protected domain for tap for vmm vms
Hello, I was checking bridge's protected domains and I'm curious how to add VMM VM's tap into a VMM switch/bridge protected domain. It seems it's not implemented yet. I wanted to achieve this: - multiple VMM VMs in same switch/bridge - VMs cannot talk to each other inside the bridge hence protected domain - VMs can access uplink via bridge's vether Jiri
Re: asm avr
On Thu, 22 Sep 2011 23:20:19 +0800 igor denisov saufe...@gmail.com wrote: Hello there, I installed avr-binutils and tried to use it on some code and something strange happened. When I tried to compile code it appeared that the m16def.inc had a bad syntacs the file is from ATMEL site. What I did wrong? You posted to bad list. OMG we will be again spammed with your silly mails :( jirib
Re: BSD Day 2011
On Fri, 9 Sep 2011 11:13:43 +0200 Henning Brauer lists-open...@bsws.de wrote: * Tomas Bodzar tomas.bod...@gmail.com [2011-09-08 18:33]: Are some of the devs attending or no one invited? http://www.bsdday.eu/2011 first time I personally hear about this at all. Lua and FreeBSD and neologism, lol. jirib
Re: essential reading for beginning OpenBSD users
On Tue, 6 Sep 2011 10:27:22 -0400 Daniel Villarreal yclwebmas...@gmail.com wrote: I consider the following to be essential reading for beginning OpenBSD users... Absolute FreeBSD, 2nd Edition information by Michael W. Lucas... http://www.nostarch.com/abs_bsd2.htm Don't forget the Book of PF, 2nd Edition by Peter N.M. Hansteen ... http://nostarch.com/pf2.htm Over the years I've spent a lot of money on O'Reilly GNU/Linux books, but the 1st ed. versions of the above books astound me with their clarity in explaining very technical concepts in an easy-to-understand manner. I never before considered technical computer writing to be elegantly handled, but combined with the man pages, the documentation is simply superb. Usually I wouldn't even consider buying a newer version of a computer book I already have, but I will be buying the second editions of said books when I can. Thanks for your efforts! Daniel Villarreal On Tue, Sep 6, 2011 at 7:12 AM, Amit Kulkarni amitk...@gmail.com wrote: Lucas is bringing out a 2nd edition of absolute openbsd, which i am gonna buy I consider the best: man afterboot man hier :DD jirib
Re: Most secure Operating-System?
On Mon, 5 Sep 2011 23:55:52 +1000 Alec Taylor alec.tayl...@gmail.com wrote: Good evening, What's the most secure operating system? /me is thinking OpenBSD Features required: TCP/IP Suite with IPv4 and IPv6 (yeah, I know, big security loss by incorporating Internet access!) GUI Web-server (with HTTPS capabilities) LDAP+-Kerberos server for User auth CAS or similar for SSO Radius or (preferably) Diameter support Java support WINE compatible Multithreaded Multi-processor capable Wide architecture support (x86, x64, mainframes) If my project proposal is successful, I will be implementing this system to replace a Windows environment at one of the largest banks in the country. Do NOT smoke that sh1t too much, or if you wanted to be funny you are not. jirib
Re: dump/restore - individual file
On Sun, 21 Aug 2011 18:22:15 -0500 Stefan Johnson tigerphoenixdra...@gmail.com wrote: # restore -xf root.dump './etc/pf.conf' restore: ./etc: File exists You have not read any tapes yet. Unless you know which volume your file(s) are on you should start with the last volume and work towards the first. Specify next volume #: And here I'm failing, why volume? Thank you for tips. jirib I believe restore with -x flag always asks for which volume, even if it is just a dump to a file. Just tell it to use volume 1 (type 1 then hit enter.) Also, I notice in your dump example, you dumped the raw device. You can just tell it to use / instead, and it will dump just fine as well. Hi, it would be nice if `restore' would know if it is restoring from a file or from a tape. Even `-s 1' doesn't supress prompting for volume number. This is from AIX man page: -s SeekBackup Specifies the backup to seek and restore on a multiple-backup tape archive. The -s flag is only applicable when the archive is written to a tape device. To use the -s flag properly, a no-rewind-on-close and no-retension-on-open tape device, such as /dev/rmt0.1 or /dev/rmt0.5, must be specified. If the -s flag is specified with a rewind tape device, the restore command displays an error message and exits with a nonzero return code. If a no-rewind tape device is used and the -s flag is not specified, a default value of -s 1 is used. The value of the SeekBackup parameter must be in the range of 1 to 100 inclusive. It is necessary to use a no-rewind-on-close, no-retension-on-open tape device because of the behavior of the -s flag. The value specified with -s is relative to the position of the tapes read/write head and not to an archives position on the tape. For example, to restore the first, second, and fourth backups from a multiple-backup tape archive, the respective values for the -s flag would be -s 1, -s 1, and -s 2. I cannot do C so I cannot send a diff :( jirib
dump/restore - individual file
hello, i use `restore' command quite often to restore individual files but not on OpenBSD but AIX. I'm trying to do the same on OpenBSD but I'm failing, how to do that on OpenBSD? Imagine you `dump' a FS and then you need to recover some files. # df -h / Filesystem SizeUsed Avail Capacity Mounted on /dev/sd0a 96.4M 69.9M 21.7M76%/ # dump -0af /tmp/root.dump /dev/rsd0a DUMP: Date of this level 0 dump: Sun Aug 21 22:13:45 2011 DUMP: Date of last level 0 dump: the epoch DUMP: Dumping /dev/rsd0a to /tmp/root.dump DUMP: mapping (Pass I) [regular files] DUMP: mapping (Pass II) [directories] DUMP: estimated 72646 tape blocks. DUMP: Volume 1 started at: Sun Aug 21 22:13:45 2011 DUMP: dumping (Pass III) [directories] DUMP: dumping (Pass IV) [regular files] DUMP: 73963 tape blocks on 1 volume DUMP: Date of this level 0 dump: Sun Aug 21 22:13:45 2011 DUMP: Volume 1 completed at: Sun Aug 21 22:13:59 2011 DUMP: Volume 1 took 0:00:14 DUMP: Volume 1 transfer rate: 5283 KB/s DUMP: Date this dump completed: Sun Aug 21 22:13:59 2011 DUMP: Average transfer rate: 5283 KB/s DUMP: Closing /tmp/root.dump DUMP: DUMP IS DONE # restore -tf root.dump | egrep \./etc/pf\.conf$ Level 0 dump of an unlisted file system on t400.example.com:/dev/rsd0a Label: none 3789 ./etc/pf.conf # restore -xf root.dump './etc/pf.conf' restore: ./etc: File exists You have not read any tapes yet. Unless you know which volume your file(s) are on you should start with the last volume and work towards the first. Specify next volume #: And here I'm failing, why volume? Thank you for tips. jirib
eSATA, SATA port multiplier, storage chasis and OpenBSD
Hello all, I was google for a external storage chasis as cheap alternative to expensive SANs - http://www.addonics.com/products/raid_system/rack_overview.asp What is the support status of eSATA/SATA port multiplier? I have never used this technology but as I understand it it means that with one cable you can see multiple disks... Addonics offer even RAID but I looks like fake/soft raid. Do you use any external storage chasis which are dumb - it means no SAN software and this fancy expensive stuff? jirib
Re: Debugging an app running in compat_linux
On Tue, 26 Jul 2011 19:41:24 -0400 Ted Unangst t...@tedunangst.com wrote: On Tue, Jul 26, 2011, jirib wrote: I'm trying to make running ATTclient (basically it is some programs for authentication, the network [vpn] setup is similar to vpnc). After I start one of its daemon the system is completelly blocked - stucked. No error, no kernel panic, nothing happens after pressing any key. Any tips how could I do some debugging? The first thing to try would be another version. You don't mention which version you're running now, so all I can suggest is not that one. Hello, using latest -current snapshot of course ;) And the ugly app is ftp://ftp.attglobal.net/pub/custom/ibm_linux/agnclient-1.0-2.0.1.3003.i386.rpm I will try some ooold version then. jirib
Debugging an app running in compat_linux
