Re: Anonym.OS - OpenBSD-based live CD

[Bihlmaier Andreas]

On Sun, Jan 22, 2006 at 11:49:05PM -0500, NetNeanderthal wrote:
> On 1/22/06, Scott Francis <[EMAIL PROTECTED]> wrote:
> > you mean, aside from including man38.tgz? What else are you looking
> > for? There's some docs on their website, but why would you need
> > anything beyond what ships with OpenBSD? There's a man page for
> > everything, and while they don't include a "we did the following steps
> > in this order, and here's why we have privoxy and pf and how they're
> > configured", it's easy enough to just read the config files and the
> > relevant man pages. Keep in mind also that this is, at best, a beta
> > release (if not alpha).
> 'They' as in you, sure.. and they didn't.  Go to the site.  Go to
> sf.net's doc page.  Neither contain any documentation.  My original
> statement stands as-is.  OpenBSD is well documented, what was done to
> produce this image is not.  In fact, it's about as safe as installing
> OpenBSD from some ISO pulled from a random site.  Have a read for
> yourself, straight from the FAQ:
> 
> http://openbsd.org/faq/faq3.html#ISO
> 
> "The source of an unofficial image may or may not be trustworthy; it
> is up to you to determine this for yourself."
> 
> So, by my own determination, I choose not to trust it.  You can find
> no fault with that logic, especially considering the purpose of your
> project.
> 
> > the packages are from the ports tree - are you saying they're somehow
> > less trusted because you didn't install/build them yourself? The boot
> > script is there for anybody to peruse who wants to; no "trust" is
> > required - or at least, no more than is required for, say, flashdist
> > or any other project based on a modified OpenBSD install. There's no
> > secret sauce, no binary blobs, no closed source or NDAs.
> So, if it's just a group of ports and a boot script, the kernel was
> left untouched?  I did notice some .dist files in /etc.. perhaps
> 'diff' is all the documentation required.  The flashdist script isn't
> applicable, they don't hand out images of OpenBSD but show you how to
> 'roll your own' and provide a script.  Sure, documentation there is
> loose as well, but it's more than the sparse peppering of a
> description provided by Anonym.OS.  How do you plan to keep this
> patched?  How are vulnerabilities handled?  Errata?
> 
> > As far as "unwilling or unable to use OpenBSD in its native form",
> > keep in mind the purpose of the project and their target audience. Not
> > everybody has the luxury of their own laptop, and it's always nice to
> > have something relatively secure to fall back on when stuck with a
> > less-than-sanitary public-use PC.
> Agreed, somewhat.  This topic has been bludgeoned to death on misc,
> your reasoning fails -- search the list archives.
> 
> > Let's not denigrate unnecessarily; we should be encouraging wider uses
> > and derivative projects, not biting the heads off of developers when
> > they release new OpenBSD-based projects. If it's a waste of time,
> > nobody will use it and it will disappear with no need for vitriol. On
> > the other hand, if it's a good project, well, that kind of development
> > is always a Good Thing.
> Copying a free OS and adding a few packages hardly constitutes the tag
> 'developer', perhaps .. installer? scripter?  I'm quite certain
> OpenBSD developers really could care less if their project is taken
> from its natural habitat and bastardized for the consumption of a
> wider audience.  By your own words, this project is really not much
> more than a HOWTO, sans end-user effort and the actual HOWTO document.
>  Or did I miss something?
> 
> > This:
> > > It reeks of a clumsily-staged publicity stunt.
> > definitely comes off more like sour grapes than any kind of valid
> > criticism, IMO. Perhaps you didn't intend it that way.
> I never claimed it as valid criticism, it's my opinion and I've a
> right to it.  This is *yet another* (failed) attempt at positive PR
> for this script+package project.  Sour grapes would imply that I am
> pushing down your project to further my own agenda.  I won't lose
> sleep over that one until I decouple myself from OpenBSD; until then,
> good luck with your PR campaign!
> 
> Despite our philosophical differences, here's my constructive criticism:
> 
> 1) If you're going to produce a bootable ISO image, also produce a
> siteXX.tgz file and make it available via your website for download
> during a 'regular' OpenBSD installation.
> http://openbsd.org/faq/faq4.html#site
> 
> 2) Consider, perhaps, even a script that will generate the bootable CD
> ISO from that siteXX.tgz customization as well.
> 
> 3) Documentation

I mailed the guys responsible for Anonym.OS in private and I was told
that they actually are working on documentation right now. They will
release it once it is cleaned up.

Regards,
ahb

pf by mac address?

[David Benfell]

Hello all,

Perhaps I'm looking for this the wrong way.  My local network now (and
hopefully temporarily) includes hostile users.  I may need to exercise
controls on their Internet usage by machine.

Now, I can certainly tell dhcpd to give certain machines certain IP
addresses by reference to their MAC address.  But that won't stop
these users from allocating their own IP address and essentially
bypassing dhcpd.

The environment includes a lot of wireless -- most users connect this
way.

