Problems booting with floppyC38.fs on Latitude CPx
I'm unable to use floppyC38.fs to boot my laptop. It is a Dell latitude CPx J650GT with bios A16 I've tried different floppy disks with the same results. I've tried floppyC38.fs from 3.8 release I've tried floppyC38.fs from snapshots date 11/2/05 Using the exact same floppy i can boot my pc just fine. Any ideas on what i need to do to get this laptop going? Loading;.. probing: pc0 com0 com1 apm mem[639K 510M a20=on] disk: fd0 hd0+* OpenBSD/i386 BOOT 2.10 boot booting fd0a:/bsd: 3306020+195116=0x356d74 entry point at 0x100120 complete freeze at this point, can't hit the caps lock button I only got this once. All other times have been as follows. Loading;.. probing: pc0 com0 com1 apm mem[639K 510M a20=on] disk: fd0 hd0+* OpenBSD/i386 BOOT 2.10 boot booting fd0a:/bsd: 3306020read text failed(0). will try /obsd boot booting fd0a:/obsd: open fd0a:/obsd: No such file or directory failed(2). will try /bsd.old boot booting fd0a:/bsd.old: open fd0a:/bsd.old: No such file or directory failed(2). will try /bsd boot booting fd0a:/bsd: 3306020read text failed(0). will try /obsd boot booting fd0a:/obsd: open fd0a:/obsd: No such file or directory failed(2). will try /bsd.old boot booting fd0a:/bsd.old: open fd0a:/bsd.old: No such file or directory failed(2). will try /bsd Turning timeout off. boot
supported USB tv-tuner card
Hi! I'm looking for a well supported USB tv-tuner device for my laptop. I've read the http://www.openbsd.org/i386.html page, and noticed that the bktr(4) driver could help me. But I'd be glad if someone would tell me some experience with various devices. Any info would be appreciated. Thanks! Daniel
pf control with dynamic ip
Hi! My ISP provides me ADSL service with daily changing ip. Still I must somehow control the access to my postgresql server, to only accept connections from my computer. Is it possible to specify a hostname (my hostname, which gets updated at every ip change) in pf.conf and somehow tell pf to don't try to translate it when loading the rule, but try to lookup the hostname on every connections attempt? Is this sane/possible? Thanks! Daniel
Re: pf control with dynamic ip
2007. May 6. 18:45, Berk D. Demir: Daniel wrote: Hi! My ISP provides me ADSL service with daily changing ip. Still I must somehow control the access to my postgresql server, to only accept connections from my computer. Is it possible to specify a hostname (my hostname, which gets updated at every ip change) in pf.conf and somehow tell pf to don't try to translate it when loading the rule, but try to lookup the hostname on every connections attempt? Is this sane/possible? It's not possible without executing pfctl repeatedly. pf(4) operates at OSI Layers 3 and 4. Making a DNS query is a Layer 7 operation and handled by pfctl(8), which is the userland controller and configuration parser for pf(4). Instead of relying on IP addresses, you can use authpf(8). Which won't limit you to work just from home when you can authenticate via ssh from anywhere. Using authpf is a more convenient and secure approach. So use it. I would like to, but here is my problem: I need to create a new user on the server which will have the /usr/sbin/authpf as it's shell. So now I have user1 (my regular account on that server, with a normal shell) and user1_authpf (the authpf account). But I'm connecting to the user1_authpf account from the same machine that I'm using for everything else, so after disconnecting with the authpf account, other connections (eg. imap, ftp, ssh) are closing too. I understand that authpf removes the rules and states related to the connecting ip address, so I think this is normal, but is not good for me. Any ideas for this? Thanks! Daniel
OpenBSD T-Shirt needed
Hi! I noticed that on the EU order page, the XL Wireframe Blowfish Shirt (#23) is on short supply. Anyone can recommend a place where I can get one of those (I'm really not that beefy to fill in the XXL ;). Thanks! Daniel
php5 missing the money_format() function
Hi! I'm using OpenBSD 4.1, and php5. When trying to use the money_format() function I get this error in my logs: Fatal error: Call to undefined function money_format() in ... I understand that The function money_format() is only defined if the system has strfmon capabilities. For example, Windows does not, so money_format() is undefined in Windows. But I'm not using that :) Any ideas? Thanks! Daniel
Re: cookie for the first one to port Micropolis
On Tuesday 15 January 2008 19:53:10 you wrote: On Tue, 15 Jan 2008, Deanna Phillips wrote: Thanks for testing. The tarball has been updated with a handful of changes, including a patch from kurt@ to fix the shared memory leak. Anyone want to ok it? http://freedaemon.com/~deanna/micropolis.tar.gz Doesn't work at all for me. The menu starts but it doesn't accept mouse nor keyboard. I'm using KDE on i386. I ran into this, and the problem was that the numlock was on. I had to turn it off, and than I could use the keyboard and the mouse in the menu. hth, Daniel
Acer notebook with invilink wifi
Hi! I'm looking at these acer travelmate notebooks, which claims to be equipped with Acer InviLink wireless devices. What chipset is this? Is this supported? Also, I heard some rumors that it uses marvell chipset for its gigabit lan. What are the experiences with these notebooks (if there are any)? Thanks! Daniel
test, ignore it
test
Re: OpenTV
Julian Bolivar wrote: Hi everybody, I installed a Video Streaming server using OpenBSD 3.9 and VideoLAN, I invite to all to visit my test page at http://jbolivar.sytes.net;. All comments are welcome. A test page isn't so intresting... can you publish some documentation about your setup ? :) sand -- Hi, I'm a .signature virus! Copy me to your .signature file and help me propagate, thanks!
Preliminary: Soekris 4501 + Wistron CM9
I've been using a Net 4501 for several years now (since at least OpenBSD 3.8) with no problems. I've recently added a mini-PCI Wistron CM9 (ath 5212). Very soon after bringing the interface up, I get all sorts of channel reset and wake up errors. Before I start going crazy with posting all sorts of diagnostic info, I'm wondering if the first thing I should look at is my power supply. I've used a 12V 1.2A since the beginning, but have not ever used the PCI or mini-PCI slots. Could my Net 4501, with the addition of the mini-PCI card, now be starved for electrons? Daniel
Re: Preliminary: Soekris 4501 + Wistron CM9
On Feb 13, 2010, at 1:02 PM, Matt Bettinger wrote: Had same issues with net 5501-70. I use a psu from a linksys wifi ap and it is rock solid now. Sent from my iPhone On Feb 13, 2010, at 11:05 AM, daniel d...@redmountainfarm.net wrote: I've been using a Net 4501 for several years now (since at least OpenBSD 3.8) with no problems. I've recently added a mini-PCI Wistron CM9 (ath 5212). Very soon after bringing the interface up, I get all sorts of channel reset and wake up errors. Before I start going crazy with posting all sorts of diagnostic info, I'm wondering if the first thing I should look at is my power supply. I've used a 12V 1.2A since the beginning, but have not ever used the PCI or mini-PCI slots. Could my Net 4501, with the addition of the mini-PCI card, now be starved for electrons? Daniel Well, I finally dug out a couple of other power supplies (5V 2.5A and 12V 1.5A) and I'm still having problems. I've tried a few things with no luck. Most of the time the Soekris eventually hangs, sometimes with no messages and other times with the following repeating on the console with the Soekris hung (until I reboot it): ath0: ath_reset: unable to reset hardware; hal status 3534594048 ar5k_ar5212_nic_wakeup: failed to resume the AR5212 (again) ath0: ath_reset: unable to reset hardware; hal status 3534594048 ar5k_ar5212_nic_wakeup: failed to resume the AR5212 (again) etc... Here's what I've tried: /etc/hostname.ath0 (taken directly from ath(4)): inet 192.168.1.1 255.255.255.0 NONE media autoselect mediaopt hostap nwid my_net chan 11 After reboot or sh /etc/netstart ath0, ifconfig ath0 shows: ath0: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:0b:6b:de:1d:a1 priority: 4 groups: wlan media: IEEE802.11 autoselect hostap (autoselect mode 11a hostap) status: active ieee80211: nwid my_net chan 40 bssid 00:0b:6b:de:1d:a1 inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255 inet6 fe80::20b:6bff:fede:1da1%ath0 prefixlen 64 scopeid 0x1 My macbook pro can see my_net and I have dhcpd serving on ath0 but never get an IP. /var/log/messages shows: Feb 21 23:06:10 foo /bsd: ath0: ath_chan_set: unable to reset channel 11 (2462 MHz) I've also tried ifconfig ath0 scan. It seems to see nothing and I'm in an urban area where I generally see 10 to 12 APs. I'm not sure what to do next to debug this. Any help will be greatly appreciated. dmesg is below. Thanks, Daniel OpenBSD 4.6 (GENERIC) #58: Thu Jul 9 21:24:42 MDT 2009 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Am486DX4 W/B or Am5x86 W/B 150 (AuthenticAMD 486-class) cpu0: FPU real mem = 66678784 (63MB) avail mem = 54636544 (52MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 20/80/03, BIOS32 rev. 0 @ 0xf7840 pcibios0 at bios0: rev 2.0 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) elansc0 at pci0 dev 0 function 0 AMD ElanSC520 PCI rev 0x00: product 0 steppin g 1.1, CPU clock 133MHz, reset 0 gpio0 at elansc0: 32 pins ath0 at pci0 dev 16 function 0 Atheros AR5212 rev 0x01: irq 10 ath0: AR5213A 5.9 phy 4.3 rf5112a 3.6, FCC2A*, address 00:0b:6b:de:1d:a1 sis0 at pci0 dev 18 function 0 NS DP83815 10/100 rev 0x00, DP83815D: irq 11, a ddress 00:00:24:c1:96:70 nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1 sis1 at pci0 dev 19 function 0 NS DP83815 10/100 rev 0x00, DP83815D: irq 5, ad dress 00:00:24:c1:96:71 nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1 sis2 at pci0 dev 20 function 0 NS DP83815 10/100 rev 0x00, DP83815D: irq 9, ad dress 00:00:24:c1:96:72 nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1 isa0 at mainbus0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard wdc0 at isa0 port 0x1f0/8 irq 14 wd0 at wdc0 channel 0 drive 0: CF1G133 wd0: 1-sector PIO, LBA, 991MB, 2030112 sectors wd0(wdc0:0:0): using BIOS timings pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 biomask f1c5 netmask ffe5 ttymask softraid0 at root root on wd0a swap on wd0b dump on wd0b sis2 at pci0 dev 20 function 0 NS DP83815 10/100 rev 0x00, DP83815D: irq 9, ad dress 00:00:24:c1:96:72 nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1 isa0 at mainbus0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using
Need advice re: Wistron CM9 and Net 4501
I'm running 4.6 (release, I think) on a Soekris Net 4501. See dmesg, below. I recently got a Wistron CM9 (ath) mini-pci card for it (I've been running, wired-only, for 4-5 years). I'm getting a couple different error messages while attempting to use it. I initially thought (hoped) that the problem was an insufficient power supply (12V 1.2A). I have since tried two other power supplies (up to 12V 2.5A) and still have the same problems. Most of the time the Soekris ends up hanging or otherwise becoming completely unresponsive until I pull the plug and reboot it. Sometimes it takes several minutes to become unresponsive. I've tried ifconfig ath0 scan but it doesn't seem to see anything-- even though I can usually see 10-12 APs from other machines. Before the Soekris hangs, I can see it from a laptop. I'm trying to use it in hostap mode; configuring it as described in ath(4) like this: inet 192.168.1.1 255.255.255.0 NONE media autoselect mediaopt hostap \ nwid my_net chan 11 I've tried bringing it up/down with ifconfig to try to reset and reconfigure it but I can't seem to get anywhere. At various times, I see: ath0: ath_reset: unable to reset hardware; hal status 3534594048 ar5k_ar5212_nic_wakeup: failed to resume the AR5212 (again) continuously on the console. ath(4) says the first line should not happen and I can't find the status code enumerated in the HAL include file. I couldn't find anything regarding the second line, ar5k_ar5212_nic_wakeup. I also see a lot of: /bsd: ath0: ath_chan_set: unable to reset channel 11 (2462 MHz) in /var/log/messages. ath(4) says this also should not happen. I'd really appreciate some guidance on how to debug this. Thanks, Daniel OpenBSD 4.6 (GENERIC) #58: Thu Jul 9 21:24:42 MDT 2009 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Am486DX4 W/B or Am5x86 W/B 150 (AuthenticAMD 486-class) cpu0: FPU real mem = 66678784 (63MB) avail mem = 54636544 (52MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 20/80/03, BIOS32 rev. 0 @ 0xf7840 pcibios0 at bios0: rev 2.0 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) elansc0 at pci0 dev 0 function 0 AMD ElanSC520 PCI rev 0x00: product 0 steppin g 1.1, CPU clock 133MHz, reset 0 gpio0 at elansc0: 32 pins ath0 at pci0 dev 16 function 0 Atheros AR5212 rev 0x01: irq 10 ath0: AR5213A 5.9 phy 4.3 rf5112a 3.6, FCC2A*, address 00:0b:6b:de:1d:a1 sis0 at pci0 dev 18 function 0 NS DP83815 10/100 rev 0x00, DP83815D: irq 11, a ddress 00:00:24:c1:96:70 nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1 sis1 at pci0 dev 19 function 0 NS DP83815 10/100 rev 0x00, DP83815D: irq 5, ad dress 00:00:24:c1:96:71 nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1 sis2 at pci0 dev 20 function 0 NS DP83815 10/100 rev 0x00, DP83815D: irq 9, ad dress 00:00:24:c1:96:72 nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1 isa0 at mainbus0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard wdc0 at isa0 port 0x1f0/8 irq 14 wd0 at wdc0 channel 0 drive 0: CF1G133 wd0: 1-sector PIO, LBA, 991MB, 2030112 sectors wd0(wdc0:0:0): using BIOS timings pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 biomask f1c5 netmask ffe5 ttymask softraid0 at root root on wd0a swap on wd0b dump on wd0b sis2 at pci0 dev 20 function 0 NS DP83815 10/100 rev 0x00, DP83815D: irq 9, ad dress 00:00:24:c1:96:72 nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1 isa0 at mainbus0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard wdc0 at isa0 port 0x1f0/8 irq 14 wd0 at wdc0 channel 0 drive 0: CF1G133 wd0: 1-sector PIO, LBA, 991MB, 2030112 sectors wd0(wdc0:0:0): using BIOS timings pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 biomask f1c5 netmask ffe5 ttymask softraid0 at root root on wd0a swap on wd0b dump on wd0b WARNING: / was not properly unmounted # [ because it keeps hanging ]
Re: Need advice re: Wistron CM9 and Net 4501
