Re: openbsd router hardware
On Sat, 01 Mar 2008 20:32:33 -0500 "Brian A. Seklecki (Mobile)" <[EMAIL PROTECTED]> wrote: > > On Mon, 2007-12-24 at 13:29 +0100, Joerg Zinke wrote: > > Hi, > > > > I'm looking for hardware to install an openbsd based dsl-router. > > I already searched the list archives and looked at WRAP and Soekris, > > but it seems that they do not match my requirements: > > > > - fanless > > - as small as possible > > - Soekris > - Routerboard > - Axiomtek > - ARInfotek > - Nexcom > - Advantech > - Acrosser > - Win Enterprises > > I think that we can agree that you really want to avoid VIA-anything. > You really get what you pay for. Some set top models I've looked at: > > http://www.axiomtek.com/products/ViewProduct.asp?view=470 > > http://www.nexcom.com/product/productshow.jsp?iid=11&pid=919 > > http://www.advantech.com/products/Tabletop-Intel-Pentium-MProcessor-based-Platformwith-4-PCIe-LAN-Ports-MINIPCI-Expansion-Onboard/mod_1-2JKJKY.aspx > > > http://www.acrosser.com/Product/Networking% > 20applicance/VPN-V-Series/Firewall_eden_m9923.html > > > http://www.arinfotek.com/product/product.asp?idx=2002&pid=11 Thanks for all the links, I already have this box up and running: http://www.omtec.de/200/cgi-bin/artikel/121/ with a 80GB HDD (24/7) and an additionally built-in: ral0 at pci1 dev 6 function 0 "Ralink RT2561" rev 0x00: irq 11, address xx:xx:xx:xx:xx:xx ral0: MAC/BBP RT2561C, RF RT2527 And I ordered this: http://www.mini-itx.com/store/?c=42 together with this: http://www.mini-itx.com/store/?c=2#epiasn to build a NAS based on an Areca Hardware-Raid Controller (SATA-II). This will be my first VIA Board, will see how it works... Cheers, Joerg
Re: openbsd router hardware
Brian A. Seklecki (Mobile) wrote: I'm looking for hardware to install an openbsd based dsl-router. I already searched the list archives and looked at WRAP and Soekris, but it seems that they do not match my requirements: - fanless - as small as possible - Soekris - Routerboard - Axiomtek - ARInfotek - Nexcom - Advantech - Acrosser - Win Enterprises For the sake of completeness, let's add PC-Engines to the list. The ALIX boards probably come close to what is needed here, so does the Soekris net5501. Bot are small (the ALIX even smaller), have at least 3 LAN Ifs, fanless and USB 2.0.
Re: Cardbus bad Vcc request error with OpenBSD 4.2
Does your laptop have USB2? If so, it's the easy fix. I, also, have had small luck with cardbus on Toshibas up to the 2510 CDS, whereupon they begin to work (from dmesg): ( cpu0: Intel Pentium/MMX ("GenuineIntel" 586-class) 267 MHz ... cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 21 device 0 cacheline 0x0, lattimer 0x0 pcmcia1 at cardslot1 re0 at cardbus1 dev 0 function 0 "NETGEAR, GA511": RTL8169/8110SB (0x1000), irq 11, address 00:14:6c:2e:85:19 ) A 2500 and Satpro 4300 both didn't work and were cardbus too. Unfortunately, the 2510 was also when they introduced USB2 that worked. Dhu On Sat, 1 Mar 2008 21:51:39 -0500 "Vikas N Kumar" <[EMAIL PROTECTED]> wrote: > Hi All > > This is the first time I am trying OpenBSD (version 4.2) on my Pentium II > laptop (yes a very old laptop). > Everything has installed smoothly and fast, except that the cardbus is not > working, and since there is no in-built ethernet port in the laptop as it > is