Problem with PKG_ADD
I installed OpeBSD 3.8 in a server beyond a company's firewall, so i can't use internet's server a source of my packages. I downloaded the packages and now they are accessible by a server FTP and a Http server that use the ports 998 and 999. With Iexplore or Mozilla now I see the list of packages in my internal network but when I try to use the pkg_add it can't find the files. I try to use the new Method export PKG_PATH= ftp://xx.xx.xx.xx:998/DIR WITH PKGS/ pkg_add -v pkg name the method more simple pkg_add -v ftp://xx.xx.xx.xx:998/DIR WITH PKGS/pkg name the old method export PKG_PATH= ftp://xx.xx.xx.xx:998/DIR WITH PKGS/ pkg_add ${PKG_PATH}pkg name all this method don't work Someone have some idea ?? How can try to debug what's the problem ??? I try with ftp client and with pipe get pkg_name | pkg_add -v - it seems to work fine but when try to get dependency pkg_add prompt x file can't find file Did you think i have some system parameter to set up ??? PS with 3.7 all work fine, both platform i386 and sparc Thanks for all Alessandro
Re: OpenBSD's AFS informations
Bruno Carnazzi wrote: So, I'd like to know if OpenBSD's AFS could do the following (I assume that our actual file servers are replaced by OpenBSD AFS cells) : * Gently synchronize/distribute 2 physical file servers in 1 logical file server (real time is not needed) Yes. * Does it scale well (new AFS cells, new clients) ? Yes. * Does it support a quota mechnism ? Yes, * Implementation and Administration cost (we are 2 bright guys :) ? Hard to tell. Poeple that have done AFS once seldom stops doing it, so there must be something in it to hook us afs-admins * What about the file permissions ? Is that Windows 2k3-friendly (ACL) ? It has ACL's, but they aren't the same as any other OSs implementation. * Why OpenBSD devs re-writed an AFS instead of reusing OpenAFS ? They didn't, they imported arla. Before OpenAFS, it wasn't free either. * Integration with ActiveDirectory for authentication ? Yes, that is possible. * Recovery of a lost cell ? ? There are backup solutions for AFS, if that is what you're asking. Both commercial stuff that talks afs, and some tape-support-code in openafs to do it without external programs too.
Re: Problem with PKG_ADD
[EMAIL PROTECTED] dixit (2006-02-27, 10:16:05): export PKG_PATH= ftp://xx.xx.xx.xx:998/DIR WITH PKGS/ $ echo --${PKG_PATH}-- $ Try removing the leading space... -- Florin (Slippery) Iamandi Reason is the first victim of emotion. -- Scytale, Dune Messiah
no carrier seems obsd specific
Having a really basic network problem that I've tried 2 hardware solutions to without resolution: Obsd machine has 2 nics and has had right along. I've used the nic that dc0 is attached to many times. I've now installed a second nic on another machine (running gentoo linux) to talk to that second nic on obsd. Nics are recognized on both sides and the new one on the gentoo box can be used to access other machines on the subnet 192.168.0.0 so I know it works. Now the kicker: Ifconfig on obsd machine shows `no carrier' for that interface (dc0) when I plug the cat5 cable into the respective nics. At first I thought the added nic might be bad so changed it out for another I tested. I get the same ifconfig output on obsd when I connect its dc0 to the added nic on gentoo, `no carrier' I've tested by pulling cables to make sure the addresses are on the interfaces I think they are on. The `no carrier' flag is replaced with `active' if I connect dc0 to the other (not the newly added one) nic on gentoo box. Or to a router. As I've mentioned the newly added nic will work on the gentoo box its installed on and can communicate to where ever I plug it in. Except dc0. If I hadn't tried two nics and 3 different PSI slots, and a new cat5 cable, I wouldn't be so flummuxed. Can anyone spot whatever it is I'm overlooking or not testing?
