Re: Hardening OpenBSD : Just delete!
hadly hadened (Boston dialect) if Guido is not watching it. Mehma === On Sun, Mar 14, 2010 at 10:07 PM, Han Boetes h...@mijncomputer.nl wrote: Chris Bennett wrote: You people have no sense of where security really lies at! If you don't remove the hard drive, there is no security at all! I simply put my servers into armored concrete. After that I dump them somewhere in the middle of the ocean where the level is at least 3 km. That's hardening sir! # Han
Re: VLAN across two (or more) different vlandevs?
Original-Nachricht Datum: Mon, 15 Mar 2010 07:58:42 +0100 Von: Timo Schoeler timo.schoe...@riscworks.net An: misc@openbsd.org CC: silvershadow...@gmx.de Betreff: Re: VLAN across two (or more) different vlandevs? On 2010-03-12, silvershadow...@gmx.de silvershadow...@gmx.de wrote: Simply put, I need vlan 123 on both vr0 and vr2 (the Alix I use has three NICs, vr0 to vr2). the vlan device names (vlan123) do NOT need to be the same as the vlan ID. e.g.: hostname.vlan123 inet 10.11.0.3 255.255.255.0 NONE vlan 123 vlandev vr0 hostname.vlan1230 inet 222.111.222.111 255.255.255.0 NONE vlan 123 vlandev vr2 if this isn't what you want, describe in more detail what you're trying to do. Hi, maybe you already tried this, but named the files like this: /etc/hostname.vlan0123 (vlan 123, vr0) and /etc/hostname.vlan2123 (vlan 123, vr2) ? I ran into a similar phenomenon quite a while ago. After renaming the files so that '0' was not the first digit (e.g. .vlan1230 and .vlan1232, respectively), it worked as supposed. HTH, Timo Hi! Wow, thanks, that was exactly the problem I had! After renaming it so that there's no 'zero' as the first number of the VLAN naming scheme, it works flawlessly. However, AFAICS, the name of the file should be meaningless, shouldn't it? So, is that a 'bug', or intended behaviour? Thanks again! Donald -- GMX DSL: Internet, Telefon und Entertainment f|r nur 19,99 EUR/mtl.! http://portal.gmx.net/de/go/dsl02
Re: any web management gui for pf ?
On Sun, Mar 14, 2010 at 11:32 AM, PP;QQ P(P8P?P8QP8P= chipits...@gmail.com wrote: Hello, is there any GUI (like pfsense) around which can be installed on a clean OpenBSD box (or even two CARP-connected boxes) for pf management ? I've found comixwall, but it seems to be dead already. Is this what you ar e looking for? http://www.fwbuilder.org/ I never used it and dont think I will ever use it. editing pf.conf is just so easy :-) --Siju
kde4 dead?
openports shows that the openbsd version of kde4 is nearly two years old. are there any future plans to update kde4? Regards, Donald Cooley
Re: kde4 dead?
Sure. Everybody is waiting for your patches :-) 2010/3/15 Donald Cooley dfcoo...@gmail.com openports shows that the openbsd version of kde4 is nearly two years old. are there any future plans to update kde4? Regards, Donald Cooley
pfctl(8): unclear docs
Hi, I've just run into the following problem on a 4.6 box: /etc/pf.conf (excerpt): table rfc1918 const { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 } block out on $extif from rfc1918 # /sbin/pfctl -F rules -R -f pf.conf rules cleared pfctl: Must enable table loading for optimizations # /sbin/pfctl -s r # Imho, this interaction should be documented in the man page. One needs to specify '-Tl', or else no rules will be loaded. TIA! Kind regards, --Toni++
Re: Opteron 250 Overheating
Nick Holland wrote: something is wrong. Any good computer, surely any server, should be able to run at 100% proc load indefinitely, regardless of the OS. Some laptops will have issues with this test, maybe some junky home-oriented machines might, Yes that is true. My laptop started shutting down with a Terminal overexposure message every time is on longer than an hour, a year after I bought it. I run OpenBSD, but a friend of mine has exactly the same laptop always running Windows and has the same problem. Need to keep a book under it, there by giving the heat more change to escape. Now I can still use it, longer than 30 minutes. To use it really on my lap, is impossible, both my lap and the top will burn ;) - ls
Re: Opteron 250 Overheating
On 2010-3-15 11:47 AM, Ludo Smissaert wrote: ... Now I can still use it, longer than 30 minutes. To use it really on my lap, is impossible, both my lap and the top will burn ;) The ln2 reservoir may be empty. Those dry out quickly even when the machine is not in use. Seriously, do you find a different using the cool running mode of APM? Have apmd in your start up routines and then use apm -C to switch to cool running. It will also make a difference in how long you can work on a single charge. /Lars
Re: [NEW] sysutils/hotplug-diskmount
Hi, here's an approach I'm using for years now, giving me much more than the usual granularity when using USB hotplug devices: http://www.neuronenwerk.de/files/usb-hotplug.c http://www.neuronenwerk.de/files/attach All the best, /Markus
urndis
tested on amd64 w/ my HTC tattoo [...] umass0 at uhub0 port 3 configuration 1 interface 0 HTC Android Phone rev 2.00/1.00 addr 2 umass0: using SCSI over Bulk-Only scsibus2 at umass0: 2 targets, initiator 0 sd0 at scsibus2 targ 1 lun 0: HTC, Android Phone, 0100 SCSI2 0/direct removable sd0: drive offline sd0 detached scsibus2 detached umass0 detached urndis0 at uhub0 port 3 configuration 1 interface 0 HTC Android Phone rev 2.00/1.00 addr 2 urndis0: address 82:f1:8d:ce:5a:cb [...] -- see ya, giovanni
Re: pfctl(8): unclear docs
