Re: Odd df reporting (On Apr 3 snapshot, data copied via 3.8snapshot)

[Otto Moerbeek]

On Sat, 8 Apr 2006, Whyzzi wrote:

  To be on the safe side, run a 3.8 fsck. Easiest way to do that is copy
  a 3.8 bsd.rd and boot that. Go to the shell and run fsck -f.
 
  -Otto
 
 
 Done. Followed http://www.openbsd.org/faq/faq4.html#bsd.rd part of the
 FAQ, and ripped the 3.8 bsd.rd from the usa.openbsd.org server. Just
 for info, the bsd.38.rd reports the same df as the others...
 
 Ok, this is strange:
 =-=-=-=-=-=-=-=-=-
 # fsck /dev/rwd0d
 ** /dev/rwd0d
 ** File system is clean; not checking
 # fsck -f /dev/rwd0d
 ** /dev/rwd0d
 ** File system is already clean
 cannot alloc 4294966928 bytes for inphead
 # fsck -f /dev/wd0d
 ** /dev/wd0d
 ** File system is already clean
 cannot alloc 4294966928 bytes for inphead
 #
 =-=-=-=-=-=-=-=-=-
 
 I hope that helps some.. If there is anything else you'd like from
 this box just let me know!

Hmm, 

have to think about this maybe the alternative super blocks are
ok, but it's becoming tricky.

-Otto

PPPoA and OpenBSD

[Dave Harrison]

Hi all,

I'm searching high and low for some documentation on setting up a PPPoA link
(yes, it's for the UK and it's definitely PPPoA _not_ PPPoE) under OpenBSD and
drawing a blank.  The FAQ says that it seems to be possible, but the ppp man
page doesn't seem to have any references, and all my googling is drawing a blank
too.

Can anyone point me at the place where some doco on doing this is ?  Is it even
possible ??

Thanks for you help,
Dave

Belkin Components F5D7050 54g USB Network Adapter

[Johan]

Hi,

Running the latest snapshot (4th April).
Trying to connect a Belkin Wireless USB Network Adapter:

dmsg:

ural0: Belkin Components F5D7050 54g USB Network Adapter, rev 2.00/2.02, 
addr 2

ural0: could not read MAC register: STALLED
ural0: could not read EEPROM: STALLED
ural0: could not read EEPROM: STALLED
ural0: could not read EEPROM: STALLED
ural0: could not read EEPROM: STALLED
ural0: could not read EEPROM: STALLED
ural0: MAC/BBP RT02 (rev 0x00), RF RT2522, address 00:00:00:00:00:00

ifconfig:

ural0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500
lladdr 00:00:00:00:00:00
media: IEEE802.11 autoselect
status: no network
ieee80211: nwid  100dBm

When trying to manually set the lladdr I get a lot of this messages:
ural0: could not read MAC register: STALLED
ural0: could not read MAC register: STALLED
ural0: could not read MAC register: STALLED
ural0: could not read MAC register: STALLED
ural0: timeout waiting for BBP/RF to wakeup
ural0: could not write MAC register: STALLED
ural0: could not write MAC register: STALLED
ural0: could not write MAC register: STALLED

Is this just an unsupported USB device or is there a workaround?

Regards

Johan Linnir

Re: PPPoA and OpenBSD

[Dave Harrison]

Stuart Henderson wrote:
 On 2006/04/09 17:43, Dave Harrison wrote:
 I'm searching high and low for some documentation on setting up a PPPoA link
 (yes, it's for the UK and it's definitely PPPoA _not_ PPPoE) under OpenBSD
 
 in-tree: ueagle(4)
 otherwise: iirc there are some USB Speedtouch drivers

Is it not possible to configure in a way similar to a ppp  PPPoE setup ??

I have a modem that I'm connecting to via ethernet, then it plugs into the phone
line.

Can I drive PPPoA with the ppp daemon ??

Dave

Re: problem building xine-lib on 3.8

[Jacob Meuser]

On Sat, Apr 08, 2006 at 11:15:05AM -0500, Dave Feustel wrote:
 I am now trying to build xine to be able to display mjpeg files on OpenBSD.
 I get the following error attempting to build xine-lib on OpenBSD 3.8:

it's quite some work to get xine working on 3.8.  probably not worth
the trouble, really.

mplayer and ffplay (from ffmpeg) should be able to play mjpeg files.

and then there's mjpegtools, with which you should be able to play,
edit, and transcode mjpeg files.

-- 
[EMAIL PROTECTED]

Re: IO fencing question

[Joachim Schipper]

On Sat, Apr 08, 2006 at 03:54:58PM -0400, Barry, Christopher wrote:
  -Original Message-
  From: Jon Hart [mailto:[EMAIL PROTECTED] 
  Sent: Friday, April 07, 2006 1:25 PM
  To: Barry, Christopher
  Cc: misc@openbsd.org
  Subject: Re: IO fencing question
  
  On Fri, Apr 07, 2006 at 12:26:45PM -0400, Barry, Christopher wrote:
 Thanks much for your answers. By 'soft', I mean a controlled
   reboot/shutdown where the power remains on even though the OS has
   obviously stopped running. I have not experienced any 
  actual failures of
   anything, so I do not the outcome of that. Induced 'Hard' 
  failure (e.g.
   pulling the plug) works perfectly.
   
 The more I look at it, and think about it, I'm guessing the
   problem is more related to the redundant fibre ports on the 350-24T
   switch, actually holding onto information about the directly connect
   interface, and stubbornly sticking to it if it detects any kind of
   signal whatsoever.
  
  I experienced this same sort of weirdness when setting up a pair of
  redundant routers.  The two upstreams, which I had no control 
  over, ran
  OSPF.  If I powered off the machine, all was well.  If I simply halted
  the machine, or there was power to it at all, their OSPF daemon would
  detect a link and continue to route in the direction of our downed
  router.
  
  The problem, in the end, was that the Dell 1850s primary onboard
  ethernet controller will exhibit link when there is power to 
  the board.
  The secondary, and any PCI/PCI-X cards that we added on afterward, did
  not exhibit this behavior.
  
  -jon
  
 
 
 Thanks everyone for your ideas on this. As it turns out, the issue is
 indeed the switch's redundant fiber port not releasing. As soon as power
 hits the server's motherboard, a link is present on the switch - even
 though all of my fiber NICs are in PCI slots. The only way I can
 reliably failover the switch port is to remove power completely from the
 router.
 
 To do this, I'm thinking a combination of:
 http://freshmeat.net/projects/powerswitch/
 and:
 http://www.servertech.com/products/product.aspx?GroupID=1ProductID=12#
 
 
 Of course the powerswitch script will need a bit of hacking, and I'll
 need to wrap the whole deal in a looping testing script, looking for
 when stge0 on the backup becomes master. Then I'm thinking of attempting
 a 'ssh master -c halt -p', waiting a certain amount of seconds, and
 then switching off the power to the plug.
 
 Does that sound like a reasonable approach? Anyone already done this and
 have some lessons for me?

While this is likely to work in practice, a more complete solution makes
sure that the box is only switched off if it is shut down properly. How
to handle a kernel panic is also nontrivial, as you both want the output
and the connection to be cut.

If you can manage it, it might be best to cut fiber access instead of
power.

Of course, none of this makes the system more stable.

Joachim

Re: PPPoA and OpenBSD

[Stuart Henderson]

On 2006/04/09 17:43, Dave Harrison wrote:
 I'm searching high and low for some documentation on setting up a PPPoA link
 (yes, it's for the UK and it's definitely PPPoA _not_ PPPoE) under OpenBSD

in-tree: ueagle(4)
otherwise: iirc there are some USB Speedtouch drivers

Re: PPPoA and OpenBSD

[Stuart Henderson]

On 2006/04/09 19:03, Dave Harrison wrote:
  in-tree: ueagle(4)
  otherwise: iirc there are some USB Speedtouch drivers
 
 Is it not possible to configure in a way similar to a ppp  PPPoE setup ??

No.

 I have a modem that I'm connecting to via ethernet, then it plugs
 into the phone line.

Those work like routers in 'bridge' mode and are usually used
with PPPoE. Did you already try PPPoE? It is probably the simplest
way to do what you want and typically it *does* work in UK.

 Can I drive PPPoA with the ppp daemon ??

Yes, with ueagle.

Re: PPPoA and OpenBSD

[Shane J Pearson]

Hi Dave,

On 2006.04.09, at 7:03 PM, Dave Harrison wrote:

Is it not possible to configure in a way similar to a ppp  PPPoE  
setup ??


I have a modem that I'm connecting to via ethernet, then it plugs  
into the phone

line.


Does your MODEM have a half bridge mode? My DSL MODEM/router employs  
a half bridge mode, but calls it MODEM mode. With that mode, you  
can have the MODEM log in to your ISP and deal with PPPoE or PPPoA  
and then the MODEM just passes the IP traffic to its ethernet port.  
In that mode you can leave the MODEM/routers DHCP server switched on  
and your connected machine will get the IP assigned from your ISP  
through the MODEM.


I used to use PPPoE with my provider in Australia, but tried PPPoA  
using this method and it works great. I wanted to try PPPoA because I  
was having some stability issues with PPPoE, however the problem  
turned out to be the MODEM. I stuck with PPPoA because I can use an  
MTU of 1500. The MODEM deals with the logging in and PPPoA and my  
firewall just sees the IP traffic without any NAT being done in the  
MODEM.


Maybe this a possible solution for you?


Shane

ral ural dhcpd problem

[Johan]

Hi,


I'm having trouble to get dhcpd to work with two different wlan adapters 
in hostap mode, ral and ural: the client does not receive a dhcp lease.

Using last 3.9 snapshot (4 April)

usb:
ural0: ANI 802.11g WLAN Adapter, rev 2.00/0.01, addr 2
ural0: MAC/BBP RT2570 (rev 0x05), RF RT2526, address 00:13:46:63:1b:59

mini-pci:
ral0 at pci0 dev 14 function 0 Ralink RT2561S rev 0x00: irq 11, 
address 00:0e:8e:02:ed:59

ral0: MAC/BBP RT2661B, RF RT2527

dhcpd -d ral0 (or dhcpd -d ural0) does not show any output, but 
/var/db/dhcpd.leases is updated correctly, but the client does not get a 
ip etc.


pf is off, no firewall at the client side.
When using a static ip on the client, everything works fine.

Any suggestions?

Thanks

Johan Linnir

Re: PPPoA and OpenBSD

[Jasper Lievisse Adriaanse]

On Sun, 9 Apr 2006 09:55:49 +0100
Stuart Henderson [EMAIL PROTECTED] wrote:

 On 2006/04/09 17:43, Dave Harrison wrote:
  I'm searching high and low for some documentation on setting up a PPPoA
link
  (yes, it's for the UK and it's definitely PPPoA _not_ PPPoE) under
OpenBSD

 in-tree: ueagle(4)
 otherwise: iirc there are some USB Speedtouch drivers
I have a USB Speedtouch modem attached to my router:
ugen0 at uhub0 port 2
ugen0: ALCATEL Speed Touch USB, rev 1.10/0.00, addr 2

I have been using PPPoA + OpenBSD for some time now, without problems.

Cheers,
Jasper

--
Humppa is a serious thing!

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: Odd df reporting (On Apr 3 snapshot, data copied via 3.8snapshot)

[Pedro Martelletto]

It would be wise to actually force the checking by specifying -f.

-p.