On Feb 25, 2010, at 4:58 AM, Aaron Mason wrote: On Thu, Feb 25, 2010 at 7:25 AM, daniel d...@redmountainfarm.net wrote: I'm running 4.6 (release, I think) on a Soekris Net 4501. See dmesg, below. I recently got a Wistron CM9 (ath) mini-pci card for it (I've been running, wired-only, for 4-5 years). I'm getting a couple different error messages while attempting to use it. I initially thought (hoped) that the problem was an insufficient power supply (12V 1.2A). I have since tried two other power supplies (up to 12V 2.5A) and still have the same problems. Most of the time the Soekris ends up hanging or otherwise becoming completely unresponsive until I pull the plug and reboot it. Sometimes it takes several minutes to become unresponsive. I've tried ifconfig ath0 scan but it doesn't seem to see anything-- even though I can usually see 10-12 APs from other machines. Before the Soekris hangs, I can see it from a laptop. I'm trying to use it in hostap mode; configuring it as described in ath(4) like this: inet 192.168.1.1 255.255.255.0 NONE media autoselect mediaopt hostap \ nwid my_net chan 11 I've tried bringing it up/down with ifconfig to try to reset and reconfigure it but I can't seem to get anywhere. At various times, I see: ath0: ath_reset: unable to reset hardware; hal status 3534594048 ar5k_ar5212_nic_wakeup: failed to resume the AR5212 (again) continuously on the console. ath(4) says the first line should not happen and I can't find the status code enumerated in the HAL include file. I couldn't find anything regarding the second line, ar5k_ar5212_nic_wakeup. I also see a lot of: /bsd: ath0: ath_chan_set: unable to reset channel 11 (2462 MHz) in /var/log/messages. ath(4) says this also should not happen. I'd really appreciate some guidance on how to debug this. Thanks, Daniel OpenBSD 4.6 (GENERIC) #58: Thu Jul 9 21:24:42 MDT 2009 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Am486DX4 W/B or Am5x86 W/B 150 (AuthenticAMD 486-class) cpu0: FPU real mem = 66678784 (63MB) avail mem = 54636544 (52MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 20/80/03, BIOS32 rev. 0 @ 0xf7840 pcibios0 at bios0: rev 2.0 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) elansc0 at pci0 dev 0 function 0 AMD ElanSC520 PCI rev 0x00: product 0 steppin g 1.1, CPU clock 133MHz, reset 0 gpio0 at elansc0: 32 pins ath0 at pci0 dev 16 function 0 Atheros AR5212 rev 0x01: irq 10 ath0: AR5213A 5.9 phy 4.3 rf5112a 3.6, FCC2A*, address 00:0b:6b:de: 1d:a1 sis0 at pci0 dev 18 function 0 NS DP83815 10/100 rev 0x00, DP83815D: irq 11, a ddress 00:00:24:c1:96:70 nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1 sis1 at pci0 dev 19 function 0 NS DP83815 10/100 rev 0x00, DP83815D: irq 5, ad dress 00:00:24:c1:96:71 nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1 sis2 at pci0 dev 20 function 0 NS DP83815 10/100 rev 0x00, DP83815D: irq 9, ad dress 00:00:24:c1:96:72 nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1 isa0 at mainbus0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard wdc0 at isa0 port 0x1f0/8 irq 14 wd0 at wdc0 channel 0 drive 0: CF1G133 wd0: 1-sector PIO, LBA, 991MB, 2030112 sectors wd0(wdc0:0:0): using BIOS timings pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 biomask f1c5 netmask ffe5 ttymask softraid0 at root root on wd0a swap on wd0b dump on wd0b sis2 at pci0 dev 20 function 0 NS DP83815 10/100 rev 0x00, DP83815D: irq 9, ad dress 00:00:24:c1:96:72 nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1 isa0 at mainbus0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard wdc0 at isa0 port 0x1f0/8 irq 14 wd0 at wdc0 channel 0 drive 0: CF1G133 wd0: 1-sector PIO, LBA, 991MB, 2030112 sectors wd0(wdc0:0:0): using BIOS timings pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 biomask f1c5 netmask ffe5 ttymask softraid0 at root root on wd0a swap on wd0b dump on wd0b WARNING: / was not properly unmounted # [ because it keeps hanging ] I presume this relates to the previous post where you mentioned that you added a CM9 to a net4501. Firstly, the scanning issue. The CM9 is an industrial card designed for use
Re: Opteron 250 Overheating
On Mar 4, 2010, at 9:18 AM, J.C. Roberts wrote: On Wed, 3 Mar 2010 17:57:22 -0800 Christopher Ahrens n...@leviacomm.net wrote: Henning Brauer wrote: * Jeff Ross jr...@openvistas.net [2010-03-02 16:59]: I bought a replacement supermicro motherboard off fleabay that has dual Opteron 250 @2.4GHz. The cpus have passive heatsinks, it is in a supermicro 2U chassis with 4 front fans. do you have the air shroud? this plastic thing that forms a tunnel over the heatsinks? it is required. No, the motherboard didn't come with that. If I can find one will that mean I don't need the active heatsinks? that's how supermicro delivers the 2U systems, so i'd say yes, you won't need them. I had this problem before, an old Cereal box + Scissors + tape fixed it right up. But your mileage may vary I'm Jealous! --I've always wanted a cereal console. I know it's only Thursday but... On a cereal console: - exit doesn't work; you must type cheerio - make release involves building Cap'n Crunchgen - the secret to attaining Cocoa Puffy privilege is using Special K (NOTE: you must use the Corn Pops shell) - you can mount ISO images with Fruit Loops OK, I'm done.
Re: OT: multiple web servers on OpenBSD (WAS: OT: vmware blah blah)
On Mar 8, 2010, at 11:37 AM, Marc Espie wrote: On Mon, Mar 08, 2010 at 09:40:30AM -0600, Marco Peereboom wrote: OMG!! running multiple daemons??? Wow why didn't I think of that?? I *love* OS overhead on misbehaving hardware emulation because it is what the industry prescribes. Don't forget the 50% hit on I/O speed because that is what every enterprise needs. And lets not forget the windows only license servers combined with management tools that also run only on windows and IE. Virtualization is so awesome. It's more that the current industry standard kind-of is apache, or enterprise shit based on jakarta AND multiple boxen. solutions to the web server issues, such as using fastci + nginx/ lighthttpd, only start to become more or less well-spread. And of course, all the time investment of the so-called sys-admins who learnt how to configure big apache/jakarta installations would go down the drain. Can't have that. They need to protect their investment. Like many things these days, the term enterprise has been co-opted by those with an ulterior--and often opposite--motive. Enterprise should mean reliable, scalable and simple (otherwise known as manageable). It has become the opposite. VMware makes a great toy on my macbook: I can build custom RPMs for linuxy stuff, make release when I don't have a physical machine available. In my enterprise, we have some Dell 1850s and a 1950 and an xserve. I evaluated ESXi thinking I'd be able to build VMs on my macbook and then deploy them on the xserve or the dells. I decided not to screw around with converting VMs from fusion to esxi and back. The final straw was how to intelligently manage exsi without windows/ internet exploder. We're currently running about 15 rails, php and coldfusion apps with the number growing almost weekly. As much as possible, each app gets its own VM (or two) and is proxied to an outward facing web server. I use running xen on centos. Not my first choice, but it is OK behind pf. With a little scripting, I can create a VM and deploy an app in under 5 minutes. We are a small non-profit and that necessarily rules out Enterprise solutions.
Re: Need advice re: Wistron CM9 and Net 4501
Well, after _way_ too much messing around, I've determined that the mini-pci slot on _my_ (at least) Net 4501 is pretty much useless. Both a new Wistron CM9 and an OEM Intersil Prism (pgt) (taken from an SMC barricade) fail. Don't quote me on these numbers, but the CM9 will draw something like 430ma and the pgt something like 290ma and they both behave the same way. I tried OpenBSD 4.6 (release and patch branch) and 4.7 (various snaps): the cards, once configured and/or are connected to, cause the kernel to spew errors on the console continually and won't stop until a reboot. I'm assuming they are starved for current. Apparently other people have gotten mini-pci wlan cards to work in their Net 4501s, but not me. I'm making my employer buy me a TimeCapsule that I'll put behind my Net 4501 for now. In the future, I'll have to investigate other options like a Net 5501 or even one of the nice RouterBoards mentioned here recently. Thanks to all who chimed in. Daniel
Re: Need advice re: Wistron CM9 and Net 4501
On Mar 18, 2010, at 3:13 PM, J.C. Roberts wrote: On Thu, 18 Mar 2010 13:25:35 -0400 daniel d...@redmountainfarm.net wrote: Well, after _way_ too much messing around, I've determined that the mini-pci slot on _my_ (at least) Net 4501 is pretty much useless. Both a new Wistron CM9 and an OEM Intersil Prism (pgt) (taken from an SMC barricade) fail. Don't quote me on these numbers, but the CM9 will draw something like 430ma and the pgt something like 290ma and they both behave the same way. I tried OpenBSD 4.6 (release and patch branch) and 4.7 (various snaps): the cards, once configured and/or are connected to, cause the kernel to spew errors on the console continually and won't stop until a reboot. I'm assuming they are starved for current. Apparently other people have gotten mini-pci wlan cards to work in their Net 4501s, but not me. I'm making my employer buy me a TimeCapsule that I'll put behind my Net 4501 for now. In the future, I'll have to investigate other options like a Net 5501 or even one of the nice RouterBoards mentioned here recently. Thanks to all who chimed in. Daniel http://marc.info/?l=openbsd-miscw=2r=1s=CM9q=b http://marc.info/?l=openbsd-miscm=126891871332534w=2 Though it could be your choice of mini-pci devices, if there really is a problem in your Sokris (such as the slot really is starved of power), then talk to Sokris about it. They'll want to know one way or another about a potential defect and could lead you through proper testing. J.C., thanks. I agree that it is probably my choice of mini-pci devices; I believe that mini-pci wlan cards do exist that would work in the Net 4501--I've even read of people using their Net 4501s in this way. I've posted on the Soekris list so Soekris can comment on this if they are so inclined. But given that this is a one-off, hobby-ish situation, the Net 4501's design is 8+ years old, mine is perhaps 5 years old and I would need to hunt down and try several different wlan cards, I'm not inclined to pursue this any further.
GPRS/EDGE modems to use with a notebook
Hi! I'm looking for a mobile device which I could use for connecting to the internet with a notebook. I've read the www.openbsd.org/i386.html page and found some devices, but those are rather hard to find here in Hungary. Could someone inform me about some other GPRS/EDGE capable devices which will work with OpenBSD? (be it a pc-card or a mobile phone). Thanks! Daniel
Re: GPRS/EDGE modems to use with a notebook
On 2007. November 2. 17:56.39 John Jackson wrote: I've had success with the Sierra Wireless Aircard 860 on a Thinkpad X40. Lately though the card seems to be acting flakey and causing hard lockups. That could be a combination of the firmware which on the Aircard and the carrier which is ATT. From what I've read, it's recommended to keep the firmware updated to keep in step with the carrier's infrastructure updates. Unfortunately I haven't found a way to upgrade the cards firmware under OpenBSD or Linux. http://www.sierrawireless.com/estore/Default.aspx?SKU=1100521CID=1 John Thanks John, this would be great. Only one thing bothers me: Attention: the AirCard 860 is in its End Of Life phase and no longer available. For more information, click here / from the above mentioned site / On Fri, Nov 02, 2007 at 05:01:16PM +0100, Daniel wrote: Hi! I'm looking for a mobile device which I could use for connecting to the internet with a notebook. I've read the www.openbsd.org/i386.html page and found some devices, but those are rather hard to find here in Hungary. Could someone inform me about some other GPRS/EDGE capable devices which will work with OpenBSD? (be it a pc-card or a mobile phone). Thanks! Daniel
Re: OpenBSD Sound
On 2007. November 2. 14:23.27 Dorian B|ttner wrote: On Friday 02 November 2007 13:42:33 Dorian B|ttner wrote: On Friday 02 November 2007 13:07:54 Jacob Meuser wrote: On Fri, Nov 02, 2007 at 12:42:29PM +0100, Dorian B?ttner wrote: On Wednesday 31 October 2007 22:22:15 Jacob Meuser wrote: [...] probably not; at least not anytime soon. something for newbie hackers to work on: an ISC licensed audio daemon. Sorry for hijacking this thread, propably anyone has a quick hint to make my audio work in kde. Built /usr/src/regress/sys/dev/audio/obj as described here http://www.nabble.com/NVIDIA-MCP51-HD-Audio-azalia-problems-t46 29307.ht ml and autest -r 48000 delivers good quality tone. relevant dmesg seems to be this one: azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: apic 2 int 21 (irq 10) azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: Realtek/0x0862 (rev. 0.1), HDA version 1.0 azalia0: codec: Motorola/0x3055 (rev. 7.0), HDA version 1.0 azalia0: codec[1]: No support for modem function groups azalia0: codec[1]: No audio function groups audio0 at azalia0 However this doesn't seem to be a driver problem since autest passed with success. It's just that kde doesn't detect the device, where can I look at to nail down the problem? pkg_info contains either esound and arts. is artsd running? $ pgrep -l artsd 2299 artsd is the audio device opened for playback? $ audioctl play.open play.open=0 seems not to be 'yes'? it is read-only variable. is it actuall artsd that has /dev/sound opened? (artsd uses /dev/sound instead of /dev/audio) $ fstat /dev/sound empty table if all those are yes, then see if it works: $ artscat file.wav oh, and since you have azalia, you may need to tell artsd to resample to 48kHz. K Menu - Settings - Sounds Multimedia - Sound System In the Hardware tab. Check Use custom sampling rate, set it to 48000 Hz. or manually starts artsd with 'artsd -r 48000'. done, but didn't help. Shouldn't artsd appear in the list of available soundsystems, btw? THanks, Dorian ok I removed the auto-suspend checkbox in the control center audio settings. After restarting the system I now have better values: $ audioctl play.rate play.rate=48000 $ audioctl play.open play.open=1 $ artscat testcase.wav plays fine :)) however kde doesn't. There seems to be the glue missing between the artsd and the kde sound system? If you mean the kde system notification sounds are not working check this: KDE Control Center / Sound Multimedia / System Notifications: Bottom Right corner - [Player Settings] button. HTH, Daniel
Re: GPRS/EDGE modems to use with a notebook
On 2007. November 2. 19:30.56 Kevin Cheng wrote: Hi, these are summarized from documentation with tested or untested, up to 4.2+: Kevin [...] Thanks a lot! Where did you get this list? Daniel
typo on i386.html
Hi! How does one report this kind of bug? There is a typo on the http://www.openbsd.org/i386.html page: Under the PC Cards (PCMCIA/CardBus (B)) section: o Serial ports, including: [...] o Sony Ericsson GC89 GSM/GPRS/EGDE modems s/EGDE/EDGE/ What is the proper way of dealing with this? Send a mail to [EMAIL PROTECTED], or send a diff to [EMAIL PROTECTED] Thanks! Daniel
/tmp permissions, I don't get this...
Hi! Case 1: $ id uid=1000(leva) gid=1000(leva) groups=1000(leva) $ ls -ld /tmp/ drwxwt 4 root wheel 512 Nov 3 13:05:03 2007 /tmp// $ touch /tmp/test ls -l /tmp/test -rw-r- 1 leva wheel 0 Nov 3 13:09:04 2007 /tmp/test $ rm /tmp/test ls -l /tmp/test ls: /tmp/test: No such file or directory I can create and remove files in and from the /tmp directory. This is the expected behaviour (at least for me). Case 2 (I've added myself to the wheel group): $ id uid=1000(leva) gid=1000(leva) groups=1000(leva), 0(wheel) $ ls -ld /tmp/ drwxwt 4 root wheel 512 Nov 3 13:05:03 2007 /tmp// $ touch /tmp/test touch: /tmp/test: Permission denied ^^^ I can not create the file in /tmp, although I got world write permissions to it. It seems if I'm in the wheel group and the wheel group owns the directory, then only the group permissions counts? (sounds lame, but I can not think of other reasons). After changing the /tmp directory's group permissions to -wx, I can create and remove files from it while I'm in the wheel group. What could cause this behaviuour? Thanks! Daniel
Re: /tmp permissions, I don't get this...