Re: IPv6 question - related to the talk of van hauser at the 22C3
On Mon, 27 Feb 2006, [EMAIL PROTECTED] wrote: In his sliedes you may see (it`s at the movie after 40m19s) that he said that all OS he tested answered - Fragmentation and followring RA don't know what you are talking about here Responding to packets from multicast adresses No, see ip6_input.c line 249: if (IN6_IS_ADDR_MULTICAST(ip6-ip6_src) || IN6_IS_ADDR_UNSPECIFIED(ip6-ip6_dst)) { /* * XXX: badscope is not very suitable for a multicast source. */ ip6stat.ip6s_badscope++; in6_ifstat_inc(m-m_pkthdr.rcvif, ifs6_in_addrerr); goto bad; } Responding to packets with multicast destination (FreeBSD/Linux, both use KAME if I`m not wrong) No, see ip6_output.c line 435: if (IN6_IS_ADDR_MULTICAST(ip6-ip6_src)) { error = EOPNOTSUPP; ip6stat.ip6s_badscope++; goto bad; } -d
Re: Problem with PKG_ADD
Hi! I use -r potion with pkg_add not a -v export PKG_PATH=ftp://ftp.server.com/path/to/packages pkg_add -r package_name [EMAIL PROTECTED] wrote: I installed OpeBSD 3.8 in a server beyond a company's firewall, so i can't use internet's server a source of my packages. I downloaded the packages and now they are accessible by a server FTP and a Http server that use the ports 998 and 999. With Iexplore or Mozilla now I see the list of packages in my internal network but when I try to use the pkg_add it can't find the files. I try to use the new Method export PKG_PATH= ftp://xx.xx.xx.xx:998/DIR WITH PKGS/ pkg_add -v pkg name the method more simple pkg_add -v ftp://xx.xx.xx.xx:998/DIR WITH PKGS/pkg name the old method export PKG_PATH= ftp://xx.xx.xx.xx:998/DIR WITH PKGS/ pkg_add ${PKG_PATH}pkg name all this method don't work Someone have some idea ?? How can try to debug what's the problem ??? I try with ftp client and with pipe get pkg_name | pkg_add -v - it seems to work fine but when try to get dependency pkg_add prompt x file can't find file Did you think i have some system parameter to set up ??? PS with 3.7 all work fine, both platform i386 and sparc Thanks for all Alessandro
Re: IPv6 question - related to the talk of van hauser at the 22C3
On 27/02/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On 26/02/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Van Hauser held a speach at the 22C3 about attacking IPv6. He also said that even OpenBSD is affected by some of the attacks. A working stream can be found here: mms://streaming.fem.tu-ilmenau.de/ccc/22c3/2005-12-29_-_22c3_-_Saal4_Attacking_the_IPv6_Protocol_Suite/22c3_saal4_2.wmv If the link wont work: http://22c3.fem.tu-ilmenau.de/index.php?action=ondemand I just like to know if that stuff was fixed or if it will get fixed. There was nothing specific of OpenBSD in the talk. He briefly mentioned 'OpenBSD, FreeBSD, Linux' being used as firewalls, and said something like 'drop all not affecting IPv6'. For what I know, pf(4) block all rule does block both IPv4 and IPv6 traffic, doesn't it? Moreover, in pf(4) the rules by default are applicable to both IPv4 and IPv6, unless 'af inet' / 'af inet6' modifiers are specifically and _intentionally_ used, or src/dst addresses imply the af modifier. So pf(4) on *BSD is not vulnerable to the described 'lack of attention' firewall vulnerability... OpenBSD seems to have been included in the list merely because it goes as a synonym for a firewall today. :-) What exactly do you want to have fixed? In his talk he mentioned FreeBSD as one of the OS he tested and freeBSD use, as far as I know, also KAME. In his sliedes you may see (it`s at the movie after 40m19s) that he said that all OS he tested answered - Fragmentation and followring RA Responding to packets from multicast adresses Responding to packets with multicast destination (FreeBSD/Linux, both use KAME if I`m not wrong) Just for the record: KAME is *BSD only. Linux has some other IPv6 stack. In the talk, you can see that Linux (not Windows XP SP2, and not FreeBSD) is the most vulnerable, as it blindly replies to the ping that claims to have come from the multicast IPv6-address. Just to quote van Hauser from around 29:45. Every other operating system said, 'Oh no, I'm not doing that, I'm not dumb'... Well, Linux is sometimes different... Cheers, Constantine.
New message from BancorpSouth
[IMAGE] Dear BancorpSouth Client, This is your official notification from BancorpSouth that the service(s) listed below will be deactivated and deleted if not renewed immediately. Previous notifications have been sent to the Billing Contact assigned to this account. As the Primary Contact, you must renew the service(s) listed below or it will be deactivated and deleted. Renew Now your BancorpSouth Bill Pay and Services. If you are not enrolled at Web Banking, please enter your SSN as Username, and account number as Password. SERVICE : BancorpSouth with Bill Pay. Thank you, sincerely, Tricia Doyle Customer Service IMPORTANT CUSTOMER SUPPORT INFORMATION Document Reference: (87051203). B) 2006 BancorpSouth, All Rights Reserved. Member FDIC. Equal Housing Lender. * Please do not reply to this message. For any inquiries, contact Customer Service. [IMAGE][IMAGE]
Re: dmesg for Phylon 627F-1G + AD3RTLANG
On 2/26/06, Josh Archambault [EMAIL PROTECTED] wrote: It appears that no one has tried OpenBSD on this board yet, but the prospect of a mini-itx board with 1G VIA chip and 4 Ethernet interfaces for less than $200 was interesting enough to me that I bought one anyway. Agreed, they have a small chassis (including the power supply) on that site as well that is relatively inexpensive. snip Dmesg output from a recent 3.9 snapshot kernel for a Phylon 627F-1G motherboard with addon module AD3RTLANG with BIOS optimized defaults is as follows: OpenBSD 3.9-beta (GENERIC) #608: Sat Feb 25 13:12:29 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: VIA Nehemiah (CentaurHauls 686-class) 1 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MTRR,PGE,CMOV,PAT,MMX,FXSR,SSE cpu0: RNG AES snip RNG AES -- would you mind posting some 'openssl speed -evp aes-128-cbc' and 'openssl speed -evp aes-256-cbc' test results?