So I'm thinking I'd like to be able to write packet filter rules based
on MAC address.  I'm not necessarily going to want to simply cut off
all their Internet access, but pf offers a lot of options to do what I
think I might want to do, if I can make rules by MAC address.  Traffic
shaping and additional rules about what ports they can access come to
mind.  Possibly other possibilities will come to your mind --
hopefully you see what I'm thinking.

Is it possible?

-- 
David Benfell, LCP
[EMAIL PROTECTED]
---
Resume available at http://www.parts-unknown.org/

Never mind... Re: pf by mac address?

[David Benfell]

On Sun, 22 Jan 2006 21:08:34 -0800, David Benfell wrote:
> 
> Perhaps I'm looking for this the wrong way.  My local network now (and
> hopefully temporarily) includes hostile users.  I may need to exercise
> controls on their Internet usage by machine.
> 
Still what I think I'd like to do -- because MAC address spoofing is a
level beyond the capability of the users I'm worried about, but I see
this has come up before...



-- 
David Benfell, LCP
[EMAIL PROTECTED]
---
Resume available at http://www.parts-unknown.org/

Re: Anonym.OS - OpenBSD-based live CD

[NetNeanderthal]

On 1/22/06, Scott Francis <[EMAIL PROTECTED]> wrote:
> you mean, aside from including man38.tgz? What else are you looking
> for? There's some docs on their website, but why would you need
> anything beyond what ships with OpenBSD? There's a man page for
> everything, and while they don't include a "we did the following steps
> in this order, and here's why we have privoxy and pf and how they're
> configured", it's easy enough to just read the config files and the
> relevant man pages. Keep in mind also that this is, at best, a beta
> release (if not alpha).
'They' as in you, sure.. and they didn't.  Go to the site.  Go to
sf.net's doc page.  Neither contain any documentation.  My original
statement stands as-is.  OpenBSD is well documented, what was done to
produce this image is not.  In fact, it's about as safe as installing
OpenBSD from some ISO pulled from a random site.  Have a read for
yourself, straight from the FAQ:

http://openbsd.org/faq/faq3.html#ISO

"The source of an unofficial image may or may not be trustworthy; it
is up to you to determine this for yourself."

So, by my own determination, I choose not to trust it.  You can find
no fault with that logic, especially considering the purpose of your
project.

> the packages are from the ports tree - are you saying they're somehow
> less trusted because you didn't install/build them yourself? The boot
> script is there for anybody to peruse who wants to; no "trust" is
> required - or at least, no more than is required for, say, flashdist
> or any other project based on a modified OpenBSD install. There's no
> secret sauce, no binary blobs, no closed source or NDAs.
So, if it's just a group of ports and a boot script, the kernel was
left untouched?  I did notice some .dist files in /etc.. perhaps
'diff' is all the documentation required.  The flashdist script isn't
applicable, they don't hand out images of OpenBSD but show you how to
'roll your own' and provide a script.  Sure, documentation there is
loose as well, but it's more than the sparse peppering of a
description provided by Anonym.OS.  How do you plan to keep this
patched?  How are vulnerabilities handled?  Errata?

> As far as "unwilling or unable to use OpenBSD in its native form",
> keep in mind the purpose of the project and their target audience. Not
> everybody has the luxury of their own laptop, and it's always nice to
> have something relatively secure to fall back on when stuck with a
> less-than-sanitary public-use PC.
Agreed, somewhat.  This topic has been bludgeoned to death on misc,
your reasoning fails -- search the list archives.

> Let's not denigrate unnecessarily; we should be encouraging wider uses
> and derivative projects, not biting the heads off of developers when
> they release new OpenBSD-based projects. If it's a waste of time,
> nobody will use it and it will disappear with no need for vitriol. On
> the other hand, if it's a good project, well, that kind of development
> is always a Good Thing.
Copying a free OS and adding a few packages hardly constitutes the tag
'developer', perhaps .. installer? scripter?  I'm quite certain
OpenBSD developers really could care less if their project is taken
from its natural habitat and bastardized for the consumption of a
wider audience.  By your own words, this project is really not much
more than a HOWTO, sans end-user effort and the actual HOWTO document.
 Or did I miss something?

> This:
> > It reeks of a clumsily-staged publicity stunt.
> definitely comes off more like sour grapes than any kind of valid
> criticism, IMO. Perhaps you didn't intend it that way.
I never claimed it as valid criticism, it's my opinion and I've a
right to it.  This is *yet another* (failed) attempt at positive PR
for this script+package project.  Sour grapes would imply that I am
pushing down your project to further my own agenda.  I won't lose
sleep over that one until I decouple myself from OpenBSD; until then,
good luck with your PR campaign!

Despite our philosophical differences, here's my constructive criticism:

1) If you're going to produce a bootable ISO image, also produce a
siteXX.tgz file and make it available via your website for download
during a 'regular' OpenBSD installation.
http://openbsd.org/faq/faq4.html#site

2) Consider, perhaps, even a script that will generate the bootable CD
ISO from that siteXX.tgz customization as well.

