Re: ftp-proxy issues
Camiel Dobbelaar schrieb: On Mon, 13 Nov 2006, Camiel Dobbelaar wrote: Ok, I think I found something in your original tcpdump: Nov 11 15:15:04.389556 failinghost.domain.com.ftp ftp-proxy.domain.com.48293: P 202:233(31) ack 56 win 46 ^^ nop,nop,timestamp 172680957 3630957581 (DF) [tos 0x10] : 4510 0053 7066 4000 4006 0292 c2f5 20b4 [EMAIL PROTECTED]@...C5 B4 0010: c2f5 20fe 0015 bca5 48d1 b99c bc2d 18c1 C5 C..BB%HCB9.B-.C 0020: 8018 002e b0fa 0101 080a 0a4a e6fd B0C:...JCC= 0030: d86c 040d 3235 3720 222f 2220 6973 2063 C l..257 / is c 0040: 7572 7265 6e74 2064 6972 6563 746f 7279 urrent directory 0050: 2e0d Whoops, and then pine dumped core on me. What I wanted to say: notice how failinghost shrinks the TCP window to just 46 bytes (win 46). That's not enough to fit the long path of the directory change, so that stays in the network buffers of the firewall waiting for failinghost to send an ACK with a bigger window size (opening up the window). Looks like failinghost is responsible for the stalled TCP connection. but i wonder, why it is working from the firewall-host (without proxy), from a host in the dmz or if i bypass ftp-proxy from the internal lan. -- Cam marc
Re: openbsd on cisco hardware? [OT]
On Mon, 13 Nov 2006, Jeffrey C. Ollie wrote: On Mon, 2006-11-13 at 15:12 -0600, Jacob Yocom-Piatt wrote: bingo! i wanted to see if i could use a 2620 i had laying around for its T1 line card and this is why i didn't expect it to be possible. the ISP here at work supplies a couple T1 lines which terminate into 1721s and i'd very much like to remove all cisco gear from the network. there are cisco 7200s as edge routers at the ISP. anybody got advice on the cheapest way to connect to such routers? the sangoma, accoom, etc. cards are pretty pricey. That is highly dependent on the technology your ISP is using underneath. In case you already have the 1721s just continue to use them, but remove functionality (i.e. routing) from them --- I recall them as rather simple but solid hardware for terminating circuits. The cheapest way that I can think of would be to get your ISP to provide you some sort of Metro Ethernet or Ethernet over TDM solution. That might be true, but this still depends on how your contract is (e.g. are you renting the 1721 from your ISP or are they yours)... In case your ISP provides them, switching to some kind of Ethernet would exactly do the same thing I suggested above --- the 1721 would simply act as 'dumb' line terminators... Otherwise your ISP would probably charge you something for the TDM termination equipment (EoTDM) or you would have to buy some very specific ethernet equipment (at least the 'right' type of GBICs, which might be as expensive as line cards). As this is rather OT contact me off-list for further questions. ++mbk
Re: OpenCON 2006
I will be there! Although, i asked to join the 10 years OpenBSD party and i chose paypal for the payement but it hasn't been claimed yet. How come ? On 11/13/06, Michele Marchetto [EMAIL PROTECTED] wrote: As you already know, OpenCON, the OpenBSD conference in Venice/Italy takes place on december 2.-3. Most talks are held by OpenBSD developers, but there will also be an impressive number of our developers attending the conference: Speakers are canacar, claudio, deraadt, dlg, felix, gwk, jsg, mbalmer, michele, and uwe. Also present will be jcs, krw, mglocker, robert, wvdputte, martin, reyk, grunk, dhartmei, aanriot, sturm, and bernd. Off course there will be an OpenBSD boot run by the usual suspects and you can buy our CD-ROMS, the Audio CD and other stuff. This is the premier opportunity to exchange information (and have a beer) with the OpenBSD folks. And of course this event is totally free to attend (if you want to join the 10 years OpenBSD party, there is a nominal fee, check our website for details.) For more information visit http://www.opencon.org/ and don't forget to register at http://www.opencon.org/registration.php. See you in Venice!
Re: getting siteXX.tgz, possible bug
On Mon, Nov 13, 2006 at 09:03:48PM -0500, Nick Holland wrote: Thanos Tsouanas wrote: Hello. For some reason, the site40.tgz wasn't recognized as an option when I was using http to get the sets, but it was when I moved the sets to my ftpd... Or maybe it was my bad. not really your bad...but an error of omission, none the less. :) You will note a file called index.txt with your files. When pulling from an http server, this file needs to match the files you have available, including site40.tgz. Thanks for the tip! I think it should check for siteXX.tgz by default as well, since I had no index.txt file containing the rest sets, it just figured them out, but it didn't check for the siteXX.tgz. That's buried in FAQ 5, but it probably needs to be elsewhere... Indeed burried! Nick. -- Thanos Tsouanas .: My Music: http://www.thanostsouanas.com/ http://thanos.sians.org/ .: Sians Music: http://www.sians.org/
Firewall partially failing with high traffic
I have a 3.8 PF/CARP setup that I can reproducibly screw up simply by cat'ing lots of text over a telnet session. It has several subnets, and several NICs, but only 1 subnet becomes unavailable. Everything else continues to work. There are no errors in messages, daemon, with PF debug set to misc. Counters all look normal, same with state table and netstat -m output. The only reason I believe it's the firewall is restarting it will bring the network back up. I can't (easily) give direct output from things like ifconfig or pf.conf as they're both huge and contain information I've been told we don't want to send out. Hopefully this doesn't prevent anyone from helping me out. gem0 - external gem1 - 120.x hme0 - 0.x hme1 - 121.x hme2 - 119.x Coming in on hme1 routed through gem1, I can cause everything off gem1 to stop working. The interface shows as up, but nothing works. All other interfaces work fine. PF continues to work as NAT and external firewalling still operates. No errors anywhere, even with debugging turned on in PF. netstat -m looks the same before and after. I'm hoping someone can give me a better way to debug this, considering I can reproduce it. I don't believe it's PF as I can disable and re-enable it with no effect. I've disabled ohci using config -e as those were the only errors I was seeing. Specifically: ohci0: 1 scheduling overruns However they didn't happen anywhere near this problem. dmesg (out of messages): syncing disks... done o arpresolve console is /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED]/[EMAIL PROTECTED],3f8 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2005 OpenBSD. All rights reserved. http://www.OpenBSD.org Copyright (c) 1995-2005 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 3.8 (CARP) #0: Fri Feb 24 15:29:15 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/CARP total memory = 1073741824 avail memory = 969023488 using 6553 buffers containing 53682176 bytes of memory bootpath: /[EMAIL PROTECTED],0/[EMAIL PROTECTED],0/[EMAIL PROTECTED],0/[EMAIL PROTECTED],0 mainbus0 (root): Sun Fire V120 (UltraSPARC-IIe 648MHz) cpu0 at mainbus0: SUNW,UltraSPARC-IIe @ 648 MHz, version 0 FPU cpu0: physical 32K instruction (32 b/l), 16K data (32 b/l), 2048K external (64 b/l) psycho0 at mainbus0 SUNW,sabre: impl 0, version 0: ign 7c0 bus range 0 to 3; PCI bus 0 DVMA map: c000 to e000 IOTDB: 4d0a000 to 4d8a000 pci0 at psycho0 ppb0 at pci0 dev 1 function 1 Sun Simba PCI-PCI rev 0x13 pci1 at ppb0 bus 1 ebus0 at pci1 dev 12 function 0 Sun PCIO Ebus2 (US III) rev 0x01 flashprom at ebus0 addr 0-f not configured clock1 at ebus0 addr 0-1fff: mk48t59: hostid 83f2bc1c ebus_attach: idprom: incomplete SUNW,lomh at ebus0 addr 20-23 ipl 42 not configured gem0 at pci1 dev 12 function 1 Sun ERI Ether rev 0x01: ivec 3006, address 00:03:ba:f2:bc:1c bmtphy0 at gem0 phy 1: BCM5221 100baseTX PHY, rev. 4 ohci0 at pci1 dev 12 function 3 Sun USB rev 0x01: ivec 24, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: Sun OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered Acer Labs M7101 Power rev 0x00 at pci1 dev 3 function 0 not configured Acer Labs M7101 Power rev 0x00 at pci1 dev 3 function 0 not configured ebus1 at pci1 dev 7 function 0 Acer Labs M1533 ISA rev 0x00 power at ebus1 addr 800-82f ipl 37 not configured com0 at ebus1 addr 3f8-3ff ipl 43: ns16550a, 16 byte fifo com0: console com1 at ebus1 addr 2e8-2ef ipl 43: ns16550a, 16 byte fifo pciide0 at pci1 dev 13 function 0 Acer Labs M5229 UDMA IDE rev 0xc3: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using ivec 180c for native-PCI interrupt pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) gem1 at pci1 dev 5 function 1 Sun ERI Ether rev 0x01: ivec 301c, address 00:03:ba:f2:bc:1d bmtphy1 at gem1 phy 1: BCM5221 100baseTX PHY, rev. 4 ohci1 at pci1 dev 5 function 3 Sun USB rev 0x01: ivec 26, version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: Sun OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 4 ports with 4 removable, self powered ppb1 at pci0 dev 1 function 0 Sun Simba PCI-PCI rev 0x13 pci2 at ppb1 bus 2 siop0 at pci2 dev 8 function 0 Symbios Logic 53c896 rev 0x07: ivec 1820, using 8K of on-board RAM scsibus0 at siop0: 16 targets sd0 at scsibus0 targ 0 lun 0: FUJITSU, MAT3073N SUN72G, 0602 SCSI4 0/direct fixed sd0: 70007MB, 14100 cyl, 24 head, 423 sec, 512 bytes/sec, 143374738 sec total sd1 at scsibus0 targ 1 lun 0: FUJITSU, MAT3073N SUN72G, 0602 SCSI4 0/direct fixed sd1: 70007MB, 14100 cyl, 24 head, 423 sec, 512 bytes/sec, 143374738 sec total siop1 at pci2 dev 8 function 1 Symbios Logic 53c896 rev 0x07: ivec 1820, using 8K of on-board RAM scsibus1 at siop1: 16 targets ppb2 at pci2 dev 5 function 0 Intel S21154AE/BE PCI-PCI rev 0x00 pci3 at ppb2 bus
Re: java on openbsd
On 11/14/06, Marc Ravensbergen [EMAIL PROTECTED] wrote: I am having a hard time getting java to work on openbsd. I'll bet. difference. I've googled for hours trying to find a solution, but can't seem to fix it. Lucky for you! My google works: http://www.google.com/search?q=openbsd+java I really don't want to download the source for java and compile... I am on dialup so every byte counts. I am sorry for this, as this is a very involved process that requires I agree several times through the build. I beleive it took me two days work on a fast machine on broadband. Only because of Sun's web pages (which are very hard to navigate using lynx, of course). netbsd and got it working through linux emulation as well. I had problems with netbsd so it didn't stick around, but I believe that java on bsd through emulation should be possible; probably just an oversight somwhere on my part. If anybody can give me some tips or tricks I would really appreciate it. I would, but I would just be (poorly) repeating information that developers have painstakingly documented. http://www.openbsd.org/faq/faq8.html#Programming Thanks for your time, Marc If you're just asking for somebody to provide you with a complete binary package of the completed build, then you are asking us to break the law. Sun wants you to build it yourself, so that is what you will have to do. Sorry, but this just sounds like you are complaining. You should really send your grievences to sun, not openbsd misc. OpenBSD can't change Sun's licensing policies -- they can only abide by them. Maybe all of this hoop jumping will make you realize that using this language is a bad career move? jdq
OSS for 4.0
Hi folks, Does anybody know if OpenSound System project (www.opensound.com) is still alive? According to their website, the latest version if for release 3.8. Yes, it works with 3.9 too. But not with 4.0 release. I sent several messages to them bug got no one answer. Regards.
