Re: Bluetooth support status
Ha. I was about to start out with how I can guess how complicated managing an operating system is. Then I see the last line of your email saying, "How about if you don't know, stop making guesses". My comments only apply to my experience coding for bluetooth on mobile devices and it was just overcomplicated for me and I felt it was opening up an unnecessary attack surface. That opinion has nothing to do with OpenBSD. Just writing this here in case someone tries to use this in a future conversation. On Wed, Aug 7, 2019 at 10:22 AM Theo de Raadt wrote: > Bryan Wright wrote: > > > > On Aug 7, 2019, at 10:06, Theo de Raadt wrote: > > > > > > Bryan Wright wrote: > > > > > >> Are there technical/philosophical problems that make all versions of > > >> Bluetooth incompatible with the project, or is it a just matter of > > >> removing what is not being maintained? > > > > > > I'm sure a bunch of you can come up with theories about what actually > > > transpired, without reading any of the code that used to be here, or > > > the commit messages. > > > > > > Basically, feel free to keep making up stuff. > > > > > > > I’m sorry, Theo. I’ve read some, but I’m sure I haven’t read all the > history. I didn’t mean anything by my question, but perhaps I should have > done more reading before asking. Apologies. > > Beyond the commit messages, none of us owes anyone any sort of explanation, > no matter how much it is begged for. > > What bothers me greatly is the begging pattern of introducing fake > theories, and a year or so later those fake theories are used as part of > the evidence chain in a new discussion, and another few years later even > more fake discussion is used to create new fake discussion, and > eventually everyone believes parts of it. > > How about if you don't know, stop making up guesses. > > >
Re: Bluetooth support status
Right, without reading the code and only reading this commit message it's all conjecture. I was just hoping to hear something more if someone was inclined to share. inclined. The commit message seems like some sort of inside joke. Log message: "It's not the years, honey; it's the mileage." bluetooth support doesn't work and isn't going anywhere. the current design is a dead end, and should not be the basis for any future support. general consensus says to whack it so as to not mislead the unwary. On Wed, Aug 7, 2019 at 10:06 AM Theo de Raadt wrote: > Bryan Wright wrote: > > > Are there technical/philosophical problems that make all versions of > > Bluetooth incompatible with the project, or is it a just matter of > > removing what is not being maintained? > > I'm sure a bunch of you can come up with theories about what actually > transpired, without reading any of the code that used to be here, or > the commit messages. > > Basically, feel free to keep making up stuff. > >
Re: Bluetooth support status
ok, thanks. Bluetooth is overcomplicated and if it's not managed properly it just opens up the attack surface for no reason. It definitely makes some things easy but there are always workarounds. On Tue, Aug 6, 2019 at 11:52 PM Consus wrote: > On 17:12 Tue 06 Aug, John Brahy wrote: > > Hello, > > > > Just curious if there was any change in OpenBSD supporting bluetooth. > > Sadly, there is none. >
Bluetooth support status
Hello, Just curious if there was any change in OpenBSD supporting bluetooth. In this commit from tedu@ it's saying that support was ripped out of the kernel because it never really worked. https://marc.info/?l=openbsd-cvs=140511572108715=2 man -k blue brings up nothing appros. Thanks, JB
Apple Display via Thunderbolt on macbook pro
