Re: sftp and scp and chroot
Tobias Ulmer wrote: On Mon, Mar 20, 2006 at 05:35:31PM +0100, Michael Schmidt wrote: I am looking for both sftp and scp configurations where client users are forced into chroot jails from where they cannot escape from and cannot break. Look at scponly. However, do not enable additional stuff, espcially the rsync has gaping holes if my last look into the code was correct. scponly uses a blacklist to prevent bad guys passing dangerous arguments to them, a thing wich obviously doesn't work very well. But it's the best you can get if you need this kind of functionality. Thanks for the feedback and also for other replies I got per direct mail. I don4t have it available right now, but I think I have read somewhere that in case some bad guys have the necessary skills and know what they are doing then scponly chrooted limits can be broken. But I4m not sure about that. After having done a bit more researching I have seen that there is a kit called jailkit, its website is: http://olivier.sessink.nl/jailkit/ Who on this misc mailing list knows jailkit? Which experiences did you make with it? How secure is it? -- Michael Schmidt MIRRORS: DJGPP ftp://ftp.fh-koblenz.de/pub/DJGPP/ Ghostscript ftp://ftp.fh-koblenz.de/pub/Ghostscript/
Re: binutils port
Well, I need this too, if you are trying to compile something like L4 (to use OpenBSD as a development environment for embedded systems that don't use the OpenBSD kernel) you need a separate binutils, for example, to build Kenge (An L4:pistachio development environment) you need the gnu nm and ld utilities which is different from the one supplied by OpenBSD. My taret hardware is a soekris that is not running OpenBSD, I'd like to use OpenBSD and not Linux as my development platform, that's all. geoffw On 3/20/06, Ted Unangst [EMAIL PROTECTED] wrote: On 3/20/06, Niklaus [EMAIL PROTECTED] wrote: 1) I was trying to install binutils2.16 from source and it didn't make it 2) So how do i build binutils 2.16 from source and what is target . Why 3)I wanted to build gcc without propolice gcc-3.4.6. So what is the target 6) I saw from the CVS that binutils 2.15 , someone had added a target obsd . is there a reason why you want all this? is there a problem you are trying to solve?
Re: no internet with cable provider (videotron.ca)
On Tue, 21 Mar 2006, Peter wrote: --- Damian Gerow [EMAIL PROTECTED] wrote: Thus spake Peter ([EMAIL PROTECTED]) [21/03/06 00:56]: : Hi everyone. I am troubleshooting a client (running OpenBSD 3.8) who : cannot connect to a Canadian cable provider (videotron.ca) with : dhclient. dhclient cannot find a dhcp server. Is there anything : special one needs to do besides 'dhclient int'? The connection is : made instantly when win2k box is connected directly to the modem. Was the Win2k box connected first? Many (most?) Canadian cable providers cache the MAC address of the connected machine, and generally speaking, unplugging the cable modem for five minutes should re-set the cached address on their side. Otherwise... logs? I did hear of the caching feature so I unplugged the power but only for about 10 seconds. Five minutes you say? I don't see any logs being generated except for it not being able to find a dhcp server. On one occasion only did I see something to the effect accepted blah length not same as blah length. Like what it received was not the length of what is was supposed to receive. Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com Yes, 5 minutes is the required amount of time to clear the cache on most cable modems I've worked with (Toshiba, 3com, Motorola, Terayon), 10 seconds will not do. Otherwise you could probably copy the MAC address off your win2k box and use that. on win2k box: ipconfig /all get the MAC address on OpenBSD box: # ifconfig fxp0 lladdr 11:22:33:44:55:66 (substituting real MAC and interface name) # pkill dhclient # dhclient fxp0 -Matt-
Re: no internet with cable provider (videotron.ca)
On Tue, 21 Mar 2006, Peter wrote: --- Damian Gerow [EMAIL PROTECTED] wrote: Thus spake Peter ([EMAIL PROTECTED]) [21/03/06 01:46]: : Was the Win2k box connected first? Many (most?) Canadian cable : providers : cache the MAC address of the connected machine, and generally : speaking, : unplugging the cable modem for five minutes should re-set the cached : address : on their side. : : Otherwise... logs? : : I did hear of the caching feature so I unplugged the power but only for : about 10 seconds. Five minutes you say? Yeah, give it five minutes. That /should/ clear it out. (You may want to unplug power as well -- I've heard conflicting reports about that.) : I don't see any logs being generated except for it not being able to : find a dhcp server. On one occasion only did I see something to the : effect accepted blah length not same as blah length. Like what it : received was not the length of what is was supposed to receive. Strange. My guess is the caching -- it really is as simple as running 'dhclient interface'. You could also try calling them up to see if they cache the MAC or not, for how long if they do, and what it takes to flush the cache. Well I unplugged for a good five minutes and still nothing. Indeed, I first heard of this caching from one of their technicians and I was instructed to simply unplug the power cable; he did not specify a timeout. The device is a telephony modem (the users have opted for the videotron trio: cable-telephone, cable-tv, and cable-internet). It is an Arris TM502G. Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com Also Make sure you remove the battery for 5 minutes as well. They come with a backup battery in case the commercial power provider goes down. -Matt-
Re: SCSI disk from an Alpha box, in a Sparc
On Mon, Mar 20, 2006 at 09:31:33PM +, Larry O'Neill (H.S.A.) wrote: Hi. I have a disk from an Alpha server that I need to get data from... The Alpha server no longer boots, and I dont have the time right now to diagnose the problem. So I took the disk and lashed it into a Sun Ultra60, which is also running OpenBSD. My problem is that I cant remember all of the details of the partitioning that the disk had... So in terms of getting access to the data, how do I find out what to put into disklabel for it? Unfortunately due to other complications, I currently dont have fdisk on the machine. (only 2 slots for Ultra2 SCSI Wide, one was root disk, other was /usr. Copied as much stuff onto the root disk that space would alow, so that I could remove the origional /usr disk and put in the one I need the data from. This caused some stuff not to work because not all of it could be copied over) As Theo pointed out, this is rather difficult (though I had no idea it was *that* difficult, honestly). A low-level disk recovery is possible, but extremely painful. I have no idea if such recovery-kits as The Corononer's Toolkit and the Sleuthkit (newer than TCT) work on Alpha disks (they do claim to work on OpenBSD), but if they do, they might be a good bet, changing low-level recovery from 'extremely painful' to something more like 'very painful'. Be aware that they are both meant to gather information from a system after it's been broken into, more than recover a complete filesystem from scratch, which is one of the reasons for the 'very painful'. Notably, they seem to deal mainly in deleted inodes, rather than allocated ones, and I am not at all certain they can even be made to work with allocated nodes. If you can get the Alpha to come up even a bit, you could write a bunch of NULLs and a large tar file directly to disk, which would be much easier to recover (the NULLs are optional, but make it easier to see where the data starts; directly means bypassing the filesystem, which might scatter stuff all over the place). However, I gather that's not an option, and if you can get the Alpha up that far you could probably just nc the whole thing. If the data is not too private, you might want to check if there is a fellow Alpha owner near - that would, by far, be the easiest solution. Of course, you can always try hacking the kernel to read Alpha disks, but that is likely to be far from trivial. Joachim
Re: Recommendations for an OpenBSD-based Backup Solution
On Mon, Mar 20, 2006 at 07:32:22PM -0500, Tim Donahue wrote: On Monday 20 March 2006 18:36, Joachim Schipper wrote: On Mon, Mar 20, 2006 at 10:37:42AM -0800, Donald J. Ankney wrote: I threw together a Perl script that uses tar and external firewire drives. Tar has flags that will let it backup over SMB (for the windows boxes) and one can always do use scp (via certificates) piped through tar for remote linux/BSD boxes. I've been using this solution across several platforms (all servers) for a year now, and it has worked well. Amavisd has a very good algorithm for balancing backups. It is, sadly, otherwise a bit of a pain to get going. That said, it's very solid, and can even print pretty reports. Joachim Which amavisd are you refering to, do you have a link to the website for us? The 2 amavisd's that I could find on google (amavisd and amavisd-new) are both email filtering programs and don't have anything to do with backups for servers (though amavisd-new does run quite happily on backup MX servers). As Rogier pointed out, I meant misc/amanda. Oopsie... better shut up when I've been active for more than, say, 15 hours. Joachim
Re: How to get crash details onto another system?
On Tue, Mar 21, 2006 at 02:47:41AM +0100, viq wrote: On Tuesday 21 March 2006 02:27, Steve Shockley wrote: viq wrote: I'm playing with OpenBSD in a virtual machine (VMWare) on my linux box. The box has two CPUs, so every once in a while I try to set the machine to have two as well - which every singe time ends in a crash after some time. Any hints as to how I could get the trace etc out of it short of typing it all on the 'real' computer? Or is that error unlikely to be a sign of a real problem? I know using GSX for Windows you can save all the serial output to a file (on the host), then set the guest's console to output to serial. Of course that doesn't help you type trace and ps, but maybe there's a way to automate that output. There is an option for the serial line to be connected to a named pipe. Now if I only knew what to do with that information ;) 'mkfifo fifo tee log fifo cat fifo' would be the easiest solution, if the above was not written in jest. Joachim
Re: Recommendations for an OpenBSD-based Backup Solution
On 2006/03/20 18:20, Chris Cappuccio wrote: Check out Box Backup, it has win2k and linux clients Failing that, Karen's Replicator and a Samba server seem to work for windoze clients BackupPC(.sf.net) is another option.