Re: no carrier seems obsd specific
Hi, Just a first thought, but is the cable a crossover one? I believe dc NICs are not autosensing. Original Message: - From: Harry Putnam [EMAIL PROTECTED] Date: Mon, 27 Feb 2006 03:54:53 -0600 To: misc@openbsd.org Subject: no carrier seems obsd specific Having a really basic network problem that I've tried 2 hardware solutions to without resolution: Obsd machine has 2 nics and has had right along. I've used the nic that dc0 is attached to many times. I've now installed a second nic on another machine (running gentoo linux) to talk to that second nic on obsd. Nics are recognized on both sides and the new one on the gentoo box can be used to access other machines on the subnet 192.168.0.0 so I know it works. Now the kicker: Ifconfig on obsd machine shows `no carrier' for that interface (dc0) when I plug the cat5 cable into the respective nics. At first I thought the added nic might be bad so changed it out for another I tested. I get the same ifconfig output on obsd when I connect its dc0 to the added nic on gentoo, `no carrier' I've tested by pulling cables to make sure the addresses are on the interfaces I think they are on. The `no carrier' flag is replaced with `active' if I connect dc0 to the other (not the newly added one) nic on gentoo box. Or to a router. As I've mentioned the newly added nic will work on the gentoo box its installed on and can communicate to where ever I plug it in. Except dc0. If I hadn't tried two nics and 3 different PSI slots, and a new cat5 cable, I wouldn't be so flummuxed. Can anyone spot whatever it is I'm overlooking or not testing? http://mail2web.com/ .
Re: xchm port
On Sun, Feb 26, 2006 at 10:26:02PM -0300, Joco Salvatti wrote: I have installed xchm from a non-offical OpenBSD port. The installation process ran fine, however the program is not running completely fine. When I try to open a .chm document it doesn't open. In the status bar the message connecting... appears and nothing else happens... Has anyone here faced that before? What should I do to solve it? -- install the official package ?
Re: no carrier seems obsd specific
[EMAIL PROTECTED] [EMAIL PROTECTED] writes: Hi, Just a first thought, but is the cable a crossover one? I believe dc NICs are not autosensing. I didn't really mean it... it was a joke er I mean I was forced to to write that at gunpoint er I mean I hit my head and got complete amnesia Honestly.. A few private posters have also mentioned the obvious. My only excuse is a deep seated stupidity...
pf and ftp
Hello! Sorry for stupid question. part of pf.conf: pass in on $ext_if proto tcp from any to any port 21 keep state pass in on $ext_if proto tcp from any to any port 49151 keep state ... block return-rst in log on $ext_if proto tcp all Part of log file: Feb 27 14:56:46.142988 rule 59/(match) block in on em0: a.b.c.d.54506 e.f.g.h.49887: [|tcp] (DF) PF Debug output for rule #59: @59 block return-rst in log on em0 proto tcp all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] PF debug output for my FTP rule: @48 pass in on em0 proto tcp from any to any port 49151 keep state [ Skip steps: d=50 sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] and rule #50: @50 pass out all keep state [ Skip steps: f=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] sysctl: net.inet.ip.porthifirst=49152 net.inet.ip.porthilast=65535 why I cannot establish FTP connection with host? where I wrong? same problem with udp/53: pass in inet proto tcp from any to my.ip.address.com port = 53 keep state #flags S/SA modulate state block return-icmp in log on $ext_if proto udp all don't allows incoming connections from another host (dig server.name @this.host) thank you for help! -- Thank you. Vladimir. Y. Plotnikov, http://www.smartwebco.com/ Cell Phone +420-774-311-015 ICQ: 24270826, skype ID: vladimirplotnikov
Re: pf and ftp
hi! you forgot port 20 (ftp-data) vladimir plotnikov wrote: Hello! Sorry for stupid question. part of pf.conf: pass in on $ext_if proto tcp from any to any port 21 keep state pass in on $ext_if proto tcp from any to any port 49151 keep state ... block return-rst in log on $ext_if proto tcp all Part of log file: Feb 27 14:56:46.142988 rule 59/(match) block in on em0: a.b.c.d.54506 e.f.g.h.49887: [|tcp] (DF) PF Debug output for rule #59: @59 block return-rst in log on em0 proto tcp all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] PF debug output for my FTP rule: @48 pass in on em0 proto tcp from any to any port 49151 keep state [ Skip steps: d=50 sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] and rule #50: @50 pass out all keep state [ Skip steps: f=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] sysctl: net.inet.ip.porthifirst=49152 net.inet.ip.porthilast=65535 why I cannot establish FTP connection with host? where I wrong? same problem with udp/53: pass in inet proto tcp from any to my.ip.address.com port = 53 keep state #flags S/SA modulate state block return-icmp in log on $ext_if proto udp all don't allows incoming connections from another host (dig server.name @this.host) thank you for help! -- Thank you. Vladimir. Y. Plotnikov, http://www.smartwebco.com/ Cell Phone +420-774-311-015 ICQ: 24270826, skype ID: vladimirplotnikov
Re: SMP process control
On Sunday, February 26, Sgt. Stedenko wrote: Is there a way to tell a process to switch which processor it's using in the SMP version of the obsd 3.8 system? Short of using the primary cpu with a UP kernel, no. Also, have there been any efforts into Ethernet device polling in the bge drivers? On a gigabit network the interrupts are eating a large portion of the cpu0 and thought it might help the situation. No. There is a lot more going on then you seem to possible fathom. --Toby.
