bridging and routing on the same box
This is primarily an informative post for those who will search the archives later with a similar problem. Constructive comments are appreciated, however. My main firewall has three network cards in it, back when I was anticipating the future need for another network segment (for reasons I won't go into). I converted the one extra box I did have, into another OpenBSD box and put two network cards in it, with the idea of bridging between two of the three cards in the firewall and getting rid of the current binat rule completely in the long term (a side effect is I get to use the old 10MBps cards I have for something useful; I know ne cards are synonymous with cow turds to a lot of people, but the amount of data I'm moving through them is low enough to mitigate the glaring flaws). Until some point in the future, however, I still have one box behind binat. When first testing this setup, binat to that box didn't work. In order to get the binat working again, I had to explicitly pass the external address on the original external interface in pf.conf in order for it to work properly. Whether this is a quirk, a bug, or a feature of the bridging code, I'm not sure. (IMO: probably just a quirk, probably not a bug, possibly a feature.) And remember, if in doubt about what exactly is going wrong in a pf ruleset, enable logging on all block rules, and use the information thus obtained to track down the problem. -- Shawn K. Quinn [EMAIL PROTECTED]
Re: Negotiating a license for Sun Java on OpenBSD?
Anon Y. Mous [EMAIL PROTECTED] writes: Hi: Has anyone involved with OpenBSD development attempted to negotiate a license with Sun for a Java binaries usage agreement, (e.g., FreeBSD/Sun agreement)? URL: http://www.freebsd.org/java/ The FreeBSD Foundation has negotiated a license with Sun Microsystems to distribute FreeBSD binaries for the Java Runtime Environment (JRE) and Java Development Kit (JDK). Where on http://www.openbsd.org/goals.html did you see Encourage and promote closed 'standards', insecure, crappy binaries and software monopolies.? //art
bgpd and two CARPed routers
Hello misc@openbsd.org, setup is trivial: two uplinks, two CARPed boxes (three interfaces each: 2 x uplinks, 1 x core servers' segment), full-feed. i know about bgpd's depend-on but this one means hard resync due to full-feed. is there any correct way to keep two CARPed routers with bgpd in sync (means to keep rib/fib tables coherrent)? searching archives gives some cloudy hints to setup like | peer1 peer2 | | | | | +-+ +-+ | router1 |--| router2 | +-+ +-+ | | | core segment | looks like router1 feeds peer1 and router2 feeds peer2 (router1 has higher advskew for peer2 and vice versa). core segment is handled in ordinary master/backup way. the only question is: how to do routers' interconnection to see peer1's feeds on router2 and vice versa? if the above is possible, example configs (or clear how- to) would be nice. i am in doubt, but i think i need iBGP for routers' interconnection Thanks.
Re: bgpd and two CARPed routers
On Mon, Aug 08, 2005 at 12:40:16PM +0300, Alexey E. Suslikov wrote: Hello misc@openbsd.org, setup is trivial: two uplinks, two CARPed boxes (three interfaces each: 2 x uplinks, 1 x core servers' segment), full-feed. i know about bgpd's depend-on but this one means hard resync due to full-feed. is there any correct way to keep two CARPed routers with bgpd in sync (means to keep rib/fib tables coherrent)? There is now way to transparently switch over bgp sessions form one box to another without resetting the connection. To keep bgp routers in sync run a IBGP session between them. searching archives gives some cloudy hints to setup like | peer1 peer2 | | | | | +-+ +-+ | router1 |--| router2 | +-+ +-+ | | | core segment | looks like router1 feeds peer1 and router2 feeds peer2 (router1 has higher advskew for peer2 and vice versa). core segment is handled in ordinary master/backup way. the only question is: how to do routers' interconnection to see peer1's feeds on router2 and vice versa? if the above is possible, example configs (or clear how- to) would be nice. i am in doubt, but i think i need iBGP for routers' interconnection If you have two upstreams, configure upstream on on router1 and upstream to on router2 and run an ibgp session between the two routers. With this setup one router may die and you still have net (but only via one upstream provider). If you have nice upstreams it may be possible to have redundant sessions (both routers have a feed form both upstreams). In case of providers that do not give you additional sessions and the need for better fail over you need to create on carp interface per neighbor. In your case one for provider1 (carp1) and one for provider2 (carp2). carp1 defaults to router1 and carp2 defaults to router2. Now use bgpd depend on so that if one router dies the killed session is switched over to the backup router. It is important that both router have a full feed to one upstream because in case of a failover the other connection gets reset and so all routes from that session will get lost until the session comes back up on the other router. -- :wq Claudio
Re: problem with apache
yes, www:*:67:67:www:0:0:HTTP Server,,,:/var/www:/sbin/nologin - Original Message - From: Gerardo Santana Gsmez Garrido [EMAIL PROTECTED] To: diego [EMAIL PROTECTED] Cc: misc@openbsd.org Sent: Saturday, August 06, 2005 1:30 PM Subject: Re: problem with apache On 8/5/05, diego [EMAIL PROTECTED] wrote: Hi all, I have a problem with apache, I have a ibm x225 with 2,5gb of ram and xeon 2,67ghz running 3.7-stable with GENERIC kernel, it's run only apache for a intranet with 1k users. I have error [Fri Aug 5 13:21:30 2005] [crit] [client 172.26.219.191] (24)Too many open files: /intranet.jgm.gov.ar/htdocs/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable I add kern.maxfiles=5 to sysctl.conf and # Setting used by httpd daemon www:\ :datasize=infinity:\ :maxproc=infinity:\ :openfiles-cur=40960:\ :openfiles-max=40960:\ :openfiles=40960:\ :stacksize-cur=500M:\ :localcipher=blowfish,8:\ :tc=default: to login.conf but I got the same error. thanks in advance. diego. The only thing I can think of is: are you sure the 'www' user is using your 'www' class? -- Gerardo Santana Gsmez Garrido http://www.openbsd.org.mx/santana/ Entre los individuos, como entre las naciones, el respeto al derecho ajeno es la paz -Don Benito Juarez
The SLIST_REMOVE_NEXT macro
- why does it need its first argument (the head), is it just for some historical reasons? The only file which seems to use it seems to be /sys/kern/sysv_sem.c Also I wonder about the grudgingly ok here, why grudgingly? http://archives.neohapsis.com/archives/openbsd/cvs/2003-12/0398.html Just curious... Alex
Re: generel software RAID-Question (IBMx330, raid failed, where to look for errors? )
That's nice to hear, got three of them with adaptec without an excuse for existence in my hall, I think, perhaps it's time to investigate that, there might be a use for them after all... On 8/5/05, Richard Welty [EMAIL PROTECTED] wrote: On Fri, 5 Aug 2005 12:43:10 +0200 Johan P. Lindstrvm [EMAIL PROTECTED] wrote: The IBM e-server x330 usually sports a branded Adaptec SCSI RAID card (IBM ServeRAID) and... well google the archives if you haven't been following thie list. um, the onboard controller is an adaptec, but the rebranded scsi raid card is generally a mylex in these beasts, not an adaptec. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security Well, if you're not going to expect unexpected flames, what's the point of going anywhere? -- Truckle the Uncivil
Re: problem with apache
you are mistaken. apache starts as root and drops privileges to www:www, that does not mean it inherits the ressource limits from that login class. * diego [EMAIL PROTECTED] [2005-08-08 13:29]: yes, www:*:67:67:www:0:0:HTTP Server,,,:/var/www:/sbin/nologin - Original Message - From: Gerardo Santana Gsmez Garrido [EMAIL PROTECTED] To: diego [EMAIL PROTECTED] Cc: misc@openbsd.org Sent: Saturday, August 06, 2005 1:30 PM Subject: Re: problem with apache On 8/5/05, diego [EMAIL PROTECTED] wrote: Hi all, I have a problem with apache, I have a ibm x225 with 2,5gb of ram and xeon 2,67ghz running 3.7-stable with GENERIC kernel, it's run only apache for a intranet with 1k users. I have error [Fri Aug 5 13:21:30 2005] [crit] [client 172.26.219.191] (24)Too many open files: /intranet.jgm.gov.ar/htdocs/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable I add kern.maxfiles=5 to sysctl.conf and # Setting used by httpd daemon www:\ :datasize=infinity:\ :maxproc=infinity:\ :openfiles-cur=40960:\ :openfiles-max=40960:\ :openfiles=40960:\ :stacksize-cur=500M:\ :localcipher=blowfish,8:\ :tc=default: to login.conf but I got the same error. thanks in advance. diego. The only thing I can think of is: are you sure the 'www' user is using your 'www' class? -- Gerardo Santana Gsmez Garrido http://www.openbsd.org.mx/santana/ Entre los individuos, como entre las naciones, el respeto al derecho ajeno es la paz -Don Benito Juarez -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: login_ldap
One more problem I have with login_ldap is that after I lock KDE with the blue lock-applet (kdesktop_lock), then I can't login anymore. The /var/log/authlog: Aug 8 13:52:43 blowfish kcheckpass[7059]: Authentication failure for afarber (invoked by uid 25323) I've searched around and one workaround mentioned is to make kcheckpass setuid. But this is actually the case with the stock 3.7 KDE-package, so this doesn't help 24 -rwsr-xr-x 1 root bin 11108 Mar 18 10:55 /usr/local/bin/kcheckpass Regards Alex 2005/8/4, Alexander Farber [EMAIL PROTECTED]: blowfish# tail /etc/login.conf ldap:\ :auth=-ldap:\ :x-ldap-server=172.25.93.242:\ :x-ldap-basedn=o=bonmp.XXX.com:\ :x-ldap-uscope=subtree:\ :x-ldap-filter=(uid=%u): blowfish# /usr/local/libexec/auth/login_-ldap -d afarber ldap Password: uri = ldap://172.25.93.242:389/ filter = (uid=afarber) search result 0x0 authorize Now my problem is, that for every user there needs to be an entry in /etc/passwd (is it needed for setting the login class to ldap?). And we have 200-300 users at our site (and much more globally). I wonder, how do the others handle this case of many users?