2010/3/15 Toni Mueller openbsd-m...@oeko.net Hi, I've just run into the following problem on a 4.6 box: /etc/pf.conf (excerpt): table rfc1918 const { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 } block out on $extif from rfc1918 # /sbin/pfctl -F rules -R -f pf.conf rules cleared pfctl: Must enable table loading for optimizations # /sbin/pfctl -s r # Imho, this interaction should be documented in the man page. One needs to specify '-Tl', or else no rules will be loaded. TIA! Kind regards, --Toni++ Hi, for me it works good ... just don't use -R option http://kerneltrap.org/mailarchive/openbsd-misc/2007/4/6/147502 -- Matteo Filippetto
Re: Opteron 250 Overheating
Lars Nooden wrote: The ln2 reservoir may be empty. Those dry out quickly even when the machine is not in use. Interesting, did not know that. Probably designed to run empty after two years or so. Guess I can't have it refilled at the drugstore ;) Seriously, do you find a different using the cool running mode of APM? Have apmd in your start up routines and then use apm -C to switch to Haven't used it, but now I have it running, it seems to make a difference indeed. Thanks for the tip. Regards, -ls
Re: pfctl(8): unclear docs
Hi, On Mon, 15.03.2010 at 12:22:35 +0100, matteo filippetto matteo.filippe...@gmail.com wrote: for me it works good ... just don't use -R option http://kerneltrap.org/mailarchive/openbsd-misc/2007/4/6/147502 thanks for this link. Not using -R is not too good, either, as on this particular box, reloading everything results in a severance of all existing connections. A clarification in the docs is imho the way to go. My 'nroff' is almost nonexistant, but here's a diff: --- pfctl.8.origWed Jun 11 09:23:36 2008 +++ pfctl.8 Mon Mar 15 12:53:04 2010 @@ -354,7 +354,9 @@ Only print errors and warnings. .It Fl R Load only the filter rules present in the rule file. -Other rules and options are ignored. +Other rules and options are ignored. If you are using +tables, you need to also specify one of -T load or +-o none. .It Fl r Perform reverse DNS lookups on states when displaying them. .It Fl s Ar modifier Kind regards, --Toni++
Re: Opteron 250 Overheating
On 3/15/2010 5:47 AM, Ludo Smissaert wrote: Yes that is true. My laptop started shutting down with a Terminal overexposure message every time is on longer than an hour, a year after I bought it. I run OpenBSD, but a friend of mine has exactly the same laptop always running Windows and has the same problem. Need to keep a book under it, there by giving the heat more change to escape. Now I can still use it, longer than 30 minutes. To use it really on my lap, is impossible, both my lap and the top will burn ;) If you know how to disassemble laptops, open the thing up and remove the dust from the radiator on the heat pipe. If you don't know how to disassemble laptops (or don't care to) blow some compressed air through in the opposite direction of the air flow. If you do take it apart, make sure you have some heatsink grease on-hand, as the factory stuff may look (and function) like dried toothpaste. Don't spend extra on special grease, it doesn't really make a difference.
Re: Opteron 250 Overheating
On Mon, Mar 15, 2010 at 08:02:50AM -0400, Steve Shockley wrote: If you do take it apart, make sure you have some heatsink grease on-hand, as the factory stuff may look (and function) like dried toothpaste. Don't spend extra on special grease, it doesn't really make a difference. Laptops often have thermal pads, which can't be replaced with thermal paste. Better not remove it unless you know what you're doing. The pad is nearly impossible to re-use, dust will stick to it and it'll be unusable. Snake oil thermal pastes are just a rip-off, though.
Re: pfctl(8): unclear docs
On Mon, Mar 15, 2010 at 12:54:09PM +0100, Toni Mueller wrote: Not using -R is not too good, either, as on this particular box, reloading everything results in a severance of all existing connections. A clarification in the docs is imho the way to go. My 'nroff' is almost nonexistant, but here's a diff: --- pfctl.8.orig Wed Jun 11 09:23:36 2008 +++ pfctl.8 Mon Mar 15 12:53:04 2010 @@ -354,7 +354,9 @@ Only print errors and warnings. .It Fl R Load only the filter rules present in the rule file. -Other rules and options are ignored. +Other rules and options are ignored. If you are using +tables, you need to also specify one of -T load or +-o none. .It Fl r Perform reverse DNS lookups on states when displaying them. .It Fl s Ar modifier doesn;t Other rules and options are ignored. already cover this? furthermore, since -T has a load command, should we really expect -R to load tables? i don;t see that it needs to be more explicit. jmc
Cursos dis. Web con Joomla - Publi - misc
font face=arial size=1Publi/fontbrfont face=arial size=6font color=greenbAprenda a diseqar su propia brpagina Web con /fontfont color=red size=6Joomla/font/fontbrbrfont face=arial size=3- Curso practico de 6 clases de 2 hs c/u.brbr- Aranceles accesibles.brbr- Solo debe saber utilizar una computadorabrbr- Cursos personalizados, grupales, online y a domiciliobrbr- Pagos con Tarjetas de Cridito, PagoFacil, RapiPago y en efectivobrbr- Garantido, al terminar el curso hara complejas paginas Webbrbra href=http://www.joomlaclases.com.arbwww.joomlaclases.com.ar/b/a/fontbrbrfont face=arial size=1Lic. Jorge Aramburu Trelles 2382 Capital Federal - Tel. 011-4581-2947. Si no desea recibir nuestra publicidad, enviando un email a joomlacla...@latinmail.com, sera borrado de nuestra base de datos. Este E-Mail no puede ser considerado spam ya que cumple con los requistos del Capmtulo II Artmculo 4: de la Ley Antiespam de la Re! pzblica Argentina./font
