Re: Laptop recommendations
On 5/11/06, Chris Cappuccio [EMAIL PROTECTED] wrote: Karsten McMinn [EMAIL PROTECTED] wrote: z60t here. as mentioned earlier no support for the intel HD audio, upek bio, acpi, atherors 5212, intel wifi, Ricoh 5C552 firewire, 5C822 SD reader or the 915GM. Needless to say i multiboot -current with debian. and yes, debian is a pita. All that aside, the IBM/Lenovo is still the best looking laptop I've ever held. Why does everyone have to post on here a message that says: 1. Most of the devices on my IBM laptop are completely unsupported 2. I love my IBM laptop!! I always run across cheap/free/lying around dell laptops that work great. The sound works, the wireless might work, and suspend usually works. Right now I have a dell latitude c400, they're on ebay for $300, the thing weighs 2.5 pounds, it's very small. And it has the dell tri-metal case that's very nice (i assume the ibm design are one of the strong attractors, dell actually had a nice looking laptop with the c400, unlike ANY of their current line-up) Don't know about the C400 but I have a Dell D600 I bought new through work awhile back for very cheap, and about 6 months ago I found an old IBM T20 stuffed in a drawer. The T20 has a PIII 350MHz CPU, the Dell has a nice 1.6 GHz CPU in it, but I've given the Dell to my girlfriend because it's a flimsy pile of junk. From the experience of using this T20 my next laptop will be an IBM/Lenovo. I'll probably just look for something used since this one has been abused at work and is still running strong. Greg
CVS dying gasps updating www
Hi. Recently, when trying to cvs -q up the www tree under -current, it fails with : cvs update: dying gasps from anoncvs.usa.openbsd.org unexpected I tried several CVS mirrors but I still get this error. I can reproduce this on an amd64 and macppc -current boxes. If I erase /usr/www then cvs -q co, then it works, but I soon as I try to update, the same error comes again. Any idea why this is happening ? Can anyone reproduce the same behaviour ? Thanks! Regards, -- Antoine Jacoutot Observatoire de Paris SIO - Centre de calcul (Bat 15) 5, Place Jules Janssen 92195 Meudon Cedex Tel : +33 (0)1.45.07.71.95
Re: PF references
[Oops, was supposed to go to list] Hi, Where (what) is the canonical site (or book) for PF. What Nick said. And Building Firewalls with OpenBSD and PF by Jacek Artymiak is very nice. See the Books that help link on openbsd.org. HTH... Nico
Re: PF and PPTP
From a developper point of view, what is the best technique for building such a proxy : a userland proxy, or some special pf code ? My feeling is that userland proxy are better suited for application level procotol (HTTP, FTP...) and in-kernel code is better suited for lower level protocols (TCP, UDP, IP, ICMP, GRE...). What are the difference between OpenBSD ftp-proxy and IPTables ftp_conn_track.o ? What's the best design ? Best regards, Bruno. 2006/5/10, Luiz Souza [EMAIL PROTECTED]: Bruno Carnazzi wrote: 2006/5/10, Damian Gerow [EMAIL PROTECTED]: Thus spake Bruno Carnazzi ([EMAIL PROTECTED]) [10/05/06 01:37]: : My home PF NATing gateway route just one PPTP tunnel (for my laptop), : and I don't need special thing for it to work (GRE enabled via sysctl : and pf must pass GRE proto). Is there a special case when you have : multiple PPTP (GRE) tunnels that need proxying ? In theory, so long as there is only one given client on the LAN connecting to a given PPTP endpoint on the 'Net, I can handle it all using standard PF syntax. My problem is that I have two clients on the LAN that wish to connect to the same endpoint -- that, AFAIK, requires a proxy. That's my first question : why the need for a proxy for a network level protocol ? Bruno. - Damian because GRE needs some _special_ processing on nat box and pf nat engine do not support this, so a proxy is really needed. luiz
Re: Laptop recommendations
On 5/11/06, Didier Wiroth [EMAIL PROTECTED] wrote: Hello, I'm currently using a thinkpad 60s Dual booting between xp and current, yes currently still required ;-)) see below Here is a short rundown: a) Performance is nice with bsd kernel, performance is degraded with bsd.mp b) sound chip currently not supported c) intel wireless lan currently not supported d) speedstep currently not supported e) power management currently not supported I guess you luck is changing. Your soundchip shoud be supported in -current. http://www.openbsd.org/cgi-bin/man.cgi?query=azalia
Re: Recommendations for an OpenBSD-based Backup Solution
2006/3/21, Peter [EMAIL PROTECTED]: --- Donald J. Ankney [EMAIL PROTECTED] wrote: I threw together a Perl script that uses tar and external firewire drives. Tar has flags that will let it backup over SMB (for the windows boxes) and one can always do use scp (via certificates) piped through tar for remote linux/BSD boxes. I've been using this solution across several platforms (all servers) for a year now, and it has worked well. Obi Okeke wrote: An appeal to the Gods of OpenBSD! Let me write up front that I am most grateful for all that the OpenBSD project has done. Some friends of mine need a backup solution that can easily handle regular, automated backups from some M$ Win 2k and Linux workstations as well as an OpenBSD 3.8 based Samba file server that I had set up for them a while ago. I've used FreeBSD 5x running Bacula at another site, but I am looking for an all OpenBSD solution so I don't have to install another box running FreeBSD/Bacula on their site since they already have 2 OBSD boxes up and running (perfectly thanks to OBSD) - one for firewall/router/nat/squid and one for the Samba fileserver. I would like to add the backup solution to the file server box since its not heavily loaded at all. Any recommendations would be greatly appreciated. Thanks in advance. Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com I am using rsync. It also works well. I wrote small scripts (windows side) for users to back up at their discretion. Since they are actually synchronizing it doesn't take long at all (akin to saving work in Word or whatever whenever you want). Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com I regularly use rsnapshot instead of raw rsync and it just works : http://www.rsnapshot.org/ Best regards, Bruno.
Accion y adrenalina ahora en Capital
-- Para Darse de baja, por favor haga clic aqum: http://mailing.ipaddress.com.ar/box.php?funcml=unsub2nl=238[EMAIL PROTECTED]
Re: Firefox keeps crashing
On Thu, May 11, 2006 at 10:14:47PM -0400, Nick Holland wrote: Rico wrote: Hi I have a problem with Mozilla Firefox on obsd 3.9 running KDE. Whenever I am using firefox and tabbrowsing it keeps crashing. I only need to have about 4-10 tabs open at it will crash each and every time. Does anyone know of this as a common problem? On 3.8 with KDE 3.4 I never had any problems on the same machine. Best and kind regards. Rico. I don't use kde, no idea how that fits in with the problem. Firefox is a resource hog, and tends to leak resources (...) FWIW, I guess KDE is more than a bit resource-happy too; does the problem persist when using a simple window manager (fvwm, for instance)? Joachim
Re: Firefox keeps crashing
Hi, FWIW, I guess KDE is more than a bit resource-happy too; does the problem persist when using a simple window manager (fvwm, for instance)? I use Firefox under fluxbox under 3.9 with great succes. Cannot remember it crashing. Konqueror runs fine aswell, though I use it much less. [Quanta (kdewebdev) however, is a completely different story. I am lucky to still have a 3.8 box available... chunk is already free :-( ] Bye... Nico
Re: Firefox keeps crashing
On Fri, May 12, 2006 at 10:54:21AM +0200, Nico Meijer wrote: Hi, FWIW, I guess KDE is more than a bit resource-happy too; does the problem persist when using a simple window manager (fvwm, for instance)? I use Firefox under fluxbox under 3.9 with great succes. Cannot remember it crashing. Konqueror runs fine aswell, though I use it much less. The same for me, Firefox on -current, which was why I asked (FWIW, don't snip attributions, please). [Quanta (kdewebdev) however, is a completely different story. I am lucky to still have a 3.8 box available... chunk is already free :-( ] Never tried it. Joachim
Re: Laptop recommendations
On 11/05/06, rjn [EMAIL PROTECTED] wrote: I'm looking into getting a new laptop (I start college in the fall). [...] On 11/05/06, rjn [EMAIL PROTECTED] wrote: I just wanted to thank everyone for their input. Although I won't buy one immediately, I'll probably get a T43 as they are still available if you look. Maybe support for the ACPI/audio/wifi in the T60 will be better by the time I'm getting ready to buy so I can have the nice SATA drive and dual-core CPU. :) Here is the magic link for usstudents: http://www.ibm.com/shop/ibmdeals/usstudents They have quite some nice discounts, and they outsource their sales team to Canada (or at least they did so with my purchase 2 years ago). :) Enjoy, Constantine.
