Re: pf, altq, packet rate
Hello , And then you're going to add a dropper ? we already do some mitigation for that in certain drivers. $ cd /sys/dev; grep MCLGETI pci/* ic/* pci/if_bge.c: MCLGETI(m, M_DONTWAIT, sc-arpcom.ac_if, MCLBYTES); pci/if_bge.c: MCLGETI(m, M_DONTWAIT, sc-arpcom.ac_if, BGE_JLEN); pci/if_bnx.c: MCLGETI(m, M_DONTWAIT, sc-arpcom.ac_if, MCLBYTES); pci/if_em.c:MCLGETI(m, M_DONTWAIT, sc-interface_data.ac_if, MCLBYTES); pci/if_iwn.c: MCLGETI(data-m, M_DONTWAIT, NULL, IWN_RBUF_SIZE); pci/if_iwn.c: MCLGETI(m1, M_DONTWAIT, NULL, IWN_RBUF_SIZE); pci/if_ix.c:MCLGETI(m, M_DONTWAIT, sc-arpcom.ac_if, size); pci/if_msk.c: MCLGETI(m, M_DONTWAIT, sc_if-arpcom.ac_if, sc_if-sk_pktlen); pci/if_sis.c: MCLGETI(m_new, M_DONTWAIT, sc-arpcom.ac_if, MCLBYTES); pci/if_sk.c:MCLGETI(m, M_DONTWAIT, sc_if-arpcom.ac_if, SK_JLEN); pci/if_vic.c: MCLGETI(m0, M_DONTWAIT, NULL, m-m_pkthdr.len); pci/if_vic.c: MCLGETI(m, M_DONTWAIT, sc-sc_ac.ac_if, pktlen); pci/if_wpi.c: MCLGETI(data-m, M_DONTWAIT, NULL, WPI_RBUF_SIZE); pci/if_wpi.c: MCLGETI(m1, M_DONTWAIT, NULL, WPI_RBUF_SIZE); ic/gem.c: MCLGETI(m, M_DONTWAIT, sc-sc_arpcom.ac_if, MCLBYTES); ic/hme.c: MCLGETI(m, M_DONTWAIT, sc-sc_arpcom.ac_if, MCLBYTES); -- Best regards, irix mailto:i...@ukr.net
Where's demime?
Hiya, I know that demime is being used on the misc mailing list. I've searched for a demime package, but couldn't find anything: http://www.openbsd.org/4.5_packages/i386.html I even tried to see if it's contained in some other package: http://www.google.ie/search?q=demime+inurl%3Aopenbsd.org+inurl%3Acontents.html A Google search for openbsd and demime returns too many archived mails that just include the line demime 1.01d removed an attachment of type (...). So where is demime? Is it part of some other package? Thank you very much in advance, --ropers
Re: mounting a dmg file
2009/5/29 frantisek holop min...@obiit.org: hi there, does anyone know how to mount a .dmg file on openbsd? $ file image.dmg image.dmg: Apple Partition data block size: 2048, first type: Apple_partition_map, name: Apple, number of blocks: 15, anybody tried anything of these? http://en.wikipedia.org/wiki/Apple_Disk_Image#Non-Macintosh I have in the past had success with dmg2iso (or dmg2img, I can't recall). This is mentioned on the above page: http://vu1tur.eu.org/tools/ Essentially you convert the dmg to iso or img, and then you loop-mount the new image as HFS plus. I tried this under Linux though; I don't think I've so far ever tried to access HFS plus volumes from OpenBSD, so I'm not sure what mileage you'll get -- but I'd be curious to hear if you succeed. regards, --ropers
Re: pf, altq, packet rate
we already do some mitigation for that in certain drivers. $ cd /sys/dev; grep MCLGETI pci/* ic/* ... Oh, that's great to hear! I missed. 29 MAQ 2009 G. 13:28 POLXZOWATELX irix i...@ukr.net NAPISAL: And then you're going to add a dropper ? You had to try man MCLGETI before asking here. At least. -- antonvm
Radeon 9200 PRO + radeondrm freezes OpenBSD 4.5
Hi, according to radeon(4) my graphics card is supported, but I cannot get hardware acceleration to work. Booting with disable radeondrm in UKC and then running startx works fine. Doing the same with enable radeondrm (which is the default in the GENERIC kernel) appears to freeze the machine. The screen goes blank, and the monitor enters standby mode. Sometimes the computer shuts down after pressing the power button, but most of the time it can only be forced off by holding the power button. Trying several options in xorg.conf did not advance things. I booted with a serial console to see if any messages appeared after entering startx. This is what I got: radeondrm0: Setting GART location based on new memory map radeondrm0: writeback test failed radeondrm0: wait idle failed status : 0x80010140 0x radeondrm0: wait idle failed status : 0x80010140 0x radeondrm0: wait idle failed status : 0x80010140 0x ... The last message is repeated over and over until the machine appears to freeze. The time it takes to get to that point varies. After setting 'Option AGPFastWrite on' in xorg.conf no messages were output at all, but that was the only apparent difference. Setting AccelMethod to EXA also did not change anything. Using no xorg.conf at all also did not work. Anyway, here's my xorg.conf and dmesg. I hope someone can give me a hint. Vic +++ xorg.conf +++ Section ServerLayout Identifier X.org Configured Screen 0 Screen0 0 0 InputDeviceMouse0 CorePointer InputDeviceKeyboard0 CoreKeyboard EndSection Section Files ModulePath /usr/X11R6/lib/modules FontPath /usr/X11R6/lib/X11/fonts/misc/ FontPath /usr/X11R6/lib/X11/fonts/TTF/ FontPath /usr/X11R6/lib/X11/fonts/OTF FontPath /usr/X11R6/lib/X11/fonts/Type1/ FontPath /usr/X11R6/lib/X11/fonts/100dpi/ FontPath /usr/X11R6/lib/X11/fonts/75dpi/ EndSection Section Module Load dbe Load dri Load extmod Load glx Load freetype EndSection Section InputDevice Identifier Keyboard0 Driver kbd EndSection Section InputDevice Identifier Mouse0 Driver mouse Option Protocol wsmouse Option Device /dev/wsmouse Option ZAxisMapping 4 5 6 7 EndSection Section Monitor #DisplaySize 340 270 # mm Identifier Monitor0 VendorName ENC ModelNameL557 HorizSync24.0 - 80.0 VertRefresh 50.0 - 75.0 Option DPMS EndSection Section Device Option AGPMode x4 Option BusType AGP # [str] #Option AGPFastWrite on # [bool] #Option AccelMethod EXA # str Option DRI on # [bool] Identifier Card0 Driver radeon VendorName ATI BoardName Radeon 9200 PRO BusID PCI:1:0:0 EndSection Section Screen Identifier Screen0 Device Card0 MonitorMonitor0 SubSection Display Viewport 0 0 Depth 1 EndSubSection SubSection Display Viewport 0 0 Depth 4 EndSubSection SubSection Display Viewport 0 0 Depth 8 EndSubSection SubSection Display Viewport 0 0 Depth 15 EndSubSection SubSection Display Viewport 0 0 Depth 16 EndSubSection SubSection Display Viewport 0 0 Depth 24 EndSubSection EndSection +++ dmesg +++ OpenBSD 4.5-stable (GENERIC) #0: Sun May 3 11:29:20 CEST 2009 v...@overstolz.my.domain:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Athlon(tm) XP 2000+ (AuthenticAMD 686-class, 256KB L2 cache) 1.68 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 804810752 (767MB) avail mem = 769404928 (733MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 10/18/06, BIOS32 rev. 0 @ 0xfdb10, SMBIOS rev. 2.3 @ 0xf0630 (21 entries) bios0: vendor American Megatrends Inc. version P2.80 date 10/18/2006 bios0: American Megatrends Inc. K7S41GX acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC acpi0: wakeup devices PS2M(S4) PS2K(S4) UAR1(S4) USB1(S4) USB2(S4) EHCI(S4) LAN_(S4) MDM_(S4) AUD_(S4) PCI0(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 268MHz ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0 acpibtn0 at acpi0: PWRB bios0: ROM list: 0xc/0xd000 0xcd000/0xa000 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0
