Re: PF + rsync trouble
On Thursday 15 February 2007 00:17, Darren Spruell wrote: On 2/14/07, Chris C. [EMAIL PROTECTED] wrote: On Wednesday 14 February 2007 21:59, Chris C. wrote: Hi I'm having issues with rsyncing ftp.rfc-editor.org through a PF firewall, other connections (also other rsync connections) work well. rsync -avz --delete ftp.rfc-editor.org::rfcs-text-only my-rfc-mirror receiving file list ... done ./ rfc-index.xml ... rfc1591.txt rfc1592.txt nothing is going to happen... will timeout in a few minutes any suggestions? thanks! Have to reply to my own post... The rsync process completes on the gateway itself, but not on any device behind it. Enable debugging in PF and see if you get any error conditions in your kernel logs. # pfctl -x loud (set back to normal with 'pfctl -x urgent') thanks, but that didn't help I enabled debugging, added flags S/SA to all my rules and have block in log all / pass out log all rules. /var/log/messages doesn't say anything except adding ospf tcpdump -n -e -ttt -i pflog0 also doesn't say anything special: Feb 15 08:58:26.289011 rule 7/(match) pass out on pppoe0: 217.95.254.251.62376 128.9.176.20.873: [|tcp] but rsync still aborts with: rsync error: timeout in data send/receive (code 30) at io.c(171) [sender=2.6.8] rsync: connection unexpectedly closed (168446 bytes received so far) [receiver] rsync error: error in rsync protocol data stream (code 12) at io.c(453) [receiver=2.6.9] _exit_cleanup(code=12, file=io.c, line=453): about to call exit(12) rsync: connection unexpectedly closed (168446 bytes received so far) [generator] rsync error: error in rsync protocol data stream (code 12) at io.c(453) [generator=2.6.9] _exit_cleanup(code=12, file=io.c, line=453): about to call exit(12) anything left I can do? My other rsyncs (e.g. gentoo-portage) still work very well.
both *40.tgz and *41.tgz in snapshots directory
Fetching the latest i386 snapshot files I could not help noticing that the snapshots directory contains a number of near duplicate archives and .fs files with both *40.* and *41.* names, ie there are two base*.tgz files: -r--r--r--1 1114 1114 42403082 Feb 14 17:13 base40.tgz -r--r--r--1 1114 1114 42401670 Feb 14 17:13 base41.tgz and oddly enough the index.txt file lists a few of those near duplicate file names as well. The timestamps make me think that some cpu cycles may have been wasted generating more archives than are actually needed, but I assume it won't be long until this is corrected. Which reminds me - People, the time to test snapshots is now. If you're not already routinely downloading and testing snapshots, now is an excellent time to start. Any feedback you generate and issues you help resolve will help making 4.1 the greatest ever release. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ First, we kill all the spammers The Usenet Bard, Twice-forwarded tales delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: mediawiki on chroot
On 2007/02/15 18:34, atstake atstake wrote: [error] PHP Warning: Unknown: open(/tmp//sess_gmmltgdpemd3sutt31mrivba34, O_RDWR) failed: Permission denied (13) in Unknown on line 0 this refers to /var/www/tmp, check it exists and has appropriate permissions.
Re: Nagios plugin for checking OpenBGPd-Peers
* Falk Brockerhoff - smartTERRA GmbH [EMAIL PROTECTED] [2007-02-14 22:24]: has anybody wrote a nagios plugin to check the presence of some specified bgp-peers set up with openbgpd? not that I am aware of; but I have kind of prepared it :) the way to go is pbly: -restricted control socket (bgpd -r) -use bgpctl show summary terse (use restricted socket of course), this is made to be easily parsable -us a superserver like inetd to run the above on some weird port that your firewall so only you nagios host(s) can reach it rest is straightforward. could pbly also use nrpe on the router and have it run the above bgpctl command; I don't trust nagios + nrpe code too much tho (now, that was very nicely and diplomatic put, no?) -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: both *40.tgz and *41.tgz in snapshots directory
On 2/15/07, Peter N. M. Hansteen [EMAIL PROTECTED] wrote: Fetching the latest i386 snapshot files I could not help noticing that the snapshots directory contains a number of near duplicate archives and .fs files with both *40.* and *41.* names, ie there are two base*.tgz files: -r--r--r--1 1114 1114 42403082 Feb 14 17:13 base40.tgz -r--r--r--1 1114 1114 42401670 Feb 14 17:13 base41.tgz and oddly enough the index.txt file lists a few of those near duplicate file names as well. The timestamps make me think that some cpu cycles may have been wasted generating more archives than are actually needed, but I assume it won't be long until this is corrected. http://marc.theaimsgroup.com/?l=openbsd-portsm=117131955625737w=2 Happens 2x/year. DS
Re: [Bulk] arpresolve: can't allocate llinfo
Hello Cory, Thursday, February 15, 2007, 2:40:51 AM, you wrote: Hello all, My OpenBSD firewall is still randomly stopping routing packets and I still can't figure out why. :-( I made the suggested patch to if_ether.c, ut now I just get the following line in /var log messages: Feb 14 18:08:41 bytor /bsd: arpresolve: can't allocate llinfo for 192.168.1.1:no link address Symptoms: Firewall can ping the wifi router (to which ADSL modem is attached), but pinging anything beyond it fails. If I try to traceroute to some place beyond the router, it doesn't show the router as the first hop. (If it can ping the router, shouldn't it show up a the first hop on a traceroute?). Even though the firewall can ping the router, it cannot ping my laptop, even though the route to both goes out ral0. The laptop cannot ping the firewall either. I know the router is still working because my laptop can still access the internet through it once I reset the default gateway to the router instead of the firewall. IPv6 ssh connections form the laptop to the firewall stay