Re: no internet with cable provider (videotron.ca)
On Tue, Mar 21, 2006 at 03:58:41AM -0500, Matthew Closson wrote: Yes, 5 minutes is the required amount of time to clear the cache on most cable modems I've worked with (Toshiba, 3com, Motorola, Terayon), 10 seconds will not do. Otherwise you could probably copy the MAC address off your win2k box and use that. Another option to find out if that caching is really the problem would be to download an OpenBSD live CD and start it on the Windows XP box and see what happens when you run dhclient. http://g.paderni.free.fr/olivebsd/ Bernd
Re: SCSI disk from an Alpha box, in a Sparc
On Tue, 21 Mar 2006 10:44:50 +0100 Joachim Schipper [EMAIL PROTECTED] wrote: On Mon, Mar 20, 2006 at 09:31:33PM +, Larry O'Neill (H.S.A.) wrote: Hi. I have a disk from an Alpha server that I need to get data from... The Alpha server no longer boots, and I dont have the time right now to diagnose the problem. So I took the disk and lashed it into a Sun Ultra60, which is also running OpenBSD. My problem is that I cant remember all of the details of the partitioning that the disk had... So in terms of getting access to the data, how do I find out what to put into disklabel for it? Unfortunately due to other complications, I currently dont have fdisk on the machine. (only 2 slots for Ultra2 SCSI Wide, one was root disk, other was /usr. Copied as much stuff onto the root disk that space would alow, so that I could remove the origional /usr disk and put in the one I need the data from. This caused some stuff not to work because not all of it could be copied over) As Theo pointed out, this is rather difficult (though I had no idea it was *that* difficult, honestly). Just because the label is built just for a particular arch imho you still can use dd and the raw device . ~~ http://www.chatou-informatic.com Maintenance, infogerance, interventions sur site, telemaintenance
Re: Small office with BSD blueprint
On 3/21/06, Smith [EMAIL PROTECTED] wrote: I would even consider doing away with dns and point everyone to the isp dns along with using static ip addresses. To avoid timeouts, I recommend you check out the FAQ [1] first before doing away with (Reverse) DNS. Distributing hosts files to your clients is of course a possibility, but I find DNS easier to setup. The default files in /var/named are pretty much good to go. Cheers, Rogier References: 1. OpenBSD FAQ - Reverse DNS http://www.openbsd.org/faq/faq8.html#RevDNS -- If you don't know where you're going, any road will get you there.
OT: embedded computers with RS485
Hi, anyone knows where i can find embedded computers with RS485 ports on board, where i can run OBSD? thanks in advance, georg
Re: SCSI disk from an Alpha box, in a Sparc
Joachim Schipper [EMAIL PROTECTED] wrote: On Mon, Mar 20, 2006 at 09:31:33PM +, Larry O'Neill (H.S.A.) wrote: Hi. I have a disk from an Alpha server that I need to get data from... The Alpha server no longer boots, and I dont have the time right now to diagnose the problem. So I took the disk and lashed it into a Sun Ultra60, which is also running OpenBSD. My problem is that I cant remember all of the details of the partitioning that the disk had... So in terms of getting access to the data, how do I find out what to put into disklabel for it? Unfortunately due to other complications, I currently dont have fdisk on the machine. (only 2 slots for Ultra2 SCSI Wide, one was root disk, other was /usr. Copied as much stuff onto the root disk that space would alow, so that I could remove the origional /usr disk and put in the one I need the data from. This caused some stuff not to work because not all of it could be copied over) As Theo pointed out, this is rather difficult (though I had no idea it was *that* difficult, honestly). A low-level disk recovery is possible, but extremely painful. I have no idea if such recovery-kits as The Corononer's Toolkit and the Sleuthkit (newer than TCT) work on Alpha disks (they do claim to work on OpenBSD), but if they do, they might be a good bet, changing low-level recovery from 'extremely painful' to something more like 'very painful'. Be aware that they are both meant to gather information from a system after it's been broken into, more than recover a complete filesystem from scratch, which is one of the reasons for the 'very painful'. Notably, they seem to deal mainly in deleted inodes, rather than allocated ones, and I am not at all certain they can even be made to work with allocated nodes. If you can get the Alpha to come up even a bit, you could write a bunch of NULLs and a large tar file directly to disk, which would be much easier to recover (the NULLs are optional, but make it easier to see where the data starts; directly means bypassing the filesystem, which might scatter stuff all over the place). However, I gather that's not an option, and if you can get the Alpha up that far you could probably just nc the whole thing. If the data is not too private, you might want to check if there is a fellow Alpha owner near - that would, by far, be the easiest solution. Of course, you can always try hacking the kernel to read Alpha disks, but that is likely to be far from trivial. The big task is really endianess, look at NetBSD's 'option FFS_EI'. The easiest solution should be just slapping the drive into a stray i386 box. martin
Re: SCSI disk from an Alpha box, in a Sparc
Hi, Thanks for your replies. I have started a dd from the disk to a volume mounted over nfs from an i386 box. My hope is that from there I will eventually be able to sort out getting the data from it. Right now I need to return the disk itself and the Alpha it came in back to where it came from. Another approach I had been considering was booting the alpha from an openbsd install disk for Alpha (if such a thing exists - I didnt install the Alpha), mounting the hard drive from there, and getting the data from it that way... assuming the machine can actually boot from the cdrom. The OpenBSD CDs I have have i386, amd, sparc, etc... but not alpha... Is there a place I can get a CD that has complete install components for Alpha??? Larry On Tue, 21 Mar 2006, Martin Reindl wrote: Joachim Schipper [EMAIL PROTECTED] wrote: On Mon, Mar 20, 2006 at 09:31:33PM +, Larry O'Neill (H.S.A.) wrote: Hi. I have a disk from an Alpha server that I need to get data from... The Alpha server no longer boots, and I dont have the time right now to diagnose the problem. So I took the disk and lashed it into a Sun Ultra60, which is also running OpenBSD. My problem is that I cant remember all of the details of the partitioning that the disk had... So in terms of getting access to the data, how do I find out what to put into disklabel for it? Unfortunately due to other complications, I currently dont have fdisk on the machine. (only 2 slots for Ultra2 SCSI Wide, one was root disk, other was /usr. Copied as much stuff onto the root disk that space would alow, so that I could remove the origional /usr disk and put in the one I need the data from. This caused some stuff not to work because not all of it could be copied over) As Theo pointed out, this is rather difficult (though I had no idea it was *that* difficult, honestly). A low-level disk recovery is possible, but extremely painful. I have no idea if such recovery-kits as The Corononer's Toolkit and the Sleuthkit (newer than TCT) work on Alpha disks (they do claim to work on OpenBSD), but if they do, they might be a good bet, changing low-level recovery from 'extremely painful' to something more like 'very painful'. Be aware that they are both meant to gather information from a system after it's been broken into, more than recover a complete filesystem from scratch, which is one of the reasons for the 'very painful'. Notably, they seem to deal mainly in deleted inodes, rather than allocated ones, and I am not at all certain they can even be made to work with allocated nodes. If you can get the Alpha to come up even a bit, you could write a bunch of NULLs and a large tar file directly to disk, which would be much easier to recover (the NULLs are optional, but make it easier to see where the data starts; directly means bypassing the filesystem, which might scatter stuff all over the place). However, I gather that's not an option, and if you can get the Alpha up that far you could probably just nc the whole thing. If the data is not too private, you might want to check if there is a fellow Alpha owner near - that would, by far, be the easiest solution. Of course, you can always try hacking the kernel to read Alpha disks, but that is likely to be far from trivial. The big task is really endianess, look at NetBSD's 'option FFS_EI'. The easiest solution should be just slapping the drive into a stray i386 box. martin
Site indexing application
Hello misc, I must install a search facility for my site. Do you know what is the most appropriate (Harvest, ht://Dig, Nutch?). I've used Nutch (from Apache.org) before on my old Slackware 10.1 machine and I didn't like it very much (a lot of things to be done by hand). I'm asking that because I know the chroot(2) facility that Apache has on OpenBSD can cause a lot of trouble. George Popa
Re: How to get crash details onto another system?
On Tue, Mar 21, 2006 at 11:15:21AM +0100, viq wrote: On Tuesday 21 March 2006 11:02, Joachim Schipper wrote: On Tue, Mar 21, 2006 at 02:47:41AM +0100, viq wrote: On Tuesday 21 March 2006 02:27, Steve Shockley wrote: viq wrote: I'm playing with OpenBSD in a virtual machine (VMWare) on my linux box. The box has two CPUs, so every once in a while I try to set the machine to have two as well - which every singe time ends in a crash after some time. Any hints as to how I could get the trace etc out of it short of typing it all on the 'real' computer? Or is that error unlikely to be a sign of a real problem? I know using GSX for Windows you can save all the serial output to a file (on the host), then set the guest's console to output to serial. Of course that doesn't help you type trace and ps, but maybe there's a way to automate that output. There is an option for the serial line to be connected to a named pipe. Now if I only knew what to do with that information ;) 'mkfifo fifo tee log fifo cat fifo' would be the easiest solution, if the above was not written in jest. No, I really don't know yet what to do with serial lines. Yes, I have a lot to learn, I know ;) So all suggestions are welcome, thank you. I don't know much about serial lines, either, but the above will work for filesystem-based pipes, which are mightily useful. Joachim
Re: flash plugin mozilla-firefox
On Tue, 2006-03-21 at 12:15 -0300, JoC#o Salvatti wrote: Hi all, I'd like to know where to put the flash plugin in order to have flash animations being run under Mozilla-Firefox. Thanks -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://salvatti.expert.com.br e-mail: [EMAIL PROTECTED] I don't know off hand, but have you tried: /usr/local/lib/mozilla-firefox/plugins also see: http://openbsd.org/faq/faq13.html#javaflash
Re: Site indexing application
Le Tue, Mar 21, 2006 at 02:03:27PM +0200, Gabriel George POPA ecrivait : I must install a search facility for my site. Have a look at Hyper Estraier : http://hyperestraier.sourceforge.net/ It works amazingly well. -- Frank Denis - frank [at] nailbox.fr Young Nails / Akzentz nail tech http://www.manucure.info
Re: binutils port
Subcommander l0r3zz [EMAIL PROTECTED] wrote: Well, I need this too, if you are trying to compile something like L4 (to use OpenBSD as a development environment for embedded systems that don't use the OpenBSD kernel) you need a separate binutils, for example, to build Kenge (An L4:pistachio development environment) you need the gnu nm and ld utilities which is different from the one supplied by OpenBSD. My taret hardware is a soekris that is not running OpenBSD, I'd like to use OpenBSD and not Linux as my development platform, that's all. geoffw On 3/20/06, Ted Unangst [EMAIL PROTECTED] wrote: On 3/20/06, Niklaus [EMAIL PROTECTED] wrote: 1) I was trying to install binutils2.16 from source and it didn't make it 2) So how do i build binutils 2.16 from source and what is target . Why 3)I wanted to build gcc without propolice gcc-3.4.6. So what is the target 6) I saw from the CVS that binutils 2.15 , someone had added a target obsd . is there a reason why you want all this? is there a problem you are trying to solve? Look at ports/devel/avr which already has cross-developments tools, although for AVR-microcontrollers.