3) Documentation

Re: Tyan S2885, 3 Video Cards Trouble

[Nick Holland]

Robert Jacobs wrote:
>>Try this strategy...
> 
>>Remove all but one video card.
>>Get X working on that one card, using an xorg.conf file.
>>Insert a second card, keep X working on the one card (this seems to be
>>an important step...and not quite as trivial as it sounds).
>>Get X working on the two cards.
>>Insert third card, keep X working on the two previous cards.
>>Get X working on third card.
>>Let brain recover from the serious frying you just gave it.
> 
> Of course done that and as I previously mentioned it works perfectly with
> one or two cards but not at all with 3. 

D'oh.  yes, you did say that.  My appologies.

> I have been running openbsd with 3
> monitors since 3.6 and have not come across this problem up till now.
>  I found a "workaround", I tried OpenBSD i386 3.9BETA instead of AMD64
> 3.8RELEASE/Current and it works with 3 video cards. 

Do you mean you tried both 3.8-release and 3.8-current on amd64?
How current was -current?  3.9-beta has the new version of X in it.  If
your 3.8-current was more than a week or so old, you have the OLD
version of X.  This may be "fixed" in the new version of X.  Or maybe
not.  My luck hasn't been very good today...maybe yours will be better.

And feel free to ignore my comments, at this point, you have me beat.
You got three monitors to come up at all, most I can say is "PART of my
problem has been a pcibios(4) issue", so now, at least, I can get two
monitors to come up with the second video card (the third head)
installed.  Progress, as I can now heat the room a little more...but not
much practical difference.

Nick.

overload and "sub"-Tables?

[Sebastian Rother]

Is it possible that I could do something like a better sorting using
Tables and PF?

I mean overload is a great function but if I use it for serval Ports
I've (as far as I know) to use multiple Tables if I wanna know who e.g.
does SSH-Brute-Forces or who does HTTP-CGI-Scanning and such crap.

In fact I use "overload" to prevent such things because they rely on a
fast connection and no SSH-bruteforce-Application supports
throtteling (e.g. just 3 attemps in 5 seconds) as far as I know.

Would it be possible to specify e.g. a Table like "badguys.ssh"
where .ssh means a "subclass" for this table?
So I could use one Table (badguys) to block all the unwanted connections but I
could e.g. use pfctl to see exactly who e.g. got in that table because
of ssh-Bruteforce-Attemps (badguys.ssh).

As I said: For now I would have to create multiple Tables and add the
count of every tables to the others to know how many hosts (at all) got
blocked.

This would be interesting for analyse-purpose only so I would like to
know your oppinion about this.

Today a script has to count all entries (wich works too) but maybe this
idea isn't that bad and could get a place with (very) low priority at
the developer-list?

Kind regards,
Sebastian

Re: float question

[theo]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

ramrunner wrote:
> float a;
> int main()
> {
> for(;a<3;a+=0.1)
> printf("%f\n",a);
> return 1;
> }
> output :
> 0.00
> 0.10
> 
> 2.70
> 2.79
> 2.89
> 2.99
> why does the add loses a decimal point?


float is so tricky...
Never use it for precision.

For example :
float a,b; if(a==b) {} may fail.
if( abs(a-b) < 0.1 ) {} may work.
You may want to look ceil(3) and floor(3) as well.


Using printf("%.2f\n"a) works for me. Error depends on the precision.

I would rather use something like that :
int main(void)
{
int a=0;
for(a=0; a<30; a++)
printf("%f\n",a/10.); /* Do not forget the '.' */
/*or printf("%d.%d\n", a/10, a%10); depending on the
context. */
return 1;
}



cheers,
theo
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFD1Cq0SH6NzHMSyhIRAswgAJ9L6DvPZR03WF9VCQ3KAd+YsGlCVwCfcP9U
++cEzwTwb7Cxi3P7SdyWPIw=
=bjmn
-END PGP SIGNATURE-

Re: float question

[David Higgs]

Floating point numbers aren't perfectly precise.

See http://c-faq.com/fp/

--david

On 1/22/06, ramrunner <[EMAIL PROTECTED]> wrote:
> Hi , i am not sure if the following indicates a prob, if it does i
> will issue a PR.
> *sorry if i miss something here*
> cosider the following: (obsd x86 3.8-current gcc version 3.3.5 (propolice))
> float a;
> int main()
> {
> for(;a<3;a+=0.1)
> printf("%f\n",a);
> return 1;
> }
> output :
> 0.00
> 0.10
> 
> 2.70
> 2.79
> 2.89
> 2.99
> why does the add loses a decimal point?
> again sorry if it's my mistake (probably) but i'm confused ;) .
>
> please CC not in [EMAIL PROTECTED]
> DsP

Re: Routing problem?

[Tony Sterrett]

Hey,
Try a bridge.
man brconfig(8) says:
he brconfig utility retrieves kernel state of bridge interfaces and al-
  lows user control of these bridges.  Bridge devices create a  
logical link
  between two or more Ethernet interfaces or encapsulation  
interfaces (see
  gif(4)), which will selectively forward frames from each  
interface on the
  bridge to every other interface on the bridge.  This can be  
used to iso-
  late traffic between sets of machines on the same segment and  
to provide
  a transparent filter for ip(4) datagrams.