active. Things is, arp -a and route -n show -inet show extactly the same thing whether the problem is currently in progress or everything is working perfectly. No NICs accidentally have addresses on the wrong segment. I had routed running, but stopping it has made no difference. Anybody have any ideas? [EMAIL PROTECTED] 1:03:58 [9]/etc arp -a bytor (192.168.0.1) at 00:0e:0c:bc:38:9d on em1 static xanadu (192.168.0.2) at 00:0e:0c:b9:4d:ed on em1 heechee.wireless (192.168.1.1) at 00:13:10:0e:0b:08 on ral0 snowdog.wireless (192.168.1.3) at 00:12:17:60:fe:40 on ral0 redbarchetta.wireless.fenris.cjb.net (192.168.1.191) at 00:18:de:20:4f:2e on ral0 bytor (192.168.16.1) at 00:0e:0c:b9:50:74 on em0 static snowdog (192.168.16.2) at 00:15:f2:e8:7f:51 on em0 [EMAIL PROTECTED] 1:04:03 [10]/etc route -n show -inet Routing tables Internet: Destination GatewayFlagsRefs UseMtu Interface default 192.168.1.1UGS16 188916 - ral0 127.0.0.1 127.0.0.1 UH 2 6049 33224 lo0 192.168.0/24 link#3 UC 20 - em1 192.168.0.1 00:0e:0c:bc:38:9d UHLc9 996889 - lo0 192.168.0.2 00:0e:0c:b9:4d:ed UHLc156064 - em1 192.168.1/24 link#4 UC 30 - ral0 192.168.1.1 00:13:10:0e:0b:08 UHLc2 3272 - ral0 192.168.1.3 00:12:17:60:fe:40 UHLc0 483 - ral0 192.168.1.191 00:18:de:20:4f:2e UHLc0 4587 - ral0 192.168.2/24 link#1 UC 00 - fxp0 192.168.16/24 link#2 UC 20 - em0 192.168.16.1 00:0e:0c:b9:50:74 UHLc0 50 - lo0 192.168.16.2 00:15:f2:e8:7f:51 UHLc5 392664 - em0 [EMAIL PROTECTED] 1:04:13 [11]/etc cat hostname.ral0 inet 192.168.1.2 255.255.255.0 192.168.1.255 nwid fenris nwkey 0x0A18135EB54723927B64AB65BC inet6 alias 2001:05c0:92cf:1::c0a8:0102 64 [EMAIL PROTECTED] 1:06:08 [12]/etc cat hostname.em0 inet 192.168.16.1 255.255.255.0 192.168.16.255 inet6 alias 2001:05c0:92cf:10::c0a8:1001 64 [EMAIL PROTECTED] 1:06:18 [13]/etc cat hostname.em1 inet 192.168.0.1 255.255.255.0 192.168.0.255 inet6 alias 2001:05c0:92cf:0::c0a8:0001 64 [EMAIL PROTECTED] 1:06:33 [14]/etc cat hostname.fxp0 inet 192.168.2.1 255.255.255.0 192.168.2.255 inet6 alias 2001:5c0:92cf:2::c0a8:0201 64 I had this issue before and it turned out to be a bad NIC. -- Best regards, Shane homepage: http://craz1.homelinux.com
Howto remove sendmail?
Hi all, I want to install postfix on my openbsd3.9 system and i was wondering how can i remove sendmail, is there a standard procedure to do that? thanks Atn.
Re: Howto remove sendmail?
On 02/15/07 at 17:21, Antonis Faragitakis wrote: Hi all, I want to install postfix on my openbsd3.9 system and i was wondering how can i remove sendmail, is there a standard procedure to do that? Search the archives. This has been discussed to great lengths, multiple times.
Re: Howto remove sendmail?
Antonis Faragitakis wrote: Hi all, I want to install postfix on my openbsd3.9 system and i was wondering how can i remove sendmail, is there a standard procedure to do that? thanks Atn. http://marc.theaimsgroup.com/?l=openbsd-miscw=2r=1s=sendmailq=b might give some clues. -- http://www.crowsons.net/puters/x41.php
Re: PF drops tcp packets from a machine with Gentoo linux kernel 2.6.18
On Wednesday 14 February 2007 1:29 pm, Stuart Henderson wrote: On 2007/02/14 11:47, Tim Kuhlman wrote: So what is happening? It seems to me that either pf is broken or his linux kernel is broken and pf is catching it. Any ideas as to which is the cause? Ruleset more likely. If you post it, people can make suggestions. Might be useful to capture a SYN with tcpdump and post any state entries relating to it, too (the relevant parts of pfctl -ss -v). So my ruleset has some problems. I took some time to work through my rules and re-read the state tracking section of the pf faq (which by the way is well done, thanks). I found what I think are a couple of problems, I needed to have the flags S/SA so that it paid attention to the syn packet and for some reason I had the state policy globally set to if-bound rather than floating. When I change both of those a new problem appears, routing between my internal network and DMZ's doesn't work. The syn packet goes through and appears to create state but the Syn/Ack packet isn't let back through. I thought that was it created state one way it was supposed to allow it back the other. Surely I am missing something simple. Here is the state as it appears with the new rules from a pfctl -vvss, I also attached a tcpdump capture from both interfaces on the router. all tcp 10.10.10.150:49516 - 10.11.0.5:80 ESTABLISHED:SYN_SENT [573330559 + 16385](+3517130307) wscale 2 [3039928992 + 5840](+146001125) wscale 0 age 00:00:02, expires in 00:00:28, 2:1 pkts, 116:64 bytes, rule 135 id: 45c74dc600234f51 creatorid: b3647a00 The router has 5 interfaces and 10 ip addresses associated with it so I will spare you the full ruleset but here are the ones that are relevant. I copied the rules as they are including the extra interfaces and such. $DMZ_production_if is the 10.11.0.0/24 network $int_if is the 10.10.8.0/21 network table int_net const { 10.10.8.0/21, 10.8.0.0/24, 172.16.1.0/24 } pass in on { $int_if $vpn_if } proto {tcp udp icmp} from int_net to \ { $DMZ_production_if:network, $DMZ_proto_if:network } pass out on { $int_if $vpn_if $ext_if $dsl_if $DMZ_production_if $DMZ_proto_if } proto \ {tcp udp icmp} flags S/SA modulate state Thanks again. -- Tim Kuhlman Network Administrator ColoradoVnet.com [demime 1.01d removed an attachment of type application/octet-stream which had a name of dmz_production_if-side] [demime 1.01d removed an attachment of type application/octet-stream which had a name of int_if-side]
Re: Howto remove sendmail?
Thanks a lot guys Atn.
Re: Howto remove sendmail?
On Thu, 15 Feb 2007, Antonis Faragitakis wrote: Hi all, I want to install postfix on my openbsd3.9 system and i was wondering how can i remove sendmail, is there a standard procedure to do that? thanks Atn. Search the archive! This has been answered numerous times. You don't need to remove sendmail! Try 'man 8 mailwrapper' Regards John.