Re: embedded computers with RS485
anyone knows where i can find embedded computers with RS485 ports on board, where i can run OBSD? PC/104 CPU boards quite commonly have at least one serial port switchable from RS-232 to RS-485. Try Googling for +CPU +RS485 +PC104, and you should find plenty. Steve http://www.fivetrees.com
Re: sftp and scp and chroot
Alexey E. Suslikov wrote: Michael Schmidt wrote: http://olivier.sessink.nl/jailkit/ Who on this misc mailing list knows jailkit? Which experiences did you make with it? How secure is it? there is better alternative w/o need to breaking ssh down: Why may ssh be broken down when jailkit is used? -- Michael Schmidt MIRRORS: DJGPP ftp://ftp.fh-koblenz.de/pub/DJGPP/ Ghostscript ftp://ftp.fh-koblenz.de/pub/Ghostscript/
Re: ipsec.conf manpage
Hi, On Tue, Mar 21, 2006 at 07:27:45PM +1100, Rod Whitworth wrote: Total mention in the manpage: srcid fqdn This optional parameter defines a FQDN that will be used by isakmpd(8) as the identity of the local peer. dstid fqdn Similar to srcid, this optional parameter defines a FQDN to be used by the remote peer. Now, how do I use that? ike esp from 10.1.1.0/24 to 10.1.2.0/24 peer 192.168.3.2 \ srcid my.fqdn.com dstid his.fqdn.com
Re: Site indexing application
mnoGoSearch: http://www.mnogosearch.org/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Gabriel George POPA Sent: Tuesday, March 21, 2006 7:03 AM To: misc@openbsd.org Subject: Site indexing application Hello misc, I must install a search facility for my site. Do you know what is the most appropriate (Harvest, ht://Dig, Nutch?). I've used Nutch (from Apache.org) before on my old Slackware 10.1 machine and I didn't like it very much (a lot of things to be done by hand). I'm asking that because I know the chroot(2) facility that Apache has on OpenBSD can cause a lot of trouble. George Popa
sftp and scp and chroot
Michael Schmidt wrote: After having done a bit more researching I have seen that there is a kit called jailkit, its website is: http://olivier.sessink.nl/jailkit/ Who on this misc mailing list knows jailkit? Which experiences did you make with it? How secure is it? search in archives for answer why ssh is not chroot aware. there is better alternative w/o need to breaking ssh down: http://www.monkey.org/~jose/software/stsh/
flash plugin mozilla-firefox
Hi all, I'd like to know where to put the flash plugin in order to have flash animations being run under Mozilla-Firefox. Thanks -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://salvatti.expert.com.br e-mail: [EMAIL PROTECTED]
Re: Small office with BSD blueprint
Will H. Backman wrote: Looking for feedback on a basic blueprint for a small office using BSD. Situation: Small office with maybe five workstations. Question: What would an all BSD setup look like? Solution that comes to mind: * Single server for DNS, DHCP, LPD, SMTP, IMAP, and home directories. * Full install with whatever desktop environment is chosen. * automount home directories. * Instead of NIS, maybe cron job to rsyc files like /etc/passwd, /etc/hosts, /etc/printcap from central server. Does anyone out there have a similar setup? -- Will Backman - Network Administrator Coastal Enterprises, Inc. http://www.ceimaine.org I still don't know if there is much of a consensus. There is one document (http://www.openbsdsupport.org/sharedhomes.html) that is a little old, but I think it describes the traditional Unix way of doing things. I think someone with only a little Unix experience could follow that document. Combined with a network-ready printer, mail/DNS services provided by their ISP, and an inexpensive router, one could have a simple and workable solution. It should be possible to set up a simple environment without hiring a Unix/Network engineer. I'd like to thank everyone for their comments and suggestions.
Re: flash plugin mozilla-firefox
Hello! On Tue, Mar 21, 2006 at 10:29:50AM -0500, Roy Morris wrote: Try this http://www.openbsd.org/faq/faq13.html#javaflash Nowadays, the recommendation to fetch a flashplugin and install it by hand is outdated. There's /usr/ports/www/opera/opera-flashplugin. Kind regards, Hannah.
Re: flash plugin mozilla-firefox
Hannah Schroeter wrote: Hello! On Tue, Mar 21, 2006 at 10:29:50AM -0500, Roy Morris wrote: Try this http://www.openbsd.org/faq/faq13.html#javaflash Nowadays, the recommendation to fetch a flashplugin and install it by hand is outdated. There's /usr/ports/www/opera/opera-flashplugin. Kind regards, Hannah. Is that i386 only?
Re: flash plugin mozilla-firefox
Hello! On Tue, Mar 21, 2006 at 10:42:31AM -0500, Will H. Backman wrote: Hannah Schroeter wrote: On Tue, Mar 21, 2006 at 10:29:50AM -0500, Roy Morris wrote: Try this http://www.openbsd.org/faq/faq13.html#javaflash Nowadays, the recommendation to fetch a flashplugin and install it by hand is outdated. There's /usr/ports/www/opera/opera-flashplugin. Is that i386 only? Just look yourself *sigh*. ONLY_FOR_ARCHS= i386 in the ports makefile tells enough, doesn't it? Kind regards, Hannah.
Re: flash plugin mozilla-firefox
Try this http://www.openbsd.org/faq/faq13.html#javaflash -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joco Salvatti Sent: Tuesday, March 21, 2006 10:15 AM To: Misc OpenBSD Subject: flash plugin mozilla-firefox Hi all, I'd like to know where to put the flash plugin in order to have flash animations being run under Mozilla-Firefox. Thanks -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://salvatti.expert.com.br e-mail: [EMAIL PROTECTED]
Re: Site indexing application
On Tue, 21 Mar 2006, Gabriel George POPA wrote: Hello misc, I must install a search facility for my site. Do you know what is the most appropriate (Harvest, ht://Dig, Nutch?). I've used Nutch (from Apache.org) before on my old Slackware 10.1 machine and I didn't like it very much (a lot of things to be done by hand). I'm asking that because I know the chroot(2) facility that Apache has on OpenBSD can cause a lot of trouble. George Popa I installed dpsearch from http://www.dataparksearch.org. You can see it in action on http://www.wykids.org. It isn't any trouble at all to get working in the chroot. My config file was: ./configure \ --prefix=/dpsearch \ --with-pgsql \ --with-openssl \ --with-zlib \ --without-docs \ --without-aspell \ --enable-all-static This will install everything into /dpsearch, you can then make a /var/www/dpsearch and copy everything across. Documentation isn't up to OpenBSD standards, but that's a pretty high bar ;-) Still, I was able to get it running with minimum fuss. I've been contemplating making a port, but haven't yet looked into what all is involved. Hope that helps! Jeff
Re: flash plugin mozilla-firefox
Hannah Schroeter wrote: Hello! On Tue, Mar 21, 2006 at 10:42:31AM -0500, Will H. Backman wrote: Hannah Schroeter wrote: On Tue, Mar 21, 2006 at 10:29:50AM -0500, Roy Morris wrote: Try this http://www.openbsd.org/faq/faq13.html#javaflash Nowadays, the recommendation to fetch a flashplugin and install it by hand is outdated. There's /usr/ports/www/opera/opera-flashplugin. Is that i386 only? Just look yourself *sigh*. ONLY_FOR_ARCHS= i386 in the ports makefile tells enough, doesn't it? Kind regards, Hannah. I actually new the answer already. It was more of a dig against flash and proprietary software for an OS that is ported to so many architectures.
Re: sftp and scp and chroot
there is better alternative w/o need to breaking ssh down: An alternative to jailkit is chrsh http://www.adg.us/computers/chrsh.html it also does not require changing any code in ssh, it is a chroot jail wrapper, invoked by setting user's shell to the wrapper. (warning - warning - if you include any setuid application like ping in the jail, the user can obtain root priviledges) (think carefully before trying to chroot an ssh/sftp/scp login) Ben Goren did an unofficial port that seems to not have been updated recently so it may not make with recent versions of OpenBSD without modification, we posted notes on misc about thatthis year. Ben's site: http://www.trumpetpower.com/pub/OpenBSD_ports/chrsh-1.0b2.tgz (i'd say google the notes, but for some reason I checked and google was not finding recent misc postings very well for chrsh, so I searched the MARC misc archives ...) recent postings to misc about chrsh http://marc.theaimsgroup.com/?l=openbsd-miscm=113570342808678w=2 http://marc.theaimsgroup.com/?l=openbsd-miscm=113570856221149w=2 http://marc.theaimsgroup.com/?l=openbsd-miscm=113934124611066w=2
Re: flash plugin mozilla-firefox
Hannah Schroeter [2006-03-21, 16:35:50]: Hello! On Tue, Mar 21, 2006 at 10:29:50AM -0500, Roy Morris wrote: Try this http://www.openbsd.org/faq/faq13.html#javaflash Nowadays, the recommendation to fetch a flashplugin and install it by hand is outdated. There's /usr/ports/www/opera/opera-flashplugin. yes, the FAQ follows -stable, and will be updated when 3.9 is released. the opera-flashplugin port does not exist on 3.8. steven Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
Re: Can I disable AAAA queries in the resolver?