Which pretty much what you want to do (e,g. isolate traffic between  
the router and the DMZ). T
he put its interface into promiscuous mode all see all traffic. THe  
DMZ keeps in own adddress.
Take a look at BRCONFIG(8)



Respectfully,
Tony Sterrett

[EMAIL PROTECTED]
Consultant in Open Source Software, featuring OpenBSD and Linux.
www.sterrett.net


On Jan 22, 2006, at 10:07 AM, Jonas Lindskog wrote:

> Hello,
>
> We are running Open BSD 3.8 as a firewall router. The router has  
> two internal networks to handle; a DMZ with "real"
> ip adresses and a NAT network to which our workstations are  
> connected. The problem I have is that its not possible to
> connect to the server on the DMZ (ip 38.87.5.122, netmask  
> 255.255.255.252) from the outside (but from the inside).
> I guess that I somehow has to make the external interface listen to  
> the same adress as the server (they are on the same net), but if I add
> an alias to the external interface it doesn't (of course) route  
> packages to the DMZ. How do I make OpenBSD route packages to the  
> server
> (and the DMZ subnet)?
>
> Our ISP has given us a net that has the following data:
>
> Net segment: 38.87.5.112 /28 net address:   38.87.5.112
> gw address:   38.87.5.113
> firewall:  38.87.5.114
> free ip ip: 38.87.5.115-126
> broadcast address:38.87.5.127
> netmask:  255.255.255.240
>
> the server has the following interfaces configured:
> ### interfaces 
> #external interface
> inet 38.87.5.114 255.255.255.240 NONE
>
> #internal interface
> inet 192.168.97.254 255.255.255.0 NONE
>
> # dmz
> inet 38.87.5.121 255.255.255.252 NONE
>
> Thanks in advance
>
> Jonas

Re: Suggestions about a replacement for FTP over SSL [long]

[viq]

Just a thought - why not samba?
With some additions, like 
http://www.camden.rutgers.edu/HELP/Documentation/Unix/stunnel/S50-1331_stunnel.php
or otherwise VPN it.
...yeah, i guess it deviates then from the simple setup you had before...

-- 
viq

---
Cala prawda o mezczyznach >>> http://link.interia.pl/f18f1

Re: CARP not preempt-ing correctly

[Chris Cameron]

Running 3.8.


Chris


Daniel Ouellet wrote:

Chris Cameron wrote:
When one interface fails in a carp setup, it is my understanding that 
if net.inet.carp.preempt is set to '1', that both interfaces on the 
single machine should fail. However I'm not seeing this happening and 
I'm hoping this is why I'm dropping connections during fail over. If I 
fail both interfaces at the exact same time I have no problems with 
dropped connections.


Nope, just the carp interface that actually fail, not both. They are 
process independently of one an other


Also, what version of OS are you running?

My setup is as follows, I'll mention that pfsync traffic is going over 
the local network. Also, I've tried with setting advskew to 100 one 
one firewall, as well as not setting it at all with 
net.inet.carp.preempt set.

Re: Suggestions about a replacement for FTP over SSL [long]

[Stuart Henderson]

On 2006/01/23 00:57, Joachim Schipper wrote:
> The main problem, right now, is file transfers. The old server serves
> FTP over SSL.

Is passive FTP over SSH-tunnel any good? It's easy enough to use a
win32 build of OpenSSH, or plink from PuTTY, to give an easy-to-click
interface for Windows users, and apart from that they hardly have to
change the way they work.

float question

[ramrunner]

Hi , i am not sure if the following indicates a prob, if it does i
will issue a PR.
*sorry if i miss something here*
cosider the following: (obsd x86 3.8-current gcc version 3.3.5 (propolice))
float a;
int main()
{
for(;a<3;a+=0.1)
printf("%f\n",a);
return 1;
}
output :
0.00
0.10

2.70
2.79
2.89
2.99
why does the add loses a decimal point?
again sorry if it's my mistake (probably) but i'm confused ;) .

please CC not in [EMAIL PROTECTED]
DsP

Suggestions about a replacement for FTP over SSL [long]

[Joachim Schipper]

Hello all,

I am currently migrating a server to a trio of machines using OpenBSD,
and ran into a bit of a design problem. Most of this is not OpenBSD
specific; I'll happily take this question elsewhere if told so, but it
would not exactly be the first non-OpenBSD-specific question here.

To start out with: the server is a typical do-everything-on-the-LAN
linux box. It handles firewalling, web serving, and quite a few
sensitive documents. I'm trying to separate it into a firewall, a web
server, and a third server for 'anything but web' which is the only one
with any more-or-less confidential data on it.

Since I'm a bit of a security hobbyist, I prefer the system to be at
least resistant to any known attack I can reasonably protect it from.

The main problem, right now, is file transfers. The old server serves
FTP over SSL. Both the data and the control stream are encrypted for
those accounts that are likely to handle confidential data. The problem
with encrypting the control stream, of course, is that it prevents
stateful firewalls - like the OpenBSD box in front - from working as
intended.

Switching to a different system is acceptable, but not preferred, as it
has taken quite a bit of effort to get all the users who should into
using FTP. (Then again, as long as it presents a GUI resembling an FTP
interface, it might as well be FTP to pretty much all of them.)