Re: PF drops tcp packets from a machine with Gentoo linux kernel 2.6.18
Whoops, I forgot about attachments being stripped. $ tcpdump -nr dmz_production_if-side -vv reading from file dmz_production_if-side, link-type EN10MB (Ethernet) 16:32:15.627327 IP (tos 0x0, ttl 63, id 49423, offset 0, flags [DF], proto: TCP (6), length: 60) 10.10.10.150.57818 10.11.0.5.80: S, cksum 0x3bd9 (correct), 4232982860:4232982860(0) win 5840 mss 1460,sackOK,timestamp 712219763 0,nop,wscale 2 16:32:15.627423 IP (tos 0x0, ttl 128, id 22766, offset 0, flags [none], proto: TCP (6), length: 64) 10.11.0.5.80 10.10.10.150.57818: S, cksum 0x934f (correct), 49492280:49492280(0) ack 4232982861 win 16384 mss 1460,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK 16:32:18.628278 IP (tos 0x0, ttl 63, id 49424, offset 0, flags [DF], proto: TCP (6), length: 60) 10.10.10.150.57818 10.11.0.5.80: S, cksum 0xcd5e (correct), 4232982860:4232982860(0) win 5840 mss 1460,sackOK,timestamp 712220513 0,nop,wscale 2 16:32:18.833758 IP (tos 0x0, ttl 128, id 22768, offset 0, flags [none], proto: TCP (6), length: 64) 10.11.0.5.80 10.10.10.150.57818: S, cksum 0x934f (correct), 49492280:49492280(0) ack 4232982861 win 16384 mss 1460,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK 16:32:24.628962 IP (tos 0x0, ttl 63, id 49425, offset 0, flags [DF], proto: TCP (6), length: 60) 10.10.10.150.57818 10.11.0.5.80: S, cksum 0xc782 (correct), 4232982860:4232982860(0) win 5840 mss 1460,sackOK,timestamp 71013 0,nop,wscale 2 16:32:28.130462 IP (tos 0x0, ttl 128, id 22769, offset 0, flags [none], proto: TCP (6), length: 64) 10.11.0.5.80 10.10.10.150.57818: S, cksum 0x934f (correct), 49492280:49492280(0) ack 4232982861 win 16384 mss 1460,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK $ tcpdump -nr int_if-side -vv host 10.11.0.5 reading from file int_if-side, link-type EN10MB (Ethernet) 16:32:15.627282 IP (tos 0x0, ttl 64, id 49423, offset 0, flags [DF], proto: TCP (6), length: 60) 10.10.10.150.57818 10.11.0.5.80: S, cksum 0xd7c2 (correct), 875912572:875912572(0) win 5840 mss 1460,sackOK,timestamp 712219763 0,nop,wscale 2 16:32:18.628245 IP (tos 0x0, ttl 64, id 49424, offset 0, flags [DF], proto: TCP (6), length: 60) 10.10.10.150.57818 10.11.0.5.80: S, cksum 0xd4d4 (correct), 875912572:875912572(0) win 5840 mss 1460,sackOK,timestamp 712220513 0,nop,wscale 2 16:32:24.628925 IP (tos 0x0, ttl 64, id 49425, offset 0, flags [DF], proto: TCP (6), length: 60) 10.10.10.150.57818 10.11.0.5.80: S, cksum 0xcef8 (correct), 875912572:875912572(0) win 5840 mss 1460,sackOK,timestamp 71013 0,nop,wscale 2 On Thursday 15 February 2007 9:07 am, Tim Kuhlman wrote: On Wednesday 14 February 2007 1:29 pm, Stuart Henderson wrote: On 2007/02/14 11:47, Tim Kuhlman wrote: So what is happening? It seems to me that either pf is broken or his linux kernel is broken and pf is catching it. Any ideas as to which is the cause? Ruleset more likely. If you post it, people can make suggestions. Might be useful to capture a SYN with tcpdump and post any state entries relating to it, too (the relevant parts of pfctl -ss -v). So my ruleset has some problems. I took some time to work through my rules and re-read the state tracking section of the pf faq (which by the way is well done, thanks). I found what I think are a couple of problems, I needed to have the flags S/SA so that it paid attention to the syn packet and for some reason I had the state policy globally set to if-bound rather than floating. When I change both of those a new problem appears, routing between my internal network and DMZ's doesn't work. The syn packet goes through and appears to create state but the Syn/Ack packet isn't let back through. I thought that was it created state one way it was supposed to allow it back the other. Surely I am missing something simple. Here is the state as it appears with the new rules from a pfctl -vvss, I also attached a tcpdump capture from both interfaces on the router. all tcp 10.10.10.150:49516 - 10.11.0.5:80 ESTABLISHED:SYN_SENT [573330559 + 16385](+3517130307) wscale 2 [3039928992 + 5840](+146001125) wscale 0 age 00:00:02, expires in 00:00:28, 2:1 pkts, 116:64 bytes, rule 135 id: 45c74dc600234f51 creatorid: b3647a00 The router has 5 interfaces and 10 ip addresses associated with it so I will spare you the full ruleset but here are the ones that are relevant. I copied the rules as they are including the extra interfaces and such. $DMZ_production_if is the 10.11.0.0/24 network $int_if is the 10.10.8.0/21 network table int_net const { 10.10.8.0/21, 10.8.0.0/24, 172.16.1.0/24 } pass in on { $int_if $vpn_if } proto {tcp udp icmp} from int_net to \ { $DMZ_production_if:network, $DMZ_proto_if:network } pass out on { $int_if $vpn_if $ext_if $dsl_if $DMZ_production_if $DMZ_proto_if } proto \ {tcp udp icmp} flags S/SA modulate state Thanks again. -- Tim Kuhlman Network Administrator ColoradoVnet.com
Re: pf route-to rdr
On 2/14/07, Frans Haarman [EMAIL PROTECTED] wrote: when routing packets to another interface, is it then possible to do redirection for those packets on the other interface ? I am trying to: - route subnets to a tunnel - redirect the subnets to private ip 10.100.1.1 bge0 --- route-to --- tun0 --- rdr 10.100.1.1 - 192.168.1.1 I am seeing mostly 2007-02-14 15:29:43.043821 rule 1/0(match): pass out on tun0: 172.16.11.24 10.100.1.1: ICMP echo request, id 512, seq 20225, length 40 So no rdr. Its probably supposed to work like this, but I lack some pf understanding I guess.. if someone could drop some hints it would be nice. Test box is freebsd btw. If above setup will work on openbsd with multiple routing tables, etc, etc, please let me know. #Redirect 10.100.1.1 to CLIENT_A's 192.168.1.1 rdr on bge0 from any to 10.100.1.1 tag CLIENT_A - 192.168.1.1 #Do nat on CLIENT_A tunnel nat on tun0 from any to 192.168.0.0/16 - tun0 #Pass packets for CLIENT_A to their tunnel pass in log on bge0 route-to tun0 tagged CLIENT_A keep state This seems to work! I am quite happy with it. Cheers, Gr. FH
Re: dmesg and fdisk do not match about usb external disk