Re: SMP process control
On Sunday, February 26, Sgt. Stedenko wrote: I had already seen that one and didn't find it to be any help. Thanks anyways though for taking the time. The author offers a solution but no explanation. I've tuned many sysctl's and experimented with the mtu's, changing from autoselect to 1000baseT, a few more things. It's two devices acting as a bridge and together they keep a dual opteron system at 70% on CPU0 and the second CPU1 doesn't see any action until CPU0 maxes out. I'd like to change this behaviour. I hope you can code. Seriously. --Toby.
Re: dmesg for Phylon 627F-1G + AD3RTLANG
Dmesg output from a recent 3.9 snapshot kernel for a Phylon 627F-1G motherboard with addon module AD3RTLANG with BIOS optimized defaults is as follows: OpenBSD 3.9-beta (GENERIC) #608: Sat Feb 25 13:12:29 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: VIA Nehemiah (CentaurHauls 686-class) 1 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MTRR,PGE,CMOV,PAT,MMX,FXSR,SSE cpu0: RNG AES snip RNG AES -- would you mind posting some 'openssl speed -evp aes-128-cbc' and 'openssl speed -evp aes-256-cbc' test results? No problem. fw# openssl speed -evp aes-128-cbc To get the most accurate results, try to run this program when this computer is idle. Doing aes-128-cbc for 3s on 16 size blocks: 5171146 aes-128-cbc's in 2.80s Doing aes-128-cbc for 3s on 64 size blocks: 4827105 aes-128-cbc's in 2.80s Doing aes-128-cbc for 3s on 256 size blocks: 3390213 aes-128-cbc's in 2.82s Doing aes-128-cbc for 3s on 1024 size blocks: 1436513 aes-128-cbc's in 2.76s Doing aes-128-cbc for 3s on 8192 size blocks: 239625 aes-128-cbc's in 2.84s OpenSSL 0.9.7g 11 Apr 2005 built on: date not available options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: information not available available timing options: USE_TOD HZ=100 [sysconf value] timing function used: getrusage The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128-cbc 29582.42k 110457.11k 307729.97k 533389.80k 690288.53k fw# openssl speed -evp aes-256-cbc To get the most accurate results, try to run this program when this computer is idle. Doing aes-256-cbc for 3s on 16 size blocks: 5115324 aes-256-cbc's in 2.83s Doing aes-256-cbc for 3s on 64 size blocks: 4543495 aes-256-cbc's in 2.75s Doing aes-256-cbc for 3s on 256 size blocks: 2947167 aes-256-cbc's in 2.85s Doing aes-256-cbc for 3s on 1024 size blocks: 1175366 aes-256-cbc's in 2.85s Doing aes-256-cbc for 3s on 8192 size blocks: 177704 aes-256-cbc's in 2.86s OpenSSL 0.9.7g 11 Apr 2005 built on: date not available options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: information not available available timing options: USE_TOD HZ=100 [sysconf value] timing function used: getrusage The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-256-cbc 28939.73k 105739.52k 264582.88k 422075.61k 509115.16k -J
Re: pf and ftp
Sorry, of course, this line exists in my config: @4 pass in quick inet proto tcp from any to my.ip.address.com port = ftp-data keep state [ Skip steps: i=44 d=50 f=44 p=44 sa=end sp=end da=12 ] [ queue: qname= qid=0 pqname= pqid=0 ] On 2/27/06, edgarz [EMAIL PROTECTED] wrote: hi! you forgot port 20 (ftp-data) vladimir plotnikov wrote: Hello! Sorry for stupid question. part of pf.conf: pass in on $ext_if proto tcp from any to any port 21 keep state pass in on $ext_if proto tcp from any to any port 49151 keep state ... block return-rst in log on $ext_if proto tcp all Part of log file: Feb 27 14:56:46.142988 rule 59/(match) block in on em0: a.b.c.d.54506 e.f.g.h.49887: [|tcp] (DF) PF Debug output for rule #59: @59 block return-rst in log on em0 proto tcp all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] PF debug output for my FTP rule: @48 pass in on em0 proto tcp from any to any port 49151 keep state [ Skip steps: d=50 sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] and rule #50: @50 pass out all keep state [ Skip steps: f=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] sysctl: net.inet.ip.porthifirst=49152 net.inet.ip.porthilast=65535 why I cannot establish FTP connection with host? where I wrong? same problem with udp/53: pass in inet proto tcp from any to my.ip.address.com port = 53 keep state #flags S/SA modulate state block return-icmp in log on $ext_if proto udp all don't allows incoming connections from another host (dig server.name @this.host) thank you for help! -- Thank you. Vladimir. Y. Plotnikov, http://www.smartwebco.com/ Cell Phone +420-774-311-015 ICQ: 24270826, skype ID: vladimirplotnikov -- Thank you. Vladimir. Y. Plotnikov, http://www.smartwebco.com/ Cell Phone +420-774-311-015 ICQ: 24270826, skype ID: vladimirplotnikov
Re: pf and ftp
On Mon, Feb 27, 2006 at 03:40:17PM +0100, vladimir plotnikov wrote: Hello! Sorry for stupid question. part of pf.conf: pass in on $ext_if proto tcp from any to any port 21 keep state pass in on $ext_if proto tcp from any to any port 49151 keep state ... block return-rst in log on $ext_if proto tcp all the last matching rule wins, as explained in the pf.conf(5) man page. Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
systrace filename exists rule
Dear misc readers, i was writing a systrace rule and i could not find a way to create a rule that would permit writing to a file but only if it does not exists, so it could only create new files but not override old ones. Would that require a new feature to systrace or is it already possible do it in a way that I'm not seeing.