Re: pfctl(8): unclear docs
2010/3/15 Toni Mueller openbsd-m...@oeko.net Hi, On Mon, 15.03.2010 at 12:22:35 +0100, matteo filippetto matteo.filippe...@gmail.com wrote: for me it works good ... just don't use -R option http://kerneltrap.org/mailarchive/openbsd-misc/2007/4/6/147502 thanks for this link. Not using -R is not too good, either, as on this particular box, reloading everything results in a severance of all existing connections. A clarification in the docs is imho the way to go. My 'nroff' is almost nonexistant, but here's a diff: --- pfctl.8.origWed Jun 11 09:23:36 2008 +++ pfctl.8 Mon Mar 15 12:53:04 2010 @@ -354,7 +354,9 @@ Only print errors and warnings. .It Fl R Load only the filter rules present in the rule file. -Other rules and options are ignored. +Other rules and options are ignored. If you are using +tables, you need to also specify one of -T load or +-o none. .It Fl r Perform reverse DNS lookups on states when displaying them. .It Fl s Ar modifier Kind regards, --Toni++ Hi Toni, I find this Starting in OpenBSD 4.2, the default is basic. See pf.conf(5)http://www.openbsd.org/cgi-bin/man.cgi?query=pf.confsektion=5manpath=OpenBSD+4.6for a more complete description. on faq (http://www.openbsd.org/faq/pf/options.html) and also in the man pages http://www.openbsd.org/cgi-bin/man.cgi?query=pf.confsektion=5manpath=OpenBSD+4.6 Best regards -- Matteo Filippetto
Re: Opteron 250 Overheating
We are a service company and have removed many heatsinks that had thermal pads and re-applied using thermal grease (of course this is after very carefully removing the thermal pad with plastic scraper and alcohol) and have never had one come back to us with a thermal issue again. Many times the system even runs cooler according to our clients than when they first got it - although that could just be perception. Of course - it is your system - use your judgement and do what you feel best. Again we have done this many times and we warrant our work and have not had one come back yet. As to the type - I have not seen a tremendous difference in the high end vs. regular brands on the market. - Good Luck -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Jussi Peltola Sent: Monday, March 15, 2010 8:12 AM To: misc@openbsd.org Subject: Re: Opteron 250 Overheating On Mon, Mar 15, 2010 at 08:02:50AM -0400, Steve Shockley wrote: If you do take it apart, make sure you have some heatsink grease on-hand, as the factory stuff may look (and function) like dried toothpaste. Don't spend extra on special grease, it doesn't really make a difference. Laptops often have thermal pads, which can't be replaced with thermal paste. Better not remove it unless you know what you're doing. The pad is nearly impossible to re-use, dust will stick to it and it'll be unusable. Snake oil thermal pastes are just a rip-off, though.
Re: kde4 dead?
On Mon, Mar 15, 2010 at 04:33:03AM -0500, Donald Cooley wrote: openports shows that the openbsd version of kde4 is nearly two years old. are there any future plans to update kde4? Regards, Donald Cooley http://lists.kde.org/?l=kde-develw=2r=1s=openbsdq=b KDE doesn't give a fuck about OpenBSD, so why should we?
Re: kde4 dead?
On Mon, 15 Mar 2010, Tobias Ulmer wrote: On Mon, Mar 15, 2010 at 04:33:03AM -0500, Donald Cooley wrote: openports shows that the openbsd version of kde4 is nearly two years old. are there any future plans to update kde4? Regards, Donald Cooley http://lists.kde.org/?l=kde-develw=2r=1s=openbsdq=b KDE doesn't give a fuck about OpenBSD, so why should we? Actually, KDE only cares about Linux. -- Antoine
Re: VLAN across two (or more) different vlandevs?
the filename must incorporate a valid device name, vlan0123 is not permitted (vlan0 is ok, otherwise the number must start with digit 1-9). On 2010-03-15, silvershadow...@gmx.de silvershadow...@gmx.de wrote: Original-Nachricht Datum: Mon, 15 Mar 2010 07:58:42 +0100 Von: Timo Schoeler timo.schoe...@riscworks.net An: misc@openbsd.org CC: silvershadow...@gmx.de Betreff: Re: VLAN across two (or more) different vlandevs? On 2010-03-12, silvershadow...@gmx.de silvershadow...@gmx.de wrote: Simply put, I need vlan 123 on both vr0 and vr2 (the Alix I use has three NICs, vr0 to vr2). the vlan device names (vlan123) do NOT need to be the same as the vlan ID. e.g.: hostname.vlan123 inet 10.11.0.3 255.255.255.0 NONE vlan 123 vlandev vr0 hostname.vlan1230 inet 222.111.222.111 255.255.255.0 NONE vlan 123 vlandev vr2 if this isn't what you want, describe in more detail what you're trying to do. Hi, maybe you already tried this, but named the files like this: /etc/hostname.vlan0123 (vlan 123, vr0) and /etc/hostname.vlan2123 (vlan 123, vr2) ? I ran into a similar phenomenon quite a while ago. After renaming the files so that '0' was not the first digit (e.g. .vlan1230 and .vlan1232, respectively), it worked as supposed. HTH, Timo Hi! Wow, thanks, that was exactly the problem I had! After renaming it so that there's no 'zero' as the first number of the VLAN naming scheme, it works flawlessly. However, AFAICS, the name of the file should be meaningless, shouldn't it? So, is that a 'bug', or intended behaviour? Thanks again! Donald
Re: kde4 dead?