On 2007. November 3. 14:12.14 Antoine Jacoutot wrote: On Sat, 3 Nov 2007, Daniel wrote: $ ls -ld /tmp/ drwxwt 4 root wheel 512 Nov 3 13:05:03 2007 /tmp// Why is your /tmp chmod this way? It should be 1777 I thought this question would arise :D but I (while being completely respectful and polite) think this is not the point. I just want to know why this is working this way. Daniel
Re: how to support Intel 965?
On 2007. November 3. 12:57.07 23e7 wrote: Hi, [...] vga1 at pci0 dev 2 function 0 Intel 82965GM Video rev 0x03: [...] Hi! This could be a long shot, but I think you need the intel driver from xorg. It's called xf86-video-intel and it's in xenocara. Maybe you should try to install it? Daniel
Re: /tmp permissions, I don't get this...
On 2007. November 3. 15:13.29 Marc Espie wrote: On Sat, Nov 03, 2007 at 01:14:20PM +0100, Daniel wrote: ^^^ I can not create the file in /tmp, although I got world write permissions to it. It seems if I'm in the wheel group and the wheel group owns the directory, then only the group permissions counts? Yes, that's the way Unix permissions work, and as far as I know, that's always been the case. Unix doesn't play `nice' tricks. The way permissions work is quite simple: - is your uid the same as the directory/file owner ? - then only the user permission bits apply. - do you have a gid/supplementary group the same as the directory/file group - then only the group permission bits apply. - otherwise, you get the other permission bits. Contrary to other systems, you don't *add* permission bits corresponding to various things that may apply to you. You stop at the most distinctive level that applies to you. Thanks a lot! Daniel
Re: Skype on the OpenBSD
On Sun, 2 Dec 2007 16:48:14 + Jacob Meuser [EMAIL PROTECTED] wrote: VoIP applications generally require full-duplex audio operation (or two soundcards, but that gets icky as far as configuration goes). you'll have much more luck with full-duplex audio in -current (or when 4.3 is released). also see ports/telephony/pjsua in -current. Could you provide some information about which drivers provide full-duplex audio in current? Daniel
strange pfctl output
Hi! I'm having this problem: # pfctl -sr |fgrep ftp [...] pass out on rl0 inet proto tcp from ip to __automatic_39c048b4_0 port = ftp flags S/SA keep state What is that automatic stuff? I wish to see the corresponding (below) rules' entries in pfctl's output. The corresponding rules in the pf.conf would be: pass out on $ext_if inet proto tcp from $ip to anga.funkfeuer.at port ftp pass out on [...] to ftp.openldap.org port ftp pass out on [...] to ftp.postgresql.org port ftp pass out on [...] to ftp.pureftpd.org port ftp etc... Daniel
[no subject]
Hi! Anyone experiencing or experienced segfaults with openldap using the bdb backed? I'm using -current ports tree, and built the openldap-{client,server}, dbv4 and cyrus-sasl2 packages from there. I will certanly provide much more info, I just want to know if there are other people out there who are experiencing this same behaviour. Thanks! Daniel
openldap with dbv4 crash
Hi (again, sorry, now with Subject)! Anyone experiencing or experienced segfaults with openldap using the bdb backed? I'm using -current ports tree, and built the openldap-{client,server}, dbv4 and cyrus-sasl2 packages from there. I will certanly provide much more info, I just want to know if there are other people out there who are experiencing this same behaviour. Thanks! Daniel
Re: openldap with dbv4 crash
On Sat, 29 Dec 2007 13:41:06 -0600 Vijay Sankar [EMAIL PROTECTED] wrote: On December 29, 2007 11:23:19 am Daniel wrote: Hi (again, sorry, now with Subject)! Anyone experiencing or experienced segfaults with openldap using the bdb backed? I'm using -current ports tree, and built the openldap-{client,server}, dbv4 and cyrus-sasl2 packages from there. I will certanly provide much more info, I just want to know if there are other people out there who are experiencing this same behaviour. Thanks! Daniel No problems here so far, my test servers are running -current as of Thu Dec 27 13:53:57 CST 2007. slapd and slurpd are OK and replication is also working well. No seg faults yet. Can you tell me which FLAVOR are you using with dbv4 and openldap? Daniel
Re: openldap with dbv4 crash
On Sat, 29 Dec 2007 15:49:20 -0600 Vijay Sankar [EMAIL PROTECTED] wrote: On December 29, 2007 02:15:15 pm Daniel wrote: On Sat, 29 Dec 2007 13:41:06 -0600 Vijay Sankar [EMAIL PROTECTED] wrote: On December 29, 2007 11:23:19 am Daniel wrote: Hi (again, sorry, now with Subject)! Anyone experiencing or experienced segfaults with openldap using the bdb backed? I'm using -current ports tree, and built the openldap-{client,server}, dbv4 and cyrus-sasl2 packages from there. I will certanly provide much more info, I just want to know if there are other people out there who are experiencing this same behaviour. Thanks! Daniel No problems here so far, my test servers are running -current as of Thu Dec 27 13:53:57 CST 2007. slapd and slurpd are OK and replication is also working well. No seg faults yet. Can you tell me which FLAVOR are you using with dbv4 and openldap? Daniel Hopefully I did not misunderstand your question. Here is what I did: env FLAVOR=bdb make package ls -l /usr/ports/packages/i386/all/openld* -rw-r--r-- 3 root wheel 1244876 Dec 27 14:41 openldap-client-2.3.33p0.tgz -rw-r--r-- 3 root wheel 916837 Dec 27 14:44 openldap-server-2.3.33p2-bdb.tgz Then I just did a pkg_add for openldap-server-2.3.33p2-bdb.tgz. The db package was db-4.6.21. Same here, but I get reproducible segfault :\ And it is caused by dbv4 unfortunately. I would have tried with a newer openldap (2.3.40), but from 2.3.39, openldap doesn't support db-4.6, only 4.2-4.5. So I'm kind of stuck here. I think I going to have to try out openldap 2.4. Daniel
Re: openldap with dbv4 crash
Vijay Sankar mrta: On December 30, 2007 08:03:09 pm Stuart Henderson wrote: On December 29, 2007 11:23:19 am Daniel wrote: Hi (again, sorry, now with Subject)! Anyone experiencing or experienced segfaults with openldap using the bdb backed? I'm using -current ports tree, and built the openldap-{client,server}, dbv4 and cyrus-sasl2 packages from there. openldap 2.3 doesn't support newer db 4.6 versions (should fail the regression tests). Yes, indeed, looking at this commit: http://www.openldap.org/devel/cvsweb.cgi/configure.diff?r1=1.598.2.40r2=1.598.2.41hideattic=1sortbydate=0 there's support in 2.4 but iirc it's not a simple thing to backport. Why should we backport the db4.6 support? We just need to use 2.4. Thanks very much for this information. Not sure how to help, but I am not seeing any seg faults so far. If there is something helpful for me to do, please advise. It is not clear from Daniel's message as to whether there is any specific thing that causes the seg fault or whether slapd just simply does not start. Below I will write down how to reproduce the crash on an i386 machine, openldap compiled from ports, with FLAVOR=bdb. Start with a fresh database directory, use the stock DB_CONFIG options, and of course the bdb backend. Add just the root dn, with the domaincomponent attributes ie. dn: dc=domain,dc=com, and a rootdn account. Now test it with a simple ldapsearch command (eg. filter (objectclass=*), it succeeds. Exit from slapd, then restart it, with the same slapd.conf as before. Now do that simple ldapsearch again, and then slapd will segfault. Doing a not so informative gdb with slapd, it shows that it crashes with the libdb libraries. Changing the database backend to ldbm solves the problem, what also supports this theory. In the above example, it doesn't matter if one use TLS or not. With openldap-2.4, one can not use the ldbm backend anymore, but there is no need to, because the bdb backend is working with it. [...] Normally I use packages. But some time ago, I was able to use syncrepl with OpenLDAP 2.3.33 and used the following ./configure command to build from source. env CPPFLAGS=-I/usr/local/include/db4 -I/usr/local/include/sasl \ LDFLAGS=-L/usr/local/lib/db4 -L/usr/local/share/libtool/libltdl -L/usr/local/lib/sasl2 -L/usr/local/lib\ ./configure \ --prefix=/usr/local \ --enable-slapd \ --enable-cleartext \ --enable-crypt \ --enable-rewrite \ --enable-wrapper \ --with-cyrus-sasl=yes \ --enable-spasswd \ --enable-dnssrv \ --enable-ldap \ --enable-ldbm \ --enable-bdb \ --enable-meta \ --enable-null \ --enable-passwd \ --disable-ipv6 \ --disable-shell \ --enable-slurpd \ --enable-overlays=mod \ --with-tls \ --disable-sql Is this correct? Should I make any changes? Please let me know. Same here, almost. Thanks very much, Vijay
Re: openldap with dbv4 crash
On Wed, 2 Jan 2008 11:13:26 -0600 Vijay Sankar [EMAIL PROTECTED] wrote: On December 31, 2007 06:59:06 am Vijay Sankar wrote: env CPPFLAGS=-I/usr/local/include/db4 -I/usr/local/include/sasl \ LDFLAGS=-L/usr/local/lib/db4 -L/usr/local/share/libtool/libltdl -L/usr/local/lib/sasl2 -L/usr/local/lib\ ./configure \ --prefix=/usr/local \ --enable-slapd \ --enable-cleartext \ --enable-crypt \ --enable-rewrite \ --enable-wrapper \ --with-cyrus-sasl=yes \ --enable-spasswd \ --enable-dnssrv \ --enable-ldap \ --enable-ldbm \ --enable-bdb \ --enable-meta \ --enable-null \ --enable-passwd \ --disable-ipv6 \ --disable-shell \ --enable-slurpd \ --enable-overlays=mod \ --with-tls \ --disable-sql [...] The OP said that his ./configure command was almost the same as what I did above but did not bother to say what the difference was. I followed the settings that Marc Balmer had in ports and so I wonder whether that is why I haven't seen any problems yet. Okay then: ./configure \ --prefix=/usr/local --sysconfdir=/etc --localstatedir=/var \ --enable-shared --disable-static \ --enable-rewrite --without-cyrus-sasl --disable-ipv6 \ --enable-ldap --with-tls=openssl Basically no backends were compiled in except bdb,hdb,monitor,relay and ldap. But really, I don't think these configure options are relevant, because the crash happens with the db-4.6 libraries (according to gdb). Usually, I have problems even when no one else has any issues so I am surprised to not have had a crash or any problems at all when I should have had seg faults! I am using all the samba-related schemas PLUS slurpd and I am still not seeing segfaults with OpenLDAP 2.3.33p2 and DB 4.6. I am not new to OpenBSD (have used it since 2.8 and have the CD's to prove it :) but don't know whether I have somehow made a mistake in compiling userland or whether there is some other issue involved that is making use of older versions of DB4. Can you try executing ldd(1) on slapd. Is it linked against the 4.6 db libraries? Daniel
sendmail in base not supporting AUTH?
Hi! I wish to use sendmail in base to use a SMART_HOST (my isp's smtp server), and that SMART_HOST requires authentication. I was told that sendmail must be compiled with SASL support even if it is only acting as and smtp client when using AUTH. Is it right? Am I stuck here, and won't be able configure sendmail to support AUTH as an smtp client? Thanks! Daniel
Re: kword crashes instantly when print or print preview selected
Hi Dave, On Mon, Aug 15, 2005 at 06:57:27PM -0500, Dave Feustel wrote: I'm running 3.7 release with the koffice package installed. This is 100% repeatable. Has anyone else seen this? Yes. It's probably related to cups. Provided you do not insist on using cups with kde, try this: create a file .kde/share/config/kdeprintrc in your home-directory and put the following lines into it: [General] PrintSystem=lpr You can then uninstall cups, if you don't need it otherwise. HTH, Regards, Daniel
isakmp vpn configuration
Hi there I have an OpenBSD box that is configured as firewall and vpn gateway. The box has two physical interfaces. One interface is the WAN interface that connects to the internet. The other interface connects to the LAN switch and has defined several virtual VLAN interfaces for different LAN subnets. The basic vpn configuration works. I can connect with the Greenbow vpn client from Windows host and reach the hosts on the LAN interfaces. In the Greenbow vpn client configuration I can define the subnet to which I want to tunnel to. So if I define the subnet of the vlan 2 interface in the Greenbow vpn client, I can reach the hosts that are in the vlan 2 subnet, if I define the subnet of the vlan 3 interface, I can reach the hosts that are in the vlan 3 subnet. I have no control to which subnet the vpn client has access. My isakmpd.conf looks like thist: # # Defaults section # [General] Default-phase-1-lifetime= 3600,60:86400 Default-phase-2-lifetime= 1200,60:86400 # --- # Connections # --- [Phase 1] Default=ISAKMP-clients [Phase 2] Passive-Connections=IPsec-clients # - # Phase 1 peer sections # - [ISAKMP-clients] Phase= 1 Transport= udp Configuration= default-main-mode Authentication= mekmitasdigoat # # Phase 2 sections # [IPsec-clients] Phase= 2 Configuration= default-quick-mode Local-ID= default-route Remote-ID= dummy-remote # -- # Client ID sections # -- [default-route] ID-type=IPV4_ADDR_SUBNET Network=0.0.0.0 Netmask=0.0.0.0 [dummy-remote] ID-type=IPV4_ADDR Address=0.0.0.0 [default-main-mode] DOI=IPSEC EXCHANGE_TYPE= ID_PROT Transforms= AES-SHA-GRP2 [default-quick-mode] DOI=IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-AES-SHA-PFS-GR2-SUITE I have tried to change Network and Netmask in the [default-route] section from 0.0.0.0 to the network and netmask of one of the vlan subnetworks, but it does not help. I can still connect to the other subnet if I define them in the client. Anyone knows how I can restrict access to only one of the vlan subnets? Thanks, Daniel
Re: isakmp vpn configuration
Hi Joel j knight [EMAIL PROTECTED] wrote: I have tried to change Network and Netmask in the [default-route] section from 0.0.0.0 to the network and netmask of one of the vlan subnetworks, but it does not help. I can still connect to the other subnet if I define them in the client. Anyone knows how I can restrict access to only one of the vlan subnets? I don't know why those changes aren't working, however, have you tried: - setting a policy via isakmpd.policy that restricts 'remote_filter' No. I will try that. - blocking traffic using pf Yes, I have tried to filter on VPN client ip addresses on the enc0 interface. This works, but the problem is that not all users should be allowed to do the same things. Since the VPN client ip address can be chosen arbitrary on the VPN client, the user can chose an ip address that is allowed to do what he wants to do. Therefore it is not secured, the user has just to know which ip address has full access, and he can access all he wants on all vlans. Thanks, Daniel
Re: Migration to PF - some questions
Stephan A. Rickauer wrote: Gaby vanhegan wrote: $if_in=xl0 $if_out=xl1 pass in on $if_in keep state pass out on $if_out keep state Ok, let's stick to that example. Imagine a firewall having three interfaces connecting Internet, LAN and DMZ. When I would like to allow SMTP traffic to my mail server in the DMZ, from LAN _and_ Internet, where would you filter? Thanks, int_if=xl0 ext_if=xl1 dmz_if=xl3 mail_server=192.168.0.1 pass in on { $int_if, $ext_if } proto tcp from any to $mail_server port smtp keep state
passive ftp-ssl client behind OpenBSD 3.7 NAT/pf
Is it possible to get such a client running in passive mode using pf rdr/rules? I understand that I can't use ftp-proxy for this b/c the PORT command coming back from the FTP server is encrypted. Is there any way to do this? thanks Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: passive ftp-ssl client behind OpenBSD 3.7 NAT/pf
Hi Ed thx for the reply. First I should mention that all non-ssl ftp traffic works great through the firewall (setup according to FAQ on openbsd site). My setup is: my client - my nat'd OpenBSD - internet - remote ftp-ssl server I don't have any control over the remote server. The client simply hangs saying Connected to server on port 21. Waiting for response I did a tcpdump on the internal nic during a connection attempt from the client: tcpdump -ttt -n -i vr0 host remote_ip Sep 23 19:01:51.887070 192.168.1.111.1156 remote_ip.21: S 34496577:34496577(0) win 8192 mss 1460 (DF) Sep 23 19:01:51.887122 remote_ip.21 192.168.1.111.1156: S 2282047294:2282047294(0) ack 34496578 win 16384 mss 1460 Sep 23 19:01:51.887433 192.168.1.111.1156 remote_ip.21: . ack 1 win 8760 (DF) Sep 23 19:02:56.887799 192.168.1.111.1156 remote_ip.21: F 1:1(0) ack 1 win 8760 (DF) Sep 23 19:02:56.887840 remote_ip.21 192.168.1.111.1156: . ack 2 win 17520 and another on the external nic at the same time: tcpdump -ttt -n -i fxp0 host remote_ip Sep 23 19:01:51.891462 my_external_ip.63441 remote_ip.21: S 3772606012:3772606012(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 3166560978 0 (DF) Sep 23 19:01:57.883262 my_external_ip.63441 remote_ip.21: S 3772606012:3772606012(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 3166560990 0 (DF) Sep 23 19:02:09.883267 my_external_ip.63441 remote_ip.21: S 3772606012:3772606012(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 3166561014 0 (DF) Sep 23 19:02:33.883268 my_external_ip.63441 remote_ip.21: S 3772606012:3772606012(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 3166561062 0 (DF) I would appreciate if anyone can help me understand the tcpdump output. thx Click here to donate to the Hurricane Katrina relief effort.