Re: Negotiating a license for Sun Java on OpenBSD?
On 08 Aug 2005 10:51:14 +0200, Artur Grabowski [EMAIL PROTECTED] wrote: Anon Y. Mous [EMAIL PROTECTED] writes: Hi: Has anyone involved with OpenBSD development attempted to negotiate a license with Sun for a Java binaries usage agreement, (e.g., FreeBSD/Sun agreement)? URL: http://www.freebsd.org/java/ The FreeBSD Foundation has negotiated a license with Sun Microsystems to distribute FreeBSD binaries for the Java Runtime Environment (JRE) and Java Development Kit (JDK). Where on http://www.openbsd.org/goals.html did you see Encourage and promote closed 'standards', insecure, crappy binaries and software monopolies.? //art Hi, I think it would be a good idea. Even if you had to download an openbsd package from sun's site. Best regards
Re: Negotiating a license for Sun Java on OpenBSD?
On Sat, Aug 06, 2005 at 01:12:24PM -0700, J.C. Roberts wrote: The FreeBSD guys sold their soul to Sun in a license agreement of some sort in order to use Sun's code as a base for their native implementation. Sorry, not quite. The FreeBSD-native Java implementation did not require changing any licenses in the base OS. Mind you, those poor bastards who donated their work and code to get Java running natively on FreeBSD may have sold their souls (or, at least, got badly taken), but that's a separate issue. The last time I tried it, the FreeBSD native Java ran fine on OpenBSD under emulation. At least it's a step closer than the Linux version. And, if you feel like donating your limited free time to Sun, the FreeBSD version is a better starting point than the Linux version. ==ml -- Michael W. Lucas[EMAIL PROTECTED], [EMAIL PROTECTED] http://www.BlackHelicopters.org/~mwlucas/ The cloak of anonymity protects me from the nuisance of caring. -Non Sequitur
Re: Negotiating a license for Sun Java on OpenBSD?
That is what you do for /ports/devel/jdk/ . So what is your problem? ;-) 2005/8/8, Edd Barrett [EMAIL PROTECTED]: I think it would be a good idea. Even if you had to download an openbsd package from sun's site.
Re: problem with apache
ok, with sysctl -w kern.maxfiles=5 should work? I tried ulimit -n 512, but give the same error. thanks. - Original Message - From: Henning Brauer [EMAIL PROTECTED] To: diego [EMAIL PROTECTED] Cc: Gerardo Santana Gsmez Garrido [EMAIL PROTECTED]; misc@openbsd.org Sent: Monday, August 08, 2005 8:48 AM Subject: Re: problem with apache you are mistaken. apache starts as root and drops privileges to www:www, that does not mean it inherits the ressource limits from that login class. * diego [EMAIL PROTECTED] [2005-08-08 13:29]: yes, www:*:67:67:www:0:0:HTTP Server,,,:/var/www:/sbin/nologin - Original Message - From: Gerardo Santana Gsmez Garrido [EMAIL PROTECTED] To: diego [EMAIL PROTECTED] Cc: misc@openbsd.org Sent: Saturday, August 06, 2005 1:30 PM Subject: Re: problem with apache On 8/5/05, diego [EMAIL PROTECTED] wrote: Hi all, I have a problem with apache, I have a ibm x225 with 2,5gb of ram and xeon 2,67ghz running 3.7-stable with GENERIC kernel, it's run only apache for a intranet with 1k users. I have error [Fri Aug 5 13:21:30 2005] [crit] [client 172.26.219.191] (24)Too many open files: /intranet.jgm.gov.ar/htdocs/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable I add kern.maxfiles=5 to sysctl.conf and # Setting used by httpd daemon www:\ :datasize=infinity:\ :maxproc=infinity:\ :openfiles-cur=40960:\ :openfiles-max=40960:\ :openfiles=40960:\ :stacksize-cur=500M:\ :localcipher=blowfish,8:\ :tc=default: to login.conf but I got the same error. thanks in advance. diego. The only thing I can think of is: are you sure the 'www' user is using your 'www' class? -- Gerardo Santana Gsmez Garrido http://www.openbsd.org.mx/santana/ Entre los individuos, como entre las naciones, el respeto al derecho ajeno es la paz -Don Benito Juarez -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: Negotiating a license for Sun Java on OpenBSD?
Let's read what I wrote and your response, shall we? Edd Barrett [EMAIL PROTECTED] writes: Encourage and promote closed 'standards', insecure, crappy binaries and software monopolies.? I think it would be a good idea. Maybe you do. Fortunately most of us don't. //art
Re: ARP Poisoning
Artur Grabowski wrote: Miroslav Kubik [EMAIL PROTECTED] writes: Hello In our intranet is an attacker who flooding OpenBSD router by ARP requests. Due to this we have trouble with internet connection. Is there a way how to protect server against ARP poisoning attack? Excuse me? You have an attacker inside your intranet? The best way to protect against that kind of attack is a baseball bat. Or security guards who show the person where the door is and a lawyer who hands over the lawsuit. This is a social problem, don't solve it with a technical solution. //art messages in /var/log/messages Aug 6 23:33:53 host22 /bsd: arp info overwritten for 192.168.1.249 by 00:e0:98:be:d3:cd on rl0 Aug 6 23:33:53 host22 /bsd: arp info overwritten for 192.168.1.246 by 00:e0:98:c5:8b:b9 on rl0 Aug 6 23:33:53 host22 /bsd: arp info overwritten for 192.168.1.245 by 00:e0:98:c5:9b:c5 on rl0 Aug 6 23:33:53 host22 /bsd: arp info overwritten for 192.168.1.242 by 00:e0:98:c5:8b:b9 on rl0 and still continue S pozdravem / Best Regards Miroslav Kubik IT Specialist Enterprise Server Farms Have not read all mails in this thread (sorry) but an easy solution to this problem is to run 'static-mac' on all int on your switches a.k.a. mac-lockdown (require that you can manage your sw and the sw have this option). If you can't do that, you're in for a rough ride. If you can or can get help to do so, read on. For mac-lockdown to have max effect, you'll have to have a list of the original MAC connected to each int on each sw = you can't trust the current arp entries on the sw(s). The alternative is to extract the arp entries from the sw and use it to do the lockdown. If you allready have the fake MAC, then use the same table to find the int where the box is connected to. Downside to this approach is that you might lock a fake MAC to the int it is connected to, but don't worry, you can correct this later. Most (but not all) arp-cache-poisoning is done with a home-made script or tool e.g. 'angst' and is trickered as a cronjob and then followed by whatever the attacker will run with his/her new temporary 'identity'. This automation can be to your advantage. This first time a MAC is changed on a end-node after your've made the lockdown, the box will be blocked from the network. This is irreverseable and will be written to the security-log on the sw with date, int, MAC and so on and if the box is accessed remotely then the hunting is over. If the attacker is sitting in front of the box the MAC can be reversed, but it will not help the poor suckers kneecaps when you kick down the door with a slegdehammer in your hands. Happy hunting. P.S. arp entries don't live forever in the arp-table. When you hunt attackeres like this, move fast. /per [EMAIL PROTECTED]
Re: Negotiating a license for Sun Java on OpenBSD?