Hello, I have OpenBSD 6.5 installed on a MacBook Pro (mid-2015) and I was hoping to use a couple of my 27" Apple Displays with it. Has anyone had any success with them? I don't see anything pop up in dmesg when I plug them in so not sure if the system detects them or of OpenBSD recognizes the Thunderbolt bus. I see "Intel DSL 5520 Thunderbolt" rev 0x00 at pci4 dev 0 function 0 not configured in the dmesg. Thanks, John
Re: Broadcom BCM5716 support in 4.6/snapshots
Sorry for the delay. Her'es the dmesg On Sun, Sep 13, 2009 at 6:42 PM, David Gwynne l...@animata.net wrote: which dells specifically? are you able to get a dmesg off it? dlg On 14/09/2009, at 6:47 AM, John Brahy wrote: Hi, I bought a couple new dells with Broadcom BCM5716 chips on the motherboard for network support but everytime I boot and it gets to the starting network it reboots on me. Anyone have any ideas on this? thanks, JB ** *John Brahy *| CTO | P 310.356.7500 | F 310.356.7520 jbr...@snowball-media.com | 1990 East Grand Ave, Suite 200, El Segundo, CA 90245 [demime 1.01d removed an attachment of type application/zip which had a name of dmesg.zip]
Re: Broadcom BCM5716 support in 4.6/snapshots
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 rd0: fixed, 3800 blocks uhub8 at uhub0 port 3 vendor 0x0424 product 0x2514 rev 2.00/0.00 addr 2 uhub9 at uhub2 port 1 Dell Dell USB Keyboard Hub rev 1.10/48.00 addr 2 umass0 at uhub4 port 1 configuration 1 interface 0 TEAC TEAC FD-05PUB rev 2.00/0.00 addr 2 umass0: using UFI over CBI with CCI scsibus2 at umass0: 2 targets, initiator 0 sd1 at scsibus2 targ 1 lun 0: TEAC, FD-05PUB, 3000 ATAPI 0/direct removable sd1: 1MB, 512 bytes/sec, 2880 sec total uhidev0 at uhub9 port 1 configuration 1 interface 0 Dell Dell USB Keyboard Hub rev 1.10/48.00 addr 3 uhidev0: iclass 3/1 ukbd0 at uhidev0 wskbd0 at ukbd0: console keyboard, using wsdisplay0 uhidev1 at uhub9 port 1 configuration 1 interface 1 Dell Dell USB Keyboard Hub rev 1.10/48.00 addr 3 uhidev1: iclass 3/0, 3 report ids uhid at uhidev1 reportid 1 not configured uhid at uhidev1 reportid 2 not configured uhid at uhidev1 reportid 3 not configured softraid0 at root root on rd0a swap on rd0b dump on rd0b bnx0: address 00:24:e8:6c:2d:99 brgphy0 at bnx0 phy 1: BCM5709 10/100/1000baseT PHY, rev. 8 bnx1: address 00:24:e8:6c:2d:9a brgphy1 at bnx1 phy 1: BCM5709 10/100/1000baseT PHY, rev. 8 sd1(umass0:1:0): Check Condition (error 0x70) on opcode 0x2a SENSE KEY: Not Ready ASC/ASCQ: ASC 0x3a ASCQ 0x00 On Sun, Sep 13, 2009 at 6:42 PM, David Gwynne l...@animata.net wrote: which dells specifically? are you able to get a dmesg off it? dlg On 14/09/2009, at 6:47 AM, John Brahy wrote: Hi, I bought a couple new dells with Broadcom BCM5716 chips on the motherboard for network support but everytime I boot and it gets to the starting network it reboots on me. Anyone have any ideas on this? thanks, JB ** *John Brahy *| CTO | P 310.356.7500 | F 310.356.7520 jbr...@snowball-media.com | 1990 East Grand Ave, Suite 200, El Segundo, CA 90245
Broadcom BCM5716 support in 4.6/snapshots
Hi, I bought a couple new dells with Broadcom BCM5716 chips on the motherboard for network support but everytime I boot and it gets to the starting network it reboots on me. Anyone have any ideas on this? thanks, JB
newfs block device
Have I completely lost my mind or should I be able to give newfs a block device? # df -ht ffs Filesystem SizeUsed Avail Capacity Mounted on /dev/wd0a 1006M203M753M21%/ /dev/wd0j 7.9G6.0G1.5G81%/home /dev/wd0i 1006M6.0K956M 0%/tmp /dev/wd0d 3.9G1.2G2.6G32%/usr /dev/wd0k 9.8G730M8.6G 8%/usr/local /dev/wd0f 2.0G 66.6M1.8G 3%/usr/obj /dev/wd0e 2.0G1.1G774M60%/usr/src /dev/wd0h 1006M123M833M13%/var /dev/wd0l 114G 78.4G 30.1G72%/virtualhosts /dev/wd1a 367G 84.9G264G24%/backups /dev/wd0g 2.0G221M1.7G12%/usr/ports # umount obj # newfs /dev/wd0f newfs: /dev/wd0f: block device # I thought that I have done that before. Have we lost functionality in 4.5 or just my mind?