Which SATA controller to purchase
I have an i386 file server running OpenBSD 3.7-release. I want to add an SATA drive to the system. Since the motherboard does not have SATA built-in, i need to purchase a controller card. I notice on http://www.openbsd.org/i386.html that a number of SATA chips are supported, though many will require an upgrade to -current or 3.8 when it is released (either of which i would be willing to do if necessary). My question is, given a chip number listed on i386.html, how do i find out what products the chip is used in? For example, i was looking at the Promise SATA 150TX4 and i have not yet been able to find what chip that controller uses. Any suggestions on what controller card i should get? Dan Ramaley Network Programmer/Analyst (515) 271-4540 Dial Center 118, Drake University
Re: Which SATA controller to purchase
On Monday 26 September 2005 20:10, you wrote: Try this one out for size, I can vouch that it's super http://www.lsilogic.com/products/megaraid/sata_150_4.html Brandon Is there an LSI SATA card that doesn't have RAID and works with OpenBSD? I don't want RAID support, so buying an expensive ($216 on newegg.com) card doesn't sound like a good deal. Dan Ramaley Network Programmer/Analyst (515) 271-4540 Dial Center 118, Drake University
Compatibility question for the New Sun X4100 server with 4FastEthernet as possible BGP routers, or stick with HP DL-145 G2?
Hi, I am stuck with many Cisco routers 7206 VXR that now run at 100% CPU process time to time. The BGP table grow to a level that when combine with a few access list on these routers, it now run out of steam! At a minimum, more then I would like to see anyway! I guess no one will be surprise on that! So, I need to convert them in dummy aggregation router for T1's, etc but without BGP or anything else on them for that matter, until I can get a few good and tested cards for channel DS3 and the like that will work well in OpenBSD. I am stuck on this one and at the same time please to replace more Cisco gear! However, picking the best servers for this is also important. I was looking at the HP DL-145 G2 with SCSI on them and I also saw the new Sun X4100. I really would need a minimum of 4x 10/100/1000 Ethernet ports in these boxes. So, hopefully someone will be able to answer this question for me. Looking at the less then complete technical information on the Sun server, I don't see the details of the chip set use in that server, network card, etc. So, I can't search to see if OpenBSD may work on it or not. Google haven't return query with the X4100 and OpenBSD yet on this as well. To new most likely. So, is anyone can actually confirm or deny if OpenBSD actually work well on this new Sun or not at all, or stay away from it, it would be greatly appreciated! I saw a few posts on the Sun DL-145 G2 and looks like issues are solve with it and Brad work for the Broadcom network cards look like a success, but I am not 100% sure on the SCSI yet however. I need to read more on that. I do use the DL-145 with great please so far, so I may be incline to stick with HP, but the Sun default 4x Ethernet ports did attract me however! Any word of wisdom on my best bet? I need 8 of these new servers to start with, so I sure want to be sure to pick them right. Throwing money down the tube is not my forte if you know what I mean! May be someone know something even better for this stuff? I saw posts from Henning for best network cards, still true and what about a 4x ports in these new servers? Many thanks for your input and your time as well! Daniel
Re: Printer setup
The last time i had to use a non-postscript printer with OpenBSD i used foomatic. Since i was not familiar with the software, it was a bit of a pain to set up. But like most other software on OpenBSD, once i had it configured properly it worked without any problems. Just curious, why don't you want to use foomatic? I haven't tried using cups on OpenBSD, though i have successfully configured cups on Debian Linux, with commands similar to this: # gunzip -c /usr/share/ppd/Brother/Brother-HL-1430-hpijs.ppd.gz \ /tmp/out.ppd # lpadmin -p lp -E -v /dev/lpt0 -P /tmp/out.ppd -D Brother HL-1430 \ -L Local Printer # lpoptions -p lp -o page-left=18 -o page-right=18 \ -o page-top=18 -o page-bottom=18 -o cpi=12 -o lpi=7 On my machine there are 3 different PPD files for the Brother HL-1430, each with one of either hl1250, hpijs, or ljet4 in their name. I'm not sure which one you actually want but you should be able to find them online; if not e-mail me privately and i can send them to you (please note however that using files from random strangers on the internet poses significant security risks). On Friday 30 September 2005 07:12, you wrote: I have been trying to setup a brother HL-1430 printer on OpenBSD 3.7 but has been told it is near impossible. I have installed cups but I am not sure if it is better to use it. I can locate the printer on /dev/lpt0 and it's in dmesg. From that and getting some actually printing done, I haven't been able to find anything usefull on google except this http://www.jakemsr.com/openbsd/foomatic.html, which wasn't what I had in mind. Where to go from here? I have no prior experience with lp(d) but have setup cupsd on other nix's before. Dan Ramaley Network Programmer/Analyst (515) 271-4540 Dial Center 118, Drake University
Re: Compatibility question for the New Sun X4100 server with 4FastEthernet as possible BGP routers, or stick with HP DL-145 G2?
Henning Brauer wrote: I am more curious about the 2100 actually. Finally a vendor got it and made a (apparently) decent single-CPU amd64 1U machine with a reasonable price tag. I am uncertain what chipset they use, might be nForce, might I like the 2100 better, but was looking at the 4100 ONLY because of the 4 built in GigEs. Never to many Ethernet cards when use as a router! (; I would actually love a box with 8x and one with 8 fiber ports. That would be sweet! But you got me thinking twice now!
BGP session clear by remote end when MD5 is configure AND the session was initiate from OpenBSD side failed and do not recover.
I am not sure that this is normal for routers configure with MD5 or not to react like this. Both side can and should be allow to initiate the bgp session. But when the session is not initiate from bgpd, then unexpected results occur. OpenBSD --- Cisco routers. With MD5. If the session is initiate from the OpenBSD side (tcp/xxx - to tcp/179) on a remote Cisco router, then any 'bgpctl neighbor x.x.x.x clear' on that remote router will work and the session clear and comes back instantly. Great! However if the session in that condition is clear from the Cisco side (clear ip bgp x.x.x.x), then the OpenBSD side doesn't really reset the session and it will continue to expect the packets on the same return port tcp/xxx oppose to accept the new session on the port 179 that is initiate at that time from the remote side and then reply to the tcp/xxx request port. When the session is reset from the remote side, then it should become Cisco - OpenBSD with ( tcp/xxx to tcp/179) so the 179 port should be on the OpenBSD side then no? Then you will start to get the error in the log like this: %TCP-6-BADAUTH: No MD5 digest from OpenBSD(179) to Cisco(48384) (RST) where the OpenBSD is the OpenBSD IP's and same for the Cisco IP's. Also, I haven't been able yet to establish a session where the Cisco side would initiate the session and then the OpenBSD side would be the remote side when the MD5 is configure. It may be possible and sure should be, but I haven't been able to yet. I can provide more details if need be, or tests more as well, but that's in short what is going on. It's been many days so far and that what I found on why my sessions with MD5 are not coming up, or when clear doesn't come back to live. Looks to me like the bgpd wants to be the initiator of the connection every time and then it will work for itself well. Is it the case here? I started to check deeper when I realize that one side always reset the session quicker then the other without MD5 and then got stuck when MD5 is in use. This is on 3.7 and I had what look like the same problem with 3.6 and 3.8-current ( sep 29). Am I missing something here? Was the the intention from the start? Many thanks for putting some light on this for me. Daniel
Re: Kprinter in KDE fails
Hi, On Mon, Oct 03, 2005 at 02:29:55PM +0200, [EMAIL PROTECTED] wrote: I have managed to get OpenBSD printing with CUPS from the packages, but if I try to start kprinter in KDE it crashes. Every other application in KDE crashes too with I try to use print from the file menu. Is this a common problem in KDE on OpenBSD? Have I missed something? I have testet this on two different installations and it's the same result. Seen this too, check this post: http://marc.theaimsgroup.com/?l=openbsd-miscm=112422708302678w=2 Regards, Daniel
Re: OpenBSD and KDE printing
Hi, On Sun, Oct 02, 2005 at 04:48:13AM +0200, [EMAIL PROTECTED] wrote: During this test I found that every single program, started from within KDE, crashes when I use the print option from (in most cases) the file menu. Kprinter crashes too. This is with or without any cups service running. Check this post: http://marc.theaimsgroup.com/?l=openbsd-miscm=112422708302678w=2 Regards, Daniel
Re: BGP session clear by remote end when MD5 is configure AND the session was initiate from OpenBSD side failed and do not recover.
More on this with test results, example, setup use, and more details. The short of it is that bgpd will not establish an MD5 connection as slave ever! So, if you do get an MD5 session in normal operation, it may well not stay stable at all depending of bgp flap and who will try to become master after a flap. You may end up with bgp down until human action is perform to get it back up from both side of the session. How did I show that. Checking the various possibility without MD5 configure and then ONLY adding the MD5 on the working setup. Tested summary. Try to see the results when one side is always force to be master or slave and see the impact of it. Also, make sure that after a reset the master will stay the master. The use of filter will accomplish this to try to isolate a possible problem. Please read on, as I think this show the situation as is. Daniel == Without MD5 configure. With bgpd master Clear session from bgpd side, session comes back up right away. Clear session from remote side, session comes back up with delay. With bgpd slave Clear session from bgpd side, session comes back up with delay. Clear session from remote side, session comes back up with possible very long delay. Much bigger then when master. Now with MD5 configure. We only add tcp md5sig password test on bgpd side and neighbor 66.63.12.108 password test on the Cisco side. With bgpd master Clear session from bgpd side, session comes back up right away. Clear session from remote side, session comes back up with possible very long delay. With bgpd slave Just can't establish a session what so ever! The Cisco side will get stuck in the OpenSent mode and cycle a few times all without success. 66.63.12.1084 65001 0 1000 neverOpenSent The OpenBSD side will show an active session, but not up yet obviously: dev1# bgpctl s neigh 66.63.12.107 BGP neighbor is 66.63.12.107, remote AS 65001 Description: iBGP Test BGP version 4, remote router-id 0.0.0.0 BGP state = Active Last read Never, holdtime 240s, keepalive interval 80s Message statistics: Sent Received Opens1 0 Notifications0 0 Updates 0 0 Keepalives 0 0 Route Refresh0 0 Total1 0 Local host: 66.63.12.108, Local port:179 Remote host: 66.63.12.107, Remote port: 56923 And the Cisco side will keep cycling there from active to open and back to active to open, etc. 66.63.12.1084 65001 0 2000 neverActive Now looking at the logs from each side. OpenBSD try to use the port tcp/56923 and from the Cisco side we see this error: 35: *Oct 5 13:38:43.503 EDT: %TCP-6-BADAUTH: No MD5 digest from 66.63.12.108(179) to 66.63.12.107(56923) (RST) 36: *Oct 5 13:38:44.503 EDT: %TCP-6-BADAUTH: No MD5 digest from 66.63.12.108(179) to 66.63.12.107(56923) (RST) Looks like the OpenBSD side do not provide the MD5 to the Cisco to establish the session. It doesn't matter if I clean the session from the Cisco side, or the bgpd side, order, etc. Both side, many times, what ever. It will simply not come up! Even reloading the Cisco router and killing the bpgd and starting new, it will not come up! Always the same errors in the logs. No MD5 digest received from the OpenBSD side looks like. === Why is bgpd will not establish a session as slave when MD5 is configure even if the RFC said both sides should be allow to do so? bgpd wants to be the master every time? Something sure looks weird here. Setup and tests done with results. OpenBSD 3.7 and Cisco 5350 connected via Fast Ethernet switch. OpenBSD - switch - Cisco 5350 BGP minimal configurations used: OpenBSD side: dev1# more /etc/bgpd.conf # Macros Peer_Test=66.63.12.107 # Default global configuration holdtime 30 holdtime min 10 listen on 66.63.12.108 AS 65001 router-id 66.63.12.108 # List of networks to announce from the router. network 10.0.1.0/24 # neighbors and peers group Peering iBGP on AS65001 { remote-as 65001 local-address 66.63.12.108 announceall neighbor $Peer_Test { descr iBGP Test } } == Cisco side: router bgp 65001 no synchronization bgp log-neighbor-changes network 10.0.0.0 mask 255.255.255.0 neighbor 66.63.12.108 remote-as 65001 neighbor 66.63.12.108 version 4 neighbor 66.63.12.108 soft-reconfiguration inbound no auto-summary === Filters used and apply to the Fast Ethernet configuration of the Cisco router like this: interface FastEthernet0/0 description Connection to OpenBSD Test Lab ip address 66.63.12.107 255.255.255.192 ip access
Re: BGP session clear by remote end when MD5 is configure AND the session was initiate from OpenBSD side failed and do not recover.