Re: manual vs. crontab execution
* Peter Bako [EMAIL PROTECTED] [2006-02-25 15:33:28 -0800]: However when the cron job hits at midnight the script always fails and without any error message that I can get. Whenever you have a problem like this (ie. Script foo works perfectly from the command line but not from cron), you should always run /usr/bin/env (or /bin/env) from cron, and then manually run your script with that same environment (unsetting any envariables you need to get your shell to match that of the cron environment) -- that will show you fairly quickly what is wrong and how this particular box is different from your 7 other ones. Usually it is just a PATH issue, but sometimes it may be some missing envariable that you didn't even realize existed (or that your script depended on it). Thomas -- N.J. Thomas [EMAIL PROTECTED] Etiamsi occiderit me, in ipso sperabo
Re: systrace filename exists rule
On Mon, Feb 27, 2006 at 05:48:26PM +0200, [EMAIL PROTECTED] wrote: i was writing a systrace rule and i could not find a way to create a rule that would permit writing to a file but only if it does not exists, so it could only create new files but not override old ones. Would that require a new feature to systrace or is it already possible do it in a way that I'm not seeing. Use ``systrace -u''. It allows for finer-grained control of system calls. -Ray-
Problem with freshclam (maybe a port problem): Problem solved
It's my fault. I was very tired. freshclam -u root solved all (probably I had some problems with the permissions, because now a simple freshclam works very well). Yours in BSDness, Gabriel George POPA
/etc and partitions
Hello, version: 3.8 architecture: i386 I have seen that /etc cannot be located on a separated partition. Why can it be not on an extra partition? Have a nice day Michael -- Michael Schmidt MIRRORS: DJGPP ftp://ftp.fh-koblenz.de/pub/DJGPP/ Ghostscript ftp://ftp.fh-koblenz.de/pub/Ghostscript/
Re: /etc and partitions
Hello! On Mon, Feb 27, 2006 at 07:37:12PM +0100, Michael Schmidt wrote: Hello, version: 3.8 architecture: i386 I have seen that /etc cannot be located on a separated partition. Why can it be not on an extra partition? Because init wants to start a shell on /etc/rc, and mount -a ... wants /etc/fstab to find any other file systems. That's only 2 reasons. There're probably more than that. Kind regards, Hannah.
Re: /etc and partitions
I have seen that /etc cannot be located on a separated partition. Why can it be not on an extra partition? Because it is the directory that contains the lists first shell script which must be run, /etc/rc. Same reason that /sbin cannot be a different mount point, because then you cannot get at /sbin/init. Or /dev, because then it cannot open /dev/console.