From: Michael W. Lucas [EMAIL PROTECTED] On Sat, Aug 06, 2005 at 01:12:24PM -0700, J.C. Roberts wrote: The FreeBSD guys sold their soul to Sun in a license agreement of some sort in order to use Sun's code as a base for their native implementation. Sorry, not quite. The FreeBSD-native Java implementation did not require changing any licenses in the base OS. Mind you, those poor bastards who donated their work and code to get Java running natively on FreeBSD may have sold their souls (or, at least, got badly taken), but that's a separate issue. I have spent considerable time getting Java working on OpenBSD. How I choose to spend my time is my choice. I've nethier sold my soul or have been badly taken. Piss off! The last time I tried it, the FreeBSD native Java ran fine on OpenBSD under emulation. At least it's a step closer than the Linux version. And, if you feel like donating your limited free time to Sun, the FreeBSD version is a better starting point than the Linux version. Stop spreading FUD. At least take a sec and look in /usr/ports/devel/jdk before posting this crap. -Kurt.
Re: Negotiating a license for Sun Java on OpenBSD?
From: Anon Y. Mous [EMAIL PROTECTED] Hi: Has anyone involved with OpenBSD development attempted to negotiate a license with Sun for a Java binaries usage agreement, (e.g., FreeBSD/Sun agreement)? As stated several times in this thread, the type of license that FreeBSD has with Sun goes against the projects goals. We will not be distributing jdk binary packages without a policy change from Sun. We do however have ports of Sun's jdk's that work and people can build their own packages rather easily. look in /usr/ports/devel/jdk. URL: http://www.freebsd.org/java/ The FreeBSD Foundation has negotiated a license with Sun Microsystems to distribute FreeBSD binaries for the Java Runtime Environment (JRE) and Java Development Kit (JDK). -minsai Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Negotiating a license for Sun Java on OpenBSD?
On Mon, Aug 08, 2005 at 10:05:38AM -0400, Kurt Miller wrote: From: Michael W. Lucas [EMAIL PROTECTED] On Sat, Aug 06, 2005 at 01:12:24PM -0700, J.C. Roberts wrote: The FreeBSD guys sold their soul to Sun in a license agreement of some sort in order to use Sun's code as a base for their native implementation. Sorry, not quite. The FreeBSD-native Java implementation did not require changing any licenses in the base OS. Mind you, those poor bastards who donated their work and code to get Java running natively on FreeBSD may have sold their souls (or, at least, got badly taken), but that's a separate issue. I have spent considerable time getting Java working on OpenBSD. How I choose to spend my time is my choice. I've nethier sold my soul or have been badly taken. Piss off! The last time I tried it, the FreeBSD native Java ran fine on OpenBSD under emulation. At least it's a step closer than the Linux version. And, if you feel like donating your limited free time to Sun, the FreeBSD version is a better starting point than the Linux version. Stop spreading FUD. At least take a sec and look in /usr/ports/devel/jdk before posting this crap. Kurt, Really, no disparagement was meant of your efforts. My apologies for any offense. I can't see spending my time working on Sun's code, but that's your choice, and if it works for you more power to you. ==ml -- Michael W. Lucas[EMAIL PROTECTED], [EMAIL PROTECTED] http://www.BlackHelicopters.org/~mwlucas/ The cloak of anonymity protects me from the nuisance of caring. -Non Sequitur
http manual pages ...
From time to time, I'm running cvsup, I can see that apache manual pages will be deleted. Does this mean that the functionality of apache under openbsd changes also? regards Karl-Heinz
clamav problem
Hi list, i am running obsd 3.7 ( with generic kernel and the security patch) and clamav 0.86.2 that i have installed from ports. If i have a mail with a file zip clamv crash. If I use clamav without the scanarchive option enable it works correctly. Do you know where is the problem? Cristian Del Carlo
Re: Negotiating a license for Sun Java on OpenBSD?
From: Michael W. Lucas [EMAIL PROTECTED] On Mon, Aug 08, 2005 at 10:05:38AM -0400, Kurt Miller wrote: From: Michael W. Lucas [EMAIL PROTECTED] On Sat, Aug 06, 2005 at 01:12:24PM -0700, J.C. Roberts wrote: The FreeBSD guys sold their soul to Sun in a license agreement of some sort in order to use Sun's code as a base for their native implementation. Sorry, not quite. The FreeBSD-native Java implementation did not require changing any licenses in the base OS. Mind you, those poor bastards who donated their work and code to get Java running natively on FreeBSD may have sold their souls (or, at least, got badly taken), but that's a separate issue. I have spent considerable time getting Java working on OpenBSD. How I choose to spend my time is my choice. I've nethier sold my soul or have been badly taken. Piss off! The last time I tried it, the FreeBSD native Java ran fine on OpenBSD under emulation. At least it's a step closer than the Linux version. And, if you feel like donating your limited free time to Sun, the FreeBSD version is a better starting point than the Linux version. Stop spreading FUD. At least take a sec and look in /usr/ports/devel/jdk before posting this crap. Kurt, Really, no disparagement was meant of your efforts. My apologies for any offense. I can't see spending my time working on Sun's code, but that's your choice, and if it works for you more power to you. Thanks for the apology. Your post struck a nerve and my frustration with the amount of misinformation in this thread came out. Few people really understand the Java - *BSD licensing issues. For what seems like ideological licensing preferences, people like to make noise and otherwise spout off. I choose to work on Java on OpenBSD because it was challenging and it represented the convergence of two of my interests. Do I like the licensing situation? No, but that didn't stop me from having fun, learning a lot and getting it work. So let us all move on and let this thread die already. :-) -Kurt
Re: Negotiating a license for Sun Java on OpenBSD?
On Mon, 2005-08-08 at 10:23 -0400, Michael W. Lucas wrote: I can't see spending my time working on Sun's code, but that's your choice, and if it works for you more power to you. You know, for every Kurt, there have to be several hundred people (OpenBSD users or otherwise) who say if I wanted to deal with Sun every day, I'd run Solaris instead and frankly, I don't blame them. Every attempt to use Java here has caused more problems than it has solved; it's simply a resource pig. I'm sure it runs great on the fully loaded sparc64 boxen that Sun salesweasels are pimping for $UNGODLY_AMOUNT_OF_CASH; sorry, but I don't have that kind of money. I can't wait until Kaffe is usable as a JVM, as I suspect it won't have the same problems that Sun has put into its reference Java implementation. Until then, I've decided simply to avoid using Java applications as much as possible. -- Shawn K. Quinn [EMAIL PROTECTED]
Re: Negotiating a license for Sun Java on OpenBSD?
Shawn K. Quinn wrote: On Mon, 2005-08-08 at 10:23 -0400, Michael W. Lucas wrote: I can't see spending my time working on Sun's code, but that's your choice, and if it works for you more power to you. You know, for every Kurt, there have to be several hundred people (OpenBSD users or otherwise) who say if I wanted to deal with Sun every day, I'd run Solaris instead and frankly, I don't blame them. Every That sounds completely stupid to me. Solaris is a horrible operating system with too many holes and problems to mention. There are other options that I would choose first. attempt to use Java here has caused more problems than it has solved; it's simply a resource pig. I'm sure it runs great on the fully loaded sparc64 boxen that Sun salesweasels are pimping for $UNGODLY_AMOUNT_OF_CASH; sorry, but I don't have that kind of money. Sun hardware is not that expensive anymore. You need to price some equipment comperable to what is out there now in the 64bit hardware range. Please don't spout off without having a solid understanding of what you're talking about. I can't wait until Kaffe is usable as a JVM, as I suspect it won't have the same problems that Sun has put into its reference Java implementation. Until then, I've decided simply to avoid using Java applications as much as possible. You'll be waiting a considerable amount of time. Avoiding using java is like trying to ignore the pink elephant in the room until you have a gun big enough to shoot it. :-) If you have java applications that you need to run, run them. Brandon
Re: Negotiating a license for Sun Java on OpenBSD?
* Shawn K. Quinn [EMAIL PROTECTED] [2005-08-08 17:18]: You know, for every Kurt, there have to be several hundred people (OpenBSD users or otherwise) who say if I wanted to deal with Sun every day, I'd run Solaris instead and frankly, I don't blame them. Every attempt to use Java here has caused more problems than it has solved; it's simply a resource pig. I'm sure it runs great on the fully loaded sparc64 boxen that Sun salesweasels are pimping for $UNGODLY_AMOUNT_OF_CASH; sorry, but I don't have that kind of money. and, guess what, we run pretty big application servers for our customers on OpenBSD on commodity i386 hardware these days, at price tags for the whole installation where you don't even get a spare CPU from sun. the biggest single reason for why this works out today is kurt's work. the linux boxes we tried before crashed badly under that load. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: http manual pages ...