PFlog

[Gaby vanhegan]

Hi,

I'm trying to setup a system to account for the traffic that flows  
through the firewall by service (http, smtp, etc).  I have had some  
success playing with tcpdump and pf logging but I can't quite work  
out what's going on.  I have pf logging the traffic that I want to  
account for so /var/log/pflog is filling up nicely.  Taking a few  
sample lines from the output of:

# tcpdump -n -r /var/log/pflog

13:35:07.985465 220.135.151.10.1254  195.224.72.148.25: S  
108231586:108231586(0) win 65535 mss 1300,nop,nop,sackOK (DF)
13:35:08.384197 195.224.72.148.59258  195.224.72.2.53:  28701+[|domain]
13:35:15.747376 24.198.33.0.3395  195.224.72.148.25: S  
531328580:531328580(0) win 64240 mss 1460,nop,wscale  
0,nop,nop,timestamp 0 0,nop,nop,sackOK (DF)
13:35:18.025285 80.62.253.137.4452  195.224.72.148.80: S  
3580612744:3580612744(0) win 65535 mss 1452,nop,nop,sackOK (DF)
13:35:28.544158 131.165.205.101.1886  195.224.72.148.80: S  
2587435678:2587435678(0) win 16384 mss 1460 (DF)
13:35:29.585572 66.154.102.108.53139  195.224.72.148.80: S  
1452108063:1452108063(0) win 5840 mss 1460,sackOK,timestamp  
142976852 0,nop,wscale 0 (DF)
13:35:38.090762 82.153.166.67.1436  195.224.72.148.80: S  
1406992321:1406992321(0) win 65535 mss 1452,nop,nop,sackOK (DF)

I can't actually work out which field in these lines is the size of  
the data payload for each packet.  The first line, looks like an SMTP  
connection, the last four look like HTTP connections (incoming).   
I've read the pflog documentation, and the tcpdump documentation but  
perhaps I've missed something.  If I want to get packet sizes, I need  
to run tcpdump on the live interface (not the pflog file) with the -e  
flag, which, as the manual suggests:

Link Level Headers
  If the -e option is given, the link level header is printed  
out.  On Eth-
  ernets, the source and destination addresses, protocol, and  
packet length
  are printed.

Which gives me packet length.  However, this is for all traffic, and  
I'm only interested in traffic that makes it through pf, or traffic  
that I specifically want to log via pf.  I have looked at tools like  
symon/symux (which I'll be using for the data logging), I don't want  
to run ntop and iplog hasn't been touched for years.  The mailing  
archive suggested IPAudit, but I'd rather use native tools if I can.

Does I have to listen to the interface directly (tcpdump -n ip) or  
can I get the packet size information from the pflog file?

Gaby

--
Junkets for bunterish lickspittles since 1998!
http://www.playr.co.uk/sudoku/
http://weblog.vanhegan.net/

Re: PFlog

[Andrew Veitch]

On Sun, 9 Apr 2006, Gaby vanhegan wrote:
I'm only interested in traffic that makes it through pf, or traffic that 
I specifically want to log via pf.  I have looked at tools like 
symon/symux (which I'll be using for the data logging), I don't want to 
run ntop and iplog hasn't been touched for years.  The mailing archive 
suggested IPAudit, but I'd rather use native tools if I can.


Would pmacct help in this scenario?  http://www.pmacct.org/

Not sure whether it could be configured to listen to pflog though.

--
Andrew Veitch   mailto:[EMAIL PROTECTED]http://erkle.org/

Re: PFlog

[Gaby vanhegan]

On 9 Apr 2006, at 14:10, Andrew Veitch wrote:

 Would pmacct help in this scenario?  http://www.pmacct.org/
 Not sure whether it could be configured to listen to pflog though.

The thing with pflog is that I can't see which field (if any) is the  
packet size, which is what I'm interested in.  I'm trying to log how  
much of which protocol eats what amount of my bandwidth, both inbound  
and outbound.

Gaby

--
Junkets for bunterish lickspittles since 1998!
http://www.playr.co.uk/sudoku/
http://weblog.vanhegan.net/

Re: PFlog

[Andrew Veitch]

On Sun, 9 Apr 2006, Gaby vanhegan wrote:
I'm trying to log how much of which protocol eats what amount of my 
bandwidth, both inbound and outbound.


While I haven't used it in that fashion, I believe that this problem is 
one of the things pmacct was designed to solve.


See page 17 of 
http://www.ba.cnr.it/~paolo/pmacct/p_lucente_pmacct_sanog7-final.pdf


--
Andrew Veitchmailto:[EMAIL PROTECTED]http://erkle.org/

Re: ral ural dhcpd problem

[Joachim Schipper]

On Sun, Apr 09, 2006 at 07:00:47AM -0400, Johan wrote:
 Hi,
 
 
 I'm having trouble to get dhcpd to work with two different wlan adapters 
 in hostap mode, ral and ural: the client does not receive a dhcp lease.
 Using last 3.9 snapshot (4 April)
 
 usb:
 ural0: ANI 802.11g WLAN Adapter, rev 2.00/0.01, addr 2
 ural0: MAC/BBP RT2570 (rev 0x05), RF RT2526, address 00:13:46:63:1b:59
 
 mini-pci:
 ral0 at pci0 dev 14 function 0 Ralink RT2561S rev 0x00: irq 11, 
 address 00:0e:8e:02:ed:59
 ral0: MAC/BBP RT2661B, RF RT2527
 
 dhcpd -d ral0 (or dhcpd -d ural0) does not show any output, but 
 /var/db/dhcpd.leases is updated correctly, but the client does not get a 
 ip etc.
 
 pf is off, no firewall at the client side.
 When using a static ip on the client, everything works fine.
 
 Any suggestions?

Please post the appropriate configuration and log files, at least /etc/dhcpd*.

Joachim

Re: PFlog

[Joachim Schipper]

On Sun, Apr 09, 2006 at 01:49:28PM +0100, Gaby vanhegan wrote:
 Hi,
 
 I'm trying to setup a system to account for the traffic that flows  
 through the firewall by service (http, smtp, etc).  I have had some  
 success playing with tcpdump and pf logging but I can't quite work  
 out what's going on.  I have pf logging the traffic that I want to  
 account for so /var/log/pflog is filling up nicely.  Taking a few  
 sample lines from the output of:
 
   # tcpdump -n -r /var/log/pflog
 
 13:35:07.985465 220.135.151.10.1254  195.224.72.148.25: S  
 108231586:108231586(0) win 65535 mss 1300,nop,nop,sackOK (DF)
 13:35:08.384197 195.224.72.148.59258  195.224.72.2.53:  28701+[|domain]
 13:35:15.747376 24.198.33.0.3395  195.224.72.148.25: S  
 531328580:531328580(0) win 64240 mss 1460,nop,wscale  
 0,nop,nop,timestamp 0 0,nop,nop,sackOK (DF)
 13:35:18.025285 80.62.253.137.4452  195.224.72.148.80: S  
 3580612744:3580612744(0) win 65535 mss 1452,nop,nop,sackOK (DF)
 13:35:28.544158 131.165.205.101.1886  195.224.72.148.80: S  
 2587435678:2587435678(0) win 16384 mss 1460 (DF)
 13:35:29.585572 66.154.102.108.53139  195.224.72.148.80: S  
 1452108063:1452108063(0) win 5840 mss 1460,sackOK,timestamp  
 142976852 0,nop,wscale 0 (DF)
 13:35:38.090762 82.153.166.67.1436  195.224.72.148.80: S  
 1406992321:1406992321(0) win 65535 mss 1452,nop,nop,sackOK (DF)
 
 I can't actually work out which field in these lines is the size of  
 the data payload for each packet.  The first line, looks like an SMTP  
 connection, the last four look like HTTP connections (incoming).   
 I've read the pflog documentation, and the tcpdump documentation but  
 perhaps I've missed something.  If I want to get packet sizes, I need  
 to run tcpdump on the live interface (not the pflog file) with the -e  
 flag, which, as the manual suggests:
 
 Link Level Headers
   If the -e option is given, the link level header is printed  
 out.  On Eth-
   ernets, the source and destination addresses, protocol, and  
 packet length
   are printed.
 
 Which gives me packet length.  However, this is for all traffic, and  
 I'm only interested in traffic that makes it through pf, or traffic  
 that I specifically want to log via pf.  I have looked at tools like  
 symon/symux (which I'll be using for the data logging), I don't want  
 to run ntop and iplog hasn't been touched for years.  The mailing  
 archive suggested IPAudit, but I'd rather use native tools if I can.
 
 Does I have to listen to the interface directly (tcpdump -n ip) or  
 can I get the packet size information from the pflog file?

The current configuration will not work - looks like a pf(4)
configuration which passes packets according to state. You only log
packets creating state (for TCP, typically SYN packets), and those are
not a very good indication of used bandwidth.

Not using states will help, though I do believe you are likely required
to add a couple of switches to tcpdump (-vvv will do, IIRC, but is
overkill). However, not using states will cause all traffic passing your
network to be logged to disk. Unless you have a very large, very fast
array of disks and the proper tools to sort through gigabytes of data,
this simply isn't going to work.

A quick Google suggests that NetFlow-based tools might do what you want.
See the ports tree.

Joachim

Re: ral ural dhcpd problem

[Johan]

Please post the appropriate configuration and log files, at least /etc/dhcpd*.

Joachim



dhcpd seems to work ok, verified this by using the sis0 interface on the 
same computer:

# dhcpd -d sis0
DHCPDISCOVER from 00:0c:6e:7e:9e:4f via sis0
DHCPOFFER on 172.16.90.32 to 00:0c:6e:7e:9e:4f via sis0
DHCPREQUEST for 172.16.90.32 from 00:0c:6e:7e:9e:4f via sis0
DHCPACK on 172.16.90.32 to 00:0c:6e:7e:9e:4f via sis0

no messages at all in /var/log/messages or dmesg concerning dhcpd

/etc/dhcpd.conf:
option  domain-name linner.biz;
option  domain-name-servers 195.67.199.9, 195.67.199.10, 195.67.199.11;

subnet 172.16.90.0 netmask 255.255.255.0 {
option routers 172.16.90.1;

range 172.16.90.32 172.16.90.127;
}

/var/db/dhcpd.leases (first entry is ral0, second sis0, yeah the ral0 
lease is there but don't reaches the client):

lease 172.16.90.33 {
starts 4 2005/11/10 00:57:28;
ends 4 2005/11/10 00:57:32;
hardware ethernet 00:13:46:7a:63:01;
uid 01:00:13:46:7a:63:01;
client-hostname deefault;
}
lease 172.16.90.32 {
starts 6 2005/11/12 19:02:02;
ends 0 2005/11/13 07:02:02;
hardware ethernet 00:0c:6e:7e:9e:4f;
uid 01:00:0c:6e:7e:9e:4f;
client-hostname deefault;
}

/etc/dhcpd.interfaces:
sis0
ral0

/Johan

Re: PFlog

[Stuart Henderson]

On 2006/04/09 14:17, Gaby vanhegan wrote:
 On 9 Apr 2006, at 14:10, Andrew Veitch wrote:
 
  Would pmacct help in this scenario?  http://www.pmacct.org/
  Not sure whether it could be configured to listen to pflog though.
 
 The thing with pflog is that I can't see which field (if any) is the  
 packet size, which is what I'm interested in.  I'm trying to log how  
 much of which protocol eats what amount of my bandwidth, both inbound  
 and outbound.

Are the 'pfctl -sr -v' counters no use for you?

Re: PFlog

[Gaby vanhegan]

On 9 Apr 2006, at 15:26, Stuart Henderson wrote:


The thing with pflog is that I can't see which field (if any) is the
packet size, which is what I'm interested in.  I'm trying to log how
much of which protocol eats what amount of my bandwidth, both inbound
and outbound.


Are the 'pfctl -sr -v' counters no use for you?


These look very promising indeed.  I'm guessing that this:

 -s rules   Show the currently loaded filter  
rules.  When used
together with -v, the per-rule  
statistics (number
of evaluations, packets and bytes) are  
also shown.
Note that the ``skip step''  
optimization done au-
tomatically by the kernel will skip  
evaluation of
rules where possible.  Packets passed  
statefully
are counted in the rule that created  
the state
(even though the rule isn't evaluated  
more than

once for the entire connection).