The users are a comparatively small group, which can be told to use a
different client if really required but will bitch and moan quite a
bit. They use Windows 98, XP, or Mac OS X. Additionally, I use OpenBSD.
The Windows users have been told to use CoreFTP; I use lftp on the rare
case that I need to access anything via FTP; and I have no idea what the
Mac users use, but I've not heard any complaints from the two of them.

I'm basically asking for recommendations on file transfers. I see a
couple of options:
- FTP without SSL
This works well, and is very universally usable. The lack of any
kind of password, let alone data, protection makes it a little too
insecure for my tastes, though.
- FTP with SSL
Requires tearing a big hole in the firewall, as ftp-proxy
understandably does not grok encrypted traffic, which also causes quite
a bit of insecurity.
If allowing only passive FTP, the hole is less dangerous, but
still...
- SFTP
This works well, but requires everyone to use a different
client. Additionally, it violates the principle of least privilige in
most implementations[1]. Requires another method for distributing
publicly available files, but this is not much of a problem - push the
files from the trusted server to the web server, and let httpd do its
thing.
- Collection of (PHP?) scripts on the web server
This should work. It's not scriptable and not very usable from
anything but a browser. Additionally, webapps tend toward lots of
security holes, which is why it was decided to put the web server on a
separate box with no important data. So this breaks the security model,
either way (either there is a web server on the 'other server', or there
are important documents on the untrusted web server)
- WebDAV
I've never used this. The Apache authentication features should
be plenty; however, Apache+mod_dav isn't quite as secure and carefree as
either stock ftpd or vsftpd. There are not that many clients, and
support is not quite universal. It's not quite FTP.

The other solution I can see is hacking ftp-proxy to catch any SSL-ish
commands, and then speak plain FTP to the server and FTP+SSL to the
client. This could get complicated fast, though, as it would probably
entail changing ftp-proxy from a simple inetd process to a full-fledged
daemon (to prevent the overhead of starting OpenSSL for each
connection), as well as tacking on a system to catch SSL and
authentication commands (as, for instance, the 'ftp' user should be
given free access without SSL, but the 'veryhighlypriviliged' user
should be required to use SSL for both control and data streams).

This does have a couple of advantages - it actually works on the
firewall, it's an interesting project, and it makes use of the installed
base. OTOH, there are some disadvantages, too - mostly that it is more
than a little complicated, and requires a fair bit of custom coding.

I am leaning a bit to the latter problem, mostly out of hobbyism, but
realise it is far from perfect. Which is why I though to sollicit some
input from misc@ first.

If you've made it through all this rambling, thanks for reading, at
least! I'll happily receive any replies.

Joachim

[1] Though if I can get everyone to use public key authentication, I
could use the command= syntax in ~/.ssh/authorized_keys (where is this
documented, anyway?). If I point that to a simple binary that does a
chroot and then execs sftp-server, the problem shouldn't be too serious.

Re: Anonym.OS - OpenBSD-based live CD

[Scott Francis]

On 1/19/06, NetNeanderthal <[EMAIL PROTECTED]> wrote:
[snip]
> I'm less than impressed with it after mounting the iso and viewing the
> contents.  Their documentation is poor, if not void of content
> altogether.

you mean, aside from including man38.tgz? What else are you looking
for? There's some docs on their website, but why would you need
anything beyond what ships with OpenBSD? There's a man page for
everything, and while they don't include a "we did the following steps
in this order, and here's why we have privoxy and pf and how they're
configured", it's easy enough to just read the config files and the
relevant man pages. Keep in mind also that this is, at best, a beta
release (if not alpha).

> Call Anonym.OS what it is, a coagulated lump of untrusted packages and
> scripts conveniently bundled for those who are unwilling or unable to
> use OpenBSD in its native form.

the packages are from the ports tree - are you saying they're somehow
less trusted because you didn't install/build them yourself? The boot
script is there for anybody to peruse who wants to; no "trust" is
required - or at least, no more than is required for, say, flashdist
or any other project based on a modified OpenBSD install. There's no
secret sauce, no binary blobs, no closed source or NDAs.

As far as "unwilling or unable to use OpenBSD in its native form",
keep in mind the purpose of the project and their target audience. Not
everybody has the luxury of their own laptop, and it's always nice to
have something relatively secure to fall back on when stuck with a
less-than-sanitary public-use PC.

Let's not denigrate unnecessarily; we should be encouraging wider uses
and derivative projects, not biting the heads off of developers when
they release new OpenBSD-based projects. If it's a waste of time,
nobody will use it and it will disappear with no need for vitriol. On
the other hand, if it's a good project, well, that kind of development
is always a Good Thing.

This:

> It reeks of a clumsily-staged publicity stunt.

definitely comes off more like sour grapes than any kind of valid
criticism, IMO. Perhaps you didn't intend it that way.

> I digress; OpenBSD is free.