Re: /etc and partitions
Michael Schmidt wrote: I have seen that /etc cannot be located on a separated partition. Why can it be not on an extra partition? The rc scripts need to be able to read /etc/fstab to know what filesystems besides / to mount. Dustin Lundquist
Re: /etc and partitions
Speaking from experience, I put /etc on a separate partition once, only took 2 hours to recover it but it was a lesson well learned... There are several file located in the /etc/ directory that need to be immediately available upon boot. These include /etc/fstab and /etc/rc*. Tim Donahue On Monday 27 February 2006 13:37, Michael Schmidt wrote: Hello, version: 3.8 architecture: i386 I have seen that /etc cannot be located on a separated partition. Why can it be not on an extra partition? Have a nice day Michael
Re: manual vs. crontab execution
Thanks to everyone who sent me suggestions on this problem. Many dealt with environment related variables, all of which matched and were not the cause of the issue. While I still am not 100% sure as the cause I have found a workaround, but one that is weird enough (at least to me) that I though I'd share with everyone. While troubleshooting the problem I got disconnected from the remote unit do to a stupid typo on my local system. Upon reconnecting I noticed that the script was not running even from direct command line execution and was returning (once I removed the -s switch) an error of failed to connect to host. Surprised by that (since the host it is trying to find is the outside interface of my firewall, one that I was actively using to connect to it), I did a ping to verify that the name would resolve correctly. As expected it did and when I tried the script again it worked! Rather surprised by this, I duplicated the situation by manually disconnecting, reconnecting trying the script, which failed, pinging my host and trying the script again which now works! I again verified all the settings on this machine with the many others just like it that I have out there and found no differences. Except for this one connection I have normal access, other users can access other resources through it, and so on. So in short I do not fully understand the cause but for a solution I simply put a one count ping command into my script and not it works! Peter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Saturday, February 25, 2006 4:56 PM To: Peter Bako Subject: Re: manual vs. crontab execution p == Peter Bako [EMAIL PROTECTED] writes: p I have a weird problem I cannot find a solution to. I've written a p small script (attached below) that I put on the dozen or so systems p that I maintain for friends and clients, that daily sends some basic p information to my web server. This data is then stored in a MySQL p database and viewed via another script. All the systems are running p OpenBSD version 3.5 to 3.8, and the one in question here is 3.8. I'm sure you've checked the obvious differences. One way to troubleshoot the problem is to ensure that the root crontab has MAILTO set to a valid email address (see crontab(5) for more detail). Then use one of the following cron entries in place of the problematic cron entry to gather more data: next_minute * * * * sh -x /usr/local/fwreport next_minute * * * * ktrace -di -f /tmp/myktrace.out The emailed results of the first example may lead to the solution. Otherwise, use kdump -f /tmp/myktrace.out to examine the results from the second example. If there's still a problem, the results from those examples would help troubleshooting. Regards, Bob
nfe+ciphy testers urgently required
If people have NVIDIA Ethernet controllers that attach Cicada/Vitesse PHYs ciphy(4), can you get in touch with me ASAP. I have a fix for a problem for you to test that will result in your adapter not working in 3.9 if it does not get comitted very soon.
Re: /etc and partitions
On Monday, February 27, Michael Schmidt wrote: version: 3.8 architecture: i386 I have seen that /etc cannot be located on a separated partition. Why can it be not on an extra partition? Where is the information located that tells it how/where to mount the /etc partition from? --Toby.
Two gateways...
Hello... Ive got two obsd firewalls, A and B. Both are using DSL routers, plugged into a nic via a crossover cable... and A and B's default routes are set to the DSL routers. A and B are also on the same LAN. What I want to do, is redirect incoming traffic from A to B, but to have B route it back out of A without any NAT. B will further forward the traffic on to internal servers. Is this possible? If so, how? Any suggestions/hints/comments welcome. Thanks, Josh
question about spamdb -a
hi there, when i explicitly whitelist an ip address which just turned up in spamdb as GREY, why is it still there also as GREY? yyinteger spamdb GREY|xx.xx.xx.xx|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1141076813|1141091213|1141091213|1|0 integer sudo spamdb -a xx.xx.xx.xx integer spamdb WHITE|xx.xx.xx.xx|||1141077381|1141077381|1144187781|1|0 GREY|xx.xx.xx.xx|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1141076813|1141091213|1141091213|1|0 -f -- the world: a comedy for thinkers; a tragedy for feelers.
ADSL and PPPoA
Hello, I'm trying to replace a USR router with a BSD one. The USR router is getting its IP, Gateway, and DNS from the ISP supplied modem currently. When trying to setup the BSD firewall/router on the ADSL connection from ns4all in the Netherlands, it does get an IP address assigned via dhcp-spoofing (the modem's address is 10.0.0.138 by default). I do not get a default gateway though, and after looking at the default gateway of the USR router prior to switching, it was on a entirely different network. I'm wondering if anyone has any suggestions to get this working. The IP address issued is a 82.92.239.xx address and the default gateway is 195.190.249.xx which makes no sense to me. Thanks, Joel
Re: question about spamdb -a
because you're only added the whitelist entry, not deleted a grey one. The grey entry is harmless, it will get reaped out of there in 4 hours when it expires.. -Bob * frantisek holop [EMAIL PROTECTED] [2006-02-27 15:03]: hi there, when i explicitly whitelist an ip address which just turned up in spamdb as GREY, why is it still there also as GREY? yyinteger spamdb GREY|xx.xx.xx.xx|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1141076813|1141091213|1141091213|1|0 integer sudo spamdb -a xx.xx.xx.xx integer spamdb WHITE|xx.xx.xx.xx|||1141077381|1141077381|1144187781|1|0 GREY|xx.xx.xx.xx|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1141076813|1141091213|1141091213|1|0 -f -- the world: a comedy for thinkers; a tragedy for feelers. -- | | | The ASCII Fork Campaign \|/ against gratuitous use of threads. |
Re: ADSL and PPPoA
On 2006/02/27 16:02, Joel Gudknecht wrote: I'm trying to replace a USR router with a BSD one. The USR router is getting ns4all in the Netherlands, it does get an IP address assigned via dhcp-spoofing (the modem's address is 10.0.0.138 by default). I do not get a default gateway though, and after looking at the default gateway of the USR router prior to switching, it was on a entirely different network. Is it receiving a netmask such that it ARPs for the whole internet? 'ifconfig -a' and 'netstat -rn' output might help. 10.0.0.138 sounds like a speedtouch and can probably be configured more sensibly though...