quite old, my only choice is to use a cardbus based pcmcia ethernet card. > But the cardbus slot itself gives an error when OpenBSD boots up. When I > use Linux on the same laptop, the cardbus slot and the card work just fine. > I tried googling for solutions but could not find any that worked. There is > nothing in the BIOS to turn on or off the cardbus since Linux does not > require it. I want to use OpenBSD on the laptop. > > Here are the details of my laptop, and card and some lines from dmesg > command. Unfortunately I cannot paste the dmesg since there is no way I can > get that off the laptop without using floppy drives etc. > > Laptop : HP Omnibook 4100 > CPU: Intel Pentium II 686-class 512KB L2 cache, 266 MHz > RAM : 64MB > Cardbus cbb0 : TI PCI1250 Cardbus > Cardbus cbb1 : TI PCI1250 Cardbus > Cardbus ethernet card : D-Link DFE-690TXD > > error from cbb0 and cbb1 while booting is as follows : > > cbb0: bad Vcc request. sock_ctrl 0xff88, sock_status 0x > cardslot0 at cbb0 slot 0 flags 0 > cardbus0 at cardslot0: bus 1 device 0 cacheline 0x8, lattimer 0x20 > pcmcia0 at cardslot0 > cbb1: bad Vcc request. sock_ctrl 0xff88, sock_status 0x > cardslot1 at cbb1 slot 1 flags 0 > cardbus1 at cardslot1: bus 2 device 0 cacheline 0x8, lattimer 0x20 > pcmcia1 at cardslot1 > > Any help will be greatly appreciated. > > Thanks and Regards > Vikas Kumar > > http://www.vikaskumar.org/
Re: Would a crypto-accelerators help WEP on Soekris?
On 2008-03-02, Andre Pierre <[EMAIL PROTECTED]> wrote: > One quick (silly) question. > Under OpenBSD 4.2 would such a card improve WEP performance, or is that > handled entirely by the wireless ath0 (mini-pci) card? > > It makes sense that a crypto-accelerator would help if the Soekris were > a VPN endpoint, but for WEP I think it probably is entirely useless, right? WEP is entirely useless :) Actually, it depends on what you want to achieve. Anyway, according to `main ath`, ath supports hardware WEP. -- Alexey Vatchenko http://www.bsdua.org
Re: bgpd again
On 2008-03-01, Erich <[EMAIL PROTECTED]> wrote: > Mar 1 21:00:58 interoute bgpd[30449]: neighbor 10.65.0.6 (iBGP): > received notification: HoldTimer > expired, unknown subcode 0 > Mar 1 21:10:26 interoute bgpd[30449]: neighbor 10.65.0.6 (iBGP): > received notification: HoldTimer > expired, unknown subcode 0 > > what does this mean? can't really say from this, try looking at the logs on the peer router.
ospfd not resyncing
I have a fairly simple set-up, where I have ospfd announcing a few routes to a Juniper router. Twice now, when the Juniper has been unreachable and has then come back on-line, the ospf routes have not reconverged on the Juniper end. It has taken a restart of the OSPF on the Juniper to resync the routes.. I've not tried restarting the ospfd's on the OpenBSD end but I presume that would also solve the issue. I suppose it's plausible this is a JunOS bug, and I'll look into that, but wondered if this is a known issue? OpenBSD/ospfd 4.2 RELEASE. -Paul-
/etc/ttys fields for reading from tty00
Dear List, I am crafting C util to read data from tty00 (amd64, i386; connected to the data src device directly by serial cable). What should I put in /etc/ttys for the tty00 to make sure I am doing things correctly? The util is to be run as root. Would be grateful for any pointers.