* Wild Karl-Heinz [EMAIL PROTECTED] [2005-08-08 17:11]: From time to time, I'm running cvsup, I can see that apache manual pages will be deleted. Does this mean that the functionality of apache under openbsd changes also? no, the apache docs are currently cleaned up, including deletion of unrelated crap and the (out of date anyway) translations. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: Install Woes (3.7/sparc) - Spontaneous crashes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 J.C. Roberts wrote: On Sun, 7 Aug 2005 15:18:40 -0400, Jim Fron [EMAIL PROTECTED] wrote: On Aug 7, 2005, at 2:46 PM, J.C. Roberts wrote: Floppy drives and diskettes are notorious for failing in very strange and unusual ways. Check out the mild but insightful message from Art on tech@ if you want to know the general consensus on floppies. That's good to know. Unfortunately, most of my machines (mac) don't have serial ports. At times I wonder if Apple not supporting serial is smart or dumb but I never seem to come to a conclusion... A USB to serial device may do the trick but personally, I've never tried it. I've used the iogear usb serial adapter with my powerbook, a sparcstation 5, minicom from darwinports and a null modem cable and it worked fine. iD8DBQFC94IglH10NsAbJ7ERAtT6AJ9ybLXdLe9ee6xFqBE6m6bFngsazgCdG04B 3bY14tyU2IbM29IbMWS0Nt4= =/HXo -END PGP SIGNATURE-
Re: Negotiating a license for Sun Java on OpenBSD?
On Mon, 08 Aug 2005 11:02:47 -0400, Kurt Miller [EMAIL PROTECTED] wrote: Kurt, Really, no disparagement was meant of your efforts. My apologies for any offense. I can't see spending my time working on Sun's code, but that's your choice, and if it works for you more power to you. Thanks for the apology. Your post struck a nerve and my frustration with the amount of misinformation in this thread came out. Few people really understand the Java - *BSD licensing issues. For what seems like ideological licensing preferences, people like to make noise and otherwise spout off. Kurt, If your statement was directed, in part, to my posts in the thread, please realize I was just trying the accurately answer the questions put to the list. If I got things wrong, made noise and posted misinformation, I would really like to know *what* I got wrong? With all your work on the java ports, you're one of the few people in a position to know all the torrid details of java-*bsd licensing, so please kick the knowledge downstairs to the unwashed. ;-) JCR -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: Negotiating a license for Sun Java on OpenBSD?
You know, for every Kurt, there have to be several hundred people (OpenBSD users or otherwise) who say if I wanted to deal with Sun every day, I'd run Solaris instead and frankly, I don't blame them. Every attempt to use Java here has caused more problems than it has solved; it's simply a resource pig. I'm sure it runs great on the fully loaded sparc64 boxen that Sun salesweasels are pimping for $UNGODLY_AMOUNT_OF_CASH; sorry, but I don't have that kind of money. Suns newest ultra 20 x64 workstation retails at under #1000. Not as expensive as they once were. Regards
Re: login_ldap
Alexander Farber wrote: One more problem I have with login_ldap is that after I lock KDE with the blue lock-applet (kdesktop_lock), then I can't login anymore. The /var/log/authlog: Aug 8 13:52:43 blowfish kcheckpass[7059]: Authentication failure for afarber (invoked by uid 25323) My users under kerberos have the same problem. The thing is that KDE does not support bsd_auth. Antoine
hardware issues on sparc64
hello- I am trying to load 3.5 sparc64 on an Ultra2. After booting from the CD I get an error message that says( i think) it cannot find the cd-drive or file on the CD. That makes little sense since I see it start to boot the CD. Is this a bad burn? I know the disc worksused it many times. Degraded? Any ideas on the error? ok boot cdrom Boot device: /sbus/SUNW,[EMAIL PROTECTED],880/[EMAIL PROTECTED],0:f File and args: kernel/sparcv9/un ix OpenBSD IEEE 1275 Bootblock 1.1 .. OpenBSD 3.5 (obj) #0: Mon Mar 29 12:00:16 MST 2004 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/stand/ofwboot/obj open /[EMAIL PROTECTED],0/SUNW,[EMAIL PROTECTED],880/[EMAIL PROTECTED],0:f/kernel/sparcv9/unix: No such file or directory thanks, Bob
authpf doesn't seem to be creating user_ip
I have the following pf.conf and authpf.rules. When I try to load the rules into the anchor I get authpfbob# pfctl -a authpf -f /etc/authpf/authpf.rules /etc/authpf/authpf.rules:3: macro 'user_ip' not defined /etc/authpf/authpf.rules:3: syntax error pfctl: Syntax error in config file: pf rules not loaded From reading the man page and the FAQ I think I have everything right. But clearly I need to do somehting else to get user_ip to work. Wasn't able to find anything in the archives. Any ideas, please? authpfbob# cat /etc/pf.conf # $OpenBSD: pf.conf,v 1.28 2004/04/29 21:03:09 frantzen Exp $ # # See pf.conf(5) and /usr/share/pf for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. ext_if=xl1 int_if=xl0 #table spamd persist #table spamd-white persist table authpf_users persist scrub in #nat on $ext_if from !($ext_if) - ($ext_if:0) #rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021 #rdr pass on $ext_if proto tcp from spamd to port smtp \ # - 127.0.0.1 port spamd #rdr pass on $ext_if proto tcp from !spamd-white to port smtp \ # - 127.0.0.1 port spamd block in all #pass out keep state #pass quick on { lo $int_if } #antispoof quick for { lo $int_if } pass in on $int_if proto tcp to ($int_if) port ssh keep state #pass in on $ext_if proto tcp to ($ext_if) port 49151 user proxy keep state #pass in log on $ext_if proto tcp to ($ext_if) port smtp keep state #pass out log on $ext_if proto tcp from ($ext_if) to port smtp keep state anchor authpf/* load anchor authpf from /etc/authpf/authpf.rules authpfbob# cat /etc/authpf/authpf.rules int_if = xl0 pass in quick on $int_if proto tcp from $user_ip to any keep state -- BOFH excuse #50: Change in Earth's rotational speed
Re: Install Woes (3.7/sparc) - Spontaneous crashes
John Broome writes: I've used the iogear usb serial adapter with my powerbook, a sparcstation 5, minicom from darwinports and a null modem cable and it worked fine. One drawback to the IOGEAR is that (at least with the OSX driver), the serial dongle cannot transmit a break (STOP+A). I like to keep a couple of Sun Type 5 keyboards around, if only to be able to send a STOP+N when the PROM gets into a FUBAR state. Jim Fron writes: Probably. Well, one crap keyspan USB/serial device and one, possibly now two crap SS20's has taught me a lesson: for the money, it may be better to go out and but a cheap sh*t Wal-Mart PC instead of buying good hardware off eBay. A valuable (if expensive) lesson. Personally, I'd take a *good* SS20 over a consumer grade desktop PC, but would strongly recommend a more modern server grade Sparc over either of the cheap options, something like a Netra T1/105 (from eBay) or even a V100 ($1K new). Kevin Kadow
OpenBGPd crash on various filter rules...
Misc, I am running OpenBGPd on a couple routers. On my production systems I am using the most basic bgpd.conf with all the default RFC1918 deny's and nothing more complex than that. Testing some more complex filters on another router causes openbgpd to crash on reload. All rules pass: /usr/sbin/bgpd -n Here is one such rule: # prepend TWTC AS4323 twice to all incoming UPDATEs from peer. match from group TWTC set prepend-neighbor 2 I've only tested attribute setting using MATCH filters however I've caused crashes with more than just prepend-neighbor. Also prepend- self and weight. rtr1:~bgpctl reload Aug 8 15:12:36 rtr1 bgpd[14014]: Lost child: route decision engine terminated; signal 11 Aug 8 15:12:36 rtr1 bgpd[14014]: Lost child: route decision engine terminated; signal 11 Aug 8 15:12:36 rtr1 bgpd[23683]: fatal in SE: session_dispatch_imsg: pipe closed: Operation now in progress Aug 8 15:12:36 rtr1 bgpd[23683]: fatal in SE: session_dispatch_imsg: pipe closed: Operation now in progress rtr1:~bgpctl s s bgpctl: connect: /var/run/bgpd.sock: No such file or directory rtr1:~uname -a OpenBSD rtr1 3.7 GENERIC#50 i386 rtr1:~rdate time.nist.gov date Mon Aug 8 15:18:37 EDT 2005 Mon Aug 8 15:18:37 EDT 2005 What information can I provide to help debug this? Thanks, David
You've received a greeting from a family member!