So is this also the reason why I cannot boot OpenBSD from a USB memory stick? Because BIOS and OpenBSD use different geometries? Can I somehow force OpenBSD to use the BIOS geometry on the USB disk? How? - Jani On Tue, Feb 13, 2007 at 12:07:57PM +0100, frantisek holop wrote: hmm, on Tue, Feb 13, 2007 at 08:56:24PM +1100, Shane J Pearson said that On 13/02/2007, at 8:18 PM, frantisek holop wrote: how am i (and fdisk) supposed to make partitions on CHS boundaries if instead of 19457/255/63 fdisk sees the disk as 152627/64/32? What is the point in trying to align to such boundaries, when the physical HDD does not have 255 or 64 heads and those numbers are faked due to working around legacy limitations? fdisk(8): CAVEATS Hand crafted disk layouts are highly error prone. MBR partitions should start on a cylinder boundary (head 0, sector 1), except when starting on track 0, (these should begin at head 1, sector 1). MBR partitions should also end at cylinder boundaries. as far as i know most of the other OSs also align to boundaries. -f -- the borg are coming! quick! try and look useless! OpenBSD aligns to boundaries. It just makes up the boundaries, as do other OS's. It's unfortunate that all OS's don't make up the same boundaries but until you can convince all OS developers to use the same fake geometry you'll have to live with the current situation. OpenBSD makes absolutely no effort to get 'real' geometry information from USB attached disks. Too many such devices simply freak out and stop working when asked this difficult question. Others make up even more bizarre geometries than the one we use. So OpenBSD uses 64*32, divides the number of sectors (which all devices do provide) by this value to give a cylinder count, and truncates the fractional cylinder. So up to 64*31 = 1984 sectors will be 'wasted'. Windows uses 255 * 63, so up to 255 * 62 = 15,810 sectors could be 'wasted'. Interested parties can examine /usr/src/sys/scsi/sd.c, lines 1344 and 1453. Ken __ Saunalahti Iso G - 50 Gigatavua nopeaa ja varmennettua verkkolevyd tiedostoillesi. Kokeile ilmaiseksi! http://isog.pp.fi
Re: PF drops tcp packets from a machine with Gentoo linux kernel 2.6.18
On 2/15/07, Tim Kuhlman [EMAIL PROTECTED] wrote: So my ruleset has some problems. I took some time to work through my rules and re-read the state tracking section of the pf faq (which by the way is well done, thanks). I found what I think are a couple of problems, I needed to have the flags S/SA so that it paid attention to the syn packet and for some reason I had the state policy globally set to if-bound rather than floating. When I change both of those a new problem appears, routing between my internal network and DMZ's doesn't work. The syn packet goes through and appears to create state but the Syn/Ack packet isn't let back through. I thought that was it created state one way it was supposed to allow it back the other. Surely I am missing something simple. Here is the state as it appears with the new rules from a pfctl -vvss, I also attached a tcpdump capture from both interfaces on the router. Attachments are stripped by the listserv. Better to paste results in. all tcp 10.10.10.150:49516 - 10.11.0.5:80 ESTABLISHED:SYN_SENT [573330559 + 16385](+3517130307) wscale 2 [3039928992 + 5840](+146001125) wscale 0 age 00:00:02, expires in 00:00:28, 2:1 pkts, 116:64 bytes, rule 135 id: 45c74dc600234f51 creatorid: b3647a00 The router has 5 interfaces and 10 ip addresses associated with it so I will spare you the full ruleset but here are the ones that are relevant. I copied the rules as they are including the extra interfaces and such. $DMZ_production_if is the 10.11.0.0/24 network $int_if is the 10.10.8.0/21 network table int_net const { 10.10.8.0/21, 10.8.0.0/24, 172.16.1.0/24 } pass in on { $int_if $vpn_if } proto {tcp udp icmp} from int_net to \ { $DMZ_production_if:network, $DMZ_proto_if:network } pass out on { $int_if $vpn_if $ext_if $dsl_if $DMZ_production_if $DMZ_proto_if } proto \ {tcp udp icmp} flags S/SA modulate state IMHO, it's confusing to cram as much logic as you are into this rule; your traffic flows from one network to another follow distinct directions and crossing of interfaces, yet you've got a bit of a convoluted rule handling the 'pass out' for all of those flows on different interfaces. For all I know, it might work fine, but just for me it's confusing to piece it together and may be the cause of your futz. If you don't have traffic coming into your LAN from the DMZ, you could simplify this by having simply a: - pass in rule on your LAN interface allowing flows from the LAN into the remote networks, with keep state and appropriate flags; - pass out rule on your DMZ interface or whatever interfaces are destinations from the LAN, with keep state and appropriate flags. You need both; you need to have state built INBOUND on the INSIDE interface so that return traffic out that interface passes statefully. At the same time, you need state built OUTBOUND on the OUTSIDE interface so that return traffic in that interface passes statefully. Flavor as needed with similar, additional rules for connection flows from the DMZ into the LAN or other networks, if any. DS
Re: slow io operations on xSeries 336
can i see a dmesg as well? if you're running the machine as an amd64, can you try it again as an i386? I am running as an i386 $ arch OpenBSD.i386 The dmesg follows. Thanks in advance. Regards, Jose OpenBSD 4.0 (GENERIC.MP) #936: Sat Sep 16 19:27:28 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Xeon(TM) CPU 3.20GHz (GenuineIntel 686-class) 3.21 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16 real mem = 1073094656 (1047944K) avail mem = 970813440 (948060K) using 4256 buffers containing 53755904 bytes (52496K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 01/17/05, BIOS32 rev. 0 @ 0xfd721, SMB IOS rev. 2.3 @ 0xf602c (50 entries) bios0: IBM eserver xSeries 336 -[883721U]- pcibios0 at bios0: rev 2.1 @ 0xf/0x pcibios0: PCI BIOS has 11 Interrupt Routing table entries pcibios0: PCI Exclusive IRQs: 9 10 11 15 pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801EB/ER LPC rev 0x00) pcibios0: PCI bus #7 is the last bus bios0: ROM list: 0xc/0xb000 0xcb000/0x4000 ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca8/8 spacing 4 mainbus0: Intel MP Specification (Version 1.4) (IBM ENSW X336 SMP) cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 200 MHz mainbus0: bus 0 is type PCI mainbus0: bus 1 is type PCI mainbus0: bus 2 is type PCI mainbus0: bus 3 is type PCI mainbus0: bus 4 is type PCI mainbus0: bus 5 is type PCI mainbus0: bus 6 is type PCI mainbus0: bus 7 is type PCI mainbus0: bus 8 is type ISA ioapic0 at mainbus0: apid 14 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 13 pa 0xfec82000, version 20, 24 pins ioapic2 at mainbus0: apid 12 pa 0xfec82400, version 20, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7520 MCH rev 0x0a Intel E7520 MCH ERR rev 0x0a at pci0 dev 0 function 1 not configured ppb0 at pci0 dev 2 function 0 Intel MCH PCIE rev 0x0a pci1 at ppb0 bus 2 ppb1 at pci0 dev 4 function 