Means that all the bytes are counted, even for stateful connections?   
So if the first x bytes of an HTTP connection create the state, and a  
further Y bytes of web page are transmitted over that connection,  
then the total bytes field will show X+Y, rather than just X?


Gaby

--
Junkets for bunterish lickspittles since 1998!
http://www.playr.co.uk/sudoku/
http://weblog.vanhegan.net/

3.9 packages

[Dave Feustel]

I did not find them at the mirror I checked.
Will they be available for download prior to May 1st?

Thanks,
Dave Feustel
-- 
Lose, v., experience a loss, get rid of, lose the weight
Loose, adj., not tight, let go, free, loose clothing

Re: 3.9 packages

[Joachim Schipper]

On Sun, Apr 09, 2006 at 09:23:50AM -0500, Dave Feustel wrote:
 I did not find them at the mirror I checked.
 Will they be available for download prior to May 1st?

Build them from the OPENBSD_3_9 tag if you want them - see cvs(1), -r.

Joachim

Re: PFlog

[Joachim Schipper]

On Sun, Apr 09, 2006 at 04:28:58PM +0100, Gaby vanhegan wrote:
 On 9 Apr 2006, at 15:26, Stuart Henderson wrote:
 
 The thing with pflog is that I can't see which field (if any) is the
 packet size, which is what I'm interested in.  I'm trying to log how
 much of which protocol eats what amount of my bandwidth, both inbound
 and outbound.
 
 Are the 'pfctl -sr -v' counters no use for you?
 
 These look very promising indeed.  I'm guessing that this:
 
  -s rules   Show the currently loaded filter  
 rules.  When used
 together with -v, the per-rule  
 statistics (number
 of evaluations, packets and bytes) are  
 also shown.
 Note that the ``skip step''  
 optimization done au-
 tomatically by the kernel will skip  
 evaluation of
 rules where possible.  Packets passed  
 statefully
 are counted in the rule that created  
 the state
 (even though the rule isn't evaluated  
 more than
 once for the entire connection).
 
 Means that all the bytes are counted, even for stateful connections?   
 So if the first x bytes of an HTTP connection create the state, and a  
 further Y bytes of web page are transmitted over that connection,  
 then the total bytes field will show X+Y, rather than just X?

Yes, though do note the point about skip rules.

Joachim

Re: throwing out the switch

[Jeff Quast]

On 4/9/06, Joachim Schipper [EMAIL PROTECTED] wrote:
 On Sat, Apr 08, 2006 at 01:04:33PM -0400, Jeff Quast wrote:
  I've been using openbsd+pf for a router for some time at a neighbor's
  house. The router has been upgraded and now has several NIC's.
 
  I'd like to use multiple interfaces with crossover cables instead of a
  single interface with a switch behind it for the internal network, how
  would this best be done? I attempted to bridge all of the internal
  interfaces, but I don't think this would do what I need it to, since a
  bridge can't have an IP address, and it did not apear to work.

 You could bridge them - this would be the classical 'switch' solution.
 How to get this done is another question.

dc0 was the classic internal interface running dhcpd. I kept that
interface as-is.

I set dc1, dc2, and rl0 as (only) up in their hostname.if files.

I placed dc0, dc1, dc2, and rl0 into bridgename.bridge0 with default
settings, like add dc0 add dc1, etc.

brconfig showed bridge0 as it probobly should apear. Mac addresses of
each client were listed on the proper port.

dhcpd would not respond to client requests. I could use tcpdump on,
say rl0 and see the dhcpd requests, but I did not see it on dc0. with
IP addresses set manually, a client on dc2 could not ping a client of
the same subnet on dc1, etc. I assumed the bridge did not do what I
thought it was supposed to do, and dropped it.

So I assigned each NIC an IP address of *.1, .2, .3, and .4.

I assumed with IP forwarding, a client connected to the .4 NIC could
reach the .1 NIC. I was wrong with that as well.

I enabled the bridge again with the internal NIC's having an IP
assigned A client connected to the .4 NIC still could not reach .1, or
a client connected to .1.

 The other solution is to run it as a classical router serving a lot of
 /32 subnets.

 Exactly what do you have problems with?

I am guessing I did something fundamentaly wrong here?

 Joachim

Re: PFlog

[Gaby vanhegan]

And the winner is:

pmacct.

This one is really quick and simple to put together, five minutes and  
a configuration file later and I'm logging all traffic on all ports  
in 10 minute time slices, broken down by source, destination, MAC,  
port, etc.  It also contains actual amounts of traffic too, so I can  
see how much is going in and out.  It's also logging to MySQL so I  
can fiddle about with producing nice reports as much as I would like,  
probably using this tool:

http://www.maani.us/charts/index.php

I also realise that traffic that doesn't get through the firewall has  
still made it to my machine, and has gone over my interface, and thus  
I will be accountable for that traffic.  If it's an SMTP connection  
that's tarpitted by spamd, it's still bytes that I'm accountable for.

Thanks to everybody who replied for your good suggestions,

Gaby

--
Junkets for bunterish lickspittles since 1998!
http://www.playr.co.uk/sudoku/
http://weblog.vanhegan.net/

plotting 2 3-d graphs of data with C

[dick]

i have done some searching for ways to graph 2 and 3-d data using a C program on
openbsd and not found anything particularly satisfactory. perhaps i'm not using
the right keywords. i need to graph data from a C program and would prefer one
library or other program (preferably port) with a C API that would do all i 
need.

i searched the ports@ archive and saw xgraph and grace, but they only do 2-d
graphing, AFAICT. anybody got any other suggestions?

cheers,
jake

[OpenCVS] what does soon mean?

[Stefan]

Hi,

I'm interested in the new OpenCVS project and would like to when it's  
to be released. I know you can't poste an exact date but for a while  
this phrase is at the homepage:

 OpenCVS is to be released soon.
So what does soon mean? Does this mean one week, one mounth, a half  
year or whatever.


It would be nice to know about when it's to be released so I can  
decide if I should use the old GNU CVS or if I should wait for a  
public stable release.


Best regards,
Stefan

PS: Please don't think about this mail like a troll-flaming-mail,  
it's a serious question and important to me!

Re: [OpenCVS] what does soon mean?

[Matthias Kilian]

On Sun, Apr 09, 2006 at 08:22:19PM +0200, Stefan wrote:
  OpenCVS is to be released soon.
 So what does soon mean? Does this mean one week, one mounth, a half  
 year or whatever.

http://nedbsd.nl/modules/static/page/JorisVinkInterview

More can be found via google.

No time plans mentioned, but recently there were lots of activities
on it, according to the cvs-changes.

Ciao,
Kili

-- 
How do I read this file? -  You uudecode it.  - I I I decode it?

Re: plotting 2 3-d graphs of data with C

[Chris McCann]

Hi,

I haven't used it before but you may want to check out PLPlot, it
looks like it might meet your requirements.

http://plplot.sourceforge.net/

Cheers,

Chris

On 4/9/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
 i have done some searching for ways to graph 2 and 3-d data using a C program 
 on
 openbsd and not found anything particularly satisfactory. perhaps i'm not 
 using
 the right keywords. i need to graph data from a C program and would prefer one
 library or other program (preferably port) with a C API that would do all i 
 need.

 i searched the ports@ archive and saw xgraph and grace, but they only do 2-d
 graphing, AFAICT. anybody got any other suggestions?

 cheers,
 jake

Re: throwing out the switch

[Joachim Schipper]

On Sun, Apr 09, 2006 at 01:10:21PM -0400, Jeff Quast wrote:
 On 4/9/06, Joachim Schipper [EMAIL PROTECTED] wrote:
  On Sat, Apr 08, 2006 at 01:04:33PM -0400, Jeff Quast wrote:
   I've been using openbsd+pf for a router for some time at a neighbor's
   house. The router has been upgraded and now has several NIC's.
  
   I'd like to use multiple interfaces with crossover cables instead of a
   single interface with a switch behind it for the internal network, how
   would this best be done? I attempted to bridge all of the internal
   interfaces, but I don't think this would do what I need it to, since a
   bridge can't have an IP address, and it did not apear to work.
 
  You could bridge them - this would be the classical 'switch' solution.
  How to get this done is another question.
 
 dc0 was the classic internal interface running dhcpd. I kept that
 interface as-is.
 
 I set dc1, dc2, and rl0 as (only) up in their hostname.if files.
 
 I placed dc0, dc1, dc2, and rl0 into bridgename.bridge0 with default
 settings, like add dc0 add dc1, etc.
 
 brconfig showed bridge0 as it probobly should apear. Mac addresses of
 each client were listed on the proper port.

That looks good.

 dhcpd would not respond to client requests. I could use tcpdump on,
 say rl0 and see the dhcpd requests, but I did not see it on dc0. with
 IP addresses set manually, a client on dc2 could not ping a client of
 the same subnet on dc1, etc. I assumed the bridge did not do what I
 thought it was supposed to do, and dropped it.

Hmm, someone else will have to debug that. It'd probably be the
easiest/best solution, but I've never configured a bridge.

 So I assigned each NIC an IP address of *.1, .2, .3, and .4.
 
 I assumed with IP forwarding, a client connected to the .4 NIC could
 reach the .1 NIC. I was wrong with that as well.
 
 I enabled the bridge again with the internal NIC's having an IP
 assigned A client connected to the .4 NIC still could not reach .1, or
 a client connected to .1.

Have you set net.inet.ip{,6}.forwarding?

  The other solution is to run it as a classical router serving a lot of
  /32 subnets.
 
  Exactly what do you have problems with?
 
 I am guessing I did something fundamentaly wrong here?

Probably, but what? ;-)

Joachim

Re: plotting 2 3-d graphs of data with C

[Joachim Schipper]

On Sun, Apr 09, 2006 at 01:23:17PM -0500, [EMAIL PROTECTED] wrote:
 i have done some searching for ways to graph 2 and 3-d data using a C
 program on openbsd and not found anything particularly satisfactory.
 perhaps i'm not using the right keywords. i need to graph data from a
 C program and would prefer one library or other program (preferably
 port) with a C API that would do all i need.
 
 i searched the ports@ archive and saw xgraph and grace, but they only do 2-d
 graphing, AFAICT. anybody got any other suggestions?

I've heard GNUplot mentioned in this context. It's in ports (though not
in packages).

Joachim

Re: throwing out the switch

[Jeff Quast]

On 4/9/06, Joachim Schipper [EMAIL PROTECTED] wrote:
 On Sun, Apr 09, 2006 at 01:10:21PM -0400, Jeff Quast wrote:
  On 4/9/06, Joachim Schipper [EMAIL PROTECTED] wrote:
   On Sat, Apr 08, 2006 at 01:04:33PM -0400, Jeff Quast wrote:
I've been using openbsd+pf for a router for some time at a neighbor's
house. The router has been upgraded and now has several NIC's.
   
I'd like to use multiple interfaces with crossover cables instead of a
single interface with a switch behind it for the internal network, how
would this best be done? I attempted to bridge all of the internal
interfaces, but I don't think this would do what I need it to, since a
bridge can't have an IP address, and it did not apear to work.
  
   You could bridge them - this would be the classical 'switch' solution.
   How to get this done is another question.
 
  dc0 was the classic internal interface running dhcpd. I kept that
  interface as-is.
 
  I set dc1, dc2, and rl0 as (only) up in their hostname.if files.
 
  I placed dc0, dc1, dc2, and rl0 into bridgename.bridge0 with default
  settings, like add dc0 add dc1, etc.
 
  brconfig showed bridge0 as it probobly should apear. Mac addresses of
  each client were listed on the proper port.

 That looks good.

  dhcpd would not respond to client requests. I could use tcpdump on,
  say rl0 and see the dhcpd requests, but I did not see it on dc0. with
  IP addresses set manually, a client on dc2 could not ping a client of
  the same subnet on dc1, etc. I assumed the bridge did not do what I
  thought it was supposed to do, and dropped it.