Re: pf, altq, packet rate
Hello , Today I felt CDNR in NetBSD-5 Works fine. No claims. Why write that does not work, I can not even guess. I use in NetBSD-2, and NetBSD-5. It works without reproach. interface pvc1 conditioner pvc1 ef_cdnr tbmeter 6M 64K passdrop filter pvc1 ef_cdnr 0 0 172.16.4.176 0 0 so, let's look at FreeBSD's manpage. ALTQ_CDNR Build the traffic conditioner. This option is meaningless at the moment as the conditioner is not used by any of the available disciplines or consumers. or a fairly recent NetBSD list post: The input limiter absolutely doesn't work under NetBSD-3, it seems, and I've found some other posts on the web that seem to confirm this. [...] I have a NetBSD-4 build of this box, which is an embeded system, which I could deploy in this application, but it's not a trivial exercise to do so. So, I'm wondering if anyone has used and can report whether the input traffic conditioner actually works to limit traffic on input traffic under NetBSD-4. ... -- Best regards, irix mailto:i...@ukr.net
Re: pf, altq, packet rate
Hello , In addition CDNR still has the 3 color marker, which, if slightly reworked,you can get a different dynamic shaper. For each color would be to set a speed, and switch between the colors would be implemented through traffic past in the ends of time. For example 10Mb/always 5Mb/10Gb (in 1 day) 1Mb/15Gb (in 2 day's) flush 1 day, (green yellow red)(reset couter) and an additional parameter discharging the counter, for example, to reset the counter 1 time per day . -- Best regards, irix mailto:i...@ukr.net
Re: two IP addresses on one pppoe connection
On 2009-05-29, Scott McEachern sc...@erratic.ca wrote: So the specifics for OpenBSD is that this is completely do-able with userland pppoe. Keep the existing pppoe setup for the single IP as is, and just modify the /etc/ppp/ppp.linkup file as such: (Assuming you were given a.b.c.d/30) MYADDR: !bg sh -c /sbin/ifconfig tun0 alias a.b.c.d netmask 255.255.255.255 [...] !bg sh -c /sbin/ifconfig tun0 alias a.b.c.d+3 netmask 255.255.255.255 !bg sh -c /sbin/pfctl -ef /etc/pf.conf !bg sh -c pkill -1 named where you have a single address and also a routed subnet, the normal way to do this is to put those IPs on another network interface. but with something small like a /30, assuming you just want them for natting and not passing directly to another machine, this is a good way to make use of the extra addresses that you normally wouldn't be able to. The last two lines are to load a pppoe-aware pf.conf and to let the name server start listening on any external address per named.conf. The result is that adding a /30 actually gives a total of 5 usable IPs: the original IP, what you would think are the 'network' and 'broadcast' addresses for the /30, plus the two 'normal' usable addresses. After that, it was just a matter of myself and pf.conf having a chat, and all is well. :)
Re: PF/Carp/Pfsync
Hi Georg I think I remember something like this ... could it be that carp takes over the interface before pfsync has finished updating the booted machine's connection table? TCP (and many other protocols) takes care of such situations by simply retransmitting, so any TCP connections should recover within seconds. When using UDP I suppose, recovery depends on the application. Another reason could be the interfaces not coming back up together. You should set net.inet.carp.preempt=1 hth /markus Georg Kahest wrote: [...] but when the prefered master comes up again and starts to act as carp master, then client who has carp as its gateway loses some packets on the moment of failover, [...]
4.5 - stable/ports/gcc-4.2/Error code 1
Hello list, I am trying to install gnome-session from ports on 4.5 - stable, and I am facing the following error in gcc-4.2 .. === Configuring for gcc-4.2.20070307 loading site script /usr/ports/infrastructure/db/config.site loading cache ./config.cache checking host system type... i386-unknown-openbsd4.5 checking target system type... i386-unknown-openbsd4.5 checking build system type... i386-unknown-openbsd4.5 checking for a BSD compatible install... /usr/bin/install -c -o root -g bin checking whether ln works... yes checking whether ln -s works... yes checking for gcc... /usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bin/egcc checking whether the C compiler (/usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bin/egcc -O2 -g ) works... no *** Error code 1 Stop in /usr/ports/lang/gcc/4.2 (line 2147 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/lang/gcc/4.2 (line 1427 of /usr/ports/infrastructure/mk/bsd.port.mk). == The ports are NOT configured according to http://openbsd.org/faq/faq15.html#PortsConfig . I don't know how to do it. Particularly, there is no /etc/mk.conf (and I don't know how to create it other than touch command). Moreover, there are NO directories /usr/obj/ports /usr/distfiles /usr/packages where WRKOBJDIR=/usr/obj/ports DISTDIR=/usr/distfiles PACKAGE_REPOSITORY=/usr/packages are supposed to be configured, according tohttp://openbsd.org/faq/faq15.html#PortsConfig Thanks in advance for any suggestion. Dmesg below. Apart from that, 4.5 rocks! Great work! == dmesg OpenBSD 4.5-stable (GENERIC) #0: Sun May 24 19:03:08 CEST 2009 ad...