PF/NAT Issue
Hello, I'm having a problem with NAT. I have given up trying fancy pf stuff and I am using a barely modified version of the example ruleset from the using pf guide on the OpenBSD site: # OpenBSD Packet Filter Configuration # # macros ext_if=dc0 int_if=sis0 tcp_services={ 22, 113 } icmp_types=echoreq # options set block-policy return set loginterface $ext_if set skip on lo # scrub scrub in # nat/rdr nat on $ext_if from !($ext_if) - ($ext_if:0) nat-anchor ftp-proxy/* rdr-anchor ftp-proxy/* rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021 # filter rules block in pass out keep state anchor ftp-proxy/* antispoof quick for { lo $int_if } pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services flags S/SA keep state pass in inet proto icmp all icmp-type $icmp_types keep state pass in quick on $int_if the only thing that I took out was the web server, so there is no inbound access in this configuration. I have the same pf.conf file on both of my servers. The layout looks like this. Internet | - public ip OpenBSD box A running as router - public ip | - public ip OpenBSD box B running as firewall - 10.100.100.1 | - 10.100.100.120 OpenBSD box C running as desktop The problem that I am having is that I can't surf the information superhighway from box C. So I've been looking at the network traffic to see how far it is going and it's getting past the firewall but not past the router. I believe the problem is that box B is not preforming network address translation for box C. When I do a tcpdump on the interface connection box A and box B I see packets with 10.100.100.120 as the address. Is there a magic Turn Nat On switch I'm not using? I have modified by /etc/sysctl.conf to enable ip forwarding. I'm stuck... Does anyone have a suggestion on what I can try or what I am doing wrong? Thanks, JB
Re: PF/NAT Issue
It must have been a hardware issue, I just replaced the ethernet card and things are working fine. thanks anyway.
Best hardware platform for home automation system
Hi Everyone, I wanted to find out if anyone has experience with creating home automation systems using OpenBSD. I was planning on buying a random fanless micro atx system. I was hoping to get some suggestions from y'all. I know there is a hardware compatibility list at http://www.openbsd.org but I was looking for specific experience with motherboards with supported ethernet chips (I'm sure most work anyway) and devices to turn things on and off. Thanks for your time, JB
what's the best way to configure a 3.75TB datastore?
Hello List, We're the proud new owner of a 10x750GB appliance. We're going to put OpenBSD on it and I was looking for suggestions or feedback on a configuration we were considering. This server is going to be stored at our colo and we have a point to point T1 directly connected to it. (We're going to initially populate it here and only have to rsync daily differences after hours.) Luca-Brozzi.ad2.com - Partition Size(GB) / 2 swap 8 /usr 4 /usr/local 4 /usr/obj 4 /usr/src 4 /var 2 /home 20 /tmp 2 /backups/server1 400 /backups/server2 400 /backups/server3 400 /backups/server4 400 /backups/server5 400 /backups/server6 400 /backups/server7 400 /backups/server8 400 /backups/server9 400 Is this the best way to do it? Does anyone have suggestions on a better way to do it? Thanks, John
Re: what's the best way to configure a 3.75TB datastore?
I'd really recommend to run, if possible, Solaris and take advantage of ZFS with all its nice tools and features. That's a great idea, I always think OpenBSD for everything but I don't want to know how long it would take to fsck 3.75TB. I'm going to go with Solaris w/ZFS. Thanks!
rmoption INET6
Is there any reason I shouldn't add rmoption INET6 to my kernel? I don't use IPV6.
Re: rmoption INET6
You don't recompile your kernel? Isn't that part of keeping with stable? -Original Message- From: Paul de Weerd [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 28, 2007 2:27 PM To: John Brahy Cc: misc@openbsd.org Subject: Re: rmoption INET6 On Wed, Mar 28, 2007 at 01:54:48PM -0700, John Brahy wrote: | Is there any reason I shouldn't add rmoption INET6 to my kernel? I don't use | IPV6. The fact that you will run your own, unsupported, frankensteined kernel may be detrimental to your quest. You may want to remove driver support for all the hardware that you don't have, remove support for ccd, pfsync, carp and other fun software goodies you never plan on using, but to what end ? If you really fear the IPv6-beast, use pf to 'block in all inet6' and just don't care. Don't build your own kernel. See the FAQ. Cheers, Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/
Re: rmoption INET6
So if I use GENERIC and then disable ipv6 is that a safe thing do to? In light of the recent security issue and since I don't use ipv6 I thought it would make the system more secure, but I definitely don't want to make it unstable.