 Hmm, someone else will have to debug that. It'd probably be the
 easiest/best solution, but I've never configured a bridge.

  So I assigned each NIC an IP address of *.1, .2, .3, and .4.
 
  I assumed with IP forwarding, a client connected to the .4 NIC could
  reach the .1 NIC. I was wrong with that as well.
 
  I enabled the bridge again with the internal NIC's having an IP
  assigned A client connected to the .4 NIC still could not reach .1, or
  a client connected to .1.

 Have you set net.inet.ip{,6}.forwarding?

Yes of course, it has been performing as a router for a while now with
a single NIC for the local network. I did double-check it when i saw
that behavior, though, and it is set.


   The other solution is to run it as a classical router serving a lot of
   /32 subnets.
  
   Exactly what do you have problems with?
 
  I am guessing I did something fundamentaly wrong here?

 Probably, but what? ;-)

 Joachim



Thanks for your help, Joachim. I'll do a fresh install and try again
when my 3.9 cd's arrive. Maybe I have stale configurations somewhere.

I have a very difficult time finding anybody on mail archives or
google doing something similar. The only information I can find is for
tranparent firewalls.

Does anybody have a link of somebody performing something similar?

usb mouse detected but not working

[Stephen Takacs]

I've got a similar situation as this:
http://marc.theaimsgroup.com/?l=openbsd-miscm=106401329307009w=2

Basically, I have a laptop with a built-in touchpad (which works fine)
and also a separate keyboard + touchpad hooked up to one of the laptop's
USB ports.  The external touchpad is a very plain 2-button Cirque serial
device, which is connected to a serial-to-ps/2 adaptor.  Both the
keyboard and touchpad are hooked up to the same USB port via a
ps/2-to-usb Y adaptor.  The keyboard works fine.  The touchpad doesn't
ever respond at all, although I know the hardware is good because this
setup works fine if I boot into a Knoppix CD (it finds it at
/dev/input/mice, and both touchpads multiplex ok in gpm).

My dmesg is appended to the end of this email, and here's some other
relevant info:

$ usbdevs -v
Controller /dev/usb0:
addr 1: full speed, self powered, config 1, OHCI root hub(0x), SIS(0x1039), 
rev 1.00
 port 1 powered
 port 2 addr 2: low speed, power 100 mA, config 1, Semi Tech PS/2 Keyboard - 
PS/2 Mouse(0x8081), Semi Tech(0x04b4), rev 0.01
 port 3 powered
Controller /dev/usb1:
addr 1: full speed, self powered, config 1, OHCI root hub(0x), SIS(0x1039), 
rev 1.00
 port 1 powered
 port 2 powered
 port 3 powered
Controller /dev/usb2:
addr 1: high speed, self powered, config 1, EHCI root hub(0x), SIS(0x1039), 
rev 1.00
 port 1 powered
 port 2 powered
 port 3 powered
 port 4 powered
 port 5 powered
 port 6 powered

$ ls -l /dev/wsmouse*
crw---1 smt  smt   69,   0 Nov 17 20:48 /dev/wsmouse
crw---1 smt  smt   68,   0 Nov 17 20:48 /dev/wsmouse0
crw---1 smt  smt   68,   1 Dec  3 17:46 /dev/wsmouse1
crw---1 root wheel 68,   2 Nov 17 20:48 /dev/wsmouse2
crw---1 root wheel 68,   3 Nov 17 20:48 /dev/wsmouse3

$ sudo wsmoused -i -p /dev/wsmouse
wsmouse supported mouse: USB
$ sudo wsmoused -i -p /dev/wsmouse0
wsmouse supported mouse: PS/2 compatible
$ sudo wsmoused -i -p /dev/wsmouse1
wsmouse supported mouse: USB

Testing with wsmoused:

sudo wsmoused -2df -p /dev/wsmouse0 shows the mouse cursor moving when
finger pressure is applied to the laptop's built-in touchpad.

sudo wsmoused -2df -p /dev/wsmouse1 has no effect all at when pressure
is applied to the external touchpad, even if explicit -t option is used
(tried every single protocol type on the list)

Testing with cat:

cat /dev/wsmouse0 prints binary junk to the screen when the built-in
touchpad is pressed.

cat /dev/wsmouse1 prints nothing at all when the external touchpad is
pressed.  It's dead Jim...

I also tried the same tests after booting with disable pms in the UKC.
The only result was that the built-in touchpad then also became dead,
and the external touchpad replaced it as wsmouse0 (but was still
completely dead).  Booting with the external keyboard disconnected from
the Y adaptor also had no effect.  I'm not sure what else to try or
what I should look at next?

OpenBSD 3.8 (GENERIC) #0: Wed Apr  5 20:52:37 EDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Mobile AMD Sempron(tm) Processor 3000+ (AuthenticAMD 686-class, 128KB 
L2 cache) 1.80 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3
cpu0: AMD Powernow: FID VID TTP TM STC
real mem  = 501784576 (490024K)
avail mem = 450740224 (440176K)
using 4278 buffers containing 25190400 bytes (24600K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(39) BIOS, date 08/24/05, BIOS32 rev. 0 @ 0xfd5f0
pcibios0 at bios0: rev 2.1 @ 0xfd5f0/0xa10
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdd30/160 (8 entries)
pcibios0: PCI Interrupt Router at 000:02:0 (SIS 85C503 System rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0xc000 0xdc000/0x8000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 SIS 760 PCI rev 0x03
ppb0 at pci0 dev 1 function 0 SIS 86C202 VGA rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 SIS 6330 VGA rev 0x00: aperture at 0xe800, 
size 0x40
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 2 function 0 SIS 85C503 System rev 0x25
pciide0 at pci0 dev 2 function 5 SIS 5513 EIDE rev 0x00: 760: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: IC25N060ATMR04-0
wd0: 16-sector PIO, LBA48, 57231MB, 117210240 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: Slimtype, COMBO SOSC-2483K, KCK2 SCSI0 5/cdrom 
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
SIS 7013 Modem rev 0xa0 at pci0 dev 2 function 6 not configured
auich0 at pci0 dev 2 function 7 SIS 7012 AC97 rev 0xa0: irq 5, SiS7012 AC97
ac97: codec id 0x414c4770 (Avance Logic ALC203)
ac97: codec features 

Re: [OpenCVS] what does soon mean?

[knitti]

On 4/9/06, Stefan [EMAIL PROTECTED] wrote:
 It would be nice to know about when it's to be released so I can
 decide if I should use the old GNU CVS or if I should wait for a
 public stable release.

Everything one could read in the past time about the project suggests
you can start out with GNU CVS and easily switch later to OpenCVS.

--knitti

Questions about 3.9 Installation on External USB Disk

[Dave Feustel]

I got my 3.9 Cdrom set yesterday and today started installing
it on an external usb disk so as not to wipe out my existing
3.8 setup. When I got to the disk partition, I erased the existing
'a' partition (dos) and created a new bsd 'a' partition. The partition
had a default offset of 32 which looked odd to me, so I changed
it to 64 and sized it to 1G. Then I created a 'b' partition. Again,
the default offset was 32. That looked even odder to me, so
I aborted the installation. A dmesg of the 3.8 boot (with external
usb drive attached) follows at the end of this post.

So is it possible to install 3.9 on an external usb drive and then to
boot from that drive? Is the default 32 offset for a and b partitions
on the usb drive correct? (I don't think so, but I am asking anyways
since I have not used usb hard drives with OpenBSD before).

Thanks,
Dave Feustel
-- 
OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III (GenuineIntel 686-class) 797 MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem  = 536190976 (523624K)
avail mem = 482353152 (471048K)
using 4278 buffers containing 26910720 bytes (26280K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 09/17/01, BIOS32 rev. 0 @ 0xfda74
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf2c30/224 (12 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00)
pcibios0: PCI bus #3 is the last bus
bios0: ROM list: 0xc/0xb000 0xcb000/0x800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82815 Hub rev 0x02: rng active, 7Kb/sec
ppb0 at pci0 dev 1 function 0 Intel 82815 AGP rev 0x02
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 ATI Rage Fury rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb1 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x02
pci2 at ppb1 bus 2
xl0 at pci2 dev 10 function 0 3Com 3c905C 100Base-TX rev 0x78: irq 3, address 
00:01:03:23:4c:b3
bmtphy0 at xl0 phy 24: Broadcom 3C905C internal PHY, rev. 7
ohci0 at pci2 dev 11 function 0 NEC USB rev 0x41: irq 11, version 1.0
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: NEC OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 3 ports with 3 removable, self powered
ohci1 at pci2 dev 11 function 1 NEC USB rev 0x41: irq 9, version 1.0
usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: NEC OHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
ehci0 at pci2 dev 11 function 2 NEC USB rev 0x01: irq 11
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: NEC EHCI root hub, rev 2.00/1.00, addr 1
uhub2: 5 ports with 5 removable, self powered
ppb2 at pci2 dev 12 function 0 Texas Instruments PCI2250 PCI-PCI rev 0x02
pci3 at ppb2 bus 3
sis0 at pci3 dev 0 function 0 NS DP83815 10/100 rev 0x00: DP83816A, irq 9, 
address 00:00:24:c3:4c:c0
nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1
sis1 at pci3 dev 1 function 0 NS DP83815 10/100 rev 0x00: DP83816A, irq 11, 
address 00:00:24:c3:4c:c1
nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1
sis2 at pci3 dev 2 function 0 NS DP83815 10/100 rev 0x00: DP83816A, irq 3, 
address 00:00:24:c3:4c:c2
nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1
sis3 at pci3 dev 3 function 0 NS DP83815 10/100 rev 0x00: DP83816A, irq 11, 
address 00:00:24:c3:4c:c3
nsphyter3 at sis3 phy 0: DP83815 10/100 PHY, rev. 1
eap0 at pci2 dev 13 function 0 Ensoniq AudioPCI97 rev 0x07: irq 11
ac97: codec id 0x83847608 (SigmaTel STAC9708/11)
ac97: codec features 18 bit DAC, 18 bit ADC, SigmaTel 3D
audio0 at eap0
midi0 at eap0: AudioPCI MIDI UART
ichpcib0 at pci0 dev 31 function 0 Intel 82801BA LPC rev 0x02
pciide0 at pci0 dev 31 function 1 Intel 82801BA IDE rev 0x02: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 1: MAXTOR 6L080J4
wd0: 16-sector PIO, LBA, 76345MB, 156355584 sectors
wd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: SAMSUNG, DVD-ROM SD-612, 0.5 SCSI0 5/cdrom 
removable
atapiscsi1 at pciide0 channel 1 drive 1
scsibus1 at atapiscsi1: 2 targets
cd1 at scsibus1 targ 0 lun 0: LITE-ON, DVDRW SOHW-812S, US05 SCSI0 5/cdrom 
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
cd1(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2
uhci0 at pci0 dev 31 function 2 Intel 82801BA USB rev 0x02: irq 10
usb3 at uhci0: USB revision 1.0
uhub3 at usb3
uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
Intel 82801BA SMBus rev 0x02 at pci0 dev 31 function 3 not configured
isa0 at ichpcib0
isadma0 at isa0
pckbc0 

Re: [OpenCVS] what does soon mean?

[jared r r spiegel]

On Sun, Apr 09, 2006 at 10:38:13PM +0200, knitti wrote:
 On 4/9/06, Stefan [EMAIL PROTECTED] wrote:
  It would be nice to know about when it's to be released so I can
  decide if I should use the old GNU CVS or if I should wait for a
  public stable release.
 
 Everything one could read in the past time about the project suggests
 you can start out with GNU CVS and easily switch later to OpenCVS.

  there's also /usr/src/usr.bin/cvs/README

  if you wanted to see where things are now, check it out, etc.