Panic question + RE: Laptop recommendations
Please try compiling a GENERIC kernel from a -current src tree but uncommenting the azalia device in the config.. Almost ... ;-) Azalia causes a panic during the boot process, right after loading the azalia driver. Here is some output (rewritten by hand) as the thinkbad X60s has no serial port: Intel 82945GM Video rev 0x03 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: irq 11 azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: Analog Devices AD1981HD (rev.2.0) azalia0: codec: High Definition Audio rev. 1.0 uvm_fault (0xd06f3720, 0x0, 0, 1) - e kernel: page fault trap, code=0 Stopped at 0:uvm_fault(0xd06f3720, 0x0, 0, 1) - e kernel: page fault trap, code=0 Stopped atdb_read_bytes+0x14: movb0(%edx), %al ddbps PID PPID PGRP UID S FLAGSWAIT COMMAND *0-10 0 7 0x80204 swapper For trace please see the question below: (I'm a beginner, so please apologize) How do you get a kernel panic output to the console without a serial port? I have tried with an USB-Serial Controller (here a snip, concerning the controller): ublcom0 at uhub2 port1 uplcom0: Prolific Technology Inc. USB-Serial Controller, rev 1.10/3.00, addr 2 ucom0 at uplcom0 While booting I tried at the boot prompt: set tty ucom0 I get: ucom0 not a console device After the OS is loaded, I can use without problems a dump terminal Regards Didier P.S here a /var/run/dmesg.boot (without azalia compiled) + USB-serial Controller connected OpenBSD 3.9-current (GENERIC) #728: Tue May 9 00:02:22 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Genuine Intel(R) CPU L2400 @ 1.66GHz (GenuineIntel 686-class) 1.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2 cpu0: Enhanced SpeedStep 600 MHz (1004 mV): unknown EST cpu, no changes possible real mem = 2137419776 (2087324K) avail mem = 1942142976 (1896624K) using 4256 buffers containing 106975232 bytes (104468K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(b6) BIOS, date 03/13/06, BIOS32 rev. 0 @ 0xfd690, SMBIOS rev. 2.4 @ 0xe0010 (67 entries) bios0: LENOVO 17025PG pcibios0 at bios0: rev 2.1 @ 0xfd620/0x9e0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/272 (15 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #6 is the last bus bios0: ROM list: 0xc/0xe400! 0xce800/0x1000 0xcf800/0x1000 0xdc000/0x4000! 0xe/0x1 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82945GM MCH rev 0x03 vga1 at pci0 dev 2 function 0 Intel 82945GM Video rev 0x03: aperture at 0xee10, size 0x800 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Intel 82945GM Video rev 0x03 at pci0 dev 2 function 1 not configured Intel 82801GB HD Audio rev 0x02 at pci0 dev 27 function 0 not configured ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02 pci1 at ppb0 bus 1 em0 at pci1 dev 0 function 0 Intel PRO/1000MT (82573L) rev 0x00: irq 11, address 00:16:d3:21:4b:b6 ppb1 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02 pci2 at ppb1 bus 2 Intel PRO/Wireless 3945ABG rev 0x02 at pci2 dev 0 function 0 not configured ppb2 at pci0 dev 28 function 2 Intel 82801GB PCIE rev 0x02 pci3 at ppb2 bus 3 ppb3 at pci0 dev 28 function 3 Intel 82801GB PCIE rev 0x02 pci4 at ppb3 bus 4 uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x02: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x02: irq 11 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x02: irq 11 usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x02: irq 11 usb4 at ehci0: USB revision 2.0 uhub4 at usb4 uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub4: 8 ports with 8 removable, self powered ppb4 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xe2 pci5 at ppb4 bus 5 cbb0 at pci5 dev 0 function 0 Ricoh 5C476 CardBus rev 0xb4: irq 11 Ricoh 5C552 Firewire rev 0x09 at pci5 dev 0 function 1 not configured Ricoh 5C822 SD/MMC rev 0x18 at pci5 dev 0 function 2 not configured cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 6 device
Re: unsupported Wifi USB stick for Developer
Greetings On a side note it would be nice to have some tutorial or whatever to help code driver and/or reverse an already written driver for new devices. I did not find anything really helpfull (i googled but maybe i'm dumber then i pretend to be). As for TI they don't even bother answering anyone for documentation as i had for free the famous DWL 550+ and DWL 650+ and i would like to create a driver for them much like the ACX100 (and ACX111 )driver under linux, but i don't want to break any liscence doing so.I know that the cards load up a firmweare from the driver and boot up (eCPU ).But i don't really know where to go from there . Any help is welcome. Best Regards Laurent. On 5/11/06, Jonathan Gray [EMAIL PROTECTED] wrote: On Thu, May 11, 2006 at 03:55:06PM +0200, Peter Philipp wrote: Hi, I just bought a Wifi USB stick and it doesn't seem to work on OpenBSD. Instead of returning it (39 euros) I'm willing to send this to an OpenBSD developer who wants to make a driver work for this. Not sure how non-blob friendly the maker of this hardware is... Maker: Fritz! WLAN, AVM Model: Fritz!WLAN USB Stick, 802.11g++, 125 Mbit/s, WPA2 (802.11i) This sounds like a Texas Instruments TNETW1450, the marketing for which talks of both 125Mbit rates and g++. How nice of them to try to tie the name for their additional non standard crap to something standardised. When you talk to an access point things are going to run at 54Mbps unless you have an accompanying cheap and nasty access point by TI that imlpements the same vendor specific nonsense. http://focus.ti.com/general/docs/bcg/bcgprodcontent.tsp?templateId=6116navigationId=12471contentId=4043 http://focus.ti.com/pdfs/bcg/tnetw1450_prod_bulletin.pdf TI don't release documentation, and don't respond to requests to allow their firmware to be redistributed. The upshot of all this is that people can avoid products that incorporate a TI chipset by not buying any so called g++ or 125 Mbps gear.
Information importante
[IMAGE] Cher(e) membre Desjardins/ AcchsD Le dipartement de virification comptable du Groupe Desjardins a ditecti un problhme de transaction dans votre compte. Un montant a iti diposi et retiri par notre systhme comptable. Nous vous avisons de cette erreur afin que vous ne soyez pas surpris quand vous verrez ces transactions sur votre relevi transactionnel. Nous avons repris le montant total sans appliquer les frais de transactions. Ne divulguez jamais vos renseignements personnels sur un site autre que le site sicurisi Desjardins. Si vous constatez une autre erreur, communiquez avec votre institution durant les heures normales de bureau. Pour accider ` votre compte et virifier que tout soit normal, cliquez sur ce lien sicurisi: https://accesd.desjardins.com/ Le Groupe Desjardins vous remercie de votre clienthle et appricie votre comprihension. Desjardins / AcchsD Conjuguer avoirs et jtres Please do not reply to this e-mail as this is only a notification. Mail sent to this address cannot be answered. Copyright ) 2005 Mouvement des caisses Desjardins. Tous droits riservis.
Re: ntpd as server logging...
On Thu, May 11, 2006 at 05:21:14PM -0600, Jeff Ross wrote: Hi, I've enabled ntpd with the -d flag to run as a server on a system on the lan with this conf file: [EMAIL PROTECTED]:/home/jross $ cat /etc/ntpd.conf # $OpenBSD: ntpd.conf,v 1.7 2004/07/20 17:38:35 henning Exp $ # sample ntpd configuration file, see ntpd.conf(5) # Addresses to listen on (ntpd does not listen by default) listen on * # sync to a single server #server ntp.example.org # use a random selection of 8 public stratum 2 servers # see http://twiki.ntp.org/bin/view/Servers/NTPPoolServers servers pool.ntp.org Is there a way to log update requests from other computers on the lan? I'm trying to sync some [EMAIL PROTECTED] workstations and the update request always fail--both with it and with other time servers. I can sync my openbsd workstation with it no problem, but nothing shows in the logs then, either. SNIP I run obsd on my firewall (of course). My firewall syncs it's clock with external time servers. The ntpd on my firewall listens only on the internal interface, so that my internal hosts can sync with it. I have a statement in my pf.conf file to allow my internal hosts to connect to the ntpd over udp 123: pass in log quick on $IntIF inet proto udp from any to 10.2.2.1 port 123 keep state Please note that I also use the log option in my rule. Hope that helps, A
is openntpd 3.9 real?
hi, on you master ftp fanout and some mirrors (i didn't check all) there's an OpenNTPd archive with version no. 3.9. -- 05/11/2006 06:02 20,850 openntpd-3.9.tgz the changelog (ftp://ftp.openbsd.org/pub/OpenBSD/OpenNTPD/ChangeLog/) doesn't mention such a release. also, on the openntpd.org site, the last release is 3.7. is this a real release of henning/etc... or is there something wrong? if this is the daily dev-version from cvs i suggest naming it different like something with openntpd-3.9-RCx or openntpd-3.9bXY. cu...
Re: Firefox keeps crashing
FWIW, I guess KDE is more than a bit resource-happy too; does the problem persist when using a simple window manager (fvwm, for instance)? I have just, this morning, tested some of the other window managers. The problem with firefox persists. Regarding KDE 3.5.1, I guess it is even more resource consuming than 3.4.
Re: Firefox keeps crashing
FWIW, I guess KDE is more than a bit resource-happy too; does the problem persist when using a simple window manager (fvwm, for instance)? I use Firefox under fluxbox under 3.9 with great succes. Cannot remember it crashing. Konqueror runs fine aswell, though I use it much less. Actually, firefox works with fluxbox without any problems. Before I tested fluxbox I tried the ulimit -d unlimited so I don't know if that has anything to do with it to. It seems like firefox became a bit faster on KDE, but it still crashes. Thanks for the different inputs!
Re: is openntpd 3.9 real?
On Fri, May 12, 2006 at 02:26:55PM +0200, [EMAIL PROTECTED]@mgEDV.net wrote: there's an OpenNTPd archive with version no. 3.9. -- 05/11/2006 06:02 20,850 openntpd-3.9.tgz [...] the changelog (ftp://ftp.openbsd.org/pub/OpenBSD/OpenNTPD/ChangeLog/) doesn't mention such a release. also, on the openntpd.org site, the last release is 3.7. is this a real release of henning/etc... or is there something wrong? Yes it's real and corresponds to the OpenBSD 3.9 release, but as yet only the OpenBSD packages have been done. The ChangeLog is from the Portable branch and the Portable packages haven't been made yet because, well, I'm a slacker. They should be ready tomorrow. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Re: ntpd as server logging...