@ljubinko.zderic.my6net:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Celeron(R) CPU 2.80GHz (GenuineIntel 686-class) 2.82 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,xTPR real mem = 804810752 (767MB) avail mem = 769404928 (733MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 09/09/04, BIOS32 rev. 0 @ 0xfae70, SMBIOS rev. 2.3 @ 0xf0100 (39 entries) bios0: vendor Award Software International, Inc. version F3 date 09/09/2004 bios0: Gigabyte Technology Co., Ltd. 8I845PE Pro acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC acpi0: wakeup devices HUB0(S4) USB0(S1) USB1(S1) USB2(S1) USB3(S1) USBE(S1) PCI0(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 133MHz ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 2 (HUB0) acpicpu0 at acpi0 acpitz0 at acpi0: critical temperature 75 degC acpibtn0 at acpi0: PWRB bios0: ROM list: 0xc/0xc000 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82865G Host rev 0x02 intelagp0 at pchb0 agp0 at intelagp0: aperture at 0xe000, size 0x800 ppb0 at pci0 dev 1 function 0 Intel 82865G AGP rev 0x02 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Radeon 9200 SE Sec rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) radeondrm0 at vga1: apic 2 int 16 (irq 10) drm0 at radeondrm0 ATI Radeon 9200 SE rev 0x01 at pci1 dev 0 function 1 not configured uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: apic 2 int 16 (irq 10) uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: apic 2 int 19 (irq 11) uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: apic 2 int 18 (irq 9) uhci3 at pci0 dev 29 function 3 Intel 82801EB/ER USB rev 0x02: apic 2 int 16 (irq 10) ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: apic 2 int 23 (irq 5) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb1 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xc2 pci2 at ppb1 bus 2 skc0 at pci2 dev 9 function 0 Marvell Yukon 88E8001/8003/8010 rev 0x13, Yukon Lite (0x9): apic 2 int 20 (irq 11) sk0 at skc0 port A: address 00:0f:ea:77:e0:94 eephy0 at sk0 phy 0: 88E1011 Gigabit PHY, rev. 5 ichpcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02 pciide0 at pci0 dev 31 function 1 Intel 82801EB/ER IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: WDC WD800BB-00FJA0 wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: PIONEER, DVD-RW DVR-115D, 1.13 ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 ichiic0 at pci0 dev 31 function 3 Intel 82801EB/ER SMBus rev 0x02: apic 2 int 17 (irq 12) iic0 at ichiic0 spdmem0 at iic0 addr 0x50: 256MB DDR SDRAM non-parity PC3200CL2.5 spdmem1 at iic0 addr 0x51: 256MB DDR SDRAM non-parity PC3200CL3.0 spdmem2 at iic0
Re: 4.5 - stable/ports/gcc-4.2/Error code 1
On Fri, 29 May 2009, soko.tica wrote: From: soko.tica soko.t...@gmail.com To: misc@openbsd.org Date: Fri, 29 May 2009 13:01:13 +0200 Subject: 4.5 - stable/ports/gcc-4.2/Error code 1 X-Spam-Score: 0.4 (/) Hello list, I am trying to install gnome-session from ports on 4.5 - stable, and I am facing the following error in gcc-4.2 .. === Configuring for gcc-4.2.20070307 loading site script /usr/ports/infrastructure/db/config.site loading cache ./config.cache checking host system type... i386-unknown-openbsd4.5 checking target system type... i386-unknown-openbsd4.5 checking build system type... i386-unknown-openbsd4.5 checking for a BSD compatible install... /usr/bin/install -c -o root -g bin checking whether ln works... yes checking whether ln -s works... yes checking for gcc... /usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bin/egcc checking whether the C compiler (/usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bin/egcc -O2 -g ) works... no *** Error code 1 Stop in /usr/ports/lang/gcc/4.2 (line 2147 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Seriously consider installing gcc-4.2 from a pre-built package. Alternatively add the soft link libc.so.42.0 in /usr/lib: (root) ?// pwd /usr/lib (root) ?// ls -l libc.so.42.0 lrwxr-xr-x 1 root wheel 12 May 7 12:35 libc.so.42.0 - libc.so.50.1 Can't remember how I found this out. Seems the bootstrap compiler wants it: (root) ?// ldd /usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bootstrap/bin/egcc /usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bootstrap/bin/egcc: StartEnd Type Open Ref GrpRef Name 1c00 3c008000 exe 10 0 /usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bootstrap/bin/egcc 04402000 2443b000 rlib 01 0 /usr/lib/libc.so.42.0 09b3d000 09b3d000 rtld 01 0 /usr/libexec/ld.so *But* as noted above, consider installing the package -- Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK d.h.da...@bath.ac.uk Phone: +44 1225 386101
Re: 4.5 - stable/ports/gcc-4.2/Error code 1
On 5/29/09, Dennis Davis d.h.da...@bath.ac.uk wrote: Seriously consider installing gcc-4.2 from a pre-built package. I've already tried it, prior to maling the list, it didn't work - package gcc-4.2 was installed, but gnome-session would still fail from ports. Alternatively add the soft link libc.so.42.0 in /usr/lib: (root) ?// pwd /usr/lib (root) ?// ls -l libc.so.42.0 lrwxr-xr-x 1 root wheel 12 May 7 12:35 libc.so.42.0 - libc.so.50.1 Can't remember how I found this out. Seems the bootstrap compiler wants it: (root) ?// ldd /usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bootstrap/bin/egcc /usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bootstrap/bin/egcc: StartEnd Type Open Ref GrpRef Name 1c00 3c008000 exe 10 0 /usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bootstrap/bin/egcc 04402000 2443b000 rlib 01 0 /usr/lib/libc.so.42.0 09b3d000 09b3d000 rtld 01 0 /usr/libexec/ld.so #pwd /usr/lib #ls -l libc.so.42.0 ls: libc.so.42.0 : No such file or directory If possible, instruction for DUMMIES how to create the soft link would be appreciated very much.
Hardware compatibility question : VIA VX 800 chipset
Hello list, I would like to buy a motherboard based on Via Nano and VX 800 chipset. Before buying this motherboard I would like to be sure that OpenBSD works well on it. This is the motherboard Jetway JNF76 VIA NANO 1GHz and here is the specs : CPU: VIA Nano U2300 (1.0GHz) processor Chipset: VIA VX800 Chipsets Graphics: VIA Chrome9 HC3 IGP Power Management: ACPI S3/S4 Compliant Audio: VIA VT1708B Ethernet LAN: RTL8111C Note : this for home use, so performance is not a priority I Havn't find compatibility informations on this chipset on google and on the official hardware compatibility list page. That's why I am mailing the list. Thanks in advance for your help. Best regards, Benjamin.
Re: 4.5 - stable/ports/gcc-4.2/Error code 1
On 5/29/09, Dennis Davis d.h.da...@bath.ac.uk wrote: ... # pwd /usr/lib # ln -s libc.so.50.1 libc.so.42.0 solved the problem (in case anyone in future search the archive after the key words).