Re: java on openbsd
On 11/14/06, Marc Ravensbergen [EMAIL PROTECTED] wrote: I am having a hard time getting java to work on openbsd. Java is a deal-breaker for me as I use it all day every day for work. What I've done is taken a tar of the linux version, and untarred it in openbsd. I have turned on linux emulation by modifying the variable in /etc/sysctl.conf, and I've mounted the /proc filesystem. I have also pkg_added redhat-base8.xxx. However, whenever I run java, I get a Can't detect initial thread stack location - find_vma failed error. This is for sun's jdk 1.5.06 as well as one of the newer 1.6 versions. IBM's jdk1.4 says it cannot read or write (not sure exactly anymore) to /proc/. I've tried running all three versions as root to check for permission errors, but it makes no difference. I've googled for hours trying to find a solution, but can't seem to fix it. I really don't want to download the source for java and compile... I am on dialup so every byte counts. A little while ago I tried java on netbsd and got it working through linux emulation as well. I had problems with netbsd so it didn't stick around, but I believe that java on bsd through emulation should be possible; probably just an oversight somwhere on my part. I didn't try any linux 1.5/1.6 jdk, but perhaps you missed something for your linux emulation? read man compat_linux, perhaps it helps. the other options you have is having someone mail you the source on cd, or use kaffe (don't know how useful it is for your purposes). --knitti
Re: OSS for 4.0
On 11/14/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi folks, Does anybody know if OpenSound System project (www.opensound.com) is still alive? According to their website, the latest version if for release 3.8. Yes, it works with 3.9 too. But not with 4.0 release. I sent several messages to them bug got no one answer. Regards. Wikipedia [1] told me that However, free systems like GNU/Linux and *BSD include their own free GPL/BSD implementations. Indeed, if you look for soundcard.h (src/lib/libossaudio/) you can see the stubs for it. (I know this because I was trying to hack swfplayer to have working sound the other day; got stuck on how to use ioctl()) -Nick [1] http://en.wikipedia.org/wiki/Open_Sound_System
Re: java on openbsd
On 11/14/06, Marc Ravensbergen [EMAIL PROTECTED] wrote: Hi, first I'd like to mention that openbsd 4.0 is a first for me, and I am really liking it so far (I am a linux refugee...). I am having a hard time getting java to work on openbsd. Thanks for your time, Marc Java's unsupported more or less. See the FAQ: http://openbsd.org/faq/faq8.html#Programming Due to Sun's restrictive SCSL license, OpenBSD cannot ship binary packages for the JDK. This means you will have to build it from ports. Note that you will need plenty of RAM for this build to succeed. Sorry :( I don't know why running it under linux emulation doesn't work; perhaps you just have it set up incorrectly somewhere. Is it possible to download it at a friend's? -Nick
Re: Firewall partially failing with high traffic
In article [EMAIL PROTECTED], Chris Cameron wrote: I have a 3.8 PF/CARP setup that I can reproducibly screw up simply by cat'ing lots of text over a telnet session. Chances are that you're hitting some bug in 3.8, that has likely been fixed in 3.9, or 4.0. Or the rule you're using to pass the traffic is wrong. You using keep state? Are you using 'flags S/SA' on that rule? With the amount of information you've given, it is hard to even theorize what could be wrong. People would need more information. --Toby.
Re: java on openbsd
Quoting knitti [EMAIL PROTECTED]: On 11/14/06, Marc Ravensbergen [EMAIL PROTECTED] wrote: I am having a hard time getting java to work on openbsd. Java is a deal-breaker for me as I use it all day every day for work. What I've done is taken a tar of the linux version, and untarred it in openbsd. I have turned on linux emulation by modifying the variable in /etc/sysctl.conf, and I've mounted the /proc filesystem. I have also pkg_added redhat-base8.xxx. However, whenever I run java, I get a Can't detect initial thread stack location - find_vma failed error. This is for sun's jdk 1.5.06 as well as one of the newer 1.6 versions. IBM's jdk1.4 says it cannot read or write (not sure exactly anymore) to /proc/. I've tried running all three versions as root to check for permission errors, but it makes no difference. I've googled for hours trying to find a solution, but can't seem to fix it. I really don't want to download the source for java and compile... I am on dialup so every byte counts. A little while ago I tried java on netbsd and got it working through linux emulation as well. I had problems with netbsd so it didn't stick around, but I believe that java on bsd through emulation should be possible; probably just an oversight somwhere on my part. I didn't try any linux 1.5/1.6 jdk, but perhaps you missed something for your linux emulation? read man compat_linux, perhaps it helps. the other options you have is having someone mail you the source on cd, or use kaffe (don't know how useful it is for your purposes). --knitti Thanks for your response. Kaffe won't work for me as it is missing a few feature s that I need (most notable swing support is not up to snuff yet). Marc
Re: Script to sync pf rules for CARP fws
On 2006-11-14T16:37, C. L. Martinez wrote: Hi all, Somebody knows where I can find a good shell script to sync pf.conf rules over a several Openbsd firewalls using CARP? for HOST in a b c d; do scp /etc/pf.conf $HOST:/etc/ done hth, Marcus.
Re: Script to sync pf rules for CARP fws
On 14/11/06, C. L. Martinez [EMAIL PROTECTED] wrote: Hi all, Somebody knows where I can find a good shell script to sync pf.conf rules over a several Openbsd firewalls using CARP? many thanks. Surely a simple shell script using scp to copy the pf.conf to each host and ssh to run pfctl to update the ruleset with the new file? Cheers z0mbix
Re: ftp-proxy issues
On Tue, 14 Nov 2006, Marc Peters wrote: What I wanted to say: notice how failinghost shrinks the TCP window to just 46 bytes (win 46). That's not enough to fit the long path of the directory change, so that stays in the network buffers of the firewall waiting for failinghost to send an ACK with a bigger window size (opening up the window). Looks like failinghost is responsible for the stalled TCP connection. but i wonder, why it is working from the firewall-host (without proxy), from a host in the dmz or if i bypass ftp-proxy from the internal lan. Yes, I wonder about that as well. Can you tcpdump those working connections to failinghost?
Re: java on openbsd
[EMAIL PROTECTED] wrote: Thanks for your response. Kaffe won't work for me as it is missing a few feature s that I need (most notable swing support is not up to snuff yet). For now, then, unfortunately you'll have to follow the normal port-building instructions, which are lame to say the least. When Sun makes good on its promise to GPL the whole thing, it should become much easier. -- Matthew Weigel hacker [EMAIL PROTECTED]
Re: java on openbsd
Hi Marc, On Nov 14, 2006, at 5:27 PM, [EMAIL PROTECTED] wrote: ... I didn't try any linux 1.5/1.6 jdk, but perhaps you missed something for your linux emulation? read man compat_linux, perhaps it helps. the other options you have is having someone mail you the source on cd, or use kaffe (don't know how useful it is for your purposes). --knitti Thanks for your response. Kaffe won't work for me as it is missing a few feature s that I need (most notable swing support is not up to snuff yet). This is probably not what the poster meant. You really need to read the FAQ: http://www.openbsd.org/faq/faq8.html#Programming What your are looking for is Building the Sun JDK. The JDK requires a working Java 2 compiler as a bootstrap to build. For this purpose, since OpenBSD 4.0, the port of JDK 1.5 uses kaffe, which allows JDK 1.5 to be used on both i386 and amd64 platforms, and reduces the build time considerably. You only need kaffe to build SUN's JDK. It's all in the FAQ (and probably in the archives). @others: stop picking on SUN and Java. It's actually a nice language and going to be GPL software very soon, so I guess there will be an option for binary packages and other nice stuff soon. regards, Tobias
Re: Firewall partially failing with high traffic
On Tue, Nov 14, 2006 at 09:28:47AM -0700, Chris Cameron wrote:
Upgrading isn't an option. I mean it is, but as soon as I say
Don't know, lets just upgrade, that's a major hit to something
that was tough to get in in the first place. This will be a
Firewall-1 shop again quite quickly and any future thing I
recommend isn't going to have much weight.
You need to upgrade anyway to properly keep up with security
updates. You're now running a system that is no longer supported;
upgrading to a supported system is a Good Thing regardless of the
issue you're currently dealing with.
As a bonus, things generally get better and 'more fixed' with each
new version and, as Tobias says, there's a good chance the problem
you're running up against is resolved.
--
o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*
Re: java on openbsd
Quoting Jeff Quast [EMAIL PROTECTED]: On 11/14/06, Marc Ravensbergen [EMAIL PROTECTED] wrote: I am having a hard time getting java to work on openbsd. I'll bet. difference. I've googled for hours trying to find a solution, but can't seem to fix it. Lucky for you! My google works: http://www.google.com/search?q=openbsd+java thanks for that... my point was that reading the results that google gives does not help my situation. I really don't want to download the source for java and compile... I am on dialup so every byte counts. I am sorry for this, as this is a very involved process that requires I agree several times through the build. I beleive it took me two days work on a fast machine on broadband. Only because of Sun's web pages (which are very hard to navigate using lynx, of course). netbsd and got it working through linux emulation as well. I had problems with netbsd so it didn't stick around, but I believe that java on bsd through emulation should be possible; probably just an oversight somwhere on my part. If anybody can give me some tips or tricks I would really appreciate it. I would, but I would just be (poorly) repeating information that developers have painstakingly documented. http://www.openbsd.org/faq/faq8.html#Programming I've read that info; the preferred way of installing java (on openbsd) is by compiling from source. As I am a full time java developer, I use and test several different jdks at once. You might be able to understand why I am hesitant to compile and download all this stuff when openbsd supports linux emulation, and I already have downloaded all the linux jdks that I need. Thanks for your time, Marc If you're just asking for somebody to provide you with a complete binary package of the completed build, then you are asking us to break the law. Sun wants you to build it yourself, so that is what you will have to do. How do you jump to that conclusion from my email? No, never asked for that. Sorry, but this just sounds like you are complaining. What I was doing was asking for tips on getting linux emulation (more particularly, linux jdk binaries) working under openbsd. You should really send your grievences to sun, not openbsd misc. OpenBSD can't change Sun's licensing policies -- they can only abide by them. Maybe all of this hoop jumping will make you realize that using this language is a bad career move? that is laughable, especially considering sun's anouncement yesterday to GPL the entire java stack. Not trying to start a flame war here, but open solaris, nexenta (solaris kernel, debian apps), and a million linux distros all support Java really well. I am trying a java / openbsd combination because I've heard good things about openbsd, and from what I've seen so far I am very happy with it. I understand fully why openbsd has issues with Java. I am not blaming them / you at all. All I asked for was some advice getting this working. If you're going to bash me over the head for that, perhaps you'd consider not replying at all... save both your time and mine. Marc
Re: Script to sync pf rules for CARP fws
no need to run pfctl on the other machines, if you are using pfsync, is there? alec z0mbix wrote: On 14/11/06, C. L. Martinez [EMAIL PROTECTED] wrote: Hi all, Somebody knows where I can find a good shell script to sync pf.conf rules over a several Openbsd firewalls using CARP? many thanks. Surely a simple shell script using scp to copy the pf.conf to each host and ssh to run pfctl to update the ruleset with the new file? Cheers z0mbix
Re: java on openbsd
@others: stop picking on SUN and Java. It's actually a nice language and going to be GPL software very soon, so I guess there will be an option for binary packages and other nice stuff soon. Java is a shitshow, it isn't a nice language. Stop defending Sun and their ridiculous licenses. The day Sun shows up as a real player in the open source world this could be justified. For now they are just another closed vendor. You don't get a cookie for trying or pretending.
Re: Wild card greytrapping setup in spamdb
Hi Daniel, I don't do this in spamd at the moment, because I want to
keep spamd small and secure, and regex code is amazingly big and scary.
have a look at my prototype greylist scanner from my nycbug
talk for a way to do this.
-Bob
* Daniel Ouellet [EMAIL PROTECTED] [2006-11-08 02:34]:
Hi,
I am trying to setup a wild card trapit for all emails getting to some
domains I have to obviously reduce spam, but I don't see a way to do so.
Yes you can do:
spamdb -T -a [EMAIL PROTECTED]
And that works well, but I would like to do something like
spamdb -T -a [EMAIL PROTECTED]
spamdb -T -a [EMAIL PROTECTED]
spamdb -T -a [EMAIL PROTECTED]
spamdb -T -a [EMAIL PROTECTED]
spamdb -T -a [EMAIL PROTECTED]
For example. This would allow me for example to use a domain I have for
14 years+ and that only have 5 valid emails address in it, but that you
guess, over the years only get spam now. I mean thousands of spam emails
per day!
So, I would like to trapit everything that is not from these 5 emails.
Obviously this idea is I guess stupid if you have lots of accounts, but
if you do have a limited number of accounts, then may be a good idea to do.
Then putting this small domain on a server with big one would help the
big as well.
