So rather than just asking some random questions, I'd like to know how to save a dump when booting off of the install CD. I do have a serial console available (set tty com0). If getting a dump isn't possible, I'd then like to know how to get into the kernel debugger. I figure that I can gather information that's more helpful this way. Thanks, Charles
Re: kernel debugging when booted off install cd
On 2/3/06, Charles Sprickman [EMAIL PROTECTED] wrote: It either freezes or panics when probing (or creating?) rd0, which I assume is the ramdisk used in the install. It runs 3.3 fine. Perhaps you need to look at the FAQ if you're running i386: upgrading/reinstalling OpenBSD/i386 using bsd.rd-a.out [1]. If that doesn't solve your problem, a dmesg would be your best bet. Information from a panic (trace/ps, obtained through the debugger you get dropped into) would also be helpful. Since you mentioned you have a serial console available, I recommend using it to file a report. Upon freezes, I usually try to boot into the UKC to set the verbose option. Typically, this gave me a hint in devices to disable. As a sidenote: my own usual culprit is the ahc(4) driver. That said, this only happens with two machines, each having an nVidia nForce2 chipset. Given that you mentioned rd0 as a problem point, I doubt you are having the same underlying problem. Cheers, Rogier References: 1. OpenBSD FAQ - Upgrading/reinstalling OpenBSD/i386 using bsd.rd-a.out http://www.openbsd.org/faq/faq4.html#bsdrdaout -- If you don't know where you're going, any road will get you there.
dual in-kernel pppoe links
Hello I am doing Load balancing with two adsl using pf pools, everything is perfect, my problems appears when I try to config a second kernel pppoe link. ( now I am using one with in-kernel ans the other with userland pppoe ) I have to do something special?? Or it's not posible to have two in kernel pppoe at the same time? This is my hostanme.pppoe0 pppoedev rl1 !/sbin/ifconfig rl1 up !/usr/sbin/spppcontrol \$if myauthproto=pap myauthname=x myauthkey=x !/sbin/ifconfig \$if inet 0.0.0.0 0.0.0.1 netmask 0x !/sbin/route add default 0.0.0.1 Up And this my second pppoe2 hostname pppoedev rl2 !/sbin/ifconfig rl2 up !/usr/sbin/spppcontrol \$if myauthproto=pap myauthname=x myauthkey=x !/sbin/ifconfig \$if inet 0.0.0.0 0.0.0.2 netmask 0x !/sbin/route add default 0.0.0.2 Up May be I am misunderstanding something, What is wrong here? Thank you very much. Marcos
Re: dual in-kernel pppoe links
Hi,
At Fri, 3 Feb 2006 00:42:54 -0300,
Marcos Marconcini wrote:
I am doing Load balancing with two adsl using pf pools, everything is
perfect, my problems appears when I try to config a second kernel pppoe
link. ( now I am using one with in-kernel ans the other with userland pppoe
)
I have to do something special?? Or it's not posible to have two in kernel
pppoe at the same time?
I've had same problem.
This patch makes 0.0.0.2 usable as remote peer wildcard address
as well as 0.0.0.1. now, you can setup route to second interface.
Index: ./sys/net/if_spppsubr.c
===
RCS file: /pub/cvs/openbsd/src/sys/net/if_spppsubr.c,v
retrieving revision 1.1.1.4
diff -u -r1.1.1.4 if_spppsubr.c
--- ./sys/net/if_spppsubr.c6 Jan 2006 08:58:35 -1.1.1.4
+++ ./sys/net/if_spppsubr.c17 Jan 2006 14:17:48 -
@@ -2713,7 +2713,8 @@
desiredaddr = p[2] 24 | p[3] 16 |
p[4] 8 | p[5];
if (desiredaddr == hisaddr ||
-(hisaddr == 1 desiredaddr != 0)) {
+(hisaddr == 1 desiredaddr != 0) ||
+(hisaddr == 2 desiredaddr != 0)) {
/*
* Peer's address is same as our value,
* or we have set it to 0.0.0.1 to
The followings are my configuration.
hostname.pppoe0:
pppoedev xl0
!/sbin/ifconfig xl0 up
!/usr/sbin/spppcontrol \$if myauthproto=pap \
myauthname=XXX myauthkey=YYY
!/sbin/ifconfig \$if inet 0.0.0.0 0.0.0.1 netmask 0x mtu 1454
!/sbin/route add default 0.0.0.1
up
hostname.pppoe1:
pppoedev xl0
!/sbin/ifconfig xl0 up
!/usr/sbin/spppcontrol \$if myauthproto=chap \
myauthname=XXX myauthsecret=YYY
!/sbin/ifconfig \$if inet 0.0.0.0 0.0.0.2 netmask 0x mtu 1454
!route add XXX.XXX.XXX.XXX -netmask 255.255.255.128 0.0.0.2
!route add YYY.YYY.YYY.YYY -netmask 255.255.255.192 0.0.0.2
up
--
KUDO Takashi
DVD burning, cdrloots, dvdrtools, dvd+rw_tools on OpenBSD-3.8
Gdp`bqrbsire, Jacob.