Re: 4.5 - stable/ports/gcc-4.2/Error code 1
On Fri, 29 May 2009, soko.tica wrote: On 5/29/09, Dennis Davis d.h.da...@bath.ac.uk wrote: ... # pwd /usr/lib # ln -s libc.so.50.1 libc.so.42.0 solved the problem (in case anyone in future search the archive after the key words). Considering you did not even bother looking at the archives yourself, I find this quite amusing... http://www.nabble.com/openoffice3-and-gcc4.2-and-opera-flash-td23218745.html -- Antoine
Re: 4.5 - stable/ports/gcc-4.2/Error code 1[solved]
On 5/29/09, Antoine Jacoutot ajacou...@bsdfrog.org wrote: On Fri, 29 May 2009, soko.tica wrote: On 5/29/09, Dennis Davis d.h.da...@bath.ac.uk wrote: ... # pwd /usr/lib # ln -s libc.so.50.1 libc.so.42.0 solved the problem (in case anyone in future search the archive after the key words). Considering you did not even bother looking at the archives yourself, I find this quite amusing... http://www.nabble.com/openoffice3-and-gcc4.2-and-opera-flash-td23218745.html -- Antoine In fact I did, and found several threads, but none that seemed to be the solution I need. Mind, I didn't know the specifics of the problem, so I think the title of this thread is more comprehensive. Anyway, the above is for DUMMIES, such as myself. I hope you don't mind ;)
Re: 4.5 - stable/ports/gcc-4.2/Error code 1[solved]
On Fri, 29 May 2009, soko.tica wrote: In fact I did, and found several threads, but none that seemed to be the solution I need. Mind, I didn't know the specifics of the problem, so I think the title of this thread is more comprehensive. Anyway, the above is for DUMMIES, such as myself. I hope you don't mind ;) No. But you may find http://mailman.theapt.org/listinfo/openbsd-newbies better for you. -- Antoine
Re: 4.5 - stable/ports/gcc-4.2/Error code 1[solved]
On 5/29/09, Antoine Jacoutot ajacou...@bsdfrog.org wrote: On Fri, 29 May 2009, soko.tica wrote: In fact I did, and found several threads, but none that seemed to be the solution I need. Mind, I didn't know the specifics of the problem, so I think the title of this thread is more comprehensive. Anyway, the above is for DUMMIES, such as myself. I hope you don't mind ;) No. But you may find http://mailman.theapt.org/listinfo/openbsd-newbies better for you. -- Antoine Since FAQ says ports (and following -stable) isn't for beginners, and having in mind that I managed to build it, I think I am in the appropriate list. Apart from kudos and respect from you for the great work you do, you didn't spoil my mood by your remarks. And, NO, I don't intend to change the address, so try either to accommodate yourself to the increase of DUMMIES that try OpenBSD - it is a great work, yours in part, it won't go unnoticed - or find a way to block us from this list. Or simply ignore us. :D
Re: 4.5 - stable/ports/gcc-4.2/Error code 1[solved]
On Fri, 29 May 2009, soko.tica wrote: Since FAQ says ports (and following -stable) isn't for beginners, and having in mind that I managed to build it, I think I am in the appropriate list. Apart from kudos and respect from you for the great work you do, you didn't spoil my mood by your remarks. And, NO, I don't intend to change the address, so try either to accommodate yourself to the increase of DUMMIES that try OpenBSD - it is a great work, yours in part, it won't go unnoticed - or find a way to block us from this list. Or simply ignore us. :D Why did you think I wanted to spoil your mood? Hmm ok, I though I was doing a nice thing pointing you to a newbie list. No offense but, not knowing how to make a symlink means your next mail threads in this list are going to be very fun to watch, so no I won't ignore you. -- Antoine
Re: 4.5 - stable/ports/gcc-4.2/Error code 1[solved]
On 5/29/09, Antoine Jacoutot ajacou...@bsdfrog.org wrote: On Fri, 29 May 2009, soko.tica wrote: Since FAQ says ports (and following -stable) isn't for beginners, ... Why did you think I wanted to spoil your mood? Hmm ok, I though I was doing a nice thing pointing you to a newbie list. No offense but, not knowing how to make a symlink means your next mail threads in this list are going to be very fun to watch, so no I won't ignore you. -- Antoine No offense, and all respect and kudos from my side to you and all the others that do such a great work. Perhaps I misread something. I'll try to learn to make symlinks (I've already produced one!), in spite of all difficulties (not appropriate to be elaborated here), and do try hard not to post stupid questions too often. At least I do try to search before posting, but, alas, as in this case, sometimes I don't see the answer that is in front of my eyes. :)
John Tate has invited you to join Updown.com
Your friend, John Tate, has invited you to join Updown.com, the fantasy investing site that gives away $3,000 every month to the best investors who manage a virtual portfolio of $1,000,000. Join Updown.com become John Tate's Friend. (http://nasdaq.updown.com/click.php/e13718/t1253412/c13105105/?_refer=132362_code_2=_invite_invite=229236) -- Here is John Tate's personal message to you: Hi. I've been using this site to become a better investor. It's a lot of fun. I think you'd like it. -- Sincerely, The Updown Team Please ensure you'll continue to receive e-mails from Updown.com: * Outlook Users: From the Actions menu, select Junk E-mail and Add Sender to Safe Senders List * Hotmail, Yahoo and AOL Users: Click the Add Address or Save Address button or link beside the From address at the top of this message * Users of Other Email Systems: Please follow the software or service-provider's instructions for adding Updown.com to your safe senders list or whitelist. Updown.com respects your right to privacy. You can view our privacy policy by visiting: http://nasdaq.updown.com/click.php/e13718/t1253413/c13105105/ If you are a member and wish to turn off this email, you can update your email settings by visiting: http://nasdaq.updown.com/click.php/e13718/t1253414/c13105105/ To unsubscribe to all future emails, visit: http://nasdaq.updown.com/click.php/e13718/t1253415/c13105105/?mail=13105105email=m...@openbsd.org