-- 

  jared

[ openbsd 3.9-current GENERIC ( mar 15 ) // i386 ]

X11 Issue - Integrated Intel Media Accelerator 900 Graphics (Intel 915GM)

[d 269330400]

I recently installed OpenBSD 3.8 (I haven't received my 3.9 CD in the
mail yet), and am having problems getting X to work (among other
things).

It's a Dell Inspiron 1300 notebook w/ Integrated Intel Media
Accelerator 900 Graphics (Intel 915GM). The full dmesg is below.

So, quick question. I noticed the following bullet on the OpenBSD 3.9
release page. Could this be my problem? That is, is it referring to
the same Intel 915 as my graphics? Clueless, I know - sorry.

- Support the Intel i915 AGP

I've tried following the instructions in /usr/X11R6/README, using the
various X wizards (xorgcfg, xorgconfig, xf86config3), and
/etc/sysctl.conf has machdep.allowaperture set to 2 because I answered
yes to the X question during the install.

I also tried copying over the XF86Config and XF86Config-4 files that
were generated by a KNOPPIX live-CD that worked on the same box, but
that didn't work either.

Thanks.

--d

OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) M processor 1.40GHz (GenuineIntel
686-class) 1.40 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,ACPI
,MMX,FXSR,SSE,SSE2,SS,TM,SBF
real mem  = 527880192 (515508K)
avail mem = 474746880 (463620K)
using 4278 buffers containing 26497024 bytes (25876K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 01/24/06, BIOS32 rev. 0 @ 0xffe90
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfb790/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371 ISA and IDE rev
0x00)
pcibios0: PCI bus #3 is the last bus
bios0: ROM list: 0xc/0xf800! 0xcf800/0x800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 915GM/PM/GMS Host rev 0x03
vga1 at pci0 dev 2 function 0 Intel 915GM/GMS Video rev 0x03:
aperture at 0xdff0, size 0x800
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
Intel 915GM/GMS Video rev 0x03 at pci0 dev 2 function 1 not configured
Intel 82801FB HD Audio rev 0x03 at pci0 dev 27 function 0 not configured
ppb0 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x03
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 3 Intel 82801FB PCIE rev 0x03
pci2 at ppb1 bus 2
uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x03: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x03: irq 10
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x03: irq 9
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 29 function 3 Intel 82801FB USB rev 0x03: irq 7
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 Intel 82801FB USB rev 0x03: irq 11
usb4 at ehci0: USB revision 2.0
uhub4 at usb4
uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub4: 8 ports with 8 removable, self powered
ppb2 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xd3
pci3 at ppb2 bus 3
bce0 at pci3 dev 0 function 0 Broadcom BCM4401B0 rev 0x02: irq 9,
address 00:14:22:97:85:e0
bmtphy0 at bce0 phy 1: BCM4401 10/100baseTX PHY, rev. 0
vendor Broadcom, unknown product 0x4318 (class network subclass
miscellaneous, rev 0x02) at pci3 dev 3 function 0 not configured
pcib0 at pci0 dev 31 function 0 Intel 82801FBM LPC rev 0x03
pciide0 at pci0 dev 31 function 1 Intel 82801FB IDE rev 0x03: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0: ST9808211A
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
atapiscsi0 at pciide0 channel 0 drive 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, CDRW/DVD GCC4244, B101 SCSI0
5/cdrom removable
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
cd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
biomask effd netmask effd ttymask 
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302

Looking for a default /etc/mk.conf to see all possible options to change

[Michael]

Hello,

First of all, i am new to OpenBSD, but i have extensive experience with 
 FreeBSD.


I recently installed OpenBSD 3.8. I updated it with cvs to -stable. Like 
most of the Admins i want to strip the OS to exclude things i don't 
need, i.e. no IPV6 support, etc.


I read about the file /etc/mk.conf in which you can disable compile 
options. These options will then apply to the src and the portstree. 
Ofcourse i don't know from head which options are available and what 
they are called. I would like to know where i can find a default mk.conf 
in where all possible options are listed, so i can choose what to disable.


Thanks in advance.

ps. i am from Holland so my English might be a little poor.

With kind regards,

Michael

Re: throwing out the switch

[Jeff Quast]

On 4/9/06, Mark Pecaut [EMAIL PROTECTED] wrote:
 Sorry if I missed something you mentioned before but what exactly are
 you trying to do?

 I've used bridges several times before and it sounds like you are
 doing the right stuff (there is not much to do).

It seemed easy enough, I just was not getting the expected behavior.

 The rule is
 generally that if you want your host to connect two physically
 separate networks that are on the same subnet, use a bridge.  For
 example, an ISP assigns you 8 IPs and you want to use them all but
 want a common firewall in front of them all but don't want nat.

 If you want to nat or otherwise connect two subnets together, that is
 when you need routing and ip forwarding on.

 Can you give some information on how you want to connect everything
 and the problem/goal?  I'd be happy to help if I can.

 -mark

Previously, this machine performed NAT with two NIC's.

One NIC to the ISP, the other NIC to a switch to serve a few clients.

The machine was upgraded, with several more NIC's. I thought I would
take the switch out (hence the subject), and have the clients connect
directly to the NIC's instead. There is currently only 2 clients,
anyway.

I put all but external NIC on a bridge. I thought I would post because
I might have had the wrong idea about what a bridge would be used for.

I will just have to give it another shot when my cd's arrive.


 On 4/9/06, Jeff Quast [EMAIL PROTECTED] wrote:
  On 4/9/06, Joachim Schipper [EMAIL PROTECTED] wrote:
   On Sun, Apr 09, 2006 at 01:10:21PM -0400, Jeff Quast wrote:
On 4/9/06, Joachim Schipper [EMAIL PROTECTED] wrote:
 On Sat, Apr 08, 2006 at 01:04:33PM -0400, Jeff Quast wrote:
  I've been using openbsd+pf for a router for some time at a
  neighbor's
  house. The router has been upgraded and now has several NIC's.
 
  I'd like to use multiple interfaces with crossover cables instead of
  a
  single interface with a switch behind it for the internal network,
  how
  would this best be done? I attempted to bridge all of the internal
  interfaces, but I don't think this would do what I need it to, since
  a
  bridge can't have an IP address, and it did not apear to work.

 You could bridge them - this would be the classical 'switch' solution.
 How to get this done is another question.
   
dc0 was the classic internal interface running dhcpd. I kept that
interface as-is.
   
I set dc1, dc2, and rl0 as (only) up in their hostname.if files.
   
I placed dc0, dc1, dc2, and rl0 into bridgename.bridge0 with default
settings, like add dc0 add dc1, etc.
   
brconfig showed bridge0 as it probobly should apear. Mac addresses of
each client were listed on the proper port.
  
   That looks good.
  
dhcpd would not respond to client requests. I could use tcpdump on,
say rl0 and see the dhcpd requests, but I did not see it on dc0. with
IP addresses set manually, a client on dc2 could not ping a client of
the same subnet on dc1, etc. I assumed the bridge did not do what I
thought it was supposed to do, and dropped it.
  
   Hmm, someone else will have to debug that. It'd probably be the
   easiest/best solution, but I've never configured a bridge.
  
So I assigned each NIC an IP address of *.1, .2, .3, and .4.
   
I assumed with IP forwarding, a client connected to the .4 NIC could
reach the .1 NIC. I was wrong with that as well.
   
I enabled the bridge again with the internal NIC's having an IP
assigned A client connected to the .4 NIC still could not reach .1, or
a client connected to .1.
  
   Have you set net.inet.ip{,6}.forwarding?
 
  Yes of course, it has been performing as a router for a while now with
  a single NIC for the local network. I did double-check it when i saw
  that behavior, though, and it is set.
 
  
 The other solution is to run it as a classical router serving a lot of
 /32 subnets.

 Exactly what do you have problems with?
   
I am guessing I did something fundamentaly wrong here?
  
   Probably, but what? ;-)
  
   Joachim
  
  
 
  Thanks for your help, Joachim. I'll do a fresh install and try again
  when my 3.9 cd's arrive. Maybe I have stale configurations somewhere.
 
  I have a very difficult time finding anybody on mail archives or
  google doing something similar. The only information I can find is for
  tranparent firewalls.
 
  Does anybody have a link of somebody performing something similar?

Re: Looking for a default /etc/mk.conf to see all possible options to change

[jared r r spiegel]

On Sun, Apr 09, 2006 at 11:11:59PM +0200, Michael wrote:
 
 I read about the file /etc/mk.conf in which you can disable compile 
 options. These options will then apply to the src and the portstree. 

  i found that things such as turning off YP and AFS are just a bit
  of a nuisance in the form of some non-fatal errors during a make
  build/release, and really weren't worth my time after all.

 Ofcourse i don't know from head which options are available and what 
 they are called. I would like to know where i can find a default mk.conf 
 in where all possible options are listed, so i can choose what to disable.

  there is no default.

  there is, however, a manpage which probably lists all you want:

/home/jrrs $ apropos mk.conf
mk.conf (5) - system-specific configuration parameters

-- 

  jared

[ openbsd 3.9-current GENERIC ( mar 15 ) // i386 ]

Re: ral ural dhcpd problem

[Johan]

Johan skrev:
Please post the appropriate configuration and log files, at least 
/etc/dhcpd*.


Joachim



dhcpd seems to work ok, verified this by using the sis0 interface on the 
same computer:

# dhcpd -d sis0
DHCPDISCOVER from 00:0c:6e:7e:9e:4f via sis0
DHCPOFFER on 172.16.90.32 to 00:0c:6e:7e:9e:4f via sis0
DHCPREQUEST for 172.16.90.32 from 00:0c:6e:7e:9e:4f via sis0
DHCPACK on 172.16.90.32 to 00:0c:6e:7e:9e:4f via sis0

no messages at all in /var/log/messages or dmesg concerning dhcpd

/etc/dhcpd.conf:
option  domain-name linner.biz;
option  domain-name-servers 195.67.199.9, 195.67.199.10, 195.67.199.11;

subnet 172.16.90.0 netmask 255.255.255.0 {
option routers 172.16.90.1;

range 172.16.90.32 172.16.90.127;
}

/var/db/dhcpd.leases (first entry is ral0, second sis0, yeah the ral0 
lease is there but don't reaches the client):

lease 172.16.90.33 {
starts 4 2005/11/10 00:57:28;
ends 4 2005/11/10 00:57:32;
hardware ethernet 00:13:46:7a:63:01;
uid 01:00:13:46:7a:63:01;
client-hostname deefault;
}
lease 172.16.90.32 {
starts 6 2005/11/12 19:02:02;
ends 0 2005/11/13 07:02:02;
hardware ethernet 00:0c:6e:7e:9e:4f;
uid 01:00:0c:6e:7e:9e:4f;
client-hostname deefault;
}

/etc/dhcpd.interfaces:
sis0
ral0

/Johan



Ok, I have narrowed the problem down.
If I don't use a wep key (ifconfig ral0 -nwkey) then dhcpd works and the 
client gets the ip.
So it seems like some kind of problem with hostap/ral/nwkey together 
with dhcpd...


/Johan

Re: Questions about 3.9 Installation on External USB Disk

[Joachim Schipper]

On Sun, Apr 09, 2006 at 01:58:32PM -0500, Dave Feustel wrote:
 I got my 3.9 Cdrom set yesterday and today started installing
 it on an external usb disk so as not to wipe out my existing
 3.8 setup. When I got to the disk partition, I erased the existing
 'a' partition (dos) and created a new bsd 'a' partition. The partition
 had a default offset of 32 which looked odd to me, so I changed
 it to 64 and sized it to 1G. Then I created a 'b' partition. Again,
 the default offset was 32. That looked even odder to me, so
 I aborted the installation. A dmesg of the 3.8 boot (with external
 usb drive attached) follows at the end of this post.
 