On Sat, Mar 18, 2006 at 08:56:00AM +, Rodolfo Gouveia wrote: Above we see 10 seconds delay but with Firefox it takes __hours__ to do something useful. Is there any posibility to disable those `' queries via resolv.conf(5) or $RES_OPTIONS variable? If that's the main problem, disable ipv6 support on firefox: in the address bar enter about:config and change network.dns.disableipv6 to true. Ok, maybe firefox is running better but anything else is very, very slowly. Anyway thanks in advice. $ time lynx -source http://www.google.com /dev/null 2m31.37s real 0m0.02s user 0m0.00s system -- best regards q#
Re: flash plugin mozilla-firefox
As far as I know, that isn't possible. Maybe if you use Mozilla Firefox under Linux emulation (which I have tried, but failed). Since Flash Player is a Linux binary, you must use it with another Linux binary. That's why you should use Opera. Greetings On 3/21/06, Roy Morris [EMAIL PROTECTED] wrote: Try this http://www.openbsd.org/faq/faq13.html#javaflash -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joco Salvatti Sent: Tuesday, March 21, 2006 10:15 AM To: Misc OpenBSD Subject: flash plugin mozilla-firefox Hi all, I'd like to know where to put the flash plugin in order to have flash animations being run under Mozilla-Firefox. Thanks -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://salvatti.expert.com.br e-mail: [EMAIL PROTECTED]
Re: SCSI disk from an Alpha box, in a Sparc
Larry O'Neill (H.S.A.) [EMAIL PROTECTED] wrote: Hi, Thanks for your replies. I have started a dd from the disk to a volume mounted over nfs from an i386 box. My hope is that from there I will eventually be able to sort out getting the data from it. Right now I need to return the disk itself and the Alpha it came in back to where it came from. Another approach I had been considering was booting the alpha from an openbsd install disk for Alpha (if such a thing exists - I didnt install the Alpha), mounting the hard drive from there, and getting the data from it that way... assuming the machine can actually boot from the cdrom. The OpenBSD CDs I have have i386, amd, sparc, etc... but not alpha... Is there a place I can get a CD that has complete install components for Alpha??? See bottom of www.openbsd.org/alpha.html. Larry On Tue, 21 Mar 2006, Martin Reindl wrote: Joachim Schipper [EMAIL PROTECTED] wrote: On Mon, Mar 20, 2006 at 09:31:33PM +, Larry O'Neill (H.S.A.) wrote: Hi. I have a disk from an Alpha server that I need to get data from... The Alpha server no longer boots, and I dont have the time right now to diagnose the problem. So I took the disk and lashed it into a Sun Ultra60, which is also running OpenBSD. My problem is that I cant remember all of the details of the partitioning that the disk had... So in terms of getting access to the data, how do I find out what to put into disklabel for it? Unfortunately due to other complications, I currently dont have fdisk on the machine. (only 2 slots for Ultra2 SCSI Wide, one was root disk, other was /usr. Copied as much stuff onto the root disk that space would alow, so that I could remove the origional /usr disk and put in the one I need the data from. This caused some stuff not to work because not all of it could be copied over) As Theo pointed out, this is rather difficult (though I had no idea it was *that* difficult, honestly). A low-level disk recovery is possible, but extremely painful. I have no idea if such recovery-kits as The Corononer's Toolkit and the Sleuthkit (newer than TCT) work on Alpha disks (they do claim to work on OpenBSD), but if they do, they might be a good bet, changing low-level recovery from 'extremely painful' to something more like 'very painful'. Be aware that they are both meant to gather information from a system after it's been broken into, more than recover a complete filesystem from scratch, which is one of the reasons for the 'very painful'. Notably, they seem to deal mainly in deleted inodes, rather than allocated ones, and I am not at all certain they can even be made to work with allocated nodes. If you can get the Alpha to come up even a bit, you could write a bunch of NULLs and a large tar file directly to disk, which would be much easier to recover (the NULLs are optional, but make it easier to see where the data starts; directly means bypassing the filesystem, which might scatter stuff all over the place). However, I gather that's not an option, and if you can get the Alpha up that far you could probably just nc the whole thing. If the data is not too private, you might want to check if there is a fellow Alpha owner near - that would, by far, be the easiest solution. Of course, you can always try hacking the kernel to read Alpha disks, but that is likely to be far from trivial. The big task is really endianess, look at NetBSD's 'option FFS_EI'. The easiest solution should be just slapping the drive into a stray i386 box. martin
Short apache v microsoft paper
Sharing a performance-oriented paper comparing our httpd vs Microsoft's iis6. I did this a bit ago but never bothered sharing it. I'm sure someone will find it of use. http://www.mcminndigital.com/paper/apacheviis.php -K
Re: Recommendations for an OpenBSD-based Backup Solution
At 12:53 AM 3/21/2006 -0500, Peter wrote: I am using rsync. It also works well. I wrote small scripts (windows side) for users to back up at their discretion. Quick question - I have tried Cygwin rsync on more than one occasion for such an application, .. and it refuses to talk to the OBSD version. Which version(s) you were using? Lee
ARP errors with IP less interfaces and many CARP interfaces.
Hi misc We have a firewall pair (A1 and B1) that is connected to the Internet by talking to two Cisco routers that uses HSRP (A2 and B2). A small /28 network connect it all together. A1 and B1 has a gw to the HSRP address on the Cisco routers (A2 and B2). So my end is CARP and the other end (my outgoing gateway) is Cisco HSRP... This is the overview config for the BSD firewall pair: OpenBSD 3.8-STABLE (from late mars). All NIC:s are dual Intel server NIC:s (em). GW in both servers are 1. The outside switch is a brand new HP procurve gig switch. A1 - No external IP B1 - No external IP external carp0 - IP 2 external carp1 - IP 3 external carp 26 - IP 7 external carp 27 - IP 9 external carp 28 - IP 13 external carp 29 - IP 14 The carp master/backup failover works ok. This is the config I know for the cisco router pair: A2 - IP 5 B2 - IP 6 HSRP IP - 1 All our public IP ranges are routed from the cisco switches to carp IP 2 and 3 on the BSD firewalls. Two times I have seen the following. I couple of hundreds of these show up. And then then it took 4 hours and a new storm of these in the messages log... Mar 21 10:42:15 A1 /bsd: arp: attempt to add entry for x.x.x.x.5 on carp0 by 00:0a:8a:45:ed:00 on carp29 Mar 21 10:42:15 A1 /bsd: arp: attempt to add entry for x.x.x.x.5 on carp0 by 00:0a:8a:45:ed:00 on carp28 Mar 21 10:42:15 A1 /bsd: arp: attempt to add entry for x.x.x.x.5 on carp0 by 00:0a:8a:45:ed:00 on carp27 Mar 21 10:42:15 A1 /bsd: arp: attempt to add entry for x.x.x.x.5 on carp0 by 00:0a:8a:45:ed:00 on carp26 Mar 21 10:42:15 A1 /bsd: arp: attempt to add entry for x.x.x.x.5 on carp0 by 00:0a:8a:45:ed:00 on carp1 Mar 21 10:42:17 A1 /bsd: arp: attempt to add entry for x.x.x.x.6 on carp0 by 00:0a:b7:24:b3:00 on carp29 Mar 21 10:42:17 A1 /bsd: arp: attempt to add entry for x.x.x.x.6 on carp0 by 00:0a:b7:24:b3:00 on carp28 Mar 21 10:42:17 A1 /bsd: arp: attempt to add entry for x.x.x.x.6 on carp0 by 00:0a:b7:24:b3:00 on carp27 Mar 21 10:42:17 A1 /bsd: arp: attempt to add entry for x.x.x.x.6 on carp0 by 00:0a:b7:24:b3:00 on carp26 Mar 21 10:42:17 A1 /bsd: arp: attempt to add entry for x.x.x.x.6 on carp0 by 00:0a:b7:24:b3:00 on carp1 Mar 21 10:43:15 A1 /bsd: arp: attempt to add entry for x.x.x.x.5 on carp0 by 00:0a:8a:45:ed:00 on carp29 Mar 21 10:43:15 A1 /bsd: arp: attempt to add entry for x.x.x.x.5 on carp0 by 00:0a:8a:45:ed:00 on carp28 Mar 21 10:43:15 A1 /bsd: arp: attempt to add entry for x.x.x.x.5 on carp0 by 00:0a:8a:45:ed:00 on carp27 Mar 21 10:43:15 A1 /bsd: arp: attempt to add entry for x.x.x.x.5 on carp0 by 00:0a:8a:45:ed:00 on carp26 And when the above happens all traffic to the internet stops for a while. But before, between and after these four hour storms everything worked perfect I have double checked overlapping networks - no errors... I have checked CVS for possible fixes of carp and em - nothing found... I have double checked my carp configs that I have done many of before - nothing found... Do I for any reason have to add IP:s to the A1 and B1 OpenBSD firewalls and avoid using just the carp addresses? These BSD servers replace two Linux machines with iptables and VRRP. The old setup did not have these issues. But Linux with VRRP inherited the physical MAC which is not true for the carp interfaces... We probably have to revert to Linux (no no no no arrgghhh) if we don't find this problem fast. This as we cannot have problems like this with 70 Mbit throughput and 25000 sessions Any clues? Cisco or OpenBSD errors? Or maybe brain damage of the configurator ;-) Thanks in advance Per-Olov -- GPG keyID: 4DB283CE GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE
Re: Recommendations for an OpenBSD-based Backup Solution
At 05:22 PM 3/21/2006 +, Stuart Henderson wrote: If you didn't already, try running rsync as a *server* on the Windows side (if you want SSH, forward the ports). There's a cygwin bug that bites rsync in some circumstances (when network buffers fill, iirc). I thought the Cygwin DLLs were rquired to run rsync on Windows, .. Which version were you running successfully? Thanks! Lee
IDS solution
Hi folks, I've been looking for a consolidated IDS solution that I can deploy in my network. Snort is really a good option but currently it seems that they are charging for updates, it that true? I'd like to find out a free of charge Linux, or BSD, solution that can works as good as snort works and, rather with some successful deployment cases. Any ideas? Thanks in advance, Hutger.