raidframe troubles
i did all the things reccommanded by the summary section of raidctl(8) (i even tried changing the 'a' partition to 'e', to be the same as in the man page, no luck), i also tried following http://unixsadm.blogspot.com/2007/10/openbsd-raidframe-mirror-software-raid.html no change either. my GENERIC.RAID is different from GENERIC in only two lines: pseudo-device raid 4 option RAID_AUTOCONFIG my trouble is: # newfs /dev/rraid0a /dev/rraid0a: 3564.5MB in 730 sectors of 512 bytes 18 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each super-block backups (for fsck -b #) at: 32, 414688, 829344, 1244000, 1658656, 2073312, 2487968, 2902624, 3317280, 3731936, 4146592, 4561248, 4975904, 5390560, 5805216, 6219872, 6634528, 7049184, # mount /dev/rraid0a /mnt/ mount_ffs: /dev/rraid0a on /mnt: Block device required :( some (hopefully) relevant info: # disklabel wd1 # Inside MBR partition 3: type A6 start 63 size 8434062 # /dev/rwd1c: type: ESDI disk: ESDI/IDE disk label: Maxtor 90432D2 flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 525 total sectors: 8440992 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a: 10 63 4.2BSD 2048 16384 16 b: 100 100063swap c: 84409920 unused 0 0 d: 7334062 1100063RAID # disklabel wd2 # Inside MBR partition 3: type A6 start 63 size 8434062 # /dev/rwd2c: type: ESDI disk: ESDI/IDE disk label: Maxtor 90432D2 flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 525 total sectors: 8440992 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a: 10 63 4.2BSD 2048 16384 16 b: 100 100063swap c: 84409920 unused 0 0 d: 7334062 1100063RAID # fdisk wd1 Disk: wd1 geometry: 525/255/63 [8440992 Sectors] Offset: 0 Signature: 0xAA55 Starting EndingLBA Info: #: id C H S - C H S [ start:size ] 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused *3: A6 0 1 1 -524 254 63 [ 63: 8434062 ] OpenBSD # fdisk wd2 Disk: wd2 geometry: 525/255/63 [8440992 Sectors] Offset: 0 Signature: 0xAA55 Starting EndingLBA Info: #: id C H S - C H S [ start:size ] 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused *3: A6 0 1 1 -524 254 63 [ 63: 8434062 ] OpenBSD # cat /etc/raid0.conf START array 1 2 0 START disks /dev/wd1d /dev/wd2d START layout 128 1 1 1 START queue fifo 100 # disklabel raid0 # Inside MBR partition 3: type A6 start 128 size 7333760 # /dev/rraid0c: type: RAID disk: raid label: fictitious flags: bytes/sector: 512 sectors/track: 128 tracks/cylinder: 8 sectors/cylinder: 1024 cylinders: 7162 total sectors: 7333888 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a: 730 128 4.2BSD 2048 163841 c: 73338880 unused 0 0 # fdisk raid0 Disk: raid0 geometry: 7162/8/128 [7333888 Sectors] Offset: 0 Signature: 0xAA55 Starting EndingLBA Info: #: id C H S - C H S [ start:size ] 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused *3: A6 0 1 1 - 7161 7 128 [ 128: 7333760 ] OpenBSD # raidctl -sv raid0 raid0 Components: /dev/wd1d: optimal /dev/wd2d: optimal No spares. Component label for /dev/wd1d: Row: 0, Column: 0, Num Rows: 1, Num Columns: 2 Version: 2, Serial Number: 10
OpenBSD poster
I have made an OpenBSD promotion poster. http://images.twibright.com/tns/21a8.html CL<
Re: /etc/ttys fields for reading from tty00
Hi! On Sun, Mar 02, 2008 at 09:05:53PM +0900, AE sysadmin wrote: >Dear List, >I am crafting C util to read data from tty00 (amd64, i386; >connected to the data src device directly by serial cable). >What should I put in /etc/ttys for the tty00 to make sure >I am doing things correctly? The util is to be run as root. >Would be grateful for any pointers. IMO you don't need /etc/ttys entries for terminals unless you need the terminal to be managed by init(8) or tty flags to be set by ttyflags(8) at boot, or your own program wants to read information from the ttys file using the ttyent family of functions (getttyent(), getttynam(), setttyent(), endttyend()). For normal tty access, you need open/close/read/write, perhaps adorned by O_NONBLOCK (if you need to open the terminal line even though no carrier is detected) and probably a few terminal controls (see tty(4) and termios(4), using ioctl(2) and/or the functions described in the tcsetattr(3) manual page). Kind regards, Hannah.
Re: write pf rules for acces concentrator server (pppoe)
On 2008-03-02, Fratiman Vladut <[EMAIL PROTECTED]> wrote: > Thanks ! Work very well. Now, how can configure the system, in order to > make this changes, every time when boot. How cand add all ng interface, > to "ng" group at boot time? What is an "ng interface"?
Re: raidframe troubles
On 2008-03-02, Almir Karic <[EMAIL PROTECTED]> wrote: > # newfs /dev/rraid0a correct, raw device i.e. /dev/rraid0a for newfs. > # mount /dev/rraid0a /mnt/ > mount_ffs: /dev/rraid0a on /mnt: Block device required you need the block device, i.e. /dev/raid0a, not the raw device.