On 5/11/06, Jeff Ross [EMAIL PROTECTED] wrote: Hi, I've enabled ntpd with the -d flag to run as a server on a system on the lan with this conf file: [EMAIL PROTECTED]:/home/jross $ cat /etc/ntpd.conf # $OpenBSD: ntpd.conf,v 1.7 2004/07/20 17:38:35 henning Exp $ # sample ntpd configuration file, see ntpd.conf(5) # Addresses to listen on (ntpd does not listen by default) listen on * # sync to a single server #server ntp.example.org # use a random selection of 8 public stratum 2 servers # see http://twiki.ntp.org/bin/view/Servers/NTPPoolServers servers pool.ntp.org Is there a way to log update requests from other computers on the lan? I'm trying to sync some [EMAIL PROTECTED] workstations and the update request always fail--both with it and with other time servers. I can sync my openbsd workstation with it no problem, but nothing shows in the logs then, either. I do see the normal ntp related traffic in the logs: reply from 202.71.97.92: offset -22.959578 delay 0.358056, next query 54s reply from 202.71.97.92: offset -22.920072 delay 0.271411, next query 52s tcpdump on port 123 does show the tcp traffic between this system and other ntp servers, but nothing from the lan (and I don't find a udpdump port ;-). Here is a skeleton of a .reg file I use to manually setup NTP clients. After running this it might be a good idea to: net stop w32time and net start w32time. After this check eventvwr in System Tab and look for Source win32time look for Event ID 37 or 35. REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters] Type=NTP NTPServer=routerInternalIP Jonathan
Re: Firefox keeps crashing
On Fri, May 12, 2006 at 02:34:18PM +0200, Rico wrote: FWIW, I guess KDE is more than a bit resource-happy too; does the problem persist when using a simple window manager (fvwm, for instance)? I have just, this morning, tested some of the other window managers. The problem with firefox persists. Regarding KDE 3.5.1, I guess it is even more resource consuming than 3.4. I haven't had a problem with firefox and blackbox. -- Terry http://tyson.homeunix.org
Re: Firefox keeps crashing
After some fast but extensive testing we are going to use epiphany as the default browser on the installation. If other are facing similar Firefox problems, which they can't seem to solve, epiphany might be a good alternative. It works superfast on KDE 3.5.1 and we haven't seen any crashes on the test with many tabs and so on - it is based upon Mozilla as well. We did test the Mozilla browser from the mozilla package, and got the same crashes as with firefox. Rico wrote: FWIW, I guess KDE is more than a bit resource-happy too; does the problem persist when using a simple window manager (fvwm, for instance)? I use Firefox under fluxbox under 3.9 with great succes. Cannot remember it crashing. Konqueror runs fine aswell, though I use it much less. Actually, firefox works with fluxbox without any problems. Before I tested fluxbox I tried the ulimit -d unlimited so I don't know if that has anything to do with it to. It seems like firefox became a bit faster on KDE, but it still crashes. Thanks for the different inputs! .
some commands running very slow in 3.9 ?
Well when i try to login from remote host via ssh it takes ages to login for the first time, also when i issue other networking commands such as $ arp -a it takes almost 1 minute to start displaying records. how can i find whats wrong ? regards *:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$ Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: some commands running very slow in 3.9 ?
On 5/12/06, S t i n g r a y [EMAIL PROTECTED] wrote: Well when i try to login from remote host via ssh it takes ages to login for the first time, also when i issue other networking commands such as $ arp -a it takes almost 1 minute to start displaying records. how can i find whats wrong ? You might try this: http://openssh.org/faq.html#3.3
Re: some commands running very slow in 3.9 ?
2006/5/12, S t i n g r a y [EMAIL PROTECTED]: how can i find whats wrong ? check your dns configuration and try: UseDNS=no in your sshd_config arp -na if it's fast means your dns have some problems -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: some commands running very slow in 3.9 ?
Hmm, works good here ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of S t i n g r a y Sent: 12 May 2006 16:05 To: openbsd Subject: some commands running very slow in 3.9 ? Well when i try to login from remote host via ssh it takes ages to login for the first time, also when i issue other networking commands such as $ arp -a it takes almost 1 minute to start displaying records. how can i find whats wrong ? regards *:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$ Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: some commands running very slow in 3.9 ?
Well when i try to login from remote host via ssh it takes ages to login for the first time, also when i issue other networking commands such as $ arp -a it takes almost 1 minute to start displaying records. how can i find whats wrong ? Instead of arp -a try arp -na and see if the delay goes away. If arp -na is nice and fast then you have your clue as to what's wrong... -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: FYI, 1and1 hosting fun (ip subnet zero)
Not quite... but you have the right idea. A 'vanilla' VLAN created for an IP network will allow L2 communications between the hosts in the shared VLAN, given that they exist in the same IP subnet. A private VLAN, on the other hand, sees all of the hosts in the same VLAN and IP subnet, but makes restrictions on what hosts in the VLAN can talk to each other, restricting direct L2 traffic that gets transmitted from one host to the other via the switch. The 'nutshell' response is that private VLANs are like ACL's for VLANS... you restrict/all communications between hosts that would otherwise have unrestricted L2 access to each other. You get the benefit of IP usage conservation with the power of separate VLANs. It's been a long evening, so if muddled things even further I apologize... Dan Farrell Applied Innovations [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lars Hansson Sent: Friday, May 12, 2006 12:26 AM To: misc@openbsd.org Subject: Re: FYI, 1and1 hosting fun (ip subnet zero) On Friday 12 May 2006 02:58, Stuart Henderson wrote: These are, uh, quite large operations, and if there's a way to reduce IP address use by 3/4 without putting a bunch of customers in the same subnet that's probably a good thing. Wouldnt that be what VLAN's are for? --- Lars Hansson
Wireless card Asus WL-107G not working
Hello, My wireless card (Asus WL-107G - Ralink RT2500 based) isn't detected at boot time, even though it works in the same laptop *Compaq Presario 920EA) under other OS's. Here's the dmesg output (suggesting some problem with PCMCIA): OpenBSD 3.9-current (GENERIC) #0: Fri May 12 10:47:58 WEST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Mobile AMD Athlon(tm) XP 2000+ (AuthenticAMD 686-class, 256KB L2 cache) 1.66 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 788029440 (769560K) avail mem = 710823936 (694164K) using 4256 buffers containing 39505920 bytes (38580K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(75) BIOS, date 10/24/02, BIOS32 rev. 0 @ 0xfd760, SMBIOS rev. 2.3 @ 0xdf010 (16 entries) bios0: Compaq Presario 900 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd760/0x8a0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf10/208 (11 entries) pcibios0: PCI Interrupt Router at 000:07:0 (Acer Labs M1533 ISA rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0xf000 0xdf000/0x1000! 0xe/0x4000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 ATI RS100 AGP rev 0x13 ppb0 at pci0 dev 1 function 0 ATI RS100 PCI rev 0x01 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 ATI Radeon IGP 320M rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ohci0 at pci0 dev 2 function 0 Acer Labs M5237 USB rev 0x03: irq 11, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: Acer Labs OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered pcib0 at pci0 dev 7 function 0 Acer Labs M1533 ISA rev 0x00 autri0 at pci0 dev 8 function 0 Acer Labs M5451 Audio rev 0x02: irq 5 ac97: codec id 0x41445363 (Analog Devices AD1886A) ac97: codec features headphone, Analog Devices Phat Stereo audio0 at autri0 midi0 at autri0: 4DWAVE MIDI UART cbb0 at pci0 dev 10 function 0 Texas Instruments PCI1410 CardBus rev 0x02pci_intr_map: no mapping for pin A : couldn't map interrupt rl0 at pci0 dev 11 function 0 Realtek 8139 rev 0x20: irq 11, address 00:0b:cd:15:bf:8a rlphy0 at rl0 phy 0: RTL internal PHY Conexant HSF 56k HSFi rev 0x01 at pci0 dev 12 function 0 not configured ohci1 at pci0 dev 15 function 0 Acer Labs M5237 USB rev 0x03: irq 11, version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: Acer Labs OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 4 ports with 4 removable, self powered pciide0 at pci0 dev 16 function 0 Acer Labs M5229 UDMA IDE rev 0xc4: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: IC25N030ATCS04-0 wd0: 16-sector PIO, LBA, 28615MB, 58605120 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TOSHIBA, DVD-ROM SD-R2102, 1A16 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 alipm0 at pci0 dev 17 function 0 Acer Labs M7101 Power rev 0x00: 74KHz clock iic0 at alipm0 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi1 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec pcic0 at isa0 port 0x3e0/2 iomem 0xd/16384 pcic0 controller 0: Intel 82365SL rev 2 has sockets A and B pcmcia0 at pcic0 controller 0 socket 0 pcic_chip_socket_enable: status c pcic_wait_ready: ready never happened, status = 0c pccom3 at pcmcia0 function 0: can't allocate i/o space pcmcia1 at pcic0 controller 0 socket 1 pcic_chip_socket_enable: status c pcic_wait_ready: ready never happened, status = 0c pccom4 at pcmcia1 function 0: can't allocate i/o space pcic0: irq 3, polling enabled biomask ef55 netmask ef55 ttymask ffdf pctr: user-level cycle counter enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 I welcome any advice. Thank you, Ari Constancio
Re: FYI, 1and1 hosting fun (ip subnet zero)
* Lars Hansson [EMAIL PROTECTED] [2006-05-12 06:35]: On Friday 12 May 2006 02:58, Stuart Henderson wrote: These are, uh, quite large operations, and if there's a way to reduce IP address use by 3/4 without putting a bunch of customers in the same subnet that's probably a good thing. Wouldnt that be what VLAN's are for? how does L2 partitioning help conserving L3 address space? not related, here. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: FYI, 1and1 hosting fun (ip subnet zero)
I didn't know that Linux has such an ugly dmesgs. Please, resist from
posting them on this list, they hurt my screen. :)
On 11/05/06, Timo Schoeler [EMAIL PROTECTED] wrote:
thus Robert spake:
Timo Schoeler wrote:
thus Robert spake:
Timo Schoeler wrote:
thus Alexander Farber spake:
Do you see any kernel output at all? I believe one
should always see at least the boot prompt -
unless the serial speed of the console doesn't match
Do you see the boot prompt and have you tried verbose?
On 5/11/06, Robert [EMAIL PROTECTED] wrote:
Alexander Farber wrote:
h754815:afarber {103} cat /etc/hostname.fxp0
inet 81.169.186.95 255.255.255.255 NONE
!route add 81.169.186.1 -link \$if: -interface
PS: I wonder if anyone successfully runs OpenBSD
at Strato's SR2, MR2 or LR2 as I'd like to upgrade
On 5/11/06, Dan Farrell [EMAIL PROTECTED] wrote:
Geez network setups just shouldn't be that strained... I mean, what
happened to hooking up a server with a /30 connection to the nearest
router? Am I missing something?