Re: Dell Precision M70 experiences
Steve Shockley wrote: It just so happens I got one to toy with here for a little bit. I threw on the last 3.9-beta snapshot (Generic #617), I'll get a dmesg off of it this weekend. Didn't recognize wireless, I think it was some kind of Broadcom. Saw Ethernet as bge. I was able to start X but it came up in 640x480, I ran xorgconfig and reset the resolution for 1920x1440, and the video came up with borders on the left and right of the screen. I rebooted, and video was back to 640x480. I've been spoiled by OpenBSD just working on laptops recently, so I'll have to give myself a refresher on X configs to figure it out. I had the same problem with the borders because I couldn't set the resolution higher than 1600x1200 (my maximum screen resolution is 1920x1200...) After looking at the laptop page on OpenBSD, someone who had a similar laptop with resolution issues put the following Modeline in their xorg.conf: Modeline 1920x1200 162 1920 1984 2176 2480 1200 1201 1204 1250 +hsync +vsync Using this and editing my org.conf to setup 1920x1200, it just works. I don't know if this is the correct setting, but the borders are gone, so I am happy with this. I have no idea what that line means, other than the 1920x1200 portion, but it works, so I don't like to question it... After reading the FAQ (http://www.openbsd.org/faq/faq11.html), it sounds like a pain in the ass to get the configuration just right. The FAQ gives a couple of suggestions on how to fix your resolution, you might want to check them out. As for the wireless, I went big. I got the integrated bluetooth/wireless Intel 2200ABG. With the iwi-firmware drivers, it works like a champ. Better even than those supported ath cards that are supposed to work. If wireless is the way you want to go, you may want to have an accident happen to the wireless and then call Dell and see if you can't get an Intel replacement... Bryan
Re: IDS solution
Hutger H. wrote: Hi folks, I've been looking for a consolidated IDS solution that I can deploy in my network. Snort is really a good option but currently it seems that they are charging for updates, it that true? I'd like to find out a free of charge Linux, or BSD, solution that can works as good as snort works and, rather with some successful deployment cases. I just visited the Snort website, and I didn't have any trouble getting the source for it... http://www.snort.org/dl/ Isn't snort also included in ports and packages??? Bryan
Re: Recommendations for an OpenBSD-based Backup Solution
Stuart Henderson wrote: On 2006/03/20 18:20, Chris Cappuccio wrote: Check out Box Backup, it has win2k and linux clients Failing that, Karen's Replicator and a Samba server seem to work for windoze clients BackupPC(.sf.net) is another option. I'm working on a BackupPC port. Actually, the port only lacks a README.OpenBSD to get people going. I'll polish the port at the weekand and then I'll post it to [EMAIL PROTECTED]
Re: IDS solution
On 3/21/06, Hutger H. [EMAIL PROTECTED] wrote: Hi folks, I've been looking for a consolidated IDS solution that I can deploy in my network. Snort is really a good option but currently it seems that they are charging for updates, it that true? I'd like to find out a free of charge Linux, or BSD, solution that can works as good as snort works and, rather with some successful deployment cases. Any ideas? Well as far as charging for updates goes, that's only for rulesets I believe. Basically, the rules that you get with the snort tar ball are all you get, if you want updates to them you gotta pay. But later versions of snort are free, so upgrading from 2.4.3 to 2.4.4 is free, just not the extra snort rules. And even then, only the SourceFire VRT Certified Rules cost money (for subscriptions and redistribution rights I believe), a community driven rule group is still free, however they don't Guarentee the rules. If I were you, I'd stick with snort, you'll be hard pressed to find a free NIDS that is as robust, and I speak from experience, as I've setup some pretty damn large and complex snort deployments for my work in the past. Jason
Re: Recommendations for an OpenBSD-based Backup Solution
If you didn't already, try running rsync as a *server* on the Windows side (if you want SSH, forward the ports). There's a cygwin bug that bites rsync in some circumstances (when network buffers fill, iirc). rather than setting a standalone rsyn server listening to a port, you can try a minamilist approach have rsync installed w/ cygwin on windows, use ssh to run rsync on openbsd box, I know it works with openbsd 3.8 port of rsync. In your bat file on windoze you can use the -e option of rsync to call ssh, and the -i option of ssh to select the identity key NOTE the key has to be owned by the cygwin user and not group or other, for ssh security reasons, that is the typical gotcha. (its not uncommon on windows for the login name to actually be something different like default in the passwd file on windows cygwin) then you can use zip, dump or tar or other to backup the mirror or rather rsync file system. maybe doing a full backup weekly or monthly and using find to backup file changed daily... some notes here also: http://optics.ph.unimelb.edu.au/help/rsync/rsync_pc1.html
Ftp problems
Hello Misc!
I have a problem about ftp connections.
I made a server behind a firewall and i read the pf docs about the
configuration.
My external pf conf file looks like that:
ext_if=dc0
int_if=dc1
ftp_server=10.5.5.3
nat on $ext_if from $int_if:network to any - ($ext_if)
rdr on dc0 proto tcp from any to any port 80 - 10.5.5.3
rdr on dc0 proto {udp,tcp} from any to any port 143 - 10.5.5.3
rdr on dc0 proto {udp,tcp} from any to any port 993 - 10.5.5.3
rdr on dc0 proto tcp from any to any port 25 - 10.5.5.3
rdr on dc0 proto tcp from any to any port 5432 - 10.5.5.3
rdr on dc0 proto tcp from any to any port 8821 - 10.5.5.1
rdr on dc0 proto tcp from any to any port 61 - 10.5.5.4
rdr on dc0 proto tcp from any to any port 2819 - 10.5.5.4 port 2818
rdr on dc0 proto tcp from any to any port 2820 - 10.5.5.3 port 2818
rdr on dc0 proto tcp from any to any port 21 - $ftp_server port 21
rdr on $ext_if proto tcp from any to any port 49152:65535 - $ftp_server
port 49152:65535
pass in quick on $ext_if proto tcp from any to $ftp_server port 21 keep
state
pass in quick on $ext_if proto tcp from any to $ftp_server port 49152
keep state
pass out quick on $ext_if proto tcp from any to $ftp_server port 49152
keep state
pass out quick on $int_if proto tcp from any to $ftp_server port 21 keep
state
I can connect to the server from my router but can't from the other
machines behind the router. I tried behind my neighbour's wireless
router to it did the same. My ftp client message was:
Data connection timed out.
Falling back to PORT instead of PASV mode.
List failed.
I think it means that the client connected the server but it couldn't
list the directory.
I can connect and list directories other ftp servers from anywhere.
Are there any other server side (pf side) configurations?
Thanks a lot for your help and sorry for that stupid question.
--
--
ANDRAS PAL D i g i t a l Influence
E-mail: [EMAIL PROTECTED] Hungary
Web:http://www.digitalinfluence.hu/*Szoftver fejlesztis*/
http://www.fpower.hu /*Unix-like rendszerek*/
http://www.ifce.hu/*Szammtsgip alkatriszek*/
Re: IDS solution
hi, On Tue, Mar 21, 2006 at 02:50:35PM -0300, Hutger H. wrote: I've been looking for a consolidated IDS solution that I can deploy in my network. Snort is really a good option but currently it seems that they are charging for updates, it that true? I'd like to find out a free of charge Linux, or BSD, solution that can works as good as snort works and, rather with some successful deployment cases. an alternative approach to snort is bro, which uses a bsd-style license. http://www.bsd-ids.org/ the c++ code is a bit ugly, but the system is very powerful, supports snort rules and is also supported by most of the hybrid IDS frameworks (like prelude-ids). bro claims that their own context-based rule language is even more powerful than the snort stuff. reyk -- /* .vantronix|secure systems - (research development) * reyk floeter - friendly known free software engineer * [EMAIL PROTECTED] - http://team.vantronix.net/reyk/ */
Ftp problem
Hello Misc!
I have a problem about ftp connections.
I made a server behind a firewall and i read the pf docs about the
configuration.
My external pf conf file looks like that:
ext_if=dc0
int_if=dc1
ftp_server=10.5.5.3
nat on $ext_if from $int_if:network to any - ($ext_if)
rdr on dc0 proto tcp from any to any port 80 - 10.5.5.3
rdr on dc0 proto {udp,tcp} from any to any port 143 - 10.5.5.3
rdr on dc0 proto {udp,tcp} from any to any port 993 - 10.5.5.3
rdr on dc0 proto tcp from any to any port 25 - 10.5.5.3
rdr on dc0 proto tcp from any to any port 5432 - 10.5.5.3
rdr on dc0 proto tcp from any to any port 8821 - 10.5.5.1
rdr on dc0 proto tcp from any to any port 61 - 10.5.5.4
rdr on dc0 proto tcp from any to any port 2819 - 10.5.5.4 port 2818
rdr on dc0 proto tcp from any to any port 2820 - 10.5.5.3 port 2818
rdr on dc0 proto tcp from any to any port 21 - $ftp_server port 21
rdr on $ext_if proto tcp from any to any port 49152:65535 - $ftp_server
port 49152:65535
pass in quick on $ext_if proto tcp from any to $ftp_server port 21 keep
state
pass in quick on $ext_if proto tcp from any to $ftp_server port 49152
keep state
pass out quick on $ext_if proto tcp from any to $ftp_server port 49152
keep state
pass out quick on $int_if proto tcp from any to $ftp_server port 21 keep
state
I can connect to the server from my router but can't from the other
machines behind the router. I tried behind my neighbour's wireless
router to it did the same. My ftp client message was:
Data connection timed out.
Falling back to PORT instead of PASV mode.
List failed.
I think it means that the client connected the server but it couldn't
list the directory.
I can connect and list directories other ftp servers from anywhere.
Are there any other server side (pf side) configurations?
Thanks a lot for your help and sorry for that stupid question.
--
--
ANDRAS PAL D i g i t a l Influence
E-mail: [EMAIL PROTECTED] Hungary
Web:http://www.digitalinfluence.hu
http://www.fpower.hu
http://www.ifce.hu
ADSL with pppoa (over ATM)
Hi, I read the faq searching for info about pppoa (http://www.openbsd.org/faq/faq6.html) : The main software interface to PPPoE/PPPoA on OpenBSD is pppoe(8), which is a userland implementation (in much the same way that we described ppp(8), above) but I can't figure out how to configure it for a ppp over ATM connection. Anyone can help? I don't want to have a double NAT, one from the adsl modem and one from the OpenBSD gateway... thanks
Re: ADSL with pppoa (over ATM)
Luca Losio wrote: Hi, I read the faq searching for info about pppoa (http://www.openbsd.org/faq/faq6.html) : The main software interface to PPPoE/PPPoA on OpenBSD is pppoe(8), which is a userland implementation (in much the same way that we described ppp(8), above) but I can't figure out how to configure it for a ppp over ATM connection. Anyone can help? I don't want to have a double NAT, one from the adsl modem and one from the OpenBSD gateway... First, what kind of ADSL modem do you have? thanks -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: ADSL with pppoa (over ATM)
D-link 300T that now it's doing NAT and working with a DHCP server for the internal network
Re: Recommendations for an OpenBSD-based Backup Solution
--- L. V. Lammert [EMAIL PROTECTED] wrote: At 12:53 AM 3/21/2006 -0500, Peter wrote: I am using rsync. It also works well. I wrote small scripts (windows side) for users to back up at their discretion. Quick question - I have tried Cygwin rsync on more than one occasion for such an application, .. and it refuses to talk to the OBSD version. Which version(s) you were using? I am using cwrsync (very light) on the windows clients and the rsync port for FreeBSD 5.4 and 6.0. I don't see why it would not work with OpenBSD. Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
dlopen() broken in snapshot?
Hi,
I just upgraded to the 3.9 snapshot in FTP (this is on 386) and I find
that dlopen() does not work.
For example:
a.c:
extern int x;
int foo()
{
x = 1;
}
b.c:
#include dlfcn.h
int x = 0;
int main()
{
void *dl = dlopen(./liba.so, RTLD_LAZY|RTLD_GLOBAL);
if(!dl)
dlerror();
return !dl;
}
And then:
$ gcc -shared -o liba.so a.c
$ gcc b.c
$ ./a.out
./a.out:./liba.so: undefined symbol 'x'
This also happens if I change RTLD_LAZY to RTLD_NOW or anything else.