Claudio Jeker wrote: With bgpd master Clear session from bgpd side, session comes back up right away. Clear session from remote side, session comes back up with delay. With bgpd slave Clear session from bgpd side, session comes back up with delay. Clear session from remote side, session comes back up with possible very long delay. Much bigger then when master. I think this is fixed in -current. Henning commited something to make the delays on neighbor clears faster. My first tests was done with current (sep 29), but with a small difference in the setup lab. It was done in live network. But I will sure redo it again. It's to important to me for not be 150% sure it's working well. So far, it just wasn't. I have well over 100+ peer sessions, of witch ~70+ are using MD5 and I can't not have them stable. Plus I have no choice as well to either buy bigger Cisco routers, and hell I don't want that! Or use OpenBSD and that's what I want. I ma fed up with CPU limitation power of Cisco and I will kiss them goodbye! Even reloading the Cisco router and killing the bpgd and starting new, it will not come up! Always the same errors in the logs. No MD5 digest received from the OpenBSD side looks like. It looks like the tcpmd5 is enabled to late when opeining a session. I try to have a look at it. You have no idea how much I would appreciate that! I started to look at the code, but that's a long process for me. === Why is bgpd will not establish a session as slave when MD5 is configure even if the RFC said both sides should be allow to do so? bgpd wants to be the master every time? Something sure looks weird here. That's more like a bug. Btw. MD5 between to bgpd is working, at least it works for me. That's what I thought, but I know better then starting to say there is a bug. Before I do, I sure want to be sure, but it does look like it to me however so far. My tests so far show that you can have MD5 as long as OpenBSD is master, but clear sessions, depending with side initiate it, doesn't come back in one case and are slow in the other. (That was with 3.7 for my last tests on this one) Will redo. == But it should be establish however for MD5 for sure as any sides can be the master in a bgp session. However, not here? Comments on this? I think my tests are valid. Am I doing something I should be doing here? I don't think so, but that's what I found so far and why I can't keep a stable session with MD5 enable on it. For me it looks like a bug for now. Same thought here. Daniel
Re: BGP session clear by remote end when MD5 is configure AND the session was initiate from OpenBSD side failed and do not recover.
Claudio Jeker wrote: On Wed, Oct 05, 2005 at 06:33:05PM -0400, Daniel Ouellet wrote: == Without MD5 configure. With bgpd master Clear session from bgpd side, session comes back up right away. Clear session from remote side, session comes back up with delay. With bgpd slave Clear session from bgpd side, session comes back up with delay. Clear session from remote side, session comes back up with possible very long delay. Much bigger then when master. I see similar delays with my test setup. Most of the time it takes longer for a session to come back up because of different timers that are run. After a clear a reopen is tried immediately and that is most often blocked. In my case the cisco seems to be to slow to close the session in time for the reopen. It also matters where you close the connection because in one case the idle timer is run (30s) instead of the connect retry timer (120s). Also the idle timer has starts to grow if you flap the session often. The interesting facts here for me were how different it was for each side. I did this many times 10x+ on each setup to see. bgpd master to Cisco and clear from bgpd side to Cisco, the Cisco session comes back up instantly. As for Cisco master initiate clear to bgpd, was the slowest by far. I mean much longer. The other two possibilities are pretty much equal. It was interesting finding never the less. Why, I am not sure however. Now with MD5 configure. We only add tcp md5sig password test on bgpd side and neighbor 66.63.12.108 password test on the Cisco side. With bgpd master Clear session from bgpd side, session comes back up right away. Clear session from remote side, session comes back up with possible very long delay. With bgpd slave Just can't establish a session what so ever! The Cisco side will get stuck in the OpenSent mode and cycle a few times all without success. 66.63.12.1084 65001 0 1000 neverOpenSent I can't reproduce this. On my test setup all session come back up. I will try current again, and send even more details on my setup, or if you ever want to check it out, I have no problem what so ever to provide you access to both boxes directly for you to check it out as well. Just say the words if interested? I try Cisco IOS 12.3x and 12.4x, same results so far. Now looking at the logs from each side. OpenBSD try to use the port tcp/56923 and from the Cisco side we see this error: 35: *Oct 5 13:38:43.503 EDT: %TCP-6-BADAUTH: No MD5 digest from 66.63.12.108(179) to 66.63.12.107(56923) (RST) 36: *Oct 5 13:38:44.503 EDT: %TCP-6-BADAUTH: No MD5 digest from 66.63.12.108(179) to 66.63.12.107(56923) (RST) This is a Cizzz-coee / RFC feature. They enforce a TCP MD5 digest on TCP RST packets. Now that's just stupid because it is not possible to do that in some cases because the other side does not know the key at that time (e.g. to signalize that the port is unavailable). In your case this means that somehow the connection from the cisco to your OpenBSD box is blocked or there is nothing listening on port 179. Last tests at ~5 AM this morning, still show me this and nothing was in the path for blocking it a tall. I will recheck as it's been a few days without sleep so far, so I admit, I could start to be fussz a bit. Lack of sleep, but I will make sure before saying false things here. But in any case, not that I like it what so ever, I am not sure of the Cizzz-coee stuff. The sad thing is that they have a huge portions of the Internet routers still, hopefully changing quickly, but still, we need to interact with them a lots. Looks like the OpenBSD side do not provide the MD5 to the Cisco to establish the session. OpenBSD only misses the MD5 digest on the RST packets and that is actually OK. RFC 2385 actually mentions this special case in 4.1: A connectionless reset will be ignored by the receiver of the reset, since the originator of that reset does not know the key, and so cannot generate the proper signature for the segment. This means, for example, that connection attempts by a TCP which is generating signatures to a port with no listener will time out instead of being refused. Similarly, resets generated by a TCP in response to segments sent on a stale connection will also be ignored. Operationally this can be a problem since resets help BGP recover quickly from peer crashes. I can deal with that delay and I agree that it makes sense to refuse the reset, or ignore it, however, looks like so far, the session doesn't resets. May be because it does receive message still from the Cisco side on wrong ports, but somehow see it as keep alive. I really don't know what I am saying here, just a weird thoughts, but so far the results are that it doesn't resets. I will tests in more details again. But just know that something is not active in the best interest of the session here
Re: The Wikipedia article on OpenBSD
Chris Zakelj wrote: Jan Izary wrote: Recently I and several other people have worked to improve the OpenBSD article contained in the Wikipedia, I'm sure I need not explain how it works. Anyways, I've worked to get as much easily accessable information regarding OpenBSD in that article as possible and I've pretty much run into a wall, I've got little else I can add. I am putting a call out to the OpenBSD community at large to give a look at the article and see if they can improve it, fleshing out anything that has gaps and explaining some of the more complex concepts. Things like OpenBSD centred screenshots would be nice if people would be willing to upload them and list them in the gallery. I would have put this on the advocacy list, but really it seems to be dead and most advocacy seems to run through the misc list. Thanks http://en.wikipedia.org/wiki/OpenBSD Looks pretty good. My only suggestions would be to note that Nick handles the official FAQ, and adding Daniel Ouellet as the organizer/caretaker of the unofficial user's library. If you have any article(s) that you want to find a home for, I would be more then happy to provide it! Contributions have been rare, so calls was maid before, many times in fact. But actual contributions were very fare in between. I do have two or three articles now that are waiting my free time to be posted, I apologies to the brave soles that actually send them to me! My apology guys, but I haven't forgotten them trust me. As for more place to post things, my own view and that doesn't represent anyone else views, is that we sure don't need to duplicate efforts. The locations are available, up to the users to make it happen. Again, great stuff directly for the system that deserve a place on OpenBSD.org, should be sent to the always ready and incredibly brave sole of Nick if that's a great quality for the FaQ. He sure will tell you if it is. But first, read his requirements here: http://www.holland-consulting.net/obsd/faq-help.html Then send what you have based on that, either to him, if it is FaQ stuff and of great quality, or me if that doesn't apply to the FaQ and we will find it a home. Daniel
Re: BGP session clear by remote end when MD5 is configure AND the session was initiate from OpenBSD side failed and do not recover.
Claudio Jeker wrote: On Wed, Oct 05, 2005 at 06:33:05PM -0400, Daniel Ouellet wrote: Now with MD5 configure. We only add tcp md5sig password test on bgpd side and neighbor 66.63.12.108 password test on the Cisco side. With bgpd master Clear session from bgpd side, session comes back up right away. Clear session from remote side, session comes back up with possible very long delay. With bgpd slave Just can't establish a session what so ever! The Cisco side will get stuck in the OpenSent mode and cycle a few times all without success. 66.63.12.1084 65001 0 1000 neverOpenSent I can't reproduce this. On my test setup all session come back up. Configuration with MD5. Well, let see if this help or not. Two example below. One might not be very elegant, but I think it may well show the problem. I force the bgpd to try to be slave using some filter on the Cisco router. The filter WILL be temporary in my case anyway as I want the session to be stuck in OpenSent mode and then at that time I will remove the filter an sit back and watch. So, what happen is that the session will never come up, I think it should anyway, but it doesn't. Then when I see on the Cisco router OpenSent, I will simply remove the filter to be 100% sure nothing is blocking the regular traffic and see if the session can recover. It doesn't. So, I use this filter to force this stage on the Interface facing the bgpd. ip access-list extended bgpd-slave permit tcp any eq bgp any neq bgp deny tcp any neq bgp any eq bgp permit ip any any and apply it like this interface FastEthernet0/0 description Connection to OpenBSD Test Lab ip address 66.63.12.107 255.255.255.192 ip access-group bgpd-slave in I save my config and to be ultra sure nothing else interfere, I simply reload. No need to do that and it is stupid anyway, but just to be paranoid here I do that. After I can ping the Cisco for a few seconds, I initiate my bgpd on both version of OpenBSD and then when I see the OpenSent stage on the Cisco router, because even if it should establish a slave connection with this filter, it doesn't. Why, I wish I knew, but anyway it doesn't. Then when in OpenSent mode, I remove the filter for the interface totally to be sure nothing is in the way. Also, remember no pf is running as well and the two server are fresh install with nothing on them other then they install and then configuring the bgpd. That's it. So, when I see: NeighborVAS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 66.63.12.1064 65001 0 1000 neverOpenSent 66.63.12.1084 65001 0 1000 neverOpenSent I do no ip access-group bgpd-slave in on my fast Ethernet interface and the sit back. Nothing will ever happen here. No session will ever get up. Never! It will cycle in close - idle - active - OpenSent and then stay there for a few minutes and then cycle again to the same point and do that over and over again. What I see on the OpenBSD on 3.7 is # bgpctl s neigh 66.63.12.107 BGP neighbor is 66.63.12.107, remote AS 65001 Description: iBGP Test BGP version 4, remote router-id 0.0.0.0 BGP state = Active Last read Never, holdtime 240s, keepalive interval 80s Message statistics: Sent Received Opens1 0 Notifications0 0 Updates 0 0 Keepalives 0 0 Route Refresh0 0 Total1 0 Local host: 66.63.12.106, Local port:179 Remote host: 66.63.12.107, Remote port: 14670 == and at each cycle of close - idle - active - OpenSent, the port above will changed and in current, after the first cycle, it will show Last error: unknown error code instead and no ports informations and error logs like this: Oct 7 05:44:42 dev2 bgpd[21803]: startup Oct 7 05:44:42 dev2 bgpd[14625]: route decision engine ready Oct 7 05:44:42 dev2 bgpd[16756]: listening on 66.63.12.106 Oct 7 05:44:42 dev2 bgpd[16756]: session engine ready Oct 7 05:44:42 dev2 bgpd[16756]: neighbor 66.63.12.107 (iBGP Test): state change None - Idle, reason: None Oct 7 05:44:42 dev2 bgpd[16756]: neighbor 66.63.12.107 (iBGP Test): state change Idle - Connect, reason: Start Oct 7 05:44:42 dev2 bgpd[16756]: neighbor 66.63.12.107 (iBGP Test): state change Connect - OpenSent, reason: Connection open ed Oct 7 05:44:42 dev2 bgpd[16756]: neighbor 66.63.12.107 (iBGP Test): write error: Invalid argument Oct 7 05:44:42 dev2 bgpd[16756]: neighbor 66.63.12.107 (iBGP Test): state change OpenSent - Idle, reason: Fatal error Oct 7 05:44:49 dev2 ntpd[24590]: adjusting local clock by -170.192293s Oct 7 05:45:12 dev2 bgpd[16756]: neighbor 66.63.12.107 (iBGP Test): state change Idle - Connect, reason: Start Oct 7 05:46
Re: Sun's AMD 64 lineup
OpenBSD Admin wrote: Does anyone have any experience with these sun boxes eg (the 'X' series or aquarius are pretty new; X2100 X4100 X4200 These three are new and not available now. Last time I check with Sun, they will start to ship early November. So, I don't expect to many feedback on these yet! (; v20z v40z The archive provide feedback on them and well as the hardware support page will give you some too. Daniel
Re: Happy Birthday OpenBSD ! 10 years !
Marco Peereboom wrote: Neat now OpenBSD and I share the same birthday :-) Neat in fact! But we won't wish you happy 10th birthday right? Or you sure would have started to bang on that keyboard very early for sure! (; May be that's where some of the early bugs came from! (; Unless you were already thinking OpenBSD before you see the light! (: Always possible I guess... I know some of the OpenBSD guys really spend their life on the project, but that would be way to much... Happy birthday to both of you early then! Daniel
Re: OpenBSD's 10th birthday
Now it is really OpenBSD's 10th birthday ;) Happy birthday OpenBSD! Best wishes from ex-Yugoslavia! And a big thanks to all the people who invested their time in making such a great OS.
Re: BGP session clear by remote end when MD5 is configure AND the session was initiate from OpenBSD side failed and do not recover.