On Mon, 15 Mar 2010 15:27 +0100, Antoine Jacoutot ajacou...@bsdfrog.org wrote: On Mon, 15 Mar 2010, Tobias Ulmer wrote: On Mon, Mar 15, 2010 at 04:33:03AM -0500, Donald Cooley wrote: openports shows that the openbsd version of kde4 is nearly two years old. are there any future plans to update kde4? Regards, Donald Cooley http://lists.kde.org/?l=kde-develw=2r=1s=openbsdq=b KDE doesn't give a fuck about OpenBSD, so why should we? Actually, KDE only cares about Linux. The isfinite() issue? That's C99 and POSIX stuff, right? Or are you guys talking about something else? OpenBSD does have a log2() (unlike FreeBSD 7.x) even though you can get there by doing log()/log(2). Brad -- Antoine
Re: Problems with Carp, Multi-WAN and pf syntax.
Stuart Henderson schrieb: you're probably looking for reply-to, something along these lines: pass in quick on gif1 inet to (gif1) reply-to 10.33@gif1 pass in quick on pppoe0 inet to (pppoe0) reply-to 0.0@pppoe0 Yes I was. Except that the syntax was not exactly clear to me if you want a packet both to redirect-to an internal interface and then reply-to an external interface. Now I found out that the following does work: # Redirect WWW traffic pass in log quick on $if_wan1 inet proto tcp from any to any \ reply-to ( $if_wan1 $gw_wan1 ) rdr-to $srv_www round-robin (And similar lines for the other interfaces) My only problem is that the rule resolves to: pass in log quick on em0 inet proto tcp from any to any flags S/SA keep state reply-to ip@em0 if shown with pfctl -sr In fact pfctl -sr does not show a single redirection, nor does it show that it does redirect to several servers in a round-robin-manner; though obviously it does. While I'm not perfectly happy with that, at least I'm now in a state of works for me. Thank you all. Marcus
Re: kde4 dead?
On Mon, 15 Mar 2010 10:56 -0400, Brad Tilley b...@16systems.com wrote: On Mon, 15 Mar 2010 15:27 +0100, Antoine Jacoutot ajacou...@bsdfrog.org wrote: On Mon, 15 Mar 2010, Tobias Ulmer wrote: On Mon, Mar 15, 2010 at 04:33:03AM -0500, Donald Cooley wrote: openports shows that the openbsd version of kde4 is nearly two years old. are there any future plans to update kde4? Regards, Donald Cooley http://lists.kde.org/?l=kde-develw=2r=1s=openbsdq=b KDE doesn't give a fuck about OpenBSD, so why should we? Actually, KDE only cares about Linux. The isfinite() issue? That's C99 and POSIX stuff, right? Or are you guys talking about something else? OpenBSD does have a log2() (unlike FreeBSD 7.x) even though you can get there by doing log()/log(2). Brad Never mind. I did not realize that list was a result of a search for OpenBSD. Duh.
Re: kde4 dead?
On Mon, 15 Mar 2010, Brad Tilley wrote: Actually, KDE only cares about Linux. The isfinite() issue? That's C99 and POSIX stuff, right? Or are you guys talking about something else? OpenBSD does have a log2() (unlike FreeBSD 7.x) even though you can get there by doing log()/log(2). I'm not saying KDE is only for Linux, I'm saying KDE only cares for it (at least this is how it looks like). -- Antoine
bad clock caused reboot?
Strange thing today, one of my old OpenBSD did a reboot. If it was a hard reset (ie power problem) I wouldn't have a wtmp record right? # last root ttyp0client.hostMon Mar 15 16:47 still logged in root ttyp0client.hostMon Mar 15 16:26 - 16:27 (00:00) reboot~ Mon Mar 15 09:46 wtmp begins Mon Mar 15 09:46 2010 Mar 15 07:54:12 server ntpd[5706]: adjusting local clock by 0.061002s Mar 15 08:44:43 server ntpd[3592]: reply from 10.0.0.1: not synced (alarm), next query 3299s Mar 15 09:46:03 server syslogd: start Mar 15 09:46:03 server /bsd: Processor Machine Check (670), Code 0x92 Mar 15 09:46:03 server /bsd: [ using 617920 bytes of bsd ELF symbol table ] Mar 15 09:46:03 server /bsd: consinit: not using prom console Mar 15 09:46:03 server /bsd: Copyright (c) 1982, 1986, 1989, 1991, 1993 Mar 15 09:46:03 server /bsd: The Regents of the University of California. All rights reserved. Mar 15 09:46:03 server /bsd: Copyright (c) 1995-2009 OpenBSD. All rights reserved. http://www.OpenBSD.org Mar 15 09:46:04 server /bsd: Copyright (c) 1995-2009 OpenBSD. All rights reserved. http://www.OpenBSD.org Mar 15 09:46:04 server /bsd: OpenBSD 4.6-stable (GENERIC) #3: Thu Nov 26 14:54:22 EET 2009 Mar 15 09:46:04 server /bsd: r...@server:/usr/src/sys/arch/alpha/compile/GENERIC Mar 15 09:46:04 server /bsd: AlphaServer 400 4/233, 233MHz Mar 15 09:46:04 server /bsd: 8192 byte page size, 1 processor. Mar 15 09:46:04 server /bsd: real mem = 67108864 (64MB) Mar 15 09:46:04 server /bsd: rsvd mem = 2048000 (1MB) Mar 15 09:46:04 server /bsd: avail mem = 55369728 (52MB) Mar 15 09:46:04 server /bsd: mainbus0 at root Mar 15 09:46:04 server /bsd: cpu0 at mainbus0: ID 0 (primary), 21064A-0 (unknown minor type 0) Mar 15 09:46:04 server /bsd: apecs0 at mainbus0: DECchip 21071 Core Logic chipset bla bla Mar 15 09:46:05 server /bsd: WARNING: / was not properly unmounted Mar 15 09:46:05 server /bsd: WARNING: clock gained 26 days -- CHECK AND RESET THE DATE! Mar 15 09:51:20 server ntpd[6080]: 0 out of 1 peers valid Mar 15 09:51:20 server ntpd[6080]: bad peer 10.0.0.1 (10.0.0.1) Mar 15 09:51:40 server ntpd[6080]: peer 10.0.0.1 now valid Mar 15 09:52:33 server ntpd[29796]: adjusting local clock by -55.558227s Mar 15 09:55:14 server ntpd[29796]: adjusting local clock by -54.760153s Mar 15 12:50:56 server ntpd[29796]: adjusting local clock by -1.665123s Mar 15 12:53:33 server ntpd[29796]: adjusting local clock by -0.879955s Mar 15 12:56:49 server ntpd[6080]: clock is now synced ideas? Giannis