RAM not detected on HP DL580 G4
Hello, I'm trying to set up an OpenBSD 4.5 amd64 on a HP ProLiant DL580 G4. It has 38 GB RAM, but only ~3 GB is detected. Is it possible to use all the RAM ? The dmesg : # dmesg OpenBSD 4.5 (GENERIC) #2052: Sat Feb 28 14:55:24 MST 2009 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 3487395840 (3325MB) avail mem = 3371655168 (3215MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xec000 (109 entries) bios0: vendor HP version P59 date 09/08/2006 bios0: HP ProLiant DL580 G4 acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SPCR SRAT MCFG APIC SSDT acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(TM) CPU 3.00GHz, 2992.94 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,CNXT-ID,CX16, xTPR,LONG cpu0: 1MB 64b/line 8-way L2 cache cpu0: apic clock running at 199MHz cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured ioapic0 at mainbus0 apid 1 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0 apid 4 pa 0xfec8, version 20, 24 pins ioapic2 at mainbus0 apid 5 pa 0xfec80800, version 20, 24 pins acpimadt0: unknown apic structure type ff acpimadt0: unknown apic structure type ff acpiprt0 at acpi0: bus 1 (IP2P) acpiprt1 at acpi0: bus 9 (PXHA) acpiprt2 at acpi0: bus 10 (PXHB) acpiprt3 at acpi0: bus 8 (PTD0) acpiprt4 at acpi0: bus 2 (PTA0) acpiprt5 at acpi0: bus 5 (PTA1) acpiprt6 at acpi0: bus 13 (PTB0) acpiprt7 at acpi0: bus 16 (PTB1) acpiprt8 at acpi0: bus 19 (PTC0) acpiprt9 at acpi0: bus 22 (PTC1) acpiprt10 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0 acpitz0 at acpi0: critical temperature 31 degC pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 Intel E8500 Host rev 0x11 ppb0 at pci0 dev 1 function 0 Intel E8500 PCIE rev 0x11 pci1 at ppb0 bus 8 ppb1 at pci1 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci2 at ppb1 bus 9 bnx0 at pci2 dev 1 function 0 Broadcom BCM5706 rev 0x02: apic 4 int 0 (irq 5) bnx1 at pci2 dev 2 function 0 Broadcom BCM5706 rev 0x02: apic 4 int 3 (irq 7) ppb2 at pci1 dev 0 function 2 Intel PCIE-PCIE rev 0x09 pci3 at ppb2 bus 10 ppb3 at pci3 dev 1 function 0 Pericom PI7C21P100 PCIX-PCIX rev 0x01 pci4 at ppb3 bus 11 em0 at pci4 dev 4 function 0 Intel PRO/1000MT QP (82546GB) rev 0x03: apic 5 int 2 (irq 10), address 00:0e:0c:c6:be:f8 em1 at pci4 dev 4 function 1 Intel PRO/1000MT QP (82546GB) rev 0x03: apic 5 int 3 (irq 7), address 00:0e:0c:c6:be:f9 em2 at pci4 dev 6 function 0 Intel PRO/1000MT QP (82546GB) rev 0x03: apic 5 int 0 (irq 5), address 00:0e:0c:c6:be:fa em3 at pci4 dev 6 function 1 Intel PRO/1000MT QP (82546GB) rev 0x03: apic 5 int 1 (irq 10), address 00:0e:0c:c6:be:fb ppb4 at pci0 dev 2 function 0 Intel E8500 PCIE rev 0x11 pci5 at ppb4 bus 19 Emulex LPe1150 rev 0x02 at pci5 dev 0 function 0 not configured ppb5 at pci0 dev 3 function 0 Intel E8500 PCIE rev 0x11 pci6 at ppb5 bus 22 ciss0 at pci6 dev 0 function 0 Hewlett-Packard Smart Array rev 0x01: apic 1 int 16 (irq 5) ciss0: 1 LD, HW rev 1, FW 1.18/1.18 scsibus0 at ciss0: 1 targets sd0 at scsibus0 targ 0 lun 0: HP, LOGICAL VOLUME, 1.18 SCSI0 0/direct fixed sd0: 69973MB, 512 bytes/sec, 143305920 sec total ppb6 at pci0 dev 4 function 0 Intel E8500 PCIE rev 0x11 pci7 at ppb6 bus 13 em4 at pci7 dev 0 function 0 Intel PRO/1000 PT (82571EB) rev 0x06: apic 1 int 16 (irq 5), address 00:17:08:7d:cd:d2 em5 at pci7 dev 0 function 1 Intel PRO/1000 PT (82571EB) rev 0x06: apic 1 int 17 (irq 10), address 00:17:08:7d:cd:d3 ppb7 at pci0 dev 5 function 0 Intel E8500 PCIE rev 0x11 pci8 at ppb7 bus 16 Emulex LPe1150 rev 0x02 at pci8 dev 0 function 0 not configured ppb8 at pci0 dev 6 function 0 Intel E8500 PCIE rev 0x11 pci9 at ppb8 bus 2 ppb9 at pci0 dev 7 function 0 Intel E8500 PCIE rev 0x11 pci10 at ppb9 bus 5 pchb1 at pci0 dev 8 function 0 Intel E8500 IMI rev 0x11 Intel E8500 XMB rev 0x11 at pci0 dev 9 function 0 not configured Intel E8500 XMB Misc rev 0x11 at pci0 dev 9 function 1 not configured Intel E8500 XMB MAI rev 0x11 at pci0 dev 9 function 2 not configured Intel E8500 XMB DDR rev 0x11 at pci0 dev 9 function 3 not configured Intel E8500 XMB Reserved rev 0x11 at pci0 dev 9 function 4 not configured Intel E8500 XMB Reserved rev 0x11 at pci0 dev 9 function 5 not configured Intel E8500 XMB Reserved rev 0x11 at pci0 dev 9 function 6 not configured Intel E8500 XMB Reserved rev 0x11 at pci0 dev 9 function 7 not configured pchb2 at pci0 dev 10 function 0 Intel E8500 IMI rev 0x11 Intel E8500 XMB rev 0x11 at pci0 dev 11 function 0 not configured Intel E8500 XMB Misc rev 0x11 at pci0 dev 11 function 1 not configured Intel E8500 XMB MAI rev 0x11 at pci0 dev 11 function 2 not configured Intel E8500 XMB DDR
Re: RAM not detected on HP DL580 G4
On Fri, May 29, 2009 at 02:33:48PM +0200, BARDOU Pierre wrote: I'm trying to set up an OpenBSD 4.5 amd64 on a HP ProLiant DL580 G4. It has 38 GB RAM, but only ~3 GB is detected. Is it possible to use all the RAM ? See http://marc.info/?l=openbsd-miscm=123763424431042
Re: 4.5 - stable/ports/gcc-4.2/Error code 1
On 2009-05-29, soko.tica soko.t...@gmail.com wrote: On 5/29/09, Dennis Davis d.h.da...@bath.ac.uk wrote: ... # pwd /usr/lib # ln -s libc.so.50.1 libc.so.42.0 solved the problem (in case anyone in future search the archive after the key words). This is the wrong way to fix it. The reason the version numbers are different is because the APIs are NOT COMPATIBLE with each other. Use a package or disable the Ada support.