Definitely glad that it is.
--
[EMAIL PROTECTED],darkuncle.net} || 0x5537F527
encrypted email to the latter address please
http://darkuncle.net/pubkey.asc for public key

Re: redirecting domain names

[Rod.. Whitworth]

On Sun, 22 Jan 2006 12:39:15 -0500, Peter Fraser wrote:

>On my windows machines, I use the hosts file
>from "http://www.mvps.org/winhelp2002/hosts.htm";
>which removes a lot of junk from the internet.
>
>Rather than going to each machine an installing
>this hosts file in \windows\system32\drivers\etc
>I would rather have my firewall block these
>names instead.
>
>Please note the blocking has to be done on the name,
>not the ip address. The ip address could easily
>be at some hosting site, and also be used for some
>entirely valid web site.
>
>Does any one know how to implement this?
>
>
dnsspoof from the dsniff package does it for me with 127.0.0.1 as the
address returned for anything I don't want sending to my LAN in
response to http GETs to banner ads etc.
It does wild card naming which is great but take care because ads*.*
matches adsl.example.com and you might want to get to the latter type
of address although that quoted one is of course fictional.

>From the land "down under": Australia.
Do we look  from up over?

Do NOT CC me - I am subscribed to the list.
Replies to the sender address will fail except from the list-server.

Re: Downloads limiting with PF

[Stuart Henderson]

On 2006/01/23 00:23, Maxim Vetsalo wrote:
> Greate thanks for your answer, Marco! I had read it, but didn't find solution 
> for my problem yet. 

You missed the pf.conf(5) section on service curves, then.

Re: Downloads limiting with PF

[Maxim Vetsalo]

On Sunday 22 January 2006 15:29, you wrote:
> http://www.openbsd.org/faq/pf/queueing.html
> http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&apropos=0&sektion=0&ma
>npath=OpenBSD+Current&arch=i386&format=html
>
> That should get you started.

Greate thanks for your answer, Marco! I had read it, but didn't find solution 
for my problem yet. 

As I think, the solution must be aware of connection. But present stateful 
tracking options in pf.conf allow only to limit numer of concurrent 
connections. Or, limit badwidth for whole connection insted of part of it.

In pf source I find, that struct pf_state have array member bytes[2].
I guess it is in/out bytes counter for connection. But I can't use it to solve 
problem right now :-( So, I think I need to code a little bit.

Maxim.  
>
> On Sat, Jan 21, 2006 at 11:27:50PM +0200, Maxim Vetsalo wrote:
> > Hi
> >
> > Sorry for my english first :-( I try to explain my problem as clean as I
> > can. I have internet connection with very low bandwidth and many users.
> > Bandwidth is enough if users don't download large files, but if only one
> > of them start to download, others must wait long time for any webpage
> > (and it's understandable :-)). I tried to limit size of downloadable
> > object with Sqiud, but users start to complain. Ideal solution for me in
> > such situation seems follow: when user start download it got full
> > bandwidth untill some (fixed) limit in bytes reached, after that without
> > breaking download connection got restricted bandwitdh.
> > The question is - can I achive this with PF+ALTQ on my OpenBSD 3.7-stable
> > router?
> >
> > Maxim.

Re: CARP not preempt-ing correctly

[Daniel Ouellet]

Daniel Ouellet wrote:

Chris Cameron wrote:
When one interface fails in a carp setup, it is my understanding that 
if net.inet.carp.preempt is set to '1', that both interfaces on the 
single machine should fail. However I'm not seeing this happening and 
I'm hoping this is why I'm dropping connections during fail over. If I 
fail both interfaces at the exact same time I have no problems with 
dropped connections.


Nope, just the carp interface that actually fail, not both. They are 
process independently of one an other


Also, what version of OS are you running?



Hmmm. Just wait a minute, I may have put my foot in my mouth here. From man

"Because of the preempt option, when one of the physical interfaces of 
host A fails, advskew is adjusted to 240 on all its carp interfaces. 
This will cause host B to preempt on both interfaces instead of just the 
failed one."

Re: CARP not preempt-ing correctly

[Daniel Ouellet]

Chris Cameron wrote:
When one interface fails in a carp setup, it is my understanding that if 
net.inet.carp.preempt is set to '1', that both interfaces on the single 
machine should fail. However I'm not seeing this happening and I'm 
hoping this is why I'm dropping connections during fail over. If I fail 
both interfaces at the exact same time I have no problems with dropped 
connections.


Nope, just the carp interface that actually fail, not both. They are 
process independently of one an other


Also, what version of OS are you running?

My setup is as follows, I'll mention that pfsync traffic is going over 
the local network. Also, I've tried with setting advskew to 100 one one 
firewall, as well as not setting it at all with net.inet.carp.preempt set.

Re: Tyan S2885, 3 Video Cards Trouble

[Robert Jacobs]

>Try this strategy...

>Remove all but one video card.
>Get X working on that one card, using an xorg.conf file.
>Insert a second card, keep X working on the one card (this seems to be
>an important step...and not quite as trivial as it sounds).
>Get X working on the two cards.
>Insert third card, keep X working on the two previous cards.
>Get X working on third card.
>Let brain recover from the serious frying you just gave it.