wireless iwi
hello; When the system starts in openbsd 4.6, wireless device (iwi0) say: iwi0.sleep after login, if I do : #ifconfig iwi0 scan [ here iwi0 wakes up, works properly and it has found wireless networks] Then : #sh /etc/netstart iwi0 [ Everything works properly after that. ] Seems like the system doesnt start the device itself, if I dont perform some scan or something. thanks
spurious need to frag messages
Hi, one of my OpenBSD 4.6 boxen starts sending out need to fragment messages to other hosts, w/o me seeing the reason. # pfctl -s a |grep mss # ifconfig|grep mtu|grep -v 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33152 enc0: flags=41UP,RUNNING mtu 1536 pflog0: flags=141UP,RUNNING,PROMISC mtu 33152 # And that's it... IOW: There are only physical interfaces with an MTU of 1500 bytes present, and there are no mss-meddling packet filter rules present. Nevertheless, the machine started to send out random fragmentation messages to ever more hosts around the internet, resulting in more and more websites becoming inaccessible. Sample message from tcpdump: 19:03:59.805030 1.2.3.4 5.6.7.8: icmp: 1.2.3.20 unreachable - need to frag (mtu 1420) for 5.6.7.8.80 1.2.3.20.59495: 2079874237 [|tcp] (DF) (ttl 243, id 22121, len 1500) (ttl 255, id 23060, len 56) The machine in question serves as a firewall, and it can (did) happen that eg. one machine in the DMZ can access a certain foreign host, while some other can't access the same foreign host. The only consistency to be observed is that connectivity gradually deteriorates, so that eventually, no machine in the DMZ can access a certain host, while the number of inaccessible foreign hosts steadily increases. The machine runs OpenBSD 4.6-stable/amd64. What gives? Kind regards, --Toni++
NFS problems w/ diskless client
Hi all, (2nd try - the first message didn't make it to the list, apparently) I'm currently trying to get one of my SGI Indys to run as a diskless music player. I'm using Debian Linux (Lenny) for that and the Indy is supposed to be booting diskless off my OpenBSD file server (i.e. NFS root file system). After having figured out all the necessary parts (dhcpd set-up, tftpd set-up, nfs set-up) I've got the Indy to boot - it gets its IP address, finds its kernel via tftp and starts booting. However, as soon as it starts doing something on its NFS root file system, I get tons of server not responding, still trying messages on the Indy. After a long time, the Indy will finally succeed in booting, but any further activity on the root filesystem generates more errors. On the file server, I cannot find any errors in the log files. However, when the Indy is doing something, I can see the load going up without any program in particular using CPU (what's that - interrupts?). At one point it got that bad that the server hung completely and I was forced to reboot. That server is running OpenBSD 4.5. I've also noticed that things get better when I remount the nfsroot on the Indy with an explicit vers=3 (I think I read somewhere that the default is NFSv2 when booting it that way) - after the remount, the errors stop. To investigate this further, I've set up a test server for the tftp and nfsroot (dhcp is still done by the main server) running OpenBSD 4.6. I did a basic install and all I configured was tftp and nfsd (no pf or any other extras). Same result: Any activity on the Indy results in loads of server not responding NFS errors and everything is very, very slow. tcpdump on the connection reveals loads of this: 00:23:51.589956 00:04:75:98:2b:9d 08:00:69:09:88:d3 0800 1514: 192.168.1.2.2049 192.168.1.82.940: xid 0x0 reply ERR 1448 (DF) (ttl 64, id 33443, len 1500) (.2 being the server and .82 the Indy) - but that doesn't tell me much... As I remembered having NFS trouble with 4.5 before (after I upgraded the main server from 4.2), I installed OpenBSD 4.2 on the test server. Same configuration (just tftp and nfsd) - and presto, the Indy boots absolutely fine - no problems at all. Apparently, something in NFS has changed between 4.2 and 4.5 (and higher) - and I just cannot figure out what... Hence, I have no idea what I would need to change nor what to investigate further. I've been over the release notes and the only NFS related change that I noticed was the addition of rpc.statd in 4.4 - could this have anything to do with the problems I'm seeing? Any hints would be much appreciated - especially RTFM pointers and/or ideas for further investigaiton... Thanks in advance, Thomas Server config: /etc/exports: /export/nfs -alldirs -maproot=root -network=192.168.1.64 -mask=255.255.255.192 /etc/rc.conf.local: nfs_server=YES # see sysctl.conf for nfs client configuration portmap=YES # Note: inetd(8) rpc services need portmap too lockd=YES dmesg of the test server (OpenBSD 4.6): OpenBSD 4.6 (GENERIC) #58: Thu Jul 9 21:24:42 MDT 2009 