I think Strato, 11 and co introduced the .255 hack to counter
sniffing.
Using .0 netmask works, but won't allow traffic with other hosts in
the
same subnet. (Which shouldn't be a problem for most.)
I have not tried any of the new Strato servers, but am experimenting
with one of 11's new AMD64 systems.
So far, nothing that i dd to the hd will boot.
(tried 3.9 and current floppy and cd, modified for serial-acc and also
disabling the usual kernel-options like pcibios)
Anyone got one of those systems to run OpenBSD?
For those interested here's the debian-resycue-system dmesg and lspci
output for an 11 L64 server. Perhaps someone can see unsupported
hardware i don't.
http://openbsd.pap.st/1und1_L64.txt
Any advice'd be much apreciated.
did anybody into the problem of device timeouts for the NIC itself? i
tried to install OpenBSD on three or few machines at strato, none did
the job. i also tried NetBSD, same problem. it seems to be up to a weird
interrupt routing...
Which kind of servers did you try?
At Strato i had no problems with the Highend SR. That's what they
offered last year. i386/Celeron 2400 running OpenBSD without a problem.
fxp0 at pci2 dev 6 function 0 Intel 82557 rev 0x08, i82559: irq 11,
address 00:30:48:52:12:34
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
fxp1 at pci2 dev 7 function 0 Intel 82557 rev 0x08, i82559: irq 10,
address 00:30:48:52:12:35
inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4
-Robert
STRATO HighEnd-Server SR (v3.4)
tried OpenBSD 3.8 and NetBSD 3.0 and -current. no dmesg as i don't
maintain that machine any longer. what i remember is that the MAC
addresses were not the actual addresses of the interfaces. linux,
however, figured them out correctly (which is the main fact i don't
maintain them any longer ;)
Oh, differnt version, had v2.6. Quite happy with it. Only the ExelStore
hd is damn slow.
IDE. puke. 'ExelStore'. wtf? i wouldn't give such hardware to my enemies. ;D
Had it running OpenBSD since 3.7. Just some plain Intel hw.
Think i'll have to write some docs if i get the new 11 running.
for the record: dmesg (Linux 2.6.11.4-20a-default i386 GNU/Linux) of the
machine... (seems the high quality HD is not /that/ healthy...)
Thanks for your reply.
you're welcome! :)
-Robert
Linux version 2.6.11.4-20a-default ([EMAIL PROTECTED]) (gcc version 3.3.5
20050117 (prerelease) (SUSE Linux)) #1 Wed Mar 23 21:52:37 UTC 2005
BIOS-provided physical RAM map:
BIOS-e820: - 000a (usable)
BIOS-e820: 000f - 0010 (reserved)
BIOS-e820: 0010 - 1fff (usable)
BIOS-e820: 1fff - 1fff3000 (ACPI NVS)
BIOS-e820: 1fff3000 - 2000 (ACPI data)
BIOS-e820: ffb0 - 0001 (reserved)
0MB HIGHMEM available.
511MB LOWMEM available.
On node 0 totalpages: 131056
DMA zone: 4096 pages, LIFO batch:1
Normal zone: 126960 pages, LIFO batch:16
HighMem zone: 0 pages, LIFO batch:1
DMI 2.3 present.
ACPI: RSDP (v000 IntelR) @ 0x000f6940
ACPI: RSDT (v001 IntelR AWRDACPI 0x42302e31 AWRD 0x) @ 0x1fff3000
ACPI: FADT (v001 IntelR AWRDACPI 0x42302e31 AWRD 0x) @ 0x1fff3040
ACPI: DSDT (v001 INTELR AWRDACPI 0x1000 MSFT 0x010e) @ 0x
ACPI: PM-Timer IO Port: 0x408
ACPI: local apic disabled
Allocating PCI resources starting at 2000 (gap: 2000:dfb0)
Built 1 zonelists
Kernel command line: root=/dev/hda3 selinux=0 console=tty0
console=ttyS0,57600 showopts
Initializing CPU#0
PID hash table entries: 2048 (order: 11, 32768 bytes)
Detected 2400.038 MHz processor.
Using pmtmr for high-res timesource
Console: colour VGA+ 80x25
Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
Memory: 514360k/524224k available (1865k kernel code, 9316k reserved,
659k data, 204k
Re: FYI, 1and1 hosting fun (ip subnet zero)
thus Constantine A. Murenin spake: I didn't know that Linux has such an ugly dmesgs. Please, resist from posting them on this list, they hurt my screen. :) they just mirror the (ugly) internals of Linux ;)
Re: Laptop recommendations
On 5/11/06, Chris Cappuccio [EMAIL PROTECTED] wrote: Why does everyone have to post on here a message that says: 1. Most of the devices on my IBM laptop are completely unsupported 2. I love my IBM laptop!! hold a ibm and a dell side by side and you'll answer that question. Yes, I have a dell inspiron also.
pfsync cluster fails to fail with state .....
First this used to work in 3.8 on these machines. Then they were
playthings in the 'lab', now they are all upgraded to 3.9 and ready to
deploy ... or are they?
There are two goofy things happening here ( three if you count me ).
I can't tell if this is a symptom or cause, but I can not NAT behind
a carp addr.
fw0:root:/root #ifconfig carp10
carp10: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
description: virtual if for external traffic
carp: MASTER carpdev xl0 vhid 22 advbase 1 advskew 10
groups: carp
inet 10.120.10.100 netmask 0xff00 broadcast 10.120.10.255
fw1:root:/root #ifconfig carp10
carp10: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
description: virtual if for external traffic
carp: BACKUP carpdev xl0 vhid 22 advbase 1 advskew 100
groups: carp
inet 10.120.10.100 netmask 0xff00 broadcast 10.120.10.255
the carp ifaces can do addr takeover, I have preempt on, my packets
route and return properly, as long as each machine NAT behind xl0.
Things seem to work except that on a fail-over a running download stalls
and never recovers.
If I try to NAT behind carp10 ... nothing comes out. I have the xl0's
on a hub and I watch on a 3'rd party. Even with this ruleset:
=
set block-policy drop
# Normalization
scrub in no-df
# Translation
nat on carp10 from xxx.xxx.35.0/24 to any -carp10
#nat on xl0 from xxx.xxx.35.0/24 to any -xl0
pass in quick log on { enc0 em1 em0 xl0 carp10 carp35 lo } keep state
pass out quick log on { enc0 em1 em0 xl0 carp10 carp35 lo } keep state
I see nothing leave carp10 when initiated from host xxx.xxx.35.235.
If I switch out the nat to xl0 it works, but stateful failover does not.
doing a dump on enc0 I see what looks like happy pfsync traffic
===
fw1:root:/root #tcpdump -ni enc0
tcpdump: WARNING: enc0: no IPv4 address assigned
tcpdump: listening on enc0, link-type ENC
08:43:30.293191 (authentic,confidential): SPI 0x9238583f: xxx.xxx.35.3:
TDB UPD:
(DF) [tos 0x10] (encap)
08:43:30.295997 (authentic,confidential): SPI 0xdaf988d3: xxx.xxx.35.2:
TDB UPD:
(DF) [tos 0x10] (encap)
08:43:30.779450 (authentic,confidential): SPI 0x9238583f: xxx.xxx.35.3:
UPD ST COMP:
(DF) [tos 0x10] (encap)
08:43:30.785927 (authentic,confidential): SPI 0xdaf988d3: xxx.xxx.35.2:
UPD ST COMP:
(DF) [tos 0x10] (encap)
08:43:31.109482 (authentic,confidential): SPI 0x9238583f: xxx.xxx.35.3:
UPD ST COMP:
(DF) [tos 0x10] (encap)
08:43:31.293203 (authentic,confidential): SPI 0x9238583f: xxx.xxx.35.3:
TDB UPD:
(DF) [tos 0x10] (encap)
08:43:31.295997 (authentic,confidential): SPI 0xdaf988d3: xxx.xxx.35.2:
TDB UPD:
(DF) [tos 0x10] (encap)
08:43:31.623265 (authentic,confidential): SPI 0x9238583f: xxx.xxx.35.3:
UPD ST COMP:
(DF) [tos 0x10] (encap)
08:43:31.786090 (authentic,confidential): SPI 0xdaf988d3: xxx.xxx.35.2:
UPD ST COMP:
(DF) [tos 0x10] (encap)
===
if I run pftop on each fw and initiate a session through one it appears
to show on the others state table.
So I assume the failure is due to my inability to NAT behind carp.
Would some one be willing to call me an idiot _AND_ give me a hint?
CVS problem in 20060502 snap
Hello, I have a problem with CVS in the snapshot named above. Updating my ports tree, I get A LOT of conflicts for no apparent reason, just showing a short piece of the log, but in sequence of time: U x11/xzoom/pkg/DESCR U x11/xzoom/pkg/PLIST ... lots of other stuff... cvs update: move away x11/xzoom/pkg/DESCR; it is in the way C x11/xzoom/pkg/DESCR cvs update: move away x11/xzoom/pkg/PLIST; it is in the way C x11/xzoom/pkg/PLIST The problem with this is: Before I started this run of 'cvs up', I had 'rm -fr x11', ie, the whole subtree. This is with OpenBSD-current on i386. Best, --Toni++
Re: ntpd as server logging...