Re: ADSL and PPPoA
On 2/27/06, Stuart Henderson [EMAIL PROTECTED] wrote: On 2006/02/27 16:02, Joel Gudknecht wrote: I'm trying to replace a USR router with a BSD one. The USR router is getting ns4all in the Netherlands, it does get an IP address assigned via dhcp-spoofing (the modem's address is 10.0.0.138 by default). I do not get a default gateway though, and after looking at the default gateway of the USR router prior to switching, it was on a entirely different network. Is it receiving a netmask such that it ARPs for the whole internet? 'ifconfig -a' and 'netstat -rn' output might help. 10.0.0.138 sounds like a speedtouch and can probably be configured more sensibly though... The netmask is 255.0.0.0 and yes, it's a speedtouch. What part would you recommend reconfiguring? I had a look at the web-interface and nothing jumped out that I should have changed. I'm trying to avoid having to mess with pppoe in userland if at all possible.
Re: Two gateways...
On Tue, Feb 28, 2006 at 10:38:43AM +1300, Joshua Sandbrook wrote: Hello... Ive got two obsd firewalls, A and B. Both are using DSL routers, plugged into a nic via a crossover cable... and A and B's default routes are set to the DSL routers. A and B are also on the same LAN. What I want to do, is redirect incoming traffic from A to B, but to have B route it back out of A without any NAT. B will further forward the traffic on to internal servers. Is this possible? If so, how? Any suggestions/hints/comments welcome. Thanks, Josh That's possible using a lot of rdr statements in pf.conf, but the proper solution is simple: assign the servers their own subnet (or, if this is not possible, a couple of internal IP addresses - effectively /32 subnets, after all). Then use firewall B as the router for this subnet, and tell A to route everything to B (route add 192.168.1.0/24 fwb.example.com). Now, on B, use the reply-to option in pf.conf to route everything out of fwa.example.com. Joachim
Some benefit from ... ?
I am using OBSD for about 5 years now. I am need to write massive parallel applications and the traditional approach (fork/threaded app) is not an alternative due to performance issues. I wonder if the event driven approach by http://jcyclone.sf.net is of use? Any one here using it? Specially with OpenBSD? Thanks in advance.
Re: Some benefit from ... ?
On Mon, 27 Feb 2006, Gustavo Rios wrote: I am using OBSD for about 5 years now. I am need to write massive parallel applications and the traditional approach (fork/threaded app) is not an alternative due to performance issues. I wonder if the event driven approach by http://jcyclone.sf.net is of use? Any one here using it? Specially with OpenBSD? man 3 event It does most of what an event-driver application needs, but you would still need to manage your own queues, per-processor workers, etc. -d
Re: ADSL and PPPoA
Joel Gudknecht wrote: The netmask is 255.0.0.0 and yes, it's a speedtouch. What part would you recommend reconfiguring? I had a look at the web-interface and nothing jumped out that I should have changed. I'm trying to avoid having to mess with pppoe in userland if at all possible. Try this (warning, Dutch): http://www.mixfix.nl/helpfiles/alcatel/sipspoof.asp
Re: ADSL and PPPoA
On 2006/02/27 16:29, Joel Gudknecht wrote: On 2/27/06, Stuart Henderson [EMAIL PROTECTED] wrote: On 2006/02/27 16:02, Joel Gudknecht wrote: I'm trying to replace a USR router with a BSD one. The USR router is getting ns4all in the Netherlands, it does get an IP address assigned via dhcp-spoofing (the modem's address is 10.0.0.138 by default). I do not get a default gateway though, and after looking at the default gateway of the USR router prior to switching, it was on a entirely different network. Is it receiving a netmask such that it ARPs for the whole internet? 'ifconfig -a' and 'netstat -rn' output might help. 10.0.0.138 sounds like a speedtouch and can probably be configured more sensibly though... The netmask is 255.0.0.0 and yes, it's a speedtouch. What part would for dhcp-spoofing, you could try route add -interface default your.public.ip.address (untested but seems like it should work). you recommend reconfiguring? I had a look at the web-interface and nothing jumped out that I should have changed. I'm trying to avoid having to mess with pppoe in userland if at all possible. depends on what you want to use the connection for, but either you could nat (maybe make the BSD box the default - :nat defserver in cli), pptp-relay (a bit messy but is a way to give you control of the ppp connection if you want it), or if the ISP is co-operative, ask them for a subnet (in .uk that's usually the route I take since /30 are pretty easily available - but I realise this isn't applicable everywhere).