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class) 1 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 536178688 (511MB) avail mem = 509644800 (486MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 11/14/00, BIOS32 rev. 0 @ 0xfda74, SMBIOS rev. 2.3 @ 0xf0ea0 (56 entries) bios0: vendor Intel Corp. version EA81510A.86A.0040.P09.0011141019 date 11/14/2000 bios0: Intel Corporation D815EEA apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf2f70/224 (12 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0xb000 0xcb000/0x800 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82815 Host rev 0x02 intelagp0 at pchb0 agp0 at intelagp0: aperture at 0xf800, size 0x240 ppb0 at pci0 dev 1 function 0 Intel 82815 AGP rev 0x02 pci1 at ppb0 bus 2 vga1 at pci1 dev 0 function 0 NVIDIA Quadro rev 0x10 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x02 pci2 at ppb1 bus 1 xl0 at pci2 dev 11 function 0 3Com 3c905C 100Base-TX rev 0x78: irq 9, address 00:04:75:98:2b:9d exphy0 at xl0 phy 24: 3Com internal media interface ichpcib0 at pci0 dev 31 function 0 Intel 82801BA LPC rev 0x02: 24-bit timer at 3579545Hz pciide0 at pci0 dev 31 function 1 Intel 82801BA IDE rev 0x02: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: Maxtor 32049H3 wd0: 16-sector PIO, LBA,
Re: pfctl(8): unclear docs
Hi, On Mon, 15.03.2010 at 13:04:04 +, Jason McIntyre j...@kerhand.co.uk wrote: doesn;t Other rules and options are ignored. already cover this? may be. But then, you are possibly only too deeply entrenched in this stuff to see the problem. furthermore, since -T has a load command, should we really expect -R to load tables? Should it really need to? My guess was that tables would usually have been loaded already when one goes to selectively reloads the rules, and either of spelling out that they need to be loaded explicitly, stating that, by default, the already-loaded tables are being used, or that they are being ignored, or that the whole command fails would imho be a good thing. Ok. I go out on a limb and say that explicit is better than implicit, in a lot of cases, and would welcome the short explanation OR the modification of the command to also load tables (which would require amending the man page, too). I admit that I was unaware of the rule optimizer until it bit me into my bottom half. I mean, I usually don't care, from a user perspective, whether there is something optimizing my stuff, and consider this kind of breakage as a (an almost) hidden gotcha. An optimizer (or any other such device) which is on by default and claims to not change semantics, should imho be transparent to the user, but this one isn't. If you have other uses of disabling the optimizer except for debugging pf, I'd really like to hear. -- Kind regards, --Toni++
Re: kde4 dead?
On Mon, Mar 15, 2010 at 03:19:41PM +0100, Tobias Ulmer wrote: On Mon, Mar 15, 2010 at 04:33:03AM -0500, Donald Cooley wrote: openports shows that the openbsd version of kde4 is nearly two years old. are there any future plans to update kde4? Regards, Donald Cooley http://lists.kde.org/?l=kde-develw=2r=1s=openbsdq=b KDE doesn't give a fuck about OpenBSD, so why should we? You're totally mistaken. KDE cares about the BSDs, and they're very much no-nonsense people. I had absolutely no difficulty getting an account with them, nor with folding back portable patches I had to make things work on OpenBSD. The main reason we're behind for kde4 is that it's mostly impossible to compile kde4 with gcc3, so there is some upheaval there. Also the fact that back when I ported kde 4.0, it was not interesting at all, especially compared to 3.5.10. Other issues have happened since then. It shouldn't be that hard to get kde4 to work, once you get past the gcc4 issue (and port cmake, but apparently 2.8.0 is nicer).
Re: kde4 dead?
On Mon, 15 Mar 2010, Marc Espie wrote: You're totally mistaken. KDE cares about the BSDs, and they're very much no-nonsense people. I had absolutely no difficulty getting an account with them, nor with folding back portable patches I had to make things work on OpenBSD. The main reason we're behind for kde4 is that it's mostly impossible to compile kde4 with gcc3, so there is some upheaval there. Also the fact that back when I ported kde 4.0, it was not interesting at all, especially compared to 3.5.10. Other issues have happened since then. It shouldn't be that hard to get kde4 to work, once you get past the gcc4 issue (and port cmake, but apparently 2.8.0 is nicer). Of course not having HAL doesn't help. -- Antoine
axe(4) USB Adapter detected, but not working.
Hi, The adapter in question is a LevelOne USB-0201 which, AFAIK, uses the ASIX AX88178 chipset. When I plug in the UTP cable, its status doesn't change, it remains set to no carrier as if nothing happened (yes, the other end of the cable is plugged in.) I get the same behavior on OpenBSD 4.6, OpenBSD 4.6-STABLE and on the latest snapshot. However, it worked without a hitch on FreeBSD 8 (using the 'ue' pseudo-device -- there were no man pages for 'ue'.) Currently running the latest snapshot on an ASUS EEEBOX B202. $ uname -a OpenBSD localhost 4.7 GENERIC.MP#447 i386 ifconfig output: http://pastie.org/870996 dmesg output: http://pastie.org/870992 Any ideas?