0 Intel MCH PCIE rev 0x0a pci2 at ppb1 bus 3 ppb2 at pci2 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci3 at ppb2 bus 4 mpi0 at pci3 dev 1 function 0 Symbios Logic 53c1030 rev 0x08: apic 13 int 4 (i rq 11) scsibus0 at mpi0: 16 targets sd0 at scsibus0 targ 0 lun 0: IBM-ESXS, MAW3300NC FN, C206 SCSI2 0/direct fixe d sd0: 286102MB, 78753 cyl, 8 head, 930 sec, 512 bytes/sec, 585937500 sec total safte0 at scsibus0 targ 8 lun 0: IBM, 25P3495a S320 1, 1 SCSI2 3/processor fixe d mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 0 DT 1 IU 1 ppb3 at pci2 dev 0 function 2 Intel PCIE-PCIE rev 0x09 pci4 at ppb3 bus 5 ppb4 at pci0 dev 6 function 0 Intel MCH PCIE rev 0x0a pci5 at ppb4 bus 6 bge0 at pci5 dev 0 function 0 Broadcom BCM5721 rev 0x01, BCM5750 A1 (0x4001): apic 14 int 16 (irq 11), address 00:0d:60:99:a3:b2 brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb5 at pci0 dev 7 function 0 Intel MCH PCIE rev 0x0a pci6 at ppb5 bus 7 bge1 at pci6 dev 0 function 0 Broadcom BCM5721 rev 0x01, BCM5750 A1 (0x4001): apic 14 int 16 (irq 11), address 00:0d:60:99:a3:b3 brgphy1 at bge1 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 Intel E7525 MCH Configuration rev 0x0a at pci0 dev 8 function 0 not configured uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: apic 14 int 16 (irq 11) usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: apic 14 int 19 (irq 3) usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: apic 14 int 23 (irq 5) usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub2: 4 ports with 4 removable, self powered ppb6 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xc2 pci7 at ppb6 bus 1 vga1 at pci7 dev 1 function 0 ATI Radeon VE QY rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ichpcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02 pciide0 at pci0 dev 31 function 2 Intel 82801EB SATA rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: HL-DT-ST, DVD-ROM GDR8083N, 0L02 SCSI0 5/cdrom r emovable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 ichiic0 at pci0 dev 31 function 3 Intel 82801EB/ER SMBus rev 0x02: apic 14 int 17 (irq 3) iic0 at ichiic0: disabled to avoid ipmi0 interactions isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard,
Re: PF drops tcp packets from a machine with Gentoo linux kernel 2.6.18
On Thursday 15 February 2007 10:12 am, Darren Spruell wrote: On 2/15/07, Tim Kuhlman [EMAIL PROTECTED] wrote: So my ruleset has some problems. I took some time to work through my rules and re-read the state tracking section of the pf faq (which by the way is well done, thanks). I found what I think are a couple of problems, I needed to have the flags S/SA so that it paid attention to the syn packet and for some reason I had the state policy globally set to if-bound rather than floating. When I change both of those a new problem appears, routing between my internal network and DMZ's doesn't work. The syn packet goes through and appears to create state but the Syn/Ack packet isn't let back through. I thought that was it created state one way it was supposed to allow it back the other. Surely I am missing something simple. Here is the state as it appears with the new rules from a pfctl -vvss, I also attached a tcpdump capture from both interfaces on the router. Attachments are stripped by the listserv. Better to paste results in. all tcp 10.10.10.150:49516 - 10.11.0.5:80 ESTABLISHED:SYN_SENT [573330559 + 16385](+3517130307) wscale 2 [3039928992 + 5840](+146001125) wscale 0 age 00:00:02, expires in 00:00:28, 2:1 pkts, 116:64 bytes, rule 135 id: 45c74dc600234f51 creatorid: b3647a00 The router has 5 interfaces and 10 ip addresses associated with it so I will spare you the full ruleset but here are the ones that are relevant. I copied the rules as they are including the extra interfaces and such. $DMZ_production_if is the 10.11.0.0/24 network $int_if is the 10.10.8.0/21 network table int_net const { 10.10.8.0/21, 10.8.0.0/24, 172.16.1.0/24 } pass in on { $int_if $vpn_if } proto {tcp udp icmp} from int_net to \ { $DMZ_production_if:network, $DMZ_proto_if:network } pass out on { $int_if $vpn_if $ext_if $dsl_if $DMZ_production_if $DMZ_proto_if } proto \ {tcp udp icmp} flags S/SA modulate state IMHO, it's confusing to cram as much logic as you are into this rule; your traffic flows from one network to another follow distinct directions and crossing of interfaces, yet you've got a bit of a convoluted rule handling the 'pass out' for all of those flows on different interfaces. For all I know, it might work fine, but just for me it's confusing to piece it together and may be the cause of your futz. If you don't have traffic coming into your LAN from the DMZ, you could simplify this by having simply a: - pass in rule on your LAN interface allowing flows from the LAN into the remote networks, with keep state and appropriate flags; - pass out rule on your DMZ interface or whatever interfaces are destinations from the LAN, with keep state and appropriate flags. You need both; you need to have state built INBOUND on the INSIDE interface so that return traffic out that interface passes statefully. At the same time, you need state built OUTBOUND on the OUTSIDE interface so that return traffic in that interface passes statefully. The above paragraph explains what my problem was. I was thinking that I simply needed the state built once and that pf would figure out both directions. I added state building on the appropriate pass in rules and it is working. This also solved the original issue of the one gentoo box getting its tcp packets dropped. I am going to go through my ruleset simplifying and auditing with this is mind. Thanks again for the help! -- Tim Kuhlman Network Administrator ColoradoVnet.com
Re: Annoying problem with dnsmasq