On Fri, 12 May 2006, Andrew Swisher wrote: On Thu, May 11, 2006 at 05:21:14PM -0600, Jeff Ross wrote: Hi, I've enabled ntpd with the -d flag to run as a server on a system on the lan with this conf file: [EMAIL PROTECTED]:/home/jross $ cat /etc/ntpd.conf # $OpenBSD: ntpd.conf,v 1.7 2004/07/20 17:38:35 henning Exp $ # sample ntpd configuration file, see ntpd.conf(5) # Addresses to listen on (ntpd does not listen by default) listen on * # sync to a single server #server ntp.example.org # use a random selection of 8 public stratum 2 servers # see http://twiki.ntp.org/bin/view/Servers/NTPPoolServers servers pool.ntp.org Is there a way to log update requests from other computers on the lan? I'm trying to sync some [EMAIL PROTECTED] workstations and the update request always fail--both with it and with other time servers. I can sync my openbsd workstation with it no problem, but nothing shows in the logs then, either. SNIP I run obsd on my firewall (of course). My firewall syncs it's clock with external time servers. The ntpd on my firewall listens only on the internal interface, so that my internal hosts can sync with it. I have a statement in my pf.conf file to allow my internal hosts to connect to the ntpd over udp 123: pass in log quick on $IntIF inet proto udp from any to 10.2.2.1 port 123 keep state Please note that I also use the log option in my rule. Hope that helps, A Thanks for the reply. I guess I should have made my question more clear. I'm more interested in the logging capabilities of ntpd in server mode. Because my OpenBSD workstation can sync to the server, ntpd is working. I thought logging might give me some clues about what is going on with XP. So far as I can tell right now, it isn't even attempting to contact the server. Everything involved is on the lan with a 192.168.0 address, hidden from the internet by a bridging firewall. PF isn't enabled on the ntpd-server-box in question. Jeff
Re: ntpd as server logging...
From: [EMAIL PROTECTED] Is there a way to log update requests from other computers on the lan? I'm trying to sync some [EMAIL PROTECTED] workstations and the update request always fail--both with it and with other time servers. I can sync my openbsd workstation with it no problem, but nothing shows in the logs then, either. Thanks for the reply. I guess I should have made my question more clear. I'm more interested in the logging capabilities of ntpd in server mode. Because my OpenBSD workstation can sync to the server, ntpd is working. I thought logging might give me some clues about what is going on with XP. So far as I can tell right now, it isn't even attempting to contact the server. You might try a tcpdump on your ntp box and see what (if anything) the windows systems is sending you. Ditto on the windows system. (Ethereal? windump?) See if it is even trying to talk to your ntp server on 123/udp. DS
to upgrade or not to upgrade
i have 2 servers running 3.8 (since march 21) and doing very nicely. i had my own computer running 3.8 till monday, but wanted to see how the upgrade process worked and so it is running 3.9 now (again very nicely). should i upgrade the servers? possible rationale to do so: 1. keep all machines consistent 2. keep the upgrade process doable with adjacent versions 3. take advantage of some of the newer features and software possible rationale not to do so: 1. machines aren't doing same thing so perhaps they shouldn't be consistent 2. newer features and software may create problems for some sites (eg something coded for php4 may not work quite right away with php5) additionally, what is the feeling regarding upgrading vs fresh install? i found the upgrading to be very painless (even though the change from mysql 4 to mysql 5 added an extra db called information_schema for some reason that i don't understand yet). the upgrading faq says that you won't get quite the same thing though as a fresh install, but i certainly didn't interpret this comment to be in a negative sense. i presume that the upgrade process exists to be used and really is preferable to a fresh install so that we can keep moving up versions in the most efficient manner possible? -- In friendship, prad ... with you on your journey Towards Freedom http://www.towardsfreedom.com (website) Information, Inspiration, Imagination - truly a site for soaring I's
Re: pfsync cluster fails to fail with state .....
Chris Cappuccio wrote:
Wouldn't you need to be running sasyncd to make this work properly?
BTW do you work at speakeasy?
Dag Richards [EMAIL PROTECTED] wrote:
First this used to work in 3.8 on these machines. Then they were
playthings in the 'lab', now they are all upgraded to 3.9 and ready to
deploy ... or are they?
There are two goofy things happening here ( three if you count me ).
I can't tell if this is a symptom or cause, but I can not NAT behind
a carp addr.
fw0:root:/root #ifconfig carp10
carp10: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
description: virtual if for external traffic
carp: MASTER carpdev xl0 vhid 22 advbase 1 advskew 10
groups: carp
inet 10.120.10.100 netmask 0xff00 broadcast 10.120.10.255
fw1:root:/root #ifconfig carp10
carp10: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
description: virtual if for external traffic
carp: BACKUP carpdev xl0 vhid 22 advbase 1 advskew 100
groups: carp
inet 10.120.10.100 netmask 0xff00 broadcast 10.120.10.255
the carp ifaces can do addr takeover, I have preempt on, my packets
route and return properly, as long as each machine NAT behind xl0.
Things seem to work except that on a fail-over a running download stalls
and never recovers.
If I try to NAT behind carp10 ... nothing comes out. I have the xl0's
on a hub and I watch on a 3'rd party. Even with this ruleset:
=
set block-policy drop
# Normalization
scrub in no-df
# Translation
nat on carp10 from xxx.xxx.35.0/24 to any -carp10
#nat on xl0 from xxx.xxx.35.0/24 to any -xl0
pass in quick log on { enc0 em1 em0 xl0 carp10 carp35 lo } keep state
pass out quick log on { enc0 em1 em0 xl0 carp10 carp35 lo } keep state
I see nothing leave carp10 when initiated from host xxx.xxx.35.235.
If I switch out the nat to xl0 it works, but stateful failover does not.
doing a dump on enc0 I see what looks like happy pfsync traffic
===
fw1:root:/root #tcpdump -ni enc0
tcpdump: WARNING: enc0: no IPv4 address assigned
tcpdump: listening on enc0, link-type ENC
08:43:30.293191 (authentic,confidential): SPI 0x9238583f: xxx.xxx.35.3:
TDB UPD:
(DF) [tos 0x10] (encap)
08:43:30.295997 (authentic,confidential): SPI 0xdaf988d3: xxx.xxx.35.2:
TDB UPD:
(DF) [tos 0x10] (encap)
08:43:30.779450 (authentic,confidential): SPI 0x9238583f: xxx.xxx.35.3:
UPD ST COMP:
(DF) [tos 0x10] (encap)
08:43:30.785927 (authentic,confidential): SPI 0xdaf988d3: xxx.xxx.35.2:
UPD ST COMP:
(DF) [tos 0x10] (encap)
08:43:31.109482 (authentic,confidential): SPI 0x9238583f: xxx.xxx.35.3:
UPD ST COMP:
(DF) [tos 0x10] (encap)
08:43:31.293203 (authentic,confidential): SPI 0x9238583f: xxx.xxx.35.3:
TDB UPD:
(DF) [tos 0x10] (encap)
08:43:31.295997 (authentic,confidential): SPI 0xdaf988d3: xxx.xxx.35.2:
TDB UPD:
(DF) [tos 0x10] (encap)
08:43:31.623265 (authentic,confidential): SPI 0x9238583f: xxx.xxx.35.3:
UPD ST COMP:
(DF) [tos 0x10] (encap)
08:43:31.786090 (authentic,confidential): SPI 0xdaf988d3: xxx.xxx.35.2:
UPD ST COMP:
(DF) [tos 0x10] (encap)
===
if I run pftop on each fw and initiate a session through one it appears
to show on the others state table.
So I assume the failure is due to my inability to NAT behind carp.
Would some one be willing to call me an idiot _AND_ give me a hint?
Hi thanks.
Sasync is for keeping vpn ( SA and SPI ) state info in sync between n
number of vpn servers, it works well we use that too.
And no I work for a local government agency in norcal.
Re: to upgrade or not to upgrade
On Friday 12 May 2006 12:44, prad wrote: i have 2 servers running 3.8 (since march 21) and doing very nicely. i had my own computer running 3.8 till monday, but wanted to see how the upgrade process worked and so it is running 3.9 now (again very nicely). should i upgrade the servers? possible rationale to do so: 1. keep all machines consistent 2. keep the upgrade process doable with adjacent versions 3. take advantage of some of the newer features and software possible rationale not to do so: 1. machines aren't doing same thing so perhaps they shouldn't be consistent 2. newer features and software may create problems for some sites (eg something coded for php4 may not work quite right away with php5) additionally, what is the feeling regarding upgrading vs fresh install? i found the upgrading to be very painless (even though the change from mysql 4 to mysql 5 added an extra db called information_schema for some reason that i don't understand yet). the upgrading faq says that you won't get quite the same thing though as a fresh install, but i certainly didn't interpret this comment to be in a negative sense. i presume that the upgrade process exists to be used and really is preferable to a fresh install so that we can keep moving up versions in the most efficient manner possible? If you look at http://openbsd.org/plus39.html you will see a good list of all the changes made to 3.9. It's an impressive list, as usual. I'd build up a test system to verify that things will go well first, and then make the move. Given that you are running php, I'd want to run the latest version, given how bug prone it seems to be. But only you can determine all this, so get going with a little test system. ;-) --STeve Andre'
Re: laptops needed
I think drinking beer under a palm tree beats drinking beer at a
keyboard any day.
Why not drink a beer under a palm tree while at the keyboard?
Living in South Florida I have had the good luck to have many an
opportunity to do this... and I must say... it's pretty satisfying!
Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of John Kintaro Tate
Sent: Friday, May 12, 2006 7:25 AM
To: Shane J Pearson
Cc: [EMAIL PROTECTED]
Subject: Re: laptops needed
On 4/10/06, Shane J Pearson [EMAIL PROTECTED] wrote:
Gustavo,
On 2006.04.10, at 10:13 AM, Gustavo Rios wrote:
Excuse gentleman,
but i don't see any rationale behind that tense:
one could argue that people who live in such places should
not have computers)
I believe that's humour.
Who wants to code when you've got island life outside? Palm trees,
fishing, swimming, bikinis, seafood, etc. I think drinking beer under
a palm tree beats drinking beer at a keyboard any day.
Also, maybe from Theo's perspective, I've heard tell that it can get
pretty cold in Canada.
I live in Australia, there are beautiful national parks and great
weather
outside, but im not going anywhere unless the girlfriend asks.
--
There is only one God who creates the universe. This God is my Brain.