IPv6 CARP interface INIT state
How can I make a CARP IPv6 interface? My IPv4 CARP interface is in MASTER state, but the IPv6 CARP interface is in INIT state. % cat /etc/hostname.vge0 up media 100baseTX mediaopt full-duplex inet6 fec0::f:213:49ff:fe17:4dcb 64 % ifconfig vge0 vge0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 lladdr 00:13:49:17:4d:cb media: Ethernet 100baseTX full-duplex status: active inet6 fe80::213:49ff:fe17:4dcb%vge0 prefixlen 64 scopeid 0x2 inet6 fec0::f:213:49ff:fe17:4dcb prefixlen 64 % cat /etc/hostname.carp1 inet6 fec0::f:203:49ff:fe17:4573 64 vhid 2 pass password % ifconfig carp1 carp1: flags=8803UP,BROADCAST,SIMPLEX,MULTICAST mtu 1500 carp: INIT carpdev vge0 vhid 2 advbase 1 advskew 0 groups: carp inet6 fec0::f:203:49ff:fe17:4573 prefixlen 64 Darrel
Re: PostgreSQL can't connect to localhost
On Tuesday 28 February 2006 12:47, William Kranec wrote: I'm trying to get the server to listen on localhost:5432. I've set the following in postgresql.conf: listen_addresses = 'localhost' tried using 127.0.0.1? --- Lars Hanssom
Re: PostgreSQL can't connect to localhost
On Tue, Feb 28, 2006 at 01:07:15PM +0800, Lars Hansson wrote: On Tuesday 28 February 2006 12:47, William Kranec wrote: I'm trying to get the server to listen on localhost:5432. I've set the following in postgresql.conf: listen_addresses = 'localhost' tried using 127.0.0.1? that works. thanks. --- Lars Hanssom
Re: ADSL and PPPoA
On Mon, 27 Feb 2006, Joel Gudknecht wrote: I'm wondering if anyone has any suggestions to get this working. The IP address issued is a 82.92.239.xx address and the default gateway is 195.190.249.xx which makes no sense to me. You could try the following : $ route add -net 10.0.0.138 -netmask 255.255.255.255 -interface 82.92.239.xx -cloning $ route add default 10.0.0.138 -- Antoine
Ethernet via USB cable
Hi list, I am trying to setup a network between two OpenBSD 3.8 hosts via a USB interface. I wanted to use the Interface as a pfsync device. I thought it have read somewhere it is possible but cannot remember where, so when I issue a: apropos usb | grep -i ether I feel I will need a USB Ethernet interface, just coupling two hosts via a USB cable doesn't work. The most promising manual page revealed that way is the cdce(4), but there is a Prolific and Zaurus mentioned and I belive this is only working with these devices. So do I need special USB Ethernet hardware to configure a network between two OpenBSD hosts connected together via USB, if not, which manpage did I missed? greets lars -- DSL-Aktion wegen gro_er Nachfrage bis 28.2.2006 verldngert: GMX DSL-Flatrate 1 Jahr kostenlos* http://www.gmx.net/de/go/dsl
Error while install turck-mmcache
hi [EMAIL PROTECTED] I want to install mediawiki-1.5.6 on OpenBSD 3.8 release, and want to use turck-mmcache to speed up the php, but i got an error message : turck-mmcache version : 2.4.6 OS : OpenBSD 3.8 release === MESSAGES = # export PHP_PREFIX=/usr/local/ # export AUTOCONF_VERSION=2.59 # export AUTOMAKE_VERSION=1.9 # phpize Configuring for: PHP Api Version: 20031224 Zend Module Api No: 20041030 Zend Extension Api No: 220040412 /usr/local/share/aclocal/libgcrypt.m4:23: warning: underquoted definition of AM_PATH_LIBGCRYPT run info '(automake)Extending aclocal' or see http://sources.redhat.com/automake/automake.html#Extending-aclocal /usr/local/share/aclocal/gpg-error.m4:7: warning: underquoted definition of AM_PATH_GPG_ERROR # === PKG LIST == # ls /var/db/pkg autoconf-2.59 libxslt-1.1.12p1 php5-mysql-5.0.4 automake-1.9.6p0 memcached-1.1.12 php5-pear-5.0.4 bzip2-1.0.3metaauto-0.5 php5-xsl-5.0.4 curl-7.14.0mysql-client-4.0.24png-1.2.8 freetype-1.3.1p1 mysql-server-4.0.24p1 recode-3.6p2 gettext-0.10.40p3 p5-DBD-mysql-3.0002 squid-2.5.STABLE12-transparent jpeg-6bp2 p5-DBI-1.45p1 t1lib-5.0.0 libgcrypt-1.2.0p5-Net-Daemon-0.38 unzip-5.52 libgpg-error-0.7 p5-PlRPC-0.2018 vim-6.3.85p0-no_x11 libiconv-1.9.2p1 php5-bz2-5.0.4 wget-1.10.2 libltdl-1.5.18 php5-core-5.0.4p0 zip-2.3p0 libxml-2.6.16p5php5-extensions-5.0.4