Problem routing 10.x.x.x networks through a firewall
Hello, I am having a problem routing IP traffic on my network. my firewall has three interfaces. | +-+--+ | P2P - t1 | | router | | 10.1.2.1 | +-+--+ | +-+--+ | 10.1.2.2 | | router | | 10.1.3.1 | +-+--+ | +-+--+ +---+ | 10.1.3.2 | | DMZ host | | firewall +-+ 10.1.15.10 | | 10.1.1.1 | +---+ +-+--+ | +-+--+ | 10.1.11.100 | ++ I have net.ip.forwarding=1 and my pf.conf is completely empty right now. From the 10.1.1.100 client, I can't ping the internet from 10.1.11.100, but I can from my firewall. Is there anything special I have to do to route private networks? Here's the ipv4 info from netstat. Routing tables Internet: DestinationGatewayFlagsRefs UseMtu Interface default10.1.3.1 UGS 03 - em0 10.1.3/24 link#1 UC 10 - em0 10.1.3.1 00:b0:a2:89:13:45 UHLc1 1469 - em0 10.1.11/24 link#3 UC 00 - em2 10.1.15/24 link#2 UC 00 - em1 127/8 127.0.0.1 UGRS00 33192 lo0 127.0.0.1 127.0.0.1 UH 10 33192 lo0 224/4 127.0.0.1 URS 00 33192 lo0 Any help would be greatly appreciated. Thanks! John
Re: Problem routing 10.x.x.x networks through a firewall
On 1/30/07, Will H. Backman [EMAIL PROTECTED] wrote: John Brahy wrote: Hello, I am having a problem routing IP traffic on my network. my firewall has three interfaces. | +-+--+ | P2P - t1 | | router | | 10.1.2.1 | +-+--+ | +-+--+ | 10.1.2.2 | | router | | 10.1.3.1 | +-+--+ | +-+--+ +---+ | 10.1.3.2 | | DMZ host | | firewall +-+ 10.1.15.10 | | 10.1.11.1 | +---+ +-+--+ | +-+--+ | 10.1.11.100 | ++ I have net.ip.forwarding=1 and my pf.conf is completely empty right now. From the 10.1.1.100 client, I can't ping the internet from 10.1.11.100, but I can from my firewall. Is there anything special I have to do to route private networks? Here's the ipv4 info from netstat. Routing tables Internet: DestinationGatewayFlagsRefs UseMtu Interface default10.1.3.1 UGS 03 - em0 10.1.3/24 link#1 UC 10 - em0 10.1.3.1 00:b0:a2:89:13:45 UHLc1 1469 - em0 10.1.11/24 link#3 UC 00 - em2 10.1.15/24 link#2 UC 00 - em1 127/8 127.0.0.1 UGRS00 33192 lo0 127.0.0.1 127.0.0.1 UH 10 33192 lo0 224/4 127.0.0.1 URS 00 33192 lo0 Any help would be greatly appreciated. Thanks! John You have a network behind a network. The router that is connected to the internet only knows about the networks that it is directly attached to. You would need to tell the external router about the innermost network through a static route. From 10.1.11.100 I am not able to ping 10.1.3.1.
Re: Problem routing 10.x.x.x networks through a firewall
On 1/30/07, John Brahy [EMAIL PROTECTED] wrote: On 1/30/07, Will H. Backman [EMAIL PROTECTED] wrote: John Brahy wrote: Hello, I am having a problem routing IP traffic on my network. my firewall has three interfaces. | +-+--+ | P2P - t1 | | router | | 10.1.2.1 | +-+--+ | +-+--+ | 10.1.2.2 | | router | | 10.1.3.1 | +-+--+ | +-+--+ +---+ | 10.1.3.2 | | DMZ host | | firewall +-+ 10.1.15.10 | | 10.1.11.1 | +---+ +-+--+ | +-+--+ | 10.1.11.100 | ++ I have net.ip.forwarding=1 and my pf.conf is completely empty right now. From the 10.1.1.100 client, I can't ping the internet from 10.1.11.100, but I can from my firewall. Is there anything special I have to do to route private networks? Here's the ipv4 info from netstat. Routing tables Internet: DestinationGatewayFlagsRefs UseMtu Interface default10.1.3.1 UGS 03 - em0 10.1.3/24 link#1 UC 10 - em0 10.1.3.1 00:b0:a2:89:13:45 UHLc1 1469 - em0 10.1.11/24 link#3 UC 00 - em2 10.1.15/24 link#2 UC 00 - em1 127/8 127.0.0.1 UGRS00 33192 lo0 127.0.0.1 127.0.0.1 UH 10 33192 lo0 224/4 127.0.0.1 URS 00 33192 lo0 Any help would be greatly appreciated. Thanks! John You have a network behind a network. The router that is connected to the internet only knows about the networks that it is directly attached to. You would need to tell the external router about the innermost network through a static route. From 10.1.11.100 I am not able to ping 10.1.3.1. ok, thank you very much. I put static routes into my router and now it's dialed in. thanks!
carp for one server?