Of course done that and as I previously mentioned it works perfectly with
one or two cards but not at all with 3. I have been running openbsd with 3
monitors since 3.6 and have not come across this problem up till now.
 I found a "workaround", I tried OpenBSD i386 3.9BETA instead of AMD64
3.8RELEASE/Current and it works with 3 video cards. This is a
workaround but
not a solution to the problem and most likely indicates that something is
wrong with OpenBSD or X in that area (Im sorry it is not in my experience to
be able to explain it, perhaps someone else can read the error log and
understand the problem). I will take the performance reduction from amd64 to
i386 for now to use my 3 monitors, but I hope someone more knowledgeable
could get around to fixing the issue.

Here are the stats if anyone would like to take a shot at it
dmesg: http://rjacobs.foxrex.net/mydmesg.txt
xorg.conf generated by X -configure: http://rjacobs.foxrex.net/myxorg.txt
error file generated by X -configure and startx:
http://rjacobs.foxrex.net/myxorglog.txt


Rob

Debugging httpd

[Alexander Farber]

Hi,

how could I please compile the in-tree Apache with -ggdb added and -O2 removed?

I've tried setting EXTRA_CFLAGS=-ggdb in src/Configuration, but that file seems
not to be used. Also I've tried looking at src/Makefile.bsd-wrapper
and the .included
/usr/share/mk/bsd.{own,obj,subdir}.mk, but couldn't find the right
setting anywhere yet

Regards
Alex

Re: Routing problem?

[Melameth, Daniel D.]

Jonas Lindskog wrote:
> We are running Open BSD 3.8 as a firewall router. The router has two
> internal networks to handle; a DMZ with "real"
> ip adresses and a NAT network to which our workstations are connected.
> The problem I have is that its not possible to
> connect to the server on the DMZ (ip 38.87.5.122, netmask
> 255.255.255.252) from the outside (but from the inside).
> I guess that I somehow has to make the external interface listen to
> the same adress as the server (they are on the same net), but if I add
> an alias to the external interface it doesn't (of course) route
> packages to the DMZ. How do I make OpenBSD route packages to the
> server (and the DMZ subnet)?
> 
> Our ISP has given us a net that has the following data:
> 
> Net segment: 38.87.5.112 /28
> net address:   38.87.5.112
> gw address:   38.87.5.113
> firewall:  38.87.5.114
> free ip ip: 38.87.5.115-126
> broadcast address:38.87.5.127
> netmask:  255.255.255.240
> 
> the server has the following interfaces configured:
> ### interfaces 
> #external interface
> inet 38.87.5.114 255.255.255.240 NONE
> 
> #internal interface
> inet 192.168.97.254 255.255.255.0 NONE
> 
> # dmz
> inet 38.87.5.121 255.255.255.252 NONE

This is not an OpenBSD issue--you might want to learn about IP routing.
Either loose a bunch IPs and route the traffic properly, by putting
38.87.5.114/30 on your external interface and 38.87.5.121/29 on your DMZ
interface, or use NAT for everything.  There might be a better way to
route this without loosing any IPs, but, if so, I haven't thought about
it/done it before.

CARP not preempt-ing correctly

[Chris Cameron]

When one interface fails in a carp setup, it is my understanding that if 
net.inet.carp.preempt is set to '1', that both interfaces on the single 
machine should fail. However I'm not seeing this happening and I'm 
hoping this is why I'm dropping connections during fail over. If I fail 
both interfaces at the exact same time I have no problems with dropped 
connections.


My setup is as follows, I'll mention that pfsync traffic is going over 
the local network. Also, I've tried with setting advskew to 100 one one 
firewall, as well as not setting it at all with net.inet.carp.preempt set.



Firewall 1:

# sysctl -a | grep carp
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.carp.log=1
net.inet.carp.arpbalance=0

# ifconfig -a
 ...
gem0: 
flags=8b63 
mtu 1500

lladdr 00:03:ba:94:5f:06
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 209.82.103.244 netmask 0xfff8 broadcast 209.82.103.247
inet6 fe80::203:baff:fe94:5f06%gem0 prefixlen 64 scopeid 0x1
gem1: 
flags=8b63 
mtu 1500

lladdr 00:03:ba:94:5f:07
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.121.2 netmask 0xff00 broadcast 192.168.121.255
inet6 fe80::203:baff:fe94:5f07%gem1 prefixlen 64 scopeid 0x2
pflog0: flags=141 mtu 33192
pfsync0: flags=41 mtu 1348
pfsync: syncdev: gem1 maxupd: 128
enc0: flags=0<> mtu 1536
carp0: flags=8843 mtu 1500
carp: BACKUP carpdev gem0 vhid 1 advbase 1 advskew 100
groups: carp
inet 209.82.103.246 netmask 0xfff8 broadcast 209.82.103.247
carp1: flags=8843 mtu 1500
carp: BACKUP carpdev gem1 vhid 2 advbase 1 advskew 100
groups: carp
inet 192.168.121.1 netmask 0xff00 broadcast 192.168.121.255