Is there a way to do this?
So, far I don't see one.
--
#!/usr/bin/perl
if ((not 0 not 1) != (! 0 ! 1)) {
print Larry and Tom must smoke some really primo stuff...\n;
}
Re: Firewall partially failing with high traffic
Hi, On 11/14/06, Chris Cameron [EMAIL PROTECTED] wrote: I have a 3.8 PF/CARP setup that I can reproducibly screw up simply by cat'ing lots of text over a telnet session. can you post `pfctl -s info` and `pfctl -s memory`? Best regards, Carlos. -- nick grah windows just crashed again, unstable crap. yukito Windows isn't unstable, it's just spontaneous.
Re: java on openbsd
On Tue, 14 Nov 2006 16:42:39 +0100, Nick Guenther [EMAIL PROTECTED] wrote: Java's unsupported more or less. See the FAQ: http://openbsd.org/faq/faq8.html#Programming Due to Sun's restrictive SCSL license, OpenBSD cannot ship binary packages for the JDK. This means you will have to build it from ports. Note that you will need plenty of RAM for this build to succeed. Sorry :( I this information still current, now that Java has released the JDK under the terms of the GPL? https://openjdk.dev.java.net/ I really hope that there will be an improvement of the situation for OpenBSD soon, including proper Java packages. But I am not a lawyer, correct me if I am wrong. Bernd
Re: ftp-proxy issues
On Tue, 14 Nov 2006, Camiel Dobbelaar wrote: On Tue, 14 Nov 2006, Marc Peters wrote: What I wanted to say: notice how failinghost shrinks the TCP window to just 46 bytes (win 46). That's not enough to fit the long path of the directory change, so that stays in the network buffers of the firewall waiting for failinghost to send an ACK with a bigger window size (opening up the window). Looks like failinghost is responsible for the stalled TCP connection. but i wonder, why it is working from the firewall-host (without proxy), from a host in the dmz or if i bypass ftp-proxy from the internal lan. Yes, I wonder about that as well. Can you tcpdump those working connections to failinghost? For the archives. It turns out that failinghost negotiated window scaling (wscale 7) during the threeway handshake. So the windowsize of 46 was actually (46 7) = 5888 bytes. However, state on this connection was not created on the initial SYN packet so pf missed the windowscaling option as well. So the fix was to add a proper keep state rule to pf.conf that created state on the SYN packet. Changes went into -current lately to prevent exactly this type of problem. From OpenBSD 4.1 on, keep state flags S/SA will be the default: [EMAIL PROTECTED] $ echo pass all | pfctl -nvf - pass all flags S/SA keep state
Re: java on openbsd
Bernd Schoeller wrote: I this information still current, now that Java has released the JDK under the terms of the GPL? No, they haven't released the JDK under the GPL. They *will*. Currently, they have released a virtual machine and javac under the GPL. The remainder of the open-source JDK will be available in the first half of 2007. -- Matthew Weigel hacker [EMAIL PROTECTED]
Re: java on openbsd
On Nov 14, 2006, at 10:41 AM, Marco Peereboom wrote: Java is a shitshow, it isn't a nice language. Hurling obscenities at Java, a mediocre language per se which happens to offer a wonderful team development environment with a breathtaking array of tools, doesn't generate any code to make OpenBSD a better operating system. -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Could someone please tell Mark Kettenis that ..
Hi all, Could someone close to Mark Kettenis please tell Mark to get in touch with me directly/off-list, thank you. The best to you all, /per [EMAIL PROTECTED] -- The most worth-while thing is to try to put happiness into the lives of others. - Sir Robert Baden-Powell
Re: Wild card greytrapping setup in spamdb
Bob Beck wrote: Hi Daniel, I don't do this in spamd at the moment, because I want to keep spamd small and secure, and regex code is amazingly big and scary. have a look at my prototype greylist scanner from my nycbug talk for a way to do this. -Bob Also, I understand the regex part. Not a big deal, but even if a trap all on a specific domain might be possible, I think it would be nice, but really, not the end of the world either. You already did an incredible work with it as is! Thanks Daniel
{ftp3,anoncvs3}.usa.openbsd.org outage?
plier.ucar.edu ( {ftp3,anoncvs3}.usa.openbsd.org ) has been down for the
last several days. Does anyone know if this is a permanent or
temporary outage?
scanning the anoncvs mirror list at
http://www.openbsd.org/anoncvs.html#CVSROOT i notice that at least one
other mirror is pulling from anoncvs3.usa,
Thanks,
ben
-
I think what we need to do is convince people who live in the lands
they live in to build the nations.
George W. Bush
October 11, 2000
Presidential Debate -- Winston-Salem, North Carolina.
Re: Wild card greytrapping setup in spamdb
Bob Beck wrote: Hi Daniel, I don't do this in spamd at the moment, because I want to keep spamd small and secure, and regex code is amazingly big and scary. have a look at my prototype greylist scanner from my nycbug talk for a way to do this. -Bob Hi Bob, Your scripts is already in operations the day after it was posted on Undeadly! (: It's very good I have to say and it will make it into the ISP side of the business very soon as well. Some adjustments may be needed, but it is a real piece of art! I have to say that I can't wait to see it make the default spamd setup if that come to light. It is a major improvements to spamd itself. I think all users that already run spamd should add your grayscanner code and test more and enjoy the results and send feedback of live test and see if anything is really needed to modify, but so far, looks very good to me! Many thanks Daniel
Re: java on openbsd
* Bernd Schoeller [EMAIL PROTECTED] [2006-11-14 19:25]: I this information still current, now that Java has released the JDK under the terms of the GPL? they have _not_ released the JDK (-source) under the gpl. they have released javac, hotpot and the help system under the gpl (at lest, they say they have, i didn't check). there's a whole lot missing to the full jdk. now, they have promised to released the remaining parts under the gpl as well. we'll see. they have promised a lot in the past, let's hope it is more than just promises this time. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: java on openbsd
Original message Date: Tue, 14 Nov 2006 11:41:35 -0600 From: Marco Peereboom [EMAIL PROTECTED] Subject: Re: java on openbsd To: Tobias Weisserth [EMAIL PROTECTED] Cc: misc@openbsd.org @others: stop picking on SUN and Java. It's actually a nice language and going to be GPL software very soon, so I guess there will be an option for binary packages and other nice stuff soon. Java is a shitshow, it isn't a nice language. Stop defending Sun and their ridiculous licenses. The day Sun shows up as a real player in the open source world this could be justified. For now they are just another closed vendor. You don't get a cookie for trying or pretending. marco, don't you know you're not licensed to circulate compiled opinions about Sun source code? you're supposed to let everyone else click through the stupid menus, download source packages that are about as big as the openbsd install sets, adjust their ulimits, spend a lot of time compiling something that should be available as a package and THEN they can form a properly licensed opinion. cheers, jake
Re: java on openbsd
On Nov 14, 2006, at 9:24 AM, [EMAIL PROTECTED] wrote: All I asked for was some advice getting this working. If you're going to bash me over the head for that, perhaps you'd consider not replying at all... save both your time and mine. Did you get it working? I have Java working on OpenBSD. Also, there's another list where people care that you do get it running: [EMAIL PROTECTED] misc@openbsd.org is a little bit like that old Monty Python routine: Oh, I'm sorry, this is Arguments. Abuse is down the hall. :-) Jack -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: Script to sync pf rules for CARP fws
Sorry?? Do I need to run pfctl to load rules only on one fw under carp and then this rules are sync to the others firewalls ?? If this is ok, then I don't read pf's very well ... On 11/14/06, Alexander Lind [EMAIL PROTECTED] wrote: no need to run pfctl on the other machines, if you are using pfsync, is there? alec z0mbix wrote: On 14/11/06, C. L. Martinez [EMAIL PROTECTED] wrote: Hi all, Somebody knows where I can find a good shell script to sync pf.conf rules over a several Openbsd firewalls using CARP? many thanks. Surely a simple shell script using scp to copy the pf.conf to each host and ssh to run pfctl to update the ruleset with the new file? Cheers z0mbix
Re: Firewall partially failing with high traffic
This is while it's working. I'll repost this tonight when I'm able to hang it. Status: Enabled for 0 days 16:47:54 Debug: Urgent Interface Stats for gem0 IPv4 IPv6 Bytes In 1560279475 272 Bytes Out 1464940667 352 Packets In Passed 23485100 Blocked 883254 Packets Out Passed 23883682 Blocked 213 State Table Total Rate current entries 784 searches18122501 299.7/s inserts 1069401.8/s removals 1061561.8/s Counters match 3044965.0/s bad-offset 00.0/s fragment 20.0/s short 00.0/s normalize 00.0/s memory 00.0/s bad-timestamp 00.0/s congestion 1290.0/s ip-option 00.0/s proto-cksum 3010.0/s state-mismatch 15190.0/s state-insert 9030.0/s state-limit00.0/s src-limit 00.0/s synproxy 00.0/s $ sudo pfctl -s memory stateshard limit1 src-nodes hard limit1 frags hard limit 5000 tableshard limit 1000 table-entries hard limit 10 $ Chris On Tue, 2006-11-14 at 13:05 -0500, Carlos A. Carnero Delgado wrote: Hi, On 11/14/06, Chris Cameron [EMAIL PROTECTED] wrote: I have a 3.8 PF/CARP setup that I can reproducibly screw up simply by cat'ing lots of text over a telnet session. can you post `pfctl -s info` and `pfctl -s memory`? Best regards, Carlos.
Bge nic and ifconfig mtu ?