Re: mismatch output net-snmp -current
On 17Apr2009 07:48, uno83 johan.unos...@gmail.com wrote: | Agung T. Apriyanto-2 wrote: | i found mismatch output from snmpwalk in -current net-snmp, sample bellow | | r...@cadangan[patches]# snmpwalk -v 1 -c public localhost | .1.3.6.1.2.1.4.20.1.2 | IP-MIB::ipAdEntIfIndex.10.100.0.1 = INTEGER: 1 | IP-MIB::ipAdEntIfIndex.10.100.66.1 = INTEGER: 5 | IP-MIB::ipAdEntIfIndex.10.100.67.1 = INTEGER: 6 | IP-MIB::ipAdEntIfIndex.10.100.68.1 = INTEGER: 7 | IP-MIB::ipAdEntIfIndex.10.100.69.1 = INTEGER: 8 | IP-MIB::ipAdEntIfIndex.58.145.172.241 = INTEGER: 2 | IP-MIB::ipAdEntIfIndex.127.0.0.1 = INTEGER: 4 | | r...@cadangan[patches]# snmpwalk -v 1 -c public localhost | .1.3.6.1.2.1.2.2.1.3 | IF-MIB::ifType.1 = INTEGER: softwareLoopback(24) | IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6) | IF-MIB::ifType.3 = INTEGER: ethernetCsmacd(6) | IF-MIB::ifType.4 = INTEGER: 244 | IF-MIB::ifType.5 = INTEGER: ethernetCsmacd(6) | IF-MIB::ifType.6 = INTEGER: ethernetCsmacd(6) | IF-MIB::ifType.7 = INTEGER: ethernetCsmacd(6) | IF-MIB::ifType.8 = INTEGER: ethernetCsmacd(6) | IF-MIB::ifType.9 = INTEGER: 245 | | interface index 5,6,7,8 have the right ip, but there's a mismatch at | index 1, 2 and 4 of IP-MIB. | | any of you have the same problems ? | | We are seeing the same problem. Me too, using net-snmp on OpenBSD 4.5. How is the base OS snmpd in 4.5? It was insufficient back on 4.3 and I ended up using net-snmp, but we recently added another NIC to the box and now net-snmp reports no interfaces at all:-( Am trying today to upgrade (or re-install) to 4.5 on this box to match our working equivalent box (redundant pair of machine with staggered install times, hence the mismatch), but of course the AMD64 install CD doesn't boot :-( Cheers, -- Cameron Simpson c...@zip.com.au DoD#743
Re: axe(4) USB Adapter detected, but not working.
On Mon, March 15, 2010 18:33, Alexandru Diaconu wrote: Hi, The adapter in question is a LevelOne USB-0201 which, AFAIK, uses the ASIX AX88178 chipset. When I plug in the UTP cable, its status doesn't change, it remains set to no carrier as if nothing happened (yes, the other end of the cable is plugged in.) I get the same behavior on OpenBSD 4.6, OpenBSD 4.6-STABLE and on the latest snapshot. However, it worked without a hitch on FreeBSD 8 (using the 'ue' pseudo-device -- there were no man pages for 'ue'.) freebsd related. the ue loads also axe. can read axe man page. matheus Currently running the latest snapshot on an ASUS EEEBOX B202. $ uname -a OpenBSD localhost 4.7 GENERIC.MP#447 i386 ifconfig output: http://pastie.org/870996 dmesg output: http://pastie.org/870992 Any ideas? -- We will call you cygnus, The God of balance you shall be A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? http://en.wikipedia.org/wiki/Posting_style
Re: bad clock caused reboot?
Kapetanakis Giannis wrote: Strange thing today, one of my old OpenBSD did a reboot. If it was a hard reset (ie power problem) I wouldn't have a wtmp record right? # last root ttyp0client.hostMon Mar 15 16:47 still logged in root ttyp0client.hostMon Mar 15 16:26 - 16:27 (00:00) reboot~ Mon Mar 15 09:46 wtmp begins Mon Mar 15 09:46 2010 nope. Just pulled the plug out of a machine here to verify that, in fact. :) That just means the system came up, not that it went down formally for a reboot... ... Mar 15 09:46:05 server /bsd: WARNING: / was not properly unmounted and again, substantial evidence that the system went down hard and unexpected, but obviously came back up on its own. Nick.
Re: axe(4) USB Adapter detected, but not working.
On Mon, Mar 15, 2010 at 11:33:54PM +0200, Alexandru Diaconu wrote: Hi, The adapter in question is a LevelOne USB-0201 which, AFAIK, uses the ASIX AX88178 chipset. When I plug in the UTP cable, its status doesn't change, it remains set to no carrier as if nothing happened (yes, the other end of the cable is plugged in.) I get the same behavior on OpenBSD 4.6, OpenBSD 4.6-STABLE and on the latest snapshot. However, it worked without a hitch on FreeBSD 8 (using the 'ue' pseudo-device -- there were no man pages for 'ue'.) Currently running the latest snapshot on an ASUS EEEBOX B202. $ uname -a OpenBSD localhost 4.7 GENERIC.MP#447 i386 ifconfig output: http://pastie.org/870996 dmesg output: http://pastie.org/870992 Any ideas? yes, we need some variation on http://people.freebsd.org/~yongari/axe.88178.patch4 so it doesn't pickup the ghost phy.