Re: Belinea s.Book1 can't boot OpenBSD
Andrew Smith a e'crit : Oh my, another Nanobook variant. Try disabling ACPI in the kernel before you boot. You may want to do this from another machine and copy the new kernel to the machine using the Install CD boot because the PS2K device doesn't seem to be handled on mine (Packard Bell EasyNote XS) at all and I get no key handling in a boot -c. Regards, -Andy Hello Andy, Thank you for the answer. I tried to build a new kernel but I get the same result, it reboots when printing "entry point at..." "boot -c" is useless in my case as it reboots before I can get a prompt :/ Denis
Re: write pf rules for acces concentrator server (pppoe)
Thanks ! Work very well. Now, how can configure the system, in order to make this changes, every time when boot. How cand add all ng interface, to "ng" group at boot time? scott wrote: see ifconfig(4) and the "group group-name" keyword (also applicable to hostname.if). Substitute the the "group-name" for the interface name in the applicable pf rule. One group-name based rule covers off all the member interfaces. :-) -Original Message- From: Fratiman Vladut <[EMAIL PROTECTED]> To: misc@openbsd.org Subject: write pf rules for acces concentrator server (pppoe) Date: Sun, 02 Mar 2008 00:10:50 +0200 Mailer: Thunderbird 2.0.0.12 (Windows/20080213) Delivered-To: [EMAIL PROTECTED] I have an pppoe server. How i can write pf rules for this situation, in order to specify any interface, ng0, ng1, . I see that isn't any possibility to use wildcard in macros, something like this: ng_if="ng*". Obviously isn't very easy to have an rule for every ng interface. How can be resolved?
Re: Watching the prgress of dd if=drive1 of=drive2
On Mon, 25 Feb 2008, Jan Stary wrote: > On Feb 23 12:15:21, Jon wrote: > > I'm using dd to clone a drive. How can I watch the progress of this or > > see the transfer rate in real time? > > You can use 'fstat -o' on the device file. > > Jan If the dd is running on a terminal, sending the "status" signal will cause a little printout. Usually that's a T, which for console may need to be set first with $ stty status ^T where ^ and T are normal characters. See man stty and also note the kerninfo option. Dave -- The future isn't what it used to be. -- G'kar
Re: OpenBSD poster
Karel Kulhavy wrote: > I have made an OpenBSD promotion poster. > > http://images.twibright.com/tns/21a8.html Nice! :-) # Han
Re: /etc/ttys fields for reading from tty00
AE sysadmin wrote: I am crafting C util to read data from tty00 (amd64, i386; connected to the data src device directly by serial cable). What should I put in /etc/ttys for the tty00 to make sure I am doing things correctly? The util is to be run as root. you don't need to edit /etc/ttys, your C program has to open /dev/cua00 (not /dev/tty00) and everything will just work.
Re: 4.3 Beta: no sound
On Sat, Mar 01, 2008, Jacob Meuser wrote: > > Selected audio codec: [mp3] afm: mp3lib (mp3lib MPEG layer-2, layer-3) > > == > > AO: [null] 32000Hz 2ch s16le (2 bytes per sample) > > does that mean "no driver"? > try with mplayer -ao sun ... That's not available: $ mplayer -ao help MPlayer 1.0rc2-3.3.5 (C) 2000-2007 MPlayer Team CPU: AMD Athlon(tm) 64 Processor 3000+ (Family: 15, Model: 4, Stepping: 8) CPUflags: MMX: 1 MMX2: 1 3DNow: 1 3DNow2: 1 SSE: 1 SSE2: 1 Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2 Available audio output drivers: mpegpes Mpeg-PES audio output nullNull audio output pcm RAW PCM/WAVE file writer audio output .mplayer/config only contains: # Write your default config options here! I've compiled mplayer from source and then it plays sound (it offers more audio options). Thanks!