I know carp is the way to go to provide address redundancy but I was wondering if it's the best way to do it on one server? I've got two interfaces and I'd like to only use one public ip address. Is carp the way to go or is there a better way? thanks!
Re: carp for one server?
perfect! thank you! On 1/9/07, Bret Lambert [EMAIL PROTECTED] wrote: On Tue, 2007-01-09 at 10:12 -0800, John Brahy wrote: I know carp is the way to go to provide address redundancy but I was wondering if it's the best way to do it on one server? I've got two interfaces and I'd like to only use one public ip address. Is carp the way to go or is there a better way? Depending on your setup, trunk(4) in failover mode might be just as useful. -Bert thanks!
ifconfig commands for trunk0 to hostname.trunk0
How would I translate this into /etc/hostname.trunk0? ifconfig em0 up ifconfig em1 up ifconfig trunk0 trunkport em0 trunkport em1 xx.xx.xx.xx netmask 255.255.255.0 should it just be !/sbin/ifconfig em0 up !/sbin/ifconfig em1 up !/sbin/ifconfig trunk0 trunkport em0 trunkport em1 xx.xx.xx.xx netmask 255.255.255.0 or is there a more syntactically correct way to to it?
Partitions
At first I didn't understand the reason for all the partitions ( http://archives.neohapsis.com/archives/openbsd/2001-01/1654.html) now I can't have enough partitions In my official OpenBSD CD sleeve it says to create these partitions: / swap /tmp /var /usr /home and over time I have learned to appreciate these, but lately I have been creating more partitions /usr/src /usr/obj are two of the ones that are suggested when rebuilding my system and I definitely like the speed of doing a newfs to /usr/obj I also have been putting mysql on it's own partition and then I got a little crazier and added more partitions and my list has grown to this: / /home /tmp /var /var/mysql /usr /usr/local /usr/src /usr/obj /usr/Xbld /usr/XF4 /usr/local /virtualhosts So am I going overboard? or am I missing any good partions. when I first posted Nick Holland replied with several reasons to have multiple partions. Those being security, fragmentation, protecting the filesystem from overfilling, organization and space tracking. does increasing the amount of partitions increase access to the files on that partition? Any feedback would be appreciated. Thanks, John
T1 and DSL failover? redundancy?
I was hoping to get some suggestions on the best way to handle this. We just put a DSL line for inet backup and I'd like to have it automagically failover. We are running OpenBSD 3.9 -stable on a box with four interfaces. Currently we have one interface connected to our private network and one interface connected to our router. I could connect the DSL router and the t-1 router directly to my firewall on two seperate interfaces and maintain two seperate pf.conf files and manually change the active interface. this isn't what I want to do but I know it will work. What are my other options? I'd like to have it automatically fail over but I'm not sure what is required to do that. Thanks, John
problems booting off wrong drive
I've got two drives in a OpenBSD 3.9 amd64 server. one that used to be the root drive in an old 3.8 system and a new drive that I've installed a fresh copy of OpenBSD 3.9. I want to boot up on just one of the drives but for some reason when I put the second drive in the server it tries to take over the root drive. I've tried switching the SATA cables between them and changing the boot option for boot hd0a:/bsd and hd1a:/bsd and I get the same errors. I attempted to find a way to make the secondary drive not bootable by booting up on my Official OpenBSD 3.9 CD and running a shell and then fdisking it, but I didn't find anywhere I could turn the bootable flag off. Any suggestions on what I can do? Thanks, John
Re: problems booting off wrong drive
WOOHOO I figured it out. It was my root device. http://www.openbsd.org/faq/faq8.html#Bootloader boot -a allowed me to chose a different root device. I didn't realize that was going on but after booting several times I realized there was a line that said root_device wd1a thanks to the FAQ maintainer! On 6/2/06, John Brahy [EMAIL PROTECTED] wrote: I've got two drives in a OpenBSD 3.9 amd64 server. one that used to be the root drive in an old 3.8 system and a new drive that I've installed a fresh copy of OpenBSD 3.9. I want to boot up on just one of the drives but for some reason when I put the second drive in the server it tries to take over the root drive. I've tried switching the SATA cables between them and changing the boot option for boot hd0a:/bsd and hd1a:/bsd and I get the same errors. I attempted to find a way to make the secondary drive not bootable by booting up on my Official OpenBSD 3.9 CD and running a shell and then fdisking it, but I didn't find anywhere I could turn the bootable flag off. Any suggestions on what I can do? Thanks, John
Re: one drive in a raid 0 failed, can I save any data?