Hi all, Here is my latest update on this one and a work around as well. Not great, but it work for now until this bug is fix. To reproduce the problem, you only need to enable: ip tcp selective-ack on your Cisco router and as soon as you will clean the BGP session setup with MD5 on your OpenBSD from the Cisco side, regardless of OS version, and even on current, it will never comes back to life. The only way would be for you to clear your cisco and when in idle mode, to clear form the OpenBSD side, then and only then will the session will come back up. However, you will still have a LOTS of errors messages in your logs if you look regarding this MD5 session. These don't go away until a reload is done, so on busy network, not very friendly either, nor practical as well. *** This bug ONLY show up when MD5 is configure WITH ip tcp selective-ack *** Without MD5, it's working very well thank you! May be the same bug is there, but just not affecting the session, may be possible, but I do not know that however. My tests didn't show that to be true so far anyway. I have been looking at the code for a few days, and I have to admit, I get lost at times trying to follow it. But it look to me that it would be either in tcp_input.c or tcp_output.c. Most likely in tcp_input.c and in the section that process the reset received command from the remote end. It also have to be when TCP_SIGNATURE is enable as well, so I would assume that it have to be common between the two, but that's just a guess for now. Looking at the standard from the September 81 page 65 to 73, on how the process should be done, look it might be there, but I still haven't fully understood that yet. The tcp_input.c follow that very strictly, but there have to be a step omitted someplace and I can't put my finger on it yet. But look like a possibility of reply to the remote reset with ACK without the MD5 in the packet may be the cause of it, but again, not sure of that fact. Why, no problem to setup the session at the start, and only show the problem when a reset is received at witch point the remote end expect the ack with MD5 and doesn't get it and will stay stuck in FINWAIT1 mode for ever. The OpenBSD show connected stage, but the remote end show OpenSent stage and will stay there. The work around I use for now is to compile a kernel with option TCP_SACK# Selective Acknowledgements for TCP disable. Not great I have to admit, but as I do not control the remote end of multiples peers and some may actually use the ip tcp selective-ack feature on their routers if they try to get more efficiency out of it, I would be the one impacted by this and I can't really see myself telling them not to use it because I have a bug on my side. So, for now, I simply compile a kernel with that TCP_SACK disable and then no selective acknowledgment will be in use and then all peer sessions with MD5 will not suffer this bug. So, if anyone is actually using BGPd on their network AND also use MD5, I would recommend to use for now a kernel without TCP_SACK enable in it if they do not want their bgp session going dead in case of reset from remote end and have to do manual interventions from both side to get it back up. If you are 100% sure that none of your peer actually use this feature, then, you are home free and don't even change anything with it! Hope this help some, it sure helped me. I got stuck with this one and lost a few hairs in the process. (; May be someone with better understanding of the process and specially of the tcp_input.c file might find the reason for this, great. If possible however, if someone find the problem, I would love if I may ask, to give me a bit of feedback if time allow on how the problem was solved as I would love to learn that in the process. I think I am getting close to it, but I can't put my finger on it yet. So, learning from it would be greatly appreciated if you would be so kind! Regards, Daniel
Re: iptables vs pf
I actually was reading a good document on PF tonight and I came across this quote that I think would answer your question as to the difference between iptables and pf. OK, may be it's more poetic, but still I really liked it. Hope it make you think as well! (: And I think it describe it very well if you have played with them! Daniel Quote: Compared to working with iptables, PF is like this haiku: A breath of fresh air, floating on white rose petals, eating strawberries. Now Im getting carried away: Hartmeier codes now, Henning knows not why it fails, fails only for n00b. Tables load my lists, tarpit for the asshole spammer, death to his mail store. CARP due to Cisco, redundant blessed packets, licensed free for me. Jason Dixon, on the PF email list, May 20th, 2004 (http://www.benzedrine.cx/pf/msg04702.html)
Re: [Fwd: Re: Theo, I am truely sorry. You misunderstood me.]
On Thursday 20 October 2005 19:01, you wrote: Currently tracking 30+ pieces of hardware. However, I need help: I need people to email me supported hardware, or use the Submit New Kit link on the page to do it. It's pretty easy, and the only requirement is that you need to have personally witnessed its (correct) operation with some version of OpenBSD, and that it is possible to buy it new. Speaking of which: Which driver supports the Adaptec 1205SA? Anybody? Bueller? Manpages are not forthcoming. I submitted the Adaptec 1205 SA to your list. I put it in my OpenBSD 3.7 machine and it just worked. The drive plugged into the 1205 is wd1. I believe these are the relevant dmesg lines: pciide1 at pci0 dev 16 function 0 CMD Technology SiI3112 SATA rev 0x02: DMA pciide1: using irq 10 for native-PCI interrupt pciide1: port 0: device present, speed: 1.5Gb/s wd1 at pciide1 channel 0 drive 0: ST3400832AS wd1: 16-sector PIO, LBA48, 381554MB, 781422768 sectors wd1(pciide1:0:0): using BIOS timings, Ultra-DMA mode 6 The full dmesg follows, in case what i quoted above isn't sufficient: OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache) 451 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MM X,FXSR real mem = 536453120 (523880K) avail mem = 482713600 (471400K) using 4278 buffers containing 26927104 bytes (26296K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 01/15/99, BIOS32 rev. 0 @ 0xfdb60 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI BIOS has 10 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371AB PIIX4 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x4800 0xcc800/0x2800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x03 ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x03 pci1 at ppb0 bus 1 pcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x02 pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 wi red to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: Maxtor 5T010H1 wd0: 16-sector PIO, LBA, 9536MB, 19531250 sectors atapiscsi0 at pciide0 channel 0 drive 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SONY, CD-ROM CDU55E, 1.0u SCSI0 5/cdrom removabl e wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 cd0(pciide0:0:1): using PIO mode 0 pciide0: channel 1 disabled (no drives) uhci0 at pci0 dev 7 function 2 Intel 82371AB USB rev 0x01: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered Intel 82371AB Power Mgmt rev 0x02 at pci0 dev 7 function 3 not configured fxp0 at pci0 dev 15 function 0 Intel 82557 rev 0x02: irq 9, address 00:a0:c9:7 4:9a:a9 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 0 pciide1 at pci0 dev 16 function 0 CMD Technology SiI3112 SATA rev 0x02: DMA pciide1: using irq 10 for native-PCI interrupt pciide1: port 0: device present, speed: 1.5Gb/s wd1 at pciide1 channel 0 drive 0: ST3400832AS wd1: 16-sector PIO, LBA48, 381554MB, 781422768 sectors wd1(pciide1:0:0): using BIOS timings, Ultra-DMA mode 6 pciide2 at pci0 dev 18 function 0 Promise PDC20269 rev 0x02: DMA, channel 0 co nfigured to native-PCI, channel 1 configured to native-PCI pciide2: using irq 5 for native-PCI interrupt wd2 at pciide2 channel 0 drive 0: Maxtor 6Y250P0 wd2: 16-sector PIO, LBA48, 239372MB, 490234752 sectors wd2(pciide2:0:0): using PIO mode 4, Ultra-DMA mode 6 vga1 at pci0 dev 20 function 0 S3 Trio32/64 rev 0x54 wsdisplay0 at vga1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker sysbeep0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 lm0 at isa0 port 0x290/8: W83781D npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask ed65 netmask ef65 ttymask ffe7 pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matched BIOS disk 80 dkcsum: wd1 matched BIOS disk 81 dkcsum: wd2 matched BIOS disk 82 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 --
Re: C++ exceptions with OpenBSD 3.6 on amd64
Chad M Stewart wrote: And if you'd pre-ordered 3.8 then you might have gotten an email like I did today. :-) Now I just need enough revenue from my new company so I can replace all of my servers with real boxes like V20z and X4100. Funny now that I'm now longer an employee of Sun I'll potentially be purchasing more hardware from them than when I was an employee. Well, welcome to the self employed world! Just to things for you here! First, your business WILL be successful because you already maid the most important decision of all! You pick OpenBSD to run your business with! I did that 7 years ago after doing research for efficient OS and most importantly to me then and still now, security. Small business have limited resources and waisting your time trying to have your servers stay stable is not something that will be productive and help you! Many times, small business are one men game, or just a few friends at best, so all the time you have available needs to be put into making your business work! The last thing you need is spending it doing patches and rebuilt like with Micro$oft, God help me here! (: Now the second thing however, make sure you pick hardware that is fully supported and make your choices wisely. The X4100 is to new and now out yet, now do we know if it is supported yet. I love the box myself and I most likely will get one to test, but that's only because now I am able in limits obviously to get hardware and then put it on the self for a year if need be because it doesn't work now. For the V20z, as far as I know, it work well! So, welcome to the big OpenBSD small successful businesses! You already had done the most important work! Pick the right OS to get some most definitely needed good sleep in the months ahead! (: With OpenBSD on your server, you KNOW you can sleep at night when you actually have time to do so when you built your own business! Good luck to you and welcome to OpenBSD! I choose that OS 7 years ago and NEVER looked back! Daniel PS: Just a wise advise however, make it a policy to keep upgrading to the new OS when they release it as well and don't use the excuse that it work now, so why change it! I suffer this over confidence stage with the release 3.0 where I got bitten, by my own fault I have to admit, by the only bug ever known to OpenBSD and that Christmas, almost put me out of business! No one else to blame but myself on that one! I always been to busy doing business work and fell that I could wait a bit more to upgrade my server and why do it, it works well as it is now! If I can offer one advise, take it from my own stupidity and don't do that one! There is plenty of other one you will do! (:
Re: OpenBSD MetaStore: Distributed hosting?
Please guys, can we stop this fight over who does what and how to be accessible from where. In the interest of bringing peace back on misc@ I will extend the offer to host this on high capacity network if the community really want it. More then once the community always say, yes this is great, we need that, why don't we have this, and someone should do it! So far, each time this happened, it was more wind talks then anything else and never was pursue for real! With few exceptions to be fully honest to some really brave sole that actually step in here and contribute something! But in every case, the wind blow and then the leafs fall on the ground to leave empty trees that never see the spring again! If you really want it and if that is useful to some, I will offer to make it available to EVERYONE! But, please understand this! STOP bugging the project with these things, they do what they do best and they don't need this to improve our beloved OS! So trying to make that part of the official project is really waisting everyone times. And finally, no hardware company, or very few if you search the archive ever contribute back to the project, so if you think this might become a source of income for the project it's really an utopia! You want the project to get more income, well as far as I know, it's there: http://openbsd.org/donations.html Just give, to think you can setup something that will turn into a source of income and that the project will take under it's wing is having it's eyes close and not knowing that no one will step to actually do it and make it work and the dev's HAVE other things to do, nor do they are interested to do this! Don't forget, they do this OS for themselves and offer us the benefit to use it! They don't need a site providing supported hardware for them to see what they should use or have! For crying at loud! If they like some hardware and it's not working for them! How long do you think it will take them to make it work on it if really they want it, hmmm!!! Do you think they will even care about what's supported or not!!! Think about it for a few seconds and you will have your answer! Looked at the Sharp Zaurus C3000 PDAs It was a new CPU and OpenBSD wasn't design for it at all, but hey, they like that little box, so how long did it really take them!? If they want it, they don't need any of us to tell them what hardware it might work on! If they want it really badly, they will simply make it work for themselves!!! So, I am done. I really didn't want to fall into answering this tread, but here I did, shame on me for doing it! I will not answer more on this list either for this tread. If some of you want this moved, or hosted else where, or provide me the data to make it public, I will be more then happy to do so, but do it off list and lets stop this fight here please! Can we do that? I waisted way to much of everyone times already! Sorry for doing so! Now NO ONE have any reason to continue complaining about this anymore. You want this else where fully accessible, I make the offer to do it in the interest of peace! So, either put up of shut up!!! What will it be? Your move next! And lets take it off list please! Best regards, Daniel
Re: openssh in other products
ok, i have sent them some nice feedback. if some other people want to voice their dismay, you can do it here: http://www.docs.hp.com/en/feedback.html keep the flames in your fireplace at home, probably just a massive typo... Thanks Feedback sent in officially from my business with the list of hardware I got from them as well! Daniel
[Fwd: Re: Your web comment on docs.hp.com]
Some feedback already. Keep sending the feedback. They extracted only that part for my email to them however. I wrote more then that and strongly suggested that a politically correct moved would also be to give some hardware back to the project they benefit as well! At a minimum, respecting the license and put a URL back to the project would be a minimum they could and should do! Hope this help any! I won't hold my breath however, but may be they will fell guilty and do something... May be Daniel Original Message Subject: Re: Your web comment on docs.hp.com Date: Tue, 25 Oct 2005 12:28:58 -0600 From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] References: [EMAIL PROTECTED] Hi Daniel, You sent feedback to Hewlett-Packard: However, seeing how you don't even give credit, or respect that license of OpenSSH that you DO use in your product makes me very sad at best! The license for OpenSSH is not a public domain like you point out here: We regret this error and are in the process of notifying the author to immediately correct the book. Once corrected, it will be re-published with the correct attribution. At no time does Hewlett-Packard ever want to mis-represent the hard work of the Open Source Community. We are proud or our participation in the Community and regret this mistake. Thank you for calling it to our attention. And thanks for using docs.hp.com,
Re: OpenBSD Metastore
On Thursday 03 November 2005 08:59, Martin Schrvder wrote: On 2005-11-03 08:20:47 -0600, Jared Solomon wrote: The AOpen MiniPC measures 6.5 x 6.5 x 2 inches, is powered by an Intel Pentium M or Celeron M processor http://www.heise.de/newsticker/meldung/65660 A MacMini is cheaper and runs OBSD. That's not entirely accurate; though a Mac Mini will run OpenBSD, it is not cheaper. The original article that was posted gave a $399 price for the A-Open MiniPC. Apple lists their Mac Mini at $499. But, if you know a way to (legally) acquire a new Mac Mini for less than the $399 MiniPC price, i'd be very interested in hearing about it. Dan Ramaley Network Programmer/Analyst (515) 271-4540 Dial Center 118, Drake University
Re: PHP-MySQL-Apache madness!
Kelly Martin wrote: OpenBSD kernel panic'ed or was otherwise unresponsive. A full reboot was required by pulling the plug, because the console would not respond (I walked my brother through this over the phone - remote location). When the system came back up, Apache would not start. I know you wrote not to suggest to upgrade to 3.8, but look to me that you have your brother available to help. I know I wrote the instruction before for a friend that never even touch Unix in his life before on how to set this up (OpenBSD). If you think about it for a few seconds. I would definitely argue that you would have lost less time by writing the instruction and sending them to your brother, let him wipe it clean and bring it back up where you can then ssh to it and do all that you need form that point. From the CD, or even from the bsd.rd version, setting up a box is really quick, ok if you need to download the full system from the bsd.rd version over ftp it may take a bit more time, but still, a few simple question to answer and you are home free, unless you really don't trust your brother, but even then... Not what you want to ear I know for sure, but just think about it... I am sure it would take you less time this way and you would not have to deal with madness... I am sure you can setup your box from scratch in less then 10 minutes with a CD. Have your brother do that over the phone if you have to. I am sure he will fell good in the end and your problem will be gone as well, plus you would have an upgraded version. Think how much time you already spend on it. Hope this provide you some moral support anyway. Daniel
Re: pf.conf to only allow port 22, 25 and 80 to my server.
Larry Llong wrote: I just want to allow port 22, 25 and 80 to my server. I know I can activate and deactive pf with -e and -d, but that doesn't seem to reload the configuration. Does it? Read the informations available here: http://openbsd.org/faq/pf/index.html Or even a very good step by step with a lots of explications here: http://www.bgnett.no/~peter/pf/en/pf-firewall.pdf in PDF or http://www.bgnett.no/~peter/pf/en/ in html. Much better to understand what you are doing instead of using the cut and paste configuration of someone else. Peter document will sure get you started and provide you valuable information in a step by step if you need that.
Re: Telnet daemon retired in 3.8 ?
Matthew S Elmore wrote: I cannot appear to locate a telnet daemon in 3.8 installs now. It appears to have silently disappeared between 3.7 and 3.8. Not really silently, but not with huge party either. http://marc.theaimsgroup.com/?l=openbsd-cvsm=111700017509177w=2 I know it was announce as well, can't put my finger right away on the article, but definitely it was talked about and said to be gone. I good thing really!
Re: Anyone tried a sun fire X2100 server yet?
Will H. Backman wrote: Anyone put OpenBSD 3.8 on a Sun Fire X2100 AMD server yet? Not yet. My shipping date for the X2100 is: **BACK ORDERED ETA OF 11/22/05** For the X4100, well... **BACK ORDERED CONSTRAINED** (NO ETA AS OF 11-07-05) So, my guess is not before December will have be able to put my hands on one at best. Any feedback prior to this obviously would be more then welcome!