Webinar: Learning About CRM
Your invitation to join our webinar: Everything you always wanted to know about CRM (But Were Afraid to Ask) Thu, June 4, 2009 No cost to attendees, but space is limited. Sign up here: http://online.intelestream.net/em/link.php?M=601630N=273L=58F=T Intelestream's Chief Operating Officer Richard Baldwin will address five key aspects of CRM with which all businesses should be familiar: - Defining CRM and why businesses use it - CRM processes involving sales, marketing, customer support, e-commerce, and reporting - Implementation best practices and encouraging user adoption - Customizations, maintenance, and enhancement - Overview of the CRM marketplace: matching specific business needs with the right CRM platform There will be a question and answer session focusing on the specific business case scenarios of attendees. More about Intelestream To learn more about Intelestream, go to www.intelestream.net Click this link to unsubscribe: http://online.intelestream.net/em/unsubscribe.php?M=601630C=d3a0f04ade91cf5412c4ec94041bf894L=8N=273
Re: multilink VPN
Hi, On Wed, 27.05.2009 at 22:07:25 -0300, James Mackinnon jmackin...@devantec.com wrote: I need to setup redundant VPN's between these locations without the use of BGP. I have used sasync in the past, pfsync etc however, I have not tried to setup a VPN where 2 ISPs are used without the ISPs setup with BGP. Because BGP convergance can take a bit of time, and the network in this case not being able to drop for 1 second, I need to determine what option is best. I heavily doubt that you'll be able to keep the network up at all times because even CARP failover will take longer than one second. I have spoke with a cisco guy today and they can do multilink VPN's on cisco for this, Did he actually tell you how they make sure that there'll be no downtime of even one second? Was the explanation technically sound? How about error conditions in the Internet, between your sites? FWIW, I've configured semi-multilink VPN in the past (before the CARP age), with this kind of setup: LAN1 --- FW{1,2} --- Internet --- FW{3,4} --- LAN2 with LAN1, FW1, FW2: my end FW3, FW4, LAN2: other end (not accessible to me) Manually switching between FW1 and FW2 usually took on the order of 8-15 seconds. The other side switched between FW3 and FW4 at their leisure, w/o telling anyone. The idea to configure this with isakmpd.conf was to have both peers configured on both of your firewalls, and then add as many IPSEC connections so that you cover all connection pairs. That way, you can access LAN2 from LAN1 regardless whether FW3 or FW4 is operational. In my setup, one of the tunnels simply vanished and the other appeared, if the other side switched their firewalls. Now, if you can detect your conditions under which you want to fail over to the other firewall (eg. fiber cut), it should be easy to cook up a script and fire it on such an event. But you won't get away without any downtime, and if you find out how to do this on the IP level, I'm interested to hear about it. I strongly suspect that if you really want to force less than 1 seconds of downtime even in the case of error, then you need to swap IP for a real high-reliability type of connection like telcos use in their long hauls (eg. SDH). But if you can weed out duplicate packets, you might be able to create some magic with bridging and move all packets over both links all the time, dropping one half at the receiving end(s). But this is only a shot in the dark - I don't know how to do this. I'm curious about what kind of application you have that does not tolerate 1 second of downtime? If someone has an idea about how to configure this with ipsec.conf, I'm eager to hear. Kind regards, --Toni++
Ordering more than the CD
Hello, Could you please indicate where one in France can order the Shirt and CD, I found only CD resaler. Ordering in EU/US is not a problem if needed. Thank you! JF
Re: multiple videocards... for console text
On Thu, May 28, 2009 at 10:21 PM, Theo de Raadt dera...@cvs.openbsd.org wrote: Thanks, but my goal was not just to add more text consoles, it was to actually create more VTs on existing heads. I have 3 monitors. We're all painfully aware of the Xorg limitations with multiple pci graphics cards. So, I wanted to run them in text mode (80x50 of course :) 80x50 is easy. It's the getting all 3 monitors to work independently that isn't. Getting them to work seperately requires almost as much work as X does to do that. The PC hardware video architecture is more broken and complex than you could possibly imagine. Thanks for the definitive reply -- I had a feeling it was not going to pan out...
Domain Resolution Issue
Hello, We are experiencing an issue with resolution of a domain, roadwire.com, on our gateway email server running 4.5-stable. The server is running named with /etc/resolv.conf set to 127.0.0.1. NXDOMAIN is returned when performing an nslookup or dig on roadwire.com. However, if a rndc flushname roadwire.com is issued, then the domain resolves correctly for a period of time (ttl I imagine, yet to confirm). Named is configured to forward to our internal name servers. During the times that named returns NXDOMAIN, the internal name servers can be queried and correctly return the record. Below is our named.conf. Any recommendations on troubleshooting this issue would be greatly appreciated. Thank you, mv -- options { version ; listen-on{ 127.0.0.1; }; listen-on-v6 { none; }; empty-zones-enable yes; allow-recursion { 127.0.0.1; }; clients-per-query 30; forwarders { 192.168.2.2; 192.168.2.4; }; forward only; }; logging { category lame-servers { null; }; }; zone localhost { type master; file standard/localhost; allow-transfer { localhost; }; }; zone localhost { type master; file standard/localhost; allow-transfer { localhost; }; }; zone 127.in-addr.arpa { type master; file standard/loopback; allow-transfer { localhost; }; };
PPTP vpn with OBSD gateway (outgoing)
Hi, I'm trying to set up a PPTP tunnel for a Windows machine lying behind my OBSD 4.0 internet gateway. I can establish the tunnel but I'm missing the last piece in the puzzle. This is the routing of the RFC 1918 addresses. Locally I have 10.9.0.0/16 addresses and the windows machine wants to connect to a web server on the remote side that is using 192.168.0.0/16. I'm not familiar enough with Windows to say if there is some checkbox to fill in to make this work but the Firefox browser complains: Connection interrupted. The connection to the server was reset while the page was loading. The network link was interrupted while negotiating a connection. Please try again. Is there some particular route that needs to be set up for this to work? Thank you, /jm
Re: PPTP vpn with OBSD gateway (outgoing)
On Fri, May 29, 2009 at 2:08 PM, Juan Miscaro jmisc...@gmail.com wrote: Hi, I'm trying to set up a PPTP tunnel for a Windows machine lying behind my OBSD 4.0 internet gateway. B I can establish the tunnel but I'm missing the last piece in the puzzle. B This is the routing of the RFC 1918 addresses. B Locally I have 10.9.0.0/16 addresses and the windows machine wants to connect to a web server on the remote side that is using 192.168.0.0/16. Just to make sure I am understanding you correctly, you have a Windows machine in your network which is behind an OpenBSD firewall (pf). The Windows machine establishes a PPTP VPN connection to the remote site. If I understood this correctly... What is the route table on the Windows box look like? I'm not a windows person but I believe the command is 'route print' from a DOS/CMD prompt. Does the route to the remote site exist/show up in the output? Does 'ipconfig' show your local ip assigned to your Windows machine by the VPN server? --patrick
Re: PPTP vpn with OBSD gateway (outgoing)