It turned out that I actually configured it as a raid 1 so I have a mirrored disk. I appreciate everyone's help and now I have options if I'm ever in the situation that I thought I was in. The best advice that I got was from Samuri Chef telling me to check out this software: http://www.data-recovery-software.net it turned out to be able to read ffs which was very nice. But when I went to use it, I found out that I had a raid 1. I remember having two 80 GB drives and my disk size was 160GB so I assumed that my raid was level zero. But it turned out that I never used the 80 GB drives and I actually had two 160GB drives. So, I made a big mistake and I'm definitely feeling much better now. Thank you to everyone for all your help and sorry for wasting your time. John
one drive in a raid 0 failed, can I save any data?
For a couple weeks I was running without backups and one of the drives died. Is there a way to recover any of the data from the drives?
Re: no data channel with pf/ftp-proxy on 3.9
ok, I just modified my configuration to be the same as the example pf.conf I have ftp-proxy going and I've even tried setting -r but that still doesn't do it. Here is my pf.conf # macros externalInterface=sis0 internalInterface=fxp0 tcp_services={ 22, 113 } icmp_types=echoreq webServer=10.1.1.191 # options set block-policy return set loginterface $externalInterface set skip on lo # scrub scrub in # nat/rdr nat on $externalInterface from !($externalInterface) - ($externalInterface:0) nat-anchor ftp-proxy/* rdr-anchor ftp-proxy/* rdr pass on $internalInterface proto tcp to port ftp - 127.0.0.1 port 8021 rdr on $externalInterface proto tcp from any to any port 80 - $webServer # filter rules block in pass out keep state anchor ftp-proxy/* antispoof quick for { lo $internalInterface } pass in on $externalInterface inet proto tcp from any to ($externalInterface) port $tcp_services flags S/SA keep state pass in on $externalInterface inet proto tcp from any to $webServer port 80 flags S/SA synproxy state pass in inet proto icmp all icmp-type $icmp_types keep state pass quick on $internalInterface
no data channel with pf/ftp-proxy on 3.9
on a fresh install of OpenBSD 3.9 from reading http://www.openbsd.org/faq/pf/ftp.html edited my pf.conf and added these lines: nat-anchor ftp-proxy/* rdr-anchor ftp-proxy/* rdr on $internalInterface proto tcp from any to any port 21 - 127.0.0.1port 8021 anchor ftp-proxy/* I also uncommented ftp-proxy=NO in /etc/rc.conf ftpproxy_flags= debugged connection with ftp-proxy -d -D7 and saw that it gets to the data portion showing the entire login sequence and stopping at LIST and my ftp client shows this: Command:LIST Response:425 Can't open data connection. Error:Could not retrieve directory listing I use sftp whereever I can but some of my clients don't so I have to have ftp available to my developers, but they can't get to certain ftp servers. Is there something obvious that I am leaving out? Here is my paired down pf.conf. I'm just trying to get things working again. internalInterface=fxp0 externalInterface=sis0 nat-anchor ftp-proxy/* nat on $externalInterface from $internalInterface:network to any - ($externalInterface) rdr-anchor ftp-proxy/* rdr on $internalInterface proto tcp from any to any port 21 - 127.0.0.1port 8021 anchor ftp-proxy/* pass in log on $externalInterface inet proto tcp from any to $externalInterface user proxy keep state
out of filehandles/ too many users/ mysql and apache problem
How do I increase my available filehandles? I tried sysctl kern.maxfiles=32768 but it doesn't seem to help. The reason that i think I need to increase my filehandles is because I'm averaging about 1200 simutaneos users on a website that I'm hosting and the mysql database keeps crashing with (errno: 9) saying it can't find files that I know are there. As soon as I do a pkill -HUP httpd and a mysql.serverrestart everything works for a bit more until we get another traffic surge. fstat | wc -l usually returns about 6000 lines. Am I crazy?
no content when sending mail to a program via .forward
I'm writing a program that will take email based searches, .forward seems like the simplest way to accomplish this. The problem that I am having is that I don't know how to access the content of the email. I tried argv and env but neither gave me a clue on how to access the actual message. I know there has to be a way to do this since this is the way procmail works. Can anyone give me an idea of where do look for the message data? the variables I found were: CLIENT_ADDRESS= PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin SHELL=/bin/ksh USER=search HOME=/home/search [EMAIL PROTECTED] MAIL_CONFIG=/etc/postfix CLIENT_PROTOCOL=ESMTP CLIENT_HELO=domain.com DOMAIN=domain.com LOCAL=search [EMAIL PROTECTED] LOGNAME=search
Re: no content when sending mail to a program via .forward
yeah, that was it. I should have thought of that. Too many beers and jager shots last night at a punk rock show. On 4/28/06, Darrin Chandler [EMAIL PROTECTED] wrote: Last time I messed with that I think everything was on stdin... -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Where can I buy Accoom Networks Artery WAN card?