Hello there, I am trying to change MTU of a bge interface : # ifconfig bge1 mtu 1504 ifconfig: SIOCSIFMTU: Invalid argument (MTU is 1504 because some 3550 EMI are in the near of this marchine and needs same MTU everywhere to exchange OSPF packets). Is this normal of does bge interface doesn't support mtu 1500 ? Dmesg: OpenBSD 4.0-current (GENERIC.MP) #944: Tue Sep 26 21:55:34 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Pentium(R) 4 CPU 3.00GHz (GenuineIntel 686-class) 3 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS- CPL,EST,CNXT-ID,CX16 real mem = 2144817152 (2094548K) avail mem = 1948323840 (1902660K) using 4256 buffers containing 107343872 bytes (104828K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(45) BIOS, date 02/27/06, BIOS32 rev. 0 @ 0xfa000, SMBIOS rev. 2.3 @ 0xf0800 (49 entries) bios0: Supermicro P8SCT apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 3.0 @ 0xf/0xcb84 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfca20/336 (19 entries) pcibios0: PCI Exclusive IRQs: 5 7 10 12 pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801FB LPC rev 0x00) pcibios0: PCI bus #6 is the last bus bios0: ROM list: 0xc/0x9400! 0xcc000/0x4000! 0xd/0x3c00! mainbus0: Intel MP Specification (Version 1.4) (OEM0 PROD) cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 199 MHz mainbus0: bus 0 is type PCI mainbus0: bus 1 is type PCI mainbus0: bus 2 is type PCI mainbus0: bus 3 is type PCI mainbus0: bus 4 is type PCI mainbus0: bus 5 is type PCI mainbus0: bus 6 is type PCI mainbus0: bus 7 is type ISA ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 4 ioapic1 at mainbus0: apid 5 pa 0xfec84400, version 20, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7221 MCH Host rev 0x05 ppb0 at pci0 dev 1 function 0 Intel E7221 PCIE rev 0x05 pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci2 at ppb1 bus 2 ppb2 at pci2 dev 1 function 0 DEC 21152 PCI-PCI rev 0x03 pci3 at ppb2 bus 3 ste0 at pci3 dev 4 function 0 D-Link Systems 550TX rev 0x12: apic 5 int 0 (irq 12), address 00:05:5d:e6:1d:ad ukphy0 at ste0 phy 0: Generic IEEE 802.3u media interface, rev. 0: OUI 0x000885, model 0x0023 ste1 at pci3 dev 5 function 0 D-Link Systems 550TX rev 0x12: apic 5 int 1 (irq 5), address 00:05:5d:e6:1d:ae ukphy1 at ste1 phy 0: Generic IEEE 802.3u media interface, rev. 0: OUI 0x000885, model 0x0023 ste2 at pci3 dev 6 function 0 D-Link Systems 550TX rev 0x12: apic 5 int 2 (irq 7), address 00:05:5d:e6:1d:af ukphy2 at ste2 phy 0: Generic IEEE 802.3u media interface, rev. 0: OUI 0x000885, model 0x0023 ste3 at pci3 dev 7 function 0 D-Link Systems 550TX rev 0x12: apic 5 int 3 (irq 10), address 00:05:5d:e6:1d:b0 ukphy3 at ste3 phy 0: Generic IEEE 802.3u media interface, rev. 0: OUI 0x000885, model 0x0023 Intel IOxAPIC rev 0x09 at pci1 dev 0 function 1 not configured vga1 at pci0 dev 2 function 0 Intel E7221 Video rev 0x05: aperture at 0xd040, size 0x800 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb3 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x03 pci4 at ppb3 bus 4 bge0 at pci4 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 (0x4101): apic 4 int 16 (irq 12), address 00:30:48:88:6c:ac brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb4 at pci0 dev 28 function 1 Intel 82801FB PCIE rev 0x03 pci5 at ppb4 bus 5 bge1 at pci5 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 (0x4101): apic 4 int 17 (irq 5), address 00:30:48:88:6c:ad brgphy1 at bge1 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x03: apic 4 int 23 (irq 10) usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x03: apic 4 int 19 (irq 10) usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x03: apic 4 int 18 (irq 7) usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 29 function 3 Intel 82801FB USB rev 0x03: apic 4 int 16 (irq 12) usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801FB USB rev 0x03: apic 4 int 23 (irq 10) usb4 at ehci0: USB revision
Re: java on openbsd
Matthew Weigel [EMAIL PROTECTED] writes: [EMAIL PROTECTED] wrote: Thanks for your response. Kaffe won't work for me as it is missing a few feature s that I need (most notable swing support is not up to snuff yet). For now, then, unfortunately you'll have to follow the normal port-building instructions, which are lame to say the least. When Sun makes good on its promise to GPL the whole thing, it should become much easier. They already have: http://www.infoq.com/news/2006/11/open-source-java ./matt
Re: java on openbsd
On Tue, Nov 14, 2006 at 08:07:50AM -0500, Marc Ravensbergen wrote: ...I am having a hard time getting java to work on openbsd. Java is a deal-breaker for me as I use it all day every day for work. What I've done is taken a tar of the linux version... snip ...I really don't want to download the source for java and compile... I am on dialup so every byte counts snip ...If anybody can give me some tips or tricks I would really appreciate it. Per FAQ 8.3, Java 1.5 or 1.4 must be built from source. An overnight download of the files should not be a huge problem, considering how much time, computing, memory, and storage resource is needed to build it. Kaffe is now used as a Java compiler to bootstrap the builds of Java 1.4 or 1.5. Luckily, the port for Java 1.3-linux still exists. This is a binary port, that used to be used to build Java 1.4/1.5. If 1.3 is sufficient for your needs, then this Linux emulation port may work better for you than trying to accomplish an emulation on your own. Obtain the ports tree, then issue: $ cd /usr/ports/devel/jdk/1.3-linux $ make install Eventually, the project should have native packages once Sun completes its migration to Java GPL. It was just announced, and if they meet their intended schedule, you may hope that binary packages will be on the mirrors in November 2007 for the 4.2-release.
Re: {ftp3,anoncvs3}.usa.openbsd.org outage?
I talked with Todd earlier today, hard disk failure, he's currently
working on getting everything back up.
On 11/14/06, Ben Calvert [EMAIL PROTECTED] wrote:
plier.ucar.edu ( {ftp3,anoncvs3}.usa.openbsd.org ) has been down for the
last several days. Does anyone know if this is a permanent or
temporary outage?
scanning the anoncvs mirror list at
http://www.openbsd.org/anoncvs.html#CVSROOT i notice that at least one
other mirror is pulling from anoncvs3.usa,
Thanks,
ben
-
I think what we need to do is convince people who live in the lands
they live in to build the nations.
George W. Bush
October 11, 2000
Presidential Debate -- Winston-Salem, North Carolina.
Re: Bge nic and ifconfig mtu ?
On 2006/11/14 20:07, Xavier Beaudouin wrote: Is this normal of does bge interface doesn't support mtu 1500 ? some do, some don't; The BCM5700, BCM5701, BCM5703 and BCM5704 are capable of supporting Jumbo frames, which can be configured via the interface MTU setting. bge0 at pci4 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 (0x4101): apic 4 int 16 (irq 12), address 00:30:48:88:6c:ac bge1 at pci5 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 (0x4101): apic 4 int 17 (irq 5), address 00:30:48:88:6c:ad
Re: Bge nic and ifconfig mtu ?
Xavier Beaudouin wrote: Hello there, I am trying to change MTU of a bge interface : # ifconfig bge1 mtu 1504 ifconfig: SIOCSIFMTU: Invalid argument $ uname -a OpenBSD vpn1.hiroc.lpl.arizona.edu 4.0 GENERIC.MP#967 amd64 # ifconfig bge1 mtu 1504 # ifconfig bge1 bge1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1504 lladdr 00:50:45:bb:92:af media: Ethernet autoselect (1000baseT full-duplex) status: active inet 192.168.11.1 netmask 0xff00 broadcast 192.168.11.255 inet6 fe80::250:45ff:febb:92af%bge1 prefixlen 64 scopeid 0x2 Works fine here... Shawn -- Shawn Nock Systems Programmer, Senior CCIT; University of Arizona nock 'at' arizona 'dot' edu (520) 626-6581
Re: Problem with Intel PRO/1000GT (82541GI) adaptors
On Mon, Nov 13, 2006 at 03:03:55PM -0800, Joe wrote: I have 2 of these adaptors Intel PRO/1000GT (82541GI) rev 0x05 The 82541GI chipset is supported by em(4). Every day, the box drops of the network. The interfaces show themselves as active, but I can't ping, arp, or sniff any traffic. A reboot solves the problem. Is anyone else having this problem? For now, I had to remove the NICs because the box is a firewall and goes down at random times throughout the day. I didn't notice any particular traffic patterns. We've encountered similar problems in the past with that chip. I believe we resolved the issue by using a newer driver, but this was not under OpenBSD. Can you try a more recent version of the em(4) driver? Some commits were made very recently. -Damian
multiple openbsd installs on the same disk
hi there, 4.0 is here so time for my second annual reinstall on my notebook. i have come to the conclusion that it would be nice to have a production system and a development system. i need a stable system to work with (stable packages i don't have to manually compile, etc, etc.) on the dev system i'd like to track current. but. because i have only one notebook, these system should be on the same physical harddisk. the only recent thread i have seen is about dual booting with netbsd: http://marc.theaimsgroup.com/?l=openbsd-miscm=110575764931297w=2 i am not an mbr/disklabel guru, but it seems to me that it all comes down to disklabel becasue i can have 4 primary partitions, but if i interpret it correctly, i can't have seperate 'a' and 'b' (and so on) for all of these primary partitions, now can i? would it make sense to make every primary partition into an isolated seperate disklabel entity? i know this wouldn't be a trivial change of course, but is it possible at all? or should i just go with virtualization? is it in that state already that i can? or any other ideas to have 2 systems on one? :) -f -- if r is reverse, how come d is forward?
Re: java on openbsd
Heh, java lets me work on OpenBSD. Oh, wait... that's just plain coffee, and not even Javanese coffee. Costa Rican. God, I'm a troll today. On 11/14/06, Jack J. Woehr [EMAIL PROTECTED] wrote: Did you get it working? I have Java working on OpenBSD. -- Try to do nothing for money that you wouldn't do for free. --Paul Krassner
Re: PF state problem
At 3:18 PM + 11/12/06, Stuart Henderson wrote:
Yes, exactly. Other packets (those which don't only have SYN out of
SYN+ACK) don't create state at all, but they're allowed through when
they match an existing state (src/dest port+address, as you'd expect,
and sequence numbers must also be within a reasonable window).
I think one of the main reasons people used to avoid keeping state
was so that a newly-booted firewall could synchronize with existing
packet flows - say, if you want to replace one firewall with a new
one - but we have CARP/PFSYNC for that now so it's less important).
Generally keeping state saves cpu time, and increases security.
keep-state also seems to cause problems in some situations, at least
for 'pf' on freebsd. I had two problems which I eventually tracked
down to a single rule:
pass out quick proto { tcp, udp } all keep state
If I had just that one rule in my pf.conf, and no other rules at
all, then both problems happened.
One problem has to do with 'lpq' requests from remote hosts. If a
given remote-host sent multiple 'lpq's in quick succession to a
print server, and if that print server had the above rule in it,
then the later lpq's would hang. I think that the problem is that
lpq/lpd expects to reuse that port faster than 'pf' expects it to.
The other problem was with a chat server that I run. With the
above single-rule pf.conf file, occasionally some users who had
been on for a long time would be disconnected. This is obviously
a very different scenario than 'lpq', since this wasn't an issue
with any port being reused. I didn't pin down what that was, as
the people on the chat server were getting a bit annoyed with being
guinea pigs for debugging the problem, and the problem would only
happen to people who had been on for a few days straight. (and
thus, it would require a LOT of packet-sniffing before I could
catch the problem in action).
As I said this was on freebsd, with whatever version of 'pf' that
we had back in July. I have no idea if the same issues would come
up with the most-recent version, or with 'pf' on openbsd. I'm not
expecting anyone to drop what they're doing for this (*), but I'm
just saying neither of these problems had anything to do with a
newly-booted firewall synchronizing with some existing packet flow.
(* - certainly I didn't drop what I was doing. I just changed my
pf.conf so the problems went away)
--
Garance Alistair Drosehn= [EMAIL PROTECTED]
Senior Systems Programmer or [EMAIL PROTECTED]
Rensselaer Polytechnic Instituteor [EMAIL PROTECTED]
RES: Script to sync pf rules for CARP fws
Here is one script i have done, you must setup ssh key authentication between root from fw1 to fw2 and fw1 to fw1. and must install bash. I use my CARP + PFSYNC OpenBSD as my gateway+firewall+reverse apache proxy+dns server. I have scripts for apache syncronization and for dns server syncronization. Best Regards, -- #!/usr/local/bin/bash # Editpf.sh by Leonardo Rodrigues de Mello Copyright 2006 # [EMAIL PROTECTED] # Licensed under the terms of GNU GPL version 2. # FW1 is the master firewall, # from whom firewall 02 syncronize it configuration. # Any Edit or Change must be done in FW1 #Hostname of Firewall 01, FW1=fw1 #Hostname of Firewall 02 FW2=fw2 #Making backup of Pf.conf cp /etc/pf.conf /etc/pf.conf.orig #Lets edit the pf.conf in the master firewall echo Editing PF.conf in $FW1 sleep 1 vi /etc/pf.conf #Get Date to archive changes date=`date +%y-%m-%d-%H-%M` #Checking if the syntax of the changes are ok if pfctl -f /etc/pf.conf then echo The syntax of the file apears to be ok sleep 1 else echo The syntax of the file appears to have error echo Restoring old configuration file cp /etc/pf.conf.orig /etc/pf.conf echo exiting with ERROR exit 1 fi #Checking Diferences Between the Two Firewalls Configuration Files echo Checking Diferences Between pf.conf in $FW2 and $FW1 sleep 1 diff -u (ssh [EMAIL PROTECTED] 'cat /etc/pf.conf') (ssh [EMAIL PROTECTED] 'cat /etc/pf.conf') /var/log/mudancas/2.0/$date.pf.conf less /var/log/mudancas/2.0/$date.pf.conf #Giving the user the chance to abort the changes echo Can i propagate the changes in pf.conf between the TWO FIREWALLS?(Y/N) read anwser if [ $anwser = Y ] || [ $anwser = y ] then echo Propagating the Changes sleep 1 scp /etc/pf.conf [EMAIL PROTECTED]:/etc/pf.conf echo Checking if the changes were sucessfully done sleep 1 if diff -u (ssh [EMAIL PROTECTED] 'cat /etc/pf.conf') (ssh [EMAIL PROTECTED] 'cat /etc/pf.conf') pfctl -f /etc/pf.conf ssh [EMAIL PROTECTED] 'pfctl -f /etc/pf.conf' then echo Rulerset Loaded echo Changes propagated echo Exiting gracefully from editpf.sh exit 0 else echo Rulerset not loaded, check syntax or connection between firewalls echo Exiting dirt and quick from edit.pf.sh exit 1 fi else echo Changes ABORTED By User echo Recovering old configuration file sleep 1 mv /etc/pf.conf.orig /etc/pf.conf pfctl -f /etc/pf.conf echo Exiting gracefully from editpf.sh exit 0 fi --- -Mensagem original- De: [EMAIL PROTECTED] em nome de C. L. Martinez Enviada:ter 14/11/2006 13:37 Para: misc@openbsd.org Cc: Assunto:Script to sync pf rules for CARP fws Hi all, Somebody knows where I can find a good shell script to sync pf.conf rules over a several Openbsd firewalls using CARP? many thanks.