O Despertar do Tigre: Trauma e Recuperação
ExperiC*ncia SomC!tica-Portugal, em colaboraC'C#o com a AlmaSoma, apresenta, pela primeira vez em Portugal, o trabalho de Peter Levine numa oficina intitulada O Despertar do Tigre: Trauma e RecuperaC'C#o IntroduC'C#o C Somatic Experiencing (ExperiC*ncia SomC!tica) Somatic Experiencing (SE) C) a designaC'C#o do trabalho com Trauma da Foundation for Human Enrichment (FHE), jC! estabelecido em muitos paC-ses e vC!rios continentes como entidade formadora, e presente nos cenC!rios de catC!strofe, como o Haiti, para intervenC'C#o directa. Peter Levine, PhD, autor de O Despertar do Tigre entre outras publicaC'C5es cientC-ficas e de divulgaC'C#o, desenvolveu um enfoque particular sobre o adoecer e o curar num contexto traumatolC3gico baseado em dC)cadas de experiC*ncia, observaC'C#o do mundo animal e investigaC'C#o nas neurociC*ncias. Sistematizou assim uma abordagem naturalista e efectiva, cientificamente embasada, e de mC:ltiplas aplicaC'C5es, desde o trauma de nascimento ao trauma de violaC'C#o, passando pelo trauma de cirurgia, de acidente automC3vel, etc. Com Lida Ruiter, coordenadora SE na Holanda, assistente e supervisora na Inglaterra, Dinamarca e Holanda, vamos conhecer os princC-pios que subjazem ao trabalho da Somatic Experiencing e assistir C sua aplicaC'C#o prC!tica entre os participantes, em dois dias teC3rico-prC!ticos que apresentam este trabalho em Portugal. Para os interessados, a partir de Outubro de 2010, estarC! disponC-vel uma formaC'C#o profissional certificada pela FHE b equivalente ao grau de practionner que habilita ao trabalho terapC*utico -, com a duraC'C#o de 3 anos leccionada pela professora SC3nia Gomes, actualmente docente SE em vC!rios paC-ses europeus e lC-der deste trabalho no Brasil. Veja www.seportugal.com A Oficina e a FormaC'C#o darC! lugar a criaC'C#o da Foundation for Human Enrichment-Portugal que, com esta ou outra designaC'C#o, serC! responsC!vel pela manutenC'C#o deste trabalho em Portugal. Actualmente a ExperiC*ncia SomC!tica-Portugal C) coordenada por Erica Poonam e MC!rio Resende. LIDA RUITER Lida tem um grau de bacharel em educaC'C#o e um grau de mestre em trabalho social e aconselhamento. Ela C) tambC)m supervisora e professora nesses campos. Treinada em Core-energetics (trabalho corporal), Naturopatia, Trabalho EnergC)tico (Snowlion Center School), Reconnection Healing (Dr. Eric Pearl), e ExperiC*ncia SomC!tica (SE), ela trabalha em clC-nica privada como terapeuta e curadora. Trabalhou vC!rias vezes em Tamil Nadu, na C ndia, como membro do grupo internacional de trabalho com trauma que ofereceu ajuda aos sobreviventes do Tsunami com stress pC3s traumC!tico e formaC'C#o aos profissionais locais no tratamento do trauma. Ela faz tambC)m parte de um grupo internacional de terapeutas do trauma trabalhando com vC-timas de violC*ncia domC)stica e com os seus terapeutas na C ndia. Ela coordena as actividades do SE na Holanda, C) membro da AssociaC'C#o Europeia de ExperiC*ncia SomC!tica e C) assistente sC)nior e supervisora para as formaC'C5es em SE na Inglaterra, Dinamarca e Holanda. Ela estC! a integrar diferentes tipos de cura no trabalho com choque e trauma. Vagas disponC-veis: 25 Data: 17 e 18 de Abril de 2010 HorC!rio: das 9 C s 18h, sC!bado e domingo. Local: QuC-ron, Rua VC-tor CordC3n 5, Lisboa Investimento: 120b, (sem iva) atC) 31 de MarC'o, 150b, (sem iva) atC) dia 16 de Abril, 160 (sem iva) para inscriC'C5es no prC3prio dia. InscriC'C5es e informaC'C5es: responda a este email (secretari...@almasoma.pt mailto:secretari...@almasoma.pt ) e receberC! de volta a ficha de inscriC'C#o. Via telemC3vel: 96 999 04 17 (Dra TCnia Ferro, Assistente Experiencia SomC!tica-Portugal)
How to make FTP work from the firewall system?
I'm configuring a notebook which will use PF to protect itself from the environments in which I use it, and would like to have FTP 'just work' on it -- whether it's from an explicit FTP command, from a browser, or embedded in some other program or script. Unfortunatly there doesn't seem to be any really good way to do this when a system is its own firewall; the best tool I've found so far is 'ftpsesame', which acknowledges a couple of significant problems (there's no guarantee that the PF rules changes it makes will happen in time, and inspecting packets 'on the fly' without a full TCP stack is errorprone). I'd expect this to be a rather common desire; is there a good solution that I've missed? Suggestions are very welcome. I do notice that 4.7 has a new divert-to-userland ability that looks like it could be used to solve this problem properly, by intercepting outbound and inbound control-connection packets on the egress interface. If I read the documentation correctly, ftp-proxy has not (yet) been updated to work this way; is anyone known to be planning to do this? Thanks, Dave -- Dave Anderson d...@daveanderson.com
installing amd64 using i386 to boot then amd64 for install?
I have the apparently common problem of CD2 (amd64) from the OpenBSD distro not booting on an IBM x336. And of course there's no floppy and the box won't boot off a USB device at all. One of the avenues I'm considering is booting off the i386 CD1 and then using the CD2 disc for the install data. Will that work, or will the i386 install still load up some inappropriate i386 items (eg the boot sector)? Has anyone done this? -- Cameron Simpson c...@zip.com.au DoD#743 http://www.cskk.ezoshosting.com/cs/ If you can't make it out of coathanger wire, you just aren't thinking. - John Whitmore
Re: stinking patches
On Tue, Mar 09, 2010 at 07:07:43AM -0700, Ted Roby wrote: Thanks to the hard work of Jacob Meuser I now have a functional patch which modifies the azalia driver for Macbook revision 3,1. This was my first crafted patch in conjunction with a developer. I sorted out my own ignorance in applying the patch. Once I switched to using -p1 instead of -p0 I had resounding success. Should I now post my functional patch to tech until it is placed in CVS? no need, I've got the patches. glad it finally worked for you :) -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org