As
the driver of this Brain I have created a universe in which there are
innumerable other Gods of equal post-hive autonomy with whom I seek to
interest. And my universe was, itself, created by a Higher Level of
DivinityDNA, whose mysteries and wonders I seek to understand and
harmonize
with. - Dr. Timothy Leary, Beware Of Monotheism.
http://deoxy.org/bom.htm
SCSI-HD problems at install
Hello! I have a machine with Tekram DC395-UW with one IBM-disk ID2, a SONY-burner ID3 and two Seagate ST39102LW (ID0 and ID1). Id0 is set to be bootdrive in Tekram BIOS (ver 3.03). The install starts fine from a IDE-cdromdrive (the SONY wont work, any ideas?). But when the disks are about ot be formated it stops to work. Labels from previous tries are there, but i cant assign mountpoints to all of them. When format is about to start it says (and sometimes after would you like to use *all* of sd0 for openBSD? yes) check condition (error 0x70) on opcode 0x28 senskey illegal request asc/ascq asc 0x24 ascq 0x00 frucode 0x1 sksv error in CDB offset 3 bit 2 check condition (error 0x70) on opcode 0x28 senskey illegal request asc/ascq asc 0x24 ascq 0x00 frucode 0x1 sksv error in CDB offset 4 bit 6 Any ideas? Jon Sjvstedt
Re: ntpd as server logging...
On Fri, 12 May 2006, Spruell, Darren-Perot wrote: From: [EMAIL PROTECTED] Is there a way to log update requests from other computers on the lan? I'm trying to sync some [EMAIL PROTECTED] workstations and the update request always fail--both with it and with other time servers. I can sync my openbsd workstation with it no problem, but nothing shows in the logs then, either. Thanks for the reply. I guess I should have made my question more clear. I'm more interested in the logging capabilities of ntpd in server mode. Because my OpenBSD workstation can sync to the server, ntpd is working. I thought logging might give me some clues about what is going on with XP. So far as I can tell right now, it isn't even attempting to contact the server. You might try a tcpdump on your ntp box and see what (if anything) the windows systems is sending you. Ditto on the windows system. (Ethereal? windump?) See if it is even trying to talk to your ntp server on 123/udp. DS Yes, I am an idiot. I forgot that tcpdump is the Swiss Army Knife of sniffing traffic. Anyway, it's working now. Without me making any additional changes on the windows box. Thanks to all, Jeff
Re: laptops needed
On Fri, May 12, 2006 at 09:25:11PM +1000, John Kintaro Tate wrote: Who wants to code when you've got island life outside? Palm trees, fishing, swimming, bikinis, seafood, etc. I think drinking beer under a palm tree beats drinking beer at a keyboard any day. Also, maybe from Theo's perspective, I've heard tell that it can get pretty cold in Canada. I live in Australia, there are beautiful national parks and great weather outside, but im not going anywhere unless the girlfriend asks. Came across this recently, http://en.wikipedia.org/wiki/Lucky_Country interesting is this excerpt: Horne's statement was actually made ironically, as an indictment of 1960s Australia. His intent was to comment that, while other nations developed based on clever means such as technology and other innovations, Australia did not. [1] ... I keep wondering how Australia keeps pace with its relatively low population in a world where a country like China floods the world with electronics equipment. How does Australia keep its sovereignty? Obviously someone has to check whether electronic hardware from elsewhere is going to profit or harm a country. Sit under yer palm tree all ya want though... :) To reduce any effort of reverse engineering software to find backdoors an Open Source Operating System like OpenBSD is just the right thing, as reading source is a lot better than disassembling binary. Also pushing for open hardware documentation would only make sense for a country such as .au. Regards, -p
Re: laptops needed
On 12/05/06, Dan Farrell [EMAIL PROTECTED] wrote: I think drinking beer under a palm tree beats drinking beer at a keyboard any day. Why not drink a beer under a palm tree while at the keyboard? Living in South Florida I have had the good luck to have many an opportunity to do this... and I must say... it's pretty satisfying! Like Ellen Feiss with her G4? :) http://www.ellenfeiss.net/movie.php?movie=movies/ellen_feiss_02.mov
int vs. long
Hey folks, i am writing a program to perform some tasks i would like to do. I am running 3.8 on 64 bit box, for now. While playing around with int a long types i could see a performance improvement when using long type over the same method using int type. What is the theory behind this increase on performance? If theory validades the practice, could i infere i should always use long instead of int on my 64 machines? Thanks a lot for your time and cooperation. Best regards.
Re: is openntpd 3.9 real?
* [EMAIL PROTECTED]@mgEDV.net [EMAIL PROTECTED] [2006-05-12 14:36]: is this a real release of henning/etc... or is there something wrong? yes, it is real, I am waiting for the portable before I update the website tho. bgpd ospfd went 3.9 too -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: int vs. long
What are you storing in your ints/longs, what operations are you doing on them, and how significant is the difference in speed that you observe under what cicumstances? Choosing a type based on speed will generate potentially unportable code, whereas choosing a type based on what data you will actually store will be safer. There are type called int_fast32_t, uint_fast64_t etc. (from 8 to 64 bits, both int and uint) in the C standard, in stdint.h. They are supposed to be the fasted integer type of at least the mentioned number of bits. Use these and pick the width that you will actually need. Regards, Andreas ps. You and I talked about something similar before: http://monkey.org/openbsd/archive/misc/0305/msg00448.html The difference is that stdint.h now exists in OpenBSD... On 12/05/06, Gustavo Rios [EMAIL PROTECTED] wrote: Hey folks, i am writing a program to perform some tasks i would like to do. I am running 3.8 on 64 bit box, for now. While playing around with int a long types i could see a performance improvement when using long type over the same method using int type. What is the theory behind this increase on performance? If theory validades the practice, could i infere i should always use long instead of int on my 64 machines? Thanks a lot for your time and cooperation. Best regards. -- Andreas Kahari Somewhere in the general Cambridge area, UK
OpenOffice with JRE or without?
In investigating what's needed to install configure OpenOffice, I see on their Website that I have the choice of downloading it with or without the JRE. Remembering some of traffic here discussing the issues of installing/compiling Java 1.5, how stable is the Linux JRE on OpenBSD? Am I better off downloading OpenOffice without the JRE expect to build it myself? In this case, am I forced to install/compile Java before installing OpenOffice? Thanks for any shared candor. j
Re: OpenOffice with JRE or without?
[EMAIL PROTECTED] wrote: In investigating what's needed to install configure OpenOffice, I see on their Website that I have the choice of downloading it with or without the JRE. Remembering some of traffic here discussing the issues of installing/compiling Java 1.5, how stable is the Linux JRE on OpenBSD? Am I better off downloading OpenOffice without the JRE expect to build it myself? In this case, am I forced to install/compile Java before installing OpenOffice? Thanks for any shared candor. You don't really need Java to run OpenOffice 2.x. I have downloaded and ran OO with redhat emulation, and after starting OO, it just says it can't find JRE. The program will continue to startup and in the options section, you can click on the java portion and unselect Use a Java runtime environment I've had no problems with OO 2.x. I've been told that certain applications will not work with this, but I use writer, calc, and impress with no issues... Regards, Bryan You're either right, or you're happy... you can't be both --husband's creed
pfctl: DIOCADDALTQ: Cannot allocate memory
Clean install of OpenBSD 3.9-stable
Attempting to use ALTQ to provide audio stability for Cisco ATA-186
SIP device.
Offending section of pf.conf:
altq on $ext_if cbq bandwidth 1.542Mb queue { std, voip, smtp, ssh,
http, ftp }
queue std on $ext_if bandwidth 350Kb cbq(default)
queue voip on $ext_if bandwidth 192Kb priority 7 cbq(borrow)
queue smtp on $ext_if bandwidth 250Kb cbq(borrow)
queue ssh on $ext_if bandwidth 250Kb { ssh_login, ssh_bulk }
queue ssh_login bandwidth 25% priority 4 cbq(ecn)
queue ssh_bulk bandwidth 75% cbq(ecn)
queue http bandwidth 250Kb cbq(borrow)
queue ftp bandwidth 250Kb priority 3 cbq(borrow rio)
on every attempt to start pf with this section active, I get:
pfctl: DIOCADDALTQ: Cannot allocate memory
I dug through the archives and found a single query on this from
2003 where Henning commented on a possible malloc/pool error in
ENONMEM, but nothing further was posted.
I read through http://www.openbsd.org/faq/pf/queueing.html, but it
didn't really detail anything except syntax (which is what it's
supposed to do). A bit of searching turned up a kernel modification
for _Free_BSD, but nothing for Open.
Top of the dmesg is:
OpenBSD 3.9-stable (GENERIC) #0: Wed May 10 09:15:48 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache)
351 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR
real mem = 536387584 (523816K)
avail mem = 485388288 (474012K)
using 4278 buffers containing 26923008 bytes (26292K) of memory
Any ideas on how to resolve this?
Thanks,
--
Ed V.
I am the computer your mother warned you about.