Re: Changing apache uid for VirtualHost's
On Sun, Nov 12, 2006 at 01:37:05AM +0100, Bambero wrote: Hello I have a little problem with www user accounts. I have quota settings for each user, but when users upload files on the server (using php scripts) quota is unusable becouse files owner is www. The best solution for will something like suexec (different uid for each VirtualHost), but I'm not sure it will works with php. Secondly I'm using chrooted apache. Any solutions ? Either a daily cron job and a big stick, or FastCGI, could serve you well here. The former is probably easier to implement. Joachim
Re: multiple openbsd installs on the same disk
On 2006/11/14 21:43, frantisek holop wrote: i am not an mbr/disklabel guru, but it seems to me that it all comes down to disklabel becasue i can have 4 primary partitions, but if i interpret it correctly, i can't have seperate 'a' and 'b' (and so on) for all of these primary partitions, now can i? Correct, but you can have d e f g ..., so you can have two different disklabel partitions for each version of /, /usr and so on, and have a choice of kernels stored on /dev/wd0a set to mount root from the relevant incarnation of /. (there may be another way that doesn't involve custom kernels but it doesn't come to mind right now).
Re: {ftp3,anoncvs3}.usa.openbsd.org outage?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/14/06, Ben Calvert [EMAIL PROTECTED] wrote:
plier.ucar.edu ( {ftp3,anoncvs3}.usa.openbsd.org ) has been down for the
last several days. Does anyone know if this is a permanent or
temporary outage?
scanning the anoncvs mirror list at
http://www.openbsd.org/anoncvs.html#CVSROOT i notice that at least one
other mirror is pulling from anoncvs3.usa,
Thanks,
ben
Today Jason Crawford wrote:
I talked with Todd earlier today, hard disk failure, he's currently
working on getting everything back up.
-
I think what we need to do is convince people who live in the lands
they live in to build the nations.
George W. Bush
October 11, 2000
Presidential Debate -- Winston-Salem, North Carolina.
Should read my own damned sys messages more often. ;)
Glad someone commented on this. As of the date in the
script output below, today i.e., still nothing. Thanks
too, for the harddrive failure update. Now no urgent
need to change my supfile knowing that info.
Script started on Tue Nov 14 15:01:47 2006
# cvsup -g -L 2 obsd-supfile
Parsing supfile obsd-supfile
Connecting to anoncvs3.usa.openbsd.org
Cannot connect to anoncvs3.usa.openbsd.org: Connection refused
Will retry at 15:07:11
^C
# ^D
Script done on Tue Nov 14 15:02:17 2006
Happy Turkey Month
.--.
{\ / q {\
{ `\ \ (-(~`
{ '.{`\ \ \ )
{'-{ ' \ .-'-. \ \
{._{'.' \/ '.) \
{_.{. {`|
{._{ ' { ;'-=-. |
{-.{.' { ';-=-.`/
{._.{.;'-=- .'
{_.-' `'.__ _,-'
|||`
.='==,
Quand vous dansez avec le diable, le diable
ne change pas. Seulement vous changement.
GnuPG key : 0x1644E79A | http://wwwkeys.nl.pgp.net
Fingerprint: D0A9 AD44 1F10 E09E 0E67 EC25 CB44 F2E5 1644 E79A
iD8DBQFFWjDny0Ty5RZE55oRAo9OAKDOekGKL+Ksf7e1tZq4jDNPATEYKACeOEp1
ZRffXe5H9DYoR/xhDmdRTPg=
=2WD9
-END PGP SIGNATURE-
Re: java on openbsd
Hi list, hi Jacob, On Tuesday, 14. November 2006 19:35, Jacob Yocom-Piatt wrote: Java is a shitshow, it isn't a nice language. Stop defending Sun and their ridiculous licenses. The day Sun shows up as a real player in the open source world this could be justified. For now they are just another closed vendor. There's no other just another closed source vendor on this planet that has freed so much closed source like SUN. Solaris is going to be Open Source in the end, as will Java. This is official so stop fudding around. If you think the CDDL or the GPL are ridiculous licenses this is simply your problem. It works out fine for a majority of people, including me. Hey, if you can't comply with the GPL for personal reasons you wouldn't even be able to enjoy OpenBSD as it's still being built with a GNU toolchain. And regarding the language: Java runs on millions if not billions of devices. There's a reason for this and it's not just marketing. Anybody denying this is just plain ignorant - or stupid. Besides that, the language is easy to learn (and teach) and unlike most other languages, there's tons of high quality development tools that are user-friendly for non-UNIX-geeks and programming rookies. You don't get a cookie for trying or pretending. Well, ignorance - or stupidity for that matter - won't earn you points either ;-) don't you know you're not licensed to circulate compiled opinions about Sun source code? you're supposed to let everyone else click through the stupid menus, download source packages that are about as big as the openbsd install sets, adjust their ulimits, spend a lot of time compiling something that should be available as a package and THEN they can form a properly licensed opinion. Well Jake, that's luckily going to change soon, now that Java and its various components are going to be GPL software. You'll be able to redistribute in any form you like, given that you comply with the GPL terms and don't violate the Java trademark that SUN will still control. kind regards, Tobias W.
Re: Script to sync pf rules for CARP fws
On 2006-11-14T18:43, C. L. Martinez wrote: Sorry?? Do I need to run pfctl to load rules only on one fw under carp and then this rules are sync to the others firewalls ?? If this is ok, then I don't read pf's very well ... no, you have to run pfctl on every machine to activate changes in your pf.conf. Carp has nothing todo with syncing pf rules. Pfsync is for syncing the state tables - not rules! so long, Marcus.
EuroBSDCon 2007: Call For Papers
EuroBSDCon 2007 Call For Papers The European BSD Conference, September 14 15 2007, Copenhagen, Denmark FreeBSD - NetBSD - OpenBSD - MAC OS X - DragonFlyBSD Are you doing interesting things with a BSD based operating system ? Come to Copenhagen and talk about it! We are looking for papers about all aspects of BSD based operating systems, and would particularly like to hear from people who can tell our audience something about: * How and why should you try a BSD based operating system ? * BSD based products, how, why, what: good bad. * How to manage BSD based systems, operational issues, scaling, updates, patches, auditing and reliability. * What are the BSD developers working on now ? * Using BSD based systems to thwart the bad guys. Send us a couple of paragraphs with an outline of your proposed talk and a bit about yourself to: [EMAIL PROTECTED] before February 1st 2007. Practical Information EuroBSDCon 2007 is organized by the the usual gang from the BSD-DK user group and our aim is to make it affordable and high quality. Speakers attend the conference for free and we will reimburse speakers travel and lodging if nobody else will pay for it. We will aim to finalize the programme and notify the selected speakers by April 1st 2007. We will not waste money and trees on printed procedings but will distribute the conference material electronically and expect to receive your final slides no later than 4 weeks before the conference. Please let us know if you want to include other materials (Articles, HOWTO etc) There will also be a Works In Progress session during the conference for short talks about recent developments etc. If we can arrange it, all talks will be videotaped (unless the speaker objects). You can at all times find more info about the conference, travel, accomodation and more, at the conference website: http://2007.euroBSDCon.org/ The conference programme is in the capable hands of: * Poul-Henning Kamp [EMAIL PROTECTED] - Old Fart * Kristen Nielsen [EMAIL PROTECTED] - Board member DKUUG * Lennart Sorth [EMAIL PROTECTED] - Security Nerd, UNI-C * Robert Watson [EMAIL PROTECTED] - FreeBSDs default member of all sorts of things * Ole Guldberg Jensen [EMAIL PROTECTED] - Darwinist * Michael Knudsen [EMAIL PROTECTED] - OpenBSD * Emmanuel Dreyfus [EMAIL PROTECTED] - NetBSD PS: yes, it will be possible to visit Legoland on sunday after the conference, we plan to arrange a bus-tour. -- The shortest unit of time in the multiverse is the New York Second, defined as the period of time between the traffic lights turning green and the cab behind you honking. -- (Terry Pratchett, Lords and Ladies)
Re: RES: Script to sync pf rules for CARP fws
On 2006/11/14 18:20, Leonardo Rodrigues de Mello wrote: cp /etc/pf.conf /etc/pf.conf.orig vi /etc/pf.conf if pfctl -f /etc/pf.conf ... echo Restoring old configuration file cp /etc/pf.conf.orig /etc/pf.conf it's good that you check and restore, but if the box restarts between saving the edited file and restoring the original, you only have the default dns/ssh/ping ruleset loaded from /etc/rc. consider editing a copy of the file, pfctl -nf to check it, then move into place (the ln/mv method as used for installing kernels is good since it keeps a valid, complete file available)...
Re: Script to sync pf rules for CARP fws
Hi all,
Somebody knows where I can find a good shell script to sync
pf.conf rules
over a several Openbsd firewalls using CARP?
many thanks.
Hello,
For this to work, you need ssh-agent and to setup /usr/ports/sysutils/tentakel
on your admin workstation.
#!/bin/sh
hosts[0]=172.16.42.1
hosts[1]=172.16.43.1
for x in ${hosts[*]}; do
scp pf.conf [EMAIL PROTECTED]:/etc/
done
#now reload on firewalls
tentakel -g my_firewalls pfctl -f /etc/pf.conf
#end
Kind regards
Didier
Re: multiple openbsd installs on the same disk
On Tue, Nov 14, 2006 at 09:43:44PM +0100, frantisek holop wrote: hi there, 4.0 is here so time for my second annual reinstall on my notebook. i have come to the conclusion that it would be nice to have a production system and a development system. i need a stable system to work with (stable packages i don't have to manually compile, etc, etc.) on the dev system i'd like to track current. With MBR-partitioned architectures (i386 et. al), you can have only one OpenBSD MBR partition at a time. If you want multiple MBR partitions, a partition manager (such as ranish) can let you swap one live A6 partition for another. An easier way is to use disklabel level partitioning. By default, the root partition is a but you can easily boot with a different root partition through using the -a option. I started out with the multiple MBRs via a partition manager, but switched fairly quickly to disklabels instead. This had several advantages: shared swap, shared /home, and sometimes shared /var, depending, and I found it very easy to work on the test environment while production was running, just by using a chrooted shell. I could run my production /etc in test, and only change fstab.
Re: Firewall partially failing with high traffic
On Tue, Nov 14, 2006 at 06:03:51AM -0700, Chris Cameron wrote: I have a 3.8 PF/CARP setup that I can reproducibly screw up simply by cat'ing lots of text over a telnet session. It has several subnets, and several NICs, but only 1 subnet becomes unavailable. Everything else continues to work. There are no errors in messages, daemon, with PF debug set to misc. Counters all look normal, same with state table and netstat -m output. The only reason I believe it's the firewall is restarting it will bring the network back up. gem0 - external gem1 - 120.x hme0 - 0.x hme1 - 121.x hme2 - 119.x Coming in on hme1 routed through gem1, I can cause everything off gem1 to stop working. The interface shows as up, but nothing works. All other interfaces work fine. PF continues to work as NAT and external firewalling still operates. No errors anywhere, even with debugging turned on in PF. netstat -m looks the same before and after. I'm hoping someone can give me a better way to debug this, considering I can reproduce it. I don't believe it's PF as I can disable and re-enable it with no effect. What happens when you send the same data from the firewall? I've disabled ohci using config -e as those were the only errors I was seeing. Specifically: ohci0: 1 scheduling overruns However they didn't happen anywhere near this problem. That does not look like a likely culprit, no. Are you sure it's not just bad hardware? Joachim
[ot] Re: java on openbsd
On Tue, Nov 14, 2006 at 10:12:31PM +0100, Tobias Weisserth wrote: And regarding the language: Java runs on millions if not billions of devices. It does not run on arm/OpenBSD. It does not run on powerpc/OpenBSD. It does not run on vax/OpenBSD. Heck, it even behaves differently in on i386/Linux, i386/Windows, sparc/Solaris and pSeries/Linux, and to this platform diversity the vendor diversity (Sun vs. IBM) yet adds more subtile differences, especially if it comes to threads or GC behaviour. Believe it or not: Java is *not* platform independent, at least not in so-called enterprise environments. BTW: Windows runs on millions if not billions of desktop PCs, so it must be better than OpenBSD. And: there are many so-called open-source operating systems around that happily accept BLOBs, let single persons write drivers based on documentation they'd to sign NDAs, so those systems are probably better than OpenBSD. They just *must* be superior to OpenBSD. But wait! They've serious problems with their wireless drivers, isn't that funny? Sorry, but for that millions if not billions argument, my honest response is: people, eat more shit -- millions of flies can't be wrong. Ciao, Kili, making a life with Java since about 1998.