You have just received a virtual greeting from a family member! You can pick up your postcard at the following web address: http://www.postcards1001.com/?a91-valets-cloud-187 If you can't click on the web address above, you can also visit E-Greetings at http://www.postcards1001.com/ and enter your pickup code, which is: a91-valets-cloud-187 (Your postcard will be available for 60 days.) Oh -- and if you'd like to reply with a postcard, you can do so by visiting this web address: http://www.postcards1001.com/ (Or you can simply click the reply to this postcard button beneath your postcard!) We hope you enjoy your postcard, and if you do, please take a moment to send a few yourself! Regards, 1001 Greetings and Postcards http://www.postcards1001.com/
A problem internal to GDB has been detected
Hi, I am trying to debug an objc binary with gdb but unfortunately it ends up with the following error: $ gdb ogo-webui-1.1 GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as i386-unknown-openbsd3.7... (gdb) run -WOUseWatchDog NO Starting program: /usr/local/sbin/ogo-webui-1.1 -WOUseWatchDog NO /usr/src/gnu/usr.bin/binutils/gdb/utils.c:1007: internal-error: virtual memory exhausted: can't allocate 1073960 bytes. A problem internal to GDB has been detected, further debugging may prove unreliable. Quit this debugging session? (y or n) y /usr/src/gnu/usr.bin/binutils/gdb/utils.c:1007: internal-error: virtual memory exhausted: can't allocate 1073960 bytes. A problem internal to GDB has been detected, further debugging may prove unreliable. Create a core file of GDB? (y or n) y Abort trap (core dumped) in the GNUstep HOWTO it states that I need at least gdb 6 to debug objc binaries. anybody knows my problem? kind regards sebastian
gcc 2.95.3 to 3.3.5: compile errors
greetz, me and a C++ programmer i know have a C++ program that would compile cleanly and run when using gcc 2.95.3 (from openbsd 3.6-release), but now that i've upgraded to 3.7-release, which uses gcc 3.3.5, he gets errors on compilation. since neither of us are very familiar with the details of upgrades in gcc (he codes on M$ visual studio at work), i would appreciate either direct suggestions on the errors i list below or a more general plan for what to do to quickly resolve syntax errors upon upgrade of gcc. here are the errors: $ g++ -c agent.cpp In file included from array.h:10, from inputdata.h:13, from agent.h:10, from agent.cpp:9: In file included from inputdata.h:13, from agent.h:10, from agent.cpp:9: array.h: At global scope: array.h:32: error: invalid data member initialization array.h:32: error: (use `=' to initialize static data members) array.h:32: error: variable or field `out' declared void array.h:152: error: variable or field `out' declared void array.h:152: error: `ArrayT::out' declared as an `inline' variable array.h:152: error: `int ArrayT::out' is not a static member of `class ArrayT' array.h:152: error: template definition of non-template `int ArrayT::out' array.h:152: error: syntax error before `{' token In file included from inputdata.h:13, from agent.h:10, from agent.cpp:9: array.h:7:1: unterminated #ifndef In file included from agent.h:10, from agent.cpp:9: inputdata.h:7:1: unterminated #ifndef In file included from agent.cpp:9: agent.h:7:1: unterminated #ifndef *** Error code 1 and here are the lines of code where the errors occur (lines 32 and 152 from array.h): 32: void out (ostream os) const; 152: inline void Array T::out (ostream os) const if what i'm asking for is easily found in docs, i would greatly appreciate a redirect modulo excessive flame. the redirect need not be unique, as excessive flame is certainly not prime. cheers, jake
Re: OpenBGPd crash on various filter rules...
On Mon, Aug 08, 2005 at 12:20:43PM -0700, David Ulevitch wrote: Misc, I am running OpenBGPd on a couple routers. On my production systems I am using the most basic bgpd.conf with all the default RFC1918 deny's and nothing more complex than that. Testing some more complex filters on another router causes openbgpd to crash on reload. All rules pass: /usr/sbin/bgpd -n Here is one such rule: # prepend TWTC AS4323 twice to all incoming UPDATEs from peer. match from group TWTC set prepend-neighbor 2 I've only tested attribute setting using MATCH filters however I've caused crashes with more than just prepend-neighbor. Also prepend- self and weight. Please send me a pre and post config that results in the crash. -- :wq Claudio
Re: authpf doesn't seem to be creating user_ip
On Mon, Aug 08, 2005 at 01:14:52PM -0600, Bob Beck wrote: * Ray Percival [EMAIL PROTECTED] [2005-08-08 12:17]: I have the following pf.conf and authpf.rules. When I try to load the rules into the anchor I get authpfbob# pfctl -a authpf -f /etc/authpf/authpf.rules /etc/authpf/authpf.rules:3: macro 'user_ip' not defined /etc/authpf/authpf.rules:3: syntax error pfctl: Syntax error in config file: pf rules not loaded I wouldn't expect loading that ruleset with pfctl to work that way. authpf adds the macro definition when it loads it. you can't expect to just run pfctl on that file and have it load correctly, unless you add a user_ip definition at the top of it (which should *NOT* be there when using authpf.) That was it. I got a bit confused between having a state problem that got sorted and reading trhe authpf and the more general anchor doc. Thanks for the pointer. Your pf.conf you attached looks, well, strange, you shouldn't be loading anchor authpf from anywhere. authpf does that. Try the examples as in the man page and verify you can make those work as expected first. -Bob -- BOFH excuse #340: Well fix that in the next (upgrade, update, patch release, service pack). [demime 1.01d removed an attachment of type application/pgp-signature]
TCP ECN Query
Hi, I just noticed that ECN (net.inet.tcp.ecn) and RFC 3390 (net.inet.tcp.rfc3390) are disabled by default. Any special reason for this? Peace, rebx_99
SCSI enclosure + disks wanted
We are looking for a SCSI RAID enclosure + at least a few disks, for testing/development purposes, in Toronto. This is to make the raid management stuff work better. A few of us are working on the code, but we would like the main scsi guys in Toronto to play along too. The stuff is making process; here is a demo of a small part part of it: # bioctl -h ami0 Volume Status Size Device ami0 0 Online 341G sd0 RAID5 0 Online 68.4G 0:0.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 1 Online 68.4G 0:2.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 2 Online 68.4G 0:4.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 3 Online 68.4G 0:8.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 4 Online 68.4G 1:10.0 ses1 MAXTOR ATLAS15K2_73SCA JNZ6 5 Online 68.4G 1:12.0 ses1 MAXTOR ATLAS15K2_73SCA JNZ6 ami0 1 Online 341G sd1 RAID5 0 Online 68.4G 0:1.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 1 Online 68.4G 0:3.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 2 Online 68.4G 0:5.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 3 Online 68.4G 1:9.0 ses1 MAXTOR ATLAS15K2_73SCA JNZ6 4 Online 68.4G 1:11.0 ses1 MAXTOR ATLAS15K2_73SCA JNZ6 5 Online 68.4G 1:13.0 ses1 MAXTOR ATLAS15K2_73SCA JNZ6 This shows that userland knows which controllers are tied to which system disks, which drives are backing it, and which ses/safte devices are managing the those drive in the enclosure. So, if someone has one to give or loan on a semi-permanent basis, please let me know. Thanks.
Re: SCSI enclosure + disks wanted
On Mon, 08 Aug 2005 14:30:57 -0600, Theo de Raadt [EMAIL PROTECTED] wrote: We are looking for a SCSI RAID enclosure + at least a few disks, for testing/development purposes, in Toronto. This is to make the raid management stuff work better. A few of us are working on the code, but we would like the main scsi guys in Toronto to play along too. The stuff is making process; here is a demo of a small part part of it: # bioctl -h ami0 Volume Status Size Device ami0 0 Online 341G sd0 RAID5 0 Online 68.4G 0:0.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 1 Online 68.4G 0:2.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 2 Online 68.4G 0:4.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 3 Online 68.4G 0:8.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 4 Online 68.4G 1:10.0 ses1 MAXTOR ATLAS15K2_73SCA JNZ6 5 Online 68.4G 1:12.0 ses1 MAXTOR ATLAS15K2_73SCA JNZ6 ami0 1 Online 341G sd1 RAID5 0 Online 68.4G 0:1.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 1 Online 68.4G 0:3.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 2 Online 68.4G 0:5.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 3 Online 68.4G 1:9.0 ses1 MAXTOR ATLAS15K2_73SCA JNZ6 4 Online 68.4G 1:11.0 ses1 MAXTOR ATLAS15K2_73SCA JNZ6 5 Online 68.4G 1:13.0 ses1 MAXTOR ATLAS15K2_73SCA JNZ6 This shows that userland knows which controllers are tied to which system disks, which drives are backing it, and which ses/safte devices are managing the those drive in the enclosure. So, if someone has one to give or loan on a semi-permanent basis, please let me know. Thanks. Is this for mainly testing or is actually planed for real usage? I've got ultra2 stuff around, 9GB disks and both DEC/alpha and generic rackmount enclosures... -By todays' standards 8x9GB is not a lot of room, and ultra2 is not exactly fast but it *might* be useful for testing code? JCR -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: SCSI enclosure + disks wanted
Is this for mainly testing or is actually planed for real usage? It is for testing and development. I've got ultra2 stuff around, 9GB disks and both DEC/alpha and generic rackmount enclosures... -By todays' standards 8x9GB is not a lot of room, and ultra2 is not exactly fast but it *might* be useful for testing code? It would be fine. If you are willing to ship, contact [EMAIL PROTECTED] about it.
ccd troubles
I'm having a bit of trouble with ccd. I have a box with 2 80G IDE drives and 1 200G IDE drive. I'm going by the FAQ step for step here but after the ccd is configured and I get ready to run disklabel -E ccd0 it only sees the first frive. I've redone it 6 or 7 times, and switched the drive order in ccd.conf. I've tried taking each drive out one at a time and doing it with the other two drives but it always ends up the same. I'm hoping somebody can help me out here. Hre's what I have in ccd.conf ccd016 none/dev/wd2a /dev/wd1a /dev/wd0h wd2a is the 200G drive with one big empty partition wd1a is one of the 80G drives with one big empty partition wd0h is 78G, the other 2 went to the OS Any help or ideas would be appreciated. If there is any relevent information I left out let me know.