Is this a known issue? Did I do something wrong in the upgrade process?
Thanks,
Andrew
Re: dlopen() broken in snapshot?
On Tue, Mar 21, 2006 at 01:07:48PM -0500, Andrew Sveikauskas wrote: Hi, I just upgraded to the 3.9 snapshot in FTP (this is on 386) and I find that dlopen() does not work. [snip] And then: $ gcc -shared -o liba.so a.c $ gcc b.c $ ./a.out ./a.out:./liba.so: undefined symbol 'x' This also happens if I change RTLD_LAZY to RTLD_NOW or anything else. Is this a known issue? Did I do something wrong in the upgrade process? With ELF symbols in an executable which are not explictly referenced from a shared library are not exported, for this to work you must pass the linker flag -E or --export-dynamic, then the program will work as expected. eg: $ gcc -Wl,-E b.c Dale Rahn [EMAIL PROTECTED]
DRAV vs iLo
Who wins in the OpenBSD world? DRAC (Dell Remote Admin Card) or iLo (HP's Integrated Lights Out)? We're looking at new servers and are wondering if these are worth the cash, or which is the one to go for? Gaby -- Junkets for bunterish lickspittles since 1998! http://vanhegan.net/sudoku/ http://weblog.vanhegan.net/
Re: ADSL with pppoa (over ATM)
Half Bridge mode is your friend here. Not sure if the D-Link supports this mode however, Google is less than helpful. Essentially in half bridge mode the modem handles the PPPoA authentication with the ISP, as in NAT mode obtaining an IP address from the remote provider as normal. Unlike NAT mode however the modem then leases out this exact same IP address to the connected ethernet host, thereby presenting the external IP directly to your external ethernet port. Finally the modem begins to transparently bridge the ADSL/Ethernet connections. I can vouch for Zoom X3/4 and ADSL Nation X-Modems working in this mode without issue.
Re: ADSL with pppoa (over ATM)
Has anybody done this through a full bridge? My Actiontech isn't nearly as friendly with it's options... Simon Slaytor wrote: Half Bridge mode is your friend here. Not sure if the D-Link supports this mode however, Google is less than helpful. Essentially in half bridge mode the modem handles the PPPoA authentication with the ISP, as in NAT mode obtaining an IP address from the remote provider as normal. Unlike NAT mode however the modem then leases out this exact same IP address to the connected ethernet host, thereby presenting the external IP directly to your external ethernet port. Finally the modem begins to transparently bridge the ADSL/Ethernet connections. I can vouch for Zoom X3/4 and ADSL Nation X-Modems working in this mode without issue.
Arp question
Greetings, I've googled and went to MARC, but can't find anything very helpful about this, so I am here asking for your assistance. I'm getting the following error: /bsd: arp: attempt to overwrite entry for 172.26.0.68 on stge3 by 00:00:1a:19:d3:13 on stge2 repeating multiple times to the console. I have a four interface router, running 3.7 Generic. These two interfaces are going out to our lab. My gut reaction was that someone in the lab might have cabled between two switches on each subnet. Does that seem probable? It's a damn spaghetti mess out there, and before I go spend half a day digging, thought I'd float this out there. Any pointers would be very appreciated. Thanks, Chris
Strange pthread/kernel interaction
Hello list, I have found out that when linking a userspace application with -lpthread, then for some reason, a device driver's read() routine suddenly has IO_NDELAY set in flags. Bug? I am using OpenBSD 3.8. A testcase is at http://jengelh.hopto.org/f/openbsd-pthread-strange.tgz Jan Engelhardt --
Re: Strange pthread/kernel interaction
On Tue, 21 Mar 2006, Jan Engelhardt wrote: Hello list, I have found out that when linking a userspace application with -lpthread, then for some reason, a device driver's read() routine suddenly has IO_NDELAY set in flags. Bug? No, what you are seing is the consequence of having a userland thread implementation. All IO will be done in non-blocking mode, to not allow a single thread to block all threads. The pthread lib manages things to present a blocking call to the thread doing the IO. BTW, the recommeneded way to link a threaded app is by specifying -pthtread on the link command line, not by just linking with -lpthread. See pthread(3). -Otto I am using OpenBSD 3.8. A testcase is at http://jengelh.hopto.org/f/openbsd-pthread-strange.tgz Jan Engelhardt --
Re: Strange pthread/kernel interaction
Hi! On Tue, Mar 21, 2006 at 10:26:42PM +0100, Jan Engelhardt wrote: Hello list, I have found out that when linking a userspace application with -lpthread, then for some reason, a device driver's read() routine suddenly has IO_NDELAY set in flags. Bug? No. This is as it should be, because -lpthread does threads in *one* kernel process, so it has to intercept blocking operations so it can switch to another thread instead, or call select/poll/kevent if needed, so not all threads hang if *one* executes a blocking operation. Kind regards, Hannah.
Re: Strange pthread/kernel interaction
On 3/21/06, Jan Engelhardt [EMAIL PROTECTED] wrote: I have found out that when linking a userspace application with -lpthread, then for some reason, a device driver's read() routine suddenly has IO_NDELAY set in flags. Bug? the current pthread library fakes out concurrency by re-implementing read/write/... and trying to switch threads whenever a syscall would block. so it's intentional, but also has unfortunate side effects for some programs.
Re: Ftp problem
What do your pflog say? Try tcpdump on both interfaces and see what's going on.
Also, you might want to pickup some reading on ftp-proxy(8) (reversed mode -R).
I run ftp-proxy like this:
ftp-proxy -R 192.168.3.2 -m 15000 -M 16000 -r
And my pf looks like this:
nat on $ext_if from 192.168.3.0/24 to any - ($ext_if)
block log all
#Traffic must be allowed to pass the loopback interface
pass quick on lo0 all
#FTP server
pass in log quick on $ext_if proto tcp from any to $ext_ip port 21 flags S/SA
keep state
pass in log quick on $ext_if proto tcp from any to $ext_ip port 15000:16000
flags S/SA keep state
Nils
-Original Message-
From: Pal Andras [mailto:[EMAIL PROTECTED]
Sent: dinsdag 21 maart 2006 19:32
To: misc
Subject: Ftp problem
Hello Misc!
I have a problem about ftp connections.
I made a server behind a firewall and i read the pf docs about the
configuration.
My external pf conf file looks like that:
ext_if=dc0
int_if=dc1
ftp_server=10.5.5.3
nat on $ext_if from $int_if:network to any - ($ext_if)
rdr on dc0 proto tcp from any to any port 80 - 10.5.5.3
rdr on dc0 proto {udp,tcp} from any to any port 143 - 10.5.5.3 rdr on dc0
proto {udp,tcp} from any to any port 993 - 10.5.5.3 rdr on dc0 proto tcp from
any to any port 25 - 10.5.5.3 rdr on dc0 proto tcp from any to any port 5432
- 10.5.5.3 rdr on dc0 proto tcp from any to any port 8821 - 10.5.5.1 rdr on
dc0 proto tcp from any to any port 61 - 10.5.5.4 rdr on dc0 proto tcp from any
to any port 2819 - 10.5.5.4 port 2818 rdr on dc0 proto tcp from any to any
port 2820 - 10.5.5.3 port 2818 rdr on dc0 proto tcp from any to any port 21 -
$ftp_server port 21 rdr on $ext_if proto tcp from any to any port 49152:65535
- $ftp_server port 49152:65535 pass in quick on $ext_if proto tcp from any to
$ftp_server port 21 keep state pass in quick on $ext_if proto tcp from any to
$ftp_server port 49152 keep state pass out quick on $ext_if proto tcp from
any to $ftp_server port 49152 keep state pass out quick on $int_if proto tcp
from any to $ftp_server port 21 keep state
I can connect to the server from my router but can't from the other machines
behind the router. I tried behind my neighbour's wireless router to it did the
same. My ftp client message was:
Data connection timed out.
Falling back to PORT instead of PASV mode.
List failed.
I think it means that the client connected the server but it couldn't list the
directory.
I can connect and list directories other ftp servers from anywhere.
Are there any other server side (pf side) configurations?
Thanks a lot for your help and sorry for that stupid question.
--
--
ANDRAS PAL D i g i t a l Influence
E-mail: [EMAIL PROTECTED] Hungary
Web:http://www.digitalinfluence.hu
http://www.fpower.hu
http://www.ifce.hu
=
A disclaimer applies to this email and any attachments.
Refer to http://www.sparkholland.com/emaildisclaimer for the full text of this
disclaimer.
SOLVED: RE: Arp question
Nevermind - somebody moved a box to the other network and fired it up with the old network configured. Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry, Christopher Sent: Tuesday, March 21, 2006 4:24 PM To: misc@openbsd.org Subject: Arp question Greetings, I've googled and went to MARC, but can't find anything very helpful about this, so I am here asking for your assistance. I'm getting the following error: /bsd: arp: attempt to overwrite entry for 172.26.0.68 on stge3 by 00:00:1a:19:d3:13 on stge2 repeating multiple times to the console. I have a four interface router, running 3.7 Generic. These two interfaces are going out to our lab. My gut reaction was that someone in the lab might have cabled between two switches on each subnet. Does that seem probable? It's a damn spaghetti mess out there, and before I go spend half a day digging, thought I'd float this out there. Any pointers would be very appreciated. Thanks, Chris
Re: Strange pthread/kernel interaction
I have found out that when linking a userspace application with -lpthread, then for some reason, a device driver's read() routine suddenly has IO_NDELAY set in flags. Bug? No. This is as it should be, because -lpthread does threads in *one* kernel process, so it has to intercept blocking operations so it can switch to another thread instead, or call select/poll/kevent if needed, so not all threads hang if *one* executes a blocking operation. Reminds me of ol' LinuxThreads. Any plans to make each thread a separate kernel process/thread? Jan Engelhardt --
Re: ADSL with pppoa (over ATM)
On Tue, Mar 21, 2006 at 08:29:19PM +0100, Luca Losio wrote: D-link 300T that now it's doing NAT and working with a DHCP server for the internal network I used to have one of these. On your external NIC, use DHCP, and that is it. The DLink does the PPPoA stuff and issues the WAN IP address to your DHCP card. You can still telnet to the DLink on 192.168.0.1 at the same time as your link being up.