Re: java on openbsd
On Tue, Nov 14, 2006 at 08:07:50AM -0500, Marc Ravensbergen wrote: Hi, first I'd like to mention that openbsd 4.0 is a first for me, and I am really liking it so far (I am a linux refugee...). Eg., it's nice to be able to rip out my usb cd burner, plug it in, and be able to actually use the thing again. Try that under linux and the cd burner is unsuable until you reboot... Not to mention that the whole secure by default thing is very appealing. Welcome aboard! I am having a hard time getting java to work on openbsd. Java is a deal-breaker for me as I use it all day every day for work. What I've done is taken a tar of the linux version, and untarred it in openbsd. I have turned on linux emulation by modifying the variable in /etc/sysctl.conf, and I've mounted the /proc filesystem. I have also pkg_added redhat-base8.xxx. However, whenever I run java, I get a Can't detect initial thread stack location - find_vma failed error. This is for sun's jdk 1.5.06 as well as one of the newer 1.6 versions. IBM's jdk1.4 says it cannot read or write (not sure exactly anymore) to /proc/. I've tried running all three versions as root to check for permission errors, but it makes no difference. I've googled for hours trying to find a solution, but can't seem to fix it. I really don't want to download the source for java and compile... I am on dialup so every byte counts. A little while ago I tried java on netbsd and got it working through linux emulation as well. I had problems with netbsd so it didn't stick around, but I believe that java on bsd through emulation should be possible; probably just an oversight somwhere on my part. If anybody can give me some tips or tricks I would really appreciate it. Well, the *sane* way of doing this involves building it from ports. Those are there for a reason, after all. Burning it to a CD and putting the CD in your machine may be useful if you have access to a faster network elsewhere; but I'd strongly suggest just downloading the source and being done with it. For additional points, tweak altq(9) so that you can still browse at an acceptable speed. If you want to try your way, -current's emulators/fedora just *might* build on a -stable system; those libraries are a lot newer, and *might* fix your problem. Of course, there's no reason to assume either... Joachim
Re: multiple openbsd installs on the same disk
On Tue, Nov 14, 2006 at 05:16:24PM -0500, Josh Grosse wrote: On Tue, Nov 14, 2006 at 09:43:44PM +0100, frantisek holop wrote: hi there, 4.0 is here so time for my second annual reinstall on my notebook. i have come to the conclusion that it would be nice to have a production system and a development system. i need a stable system to work with (stable packages i don't have to manually compile, etc, etc.) on the dev system i'd like to track current. With MBR-partitioned architectures (i386 et. al), you can have only one OpenBSD MBR partition at a time. If you want multiple MBR partitions, a partition manager (such as ranish) can let you swap one live A6 partition for another. An easier way is to use disklabel level partitioning. By default, the root partition is a but you can easily boot with a different root partition through using the -a option. I started out with the multiple MBRs via a partition manager, but switched fairly quickly to disklabels instead. This had several advantages: shared swap, shared /home, and sometimes shared /var, depending, and I found it very easy to work on the test environment while production was running, just by using a chrooted shell. I could run my production /etc in test, and only change fstab. You should be able to have up to four primary partitions, each with a different OpenBSD installation and associated disklabel. The one you want to use you make an 'A6' (OpenBSD) partition. The others you make some other kind. The 'A6' partition will be spoofed as 'a' and the disklabel read from its first sector. When you want to use another partition you make that the only 'A6' partition. Up to you if you want the disklabel's in each partition to 'know' about the other partitions. Of course this involves running fdisk every time you want to switch, and gives you a lot of rope ... Completely untested theoretical musings. Ken
Re: Firewall partially failing with high traffic
At 2006-11-14 13:03:51, Chris Cameron wrote: I can't (easily) give direct output from things like ifconfig or pf.conf as they're both huge and contain information I've been told we don't want to send out. Hopefully this doesn't prevent anyone from helping me out. If it's a problem with carp, it's going to be really difficult to resolve without seeing the ifconfig ouptut, but here are some questions that you might want to consider... - Do you have dedicated addresses on the carp parent interfaces? - Are all the carp devices on the master firewall MASTER; what about the backup? - Can you reach the 'dissapearing' network from the backup firewall? - Is preemption enabled? (sysctl net.inet.carp.preempt=1) - What is the output of 'netstat -sp carp' on both the master and backup firewalls? - What about the output of 'netstat -i'? Are there output errors on the offending interface? - Have you tried running with carp debugging turned on? (sysctl net.inet.carp.log=1)
Re: multiple openbsd installs on the same disk
On Tue, Nov 14, 2006 at 09:43:44PM +0100, frantisek holop wrote: hi there, 4.0 is here so time for my second annual reinstall on my notebook. i have come to the conclusion that it would be nice to have a production system and a development system. i need a stable system to work with (stable packages i don't have to manually compile, etc, etc.) on the dev system i'd like to track current. but. because i have only one notebook, these system should be on the same physical harddisk. the only recent thread i have seen is about dual booting with netbsd: http://marc.theaimsgroup.com/?l=openbsd-miscm=110575764931297w=2 i am not an mbr/disklabel guru, but it seems to me that it all comes down to disklabel becasue i can have 4 primary partitions, but if i interpret it correctly, i can't have seperate 'a' and 'b' (and so on) for all of these primary partitions, now can i? would it make sense to make every primary partition into an isolated seperate disklabel entity? i know this wouldn't be a trivial change of course, but is it possible at all? It isn't needed. I have multiple versions on my laptop. In the MBR, create a *single* partition for OpenBSD. In that partition, disklabel to create your slices as needed for your 'stable' system, plus one for the 'dev' system (mine is hd0h). (As Nick says in the FAQ, don't allocate all of the space, you never know when you might need it for another partition.) Boot from the install CD, cross your fingers and be *very* careful to specify hd0h as the root when setting up the 'dev' system. When you want to boot into the 'dev' system, enter hd0h:/bsd at the boot prompt. (I use a boot manager which can stuff keystrokes into the BIOS). If you are brave, you can mount partitions (eg /home) from your 'stable' system into your 'dev' system, but that is probably not a good idea. or should i just go with virtualization? is it in that state already that i can? I use qemu for quick-and-dirty tests. It works, but is a bit slow. Regards, Andrew Dalgleish
Re: java on openbsd
On Tue, Nov 14, 2006 at 12:32:57PM -0600, Matthew Weigel wrote: Bernd Schoeller wrote: I this information still current, now that Java has released the JDK under the terms of the GPL? No, they haven't released the JDK under the GPL. They *will*. Currently, they have released a virtual machine and javac under the GPL. The remainder of the open-source JDK will be available in the first half of 2007. There is 6m lines of code to audit WRT the GPL, so give them a chance. Sun are a small company compared to IBM, HP, MS, so to grow, they need to be different, from how they have been in the past. There is a new man at the top, who has pledged to open source all of Sun's software and hardware, so maybe jason@ will be able to get the Ultra 10 PCI gubbins working without guess work.
Re: java on openbsd
On Tue, Nov 14, 2006 at 11:41:35AM -0600, Marco Peereboom wrote: @others: stop picking on SUN and Java. It's actually a nice language and going to be GPL software very soon, so I guess there will be an option for binary packages and other nice stuff soon. Java is a shitshow No language is perfect. Sun and their ridiculous licenses. The day Sun shows up as a real player in the open source world this could be justified. For now they are just another closed vendor. You don't get a cookie for trying or pretending. Agree, but they do seem to be genuinely trying, so give them a while to get over their growing pains and see what comes out in the wash over the next few years.
BSD laptop
Hi BSD people First of all, apologies for cross-posting but I'm looking to buy a new laptop and simultaneously learning to run a flavour of BSD on it. I've some experience with Linux, so I'm not a total n00b, but I haven't really done much in-depth with any BSD. I would like to know what laptop vendors/models people recommend for installing BSD on, and what gaps (if any) exist in hardware support. To get things started I should mention that I was looking at buying one of either IBM/Lenovo, Fujitsu, or the British makes Mesh or Acorn - but I'm not opposed to other suggestions. The system should have, at minimum: 15.4 WXGA widescreen LCD 60GB HD AMD64 CPU At minimum I would like a system where suspend works in some fashion and where I can get online with wireless networking. I have a PC Card wireless modem which is known to work in Linux and I suspect it will work in *BSD, so if a given laptop's inbuilt wifi doesn't work it's not a disaster as long as the pc card slot is supported. Also, are there any specific issues regarding running BSD on laptops? To minimize cross-posting, please direct all answers to [EMAIL PROTECTED] advTHANKSance
Re: [ot] Re: java on openbsd
On 14-Nov-06, at 5:27 PM, Matthias Kilian wrote: On Tue, Nov 14, 2006 at 10:12:31PM +0100, Tobias Weisserth wrote: And regarding the language: Java runs on millions if not billions of devices. It does not run on arm/OpenBSD. It does not run on powerpc/OpenBSD. It does not run on vax/OpenBSD. Heck, it even behaves differently in on i386/Linux, i386/Windows, sparc/Solaris and pSeries/Linux, and to this platform diversity the vendor diversity (Sun vs. IBM) yet adds more subtile differences, especially if it comes to threads or GC behaviour. Then I suspect you're doing something very wrong or making assumptions about specs that are just not guaranteed to be true. I've worked in highly threaded apps that moved perfectly across sun's, bea's and ibm's virtual machines with no modifications. Sure there were large differences in performance, probably due to the threading and gc, but everything still executed properly. Believe it or not: Java is *not* platform independent, at least not in so-called enterprise environments. I've also worked on enterprise apps that were written, built and tested on windows and then moved straight to AIX for deployment with no history of glitches whatsoever. It was all on websphere and I obviously wouldn't consider doing this while moving do a different j2ee server, but the write once, run anywhere phrase refers to the se standard, not ee. I hear this java is not portable stuff from time to time and it just makes me wonder wtf the developers of these supposed problem applications were smoking. It's really not that hard. Jeremy
how to redirect port to other server
Dear all I try to redirect port from server to comp in lan with pf , beloow my script : # xl0 interface to public IntIf =xl1 Extif=xl0 remotesrv=192.168.0.4/32 rdr on xl0 inet proto tcp from any to any port = https - $remotesrv port 22 when i try remote from public always network error connection timeout - -sonjaya-
Re: java on openbsd
On Tue, 14 Nov 2006 10:53:54 -0500 Josh Grosse [EMAIL PROTECTED] wrote: Per FAQ 8.3, Java 1.5 or 1.4 must be built from source. An overnight download have an of the files should not be a huge problem, considering how much time, computing, memory, and storage resource is needed to build it. Except that you need to navigate the Sun download pages mess, click thru license agreements and have an account (I think). Then you need to install X number of Linux JDK's, wich pulls in all the Linux emulation packages and then you have to actually compile it and hope you enough disk and ram. Wouldnt it be possible for someone other then the OpenBSD project to legally share their built packages? --- Lars Hansson
Re: how to redirect port to other server