Hello, I'm trying to make running ATTclient (basically it is some programs for authentication, the network [vpn] setup is similar to vpnc). After I start one of its daemon the system is completelly blocked - stucked. No error, no kernel panic, nothing happens after pressing any key. Any tips how could I do some debugging? Thank you. jirib
Re: openbsd 4.9 based UTM
On Tue, 19 Jul 2011 12:41:40 +0200 Otto Moerbeek o...@drijf.net wrote: On Tue, Jul 19, 2011 at 11:34:48AM +0100, citoyen citoyen wrote: Hi, I'm about starting a project of building my own High secure UTM based on the last openbsd flower 4.9, i can do all system and network configs needed by myself but I'm wondering what language to use in order to get my UTM configurable from a web browser. any pointers or help are welcome. Thanks in advance. What IS an UTM? Marketing :) First start with good design, see for example series about tunneling from corporate network on undeadly.org jirib
Re: How does OpenBSD compare to Ubuntu Server?
On Thu, 7 Jul 2011 09:02:08 -0400 Juan Miscaro jmisc...@gmail.com wrote: Was wondering what advantages OpenBSD has over a progressive Linux distribution such as Ubuntu (Server edition). Are you kidding? Ubuntu? Where installed daemons are running by default, where there is no command to disable shitty upstart daemons? I installed once mysql on Ubuntu, just to check something, i disabled that ugly symlinks in rcX.d via update-rc.d and it was after reboot running -- well bloody hell, it has also upstart script, OMFG! jirib
Re: Anyone know of an smtp-proxy (or other mechanism) for routing mail to different IMAP servers depending recipient address?
On Thu, 7 Jul 2011 13:42:00 -0400 IT Guy it...@barrett.com wrote: Hi all, I'm in the process of migrating our company from a certain proprietary mail system to a new OpenBSD mailserver (IMAP + Postfix). I'd like to be able to migrate our users one at a time rather than do the whole company in one fell swoop. Does anyone know of a good/easy way to conditionally route incoming mail based on the envelope recipient address? (Basically I want migrated users to start getting their mail from the new box, while the other users continue to connect to the old server) I looked in the ports tree and didn't see an smtp proxy per se. Also the relayd manpage seemed relevant but I've never used that daemon before and thus am not sure. I'm a newbie in this area, so any suggestions/guidance would be greatly appreciated. Thanks in advance. :-) Dre Never tried myself but... http://anfi.homeunix.org/sendmail/smarttab.html jirib
Re: DUID's and fstab
On Tue, 12 Apr 2011 02:06:51 +0400 Alexander Polakov polac...@gmail.com wrote: I am probably misunderstanding something, but are DUID's supposed to be used in place of device filenames in fstab? I suppose they are, so this looks strange to me: % sudo mount f777cc5bbeded528.a mount: can't find fstab entry for f777cc5bbeded528.a. I was always in believing that one has to define mountpoint for `mount' without specifying device, like `mount /foo'. Eh? jirib
Re: Citrix ICAclient hangs whole PC with latest i386 PC
On Tue, 12 Apr 2011 05:36:50 +0200 Tomas Bodzar tomas.bod...@gmail.com wrote: Hi, will try ktrace and log output of Citrix too. Yesterday when I saw that crash word in output of last I thought that maybe I can enter ddb. Will test that today and you can expect outputs. Anyway no need to worry about it right now, you have holidays and I have workaround - use java version, it works quite OK, example: java -cp ./JICAEngN.jar com.citrix.JICA -httpbrowseraddress:x.x.250.111 -initialprogram:#WIN2KAPPS -username:x -address:WIN2KAPPS -launcher:Custom -desiredvres:768 -desiredhres:1024 -password:x -end:terminate jirib
Re: place xenocara compile output into /scratch
On Sat, 09 Apr 2011 02:58:47 -0400 STeve Andre' and...@msu.edu wrote: On 04/08/11 23:57, Amit Kulkarni wrote: hi, how do i redirect a compile of xenocara to say /scratch? i can do that easily for userland using cd /usr/src/etc env DESTDIR=/scratch make distrib-dirs i don't want to fiddle too much like changing X11BASE X11ETC just a simple way to do it. thanks Why don't you use script(1) to capture things? That way you never have to tweak anything. --STeve Andre' Or tmux and pipe-pane ;) very nice. jirib