Re: Strange pthread/kernel interaction
On 2006/03/21 23:21, Jan Engelhardt wrote: I have found out that when linking a userspace application with -lpthread, then for some reason, a device driver's read() routine suddenly has IO_NDELAY set in flags. Bug? No. This is as it should be, because -lpthread does threads in *one* kernel process, so it has to intercept blocking operations so it can switch to another thread instead, or call select/poll/kevent if needed, so not all threads hang if *one* executes a blocking operation. Reminds me of ol' LinuxThreads. Any plans to make each thread a separate kernel process/thread? http://www.openbsd.org/papers/eurobsd2005/tedu-rthreads.pdf
[SOLVED] Re: no internet with cable provider (videotron.ca)
Ok folks. This *was* a MAC caching issue. I was able to reset this particular modem by inserting a pin into the reset orifice. I presume I could have achieved this by unplugging the power cable AND removing the battery. So dhclient on OpenBSD 3.8 *does work* although I continue to receive a bad length type of message. Here is the session: # dhclient sis1 DHCPDISCOVER on sis1 to 255.255.255.255 port 67 interval 8 DHCPDISCOVER on sis1 to 255.255.255.255 port 67 interval 14 ip length 348 disagrees with bytes received 352. accepting packet with data after udp payload. DHCPOFFER from 10.206.182.1 DHCPREQUEST on sis1 to 255.255.255.255 port 67 ip length 348 disagrees with bytes received 352. accepting packet with data after udp payload. DHCPACK from 10.206.182.1 bound to 70.81.175.3 -- renewal in 1800 seconds. I will try to use the '-u' switch and see if that will get rid of the warning message. Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Musica del Recuerdo - 6 CDs Compilados !!
MUSICA BAILABLE RECUERDOS LA MEJOR COMPILACION ! Precio Promocional N O V E D A D - PACK DE 6 CDS CON LA MEJOR MUSICA NO TE PODES PERDER ESTA OPORTUNIDAD !!! - MAS DE 6 HORAS DE MUSICA ENGANCHADA UNA RECOPLACION QUE REUNE: LO MEJOR DEL DISCO/DANCE DE LOS '80/'90 (2CDS) LOS MEJORES LENTOS INTERNACIONALES (2CDS) LO MEJOR DEL ROCK ROLL CLASICO (1CD) LO MEJOR DE LA EPOCA DE ORO ARGENTINA (1CD) OLD MUSIC '80 / '90 VOL. 2 01- Darude - Feel the beat 02 - Dr. Alban - It's my life 03- Hithouse - Jack to the sound of the underground 04- Al Corley - Square room 05- Billy Idol - Money money 06- Depeche Mode - Everything counts 07- Alphaville - Big in Japan 08- Black Box - Ride on time 09- Haddaway - What is love 10- Haddaway - Life 11- Erasure - A little respect 12- Erasure - Oh L'amour 13- Depeche Mode - I just can't get enough 14- Baltimora - Tarzan boy 15- Camouflage - The great commandment 16- Cindy Lauper - Girls just want to have fun 17- Culture Club - Karma chamaleon 18- Stevie Wonder - Part time lover 19- Simply Red - Something got me started 20- Siouxie the Banshees - The passenger 21- Pet Shop Boys - Always on my mind 22- Pet Shop Boys - Heart 23- Pet Shop Boys - West end girls 24- New Order - You spin me round (like a record) 25- P Lion - Happy children 26- The Human League - Don't you want me baby 27- Dire Straits - Walk of life 28- Lonnie Gordon - Gonna catch you Baby 29- Snap - Rhythm is a dancer 30- Real Life - Send me an angel 31- Imagination - Just an illusion 32- Wax- Right between the eyes OLD MUSIC '70 / '80 VOL. 1 01- Gap Band - Burn rubber on me 02- Chic - Good times 03- Bee Gees - Stayin' alive 04- J. Travolta O N John - Your the one that i want 05- Lipps Inc. - Funky town 06- E.L.O. - Don't bring me down 07- E.L.O. - Last train to London 08- Earth Wind Fire - Boogie wonderland 09- Earth Wind Fire - Lets groove tonight 10- Gloria Gaynor - I will survive 11- Gloria Gaynor - Never can say goodbye 12- Hermes Hous Band - Cant take my eyes of you 13- B 52's - Roam 14- B 52's - Private Idaho 15- B 52's - Walk like an Egiptian 16- B 52's - Party out of bounds 17- Glenn Frey - The heat is on 18- Kool and the Gang - Get down on it 19- Kool and the Gang - Fresh 20- Kool and the Gang - Celebration 21- Billy Ocean - Caribbean queen 22- Donna Summer - This time i know it's for real 23- Donna Summer - Hot stuff 24- Sister Sledge - We are family 25- Tina Turner - What you get is what you see 26- Village People - YMCA 27- The Clash - Rock the casbah 28- Rick Astley - Together forever 29- Rick Astley - Never gonna give you up 30- Yazoo - Situation 31- Spagna - Call me 32- Spagna - Easy lady 33- Village People - In the navy CLASICOS BAILABLES - EPOCA DE ORO 01- Hippie - Movete chiquita 02- La Joven Guardia - El extraqo de pelo largo 03- Musica Libre - Mix _ Salta salta - Subite - De boliche en ... 04- Donald - Las olas y el viento 05- Palito Ortega - Anda y tirate al rio 06- Palito Ortega - Estoy perdiendo imagen 07- Palito Ortega - Bienvenido amor 08- Palito Ortega - Poupurri 09- Katunga - Veo veo, que ves 10- Katunga - El negro no puede 11- Katunga - El que no baila es un aburrido 12- Katunga - El sube y baja 13- Katunga - Que la deje ir al baile sola 14- Katunga - Poupurri (la bamba la cucaracha) 15- Los Wawanco - Se va el caiman 16- Los Wawanco - La cosecha de mujeres 17- Los Wawanco - La pollera colora 18- Los Wawanco - Un sombrero de paja 19- Los Wawanco - Santa Marta 20- Los Wawanco - Enganchados varios 21- Cuarteto Imperial - 488 kilometros 22- Cuarteto Imperial - Ojos que no ven 23- Cuarteto Imperial - Rio Mamore 24- Cuarteto Imperial - Hagan el pasito 25- Cuarteto Imperial - Trinidad 26- Cuarteto Imperial - Fiesta continuada ROCK ROLL - CLASSICS 01.- Bill Haley - Rock around the clock 02.- Beatles - Rock and roll music 03.- Bob Seeger - Old time rock and roll 04.- Creedence - Travelin' band 05.- Little Richard - Good golly miss Molly 06.- Jerry Lee Lewis - Great balls of fire 07.- Creedence - Ooby Dooby 08.- ELO - Rock and roll is king 09.- Elvis Presley - Jail house rock 10.- Bill Haley - Rock this joint 11.- Queen - Crazy little thing called love 12.- Led Zeppelin - Rock and roll 13.- Los Lobos - Come on lets go 14.- Chuck Berry - Lets twist again 15.- Elvis Presley - Hound dog 16.- Elvis Presley - I'm all shook up 17.- Little Richard - Long tall Sally 18.- Jerry Lee Lewis - Shake rattle and roll 19.- Chuck Berry - Johnny B Goode 20.- Bill Haley - See you later alligator 21.- Little Richard - Tutti frutti 22.- Dance rock and roll - Party megamix LENTOS INTERNACIONALES VOL. 1 01 - berlin - take my breath away 02 - chris de burgh - love is my decision 03 - chris isaak - wicked game 04 - eric clapton - tears in heaven (vivo) 05 - jim diamond - i should have known better 06 - kansas - dust in the wind 07 - aaron neville linda ronstadt - don't know much 08 - air supply - can't fight this feeling anymore 09 - bette
Removing a misconfigured list member? [EMAIL PROTECTED]: Undelivered Mail Returned to Sender]
Hello! This one is misconfigured in a really funny way. I get a bounce not if I post to the OpenBSD mailing lists (as it happens sometimes) but if I *get* a mail both with To my address and CC an OpenBSD mailing list. Mailing to [EMAIL PROTECTED] didn't work either (similar loop error message). So could one please remove [EMAIL PROTECTED] from the mailing lists? Sorry for mailing the list itself, but I didn't find a more specific contact for that on http://www.openbsd.org/mail.html. And I didn't find the mail exchanges from when I last reported a misconfigured subscriber. Thanks in advance. Kind regards, Hannah. - Forwarded message from Mail Delivery System [EMAIL PROTECTED] - From: Mail Delivery System [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Wed, 22 Mar 2006 00:30:43 +0200 (EET) Subject: Undelivered Mail Returned to Sender Content-Description: Notification This is the Postfix program at host aries.oic.lv. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster If you do so, please include this problem report. You can delete your own text from the attached returned message. The Postfix program [EMAIL PROTECTED]: host 127.0.0.1[127.0.0.1] said: 554 5.4.6 Loop detected. (in reply to end of DATA command) Content-Description: Delivery report Reporting-MTA: dns; aries.oic.lv X-Postfix-Queue-ID: 2EBC123476 X-Postfix-Sender: rfc822; [EMAIL PROTECTED] Arrival-Date: Wed, 22 Mar 2006 00:30:43 +0200 (EET) Final-Recipient: rfc822; [EMAIL PROTECTED] Action: failed Status: 5.0.0 Diagnostic-Code: X-Postfix; host 127.0.0.1[127.0.0.1] said: 554 5.4.6 Loop detected. (in reply to end of DATA command) Content-Description: Undelivered Message From: Jan Engelhardt [EMAIL PROTECTED] To: Hannah Schroeter [EMAIL PROTECTED] Date: Tue, 21 Mar 2006 23:21:08 +0100 (MET) Subject: Re: Strange pthread/kernel interaction cc: misc@openbsd.org I have found out that when linking a userspace application with -lpthread, then for some reason, a device driver's read() routine suddenly has IO_NDELAY set in flags. Bug? No. This is as it should be, because -lpthread does threads in *one* kernel process, so it has to intercept blocking operations so it can switch to another thread instead, or call select/poll/kevent if needed, so not all threads hang if *one* executes a blocking operation. Reminds me of ol' LinuxThreads. Any plans to make each thread a separate kernel process/thread? Jan Engelhardt -- - End forwarded message -
recent CARP 'fixes'