Is $remotesrv listening on port 22? Do you have a rule something like below: pass in on $Extif from any to $remotesrv port 22 flags S/SA keep state sonjaya wrote: Dear all I try to redirect port from server to comp in lan with pf , beloow my script : # xl0 interface to public IntIf =xl1 Extif=xl0 remotesrv=192.168.0.4/32 rdr on xl0 inet proto tcp from any to any port = https - $remotesrv port 22 when i try remote from public always network error connection timeout - -sonjaya- -- Joel Goguen Bachelor of Computer Science III University of New Brunswick http://iapetus.dyndns.org/
raidctl: ioctl (RAIDFRAME_CONFIGURE) failed on 4.0 amd64 for RAID 1 (mirroring)
Hi, I have been trying to configure software RAID using resources at http://www.openbsd.org/faq/faq14.html#RAID and http://www.openbsd.org/faq/faq14.html#RAID I did get the error # raidctl -C /root/raid0.conf raid0 raidctl: ioctl (RAIDFRAME_CONFIGURE) failed The raid configuration file entries are === # cat /root/raid0.conf START array # numRow numCol numSpare 1 2 0 START disks /dev/wd2b # the fake device /dev/wd1b START layout 128 1 1 1 START queue fifo 100 Could some one help me trouble shoot this please? I did recompile the kernel with the following options and am booting that kernel = # cat /usr/src/sys/arch/amd64/conf/GENERIC.RAID include arch/amd64/conf/GENERIC # include GENERIC configuration option RAID_AUTOCONFIG # automatically configure RAIDframe arrays on boot pseudo-device raid 4 # RAIDframe disk driver # uname -a OpenBSD xxx.yyy.local 4.0 GENERIC.RAID#0 amd64 # == # disklabel -E wd1 # Inside MBR partition 3: type A6 start 63 size 234436482 Treating sectors 63-234436545 as the OpenBSD portion of the disk. You can use the 'b' command to change this. Initial label editor (enter '?' for help at any prompt) p m device: /dev/rwd1c type: ESDI disk: ESDI/IDE disk label: ST3120827AS bytes/sector: 512 sectors/track: 63 tracks/cylinder: 16 sectors/cylinder: 1008 cylinders: 16383 total bytes: 114473.5M free bytes: 114470.9M rpm: 3600 16 partitions: # sizeoffset fstype [fsize bsize cpg] c: 114473.5M 0.0M unused 0 0 # Cyl 0 -232580 a a offset: [63] size: [234436482] 1024m Rounding to nearest cylinder: 2097585 FS type: [4.2BSD] a b offset: [2097648] size: [232338897] RAID Invalid entry size: [232338897] FS type: [swap] RAID p m device: /dev/rwd1c type: ESDI disk: ESDI/IDE disk label: ST3120827AS bytes/sector: 512 sectors/track: 63 tracks/cylinder: 16 sectors/cylinder: 1008 cylinders: 16383 total bytes: 114473.5M free bytes: 0.0M rpm: 3600 16 partitions: # sizeoffset fstype [fsize bsize cpg] a: 1024.2M 0.0M 4.2BSD 2048 16384 16 # Cyl 0*- 2080 b: 113446.7M 1024.2MRAID # Cyl 2081 -232575* c: 114473.5M 0.0M unused 0 0 # Cyl 0 -232580 q Write new label?: [y] # newfs wd1a Warning: 64 sector(s) in last cylinder unallocated /dev/rwd1a: 2097584 sectors in 2081 cylinders of 16 tracks, 63 sectors 1024.2MB in 7 cyl groups (328 c/g, 161.44MB/g, 20608 i/g) super-block backups (for fsck -b #) at: 32, 330720, 661408, 992096, 1322784, 1653472, 1984160, # mount /dev/wd1a /mnt # cp /bsd /usr/mdec/boot /mnt # /usr/mdec/installboot -v /mnt/boot /usr/mdec/biosboot wd1 boot: /mnt/boot proto: /usr/mdec/biosboot device: /dev/rwd1c /usr/mdec/biosboot: entry point 0 proto bootblock size 512 /mnt/boot is 3 blocks x 16384 bytes fs block shift 2; part offset 63; inode block 24, offset 936 using MBR partition 3: type 166 (0xa6) offset 63 (0x3f) # cat /root/raid0.conf EOF START array # numRow numCol numSpare 1 2 0 START disks /dev/wd2b # the fake device /dev/wd1b START layout 128 1 1 1 START queue fifo 100 EOF # raidctl -C /root/raid0.conf raid0 raidctl: ioctl (RAIDFRAME_CONFIGURE) failed
Re: raidctl: ioctl (RAIDFRAME_CONFIGURE) failed on 4.0 amd64 for RAID 1 (mirroring)
Hi, Please look at my dmesg if that is useful. And please let me know if I should provide any other info. Thankyou so much Kind Regards Siju DMESG = # cat /var/run/dmesg.boot OpenBSD 4.0 (GENERIC) #690: Sat Sep 16 20:26:25 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 1039593472 (1015228K) avail mem = 878694400 (858100K) using 22937 buffers containing 104165376 bytes (101724K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xfc650 (54 entries) bios0: Acer Aspire Series cpu0 at mainbus0: (uniprocessor) cpu0: AMD Athlon(tm) 64 Processor 3400+, 2193.94 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 ATI RS480 Host rev 0x10 ppb0 at pci0 dev 1 function 0 ATI RS480 PCIE rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 ATI Radeon XPRESS 200 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pciide0 at pci0 dev 17 function 0 ATI IXP400 SATA rev 0x80: DMA pciide0: using irq 11 for native-PCI interrupt pciide0: port 0: device present, speed: 1.5Gb/s wd0 at pciide0 channel 0 drive 0: ST3120827AS wd0: 16-sector PIO, LBA48, 114473MB, 234441648 sectors wd0(pciide0:0:0): using BIOS timings, Ultra-DMA mode 6 pciide0: port 1: device present, speed: 1.5Gb/s wd1 at pciide0 channel 1 drive 0: ST3120827AS wd1: 16-sector PIO, LBA48, 114473MB, 234441648 sectors wd1(pciide0:1:0): using BIOS timings, Ultra-DMA mode 6 pciide1 at pci0 dev 18 function 0 ATI IXP400 SATA rev 0x80: DMA pciide1: using irq 5 for native-PCI interrupt ohci0 at pci0 dev 19 function 0 ATI IXP400 USB rev 0x80: irq 4, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: ATI OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered ohci1 at pci0 dev 19 function 1 ATI IXP400 USB rev 0x80: irq 4, version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: ATI OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 4 ports with 4 removable, self powered ehci0 at pci0 dev 19 function 2 ATI IXP400 USB2 rev 0x80: irq 4 usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: ATI EHCI root hub, rev 2.00/1.00, addr 1 uhub2: 8 ports with 8 removable, self powered piixpm0 at pci0 dev 20 function 0 ATI IXP400 SMBus rev 0x81: SMI iic0 at piixpm0 unknown at iic0 addr 0x2f not configured pciide2 at pci0 dev 20 function 1 ATI IXP400 IDE rev 0x80: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility azalia0 at pci0 dev 20 function 2 ATI IXP450 HD Audio rev 0x01: irq 5 azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: Realtek ALC880 (rev. 8.0), HDA version 1.0 audio0 at azalia0 pcib0 at pci0 dev 20 function 3 ATI IXP400 ISA rev 0x80 ppb1 at pci0 dev 20 function 4 ATI IXP400 PCI rev 0x80 pci2 at ppb1 bus 2 re0 at pci2 dev 3 function 0 Realtek 8169 rev 0x10: irq 5, address 00:16:17:20:2a:a6 rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2 pchb1 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pchb2 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00 pchb3 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb4 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00 isa0 at pcib0 isadma0 at isa0 com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 dkcsum: wd0 matches BIOS drive 0x80 dkcsum: wd1 matches BIOS drive 0x81 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 syncing disks... OpenBSD 4.0 (GENERIC.RAID) #0: Wed Nov 15 08:04:56 IST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.RAID real mem = 1039593472 (1015228K) avail mem = 878211072 (857628K) using 22937 buffers containing 104165376 bytes (101724K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xfc650 (54 entries) bios0: Acer Aspire Series cpu0 at mainbus0: (uniprocessor) cpu0: AMD Athlon(tm) 64 Processor 3400+, 2193.92 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully
Re: BSD laptop
With the exception of the AMD64 requirement, I use Fujitsu laptops extensively, running Linux, FreeBSD, and XP. They are good solid machines, and you will be happy. STR seems solid, I never use suspend to disk. My current sitch is that I use XP, with vmware for FreeBSD and linux, so I have not delved into it much, but I used it FreeBSD exclusively in the past for years.
Re: raidctl: ioctl (RAIDFRAME_CONFIGURE) failed on 4.0 amd64 for RAID 1 (mirroring)
Hi, The System messages say = raidlookup on device: /dev/wd2b failed! vnode was NULL vnode was NULL RAIDFRAME: failed rf_ConfigureDisks with 2 vnode was NULL vnode was NULL == But the raidctl man page say that if you use the -C option you can force the configuration to suceed even if any of the component labels are incorrect. So where is the problem? Could some one please point out? Thankyou so much Kind Regards Siju On 11/15/06, Siju George [EMAIL PROTECTED] wrote: Hi, Please look at my dmesg if that is useful. And please let me know if I should provide any other info. Thankyou so much Kind Regards Siju DMESG = # cat /var/run/dmesg.boot OpenBSD 4.0 (GENERIC) #690: Sat Sep 16 20:26:25 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 1039593472 (1015228K) avail mem = 878694400 (858100K) using 22937 buffers containing 104165376 bytes (101724K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xfc650 (54 entries) bios0: Acer Aspire Series cpu0 at mainbus0: (uniprocessor) cpu0: AMD Athlon(tm) 64 Processor 3400+, 2193.94 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 ATI RS480 Host rev 0x10 ppb0 at pci0 dev 1 function 0 ATI RS480 PCIE rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 ATI Radeon XPRESS 200 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pciide0 at pci0 dev 17 function 0 ATI IXP400 SATA rev 0x80: DMA pciide0: using irq 11 for native-PCI interrupt pciide0: port 0: device present, speed: 1.5Gb/s wd0 at pciide0 channel 0 drive 0: ST3120827AS wd0: 16-sector PIO, LBA48, 114473MB, 234441648 sectors wd0(pciide0:0:0): using BIOS timings, Ultra-DMA mode 6 pciide0: port 1: device present, speed: 1.5Gb/s wd1 at pciide0 channel 1 drive 0: ST3120827AS wd1: 16-sector PIO, LBA48, 114473MB, 234441648 sectors wd1(pciide0:1:0): using BIOS timings, Ultra-DMA mode 6 pciide1 at pci0 dev 18 function 0 ATI IXP400 SATA rev 0x80: DMA pciide1: using irq 5 for native-PCI interrupt ohci0 at pci0 dev 19 function 0 ATI IXP400 USB rev 0x80: irq 4, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: ATI OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered ohci1 at pci0 dev 19 function 1 ATI IXP400 USB rev 0x80: irq 4, version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: ATI OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 4 ports with 4 removable, self powered ehci0 at pci0 dev 19 function 2 ATI IXP400 USB2 rev 0x80: irq 4 usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: ATI EHCI root hub, rev 2.00/1.00, addr 1 uhub2: 8 ports with 8 removable, self powered piixpm0 at pci0 dev 20 function 0 ATI IXP400 SMBus rev 0x81: SMI iic0 at piixpm0 unknown at iic0 addr 0x2f not configured pciide2 at pci0 dev 20 function 1 ATI IXP400 IDE rev 0x80: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility azalia0 at pci0 dev 20 function 2 ATI IXP450 HD Audio rev 0x01: irq 5 azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: Realtek ALC880 (rev. 8.0), HDA version 1.0 audio0 at azalia0 pcib0 at pci0 dev 20 function 3 ATI IXP400 ISA rev 0x80 ppb1 at pci0 dev 20 function 4 ATI IXP400 PCI rev 0x80 pci2 at ppb1 bus 2 re0 at pci2 dev 3 function 0 Realtek 8169 rev 0x10: irq 5, address 00:16:17:20:2a:a6 rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2 pchb1 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pchb2 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00 pchb3 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb4 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00 isa0 at pcib0 isadma0 at isa0 com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 dkcsum: wd0 matches BIOS drive 0x80 dkcsum: wd1 matches BIOS drive 0x81 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 syncing disks... OpenBSD 4.0 (GENERIC.RAID) #0: Wed Nov 15 08:04:56 IST 2006 [EMAIL
changing background and foreground color of pdf file
Guys, I have an interesting question for you guys. I am reading the Cisco IPJ documents and I wrote a simple shell script to download them all(I missed some and downloaded by hand). Anyway my problem is an interesting one. I spend all day romancing my computer and she has not caused me any eye problem since she comes across usually as green text in a black background in my most enchanting WindowMaker theme that blows away the best of KDE or any other eye candy. Coming to the point, IPJ however is pdf and it is black text against white background. Unfortunately my eyes find it hard... This morn when I woke up my eyes complained. :( Is there a way out for me? :) Thanks. I don't want pdftotext conversion as I want it in full splendor with images and appropriate fonts blah blah. Interesting problem this one. regards, Girish -- Linux is for folks who hate Windoze. FreeBSD is for folks who love UNIX. OpenBSD is for folks who can't live without UNIX.