ok, since an OpenBSD developer wrote the driver for the Accoom Networks Artery WAN card, I'm going to use that over the other two but I can't find anywhere to purchase it. The www.accoom.net site only has a pdf of it that doen't have any contact information. Does anyone know where I can purchase one? Preferably a dual t-1 card. Thanks, John
Best WAN Adaper?
On http://www.openbsd.org/i386.html#hardware it lists three WAN Adapters, does anyone have any suggestions on one over the other? - Accoom Networks Artery T1/E1 WAN interfaces (arthttp://www.openbsd.org/cgi-bin/man.cgi?query=artarch=i386sektion=4) (G) - SBE (formerly Lan Media Corporation) SSI (T1)/HSSI/DS1/DS3 WAN interfaces (lmchttp://www.openbsd.org/cgi-bin/man.cgi?query=lmcarch=i386sektion=4) (G) - Sangoma Technologies AFT T1/E1 WAN interfaces (sanhttp://www.openbsd.org/cgi-bin/man.cgi?query=sanarch=i386sektion=4) (G) Thanks, John
Is there a OpenBSD friendly hardware vendor out there?
I have always purchased dell servers but I got screwed by adaptec. Does HP, IBM, or anyone else provide a 1u rack mount server with hardware raid that is fully supported by OpenBSD? Or do I have to go to each vendor and get them to tell me the chipset for each part? Thanks, John
Re: perl interface to pf?
You're totally correct and I replied to him and apologized. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Thomas Sent: Tuesday, November 01, 2005 1:09 PM To: OpenBSD-Misc Subject: Re: perl interface to pf? On 11/1/05, John Brahy [EMAIL PROTECTED] wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Diana Eichert Sent: Tuesday, November 01, 2005 9:47 AM To: misc@openbsd.org Subject: Re: perl interface to pf? On Tue, 1 Nov 2005, Bob Beck wrote: * Marco Peereboom [EMAIL PROTECTED] [2005-11-01 10:11]: This is the weirdest thing I have heard all week. On Tue, Nov 01, 2005 at 08:36:59AM -0800, John N. Brahy wrote: Is there a perl interface to pf? 8 #!/usr/bin/perl if ((not 0 not 1) != (!0 !1)) { print No, just exec pfctl from within perl.\n; print But feed it carefully, and know how perl works.\n; } else { print Of course, that's a great idea! everyone groks perl!\n; } But, I need it in Ruby said the Whiney User. I can't believe all the stupid responses I received due to this email. They were much smarter and better informed than your reply to Bob Ababurko. Greg
Re: perl script for postfix logs to create spamd tables
Does anyone have a script that parses postfix logs and adds servers to the spamd tables? I do use and love spamd, but what I want to accomplish is to add servers that are attempting dictionary attacks and such into the spamd tables. Someone else emailed me directly and mentioned adding servers that I send outgoing emails to, to a whitelist which I like also. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad M Stewart Sent: Monday, October 31, 2005 2:56 PM To: John N. Brahy Cc: misc@openbsd.org Subject: Re: perl script for postfix logs to create spamd tables Why would you want to do that? Put spamd in front of postfix and sit back and watch the spammers waste their time. Sure the first few hours can be trying as legitimate mail trickles through. Before I deployed spamd for the first time I lowered the passtime and tested. Once I was satisfied that things would work as they should I put spamd in production. When I started getting my misc@ messages again I knew things were working. :) Today I got my first indication that another site is having problems. A credit card company told me when I logged into their website that my email address was no longer valid and to please update. The funny thing is that some messages from them do make it to me. I look at it this way, the problem is on their end. spamd simply enforces the RFCs and after all following the RFCs is a good thing. I remember the mid 90s when there were so many totally ignorant SMTP servers out there. Perhaps there are still some, but overall things appear to be much better now. If the sending site can't be bothered to run a mail system that honors a simple and basic component of the RFCs then they don't take email seriously. With my old bank I had to tell them to fix their sending gateways, they did and I started getting messages again. I sent their zone contact the relevant part of the RFCs. -Chad
Re: OpenBSD 3.8 song