Re: PF references
Nick Holland wrote: Thanks Nick I should have said I checked all the usual suspects. Sorry. News Collector wrote: Hello: Where (what) is the canonical site (or book) for PF. documentation-wise? Yeah that would be the OpenBSD man pages. They are authoritative. When things change, they get updated, or people get beaten. In particular, see pf.conf(5), pfct.(8), pf(4) and the SEE ALSOs in each. Beyond that, there are several websites and books. My personal favorite website is the OpenBSD website itself, but I may be biased. :) OK what book? I'm a PF users and I used it for non-trivial tasks. So I all (take with gain of salt) most at the level of many docs. Also PF is a moving target. I wished (wish is the correct word) all authoritative document. Give to prefect my PF chops. Are there any site where talk about PF is a application (like for OS X). probably. There's a website for just about everything. Talk is cheap. OS X has PF, but there's a interface that limits what you can do. They don't document their interface to it. OS X has lot of fancy way to do trivial thinks you meant not want done. One Last, has anyone done any work on using CARP, Quite a few people have, yes. ;) I know synchronizations depends on similar cpus with similar clocks and constrained clock drift. read it in a book but I thank you are well within their bounds. The book makes the statement that given a set of hosts which can communicate. It is impossible for a given host to tell the difference between a slow host and a failed host( in the absence of timeouts). So if the timeout is too fast on a fast host it may think a slow host has failed. The book doesn't give parameter for this kind of failure. This answer my question because I was had close matching machine but not exactly. oh? News to me. And the Celeron 600 that I CARPed with a PIII-750. Don't really have to even be the same platform, though it can create administrative problems (On this machine, carp0 is on the dc0, on that machine, it's on hme3). Nick.
compile squid with auth_ldap
Hi, im having many problems compiling squid 2.5stable13 with ldap_auth, these is what i have done: ./configure --enable-basic-auth-helpers=LDAP \ --enable-external-acl-helpers=ldap_group \ --enable-auth=basic,ntlm --enable-pf-transparent make all this is the error message squid_ldap_auth.c: In function `open_ldap_connection': squid_ldap_auth.c:219: error: `LDAP' undeclared (first use in this function) squid_ldap_auth.c:219: error: `ld' undeclared (first use in this function) squid_ldap_auth.c:245: warning: implicit declaration of function `ldap_init' squid_ldap_auth.c: In function `main': squid_ldap_auth.c:315: error: `LDAP' undeclared (first use in this function) squid_ldap_auth.c:315: error: `ld' undeclared (first use in this function) squid_ldap_auth.c:317: error: `LDAP_PORT' undeclared (first use in this function) squid_ldap_auth.c:377: error: `LDAP_SCOPE_BASE' undeclared (first use in this function) squid_ldap_auth.c:379: error: `LDAP_SCOPE_ONELEVEL' undeclared (first use in this function) squid_ldap_auth.c:381: error: `LDAP_SCOPE_SUBTREE' undeclared (first use in this function) squid_ldap_auth.c:405: error: `LDAP_DEREF_NEVER' undeclared (first use in this function) squid_ldap_auth.c:407: error: `LDAP_DEREF_ALWAYS' undeclared (first use in this function) squid_ldap_auth.c:409: error: `LDAP_DEREF_SEARCHING' undeclared (first use in this function) squid_ldap_auth.c:411: error: `LDAP_DEREF_FINDING' undeclared (first use in this function) squid_ldap_auth.c:538: error: `LDAP_INVALID_CREDENTIALS' undeclared (first use in this function) squid_ldap_auth.c:540: warning: implicit declaration of function `ldap_unbind' squid_ldap_auth.c:544: warning: implicit declaration of function `ldap_err2string' squid_ldap_auth.c:544: warning: format argument is not a pointer (arg 2) squid_ldap_auth.c:548: error: `LDAP_SUCCESS' undeclared (first use in this function) squid_ldap_auth.c: At top level: squid_ldap_auth.c:590: error: syntax error before '*' token squid_ldap_auth.c: In function `checkLDAP': squid_ldap_auth.c:594: error: `LDAP' undeclared (first use in this function) squid_ldap_auth.c:594: error: `bind_ld' undeclared (first use in this function) squid_ldap_auth.c:597: error: `password' undeclared (first use in this function) squid_ldap_auth.c:608: error: `LDAPMessage' undeclared (first use in this function) squid_ldap_auth.c:608: error: `res' undeclared (first use in this function) squid_ldap_auth.c:609: error: `entry' undeclared (first use in this function) squid_ldap_auth.c:613: error: `search_ld' undeclared (first use in this function) squid_ldap_auth.c:613: error: `persistent_ld' undeclared (first use in this function) squid_ldap_auth.c:616: error: `ldapServer' undeclared (first use in this function) squid_ldap_auth.c:616: error: `port' undeclared (first use in this function) squid_ldap_auth.c:618: error: `userid' undeclared (first use in this function) squid_ldap_auth.c:620: warning: implicit declaration of function `ldap_simple_bind_s' squid_ldap_auth.c:621: error: `LDAP_SUCCESS' undeclared (first use in this function) squid_ldap_auth.c:622: warning: format argument is not a pointer (arg 3) squid_ldap_auth.c:630: warning: implicit declaration of function `ldap_search_s' squid_ldap_auth.c:632: error: `LDAP_PARTIAL_RESULTS' undeclared (first use in this function) squid_ldap_auth.c:639: warning: format argument is not a pointer (arg 3) squid_ldap_auth.c:650: warning: implicit declaration of function `ldap_first_entry' squid_ldap_auth.c:657: warning: implicit declaration of function `ldap_get_dn' squid_ldap_auth.c:657: warning: assignment makes pointer from integer without a cast squid_ldap_auth.c:673: warning: implicit declaration of function `ldap_msgfree' squid_ldap_auth.c:693: warning: implicit declaration of function `ldap_compare_s' squid_ldap_auth.c:693: error: `LDAP_COMPARE_TRUE' undeclared (first use in this function) squid_ldap_auth.c: At top level: squid_ldap_auth.c:118: warning: `use_tls' defined but not used squid_ldap_auth.c:119: warning: `version' defined but not used *** Error code 1 Stop in /usr/src/squid-2.5.STABLE13/helpers/basic_auth/LDAP. *** Error code 1 Stop in /usr/src/squid-2.5.STABLE13/helpers/basic_auth (line 173 of Makefile). *** Error code 1 Stop in /usr/src/squid-2.5.STABLE13/helpers (line 168 of Makefile). *** Error code 1 Stop in /usr/src/squid-2.5.STABLE13 (line 228 of Makefile). # i have installed the ldap's server and client libraries. I foun this post in the archives. http://marc.theaimsgroup.com/?l=openbsd-miscm=114334720314723w=2 but the user is trying to install from ports, i want to compile from source, it seems like is a library missing somewhere, how can i be sure? thanks
Re: To forward, or not to forward
From: [EMAIL PROTECTED] My goal with the bridge is to filter all traffic coming in from the outside world, while allowing servers my servers behind the bridge to connect freely even if their traffic has to travel out to the router and back(keep state?). My point of confusion is whether or not to turn on forwarding. I have heard arguments for both. One person believes that setting forwarding to 1 bypasses pf. Another believes that setting forwarding to 0 increases performance. Forwarding allows packets to travel from one interface to another. To my knowledge, you won't pass traffic through your firewall without it enabled. Examples of transparent firewalls always enable it: http://ezine.daemonnews.org/200207/transpfobsd.html http://www.openlysecure.org/openbsd/how-to/invisible_firewall.html And as for a bridge, you don't have an in interface and an out interface, as you would with a L3-aware system. A bridge is a layer 2 device, so you can simplify your ruleset and thought process by passing all of your traffic on one interface, and just applying your filters to the other interface. DS
Re: To forward, or not to forward
Dear misc, If I'm not using NAT, do I still need to use forwarding? -Orlando On Friday, May 12, 2006, Spruell, Darren-Perot wrote: From: [EMAIL PROTECTED] My goal with the bridge is to filter all traffic coming in from the outside world, while allowing servers my servers behind the bridge to connect freely even if their traffic has to travel out to the router and back(keep state?). My point of confusion is whether or not to turn on forwarding. I have heard arguments for both. One person believes that setting forwarding to 1 bypasses pf. Another believes that setting forwarding to 0 increases performance. Forwarding allows packets to travel from one interface to another. To my knowledge, you won't pass traffic through your firewall without it enabled. Examples of transparent firewalls always enable it: http://ezine.daemonnews.org/200207/transpfobsd.html http://www.openlysecure.org/openbsd/how-to/invisible_firewall.html And as for a bridge, you don't have an in interface and an out interface, as you would with a L3-aware system. A bridge is a layer 2 device, so you can simplify your ruleset and thought process by passing all of your traffic on one interface, and just applying your filters to the other interface. DS -- Best regards, Orlando L. Castro
Applying a patch for ghostscript
Hi
I know this isn't a valid question but I have been trying to patch the
ghostscript from 3.9 to include the hl1250 printer but I can't get it to
work.
I have used this patch with 3.8 succesfully, but I don't know if it
needs to be changed other than the patch version number which I have
changed from 7 to 8.
How exactly do I use this diff with succes if possible?
Best and kind regards!
Rico.