Re: Script to sync pf rules for CARP fws
C. L. Martinez wrote: Hi all, Somebody knows where I can find a good shell script to sync pf.conf rules over a several Openbsd firewalls using CARP? many thanks. yeah, on a few of my boxes here. :) No, I'm not going to post the script, on the grounds that people would probably be too likely to use my script without properly looking it over, and put bluntly, my programming skills would make me a good Linux or Windows programmer (i.e., IT WORKS! SHIP IT! Someone else can fix the problem later). That's why I stick to the FAQ. Anyway... put your PF tables in their own directory, maybe /etc/pf. This way, as you add (or delete) extra files, you don't have to add them to your script, just copy over the entire /etc/pf directory. Your script should be symmetrical, in that the EXACT SAME SCRIPT should run on either machine. Why? Because you will make changes to this script, and it will be one of the things you copy from machine to machine. Either machine should be able to update the other, as you don't get to chose which one will fail, and either machine should be able to be used as a source to recreate the other. When you run my script, it makes a diff -u of the new versions with the old versions of a predefined list of files (in my case, /etc/pf.conf, /etc/pf/*, /usr/local/bin/pfupdate) (guess where it gets the old versions? RIGHT! The other server!), packages up these files into a tar file, creates a diff, and drops the user into an editor, where they can explain the change, much like CVS. This explanation and the diff goes into a directory, /backup/changelog, on EACH server, with a date-and-time-stamped file. This makes it easy to grep for changes, find when a change was made and find out why it was made. If the comments are not made, the change is aborted. The script then loads the new pf.conf file in the other machine. The /backup directory also stores a daily copy of a tgz file of the /etc and /var directories. At the rate of burn on this, a 20G /backup volume will last probably around 15 years. :) Yes this is on a second disk on each machine, so again, both machines contain the complete history of the system. But this really isn't a feature of the script to sync the rule sets. BTW: that second disk holds a complete nightly backup, and is ready to take over in the event of the failure of the primary disk. I much prefer this system to RAID for otherwise redundant systems All the magic is done with ssh remote execution, scp, and other tools already in the system, no packages need be installed (I like to keep my systems lean). Pretty straight forward, really. So..the way it is used is this: make your changes (vi/emacs/mg/whatever) on a machine. Install changes (pfctl -f ...) Test changes Unhappy? Go back to step 1. When happy, run pfupdate Review diff, make sure it is really what you wanted (this is a VERY nice step, btw.) If unhappy with diff, go abort edit, go back to step one. Enter log message ta-da! If you decide you don't like those changes, you can easily go to the backup system, and pfupdate them back to where they were before you started. If I see a nightly insecurity report from one firewall but not the other, I know someone (i.e., me) forgot to sync the two after a change. This is sometimes desirable, if you think the impact of an error is greater than the likelihood of a system failure, delay your update process. I really like this system...I got change logs, backups, redundancy, easy maintenance, in a nice, neat pair of boxes. Got a similar script and config on our DNS servers, too. Nick.
Re: java on openbsd
On Wed, 15 Nov 2006 11:31:21 +0800 Lars Hansson [EMAIL PROTECTED] wrote: install X number of Linux JDK's Apparently you dont need this anymore. Duh! --- Lars Hansson
Re: Script to sync pf rules for CARP fws
[EMAIL PROTECTED] wrote: ... ok, that's what one gets by doing silly stuff with too many mail clients at too many different places and getting sloppy about how one configures them. That was from me, in case anyone wasn't sure. :) Nick.
dhcp on vlan interface
Hello, is it possible to start dhcp on vlan interface using only netstart(8) and hostname.if(5)? Or it's need to write custom commands (e.g. in rc.local)? Another question. myname(5) says If any hostname.if(5) files contain ``dhcp'' directives, IPv4 entries in /etc/mygate will be ignored. But I need to get only IP mask by DHCP, not gate. I will request subnet-mask, broadcast-address; so my default gateway will not be changed anyway. So, if I want to use dhcp for some interface and static default gw on another one I must use !command syntax in hostname.if(5) or rc.local?
Re: BSD laptop
On Wed, 15 Nov 2006 02:10:31 +
Jeff Rollin [EMAIL PROTECTED] wrote:
Hi BSD people
First of all, apologies for cross-posting but I'm looking to buy a new
laptop and simultaneously learning to run a flavour of BSD on it. I've some
experience with Linux, so I'm not a total n00b, but I haven't really done
much in-depth with any BSD.
I would like to know what laptop vendors/models people recommend for
installing BSD on, and what gaps (if any) exist in hardware support. To get
things started I should mention that I was looking at buying one of either
IBM/Lenovo, Fujitsu, or the British makes Mesh or Acorn - but I'm not
opposed to other suggestions. The system should have, at minimum:
Hi Jeff,
you may want to search the mobile@ archives, as there are *plenty* of postings
about this specific question, and other postings that should give some useful
information...
FWIW, i'm running a Thinkpad z60m with no probs at all...not 64 bit though.
suspend works really well...search the archives for complete details...
good luck,
_
{Beto|Norberto|Numard} Meijome
What you are afraid to do is a clear indicator of the next thing you need to do.
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
Re: Problem with Intel PRO/1000GT (82541GI) adaptors
On Nov 14, 2006, at 12:20 PM, Damian Wiest wrote: On Mon, Nov 13, 2006 at 03:03:55PM -0800, Joe wrote: I have 2 of these adaptors Intel PRO/1000GT (82541GI) rev 0x05 The 82541GI chipset is supported by em(4). Every day, the box drops of the network. The interfaces show themselves as active, but I can't ping, arp, or sniff any traffic. A reboot solves the problem. Is anyone else having this problem? For now, I had to remove the NICs because the box is a firewall and goes down at random times throughout the day. I didn't notice any particular traffic patterns. We've encountered similar problems in the past with that chip. I believe we resolved the issue by using a newer driver, but this was not under OpenBSD. Can you try a more recent version of the em(4) driver? Some commits were made very recently. -Damian FWIW I was having very similar problems with em(4) in OpenBSD 4.0- release under VMware (amd64 SMP). It would cease to recognize ARP replies and just flood the network with ARP requests endlessly. It was enough to bring VMware to it's knees and totally swamp my cheap switch. I upgraded to -current from this morning's snapshot and the issue hasn't resurfaced yet... Brian Keefer www.Tumbleweed.com The Experts in Secure Internet Communication
Re: changing background and foreground color of pdf file
On 11/14/06, Girish Venkatachalam [EMAIL PROTECTED] wrote: Coming to the point, IPJ however is pdf and it is black text against white background. Unfortunately my eyes find it hard... This morn when I woke up my eyes complained. :( Is there a way out for me? :) man xpdf the -papercolor option looks interesting. or -rv CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: changing background and foreground color of pdf file
On Tue, Nov 14, 2006 at 10:55:11PM -0700, Chris Kuethe wrote: On 11/14/06, Girish Venkatachalam [EMAIL PROTECTED] wrote: Coming to the point, IPJ however is pdf and it is black text against white background. Unfortunately my eyes find it hard... This morn when I woke up my eyes complained. :( Is there a way out for me? :) man xpdf the -papercolor option looks interesting. or -rv Hi CK, -rv is exactly what I am looking for. Thanks. -papercolor also comes in handy but has problems... Oops! Such a simple RTFM issue. I was thinking that pdf is some sort of immutable stuff... Anyway back to work. Thanks. regards, Girish -- Linux is for folks who hate Windoze. FreeBSD is for folks who love UNIX. OpenBSD is for folks who can't live without UNIX.
Re: raidctl: ioctl (RAIDFRAME_CONFIGURE) failed on 4.0 amd64 for RAID 1 (mirroring)
On Wed, 15 Nov 2006, Siju George wrote: Hi, Please look at my dmesg if that is useful. And please let me know if I should provide any other info. Thankyou so much Kind Regards Siju DMESG = # cat /var/run/dmesg.boot OpenBSD 4.0 (GENERIC) #690: Sat Sep 16 20:26:25 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC The clue is here. You are not running a kernel with raidframe enabled. I'd advise to first play with this using a regular root file system, and put some data on a raidframe file system, and only move to a raidframe root after that. Having a raidframe root can be quite confusing, since the boot device does not match the root device. -Otto real mem = 1039593472 (1015228K) avail mem = 878694400 (858100K) using 22937 buffers containing 104165376 bytes (101724K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xfc650 (54 entries) bios0: Acer Aspire Series cpu0 at mainbus0: (uniprocessor) cpu0: AMD Athlon(tm) 64 Processor 3400+, 2193.94 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 ATI RS480 Host rev 0x10 ppb0 at pci0 dev 1 function 0 ATI RS480 PCIE rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 ATI Radeon XPRESS 200 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pciide0 at pci0 dev 17 function 0 ATI IXP400 SATA rev 0x80: DMA pciide0: using irq 11 for native-PCI interrupt pciide0: port 0: device present, speed: 1.5Gb/s wd0 at pciide0 channel 0 drive 0: ST3120827AS wd0: 16-sector PIO, LBA48, 114473MB, 234441648 sectors wd0(pciide0:0:0): using BIOS timings, Ultra-DMA mode 6 pciide0: port 1: device present, speed: 1.5Gb/s wd1 at pciide0 channel 1 drive 0: ST3120827AS wd1: 16-sector PIO, LBA48, 114473MB, 234441648 sectors wd1(pciide0:1:0): using BIOS timings, Ultra-DMA mode 6 pciide1 at pci0 dev 18 function 0 ATI IXP400 SATA rev 0x80: DMA pciide1: using irq 5 for native-PCI interrupt ohci0 at pci0 dev 19 function 0 ATI IXP400 USB rev 0x80: irq 4, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: ATI OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered ohci1 at pci0 dev 19 function 1 ATI IXP400 USB rev 0x80: irq 4, version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: ATI OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 4 ports with 4 removable, self powered ehci0 at pci0 dev 19 function 2 ATI IXP400 USB2 rev 0x80: irq 4 usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: ATI EHCI root hub, rev 2.00/1.00, addr 1 uhub2: 8 ports with 8 removable, self powered piixpm0 at pci0 dev 20 function 0 ATI IXP400 SMBus rev 0x81: SMI iic0 at piixpm0 unknown at iic0 addr 0x2f not configured pciide2 at pci0 dev 20 function 1 ATI IXP400 IDE rev 0x80: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility azalia0 at pci0 dev 20 function 2 ATI IXP450 HD Audio rev 0x01: irq 5 azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: Realtek ALC880 (rev. 8.0), HDA version 1.0 audio0 at azalia0 pcib0 at pci0 dev 20 function 3 ATI IXP400 ISA rev 0x80 ppb1 at pci0 dev 20 function 4 ATI IXP400 PCI rev 0x80 pci2 at ppb1 bus 2 re0 at pci2 dev 3 function 0 Realtek 8169 rev 0x10: irq 5, address 00:16:17:20:2a:a6 rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2 pchb1 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pchb2 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00 pchb3 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb4 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00 isa0 at pcib0 isadma0 at isa0 com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 dkcsum: wd0 matches BIOS drive 0x80 dkcsum: wd1 matches BIOS drive 0x81 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 syncing disks... OpenBSD 4.0 (GENERIC.RAID) #0: Wed Nov 15 08:04:56 IST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.RAID real mem = 1039593472 (1015228K) avail mem = 878211072 (857628K) using 22937 buffers
Fresh New Site
Hi, I've been working extremely hard on my friend's website temptingstencils.com and if you like what we've done, a link from monkey.org would be greatly appreciated. If you are interested in a link exchange please send us the URL of where our link is on your site. Here's the HTML code for the link: Learn all about a href='http://www.temptingstencils.com/What/Is-Stenciling-What-is-Stenciling?'Stencils/a at temptingstencils.com. Thank you we greatly appreciate the help! If you have any questions please let me know! Respectfully, Abby Krahn I apologize if this message was sent, in error, to the wrong person.