2009/5/29 patrick keshishian pkesh...@gmail.com: On Fri, May 29, 2009 at 2:08 PM, Juan Miscaro jmisc...@gmail.com wrote: Hi, I'm trying to set up a PPTP tunnel for a Windows machine lying behind my OBSD 4.0 internet gateway. B I can establish the tunnel but I'm missing the last piece in the puzzle. B This is the routing of the RFC 1918 addresses. B Locally I have 10.9.0.0/16 addresses and the windows machine wants to connect to a web server on the remote side that is using 192.168.0.0/16. Just to make sure I am understanding you correctly, you have a Windows machine in your network which is behind an OpenBSD firewall (pf). The Windows machine establishes a PPTP VPN connection to the remote site. If I understood this correctly... What is the route table on the Windows box look like? I'm not a windows person but I believe the command is 'route print' from a DOS/CMD prompt. Does the route to the remote site exist/show up in the output? Does 'ipconfig' show your local ip assigned to your Windows machine by the VPN server? Yeah, you understood my setup. I will try the windows commands. Thanks. /jm
Re: Letting FTP out through PF with a default block all
Hmm.. Iam starting to think that ftp-proxy isnt possible with a default block all in the pf.conf due to BUG??? The PF FAQ at openbsd gives the example of ftp-proxy with block in pass outall Which actually defeats the purpose of doing ftp proxy for outgoing connections if you have free access to the outside!! So at the end, anybody can share if they have gotten to work fto-proxy with block all? Thanks Andres On Tue, May 26, 2009 at 5:51 PM, Andres Salazar ndrsslz...@gmail.comwrote: Hello, Before posting I acknowledge I have read the FAQ.. based on that this is my PF config: t_externa = re0 set block-policy drop set loginterface $t_externa set limit states 10 set limit frags 30 set limit src-nodes 5 set optimization aggressive set skip on lo0 set debug urgent scrub in on $t_externa all scrub out on $t_externa all random-id nat-anchor ftp-proxy/* rdr-anchor ftp-proxy/* rdr on $t_externa proto tcp from any to any port 21 - 127.0.0.1 port 8021 block all anchor ftp-proxy/* antispoof quick for { lo } #SSH pass in quick on $t_externa inet proto tcp from any to ($t_externa) \ port 22 flags S/SA modulate state ##DNS pass out log quick on $t_externa inet proto { tcp, udp } from ($t_externa) to any \ port 53 keep state ##FTP pass out log quick on $t_externa inet proto tcp from ($t_externa) to any \ port ftp flags S/SA modulate state pass out log quick on $t_externa inet proto tcp from ($t_externa) to any \ port 8021 flags S/SA modulate state If I do block log all .. a tcpdump on pflog recieves this: May 25 20:03:55.067671 rule 0/(match) block out on re0: 58.46.80.70.46330 129.128.5.191.64072: S 1312607360:1312607360(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 0,[|tcp] (DF) May 25 20:03:55.375881 rule 0/(match) block in on re0: 129.128.5.191.20 58.46.80.70.63627: S 1300023739:1300023739(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 0,[|tcp] (DF) May 25 20:04:01.372812 rule 0/(match) block in on re0: 129.128.5.191.20 58.46.80.70.63627: S 1300023739:1300023739(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 0,[|tcp] (DF) May 25 20:04:13.373244 rule 0/(match) block in on re0: 129.128.5.191.20 58.46.80.70.63627: S 1300023739:1300023739(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 0,[|tcp] (DF) 58 is my IP, 129 is ftp.openbsd.org I have also made sure that ftp-proxy is running, if I do telnet localhost 8021 I get: orion:~$telnet localhost 8021 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Connection closed by foreign host. Which I think suggests that iam running it correctly. orion:~$telnet localhost 8021 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Connection closed by foreign host.orion:~$telnet localhost 8021 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Connection closed by foreign host. orion:~$telnet localhost 8021 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Connection closed by foreign host My conclusion is that somehow the rdr part to port 8021 isnt taking place.. so the communication isnt channeled to the proxy..? pfctl -s all reads: # pfctl -s all TRANSLATION RULES: nat-anchor ftp-proxy/* all rdr-anchor ftp-proxy/* all rdr log on re0 inet proto tcp from any to any port = ftp - 127.0.0.1 port 8021 FILTER RULES: scrub in on re0 all fragment reassemble scrub out on re0 all random-id fragment reassemble block drop all anchor ftp-proxy/* all block drop in quick on ! lo inet from 127.0.0.0/8 to any block drop in quick on ! lo inet6 from ::1 to any block drop in quick inet6 from ::1 to any block drop in quick on lo0 inet6 from fe80::1 to any block drop in quick inet from 127.0.0.1 to any pass in quick on re0 inet proto tcp from any to (re0) port = ssh flags S/SA modulate state pass out quick on re0 inet proto tcp from (re0) to any port = ssh flags S/SA modulate state pass out quick on re0 inet proto tcp from (re0) to any port = domain flags S/SA keep state pass out quick on re0 inet proto udp from (re0) to any port = domain keep state pass out quick on re0 inet proto tcp from (re0) to any port = ftp flags S/SA modulate state pass out quick on re0 inet proto tcp from (re0) to any port = 8021 flags S/SA modulate state No queue in use I have also started ftp.proxy with and without the -r flag. Thank you. Andres
Best supported Asterisk interface for OpenBSD?
I would like to ask the OBSD community if someone can recommend me a good supported interface for Asterisk on OBSD. I have heard that FreePBX is really a pain to configure because it assumes a linux environment. Please anybody share their experience? Thank you. Andres
Re: multilink VPN
On 2009-05-29, Toni Mueller openbsd-m...@oeko.net wrote: On Wed, 27.05.2009 at 22:07:25 -0300, James Mackinnon jmackin...@devantec.com wrote: I need to setup redundant VPN's between these locations without the use of BGP. I have used sasync in the past, pfsync etc however, I have not tried to setup a VPN where 2 ISPs are used without the ISPs setup with BGP. Because BGP convergance can take a bit of time, and the network in this case not being able to drop for 1 second, I need to determine what option is best. I heavily doubt that you'll be able to keep the network up at all times because even CARP failover will take longer than one second. OSPF over gre's or gif's (which can then themselves be protected by ipsec) is probably the fastest option at present on OpenBSD. You're restricted to the lowest value you can set router-dead-time to; with very aggressive timers (which are likely to cause problems with false drops) that's 2 seconds. 3-4 seconds (with hellos at a second) is more realistic for fast recovery over ethernet or some good quality pseudowire circuit. Not sure exactly what you mean by VPN as it's not a well defined term but you should look at that carefully. e.g. Rekeying can be a little on the slow side, you want to avoid this happening on both connections at the same time. I strongly suspect that if you really want to force less than 1 seconds of downtime even in the case of error, then you need to swap IP for a real high-reliability type of connection like telcos use in their long hauls (eg. SDH). BFD can be quite quick. In some parts of the world these better types of connection are simply not available. If you're used to what's available in Europe (1Gb ethernet-presented private circuit over about 15 miles for GBP21K/year?) you will find the situation in some places absolutely unbelievable.
Re: Ordering more than the CD
On 5/29/09, Jean-Francois jfsimon1...@gmail.com wrote: Hello, Could you please indicate where one in France can order the Shirt and CD, I found only CD resaler. Ordering in EU/US is not a problem if needed. Thank you! JF The Computer Shop of Calgary will sell you everything you need: https://https.openbsd.org/cgi-bin/order hth Fred
Re: Best supported Asterisk interface for OpenBSD?