Index: Makefile
===
RCS file: /home/cvs/OpenBSD/ports/print/ghostscript/gnu/Makefile,v
retrieving revision 1.42
diff -u -r1.42 Makefile
--- Makefile2 Jun 2005 17:52:12 - 1.42
+++ Makefile9 Oct 2005 05:03:49 -
@@ -4,7 +4,7 @@
VERSION= 7.05
DISTNAME= ghostscript-${VERSION}
-PKGNAME= ${DISTNAME}p7
+PKGNAME= ${DISTNAME}p8
CATEGORIES=print lang
DIR= gnu/gs${VERSION:S/.//}
@@ -88,7 +88,7 @@
$$(DD)stcolor.dev $$(DD)t4693d2.dev $$(DD)t4693d4.dev $$(DD)t4693d8.dev
$$(DD)tek4696.dev \
$$(DD)uniprint.dev $$(DD)dfaxhigh.dev $$(DD)dfaxlow.dev $$(DD)cif.dev
$$(DD)inferno.dev \
$$(DD)mgrmono.dev $$(DD)mgrgray2.dev $$(DD)mgrgray4.dev $$(DD)mgrgray8.dev \
-$$(DD)mgr4.dev $$(DD)mgr8.dev $$(DD)sgirgb.dev
+$$(DD)mgr4.dev $$(DD)mgr8.dev $$(DD)sgirgb.dev $$(DD)hl1250.dev
MAKE_FLAGS=${BASE_FLAGS} prefix=${PREFIX}
Index: patches/patch-src_contrib_mak
===
RCS file: patches/patch-src_contrib_mak
diff -N patches/patch-src_contrib_mak
--- /dev/null 1 Jan 1970 00:00:00 -
+++ patches/patch-src_contrib_mak 9 Oct 2005 05:03:49 -
@@ -0,0 +1,22 @@
+$OpenBSD$
+--- src/contrib.mak.orig Sat Oct 8 21:51:31 2005
src/contrib.makSat Oct 8 21:52:15 2005
+@@ -876,3 +876,18 @@ $(DD)sunhmono.dev : $(sunr_) $(DD)page.d
+ $(GLOBJ)gdevsunr.$(OBJ) : $(GLSRC)gdevsunr.c $(PDEVH)
+ $(GLCC) $(GLO_)gdevsunr.$(OBJ) $(C_) $(GLSRC)gdevsunr.c
+
++### The Brother HL-1250 printer ###
++### This printer is ljet4-compatible, plus support for source tray###
++### selection and special 1200x600 dpi mode. ###
++
++hl1250_=$(GLOBJ)gdevhl12.$(OBJ) $(HPDLJM)
++$(DD)hl1250.dev : $(hl1250_) $(DD)page.dev
++ $(SETPDEV) $(DD)hl1250 $(hl1250_)
++
++$(DD)hl1240.dev : $(hl1250_) $(DD)page.dev
++ $(SETPDEV) $(DD)hl1240 $(hl1250_)
++
++# Author: Marek Michalkiewicz [EMAIL PROTECTED]
++# Printer: Brother HL-1250 (may work with some other models too)
++$(GLOBJ)gdevhl12.$(OBJ) : $(GLSRC)gdevhl12.c $(PDEVH) $(gdevdljm_h)
++ $(GLCC) $(GLO_)gdevhl12.$(OBJ) $(C_) $(GLSRC)gdevhl12.c
Index: patches/patch-src_gdevhl12_c
===
RCS file: patches/patch-src_gdevhl12_c
diff -N patches/patch-src_gdevhl12_c
--- /dev/null 1 Jan 1970 00:00:00 -
+++ patches/patch-src_gdevhl12_c9 Oct 2005 05:03:49 -
@@ -0,0 +1,746 @@
+$OpenBSD$
+--- src/gdevhl12.c.origSat Oct 8 21:52:54 2005
src/gdevhl12.c Sat Oct 8 21:52:37 2005
+@@ -0,0 +1,742 @@
++/*
++ Contributors:
++ Created by Marek Michalkiewicz [EMAIL PROTECTED]
++
++ THIS SOFTWARE IS NOT COPYRIGHTED
++
++ This source code is offered for use in the public domain. You may
++ use, modify or distribute it freely.
++
++ This code is distributed in the hope that it will be useful, but
++ WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
++ DISCLAIMED. This includes but is not limited to warranties of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
++
++ (Legalese borrowed from the Mingw32 runtime libraries.)
++ */
++
++/*$Id: gdevhl12.c,v 1.6 2002/07/30 18:53:21 easysw Exp $ */
++/* gdevhl12.c - Brother HL-1250 driver for Ghostscript */
++
++/*
++ This driver handles the 1200x600 dpi mode, and some settings like
++ paper source and toner save mode. 600x600 dpi and below is handled
++ by gdevdljm.c (basically as in the ljet4 device, with minor changes
++ in initialization and margins, and PCL wrapped in PJL).
++
++ There are two device names made available by this driver, which
++ differ only in the default (maximum) resolution:
++
++ -sDEVICE=hl1240
++ 600x600 dpi, for HL-1030/1240 (uses standard PCL modes 2 and 3)
++
++ -sDEVICE=hl1250
++ 1200x600 dpi, for HL-1050/1070/1250/1270N
++ (uses special compression mode 1027 for 1200x600 dpi,
++ otherwise modes 2 and 3 as above)
++
++ Tested with a HL-1250, both 1200x600 and 600x600 dpi. Please test
++ with other models and report results (both problems and success).
++ Some notes on the other models:
++
++ HL-1070 and HL-1270N
++ can also print Postscript directly, at maximum 600x600 dpi
++ (this driver can print 1200x600 dpi using mode 1027).
++
++ HL-1240
++ should no longer be limited to 300 dpi - this driver sends
++ the recommended @PJL SET RESOLUTION=...
Re: is openntpd 3.9 real?
On Fri, May 12, 2006 at 10:45:39PM +1000, Darren Tucker wrote: The ChangeLog is from the Portable branch and the Portable packages haven't been made yet because, well, I'm a slacker. They should be ready tomorrow. Will it include the leap second patch Thorsten Glaser posted earlier this week?
Re: To forward, or not to forward
On Fri, May 12, 2006 at 05:06:31PM -0700, [EMAIL PROTECTED] wrote: If I'm not using NAT, do I still need to use forwarding? Only if you want packets coming in on one interface to go out another interface. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: is openntpd 3.9 real?
* Matthew R. Dempsky [EMAIL PROTECTED] [2006-05-13 03:00]: On Fri, May 12, 2006 at 10:45:39PM +1000, Darren Tucker wrote: The ChangeLog is from the Portable branch and the Portable packages haven't been made yet because, well, I'm a slacker. They should be ready tomorrow. Will it include the leap second patch Thorsten Glaser posted earlier this week? no. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
dhcpd problem: Can't get interface flags for ... device not configured
May 12 16:23:45 vfi dhcpd: Can't get interface flags for
\M-{9\M-l\M-Xt\M-X\M-?\M-OI\M-!\^A: Device not configured
May 12 16:23:45 vfi dhcpd:
May 12 16:23:45 vfi dhcpd: If you did not get this software from
ftp.isc.org, please
May 12 16:23:45 vfi dhcpd: get the latest from ftp.isc.org and install
that before
May 12 16:23:45 vfi dhcpd: requesting help.
I just made a quick change to my dhcpd config, and tried to restart. Am
now getting the error message above.
Anyone know what that is?
I'm using isc-dhcpd-V3.0pl2 on OpenBSD 3.3, I've also tried the latest
dhcpd, and examined my config files for stupid typos (none found). This
system has been running dhcpd for years without prior issues.
Thanks.
--
Sincerely,
Kirk Ismay
System Administrator
--
Net Idea
201-625 Front Street Nelson, BC V1L 4B6
P:250-352-3512 | F:250-352-9780 | TF:888-246-4222
10 Years of Service Excellence!
Visit us online at:
www.netidea.com | www.netidea.biz
Re: is openntpd 3.9 real?
On Sat, May 13, 2006 at 03:44:41AM +0200, Henning Brauer wrote: * Matthew R. Dempsky [EMAIL PROTECTED] [2006-05-13 03:00]: Will it include the leap second patch Thorsten Glaser posted earlier this week? no. Can I ask why his patch has been rejected?
Re: Laptop recommendations
On 5/11/06, Roger Neth Jr [EMAIL PROTECTED] wrote: On 5/11/06, Bryan Irvine [EMAIL PROTECTED] wrote: snip I had checked the archives for misc@, and what I had read indicated that the Macbook Pro could boot OpenBSD using Parallels virtualization software, but not natively due to hang while probing USB. Also, I'm under the opinion that the wireless doesn't work as they use broadcom adapters under the Airport Express name. I could be wrong though. I was just wondering if that had improved any. snip The Broadcom thing still applies. No drivers for airport. --Bryan Hello List, I was looking on Ebay for OpenBSD type of stuff and came across this. Doesn't this hurt the project? : ( Or are they just generous? http://cgi.ebay.com/OpenBSD-3-9-3-CD-Full-Set_W0QQitemZ7235743360QQcategoryZ4619QQssPageNameZWD1VQQrdZ1QQcmdZViewItem rogern John 3:16 I contacted the seller and asked Is this the full CD set with stickers, or copies of the CD's? This is the response I got: These cds are copies of the official 3 cd set. All cds are verified by test installations of the product. The official 3 CD set is available from www.openbsd.org for $45+$4 shipping and handling. To answer the question, Does this hurt the project? I respond, it doesn't help. eBay has strict policies about the illegal selling of copywrite protected items, and this qualifies. just go to the auction, and at the bottom is a link that reads Report this Item. It infringes on the copyright of Theo de Raadt. IIRC, three strikes and you're out on ebay. Jim
Re: Laptop recommendations
On 5/12/06, Samurai Chef [EMAIL PROTECTED] wrote: On 5/11/06, Roger Neth Jr [EMAIL PROTECTED] wrote: On 5/11/06, Bryan Irvine [EMAIL PROTECTED] wrote: snip I had checked the archives for misc@, and what I had read indicated that the Macbook Pro could boot OpenBSD using Parallels virtualization software, but not natively due to hang while probing USB. Also, I'm under the opinion that the wireless doesn't work as they use broadcom adapters under the Airport Express name. I could be wrong though. I was just wondering if that had improved any. snip The Broadcom thing still applies. No drivers for airport. --Bryan Hello List, I was looking on Ebay for OpenBSD type of stuff and came across this. Doesn't this hurt the project? : ( Or are they just generous? http://cgi.ebay.com/OpenBSD-3-9-3-CD-Full-Set_W0QQitemZ7235743360QQcategoryZ4619QQssPageNameZWD1VQQrdZ1QQcmdZViewItem rogern John 3:16 I contacted the seller and asked Is this the full CD set with stickers, or copies of the CD's? This is the response I got: These cds are copies of the official 3 cd set. All cds are verified by test installations of the product. The official 3 CD set is available from www.openbsd.org for $45+$4 shipping and handling. To answer the question, Does this hurt the project? I respond, it doesn't help. eBay has strict policies about the illegal selling of copywrite protected items, and this qualifies. just go to the auction, and at the bottom is a link that reads Report this Item. It infringes on the copyright of Theo de Raadt. IIRC, three strikes and you're out on ebay. Jim Hello Jim, Thanks for investigating this more diligently than I had done. I went ahead and reported this item. rogern John 3:16
i386/amd64 boot.8 patch
This patch should be applied to both sys/arch/i386/stand/boot/boot.8 and sys/arch/amd64/stand/boot/boot.8 Graham --- boot.8.origSat May 13 14:48:39 2006 +++ boot.8 Sat May 13 14:49:05 2006 @@ -210,7 +210,7 @@ .Pp .Dl [+-]size@address .Pp -Meaning to add(+) or exempt(-) the specified by the +Meaning to add(+) or exempt(-) .Ar size amount of memory at the location specified by the .Ar address