Re: mysql problem
On Fri, 8 Apr 2011 09:52:15 +0200 Gianluca D'Auri Muscelli g...@email.it wrote: Hi, i'v installed postfix-mysql + mysql-server + courier-imap and imap-ssl + courier-pop and pop-ssl on OpenBSD 4.8-Stable But now i have a problem with vmail and mysql, i'v created the database for postfix users Pastebin link of database: http://pastebin.com/70qd43AZ And i insert my account into database mail with: mysql INSERT INTO users (login, name, password, maildir) - VALUES ('gdrm@my_domain.org', 'Gianluca', ENCRYPT('my_password'), - '/my_site.org/gdrm/'); When i connect with mutt: mutt -f imaps://my_u...@example.com@localhost the password does not match! Or when i try: sudo -u vmail mutt -f /var/vmail/mydomain.org/user_name I don't know where is the problem, can u help me?? Tks vvm This is postfix related, not OpenBSD. You are on bad list. jirib
Re: sftp-server logging with chroot in OpenBSD?
On Sun, 27 Mar 2011 21:38:58 +0800 Marcus f5b...@gmail.com wrote: sftp-server logging with chroot in OpenBSD? I want to log upload/download information in sftp server I don't know where is your problem but this is how it works for me ;) jirib Match User ChrootDirectory /data/share PasswordAuthentication yes X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp -R -l INFO -f LOCAL0 Match User ChrootDirectory /data/share PasswordAuthentication yes X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp -l INFO -f LOCAL $ ls -l /data/share/dev/log srw-rw-rw- 1 root wheel 0 Mar 26 09:21 /data/share/dev/log= $ sftp @localhost Connected to localhost. sftp ls drupal ebooks movies musicopenbsd upload video sftp quit $ tail /var/log/ Dec 22 02:30:39 t400 internal-sftp[24742]: closedir /disk/0/openbsd Dec 22 02:30:41 t400 internal-sftp[24742]: opendir /disk/1/openbsd/cvs Dec 22 02:30:41 t400 internal-sftp[24742]: closedir /disk/1/openbsd/cvs Dec 22 02:30:45 t400 internal-sftp[24742]: opendir /disk/1/openbsd/cvs/ports Dec 22 02:30:45 t400 internal-sftp[24742]: closedir /disk/1/openbsd/cvs/ports Dec 22 02:30:50 t400 internal-sftp[24742]: session closed for local user from [127.0.0.1] Mar 27 18:52:09 t400 internal-sftp[892]: session opened for local user from [127.0.0.1] Mar 27 18:52:10 t400 internal-sftp[892]: opendir /pub Mar 27 18:52:10 t400 internal-sftp[892]: closedir /pub Mar 27 18:52:12 t400 internal-sftp[892]: session closed for local user from [127.0.0.1]
Re: pf rdr-to outgoing to local port issues
On Sat, 19 Mar 2011 21:28:09 +0100 Henning Brauer lists-open...@bsws.de wrote: it was working for me - rdr-to outbound to a daemon on the firewall itself, but I deleted that virtual machine... rdr-to is usually applied inbound. If applied outbound, rdr-to to a local IP address is not supported. I would put my hand in fire -- it was working :) I read the manpage but I don't get it, how could it work then? pretty certain it could not have worked. the rdr-to in this case is too late and the local/remote decision already taken. Hi, I understand I'm becoming annoying but it worked, but maybe I was on drugs... Unfortunatelly no evidence in hand now :) I tested like this: * ssh -D remotehost * redsocks listening on 127.0.0.1:12345 and redirecting to 127.0.0.1: * pf redirecting www to 127.0.0.1:12345 * lynx ipid.shat.net Finally I saw in lynx IP of remote ssh socks5 tunnel. Any idea how to redirect outgoing traffic to local port? Would this be hard to add such funcionality into PF? (I don't like such comparisons but it can be done on other OS.) This feature would be handy to people doing system-wide socksifying (I already saw apps which spawned another apps and thus it was not socksified), or people who want to run almost everything via Tor or similar anonymizing networks -- I think it's better to socksify Tor traffic on OS level because one can misconfigure his application). Thank you for help! jirib
Re: full disk encryption google chrome on OpenBSD!