See release notes on Dnsmasq 2.35 http://freshmeat.net/projects/dnsmasq/?branch_id=1991release_id=239661 OpenBSD-4.0 is due for release very soon and no version of dnsmasq prior to 2.35 will do DHCP on OpenBSD-4.0. /Markus Manuel Ravasio wrote: Hello all. I'm trying to set up a firewall/web-proxy/dns-proxy/dhcp-server box at home, using a quite old i386-based pc (AMD k6-2 300, 256mb RAM, 2x10G IDE disks) and OpenBSD 4.0. OS installation, disk management, additional software installation and configuration... everything went fine. Problems started in configuring dnsmasq: I managed to make dns forwarding work ( I really don't need anything more than standard behaviour), then I created a DHCP range entry: expand-hosts domain=manuel.test dhcp-range=192.168.2.100,192.168.2.200,255.255.255.0,1h I chose to activate dnsmasq on the internal intercace only: interface=pcn1 pcn1,'s IP address is fixed and compatible with the range specified: # ifconfig pcn1 pcn1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:0c:29:af:4f:47 media: Ethernet autoselect (autoselect) inet 192.168.2.11 netmask 0xff00 broadcast 192.168.2.255 inet6 fe80::20c:29ff:feaf:4f47%pcn1 prefixlen 64 scopeid 0x2 I read that creating a dhcp-range entry in /etc/dnsmasq.conf makes dnsmasq start the dhcp service automatically, but alas DHCP server apparently doesn't work: linux and windows clients can't grab IP addresses and other IP information, and netstat doesn't show anything listening on port 67/68. # ps -aux | grep dns nobody 16166 0.0 0.3 520 648 ?? S 12:58PM0:00.00 dnsmasq # netstat -an | grep tcp | grep -v tcp6 tcp0 0 127.0.0.1.53 *.*LISTEN tcp0 0 192.168.2.11.53*.*LISTEN tcp0 0 127.0.0.1.6010 *.*LISTEN tcp0 0 192.168.2.11.22192.168.2.1.48605 ESTABLISHED tcp0 0 *.22 *.*LISTEN What am I missing? Thank you everybody for your kind help. Byee, Manuel
Re: Annoying problem with dnsmasq
Markus Bergkvist wrote: See release notes on Dnsmasq 2.35 http://freshmeat.net/projects/dnsmasq/?branch_id=1991release_id=239661 OpenBSD-4.0 is due for release very soon and no version of dnsmasq prior to 2.35 will do DHCP on OpenBSD-4.0. I'm working on an update of the port to 2.38 Jonathan
Re: Performance problems with bge under OpenBSD4.0/i386
Very Interesting. On the switch I can set the port flow-control to on, off or desirable. The following is the blurb on those configuration options: Gigabit Ethernet Flow Control Keyword Functions, Keywords : Function receive on: The port uses flow control dictated by the neighbor port. receive desired: The port uses flow control if the neighbor port uses it, and does not use flow control if the neighbor port does not use it. receive off: The port does not use flow control, regardless of whether flow control is requested by the neighbor port. send on: The port sends flow-control frames to the neighbor port. send desired: The port sends flow-control frames to the neighbor port if the neighbor port asks to use flow control. send off: The port does not send flow-control frames to the neighbor port. However, irrespective of what I configure the port flow-control to on the switch (and then reboot the OpenBSD host, to be sure of correct interface initialisation) I cannot be ifconfig to report {tx|rx}pause. Is this likely to be a driver problem, or is there some broken flash code on the bge NIC (which I could possible update) ? /Pete On 14. feb. 2007, at 22.42, Mark Kettenis wrote: From: Pete Vickers [EMAIL PROTECTED] Date: Wed, 14 Feb 2007 13:33:25 +0100 # ifconfig bge0 bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:17:a4:45:f5:25 groups: egress media: Ethernet autoselect (1000baseT full-duplex) status: active inet6 fe80::217:a4ff:fe45:f525%bge0 prefixlen 64 scopeid 0x1 inet x.x.x.x netmask 0xff00 broadcast x.x.x.x This suggests flow control has *not* been negotiated. With msk(4), I get: borodin$ ifconfig msk0 msk0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:16:cb:a2:87:67 groups: egress media: Ethernet autoselect (1000baseT full- duplex,rxpause,txpause) status: active inet6 fe80::216:cbff:fea2:8767%msk0 prefixlen 64 scopeid 0x1 inet 192.168.0.17 netmask 0xff00 broadcast 192.168.0.255
Re: iwi unknown authentication state 1
On 1/31/07, Greg Thomas [EMAIL PROTECTED] wrote: I'm getting random unknown authentication state 1 and device timeout messages with the built-in card on my T40. Hi all, I have similar problems with the iwi driver on my T43. I have the message : iwi0: XXX too many rates (count=13, last=108) And sometimes : iwi0: fatal firmware error and iwi0: unknown authentication state 1 If I unplug the network cable, the trunk0 interface doesn't work anymore (it doesn't switch to iwi). I like to have a trunk device with bge and iwi as failover, but I saw the same without trunk. The problem occurs with -current (not with 4.0). Configuration details and dmesg follow : [EMAIL PROTECTED]: ~ $ sudo ifconfig bge0 up [EMAIL PROTECTED]: ~ $ sudo ifconfig iwi0 up nwid GOUTTEDELAINE chan 10 [EMAIL PROTECTED]: ~ $ sudo ifconfig trunk0 create [EMAIL PROTECTED]: ~ $ sudo ifconfig trunk0 trunkproto failover trunkport bge0 trunkport iwi0 [EMAIL PROTECTED]: ~ $ ifconfig lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 bge0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 lladdr 00:11:25:d3:54:2c trunk: trunkdev trunk0 media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::211:25ff:fed3:542c%bge0 prefixlen 64 scopeid 0x1 iwi0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 lladdr 00:11:25:d3:54:2c trunk: trunkdev trunk0 groups: wlan media: IEEE802.11 autoselect status: no network ieee80211: nwid GOUTTEDELAINE chan 10 100dBm inet6 fe80::212:f0ff:fedc:3d69%iwi0 prefixlen 64 scopeid 0x2 pflog0: flags=141UP,RUNNING,PROMISC mtu 33224 enc0: flags=0 mtu 1536 trunk0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500 lladdr 00:11:25:d3:54:2c trunk: trunkproto failover trunkport iwi0 trunkport bge0 master,active groups: trunk media: Ethernet autoselect status: active [EMAIL PROTECTED]: ~ $ sudo ifconfig -M iwi0 ** (the antenna light blink) ** [EMAIL PROTECTED]: ~ $ ifconfig lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 bge0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 lladdr 00:11:25:d3:54:2c trunk: trunkdev trunk0 media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::211:25ff:fed3:542c%bge0 prefixlen 64 scopeid 0x1 iwi0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 lladdr 00:11:25:d3:54:2c trunk: trunkdev trunk0 groups: wlan media: IEEE802.11 autoselect status: active ieee80211: nwid GOUTTEDELAINE chan 10 bssid 00:09:5b:fe:0a:3a 87dB 100dBm inet6 fe80::212:f0ff:fedc:3d69%iwi0 prefixlen 64 scopeid 0x2 pflog0: flags=141UP,RUNNING,PROMISC mtu 33224 enc0: flags=0 mtu 1536 trunk0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500 lladdr 00:11:25:d3:54:2c trunk: trunkproto failover trunkport iwi0 trunkport bge0 master,active groups: trunk media: Ethernet autoselect status: active [EMAIL PROTECTED]: ~ $ sudo dhclient trunk0 DHCPREQUEST on trunk0 to 255.255.255.255 port 67 DHCPACK from 172.16.4.254 bound to 172.16.1.49 -- renewal in 86400 seconds. ** OpenBSD 4.1-beta (GENERIC) #1371: Wed Feb 14 15:42:07 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) M processor 1.86GHz (GenuineIntel 686-class) 1.87 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2 real mem = 1072132096 (1047004K) avail mem = 969854976 (947124K) using 4256 buffers containing 53731328 bytes (52472K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 08/21/06, BIOS32 rev. 0 @ 0xfd760, SMBIOS rev. 2.33 @ 0xe0010 (64 entries) bios0: IBM 2668WEV apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 100% apm0: AC on, battery charge high apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd6f0/0x910 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdeb0/256 (14 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #12 is the last bus bios0: ROM list: 0xc/0x1 0xd/0x1600 0xd1800/0x1000 0xdc000/0x4000! 0xe/0x1 acpi at mainbus0 not configured cpu0 at mainbus0 cpu0: Enhanced SpeedStep 1867 MHz (1308 mV): speeds: 1867, 1600, 1333, 1067, 800 MHz pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82915GM/PM/GMS Host rev 0x03 ppb0 at pci0 dev 1 function 0 Intel 82915PM/GM PCIE