I totally love the idea but it's not a song. The skit was great but I was really hoping to blast some music everything I got a error from my raid array because of this problem. It should be a good punk rock song! How about God Save the RAID? God save the RAID her fascist regime Share the documentation, so we can fix our bugs! God save the RAID she ain't no human being There is no future in Adaptec's scheming We want redundancy that's what we need! There's no future no future no future for you God save the RAID we mean it man (God save OpenBSD) We love our RAID God saves (God save... human beings) God save the RAID cos servers are money And we don't want to buy new cards for them Oh God save redundancy God save your auto repairs! Oh lord God have mercy all crimes are paid When there's no future how can there be sin We're the db handles in the dustbin We're the errors in your application We're the future your future God save the RAID we mean it man There is no future in Adaptec's scheming No future for you no future for me No future no future for you -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Theo de Raadt Sent: Tuesday, September 27, 2005 9:25 AM To: [EMAIL PROTECTED] Subject: OpenBSD 3.8 song The OpenBSD 3.8 song is now available, at http://www.openbsd.org/lyrics.html#38 Many wonderful new things have made it into OpenBSD 3.8, but we wanted to focus on one particular thing -- our support for native free-software RAID management on at least one brand of RAID card, those made by AMI. The song is entitled Hackers of the Lost RAID. I hope people enjoy it. Both ogg and mp3 versions are available. But please also look at what is up and coming in 3.8 http://www.openbsd.org/38.html (As always, the song is released a little bit after pre-orders go up, to encourage a few more people to order our CDs or tshirts, or donate to the project. It is this small bit of revenue that keeps our project active at doing these things. And... the hackathon hotel is already pre-booked for next year :)
Re: Dell PowerEdge 2650
I've got two poweredge 2650's w/ PERC 3/di raid cards and I've tried OpenBSD 3.7, 3.6 and 3.5. I've found that the aac in 3.7 is completely unstable, the aac in 3.6 would have problems after an hour or so of heavy use. BUT, 3.5 seems to be stable but now I'm stuck on a version of an os that is about to become unsupported. I think the only long term solution is to change hardware. I have been considering Sun's trade in offer. I haven't found it on Sun's site but it is mentioned here (http://www.theinquirer.net/?article=26143) I have a friend that's a Sun dealer www.acsacs.com and they said they honor it. I don't believe they sell online. Does anyone know if OpenBSD likes this hardware? It's really Adaptec's fault. Those fuckers won't give up the source so the OpenBSD developers can't provide a good driver for their hardware. My company will not purchase any more servers from Dell as long as they continue to use Adaptec cards. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jan Johansson Sent: Tuesday, September 20, 2005 8:14 AM To: Ryan Rothert Cc: misc@openbsd.org Subject: Re: Dell PowerEdge 2650 Ryan Rothert [EMAIL PROTECTED] wrote: 3.6 will install on it. I believe the aac driver still exists but is disabled by default. You could install 3.6, recompile the kernel with aac support enabled then upgrade. This is a bad advice. The aac driver was disabled because it was broken and could not be fixed because there was no documentation. Using aac is like playing Russian Roulette with your data.
Re: MaxDB on 3.6? or just ndb_mgm[d ]?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Spruell, Darren-Perot Sent: Tuesday, August 30, 2005 1:11 PM To: misc@openbsd.org Subject: Re: MaxDB on 3.6? or just ndb_mgm[d ]? From: John N. Brahy [mailto:[EMAIL PROTECTED] I'm trying to build a OpenBSD mysql cluster and I haven't been able to fully compile the mysql build tools that are required to compile the MaxDB so I can get ndb_mgmd and ndb_mgm. Does anyone have a patch to make it work or a package with those two binaries? John, the mysql cluster stuff is part of the stock mysql-4.1 source distribution nowadays. At a previous company we used it with 4.1.7 and higher. You shouldn't need to worry about MaxDB if you are after the cluster stuff (don't know if you might need it for other reasons, but...) To my knowledge you should just be able to compile mysql-4.1 with cluster it like any other app - there should be a configure switch that controls it. DS Just for the archives I have three servers, one 3.5 and two 3.6 servers. I tried to upgrade but 3.7 doesn't work with Dell PERC 3/Di raid arrays so I'm stuck with older versions right now. I tried all the available binary versions of mysql and there were different problems with each and the one for 3.5 was a beta version anyway. But, thanks to OpenBSD's linux emulation I was able to install the /usr/ports/emul/redhat emulation port and then download statically linked versions of linux mysql 4.1.14 max now everything is working fine.