 So is it possible to install 3.9 on an external usb drive and then to
 boot from that drive? Is the default 32 offset for a and b partitions
 on the usb drive correct? (I don't think so, but I am asking anyways
 since I have not used usb hard drives with OpenBSD before).

I don't know if the offset is correct - though I presume it is - but
disklabel will always try to put new slices at the lowest unused
address, so the question about the second diskslice is as it should be.

I don't think I've ever seen or owned a machine that could boot off an
external USB drive, but I'm sure they exist and assume that you know
what you are doing. ;-)

Joachim

Re: Looking for a default /etc/mk.conf to see all possible options to change

[Darrin Chandler]

Michael wrote:


Hello,

First of all, i am new to OpenBSD, but i have extensive experience 
with  FreeBSD.


I recently installed OpenBSD 3.8. I updated it with cvs to -stable. 
Like most of the Admins i want to strip the OS to exclude things i 
don't need, i.e. no IPV6 support, etc.



Although it's normal with other OS's, customer kernels are not highly 
encouraged in OpenBSD, and help with problems in that case will be 
limited or nonexistent. Most knobs that you want to turn are available 
through other means (man sysctl(8) and/or config(8)). Try very hard to 
find what you want to turn off with sysctl or config before you even 
think about doing a custom kernel.


I read about the file /etc/mk.conf in which you can disable compile 
options. These options will then apply to the src and the portstree. 
Ofcourse i don't know from head which options are available and what 
they are called. I would like to know where i can find a default 
mk.conf in where all possible options are listed, so i can choose what 
to disable.



If you want a list of options, man mk.conf(5) will help a lot. I don't 
know of a sample file, personally.


--
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |

Re: Looking for a default /etc/mk.conf to see all possible options to change

[Joachim Schipper]

On Sun, Apr 09, 2006 at 11:11:59PM +0200, Michael wrote:
 Hello,
 
 First of all, i am new to OpenBSD, but i have extensive experience with 
  FreeBSD.
 
 I recently installed OpenBSD 3.8. I updated it with cvs to -stable. Like 
 most of the Admins i want to strip the OS to exclude things i don't 
 need, i.e. no IPV6 support, etc.
 
 I read about the file /etc/mk.conf in which you can disable compile 
 options. These options will then apply to the src and the portstree. 
 Ofcourse i don't know from head which options are available and what 
 they are called. I would like to know where i can find a default mk.conf 
 in where all possible options are listed, so i can choose what to disable.

See the FAQ: http://www.openbsd.org/faq/faq5.html#Why. Read both that
and the next entry, and don't ask here if it doesn't work.

Building custom kernels is not common practice on OpenBSD, and not
generally necessary either.

Joachim

Re: X11 Issue - Integrated Intel Media Accelerator 900 Graphics (Intel 915GM)

[Joachim Schipper]

On Sun, Apr 09, 2006 at 05:00:39PM -0400, d 269330400 wrote:
 I recently installed OpenBSD 3.8 (I haven't received my 3.9 CD in the
 mail yet), and am having problems getting X to work (among other
 things).
 
 It's a Dell Inspiron 1300 notebook w/ Integrated Intel Media
 Accelerator 900 Graphics (Intel 915GM). The full dmesg is below.
 
 So, quick question. I noticed the following bullet on the OpenBSD 3.9
 release page. Could this be my problem? That is, is it referring to
 the same Intel 915 as my graphics? Clueless, I know - sorry.
 
 - Support the Intel i915 AGP

 pchb0 at pci0 dev 0 function 0 Intel 915GM/PM/GMS Host rev 0x03
 vga1 at pci0 dev 2 function 0 Intel 915GM/GMS Video rev 0x03:
 aperture at 0xdff0, size 0x800
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 Intel 915GM/GMS Video rev 0x03 at pci0 dev 2 function 1 not configured
 Intel 82801FB HD Audio rev 0x03 at pci0 dev 27 function 0 not configured
 
Well, whatever you have is obviously not supported, FWIW.

Since (almost?) any modern i386-based video card uses AGP, I'm pretty
certain it's the same. A quick search also suggest recent developments
in various Open Source projects around this card, which further supports
this idea.

Wait for 3.9? Or just stick to console mode for now.

Joachim

Re: ral ural dhcpd problem

[Joachim Schipper]

On Sun, Apr 09, 2006 at 05:45:10PM -0400, Johan wrote:
 Johan skrev:
 Please post the appropriate configuration and log files, at least 
 /etc/dhcpd*.
 
 Joachim
 
 
 dhcpd seems to work ok, verified this by using the sis0 interface on the 
 same computer:
 # dhcpd -d sis0
 DHCPDISCOVER from 00:0c:6e:7e:9e:4f via sis0
 DHCPOFFER on 172.16.90.32 to 00:0c:6e:7e:9e:4f via sis0
 DHCPREQUEST for 172.16.90.32 from 00:0c:6e:7e:9e:4f via sis0
 DHCPACK on 172.16.90.32 to 00:0c:6e:7e:9e:4f via sis0
 
 no messages at all in /var/log/messages or dmesg concerning dhcpd
 
 /etc/dhcpd.conf:
 option  domain-name linner.biz;
 option  domain-name-servers 195.67.199.9, 195.67.199.10, 195.67.199.11;
 
 subnet 172.16.90.0 netmask 255.255.255.0 {
 option routers 172.16.90.1;
 
 range 172.16.90.32 172.16.90.127;
 }
 
 /var/db/dhcpd.leases (first entry is ral0, second sis0, yeah the ral0 
 lease is there but don't reaches the client):
 lease 172.16.90.33 {
 starts 4 2005/11/10 00:57:28;
 ends 4 2005/11/10 00:57:32;
 hardware ethernet 00:13:46:7a:63:01;
 uid 01:00:13:46:7a:63:01;
 client-hostname deefault;
 }
 lease 172.16.90.32 {
 starts 6 2005/11/12 19:02:02;
 ends 0 2005/11/13 07:02:02;
 hardware ethernet 00:0c:6e:7e:9e:4f;
 uid 01:00:0c:6e:7e:9e:4f;
 client-hostname deefault;
 }
 
 /etc/dhcpd.interfaces:
 sis0
 ral0
 
 /Johan
 
 
 Ok, I have narrowed the problem down.
 If I don't use a wep key (ifconfig ral0 -nwkey) then dhcpd works and the 
 client gets the ip.
 So it seems like some kind of problem with hostap/ral/nwkey together 
 with dhcpd...

ISTR dhcpd doing weird stuff - sending raw packets and such. This might
interfere somewhere.

This is not even an educated guess, but could it be that the dhcpd
messages are not encoded (properly/at all)?

Joachim

Re: Questions about 3.9 Installation on External USB Disk

[Tony]

Dave Feustel wrote:
 
 
 I got my 3.9 Cdrom set yesterday and today started installing
 it on an external usb disk so as not to wipe out my existing
 3.8 setup. When I got to the disk partition, I erased the existing
 'a' partition (dos) and created a new bsd 'a' partition. The partition
 had a default offset of 32 which looked odd to me, so I changed
 it to 64 and sized it to 1G. Then I created a 'b' partition. Again,
 the default offset was 32. That looked even odder to me, so
 I aborted the installation. A dmesg of the 3.8 boot (with external
 usb drive attached) follows at the end of this post.
Something is very confused. 
I do not believe an existing 'a' partition (dos).
What you really need is the disk geometry BEFORE you did whatever.
The OpenBSD 'a' partition is the root. It needs to be bootable
(id addressable) by the BIOS. It needs be be very small so that
everything required for booting fits inside the limits of the BIOS.
The BIOS likely uses CHS addressing. The exact limits depend on
which BIOS and which disk geometry. Generally hard drives went to
claiming 63 sectors per track very early to extend the limits.
Since the disks are small and NOT usually boot devices there is not
the need to use antiquated methods of extending addressable disk
space. In that case, 32 sectors per track seems a very plausible
number. It should make some internal addressing rather more readily
calculable with stuff being powers of two.

Partitions labeled a,b,c etc belong to an OpenBSD disklabel.
This is actually totally independent of what holds what are called 
DOS partitions (and I think these are numbered like 0,1,2,3 on OpenBSD.
The 
 
 So is it possible to install 3.9 on an external usb drive and then to
 boot from that drive? Is the default 32 offset for a and b partitions
 on the usb drive correct? (I don't think so, but I am asking anyways
 since I have not used usb hard drives with OpenBSD before).
The offset should be whatever the drive wants to claim.
I think the number has to be somewhere between 1 and 63 and is really
one less than the number of wasted sectors at the beginning of the disk.
For some reason, Operating Systems seem to be unhappy unless they start
at the beginning of the track they start on. An offset that is valid for
one disk geometry is very wrong for a different disk geometry.
Do not decide it looks funny just because it's a different disk.


 sd0: 57231MB, 57231 cyl, 64 head, 32 sec, 512 bytes/sec, 

That is 32 sitting there.

PF and MS RDP trouble (help!)

[Leonardo Rodrigues]

Hello everyone!

I'm having a bit of trouble trying to access a Windows 2003 server
that is behind an OpenBSD 3.9 -current firewall.

From the LAN, I can remote access the 2k3 server easily, by just
opening the mstsc and entering the machine's IP (192.168.0.1).
The problem is, I want to access the 2k3 server from home, and my PF
rules aren't working =(
I try to connect to the firewall's external IP via the ms terminal
service client, but my connection times out...

Here's my pf.conf

#BEGIN
lab_if = em0 # i'm still not using it.
adm_if = rl0
ext_if = rl1

tcp_services = { 22, 113  }
icmp_types = echoreq
priv_nets = { 192.168.0.0/16, 127.0.0.0/8, 172.16.0.0/12, 10.0.0.0/8  }

set block-policy return
set loginterface $ext_if

scrub in all

nat on $ext_if from $adm_if:network to any - $ext_if

#RDP rdr rule
rdr on $ext_if proto tcp from any to $ext_if port 3389 - 192.168.0.1 port 3389

block all

pass quick on lo0 all

block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets

# RDP (MS Terminal Service)
pass in on $ext_if proto tcp from any to any port 3389

pass in on $ext_if inet proto tcp from any to $ext_if \
 port $tcp_services flags S/SA keep state

pass in inet proto icmp all icmp-type $icmp_types keep state

pass in on $adm_if from $adm_if:network to any keep state
#pass in on $lab_if from $lab_if:network to any keep state

pass out on $adm_if from any to $adm_if:network keep state
#pass out on $lab_if from any to $lab_if:network keep state

pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
#END

I think I'm missing something very obvious here... so, better ask the
list than slam my head on the wall :D

Also, as one can see from the .conf file, I have two networks, ADM
(192.168.0.0/24) and LAB (192.168.1.0/24), that must be isolated from
each other. I still haven't figured that one out yet. Anyone willing
to give me some light onto this matter?

Thanks in advance, and kudos for everyone that makes OpenBSD a great OS :)

Re: Questions about 3.9 Installation on External USB Disk

[Dave Feustel]

On Sunday 09 April 2006 16:41, [EMAIL PROTECTED] wrote:
 Something is very confused. 
 I do not believe an existing 'a' partition (dos).

I bought the disk at Best Buy and copied a few files from
/home/daf to test the disk. The files were copied to the
usb-connected disk and stored in the fat file system already
installed on the disk. I don't mind the fat file system on a usb flash
disk, but I do mind a fat file system on a large usb hard drive.
I wanted to replace the fat file system with default BSD 
partitions/filesystems. I though I could kill 2 birds with one stone
by installing OpenBSD 3.9 on the usb drive. Maybe this is not possible 
with external usb drives. Until now I have had no experience with usb 
harddrives running with OpenBSD, hence my caution.