Re: SIP on OpenBSD
Original message from pedro la peu at 14-2-2007 2:37 On Tuesday 13 February 2007 21:04, Stuart Henderson wrote: Anyone with a phone... there are numerous companies gatewaying PSTNSIP in and out and some doing PSTNH323 and a few doing PSTNIAX And a choice of ISDN (basic, pri) - SIP gateways. Much easier. I Googled a bit and found this: http://www.patton.com/products/pe_products.asp?category=45 Looks good for a small office installation and avoids a few problems you might run into with PCI cards. If I'm not mistaken you could use a Patton (or any other brand) VoIP gateway to connect to the physical phonelines and use Asterisk running on OpenBSD to talk to the VoIP gateway using SIP. I might actually give that a try. Daniel
Re: Virtualisation on OpenBSD?
On Wed, 2007-01-24 at 10:47 -0600, L. V. Lammert wrote: Much better to want on the Xen implementation, which in the works. Possibly at the Hackthon? Apart from the mercurial repository there is little information on the status of the XEN effort. There's this bsdtalk interview http://ropersonline.com/openbsd/xen/ in which Cristoph Egger says he hopes to have OpenBSD XEN included in 4.1. This seems to be a rumor though, since I see no XEN related work in the changelog. Also it is not clear if this refers just to DomU or to Dom0 support too. Anyone has fresh news? ciao Luca
Re: iwi unknown authentication state 1
I'd like to say this is amusing..but it really isn't. I too receive the same kernel messages from my iwi interface, though on a Dell Inspiron 8600. The variety I see: iwi0: fatal firmware error iwi0: unknown authentication state 1 This is among one of the many reasons [EMAIL PROTECTED] should be taken out of existance. Cheers, Jason
3.9 clamav package broken?
I have a 3.9 system running clamav and freshclam chroot and I wanted to update clamav from 0.88.4 to 0.88.7. So I... i) stopped the clamd and freshclam daemons ii) removed clamav package with pkg_delete iii) installed the newer clamav with pkg_add I then used ldd to locate what I need to put in my $CHROOT for clamd. I was missing libclamav.so.2.0 so I copied it into $CHROOT. I started clamd fine after using ldconfig. But I encountered trouble when doing the same for freshclam: $ ldd /usr/local/bin/freshclam /usr/local/bin/freshclam: StartEnd Type Open Ref GrpRef Name exe 10 0 /usr/local/bin/freshclam 065c4000 265d9000 rlib 01 0 /usr/local/lib/libclamav.so.2.0 === 03e08000 23e12000 rlib 02 0 /usr/local/lib/libcurl.so.3.3 09ee5000 29eed000 rlib 03 0 /usr/lib/libz.so.4.1 0e0d8000 2e106000 rlib 03 0 /usr/lib/libcrypto.so.12.0 07fe 27feb000 rlib 03 0 /usr/lib/libssl.so.10.0 06782000 26788000 rlib 02 0 /usr/local/lib/libgmp.so.6.3 09e54000 29e58000 rlib 02 0 /usr/local/lib/libbz2.so.10.3 0a49b000 2a4a4000 rlib 01 0 /usr/lib/libpthread.so.6.2 0fd6a000 2fd9b000 rlib 01 0 /usr/lib/libc.so.39.0 0cc84000 0cc84000 rtld 01 0 /usr/libexec/ld.so When starting freshclam outside $CHROOT it works but it does not when starting it inside. It asks for an outdated version of libclamav.so (1.9): $ /usr/local/bin/freshclam -u root ClamAV update process started at Thu Feb 15 17:52:28 2007 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.88.7 Recommended version: 0.90 DON'T PANIC! Read http://www.clamav.net/faq.html main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm) daily.cvd is up to date (version: 2578, sigs: 7844, f-level: 13, builder: sven) WARNING: Your ClamAV installation is OUTDATED! WARNING: Current functionality level = 10, recommended = 13 DON'T PANIC! Read http://www.clamav.net/faq.html # chroot -u amavisd /var/amavisd /usr/local/bin/freshclam -d /usr/local/bin/freshclam: can't load library 'libclamav.so.1.19' I used the same procedure on a 4.0 system with no such problem. PM
Re: SIP on OpenBSD
I keep seeing the subject coming up. Yes, a complete OpenBSD solution would be nice. However only two persons offer some possible financial help to make this happen, but nothing concrete. In any case, I put the wheel in motion to replace a commercial solution my business use, and I will do what I need to replace it. How long will it takes, well... Time is not endless, free will is goodwill only and in limited resources, and money doesn't grow on trees either. So, may be your $$$ help can speed things up more. But, real good talent for writing is properly is very rare, but welcome possibly. So, fell free to contact me, but $$$ is really what's needed most in the end to speed up the progress and to get this off the ground to give it a life of it's own sooner then later. Thanks Daniel PS: Disclaimer. Selfish needs prompt me to move ahead regardless. PS2: I put many reference in the archive and on undeadly below. http://www.undeadly.org/cgi?action=articlesid=20061014164008pid=4 http://marc.theaimsgroup.com/?l=openbsd-miscm=116362964024853w=2 http://marc.theaimsgroup.com/?l=openbsd-miscm=114454900209160w=2 http://marc.theaimsgroup.com/?l=openbsd-miscm=115092509307247w=2 http://marc.theaimsgroup.com/?l=openbsd-miscm=111506559314832w=2
site hosting on 2 internet connections
just got a 2nd connection with a better upload capacity and would like to use both connections to host a site i run. everything is currently served over a single connection that supplies netblock a.b.c.d/29 and terminates at the firewall. i plan on connecting the 2nd connection that supplies netblock w.x.y.z/29 to the same firewall and, unless someone can point me towards a better option, changing the DNS for the site to point to an IP in the new netblock. if there are any gotchas about such a setup, please point me towards the relevant docs. i've read about using the route-to to balance outbound connections in the pf address pools docs, but i don't see this being immediately helpful for hosting purposes since the inbound connections should come in on both netblocks in the case that the load is spread over the two connections. cheers, jake --