LSI Logic 53C1030 on DL145-G2 not working
Hi, I have a HP DL145-G2. The SCSI card that comes with is supposed to be supported by the mpt driver - the LSI Logic 53c1030 Fusion. It's not. I also bought a MegaRAID 320-2X which I thought was supposed to be supported by the ami driver, it's not. The MegaRaid has the latest bios, H429 build Feb04, 2005. Tested under both i386 and amd64 (both 3.7 and -current on Aug 2, 2005). Anything that can be jiggled or twigged to make them work? Thanx in advance for your kind help. Btw, what's a hardware RAID card (PCI-X) that is currently on the market that is supported? I've already gotten two strikes even going with what's supported by /amd64.html and /i386.html, so, if anyone has any recommendation, I'd really appreciate it. -Tai lspci -v and dmesg from the install disk follows: -8 82:00.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID (rev 02) Subsystem: LSI Logic / Symbios Logic MegaRAID 532 SCSI 320-2X RAID Controller Flags: bus master, stepping, 66Mhz, medium devsel, latency 64, IRQ 225 Memory at d860 (32-bit, prefetchable) [size=64K] Memory at d810 (32-bit, non-prefetchable) [size=512K] Capabilities: [c0] Power Management version 2 Capabilities: [d0] Message Signalled Interrupts: 64bit+ Queue=0/1 Enable- Capabilities: [e0] PCI-X non-bridge device. 87:01.0 SCSI storage controller: LSI Logic / Symbios Logic 53c1030 PCI-X Fusion-MPT Dual Ultra320 SCSI (rev 07) Subsystem: Compaq Computer Corporation: Unknown device 00f4 Flags: bus master, 66Mhz, medium devsel, latency 128, IRQ 233 I/O ports at 2000 [size=256] Memory at d822 (64-bit, non-prefetchable) [size=128K] Memory at d820 (64-bit, non-prefetchable) [size=128K] Capabilities: [50] Power Management version 2 Capabilities: [58] Message Signalled Interrupts: 64bit+ Queue=0/0 Enable- Capabilities: [68] PCI-X non-bridge device. 8--- OpenBSD/i386 BOOT 2.06 boot booting fd0a:/bsd: 4302596+825452=0x4e40b8 entry point at 0x100120* WARNING: CAN'T ALLOCATE RAM (5000-c000) FROM IOMEM EXTENT MAP! uvm_page_physload: unable to load physical memory segment 4 segments allocated, ignoring 0x1000 - 0xbfffc increase VM_PHYSSEG_MAX Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2005 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 3.7 (RAMDISK_CD) #573: Sun Mar 20 00:27:05 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: AMD Opteron(tm) Processor 252 (AuthenticAMD 686-class) 2.62 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,MMX,FXSR,SSE,SSE2,PNI real mem = 2146107392 (2095808K) avail mem = 2772189184 (2707216K) using 4278 buffers containing 280363008 bytes (273792K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(fc) BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xfd5f0 pcibios0 at bios0: rev 2.1 @ 0xfd5f0/0xa10 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdec0/288 (16 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x10de product 0x0051 pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #4 is the last bus bios0: ROM list: 0xc/0xd400 0xcd800/0x1000 0xce800/0x1600 0xd/0x1600 0xd 1800/0x2200 0xd4000/0x800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) vendor Nvidia, unknown product 0x005e (class memory subclass miscellaneous, re v 0xa3) at pci0 dev 0 function 0 not configured pcib0 at pci0 dev 1 function 0 vendor Nvidia, unknown product 0x0051 rev 0xa3 vendor Nvidia, unknown product 0x0052 (class serial bus subclass SMBus, rev 0x a2) at pci0 dev 1 function 1 not configured ohci0 at pci0 dev 2 function 0 vendor Nvidia, unknown product 0x005a rev 0xa2: irq 10, version 1.0, legacy support ohci0: SMM does not respond, resetting usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: Nvidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered ehci0 at pci0 dev 2 function 1 vendor Nvidia, unknown product 0x005b rev 0xa3: irq 11 ehci0: timed out waiting for BIOS ehci0: EHCI version 1.0 ehci0: companion controller, 4 ports each: ohci0 usb1 at ehci0: USB revision 2.0 uhub1 at usb1 uhub1: Nvidia EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 uhub1: single transaction translator uhub1: 4 ports with 4 removable, self powered pciide0 at pci0 dev 6 function 0 vendor Nvidia, unknown product 0x0053 rev 0xa 2: DMA (unsupported), channel 0 configured to compatibility, channel 1 configure d to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TEAC, CD-224E, 9.9A SCSI0 5/cdrom removable pciide0: channel 1 ignored (not responding; disabled or no drives?) pciide1 at pci0 dev 8 function 0 vendor Nvidia, unknown product 0x0055 rev 0xa 3: DMA (unsupported), channel 0 wired to native-PCI, channel 1 wired to native-P CI pciide1: using irq 10 for native-PCI interrupt pciide1: channel 0 ignored (not
php-xslt-4.3.11 symbols
Hi I'm trying to run a fairly simple php xslt script. When i try to run from a browser or the command line i get the following : PHP Fatal error: Call to undefined function: xslt_set_encoding() in /var/www/htdocs/recipes.php on line 5 running nm -g /var/www/lib/php/modules/xslt.so i don't find xslt_set_encoding() ? Any directions on what to do what be fine and appreciated. nm -g /var/www/lib/php/modules/xslt.so ? SablotAddArgBuffer ? SablotAddParam ? SablotCreateProcessorForSituation ? SablotCreateSituation ? SablotDestroyProcessor ? SablotDestroySituation ? SablotFree ? SablotGetResultArg ? SablotRegHandler ? SablotRunProcessorGen ? SablotSetBase ? SablotSetBaseForScheme ? SablotSetOptions ? SablotUnregHandler 200018c8 A _DYNAMIC 20002990 A _GLOBAL_OFFSET_TABLE_ 20003abc A __bss_start U __errno 20002abc D __got_end 20002990 D __got_start U __guard U __stack_smash_handler 5334 T __udivdi3 5454 T __umoddi3 U _array_init U _convert_to_string U _ecalloc 20003abc A _edata U _efree U _emalloc 20003ac0 A _end U _estrdup U _estrndup 5610 T _fini 17b0 T _init U _zend_list_addref U _zend_list_delete U _zval_copy_ctor U _zval_ptr_dtor U add_assoc_string_ex U add_assoc_stringl_ex U call_user_function_ex U close U convert_to_long U executor_globals 2214 T get_module F libgcc2.c F libgcc2.c U open U php_error_docref0 U php_info_print_table_end U php_info_print_table_row U php_info_print_table_start U php_sprintf F sablot.c U spprintf U strcasecmp U strchr U strcmp U strerror U strlcpy U strncasecmp U write F xslt.c 2144 T xslt_call_function 1cc8 T xslt_debug 20dc T xslt_free_arguments 1f84 T xslt_free_array 20001760 D xslt_functions 1d3c T xslt_make_array 20001820 D xslt_module_entry 1fd0 T xslt_parse_arguments U zend_error U zend_fetch_resource U zend_get_executed_filename U zend_get_parameters_ex U zend_hash_get_current_data_ex U zend_hash_get_current_key_ex U zend_hash_index_find U zend_hash_internal_pointer_reset_ex U zend_hash_move_forward_ex U zend_hash_num_elements U zend_parse_parameters U zend_register_list_destructors_ex U zend_register_long_constant U zend_register_resource U zend_wrong_param_count 363c T zif_xslt_backend_info 35f4 T zif_xslt_backend_name 35ac T zif_xslt_backend_version 2368 T zif_xslt_create 3230 T zif_xslt_errno 32ac T zif_xslt_error 3354 T zif_xslt_free 2db0 T zif_xslt_process 2b28 T zif_xslt_set_base 2c40 T zif_xslt_set_encoding 2aa4 T zif_xslt_set_error_handler 2c48 T zif_xslt_set_log 33cc T zif_xslt_set_object 2450 T zif_xslt_set_sax_handlers 2890 T zif_xslt_set_scheme_handlers 3444 T zif_xslt_setopt 22e8 T zm_info_xslt 222c T zm_startup_xslt U zval_add_ref -- james reynolds, bsc
Re: LSI Logic 53C1030 on DL145-G2 not working