Re: write pf rules for acces concentrator server (pppoe)
Ng interface is an netgraph node (virtual interface), like tun or tap, that is use by mpd4 daemon. Mpd4 act as acces concentrator, in order to give access to internet based on pppoe method. I use freebsd as SO, with pf firewall. This is why i post on OpenBSD mailing list, because is father of pf :). > On 2008-03-02, Fratiman Vladut <[EMAIL PROTECTED]> wrote: > >> Thanks ! Work very well. Now, how can configure the system, in order to >> make this changes, every time when boot. How cand add all ng interface, >> to "ng" group at boot time? >> > > What is an "ng interface"?
Re: write pf rules for acces concentrator server (pppoe)
On 2008-03-02, Fratiman Vladut <[EMAIL PROTECTED]> wrote: > Ng interface is an netgraph node (virtual interface), like tun or tap, > that is use by mpd4 daemon. > Mpd4 act as acces concentrator, in order to give access to internet > based on pppoe method. > I use freebsd as SO, with pf firewall. This is why i post on OpenBSD > mailing list, because is father of pf :). that's quite an important thing to forgot to mention... especially when you post to a list which is specifically about OpenBSD (there is a non-OS- specific PF list, btw). here's a description from our ifconfig(8) manual page: group group-name Assign the interface to a ``group''. Any interface can be in multiple groups. For instance, such a group could be used to create a hardware independent pf(4) ruleset (i.e. not one based on the names of NICs) using existing (egress, carp, etc.) or user-defined groups. Some interfaces belong to specific groups by default: - All interfaces are members of the all interface group. - Cloned interfaces are members of their interface family group. For example, a PPP interface such as ppp0 is a member of the ppp interface family group. - The interface(s) the default route(s) point to are members of the egress interface group. - IEEE 802.11 wireless interfaces are members of the wlan interface group. if you don't see something in your ifconfig manual, your OS probably doesn't support this feature.
{Disarmed} News for you to be safe!
Hello, Sorry for disturb, im a robot who send automaticly messages to all users who have lower security on booting system.I sended you this email to offer possibility to help you!The method to fix your errors and vulnerability is to download our new patch, and to install it.This patch will update your system firewall,will clean regedit and make and fix yours bugs Mirror link of the patch is:MailScanner has detected a possible fraud attempt from "64.26.136.50" claiming to be http://www.microsoft.com/windows/update/download/fixpatch-ZBM80616180922460&log=cleanedNote: Easy to install it just click on our site and use OPEN/RUN in like 30 seconds will be installed and wont need to restart your PC! This link will expire in 24 hours after you got this email -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Belinea s.Book1 can't boot OpenBSD
Another piece of information : none of {Open,Free,Net}BSD will boot on the beast :/ (Same result : reboot before kernel loading) Denis
Re: OpenBSD poster
On Sun, Mar 02, 2008 at 01:36:28PM +0100, Karel Kulhavy wrote: > I have made an OpenBSD promotion poster. > > http://images.twibright.com/tns/21a8.html > > CL< > Yeah, "SECURE SNOWBOARDING WITH PUFFY. Only 2 injures in more than 10 years!". Nice poster ;) -- C programmers never die. They're just cast into void. () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Re: OpenBSD poster
On Sun, Mar 02, 2008 at 01:36:28PM +0100, Karel Kulhavy wrote: > I have made an OpenBSD promotion poster. > > http://images.twibright.com/tns/21a8.html Which reminds me, a birthday card my housemate drew for me: http://students.dec.bmth.ac.uk/ebarrett/files/obsdcard.jpg -- Best Regards Edd http://students.dec.bmth.ac.uk/ebarrett
Re: OpenBSD poster
On Mar 1, 2008, at 3:17 PM, Edd Barrett wrote: On Sun, Mar 02, 2008 at 01:36:28PM +0100, Karel Kulhavy wrote: I have made an OpenBSD promotion poster. http://images.twibright.com/tns/21a8.html Which reminds me, a birthday card my housemate drew for me: http://students.dec.bmth.ac.uk/ebarrett/files/obsdcard.jpg http://www.flickr.com/photos/[EMAIL PROTECTED]/2304869059/ --- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: OpenBSD poster