On Fri, 18 Mar 2011 09:11:26 -0500 Marco Peereboom sl...@peereboom.us wrote: On Fri, Mar 18, 2011 at 07:02:58AM -0700, johhny_at_poland77 wrote: So our point is, if there is a good method to encrypt the full disk [like with dm-crypt/AES/under Linux], and we could have an up-to-date google chrome browser on OpenBSD, then it could be a very very good operating system for daily use! Dear community! Can someone please post small and compact [pointed] howtos, how to install an OpenBSD with full disk encryption, and how can we install google chrome on it? It's very important! Thank you in anticipation! It isn't important at all for me so I have no idea what you are talking about. And if you use chrome why would you bother encrypting your disk anyway? Nobody has mentioned that it is impossible to have full disk encryption right now -- one has to have root fs - / - unencrypted. But let's see... there was a commit to add detection of softraid into boot loader. jirib
Re: pf rdr-to outgoing to local port issues
On Fri, 25 Feb 2011 10:21:20 +0100 Henning Brauer lists-open...@bsws.de wrote: * william dunand william.dun...@gmail.com [2011-02-25 05:26]: pass out log(matches) quick inet proto tcp from any to 89.176.141.250 port = www rdr-to 127.0.0.1 port 8080 I think rdr-to is meant to be use on inbound rules. we allow rdr-to outbound too now. it has caveats, and - surprise! - they are described in the manpage. this example hits a caveat. Hi, it was working for me - rdr-to outbound to a daemon on the firewall itself, but I deleted that virtual machine... rdr-to is usually applied inbound. If applied outbound, rdr-to to a local IP address is not supported. I would put my hand in fire -- it was working :) I read the manpage but I don't get it, how could it work then? Thanks for help. jirib
Re: syslog - log program output to its own file
On Mon, 14 Mar 2011 13:07:02 +1300 Paul M l...@no-tek.com wrote: I have a program who's output I want to log exclusively to it's own file. Which is to say I dont want any of it's output appearing in the system logs. Reading the syslog man pages this doesn't seem possible: If I put !!myprog *.* /path/to/logfile localX, check manpage. i would go with rsyslog seems better. jirib
Re: Chrooting users the right way
[EMAIL PROTECTED] wrote: Hi I am setting up a new OpenBSD machine in which I want to chroot users. I don't want to use any of the patching solutions to OpenSSH but want to implement a real system chroot solution so any user, who is chrooted, is jailed even if he logs in manually. I have tried to find articles on this, but haven't been succesfull. Does anyone know of a good tutorial on how to do this on OpenBSD? Best and kind regards. Rico Secada. Hi, just try to use combination of directives of sshd_config (Match ForceCommand) and your own made script-wrapper for systrace... Something like this: sshd_config ForceCommand /path/to/systrace-wrapper systrace-wrapper: /bin/systrace -a /usr/libexec/sftp-server