The BIOS on your box is lying. Update it to something newer and it might magically work. Also update to -current. On Mon, Aug 08, 2005 at 06:07:47PM -0500, bofh wrote: Hi, I have a HP DL145-G2. The SCSI card that comes with is supposed to be supported by the mpt driver - the LSI Logic 53c1030 Fusion. It's not. I also bought a MegaRAID 320-2X which I thought was supposed to be supported by the ami driver, it's not. The MegaRaid has the latest bios, H429 build Feb04, 2005. Tested under both i386 and amd64 (both 3.7 and -current on Aug 2, 2005). Anything that can be jiggled or twigged to make them work? Thanx in advance for your kind help. Btw, what's a hardware RAID card (PCI-X) that is currently on the market that is supported? I've already gotten two strikes even going with what's supported by /amd64.html and /i386.html, so, if anyone has any recommendation, I'd really appreciate it. -Tai lspci -v and dmesg from the install disk follows: -8 82:00.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID (rev 02) Subsystem: LSI Logic / Symbios Logic MegaRAID 532 SCSI 320-2X RAID Controller Flags: bus master, stepping, 66Mhz, medium devsel, latency 64, IRQ 225 Memory at d860 (32-bit, prefetchable) [size=64K] Memory at d810 (32-bit, non-prefetchable) [size=512K] Capabilities: [c0] Power Management version 2 Capabilities: [d0] Message Signalled Interrupts: 64bit+ Queue=0/1 Enable- Capabilities: [e0] PCI-X non-bridge device. 87:01.0 SCSI storage controller: LSI Logic / Symbios Logic 53c1030 PCI-X Fusion-MPT Dual Ultra320 SCSI (rev 07) Subsystem: Compaq Computer Corporation: Unknown device 00f4 Flags: bus master, 66Mhz, medium devsel, latency 128, IRQ 233 I/O ports at 2000 [size=256] Memory at d822 (64-bit, non-prefetchable) [size=128K] Memory at d820 (64-bit, non-prefetchable) [size=128K] Capabilities: [50] Power Management version 2 Capabilities: [58] Message Signalled Interrupts: 64bit+ Queue=0/0 Enable- Capabilities: [68] PCI-X non-bridge device. 8--- OpenBSD/i386 BOOT 2.06 boot booting fd0a:/bsd: 4302596+825452=0x4e40b8 entry point at 0x100120* WARNING: CAN'T ALLOCATE RAM (5000-c000) FROM IOMEM EXTENT MAP! uvm_page_physload: unable to load physical memory segment 4 segments allocated, ignoring 0x1000 - 0xbfffc increase VM_PHYSSEG_MAX Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2005 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 3.7 (RAMDISK_CD) #573: Sun Mar 20 00:27:05 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: AMD Opteron(tm) Processor 252 (AuthenticAMD 686-class) 2.62 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,MMX,FXSR,SSE,SSE2,PNI real mem = 2146107392 (2095808K) avail mem = 2772189184 (2707216K) using 4278 buffers containing 280363008 bytes (273792K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(fc) BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xfd5f0 pcibios0 at bios0: rev 2.1 @ 0xfd5f0/0xa10 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdec0/288 (16 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x10de product 0x0051 pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #4 is the last bus bios0: ROM list: 0xc/0xd400 0xcd800/0x1000 0xce800/0x1600 0xd/0x1600 0xd 1800/0x2200 0xd4000/0x800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) vendor Nvidia, unknown product 0x005e (class memory subclass miscellaneous, re v 0xa3) at pci0 dev 0 function 0 not configured pcib0 at pci0 dev 1 function 0 vendor Nvidia, unknown product 0x0051 rev 0xa3 vendor Nvidia, unknown product 0x0052 (class serial bus subclass SMBus, rev 0x a2) at pci0 dev 1 function 1 not configured ohci0 at pci0 dev 2 function 0 vendor Nvidia, unknown product 0x005a rev 0xa2: irq 10, version 1.0, legacy support ohci0: SMM does not respond, resetting usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: Nvidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered ehci0 at pci0 dev 2 function 1 vendor Nvidia, unknown product 0x005b rev 0xa3: irq 11 ehci0: timed out waiting for BIOS ehci0: EHCI version 1.0 ehci0: companion controller, 4 ports each: ohci0 usb1 at ehci0: USB revision 2.0 uhub1 at usb1 uhub1: Nvidia EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 uhub1: single transaction translator uhub1: 4 ports with 4 removable, self powered pciide0 at pci0 dev 6 function 0 vendor Nvidia, unknown product 0x0053 rev 0xa 2: DMA (unsupported), channel 0 configured to compatibility, channel 1 configure d to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TEAC, CD-224E, 9.9A SCSI0 5/cdrom removable pciide0: channel 1 ignored (not
Re: LSI Logic 53C1030 on DL145-G2 not working
On 8/8/05, Marco Peereboom [EMAIL PROTECTED] wrote: The BIOS on your box is lying. Update it to something newer and it might magically work. Oh gods. I just went to HP's site, and saw that there's bios updates available. This is a HP DL145-G2, which has 2 hard drives, and no floppy. Even the CDRom drive is optional. Guess what their updates run on? The fscking SP31039 bios update for the DL145-G2 extracts to a physical floppy disk. GAH Morons at work. *sigh* Will have to do this in the morning. -Tai
Re: ccd troubles
James Boothe wrote: I'm having a bit of trouble with ccd. I have a box with 2 80G IDE drives and 1 200G IDE drive. I'm going by the FAQ step for step here but after the ccd is configured and I get ready to run disklabel -E ccd0 it only sees the first frive. I've redone it 6 or 7 times, and switched the drive order in ccd.conf. I've tried taking each drive out one at a time and doing it with the other two drives but it always ends up the same. I'm hoping somebody can help me out here. Hre's what I have in ccd.conf ccd016 none/dev/wd2a /dev/wd1a /dev/wd0h wd2a is the 200G drive with one big empty partition wd1a is one of the 80G drives with one big empty partition wd0h is 78G, the other 2 went to the OS Any help or ideas would be appreciated. If there is any relevent information I left out let me know. Show us what you are seeing and tell us what you are expecting to see. Yes, disklabel -E ccd0 should only show you one drive, so I have no idea what you are not seeing that you are expecting. (trivial little things like dmesg, disklabel and fdisk outputs might be useful, too). Nick.
Re: hardware issues on sparc64
Bob Ababurko wrote: hello- I am trying to load 3.5 sparc64 on an Ultra2. After booting from the CD I get an error message that says( i think) it cannot find the cd-drive No...that's not what it says. or file on the CD. yes, that IS what it says. That makes little sense since I see it start to boot the CD. Is this a bad burn? I know the disc worksused it many times. Degraded? Any ideas on the error? yep. Error is pretty clear, I think... ok boot cdrom Boot device: /sbus/SUNW,[EMAIL PROTECTED],880/[EMAIL PROTECTED],0:f File and args: kernel/sparcv9/un ix 'kernel/sparcv9/unix'. That's a funny way to spell 'bsd'! (hint: /bsd is the standard name and location for the OpenBSD kernel.) OpenBSD IEEE 1275 Bootblock 1.1 .. OpenBSD 3.5 (obj) #0: Mon Mar 29 12:00:16 MST 2004 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/stand/ofwboot/obj open /[EMAIL PROTECTED],0/SUNW,[EMAIL PROTECTED],880/[EMAIL PROTECTED],0:f/kernel/sparcv9/unix: No such file or directory You know, if you look for a file kernel/sparcv9/unix, I'll bet you find it isn't on the CDROM you are using. Might have something to do with it, I bet. :) Your Sun's firmware is trying to pull the wrong file off the CD. Set the firmware options properly, it will probably take off and run fine. See INSTALL.sparc64 for more details... Nick.