Hi, I have a pair of openbsd amd64 3.8+ boxes with a few shared carp interfaces. They were playing perfectly together until today. I upgraded one to the 20-03-06 snapshot ( the other is still at circa. 18-12-2005). Now both the boxes claim to be carp MASTERs, with obvious consequences. net.inet.carp.log=1 or tcpdump don't show any problems though. /plus39.html lists 2 carp fixes. The first releates to HMAC calc, so I disabled the carp password, without any effect. The other fix relates to a 'short' incorrect MASTER status at boot - where as mine seems to persist indefinitely. Is this an incompatability between o/s versions, or just a passing - current hiccup ? /Pete [EMAIL PROTECTED] /root cat /var/run/dmesg.boot OpenBSD 3.9-current (GENERIC.MP) #750: Sun Mar 19 18:25:28 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/ GENERIC.MP real mem = 2146140160 (2095840K) avail mem = 1834962944 (1791956K) using 22937 buffers containing 214822912 bytes (209788K) of memory mainbus0 (root) ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca2/2 spacing 1 mainbus0: scanning 0x98800 to 0x98bf0 for MP signature mainbus0: scanning 0x98400 to 0x987f0 for MP signature mainbus0: scanning 0xf to 0x0 for MP signature mainbus0: MP floating pointer found in bios at 0xf72f0 mainbus0: MP config table at 0x9bb20, 372 bytes long mainbus0: Intel MP Specification (Version 1.4) (AMD HAMMER ) cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Opteron(tm) Processor 252, 2612.34 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: calibrating local timer cpu0: apic clock running at 200MHz cpu0: kstack at 0x800067d66000 for 20480 bytes cpu0: idle pcb at 0x800067d66000, idle sp at 0x800067d6aff0 cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Opteron(tm) Processor 252, 2612.04 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: kstack at 0x800067d6b000 for 20480 bytes cpu1: idle pcb at 0x800067d6b000, idle sp at 0x800067d6fff0 mpbios: bus 0 is type PCI mpbios: bus 1 is type PCI mpbios: bus 2 is type PCI mpbios: bus 3 is type PCI mpbios: bus 4 is type PCI mpbios: bus 128 is type PCI mpbios: bus 129 is type PCI mpbios: bus 134 is type PCI mpbios: bus 139 is type ISA ioapic0 at mainbus0 apid 2 pa 0xfec0, virtual wire mode, version 11, 24 pins ioapic1 at mainbus0 apid 3 pa 0xd800, virtual wire mode, version 11, 7 pins ioapic2 at mainbus0 apid 4 pa 0xd8001000, virtual wire mode, version 11, 7 pins ioapic0: int0 attached to ExtINT (type 0x3 flags 0x5) ioapic0: int1 attached to isa0 irq 1 (type 0x0 flags 0x5) ioapic0: int2 attached to isa0 irq 2 (type 0x0 flags 0x5) ioapic0: int3 attached to isa0 irq 3 (type 0x0 flags 0x5) ioapic0: int4 attached to isa0 irq 4 (type 0x0 flags 0x5) ioapic0: int5 attached to isa0 irq 5 (type 0x0 flags 0x5) ioapic0: int6 attached to isa0 irq 6 (type 0x0 flags 0x5) ioapic0: int7 attached to isa0 irq 7 (type 0x0 flags 0x5) ioapic0: int8 attached to isa0 irq 8 (type 0x0 flags 0x5) ioapic0: int9 attached to isa0 irq 9 (type 0x0 flags 0x5) ioapic0: int10 attached to isa0 irq 10 (type 0x0 flags 0xf) ioapic0: int11 attached to isa0 irq 11 (type 0x0 flags 0xf) ioapic0: int12 attached to isa0 irq 12 (type 0x0 flags 0x5) ioapic0: int13 attached to isa0 irq 13 (type 0x0 flags 0x5) ioapic0: int14 attached to isa0 irq 14 (type 0x0 flags 0x5) ioapic0: int15 attached to isa0 irq 15 (type 0x0 flags 0x5) ioapic0: int10 attached to pci0 device 2 INT_A (type 0x0 flags 0xf) ioapic0: int11 attached to pci0 device 2 INT_B (type 0x0 flags 0xf) ioapic0: int10 attached to pci0 device 8 INT_A (type 0x0 flags 0xf) ioapic0: int11 attached to pci1 device 5 INT_A (type 0x0 flags 0xf) ioapic0: int11 attached to pci2 device 0 INT_A (type 0x0 flags 0xf) ioapic0: int10 attached to pci3 device 0 INT_A (type 0x0 flags 0xf) local apic: int0 attached to ExtINT (type 0x3 flags 0x5) local apic: int1 attached to NMI (type 0x1 flags 0x5) mainbus0: MP WARNING: 160 bytes of extended entries not examined pci0 at mainbus0 bus 0: configuration mode 1 NVIDIA nForce4 DDR rev 0xa3 at pci0 dev 0 function 0 not configured pcib0 at pci0 dev 1 function 0 NVIDIA nForce4 ISA rev 0xa3 nviic0 at pci0 dev 1 function 1 NVIDIA nForce4 SMBus rev 0xa2 iic0 at
Re: recent CARP 'fixes'
Pete Vickers wrote: Hi, I have a pair of openbsd amd64 3.8+ boxes with a few shared carp interfaces. They were playing perfectly together until today. I upgraded one to the 20-03-06 snapshot ( the other is still at circa. 18-12-2005). Now both the boxes claim to be carp MASTERs, with obvious consequences. net.inet.carp.log=1 or tcpdump don't show any problems though. /plus39.html lists 2 carp fixes. The first releates to HMAC calc, so I disabled the carp password, without any effect. The other fix relates to a 'short' incorrect MASTER status at boot - where as mine seems to persist indefinitely. Is this an incompatability between o/s versions, or just a passing -current hiccup ? There is/was an issue between the two version: http://marc.theaimsgroup.com/?l=openbsd-miscm=113790376714674w=2 Look to me that you run a snapshot that still have the issue in it, your 18-12-2005 one. I would upgrade that one to first as I know there was a problem then I point it out and that got fix quickly as well. Daniel
Re: recent CARP 'fixes'
Pete Vickers wrote: Is this an incompatability between o/s versions, or just a passing -current hiccup ? Here is the patch that fixed it then. http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ip_carp.c.diff?r1=1.118r2=1.119 Daniel
Re: Strange pthread/kernel interaction
Hello, I have found out that when linking a userspace application with -lpthread, then for some reason, a device driver's read() routine suddenly has IO_NDELAY set in flags. Bug? No. This is as it should be, because -lpthread does threads in *one* kernel process, so it has to intercept blocking operations so it can switch to another thread instead, or call select/poll/kevent if needed, so not all threads hang if *one* executes a blocking operation. How could I help the high CPU usage then? The device driver read routine always prematurely exits because IO_NDELAY is set (and there's nothing to read - so EWOULDBLOCK is returned). Jan Engelhardt --
Re: Removing a misconfigured list member? [EMAIL PROTECTED]: Undelivered Mail Returned to Sender]
Mailing to [EMAIL PROTECTED] didn't work either (similar loop error message). So could one please remove [EMAIL PROTECTED] from the mailing lists? Sorry for mailing the list itself, but I didn't find a more specific contact for that on http://www.openbsd.org/mail.html. I think you wanted [EMAIL PROTECTED] if I remember majordomo's email correctly.
Re: dlopen() broken in snapshot?
On 2006-03-21 15:06:04 -0500 Dale Rahn [EMAIL PROTECTED] wrote: eg: $ gcc -Wl,-E b.c Excellent. I have a configure script that wasn't adding this flag. That fixes my problem. Is this requirement new? It seems to work in 3.8.
Re: Strange pthread/kernel interaction
On 3/21/06, Jan Engelhardt [EMAIL PROTECTED] wrote: How could I help the high CPU usage then? The device driver read routine always prematurely exits because IO_NDELAY is set (and there's nothing to read - so EWOULDBLOCK is returned). the real syscall symbols are available as _thread_sys_read and so on. you'll also need to clear non-blocking with _thread_sys_fcntl.
Re: embedded computers with RS485
anyone knows where i can find embedded computers with RS485 ports on board, where i can run OBSD? PC/104 CPU boards quite commonly have at least one serial port switchable from RS-232 to RS-485. Try Googling for +CPU +RS485 +PC104, and you should find plenty. Hi Steve, I was looking for something similar to the Soekris ones, i found some in www.acrosser.com but they have to much unuseful stuff. Anyway to find something runable with OBSD in the PC104 world should be a try and error thing, and to much money to make those tests. Thanks anyway, georg
Re: [SOLVED] Re: no internet with cable provider (videotron.ca)
On Tue, Mar 21, 2006 at 05:25:40PM -0500, Peter wrote: | Ok folks. This *was* a MAC caching issue. I was able to reset this | particular modem by inserting a pin into the reset orifice. I presume | I could have achieved this by unplugging the power cable AND removing | the battery. So dhclient on OpenBSD 3.8 *does work* although I | continue to receive a bad length type of message. Here is the session: | | # dhclient sis1 | DHCPDISCOVER on sis1 to 255.255.255.255 port 67 interval 8 | DHCPDISCOVER on sis1 to 255.255.255.255 port 67 interval 14 | ip length 348 disagrees with bytes received 352. | accepting packet with data after udp payload. | DHCPOFFER from 10.206.182.1 | DHCPREQUEST on sis1 to 255.255.255.255 port 67 | ip length 348 disagrees with bytes received 352. | accepting packet with data after udp payload. | DHCPACK from 10.206.182.1 | bound to 70.81.175.3 -- renewal in 1800 seconds. | | I will try to use the '-u' switch and see if that will get rid of the | warning message. Upgrade to the latest snapshot or wait a bit for 3.9 (ordered your CD yet ? :) There have been some changes to sis(4), the driver for your network card, that fix this issue. At least this issue was fixed on my laptop after upgrading to a recent snapshot. Cheers, Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/ [demime 1.01d removed an attachment of type application/pgp-signature]
Re: DRAV vs iLo
Who wins in the OpenBSD world? DRAC (Dell Remote Admin Card) or iLo (HP's Integrated Lights Out)? We're looking at new servers and are wondering if these are worth the cash, or which is the one to go for? I've never used DRAC, but ILO (the real deal, like in HP360G4) is pretty solid. Stay away from the el-cheapo variants found in DL145 and the like. You might want to purchase the Advanced pack, since that gives you fancy stuff like remote ISO mount from you workstation. I've also used Sun's ILOM. HP's is still better IMHO.
sftp and scp and chroot
Michael Schmidt wrote: Why may ssh be broken down when jailkit is used? chrooting ssh is DANGEROUS. it was discussed many times. search archives.