B{ ohq`kh 1 tebp`k 2006 c., 10:31:24:
JM On Tue, Jan 31, 2006 at 04:40:49PM +0500, Dmitry Slobodchikov wrote:
Hi everybody-)
I've got two burners:
NEC ND-3540A
PIONEER DVR-110D
but I got ext lines by the both
Based on:
Cdrecord 1.11a15 (i386-unknown-openbsd3.8) Copyright (C) 1995-2001 JFrg
Schilling
JM ^
scsidev: '/dev/dvd'
devname: '/dev/dvd'
scsibus: -2 target: -2 lun: -2
Using libscg version 'bero-0.5a'
./dvdrecord: Warning: using inofficial version of libscg
(bero-0.5a '@(#)scsitransp.c 1.81 01/04/20 Copyright
1988,1995,2000 J. Schilling').
JM ^^
Device type: Removable CD-ROM
Version: 0
Response Format: 2
Capabilities :
Vendor_info: 'PIONEER '
Identifikation : 'DVD-RW DVR-110D'
Revision : '1.17'
Device seems to be: Generic mmc2 DVD.
Using generic SCSI-3/mmc DVD-R(W) driver (mmc_mdvd).
JM^^
Driver flags : SWABAUDIO BURNFREE
Supported modes: PACKET SAO
Starting to write CD/DVD at speed 1 in write mode for single session.
Last chance to quit, starting real write in 0 seconds. Operation starts.
./dvdrecord: Input/output error. blank unit: scsi sendcmd: retryable error
CDB: A1 01 00 00 00 00 00 00 00 00 00 00
status: 0x0 (GOOD STATUS)
cmd finished after 0.005s timeout 9600s
./dvdrecord: Cannot blank disk, aborting.
If I using CD-RW, then thas't OK.
What't wrong about my hands?-))
JM they are typing commands to use semi-functional software.
JM sysutils/dvd+rw-tools has been in the ports tree since before OpenBSD 3.7.
Growisofs don't work too neither -Z nor -M arguments
/home/zoosman-dvd+rw-format -blank /dev/dvd
* DVDRW/-RAM format utility by [EMAIL PROTECTED], version 4.10.
:-( unable to open(/dev/dvd): Invalid argument
or
/home/zoosman-dvd+rw-mediainfo /dev/dvd
/dev/dvd: unable to open: Invalid argument
or trying reformat DVD
/home/zoosman-growisofs -speed=4 -Z /dev/dvd=/dev/zero
Executing 'builtin_dd if=/dev/zero of=/dev/dvd obs=32k seek=0'
8519680/0 ( Inf%) @0.0x, remaining 0:-7
8519680/0 ( Inf%) @0.0x, remaining 0:-10
8552448/0 ( Inf%) @0.0x, remaining 0:-13
8552448/0 ( Inf%) @0.0x, remaining 0:-17
8585216/0 ( Inf%) @0.0x, remaining 0:-20
8585216/0 ( Inf%) @0.0x, remaining 0:-24
8585216/0 ( Inf%) @0.0x, remaining 0:-27
8617984/0 ( Inf%) @0.0x, remaining 0:-30
8617984/0 ( Inf%) @0.0x, remaining 0:-34
8617984/0 ( Inf%) @0.0x, remaining 0:-37
8650752/0 ( Inf%) @0.0x, remaining 0:-40
8650752/0 ( Inf%) @0.0x, remaining 0:-44
8650752/0 ( Inf%) @0.0x, remaining 0:-47
8683520/0 ( Inf%) @0.0x, remaining 0:-50
8683520/0 ( Inf%) @0.0x, remaining 0:-54
8683520/0 ( Inf%) @0.0x, remaining 0:-57
8683520/0 ( Inf%) @0.0x, remaining -1:00
8716288/0 ( Inf%) @0.0x, remaining -1:-4
8716288/0 ( Inf%) @0.0x, remaining -1:-7
8716288/0 ( Inf%) @0.0x, remaining -1:-10
.
and infinitely, and system starts to work sowly, very slowly.
What's wrong with my brain now?
--
Q sb`femhel,
Dmitry mailto:[EMAIL PROTECTED]