Matrikon's Pacesetter - August 2005
Please forward this to all interested parties. Please add [EMAIL PROTECTED] to your Allowed Senders list to avoid spam filters. ~ PACESETTER: INTELLEGENT TECHNOLOGY FOR PROCESS CONTROL - MATRIKON Contents - Vol 1. Issue III - Power Optimization - Webcast: AM Blueprint - OPC Conference 2005 - Statoil Press Release - Alarm Management Workshops - OPC Corner - Plant Performance Test - MatrikonOPC Conference = INCREASING POWER GENERATION WITH ADVANCED TECHNOLOGY Advanced Condition Monitoring The three key areas seeing critical success in generation optimization programs worldwide are Abnormal Condition Monitoring, Condition-Based Maintenance strategies, and Information Visualization Solutions. Get this paper and find out how pacesetter power plants are generating more for less. GET THE FULL STORY: http://www.matrikon.com/whitepapers/AdvancedConditionMonitoring_power.pdf = WEBCAST Tuesday September 1, 2005 1:30 PM EDT ALARM MANAGEMENT BLUEPRINT: Achieving Pacesetter Status For Your Plant REGISTRATION AND DETAILS: http://www.matrikon.com/news/webcast_signup.asp?WID=010905 Topics include: - Developing and adopting an alarm philosophy - Understanding of industry standards and corporate governance requirements - Incorporating an alarms and events database - Defining primary alarm management work processes - Leveraging technology in all business areas - Defining metrics for tracking - Visibility and accountability - Proven execution methodology - Continuous improvement model Presented by: Mike Brown, M.A.Sc., P.Eng. Vice President of Technology Matrikon = TRANSFORMING INDUSTRIAL CONNECTIVITY MatrikonOPC Conference 2005 MatrikonOPC Conference 2005 is the standards-based OPC technology conference of the year. This three-day event focuses on system interoperability, reliability, security, and simplicity. This is a must-attend conference for anyone interested in industrial connectivity, including system architects, integrators, managers, and end-users across all industries. - Leverage OPC standards-based connectivity - Learn industry best practice - Get tips, tricks, and troubleshooting secrets - Take part in hands-on workshops - Hear what's new for 2006 CONFERENCE DETAILS: http://www.opcug.org/ = STATOIL: DECISION SUPPORT WITH REAL-TIME WELL MONITORING Matrikon(tm) technology to improve Statoil's monitoring of offshore assets Matrikon's technology complements the best-practice, integrated operations processes that Statoil is developing, said Terje Schmidt, Chief Engineer for Production Technology at Statoil. We are demonstrating that technology can be used to leverage the information of our existing infrastructure, and to distribute the information to multiple stakeholders along with the added context they require to perform their jobs. READ THIS PRESS RELEASE: http://www.matrikon.com/news/showarticle.asp?ID=663 = INSTITUTIONALIZING ALARM MANAGEMENT Alarm Management Hands-on Workshops - 2005 - Prepare your plant for new regulations. - Successfully eliminate up to 75% of your alarms. - Improve safety standards while reducing downtime. - Learn strategies to prioritize and configure alarm settings. - Reduce alarm management implementation time by 30%. - Examine successful, working solutions. August 9 - 10, Chicago, Illinois http://www.matrikon.com/services/training2/workshop_details.asp?ID=258 August 22 - 23, Perth, Australia http://www.matrikon.com/services/training2/workshop_details.asp?ID=301 September 5 - 6, Melbourne, Australia http://www.matrikon.com/services/training2/workshop_details.asp?ID=300 September 13 - 14, Los Angeles, California http://www.matrikon.com/services/training2/workshop_details.asp?ID=260 September 14 - 15, St. Louis, Missouri http://www.matrikon.com/services/training2/workshop_details.asp?ID=272 2005 Global Schedule http://www.matrikon.com/services/training2/schedule.asp The information presented in this course will prove invaluable in helping us develop and implement an alarm management program for our plant. John Nye Sunoco Chemicals = OPC CORNER Complimentary Downloads http://www.matrikonopc.com/products/opc-downloads White Paper - CMMS: Integrating Real-Time Information for Condition-Based Maintenance http://www.matrikon.com/download/CMMS_Integrating_RealTime_Information_for_CBM.pdf OPC Multimedia Tutorial http://www.matrikonopc.com/training/opc-multimedia-tutorial/opcda_pop.html
Re: ccd troubles
On Mon, Aug 08, 2005 at 10:05:50PM -0400, Nick Holland wrote: James Boothe wrote: I'm having a bit of trouble with ccd. I have a box with 2 80G IDE drives and 1 200G IDE drive. I'm going by the FAQ step for step here but after the ccd is configured and I get ready to run disklabel -E ccd0 it only sees the first frive. I've redone it 6 or 7 times, and switched the drive order in ccd.conf. I've tried taking each drive out one at a time and doing it with the other two drives but it always ends up the same. I'm hoping somebody can help me out here. Hre's what I have in ccd.conf ccd016 none/dev/wd2a /dev/wd1a /dev/wd0h wd2a is the 200G drive with one big empty partition wd1a is one of the 80G drives with one big empty partition wd0h is 78G, the other 2 went to the OS Any help or ideas would be appreciated. If there is any relevent information I left out let me know. Show us what you are seeing and tell us what you are expecting to see. Yes, disklabel -E ccd0 should only show you one drive, so I have no idea what you are not seeing that you are expecting. (trivial little things like dmesg, disklabel and fdisk outputs might be useful, too). Nick. Thanks for the reply. I got it working finally though. Yes I realize it will show up as one disk in disklabel, that's pretty much the point of ccd. The problem was it was only showing the first disk as in 80G, not 200+80+80GB. I'm still not sure what the exact problem was but about 8 tries and several reboots and obscenities later it magically started working.
Re: SCSI enclosure + disks wanted
Theo; I have some enclosures that are leftover from a custom job we did for a customer. These were basically our 1U (3x hot-swap scsi) and 2U (6X hot-swap scsi) chassis's but without mobo, just power supply and special cabling to allow HDD's to attach to power supply. I am not sure if the cases in question have the necessary cabling, but I will check, if so, they are yours. I do have quite a few 1U and 2U cases with power supplies, in case you wish to rack mount any gear. We are no longer having these cases made for us, too costly, and have a boat load that we are looking to sell cheap, as well as donate to obsd. Lemme know, -mike Quoting Theo de Raadt [EMAIL PROTECTED]: We are looking for a SCSI RAID enclosure + at least a few disks, for testing/development purposes, in Toronto. This is to make the raid management stuff work better. A few of us are working on the code, but we would like the main scsi guys in Toronto to play along too. The stuff is making process; here is a demo of a small part part of it: # bioctl -h ami0 Volume Status Size Device ami0 0 Online 341G sd0 RAID5 0 Online 68.4G 0:0.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 1 Online 68.4G 0:2.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 2 Online 68.4G 0:4.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 3 Online 68.4G 0:8.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 4 Online 68.4G 1:10.0 ses1 MAXTOR ATLAS15K2_73SCA JNZ6 5 Online 68.4G 1:12.0 ses1 MAXTOR ATLAS15K2_73SCA JNZ6 ami0 1 Online 341G sd1 RAID5 0 Online 68.4G 0:1.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 1 Online 68.4G 0:3.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 2 Online 68.4G 0:5.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 3 Online 68.4G 1:9.0 ses1 MAXTOR ATLAS15K2_73SCA JNZ6 4 Online 68.4G 1:11.0 ses1 MAXTOR ATLAS15K2_73SCA JNZ6 5 Online 68.4G 1:13.0 ses1 MAXTOR ATLAS15K2_73SCA JNZ6 This shows that userland knows which controllers are tied to which system disks, which drives are backing it, and which ses/safte devices are managing the those drive in the enclosure. So, if someone has one to give or loan on a semi-permanent basis, please let me know. Thanks.
Conditional passive FTP rules on firewall
Hi, I am trying to setup an (mostly) isolated network to clean infected PCs. Based on my personal judgment of security vs. convenience I would like to allow the clients to use certain web and ftp sites. Web site access is controlled via squid (transparent). Ftp access works in active mode via ftp-proxy. Passive mode does *not* work since I block client traffic not going to the proxies via pf. Problem is that most web browsers I deal with these days use passive mode. I would prefer not to change these browser settings (if they can be changed). So and now finally to the question: Is it possible to create conditional pf rules to pass certain traffic to a host *after* a connection to a specific port on the same host has been made? So, a client is connecting to ftp.host.net on default port 21. Hence, pf allows the same client to connect to other ports on that host. I've read man pf.conf and thought that tables or tags *might* work for this. Tables: How do I *automatically* add hosts to tables? Tags: How can I use a tag on different packets? For both: How do I set an inactivity timeout to undo those changes automatically? Have I missed something? Any other ideas? This isn't really critical of course, but I thought I'd ask the list before I give up on this thought. The OpenBSD gateway is running 3.7-stable/sparc64. Thanks! -Jason
Re: ccd troubles
On Aug 8, 2005, at 8:10 PM, James Boothe wrote: On Mon, Aug 08, 2005 at 10:05:50PM -0400, Nick Holland wrote: (trivial little things like dmesg, disklabel and fdisk outputs might be useful, too). Thanks for the reply. I got it working finally though. Yes I realize it will show up as one disk in disklabel, that's pretty much the point of ccd. The problem was it was only showing the first disk as in 80G, not 200+80+80GB. I'm still not sure what the exact problem was but about 8 tries and several reboots and obscenities later it magically started working. You should do as Nick says. I suggest you now try to recreate your problem and understand it. Either discover that your hardware is going bad or educate yourself in the use of CCD so you don't fsck something up later. At least, that's what I'd recommend, if you care about your data. -david