Re: Big discrepancy between df and du used space values (3.8)
On Tuesday 08 November 2005 10:36, you wrote: I'm trying to track down why /var is full, and df and du report major differences (or else I'm reading something wrong, in which case I submit to the verbal beatings). Pay attention to what it says for /var. Running OpenBSD 3.8 GENERIC as a firewall. Why does df report 8G used, and du report 9M used? What am I missing? (Don't comment on the size of the / partition, I just realized I made a mistake there, but there are no user accounts on this machine, and /var is on a different partition, so I don't have to worry about log file sizes killing the machine.) One possible cause of this is if a process has one or more large files open on /var that have been deleted. The space from deleted files that are open at the time of deletion is not freed until the file is closed. Innocuous causes for this would be a log file that wasn't rotated properly and the logging program is holding an old log open. Malicious causes for this could include a rootkit that stores data in deleted files to hide its presence, but this is rather unlikely on OpenBSD. The lsof utility (available as a package or in ports) may help with investigating what process is holding a deleted file open, if that is really the problem. If it is, then killing or restarting the offending process should free up the space. In a worst-case scenario you could try rebooting and see if the space is freed. Dan Ramaley Network Programmer/Analyst (515) 271-4540 Dial Center 118, Drake University
SOLVED: Re: Big discrepancy between df and du used space values (3.8)
Ted Unangst wrote: On 11/8/05, Daniel Hamlin [EMAIL PROTECTED] wrote: I'm trying to track down why /var is full, and df and du report major differences (or else I'm reading something wrong, in which case I submit to the verbal beatings). Pay attention to what it says for /var. Running OpenBSD 3.8 GENERIC as a firewall. Why does df report 8G used, and du report 9M used? What am I missing? (Don't comment on the size of unlinked (deleted) files can still be held open by a running process. fstat may help you find it. fstat showed that pflogd still had a log file open. I did a pkill pflogd (since my pf rules do not include logging now), which released the too-big-for-the-filesystem log file, thus freeing the space. Thanks for the response! For the archives: # fstat -f /var USER CMD PID FD MOUNT INUM MODE R/WDV|SZ root fstat 118546 /var 391555 -rw-r--r-- r 659456 _pflogd pflogd 23752 root /var 968576 drwxr-xr-x r 512 _pflogd pflogd 23752 wd /var 968576 drwxr-xr-x r 512 _pflogd pflogd 237524 /var 721282 -rw--- rw 21152615 root sendmail 27806 wd /var 144263 drwx-- r 512 root sendmail 278068 /var 453377 -rw--- w 70 root cron 27288 wd /var 41216 dr-xr-xr-x r 512 root cron 272883 /var 453391 -rw-r--r-- rw6 _ntp ntpd 15607 root /var 968576 drwxr-xr-x r 512 _ntp ntpd 15607 wd /var 968576 drwxr-xr-x r 512 _pflogd pflogd 13759 root /var 968576 drwxr-xr-x r 512 _pflogd pflogd 13759 wd /var 968576 drwxr-xr-x r 512 _pflogd pflogd 137594 /var 721292 -rw--- rw 8279529034 _syslogd syslogd19086 root /var 968576 drwxr-xr-x r 512 _syslogd syslogd19086 wd /var 968576 drwxr-xr-x r 512 _syslogd syslogd190868 /var 721291 -rw-r--r-- w 529 _syslogd syslogd190869 /var 721288 -rw-r- w 278 _syslogd syslogd19086 11 /var 721307 -rw--- w0 _syslogd syslogd19086 12 /var 41222 -rw--- w 655 _syslogd syslogd19086 13 /var 721312 -rw-r- w23114 _syslogd syslogd19086 14 /var 721310 -rw-r- w0 _syslogd syslogd19086 15 /var 721304 -rw-r- w0 _syslogd syslogd19086 16 /var 721287 -rw--- w 7302
Re: pf.conf to only allow port 22, 25 and 80 to my server.
Larry Llong wrote: this list is no where as bad as people say. The list is very good and welcoming to users that do their homework and try to find the answer first before asking. I think it's even one of the best one, if not THE BEST one! People that told you the list is bad are most likely the one that didn't even read the wonderful FaQ to start with and that expected others to tell them what to do! I am the lazy King of the Unix, please feed me my meat with a spoon... You will find that more research you do, more welcome you will be and more help you will get! In short, if a person don't want to help itself, none will jump the cliff to help them, why should they!
Re: Anyone tried a sun fire X2100 server yet?
We ordered this very box for undeadly. It also took a while to arrive, but here's a preliminary dmesg (thanks to Kurt Seifried), further tests to follow (on-board RAID probably not working except for JBOD, second NIC not seen yet). Daniel OpenBSD 3.8-current (GENERIC) #319: Tue Nov 1 13:55:52 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 535265280 (522720K) avail mem = 447524864 (437036K) using 13119 buffers containing 53735424 bytes (52476K) of memory mainbus0 (root) cpu0 at mainbus0: (uniprocessor) cpu0: AMD Opteron(tm) Processor 146, 2010.54 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative pci0 at mainbus0 bus 0: configuration mode 1 Nvidia nForce4 DDR rev 0xa3 at pci0 dev 0 function 0 not configured pcib0 at pci0 dev 1 function 0 Nvidia nForce4 ISA rev 0xa3 Nvidia nForce4 SMBus rev 0xa2 at pci0 dev 1 function 1 not configured ohci0 at pci0 dev 2 function 0 Nvidia nForce4 USB rev 0xa2: irq 10, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: Nvidia OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 8 ports with 8 removable, self powered ehci0 at pci0 dev 2 function 1 Nvidia nForce4 USB rev 0xa3: irq 11 usb1 at ehci0: USB revision 2.0 uhub1 at usb1 uhub1: Nvidia EHCI root hub, rev 2.00/1.00, addr 1 uhub1: 8 ports with 8 removable, self powered pciide0 at pci0 dev 6 function 0 Nvidia nForce4 IDE rev 0xf2: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: MATSHITA, DVD-ROM SR-8178, PZ16 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 pciide0: channel 1 disabled (no drives) pciide1 at pci0 dev 7 function 0 Nvidia nForce4 SATA 1 rev 0xf3: DMA pciide1: using irq 11 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: WDC WD800JD-00LSA0 wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 wd1 at pciide1 channel 1 drive 0: WDC WD800JD-75JNC0 wd1: 16-sector PIO, LBA, 76293MB, 15625 sectors wd1(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5 pciide2 at pci0 dev 8 function 0 Nvidia nForce4 SATA 2 rev 0xf3: DMA pciide2: using irq 10 for native-PCI interrupt ppb0 at pci0 dev 9 function 0 Nvidia nForce4 PCI-PCI rev 0xa2 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Nvidia CK804 LAN rev 0xa3 at pci0 dev 10 function 0 not configured ppb1 at pci0 dev 11 function 0 Nvidia nForce4 PCIE rev 0xa3 pci2 at ppb1 bus 2 ppb2 at pci0 dev 12 function 0 Nvidia nForce4 PCIE rev 0xa3 pci3 at ppb2 bus 3 ppb3 at pci0 dev 13 function 0 Nvidia nForce4 PCIE rev 0xa3 pci4 at ppb3 bus 4 bge0 at pci4 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 (0x4101): irq 5, address 00:e0:81:58:38:86 brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb4 at pci0 dev 14 function 0 Nvidia nForce4 PCIE rev 0xa3 pci5 at ppb4 bus 5 pchb0 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pchb1 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00 pchb2 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb3 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 sysbeep0 at pcppi0 uhidev0 at uhub0 port 1 configuration 1 interface 0 uhidev0: Logitech Logitech USB Keyboard, rev 1.10/15.00, addr 2, iclass 3/1 ukbd0 at uhidev0: 8 modifier keys, 6 key codes wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 uhidev1 at uhub0 port 1 configuration 1 interface 1 uhidev1: Logitech Logitech USB Keyboard, rev 1.10/15.00, addr 2, iclass 3/0 uhidev1: 3 report ids uhid0 at uhidev1 reportid 1: input=2, output=0, feature=0 uhid1 at uhidev1 reportid 2: input=1, output=0, feature=0 ums0 at uhidev1 reportid 3: 0 buttons and Z dir. wsmouse0 at ums0 mux 0 dkcsum: wd0 matches BIOS drive 0x80 wd1: no disk label dkcsum: wd1 matches BIOS drive 0x81 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302
net.inet.ip.ifq.maxlen and altq's qlimit
I'm not certain how they interrelate, but if one is experiencing congestion, and, as a result, tweaks net.inet.ip.ifq.maxlen to compensate, is safe to assume that if altq is in use on the same system qlimit should match or be less than the value of net.inet.ip.ifq.maxlen? How does one determine the optimal qlimit value? Thanks.
Re: mysql problem
Marcos Laufer wrote: Now what? http://openbsdsupport.org/mysql.htm
Re: mysql problem
Marcos Laufer wrote: Ok , i had followed the instructions at http://openbsdsupport.org/mysql.htm Go back and read again many times over until you get it. You didn't read it and you didn't pay attention to statement in bold either. I could tell you what to do to fix it, but then you wouldn't learn from it. If it wasn't explain there, I would be happy to tell you, but it is there and pretty clear as well. You get the error #9 that is exactly explain there and instructions on how to address that is provided as well. Read it please and you will see your mistake. Just a hint in the text: Remember, if you don't do this, it will use the default class! Same if you restart MySQL manually! Class are read and use on login Hope this help you. Also, there is reference to man pages there. You looked at them too right? Best, Daniel
Re: mysql problem
Marcos Laufer wrote: Ok , i had followed the instructions at http://openbsdsupport.org/mysql.htm I also forgot to add this as well in my previous reply, also in the text of the document you have been pointed to. So, be wise and change what you need to change for your setup! But only what you need to absolutely change. Don't go nuts and start turning knobs left and right. That may well be what you need to do on some other Unix, or variations of... But on OpenBSD the default setup is really good and is done as such to protect youself. The bottom line is: don't change what you don't need to change and know what you do and why! So, just don't go put big numbers and any numbers anywhere to make it work. This will give you more problem in the future. Do what you need to do for your setup and just that. And more importantly, learn why you need to do them, it will help you in many others situations. Best, Daniel
Re: Troubleshooting NFS/SFU
On 7/2/07, David Higgs [EMAIL PROTECTED] wrote: I followed Microsoft's instructions for SFU and found that it worked quite well if all I cared about was read-only access. I didn't have any further success even after installing a bunch of SFU hotfixes (http://www.duh.org/interix/hotfixes.php). My troubleshooting seemed to indicate that the write requests were being denied somewhere inside the kernel, for reasons unknown. I didn't have the time or interest to pursue it any further, so I went back to samba and let the thread die. I have the exact same issue hereFreeBSD works fine, OpenBSD fails. I'm new to NFS, so I'm not too clear on the best way to troubleshoot this further, but if there's someone here who is good with NFS and cares to resolve the issue on OpenBSD, I'd be happy to work with them. Details below: Windows C:\Users\Daniel\Documentsmount LocalRemote Properties - -- Z: \\openbsd\home\daniel UID=-2, GID=-2 rsize=32768, wsize=32768 mount=soft, timeout=6.4 retry=1, locking=no fileaccess=644, lang=ANSI casesensitive=no Y: \\freebsd\usr\home\daniel UID=-2, GID=-2 rsize=32768, wsize=32768 mount=soft, timeout=0.8 retry=1, locking=no fileaccess=644, lang=ANSI casesensitive=no OpenBSD $ cat /etc/exports /home/daniel -mapall=daniel -network=192.168.255.224 -mask=255.255.255.224 $ ls -l /home total 4 drwxr-xr-x 5 daniel daniel 512 Jul 14 09:54 daniel FreeBSD $ cat /etc/exports /usr/home/daniel -mapall=daniel -network=192.168.255.224 -mask=255.255.255.224 $ ls -l /usr/home total 2 drwxr-xr-x 2 daniel daniel 512 Jul 16 07:17 daniel
Re: mysql problem
Marcos Laufer wrote: When i post a message on the OpenBSD misc list it is because one of two reasons: Mostly one looks like. 1) I want to report an error i found while testing OpenBSD, and by reporting it i might be helping the project, somebody might be able to fix it and the OS grows. 2) I could be asking for help to the OpenBSD users, as it was this case. I know this was not an OpenBSD or MySQL problem, but a configuration problem , and maybe some other OpenBSD user might have already been there and willing to help other OpenBSD users to work things out. And you got a lots of help from many. Just for fun however, I looked to see how many times you actually help or reply, versus how many times you actually started a tread asking for help, or provided not helpful feedback but added to complains: http://marc.info/?a=11490241131r=1w=2 You do as you see fit, but doesn't look to me a lots of help, but mostly request. So, take, but gave back I am not saying I help as much as many on this list, some are very, very helpful, but I do my share when I know the answer, or can help anyway. If you are an OpenBSD developer then i must tell you that i understand your 'I could tell you what to do to fix it, but then you wouldn't learn from it' attitude . It's logic to think that developers want users to learn how to handle the OS and how to properly use it. If you are not an OpenBSD developer, but an OpenBSD user instead , then i must tell you that your 'I could tell you what to do to fix it, but then you wouldn't learn from it' attitude just sucks. I was asking for help, i mentioned that this was a production server with 100 databases on it and i was urged to solve it fast. That's why i asked help to other OpenBSD users who might have suffered this problem on a production server and needed to solve it fast. But i will take a shot and assume you are just another OpenBSD user, just like me and many others looking for help in this list . So , Daniel consider this : Next time i ask for help on this list , my post won't be meant to be answered by you , i now know that you don't have a helping community spirit but a 'bofh' attitude instead probably due to a wannabeadeveloper feeling. If you want to help a user to solve his problems that's just fine, but to talk other users in that tone, to me for example, i won't allow it. You got many replies to help you and tell you exactly where to look. How can it be more specific then that? You get the error #9 that is exactly explain there and instructions on how to address that is provided as well. In short your calls wasn't use properly. The rest is for you to find why in your case. Your problem was as you explain it to a modification on the mysqld_safe script, so instead of complaining to me, or others for help we extended to you and pointed you where the problem was, may be you should kick the head of the admin that actually did something very stupid here in the first place by changing application script instead of doing a properly done setup! In the end, it still stand. The error was with not using the class properly, period. I said that it's important to learn from it, then you just learn that changing scripts to fix an issue quickly instead of doing the right thing will bit you in the future. Granted as you said it wasn't you, so you got stuck by it, so be it. But don't get upset at me for helping you as no one could have told you that the problem was in the script changed, but that your setup simply didn't use the class properly and that's what the problem was. Up to you to find out why in your setup. Even in the same document I explain how to test the exact error you got, error #9 by doing this: mysqlcheck -m -A -uYourUsers -pYourPassword If you get the error #9, then you simply don't use that class properly. I think I provided you as much help as I could possibly have done in this instance. It's pretty obvious. Get upset to the one that did this stupid thing and learn from it. In the end, you can be upset, but still the document that you read and work with still I wrote it and it help you anyway. So, you can say what ever you want, I still helped you, even if you don't like it. But if that make you fell better and relieve your frustrations, sure you can get upset at me. I have a pretty think skin and seen way worst as well. Learn to get upset at the right people. So, you are welcome! Best, Daniel
Re: support for Sun Fire
Toni Mueller wrote: Hi Mark, On Tue, 29.05.2007 at 14:13:06 +0100, mark reardon [EMAIL PROTECTED] wrote: I just got a x2100 M2 from Sun yesterday on a 60 day trial and am having trouble setting the MTU on one of the bge NICs. Just some initial findings. Not a big problem for me really. did you get it to run OpenBSD properly? Which model do you have? I have one as well. Some results in the archive as well, but my biggest griff with it is with the admin console for this unit. Sun really cut way to short on it to make if a decent remote admin box. Plus the share the BGE with the admin port, instead of the nVidia, witch I could do without. The box is not bad, but could be better. It's more expensive, but it make me definitely switch to the 4100 instead. I only got one, and wouldn't get an other one, unless it's not in a remote setup configuration witch is pretty rear these days. Even the serial console is limited in operation and work until OpenBSD start when it goes dead. Then you can do some more from the Ethernet port instead, but then if you reboot the box, you loose the admin on the Ethernet port and needs to go back to the serial console. My own feedback is not a top of the line box, but not the worst either. Just not as good as it should be for me to recommend it however. It work well in some setup, not all. YMMV, Daniel
Re: support for Sun Fire
Dag Richards wrote: I would recommend you take a look at the HP DL360, one U hardware raid and have nice little management interface you can ssh to which allows pretty complete console access, go into bios, watch boot messages, power set the system. The Sun 4100 is a pretty good one as well. I have a few of them and I am happy so far. If you can swing the difference in price however. The HP-145 M1 and IBM e326, witch both works well, with the IBM giving me some minor issues every few months, but looks like it cleared up over time with various upgrades. However, a few more months before I can tell more, but so far looks like the Sun 4100 would be my favorite, specially if the built in RAID can be maid to work and I know based on the archive that there is/was some work done on it. That's all for my feedback on this. Best, Daniel
Re: ral in hostap mode
On 7/18/07, Alexey Suslikov [EMAIL PROTECTED] wrote: Jurjen Oskam wrote: At home, I have a wireless access point which is directly connected to rl1. To eliminate the access point, I put a wireless PCI card in the machine, and configured it for hostap mode. A laptop running Linux is the wireless client. When the client associates with the ral0 card, the connection is established but has a packetloss of about 30%, and a noticeable amount of duplicate packets. When the client associates with the wireless access point, the connection has no packetloss and no duplicates. (Both tested using ping -f, directly pinging the access point and the IP adress on ral0.) I've tried to rule out things like distance. CAVEATS section in ral's man page. ... The ural driver supports automatic control of the transmit speed in BSS mode only. Therefore the use of a ural adapter in Host AP mode is dis- couraged. ... AFAIK, this caveat only applies to the USB ural--not the PCI ral. Jurjen, Have you tried setting the channel and/or forcing the mode? I also have a ral-based AP and while it performs fairly well, its reliability and consistency does not appear to be as good as the wi-based APs.