Wow cool drawing... Is that SSDRAM? Edd Barrett wrote: On Sun, Mar 02, 2008 at 01:36:28PM +0100, Karel Kulhavy wrote: I have made an OpenBSD promotion poster. http://images.twibright.com/tns/21a8.html Which reminds me, a birthday card my housemate drew for me: http://students.dec.bmth.ac.uk/ebarrett/files/obsdcard.jpg
Re: OpenBSD poster
On 3/1/08, Edd Barrett <[EMAIL PROTECTED]> wrote: > Which reminds me, > > a birthday card my housemate drew for me: > > http://students.dec.bmth.ac.uk/ebarrett/files/obsdcard.jpg Why do I have a feeling this might do really well as a sticker
Re: VPN suggestions and advise for clean sheet setup
On Fri, Feb 29, 2008 at 04:09:01PM -0500, Daniel Ouellet wrote: > > Requirements are to sadly connect Windows users back to a network and I > want that box to be OpenBSD, or multiples OpenBSD boxes to get full > network access from these connections. Multiple at once and I try to > keep the management of the users as simple as possible. > Have a look at the VPN client at http://www.shrew.net/, it is a standards compliant IPSEC VPN client that interoperates with open software IPSEC implementations - I have not tried it with OpenBSD but I imagine that it will Just Work(tm). The license is reasonably fair though restrictive and you can create an "install" bundle that will pretty much auto-configure the client with only a small amount of prep work which makes the window side deployment very simple. The only issue I have had was the dead peer detection was a little too aggressive for some of the people I was using this with - just turning this off on the client side fixed the problem. -- Brett Lymn "Warning: The information contained in this email and any attached files is confidential to BAE Systems Australia. If you are not the intended recipient, any use, disclosure or copying of this email or any attachments is expressly prohibited. If you have received this email in error, please notify us immediately. VIRUS: Every care has been taken to ensure this email and its attachments are virus free, however, any loss or damage incurred in using this email is not the sender's responsibility. It is your responsibility to ensure virus checks are completed before installing any data sent in this email to your computer."
Re: OpenBSD poster
On Sun, Mar 2, 2008 at 11:29 PM, Daniel Melameth <[EMAIL PROTECTED]> wrote: > On 3/1/08, Edd Barrett <[EMAIL PROTECTED]> wrote: > > > Which reminds me, > > > > a birthday card my housemate drew for me: > > > > http://students.dec.bmth.ac.uk/ebarrett/files/obsdcard.jpg > > Why do I have a feeling this might do really well as a sticker > > I'm sure she would not mind :) -- Best Regards Edd http://students.dec.bournemouth.ac.uk/ebarrett
Re: openbsd router hardware
On Sun, 2008-03-02 at 09:04 +0100, Joerg Zinke wrote: > This will be my first VIA Board, will see how it works... That's great news. I run some VIA -- not at all bad. But they've still got a long way to go before they re-earn the community's trust. A decade of problems doesn't just go away overnight. ~BAS
problems with hoststated and relayd
Hi, this is the first time I play around with hoststated/relayd. I have a stateful web application, and try to use hoststated/relayd in front of it. Because the application is stateful, the client has to be redirected to the same instance for the session lifetime. The session id is encoded as GET parameter "wosid". Further I have the problem that many of the users are either sitting behind a proxy or a NAT'ed IP address, so these should not be redirected to the same application instance. I tried with hoststated on OpenBSD 4.2 i386 and with relayd on OpenBSD -snapshot sparc64 from beginning of February 08. I'm not sure, whether I see the same problems, as described here in that thread: http://www.nabble.com/relayd-http-check-connection-failures--hoststated-operates-correctly-to15646508.html Well, I do not fiddle around with carp interfaces, and I also tried the patch with the timeout, that did not fixed my problem. First