squid , apache n PF
Dear all I have machine running squid n apache at OBSD also set as transparent proxy with pf . Now i have limit who can use that proxy ( of course limit by ip in squid conf). The problem show when ip non allow acces the proxy access webserver at that machine proxy always get denied. int---proxy (192.168.0.8)-ip allow int---proxy(192.168.0.7)-ip allow2 ipallow2 using gateway = 192.168.0.7 ipallow using gateway = 192.168.0.8 here my squid.conf acl parno url_regex -i /usr/local/squid/etc/parno.txt acl ipallow src /usr/local/squid/etc/ip-allow.txt http_access deny parno http_access allow ipallow http_access deny all then i change squid.conf like this : acl ipallow2 src /usr/local/squid/etc/ip-allow2.txt acl parno url_regex -i /usr/local/squid/etc/parno.txt acl ipallow src /usr/local/squid/etc/ip-allow.txt http_access allow ipallow2 http_access deny parno http_access allow ipallow http_access deny all with second squid.conf that is working , but another problem show , when ipallow2 change ip gateway to 192.168.0.8 they can access internet by proxy in 192.168.0.8. so how to configure ipallow2 can access the webserver in 192.168.0.8 without allow ipallow2 using proxy when change the gateway to 192.168.0.8 -sonjaya- htpp://sicute.blogspot.com
Re: site hosting on 2 internet connections
Jacob Yocom-Piatt wrote: i've read about using the route-to to balance outbound connections in the pf address pools docs, but i don't see this being immediately helpful for hosting purposes since the inbound connections should come in on both netblocks in the case that the load is spread over the two connections. Any why not. The outgoing is not relevant to your incoming. You request a URL that is pretty small in size, but your reply is the one that have all the content. Yes, you can do round robin for incoming, or use the most reliable one for incoming, etc. But you are concern about sending your traffic out from the hosting site and that's your load right there. Send it the way you see fit on your connection. Doesn't matter the path it takes to reach back the end users. Then balance your connections with PF the way you see fit. There is nothing wrong with that. Use your most reliable for incoming, and split the outgoing on both. Daniel
OpenBSD Wireless Router and Nintendo DS
I'm having trouble connecting to my OpenBSD wireless router with my Nintendo DS handheld. Here is some general information about my setup. uname -a: OpenBSD lordnikon.thehomerow.net 4.0 GENERIC#1107 i386 ifconfig ral0: ral0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 lladdr 00:30:4f:4c:0c:9b media: IEEE802.11 autoselect hostap (autoselect mode 11b hostap) status: active ieee80211: nwid Mother2 chan 2 bssid 00:30:4f:4c:0c:9b nwkey not displayed 100dBm inet6 fe80::230:4fff:fe4c:c9b%ral0 prefixlen 64 scopeid 0x2 inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 The DS is giving me an Error Code: 51300 message when it tries to test the connection. I've found some forums that mention this might be a problem with the DS not gracefully dropping to the 1-2 Mbps connection rate that it requires (for some odd reason). The available media options for ral0 to set 1 or 2 Mbps connection rates are DS1 and DS2. I've tried all combinations of these media options, no mode setting, and mode 11b. I tried 11b because there were also some mentions of the DS not dropping to an 11b connection if 11g is present too. I've also tried specifying different channels for the wireless card. I tried 1, 11, and 12 with no success. I was suggested to put the wireless card into mixed mode, but I'm not exactly sure if there's a way to specify this, or this is what no mode setting defaults to on a card that is capable of both 11b and 11g. If anyone has any ideas, I would really appreciate it. I've posted this problem on two different forums and still haven't been able to solve it. Thanks! -Brian Figured I'd attach my dmesg for good measure... OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Sempron(tm) Processor 2500+ (AuthenticAMD 686-class, 256KB L2 cache) 1.41 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3 real mem = 468938752 (457948K) avail mem = 419680256 (409844K) using 4256 buffers containing 23547904 bytes (22996K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 09/12/05, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.3 @ 0xf0530 (54 entries) bios0: ASUSTeK Computer Inc. K8V-MX apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf58b0/208 (11 entries) pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT8237 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8200 0xc8800/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA K8M800 Host rev 0x00 pchb1 at pci0 dev 0 function 1 VIA K8M800 Host rev 0x00 pchb2 at pci0 dev 0 function 2 VIA K8M800 Host rev 0x00 pchb3 at pci0 dev 0 function 3 VIA K8M800 Host rev 0x00 pchb4 at pci0 dev 0 function 4 VIA K8M800 Host rev 0x00 pchb5 at pci0 dev 0 function 7 VIA K8M800 Host rev 0x00 ppb0 at pci0 dev 1 function 0 VIA K8HTB AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 VIA S3 Unichrome PRO IGP rev 0x01: aperture at 0xf400, size 0x1000 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) fxp0 at pci0 dev 11 function 0 Intel 8255x rev 0x08, i82559: irq 11, address 00:02:b3:1d:32:81 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 ral0 at pci0 dev 13 function 0 Ralink RT2661 rev 0x00: irq 5, address 00:30:4f:4c:0c:9b ral0: MAC/BBP RT2661B, RF RT2529 (MIMO XR) pciide0 at pci0 dev 15 function 0 VIA VT6420 SATA rev 0x80: DMA pciide0: using irq 10 for native-PCI interrupt pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide1 channel 0 drive 0: WDC WD800JB-00JJA0 wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide1 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: LITE-ON, COMBO SOHC-5236V, R$06 SCSI0 5/cdrom removable cd0(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 2 uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x81: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x81: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x81: irq 10 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 16 function 3 VIA VT83C572 USB rev 0x81: irq 10 usb3 at uhci3: USB revision 1.0 uhub3 at usb3
FuzzyOCR on OpenBSD?
I'm looking for guidance in installing the FuzzyOCR SA plugin on OpenBSD 4.0. Has anyone done this? Thanks in advance, PM