Re: Allocate more memory than 512 MB with squid
Patrick Hemmen wrote: Squid runs under the user _squid and this user is in the login class daemon in which the data size is set to infinity. Or do I have to set a another capability? How do you start your squid is the key. man 5 login.conf man 8 rc explain it. Just putting the class there for a specific user doesn't make it use it unless you specify that class at the start in your rc.local It's not for squid, but check the principal and ideas here: http://openbsdsupport.org/mysql.htm#/etc/login.conf http://openbsdsupport.org/mysql.htm#/etc/rc.local You will see that unless you specifically tell it to use it, it will not use it and only gets the default class no matter what you put in there. Hope this help you. Daniel
Re: VPN site to site with ipsec
sonjaya wrote: http://www.openbsdsupport.org/vpn-ipsec.html This is almost 3 years old and there is so many changes, please don't follow this on 4.1! I most likely will remove it if we can get an updated version. Consider this: http://www.serverwatch.com/tutorials/article.php/3659686 or may be this: http://www.securityfocus.com/infocus/1859 But just read the man page witch will help you much more. There was major changes to this to make your life much simpler. Best, Daniel
Re: VPN site to site with ipsec
sonjaya wrote: http://www.openbsdsupport.org/vpn-ipsec.html May be you could also have a look at this nice presentation that show many changes done on OpenBSD. You can start here to see some OpenBSD suggestions, but you can look it all as well as it's nice. (; http://openbsd.org/papers/asiabsdcon07-ipsec/mgp00057.html
Re: Macbook on Openbsd
On Wednesday 25 July 2007 01:13, you wrote: Why would any one use amd64 since it's not even a amd? Is it because it's a 64bit? Do both amd64 and i386/64bit share so much? My understanding (and i'm sure someone else will correct me if i'm wrong) is that AMD extended their processors with 64-bit instructions. This was after Intel released the Itanium, with its own set of 64-bit instructions. But for various reasons the Itanium was not a commercial success on the desktop market and eventually Intel adopted a slightly modified version of AMD's 64-bit instruction set for its desktop chips. AMD calls the architecture of its 64-bit chips AMD64 while Intel calls it Intel 64. Sometimes both are referred to as x86_64. Since AMD and Intel's implementation are very similar, it is possible (and very common) for a compiler to generate code that runs on both. Most operating systems that run on one run on both, though right now it seems most typical to label the architecture as amd64 regardless of whether it is running on an AMD or an Intel chip. Dan RamaleyDial Center 118, Drake University Network Programmer/Analyst 2407 Carpenter Ave +1 515 271-4540Des Moines IA 50311 USA
Re: Troubleshooting NFS/SFU
On a whim I decided to change the transport protocol that the Client for NFS uses and my problem has gone away. By default TCP+UDP is used, but if I set this to just UDP or TCP (via nfsadmin client), and then restart the Client for NFS service, NFS largely works as expected--with UDP apparently providing a bit higher throughput over my WLAN. I haven't tried changing nfsd's flags on the server side instead, but this might work as well. Why TCP+UDP works for FreeBSD is unknown to me, but I'm content now. I guess it's one of those interoperability issues... On 7/16/07, Daniel Melameth [EMAIL PROTECTED] wrote: On 7/2/07, David Higgs [EMAIL PROTECTED] wrote: I followed Microsoft's instructions for SFU and found that it worked quite well if all I cared about was read-only access. I didn't have any further success even after installing a bunch of SFU hotfixes (http://www.duh.org/interix/hotfixes.php). My troubleshooting seemed to indicate that the write requests were being denied somewhere inside the kernel, for reasons unknown. I didn't have the time or interest to pursue it any further, so I went back to samba and let the thread die. I have the exact same issue hereFreeBSD works fine, OpenBSD fails. I'm new to NFS, so I'm not too clear on the best way to troubleshoot this further, but if there's someone here who is good with NFS and cares to resolve the issue on OpenBSD, I'd be happy to work with them. Details below: Windows C:\Users\Daniel\Documentsmount LocalRemote Properties - -- Z: \\openbsd\home\daniel UID=-2, GID=-2 rsize=32768, wsize=32768 mount=soft, timeout=6.4 retry=1, locking=no fileaccess=644, lang=ANSI casesensitive=no Y: \\freebsd\usr\home\daniel UID=-2, GID=-2 rsize=32768, wsize=32768 mount=soft, timeout=0.8 retry=1, locking=no fileaccess=644, lang=ANSI casesensitive=no OpenBSD $ cat /etc/exports /home/daniel -mapall=daniel -network=192.168.255.224 -mask=255.255.255.224 $ ls -l /home total 4 drwxr-xr-x 5 daniel daniel 512 Jul 14 09:54 daniel FreeBSD $ cat /etc/exports /usr/home/daniel -mapall=daniel -network=192.168.255.224 -mask=255.255.255.224 $ ls -l /usr/home total 2 drwxr-xr-x 2 daniel daniel 512 Jul 16 07:17 daniel
Re: Unstable PPPoE
On 7/27/07, Timothy Wilson [EMAIL PROTECTED] wrote: I'm having a frustrating problem. My internet is highly unstable when using bit torrent. I don't think there's anything special about my configuration: my gateway is a craptop with inbuilt Intel ethernet and a url0 USB ethernet for the modem. The connection is bridged, using pf (obviously) for routing / firewall and kernel PPPoE for dialing via my bridged netcomm nb5+. Basically, when I try to use bit torrent the connection dies after about 20mins. The kernel PPPoE daemon doesn't bring it back up. In fact, even doing #sh /etc/netstart doesn't bring it back up. The only way to bring it back up is via a reboot :( Very frustrating. It also takes about 10-15mins to reconnect; surely that's a bit too long, even for PPPoE? I know this isn't a problem with my ISP as I've always been able to download bt stably when I was using the modem in router mode. I thought it might have been an MTU problem, but I'm using the mss fix in /etc/pf.conf, so I don't think it's that. I played around with a few values just to be sure, but I'm open to suggestions. dmesg: pppoe0: received unexpected PADO pppoe0: received unexpected PADO pppoe0: received unexpected PADO pppoe0: received unexpected PADO pppoe0: received unexpected PADO pppoe0: received unexpected PADO pppoe0: received unexpected PADO pppoe0: received unexpected PADO url0: usb error on tx: TIMEOUT pppoe0: LCP keepalive timeout Based on your dmesg, it appears this might be related to url0whether it's the hardware, driver or something associated, I don't know. You might want to try another Ethernet connection. FWIW, I've never been a fan of USB Ethernet.
Re: pppoe getting limited to 150k/sec?
On 8/3/07, M. Parsons [EMAIL PROTECTED] wrote: Running Openbsd 4.1 i386 as a firewall/nat box. I have connected to it a 6 mbps DSL pppoe connection. The pppoe works fine, as do all machines behind the openbsd box, they all can max out the 6mbps. But, transfers directly on the openbsd box (wget, ftp, whatever) all are limited to 150k/sec. I can run 4 of them at a time to max out the 6 mbps, but individually, they never go above 150k/sec. This is likely a BPD issue--see http://marc.info/?l=openbsd-miscm=111910098716125w=2 for details.
Anchor File Consolidation
I keep my anchor rules in separate files and load them as needed, but I'd like to get away from this anchor file sprawl. I understand I can move all these anchors into pf.conf inline, but doing so causes all of them to be loaded at startup and this doesn't meet my needs. Perhaps I'm missing something, but, outside of simply tweaking rc to flush the anchors after pf.conf is loaded, is there a way for me to keep all my anchors in pf.conf inline, but only have individual anchors load when I want them to? Is there a better way to achieve what I want? Thank you.
Re: scp batch mode?
On Wednesday 15 August 2007 13:50, you wrote: How can scp be run without prompting for a password? Set up ssh shared keys. Dan RamaleyDial Center 118, Drake University Network Programmer/Analyst 2407 Carpenter Ave +1 515 271-4540Des Moines IA 50311 USA
Re: dmesg amd64-current on Sun Fire X4600 M2
Rolf Sommerhalder wrote: Please find below the dmesg of amd64.mp-current (snapshot 23-Aug-2007) on a Sun Fire X4600 M2 which is equipped with four dual-core Opteron 8220 CPU, 32 GB of RAM and four built-in NICs. Sadly, the only problem is that you will not be able to use that much memory here.
Re: OT Strange Punishment
On Tuesday 28 August 2007 10:32, you wrote: There is a bill before Congress now to roll back patent protection, notably in the field of software. American users of OpenBSD might want to follow this struggle, which is running into massive opposition from non-comp-sci patent holders. Software patents were just a bad idea to begin with. Patenting numbers and algorithms is ridiculous. I wish i had a patent on determining the total number of objects in a set when the numbers of objects in all mutually exclusive subsets of the set are known [my lame attempt to translate addition into patent-speak]. Imagine how much money i could make if i controlled such a basic operation! Oh wait, civilization as we know it would never have been able to develop and instead of working a civilized job at a computer i'd be in out hunting and gathering or (more likely) wouldn't have been born at all. Dan RamaleyDial Center 118, Drake University Network Programmer/Analyst 2407 Carpenter Ave +1 515 271-4540Des Moines IA 50311 USA
Re: That whole Linux stealing our code thing
On Saturday 01 September 2007 17:49, Rui Miguel Silva Seabra wrote: On Sat, Sep 01, 2007 at 04:40:53PM -0600, Theo de Raadt wrote: Most dictionaries I had at my hand define alternative as choices. You can get http://en.wiktionary.org/wiki/alternative Wow. Let's all go practice law with a dictionary. ? But you mentioned dictionaries first... You do realize that when it comes to legal documents, such as licenses, that general-purpose dictionaries are inadequate, right? If you want to look up legal terms, you need a law dictionary. I think that if one is ignorant enough of law that one needs to consult a legal dictionary for more than one or two terms in order to understand a document, then perhaps it would be best to either do a lot of studying to become more knowledgeable, or find someone with more legal training to interpret the document. As a layperson with little in-depth knowledge of legal code, that's how i see things anyway. Dan RamaleyDial Center 118, Drake University Network Programmer/Analyst 2407 Carpenter Ave +1 515 271-4540Des Moines IA 50311 USA
Re: Options for 1U server with watchdog?
K K wrote: happens on the same approximate schedule. I suspect a power glitch. It this is power glitch to the point of affecting your server, wouldn't the LOM also show that to you? Then you would know the answer. lomloghistory Eventlog: +0h35m1s host power on +0h37m51s host power off +0h0m0s LOM booted +0h0m4s host power on +279d+16h50m55s host reset +279d+17h2m22s host reset +279d+17h8m9s host reset +298d+18h49m51s host reset +298d+18h57m39s host reset +298d+19h9m31s host reset
Re: bioctl on X4100 M2
Henning Brauer wrote: bio is not implemented for mpi (yet). bioctl in 4.2 onwards shows some inquiry data (vendor model fw serial) for non-bio-capable disks. i. e. it falls back from bioctl -i to bioctl -q if teh disk doesn't support bio. Thanks Henning!
Re: bioctl on X4100 M2
Jonathan Gray wrote: mpi(4) currently has no bioctl support. The 2 port LSI SAS RAID (mfi(4)) supports bioctl, however sun don't sell any machines with this interestingly enough. Thanks! That's what I figure, but wanted to check in case I wasn't looking at the right place. Oh well. May be one day. One guy can dream. Thanks
Re: OT: Sun X4100 M2 management interface out of wack suggestions?
Hi, Quick updates on this one. My problem is now solved and I got very nice help from some gentlemen working at Sun that step in off list to help me out and all is now finally work. Nice to see some good guys following misc@ and be interested to make sure Sun hardware (some of them anyway) works with our favorite OS. Thanks Daniel
Re: Show your appreciation and get your 4.2 DVD
On Tue, 11 Sep 2007, Siju George wrote: Can't find a DVD in [snip] As stated in the beginning of this thread, DVD discs are not available, just CDs in DVD case. Yes guys. It was my mistake in my Divine Vast Drewling extase of the event instead of the Complete Domination release of 4.2. I maid a mistake in my emails. I guess when I wrote it, it was to existed and cut off on some words. Excuse my mishaps that so many enjoy pointing out. It was just that a mistake. Never the less, don't let that hold you up and go get your new release of your Compete Domination in a Durable Valuable Docket. (; Best, Daniel