Dave

Re: bash: delete key sends ~ instead of [del]

[viq]

On Sunday 12 February 2006 07:51, jared r r spiegel wrote:
 On Sat, Feb 11, 2006 at 05:17:29PM -0500, Nick Guenther wrote:
  Yeah, it does that. I don't know why, I assume historical reasons, and
  I would like to learn from someone here who does know. Use backspace
  instead.
 
  On 2/11/06, Martin Schrvder [EMAIL PROTECTED] wrote:
   Hi,
   on my freshly installed 3.7 in bash the delete key sends an ~
   instead of [del]. How can I fix this?

   it *is* sending del.  rather, the characters sent when you strike the
   delete key are recognized by the shell and the shell executes the
   editing command delete-char-backward.   problem is it also sends
   a tilde after the sequence that the shell recognizes.

   ^[[3~ is what i get here if i just go to a normal console terminal
   and hit delete.  that is one character more than my shell is listening
   for.

   i believe, at least with respect to ksh, bound keys are editing commands
   that are executed when the shell sees a a control character, which may
   be have a prefix-character in front of it, come across.
   the ksh manpage (/ for bind) describes it better than i do,
   but basically, look at it like this:

   ^[[3~ is three parts.  ^[[, 3, and ~.  ^[[ == ^X, 3 == 3, ~ == ~.

   when the shell sees that, it recognizes ^[[ as 'prefix-2', or ^X.
   ^X3 is (i think?) set to 'delete-char-backward'.  at that point, the
 shell does that.  the ~ was not part of the sequence of keys the shell
 recognized because it is too many chars.  you get a prefix and a control
 char, not a prefix and two control chars.  if you type:

 blah

   and hit 'delete', usually you'll end up with

 bla~

   because it did the delete-char-backward, which killed the 'h', but then
   the '~' showed up after any shell-recognition was done and so it made
   it out to the terminal as a normal character.

   a hackish way around that is to use '-m' and make it so
   that the shell substitutes ^[[3 with a control-X.  eg:

 $ bind -m '^[[3'='^X'

   ( where '^X' isn't shift-6, shift-x, but rather:
   control-v, control-x. )

   and then

 $ bind '^X~'=delete-char-backward

   which makes it to that when the shell sees '^[[3', it substitutes that
 for a real ^X.  if i'm hitting delete, the ~ is also sent by my keypress,
 but at that point, the sequence has become '^X~', which then executes
 'delete-char-backward'.

   perhaps bash is the same...


And what about the home and end keys? Any way to make them work?

-- 
viq

--
Poznaj Stefana! Zmien komunikator!  http://link.interia.pl/f1924

laptops needed

[Theo de Raadt]

Two developers who don't have a lot of money recently had their
laptops die -- laptops which other project developers gave them in the
past.

We would love if it some people could donate some.

One is Brad in Toronto, and the other is Joris in Dominica (yes, the
island -- one could argue that people who live in such places should
not have computers).  For Brad it is likely better to get a machine
directly to him there, but for the other it is probably better to get
it to Calgary so that the machine can be gotten to Joris during the
hackathon.

If anyone can offer these, we would appreciate it.  Contact them directly,
or me.

Thank you.

Re: Questions about 3.9 Installation on External USB Disk

[Tony]

Dave Feustel wrote:
 
 
 On Sunday 09 April 2006 16:41, [EMAIL PROTECTED] wrote:
  Something is very confused. 
  I do not believe an existing 'a' partition (dos).
 
 I bought the disk at Best Buy and copied a few files from
 /home/daf to test the disk. The files were copied to the
 usb-connected disk and stored in the fat file system already
 installed on the disk. I don't mind the fat file system on a usb flash
 disk, but I do mind a fat file system on a large usb hard drive.
 I wanted to replace the fat file system with default BSD 
 partitions/filesystems. I though I could kill 2 birds with one stone
 by installing OpenBSD 3.9 on the usb drive. Maybe this is not possible 
 with external usb drives. Until now I have had no experience with usb 
 harddrives running with OpenBSD, hence my caution.
 
 Dave

I do not believe an existing 'a' partition (dos).
I do believe an existing dos partition, 
which is something very different from an OpenBSD 'a' partition. 

OpenBSD partitions are stored in an OpenBSD disklabel
Dos formatted disks do not have OpenBSD disklabels.

You can certainly install OpenBSD on the usb drive.
If your BIOS allows, you can even boot from it.

man fdisk   plays with DOS partitions
man disklabel   plays with OpenBSD partitions
They are NOT the same 

Unsubscription Confirmation

[Subscriber Services]

You have been successfully removed and will not receive any more messages.

Re: laptops needed

[Gustavo Rios]

Excuse gentleman,

but i don't see any rationale behind  that tense:

  one could argue that people who live in such places should
 not have computers)

On 4/9/06, Theo de Raadt [EMAIL PROTECTED] wrote:
 Two developers who don't have a lot of money recently had their
 laptops die -- laptops which other project developers gave them in the
 past.

 We would love if it some people could donate some.

 One is Brad in Toronto, and the other is Joris in Dominica (yes, the
 island -- one could argue that people who live in such places should
 not have computers).  For Brad it is likely better to get a machine
 directly to him there, but for the other it is probably better to get
 it to Calgary so that the machine can be gotten to Joris during the
 hackathon.

 If anyone can offer these, we would appreciate it.  Contact them directly,
 or me.

 Thank you.

Re: PF and MS RDP trouble (help!)

[Vijay Sankar]

Leonardo Rodrigues wrote:


Hello everyone!

I'm having a bit of trouble trying to access a Windows 2003 server
that is behind an OpenBSD 3.9 -current firewall.


From the LAN, I can remote access the 2k3 server easily, by just

opening the mstsc and entering the machine's IP (192.168.0.1).
The problem is, I want to access the 2k3 server from home, and my PF
rules aren't working =(
I try to connect to the firewall's external IP via the ms terminal
service client, but my connection times out...

Here's my pf.conf

#BEGIN
lab_if = em0 # i'm still not using it.
adm_if = rl0
ext_if = rl1

tcp_services = { 22, 113  }
icmp_types = echoreq
priv_nets = { 192.168.0.0/16, 127.0.0.0/8, 172.16.0.0/12, 10.0.0.0/8  }

set block-policy return
set loginterface $ext_if

scrub in all

nat on $ext_if from $adm_if:network to any - $ext_if

#RDP rdr rule
rdr on $ext_if proto tcp from any to $ext_if port 3389 - 192.168.0.1 port 3389

block all

pass quick on lo0 all

block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets

# RDP (MS Terminal Service)
pass in on $ext_if proto tcp from any to any port 3389

pass in on $ext_if inet proto tcp from any to $ext_if \
port $tcp_services flags S/SA keep state

pass in inet proto icmp all icmp-type $icmp_types keep state

pass in on $adm_if from $adm_if:network to any keep state
#pass in on $lab_if from $lab_if:network to any keep state

pass out on $adm_if from any to $adm_if:network keep state
#pass out on $lab_if from any to $lab_if:network keep state

pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
#END

I think I'm missing something very obvious here... so, better ask the
list than slam my head on the wall :D

Also, as one can see from the .conf file, I have two networks, ADM
(192.168.0.0/24) and LAB (192.168.1.0/24), that must be isolated from
each other. I still haven't figured that one out yet. Anyone willing
to give me some light onto this matter?

Thanks in advance, and kudos for everyone that makes OpenBSD a great OS :)

 



Looks like you may want to do a rdr pass since otherwise you are doing 
a block drop in quick to all priv_nets and your W2K3 server is on one 
of those nets.

Re: help with sendmail

[Matt Van Mater]

 grep sendmail_flags /etc/rc.conf is the path to enlightenment, i.e.,
 your sendmail probably just uses /etc/mail/localhost.cf instead of
 /etc/mail/sendmail.cf.

 Ciao,
 Kili

Just wanted to mention that this was indeed the case...  I thought I
had changed sendmail to read my sendmail.cf, guess not:).  Running
sendmail in test mode was another obvious but helpful tip (i needed
the 3,0 code, which I wasn't familiar with so thanks for that tidbit
as well)

Re: PF and MS RDP trouble (help!)

[NetNeanderthal]

On 4/9/06, Leonardo Rodrigues [EMAIL PROTECTED] wrote:
 Hello everyone!

 I'm having a bit of trouble trying to access a Windows 2003 server
 that is behind an OpenBSD 3.9 -current firewall.

 From the LAN, I can remote access the 2k3 server easily, by just
 opening the mstsc and entering the machine's IP (192.168.0.1).
 The problem is, I want to access the 2k3 server from home, and my PF
 rules aren't working =(
 I try to connect to the firewall's external IP via the ms terminal
 service client, but my connection times out...

 Here's my pf.conf
snip ruleset

What methods have you used to diagnose this?

Read the FAQ page and the man pages.
http://www.openbsd.org/faq/pf/logging.html
/usr/bin/man pfctl pflogd tcpdump

Turn on logging for all block rules and start pflogd.  Then, try the
following command and retest the connection attempt:

/sbin/pflogd
/sbin/ifconfig pflog0 up
/usr/sbin/tcpdump -netttoi pflog0 port 3389

If you still can't find what's stopping the connection after examining
pflog0, send the output of the following command back to the list:

/sbin/pfctl -vvvsa

Re: PF and MS RDP trouble (help!)

[Melameth, Daniel D.]

You're using keep state in other places.  Why is it missing from pass
in on $ext_if proto tcp from any to any port 3389?

Leonardo Rodrigues wrote:
 I'm having a bit of trouble trying to access a Windows 2003 server
 that is behind an OpenBSD 3.9 -current firewall.
 
 From the LAN, I can remote access the 2k3 server easily, by just
 opening the mstsc and entering the machine's IP (192.168.0.1).
 The problem is, I want to access the 2k3 server from home, and my PF
 rules aren't working =(
 I try to connect to the firewall's external IP via the ms terminal
 service client, but my connection times out...
 
 Here's my pf.conf
 
 #BEGIN
 lab_if = em0 # i'm still not using it.
 adm_if = rl0
 ext_if = rl1
 
 tcp_services = { 22, 113  }
 icmp_types = echoreq
 priv_nets = { 192.168.0.0/16, 127.0.0.0/8, 172.16.0.0/12, 10.0.0.0/8
 } 
 
 set block-policy return
 set loginterface $ext_if
 
 scrub in all
 
 nat on $ext_if from $adm_if:network to any - $ext_if
 
 #RDP rdr rule
 rdr on $ext_if proto tcp from any to $ext_if port 3389 - 192.168.0.1
 port 3389 
 
 block all
 
 pass quick on lo0 all
 
 block drop in quick on $ext_if from $priv_nets to any
 block drop out quick on $ext_if from any to $priv_nets
 
 # RDP (MS Terminal Service)
 pass in on $ext_if proto tcp from any to any port 3389
 
 pass in on $ext_if inet proto tcp from any to $ext_if \
  port $tcp_services flags S/SA keep state
 
 pass in inet proto icmp all icmp-type $icmp_types keep state
 
 pass in on $adm_if from $adm_if:network to any keep state
 #pass in on $lab_if from $lab_if:network to any keep state
 
 pass out on $adm_if from any to $adm_if:network keep state
 #pass out on $lab_if from any to $lab_if:network keep state
 
 pass out on $ext_if proto tcp all modulate state flags S/SA
 pass out on $ext_if proto { udp, icmp } all keep state
 #END
 
 I think I'm missing something very obvious here... so, better ask the
 list than slam my head on the wall :D

Re: X11 Issue - Integrated Intel Media Accelerator 900 Graphics (Intel 915GM)

[James Hartley]

I ran into this on a Thinkpad T43 with a GMA900 adapter.  I simply used
the xorg.conf created when installing 3.7 which simply specifies a
generic VGA/VESA adapter.  As I remember when researching this matter,
the GMA900 driver is new and problematic.  Given that I run 3.8 too, I
don't know if the driver in 3.9 resolves this or not.