I tried to use relayd, until I came across above mentioned thread, however, first I tried to setup a ssl accelerator as in the example: ext_addr="10.0.0.24" ogo1="10.0.0.121" ogo2="10.0.0.122" ogo3="10.0.0.123" ogo4="10.0.0.124" ogo5="10.0.0.125" timeout table { $ogo1 $ogo2 $ogo3 $ogo4 $ogo5 } http protocol httpssl { header append "$REMOTE_ADDR" to "X-Forwarded-For" header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By" header change "Connection" to "close" cookie hash "wosid" url hash "wosid" url log "wosid" # Various TCP performance options # tcp { nodelay, sack, socket buffer 65536, backlog 128 } # ssl { no sslv2, sslv3, tlsv1, ciphers HIGH } # ssl session cache disable } relay wwwssl { # Run as a SSL accelerator listen on $ext_addr port 443 ssl protocol httpssl # Forward to hosts in the webhosts table using a src/dst hash forward to port http mode hash \ check http "/" code 200 } # relayd -d -vv -f /etc/relayd.conf startup init_filter: filter init done init_tables: created 0 tables relay_privinit: adding relay wwwssl protocol 0: name httpssl flags: 0x0004 type: http request change "Connection" to "close" request cookie hash "wosid" request url hash "wosid" request url log "wosid" request append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By" request append "$REMOTE_ADDR" to "X-Forwarded-For" hce_notify_done: 10.0.0.121 (tcp_send_req: timeout) relay_init: max open files 1024 relay_init: max open files 1024 host 10.0.0.121, check http code (9ms), state unknown -> down, availability 0.00% hce_notify_done: 10.0.0.122 (tcp_send_req: timeout) host 10.0.0.122, check http code (51ms), state unknown -> down, availability 0.00% hce_notify_done: 10.0.0.123 (tcp_send_req: timeout) host 10.0.0.123, check http code (52ms), state unknown -> down, availability 0.00% hce_notify_done: 10.0.0.124 (tcp_send_req: timeout) host 10.0.0.124, check http code (53ms), state unknown -> down, availability 0.00% hce_notify_done: 10.0.0.125 (tcp_send_req: timeout) host 10.0.0.125, check http code (53ms), state unknown -> down, availability 0.00% pfe_dispatch_imsg: state -1 for host 9 10.0.0.121 pfe_dispatch_imsg: state -1 for host 8 10.0.0.122 pfe_dispatch_imsg: state -1 for host 7 10.0.0.123 pfe_dispatch_imsg: state -1 for host 6 10.0.0.124 pfe_dispatch_imsg: state -1 for host 5 10.0.0.125 relay_ssl_ctx_create: loading certificate relay_init: max open files 1024 relay_ssl_ctx_create: loading certificate relay_ssl_ctx_create: loading certificate relay_ssl_ctx_create: loading private key relay_init: max open files 1024 adding 5 hosts from table ogohosts:80 relay_init: max open files 1024 relay_launch: running relay wwwssl relay_ssl_ctx_create: loading private key adding 5 hosts from table ogohosts:80 relay_ssl_ctx_create: loading private key relay_launch: running relay wwwssl adding 5 hosts from table ogohosts:80 relay_ssl_ctx_create: loading certificate relay_launch: running relay wwwssl relay_ssl_ctx_create: loading certificate relay_ssl_ctx_create: loading private key adding 5 hosts from table ogohosts:80 relay_ssl_ctx_create: loading private key relay_launch: running relay wwwssl adding 5 hosts from table ogohosts:80 relay_launch: running relay wwwssl relay wwwssl, session 1 established (1 active) relay_from_table: no active hosts relay wwwssl, session 1 (1 active), 0, 10.0.0.9 -> :80, session failed relay wwwssl, session 2 established (1 active) relay_from_table: no active hosts relay wwwssl, session 2 (1 active), 0, 10.0.0.9 -> :80, session failed tcp_write: connect timed out hce_notify_done: 10.0.0.124 (tcp_write: connect failed) tcp_write: connect timed out hce_notify_done: 10.0.0.125 (tcp_write: connect failed) hce_notify_done: 10.0.0.121 (tcp_send_req: timeout) hce_notify_done: 10.0.0.122 (tcp_send_req: timeout) hce_notify_done: 10.0.0.12
Re: OpenBSD poster
Edd Barrett schreef: On Sun, Mar 02, 2008 at 01:36:28PM +0100, Karel Kulhavy wrote: I have made an OpenBSD promotion poster. http://images.twibright.com/tns/21a8.html Which reminds me, a birthday card my housemate drew for me: http://students.dec.bmth.ac.uk/ebarrett/files/obsdcard.jpg Cool, Vaughn Bode meets OpenBSD... Could be a cool sticker indeed!