I typically use the configuration files and asterisk command line. Andres Salazar [ndrsslz...@gmail.com] wrote: I would like to ask the OBSD community if someone can recommend me a good supported interface for Asterisk on OBSD. I have heard that FreePBX is really a pain to configure because it assumes a linux environment. Please anybody share their experience? Thank you. Andres -- The audiences like to think that satire is doing something. But, in fact, it is mostly to leave themselves satisfied. Satisfied rather than angry, which is what they should be. -- Tom Lehrer
Re: multilink VPN
Hi All Thanks for your feedback. The guy regarding the cisco is a CCIE so I tend to accept his statements quick enough.. In VPN, I am referencing it in general terms in the creation of a private network over a public network of course. I would go with MPLS or another technology, however again, not 100% failsafe. Their application is a thick app which has allowances for network drops, however, the data is a real-time life and death type of solution in that they are a security monitoring company with multiple sites to which access data in 1 location. This is what I must ensure stays up because staff must be able to handle the alarms.. Roughly 1 million alarms a day go through this network, thus, any outage can result in dropped alarms.. Our solutions in both facilities also offer some allowances for drops by caching an alarm until network return, however applications failures are also bad in this case. At first, I was looking at BGP, and in the past have used it, but with convergence time on a net down situation, it doesn't come close to the time required. Personally, I think any solution that can rebuild in 10-30 seconds is a very solid solution. If they are not happy with that, I could recommend a very expensive alternative but that won't fly. Stuart, do you know of some sources I should review on your mentioned idea. I am also looking at multi-segmenting the locations systems and having their applications account for loss to failover to the second IP. fun little project, very small to almost nil budget is the challange. Cheers James - Original Message - From: Stuart Henderson s...@spacehopper.org To: misc@openbsd.org Sent: Friday, May 29, 2009 7:37 PM Subject: Re: multilink VPN On 2009-05-29, Toni Mueller openbsd-m...@oeko.net wrote: On Wed, 27.05.2009 at 22:07:25 -0300, James Mackinnon jmackin...@devantec.com wrote: I need to setup redundant VPN's between these locations without the use of BGP. I have used sasync in the past, pfsync etc however, I have not tried to setup a VPN where 2 ISPs are used without the ISPs setup with BGP. Because BGP convergance can take a bit of time, and the network in this case not being able to drop for 1 second, I need to determine what option is best. I heavily doubt that you'll be able to keep the network up at all times because even CARP failover will take longer than one second. OSPF over gre's or gif's (which can then themselves be protected by ipsec) is probably the fastest option at present on OpenBSD. You're restricted to the lowest value you can set router-dead-time to; with very aggressive timers (which are likely to cause problems with false drops) that's 2 seconds. 3-4 seconds (with hellos at a second) is more realistic for fast recovery over ethernet or some good quality pseudowire circuit. Not sure exactly what you mean by VPN as it's not a well defined term but you should look at that carefully. e.g. Rekeying can be a little on the slow side, you want to avoid this happening on both connections at the same time. I strongly suspect that if you really want to force less than 1 seconds of downtime even in the case of error, then you need to swap IP for a real high-reliability type of connection like telcos use in their long hauls (eg. SDH). BFD can be quite quick. In some parts of the world these better types of connection are simply not available. If you're used to what's available in Europe (1Gb ethernet-presented private circuit over about 15 miles for GBP21K/year?) you will find the situation in some places absolutely unbelievable.
Re: PPTP vpn with OBSD gateway (outgoing)
Hi, To publish an internal PPTP server: rdr pass on $ext_if proto tcp from any to $ext_if port 1723 - $internal_server rdr pass on $ext_if proto gre from any to any - $internal_server To allow an internal computer establish a PPTP tunnel to a server on the Internet: pass out on $ext_if proto gre from $ext_if to any keep state pass in on $int_if proto tcp from $internal_client to any port 1723 keep state pass in on $int_if proto gre from $internal_client to any keep state The PPTP needs GRE and 1723/tcp.. Rgds Marcello - Original Message - From: Juan Miscaro jmisc...@gmail.com To: patrick keshishian pkesh...@gmail.com Cc: openbsd-misc misc@openbsd.org Sent: Friday, May 29, 2009 7:08 PM Subject: Re: PPTP vpn with OBSD gateway (outgoing) 2009/5/29 patrick keshishian pkesh...@gmail.com: On Fri, May 29, 2009 at 2:08 PM, Juan Miscaro jmisc...@gmail.com wrote: Hi, I'm trying to set up a PPTP tunnel for a Windows machine lying behind my OBSD 4.0 internet gateway. B I can establish the tunnel but I'm missing the last piece in the puzzle. B This is the routing of the RFC 1918 addresses. B Locally I have 10.9.0.0/16 addresses and the windows machine wants to connect to a web server on the remote side that is using 192.168.0.0/16. Just to make sure I am understanding you correctly, you have a Windows machine in your network which is behind an OpenBSD firewall (pf). The Windows machine establishes a PPTP VPN connection to the remote site. If I understood this correctly... What is the route table on the Windows box look like? I'm not a windows person but I believe the command is 'route print' from a DOS/CMD prompt. Does the route to the remote site exist/show up in the output? Does 'ipconfig' show your local ip assigned to your Windows machine by the VPN server? Yeah, you understood my setup. I will try the windows commands. Thanks. /jm
Re: pf, altq, packet rate
As stupid as it can sound, you could develop a protocol to make routers talk each other and say how much bandwith is available in between. I think there's no other really sane way of inbound traffic control. Dropper techniques are a cheap trick nice for little networks. Serious and big performance networking requires solid bases. Think of overhead of receiving, dropping a packet, enqueing the offending stream, waiting, listening a resend again... That looks too much as spam :) Regards, Dani irix escribio': Hello , * irix i...@ukr.net [2009-05-27 18:12]: But I can not understand why you are sure that traffic can only outlet Shape i can not understand why you want to shape outlets. you don't understand that inbound shaping doesn't work because you have obviously no idea how the network stack works. there is no suitable queue inbound to do any queueing on. the ipintrq is way too early. so to do any inbound shaping you had to insert another queueing step, which is as clever as drinking water from the dead sea when you're thirsty. or maybe one could rape the ipintrq somehow. but i don't and won't rape. by shaping the incoming traffic, I mean simple dropper without constructing queues. All that the above specified speed dropped until the flow becomes less than or equal to specified speed. That actually makes CDNR, which arrears. But it pains me to see the obvious defects in my favorite system, interestingly, in the 6 years since I did the altq/pf merge, you're the only one to see that obvious defect and complete indifference on the part of developers to the obvious defects. obviously the developers have no clue about what they are doing, and the milestones they have to meet by the contract they have with you understood the joke. Funny
Personal invitation from Rajneesh Shetty
Personal invitation from Rajneesh Shetty
Re: multilink VPN
In cisco speak, with pretty pictures: http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800a43f6.shtml On OpenBSD, it works analoguously, except that it's much cleaner :) Just think of the ipsec secured gre tunnel as a wire from point A to B. Make two such wires. Then run a routing protocol on them to redundantly route your traffic through. Some things to consider: 1. What if the internet links fail some other way than completely dead, like high packet loss? 2. The rest of the system probably isn't as reliable as you think, if you can't have much money for making the internet links redundant. -- Jussi Peltola