Jim

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of d 269330400
Sent: Sunday, April 09, 2006 2:01 PM
To: misc@openbsd.org
Subject: X11 Issue - Integrated Intel Media Accelerator 900 Graphics
(Intel 915GM)

I recently installed OpenBSD 3.8 (I haven't received my 3.9 CD in the
mail yet), and am having problems getting X to work (among other
things).

It's a Dell Inspiron 1300 notebook w/ Integrated Intel Media
Accelerator 900 Graphics (Intel 915GM). The full dmesg is below.

So, quick question. I noticed the following bullet on the OpenBSD 3.9
release page. Could this be my problem? That is, is it referring to
the same Intel 915 as my graphics? Clueless, I know - sorry.

- Support the Intel i915 AGP

I've tried following the instructions in /usr/X11R6/README, using the
various X wizards (xorgcfg, xorgconfig, xf86config3), and
/etc/sysctl.conf has machdep.allowaperture set to 2 because I answered
yes to the X question during the install.

I also tried copying over the XF86Config and XF86Config-4 files that
were generated by a KNOPPIX live-CD that worked on the same box, but
that didn't work either.

Thanks.

--d

OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) M processor 1.40GHz (GenuineIntel
686-class) 1.40 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH
,ACPI
,MMX,FXSR,SSE,SSE2,SS,TM,SBF
real mem  = 527880192 (515508K)
avail mem = 474746880 (463620K)
using 4278 buffers containing 26497024 bytes (25876K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 01/24/06, BIOS32 rev. 0 @
0xffe90
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfb790/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371 ISA and IDE
rev
0x00)
pcibios0: PCI bus #3 is the last bus
bios0: ROM list: 0xc/0xf800! 0xcf800/0x800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 915GM/PM/GMS Host rev 0x03
vga1 at pci0 dev 2 function 0 Intel 915GM/GMS Video rev 0x03:
aperture at 0xdff0, size 0x800
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
Intel 915GM/GMS Video rev 0x03 at pci0 dev 2 function 1 not configured
Intel 82801FB HD Audio rev 0x03 at pci0 dev 27 function 0 not
configured
ppb0 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x03
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 3 Intel 82801FB PCIE rev 0x03
pci2 at ppb1 bus 2
uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x03: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x03: irq 10
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x03: irq 9
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 29 function 3 Intel 82801FB USB rev 0x03: irq 7
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 Intel 82801FB USB rev 0x03: irq 11
usb4 at ehci0: USB revision 2.0
uhub4 at usb4
uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub4: 8 ports with 8 removable, self powered
ppb2 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xd3
pci3 at ppb2 bus 3
bce0 at pci3 dev 0 function 0 Broadcom BCM4401B0 rev 0x02: irq 9,
address 00:14:22:97:85:e0
bmtphy0 at bce0 phy 1: BCM4401 10/100baseTX PHY, rev. 0
vendor Broadcom, unknown product 0x4318 (class network subclass
miscellaneous, rev 0x02) at pci3 dev 3 function 0 not configured
pcib0 at pci0 dev 31 function 0 Intel 82801FBM LPC rev 0x03
pciide0 at pci0 dev 31 function 1 Intel 82801FB IDE rev 0x03: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0: ST9808211A
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
atapiscsi0 at pciide0 channel 0 drive 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, CDRW/DVD GCC4244, B101 SCSI0
5/cdrom removable
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
cd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
isa0 at pcib0
isadma0 

Re: PF and MS RDP trouble (help!)

[NetNeanderthal]

On 4/9/06, Vijay Sankar [EMAIL PROTECTED] wrote:
 Leonardo Rodrigues wrote:
 Looks like you may want to do a rdr pass since otherwise you are doing
 a block drop in quick to all priv_nets and your W2K3 server is on one
 of those nets.

Unless you're assuming the connection was sourced from $priv_nets, you
are incorrect.
 block drop in quick on $ext_if from $priv_nets to any

You would be correct if it were reversed:
block drop in quick on $ext_if from any to $priv_nets

Regardless, hand-holding people who pose PF questions prior to proper
diagnosis is the worst thing someone could possibly do to help them.

Wikipedia featured article

[John Kintaro Tate]

Well, OpenBSD is todays featured article on wikipedia, horrah for all!

http://en.wikipedia.org/wiki/OpenBSD

--
There is only one God who creates the universe. This God is my Brain. As
the driver of this Brain I have created a universe in which there are
innumerable other Gods of equal post-hive autonomy with whom I seek to
interest. And my universe was, itself, created by a Higher Level of
DivinityDNA, whose mysteries and wonders I seek to understand and harmonize
with. - Dr. Timothy Leary, Beware Of Monotheism.

http://deoxy.org/bom.htm

Re: Questions about 3.9 Installation on External USB Disk

[Dave Feustel]

On Sunday 09 April 2006 18:39, [EMAIL PROTECTED] wrote:
 I do not believe an existing 'a' partition (dos).
 I do believe an existing dos partition, 
 which is something very different from an OpenBSD 'a' partition.

I now have installed 3.9 on my external usb drive.

There is a bug in the install that causes disklabel to not always
include the size of the 'a' partition when computing the
offset of the 'b' (swap) partition. This bug does not occur
often, but I have seen it at least twice during installs of previous 
versions of OpenBSD. This bug is not 100% repeatable.

I was able to install 3.9 on the usb disk sd0. However, my system 
is 8 years old and the bios does not support booting from usb devices.
I cannot boot from any but fd*, wd*, and cd* right now, unless I reinstall 
my old  scsi subsystems. If, later this year, I buy a new system, boot 
problems should become moot.

Dave Feustel
-- 
Lose, v., experience a loss, get rid of, lose the weight
Loose, adj., not tight, let go, free, loose clothing

Re: PF and MS RDP trouble (help!)

[Leonardo Rodrigues]

Thanks for the tips, I was able to log the redirection rules and trace
the problem. And there was none at all! PF was working perfectly. The
packets were being redirected but I was getting no answer from the
2k3. So, I phoned the sys admin, chatted a little, and found out that
he didn't set a gateway to the 2k3 server after a maintenance session.
Heh... life is hard ain't it? :)


On 4/9/06, NetNeanderthal [EMAIL PROTECTED] wrote:
 On 4/9/06, Leonardo Rodrigues [EMAIL PROTECTED] wrote:
  Hello everyone!
 
  I'm having a bit of trouble trying to access a Windows 2003 server
  that is behind an OpenBSD 3.9 -current firewall.
 
  From the LAN, I can remote access the 2k3 server easily, by just
  opening the mstsc and entering the machine's IP (192.168.0.1).
  The problem is, I want to access the 2k3 server from home, and my PF
  rules aren't working =(
  I try to connect to the firewall's external IP via the ms terminal
  service client, but my connection times out...
 
  Here's my pf.conf
 snip ruleset

 What methods have you used to diagnose this?

 Read the FAQ page and the man pages.
 http://www.openbsd.org/faq/pf/logging.html
 /usr/bin/man pfctl pflogd tcpdump

 Turn on logging for all block rules and start pflogd.  Then, try the
 following command and retest the connection attempt:

 /sbin/pflogd
 /sbin/ifconfig pflog0 up
 /usr/sbin/tcpdump -netttoi pflog0 port 3389

 If you still can't find what's stopping the connection after examining
 pflog0, send the output of the following command back to the list:

 /sbin/pfctl -vvvsa

Re: Questions about 3.9 Installation on External USB Disk

[Nick Holland]

Dave Feustel wrote:

I got my 3.9 Cdrom set yesterday and today started installing
it on an external usb disk so as not to wipe out my existing
3.8 setup. When I got to the disk partition, I erased the existing
'a' partition (dos) and created a new bsd 'a' partition. The partition
had a default offset of 32 which looked odd to me, so I changed
it to 64 and sized it to 1G. Then I created a 'b' partition. Again,
the default offset was 32. That looked even odder to me, so
I aborted the installation. A dmesg of the 3.8 boot (with external
usb drive attached) follows at the end of this post.

So is it possible to install 3.9 on an external usb drive and then to
boot from that drive? Is the default 32 offset for a and b partitions
on the usb drive correct? (I don't think so, but I am asking anyways
since I have not used usb hard drives with OpenBSD before).


The point is not a 32 block or 63 block offset, but rather, a ONE TRACK 
offset for the first partition on i386 and some other systems.  This 
leaves room for the master boot record (MBR) which is in sector 0.


Your dmesg showed this:

sd0 at scsibus2 targ 1 lun 0: WDC WD60, 0UE-22HCT0,  SCSI0 0/direct fixed
sd0: 57231MB, 57231 cyl, 64 head, 32 sec, 512 bytes/sec, 117210240 sec total


so the layout for this disk connected this way is 32 sectors per track 
so YES, it should be starting at 32.


If you override this, you left a 32 sector gap at the beginning of the 
disk, and disklabel will start looking for space at the start of the 
disk, so again, it will offer you that same starting address.


Most modern IDE and SATA disks will use a track size of 63 sectors, so 
yes, that's your offset.  HOWEVER, if you were to bring OpenBSD up on an 
old MFM drive, you would be looking at 17 sectors per track, so THAT 
would be your offset.


Your disklabel offsets should match your fdisk offsets, though if you 
answered yes to the use entire disk option, that was done for you in 
the install program.


Can this all work?  Certainly, assuming a machine that boots off an 
external USB HD, but most new machines can.  You can even set up the 
disk with funny offsets if you take full responsibility for doing the 
math accurately. :)


I would recommend disconnecting the normal disk from the machine for 
testing, however.  Keeps life easier...


Nick.

Nick.

isakmpd and nat-t

[Dave Harrison]

Hi all,

I've got a machine sitting behind a NAT box, and another machine with a public 
IP.

X.X.X.X -- NAT Y.Y.Y.Y === Z.Z.Z.Z

I want to establish a nat-t IPsec vpn between X.X.X.X and Z.Z.Z.Z

But I'm having a problem where X.X.X.X tries to contact Z.Z.Z.Z on port 500 and
never goes over to 4500.  Is there a flag I'm supposed to set in the
isakmpd.conf file to tell it to use NAT-T ??

Do I configure Z.Z.Z.Z to be aware of the other peer by the public IP that NAT
box provides ??  or should I be using the private IP the box actually has ??

Cheers
Dave

Re: laptops needed

[Shane J Pearson]

Gustavo,

On 2006.04.10, at 10:13 AM, Gustavo Rios wrote:


Excuse gentleman,

but i don't see any rationale behind  that tense:

  one could argue that people who live in such places should

not have computers)


I believe that's humour.

Who wants to code when you've got island life outside? Palm trees,  
fishing, swimming, bikinis, seafood, etc. I think drinking beer under  
a palm tree beats drinking beer at a keyboard any day.


Also, maybe from Theo's perspective, I've heard tell that it can get  
pretty cold in Canada.

Re: laptops needed

[Lokkju]

What types of specs are they looking for?  Small or large screens?


On 4/9/06, Gustavo Rios [EMAIL PROTECTED] wrote:
 Excuse gentleman,

 but i don't see any rationale behind  that tense:

   one could argue that people who live in such places should
  not have computers)

 On 4/9/06, Theo de Raadt [EMAIL PROTECTED] wrote:
  Two developers who don't have a lot of money recently had their
  laptops die -- laptops which other project developers gave them in the
  past.
 
  We would love if it some people could donate some.
 
  One is Brad in Toronto, and the other is Joris in Dominica (yes, the
  island -- one could argue that people who live in such places should
  not have computers).  For Brad it is likely better to get a machine
  directly to him there, but for the other it is probably better to get
  it to Calgary so that the machine can be gotten to Joris during the
  hackathon.
 
  If anyone can offer these, we would appreciate it.  Contact them directly,
  or me.
 
  Thank you.