# cat pf.conf | grep -v "#"

nat on gem0 from 192.168.121.0/24 to any -> 209.82.103.246

rdr pass on gem0 proto tcp from any to any port 25 -> 192.168.121.10
rdr pass on gem0 proto udp from any to any port 53 -> 192.168.121.10
rdr pass on gem0 proto tcp from any to any port 6881 -> 192.168.121.123

pass quick on gem1 proto pfsync
pass on { gem0 gem1 } proto carp keep state
pass out on gem0 keep state
pass in on gem0 keep state



Firewall 2:

# sysctl -a | grep carp
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.carp.log=1
net.inet.carp.arpbalance=0

# ifconfig -a
 ...
gem0: 
flags=8b63 
mtu 1500

lladdr 00:03:ba:94:5f:1c
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 209.82.103.245 netmask 0xfff8 broadcast 209.82.103.247
inet6 fe80::203:baff:fe94:5f1c%gem0 prefixlen 64 scopeid 0x1
gem1: 
flags=8b63 
mtu 1500

lladdr 00:03:ba:94:5f:1d
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.121.3 netmask 0xff00 broadcast 192.168.121.255
inet6 fe80::203:baff:fe94:5f1d%gem1 prefixlen 64 scopeid 0x2
pflog0: flags=141 mtu 33192
pfsync0: flags=41 mtu 1348
pfsync: syncdev: gem1 maxupd: 128
enc0: flags=0<> mtu 1536
carp0: flags=8843 mtu 1500
carp: MASTER carpdev gem0 vhid 1 advbase 1 advskew 0
groups: carp
inet 209.82.103.246 netmask 0xfff8 broadcast 209.82.103.247
carp1: flags=8843 mtu 1500
carp: MASTER carpdev gem1 vhid 2 advbase 1 advskew 0
groups: carp
inet 192.168.121.1 netmask 0xff00 broadcast 192.168.121.255

# cat pf.conf | grep -v "#"

nat on gem0 from 192.168.121.0/24 to any -> 209.82.103.246

rdr pass on gem0 proto tcp from any to any port 25 -> 192.168.121.10
rdr pass on gem0 proto udp from any to any port 53 -> 192.168.121.10
rdr pass on gem0 proto tcp from any to any port 6881 -> 192.168.121.123


pass quick on { gem1 } proto pfsync
pass on { gem0 gem1 } proto carp keep state

pass out on gem0 all keep state
pass in on gem0 all keep state



Any help on this would be appreciated.

Thanks,
Chris

Re: Routing problem?

[Jason Dixon]

On Jan 22, 2006, at 1:07 PM, Jonas Lindskog wrote:


Hello,

We are running Open BSD 3.8 as a firewall router. The router has  
two internal networks to handle; a DMZ with "real"
ip adresses and a NAT network to which our workstations are  
connected. The problem I have is that its not possible to
connect to the server on the DMZ (ip 38.87.5.122, netmask  
255.255.255.252) from the outside (but from the inside).
I guess that I somehow has to make the external interface listen to  
the same adress as the server (they are on the same net), but if I add
an alias to the external interface it doesn't (of course) route  
packages to the DMZ. How do I make OpenBSD route packages to the  
server

(and the DMZ subnet)?


http://www.openbsd.org/faq/pf/rdr.html#reflect

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Re: redirecting domain names

[Stuart Henderson]

On 2006/01/22 13:54, Nick Holland wrote:
> > You'll need to use a web proxy for this.
> 
>  Just set up a "poisoned" DNS
> resolver to mangle resolution of any domain or subdomain you don't want
> people going to, which is what you are doing in a machine-by-machine
> basis with a hosts file:

ahh, of course. That's a much better idea, I don't know what I was
thinking..!

Re: Partition sizing

[Ted Unangst]

On 1/21/06, Kevin <[EMAIL PROTECTED]> wrote:
> On 1/21/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > Lots of fsck time and an unbootable system if I understand this stuff.
>
> Actually, since fsck is all about metadata (inodes), a big, mostly-empty
> isn't going to take much longer to check than a smaller partition with
> the same number of used inodes and cylinder groups.

untrue.

Re: NIS/NFS server and MFS

[Otto Moerbeek]

On Sun, 22 Jan 2006, Jose Fragoso wrote:

> Hi,
> 
> I was given the task to setup an OpenBSD NFS server. The machine allocated 
> for the task is fairly well served with RAM memory (2G). I though of using 
> MFS for the /tmp filesystem, but I don't know:

Wrap your lines!

> 
> 1. How much space would I need in /tmp for this task. Is NFS/NIS hungry of 
> /tmp space?

No, NFS and NIS do not use /tmp at all.

> 
> 2. If I would have any significant gain in performance by doing this or leave 
> the memory allocation for the operating system.

Given the above, no performance gain will be expected.

-Otto

> 
> I thank in advance any comments, suggestions and criticisms.
> 
> Best regards,
> 
> Josi

Re: OpenBSD 3.8, fxp, device timeout

[receive . mailinglists]

Hello,

I just want to inform you that the problems are resolved with the current
OpenBSD 3.9 bootfloppy
(ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/i386/floppy39.fs). I just
added to the bootfloppy /etc/boot.conf (for console output via serial
port) and the network works without any problems ;)

Here is my current dmesg:

OpenBSD 3.9-beta (RAMDISK) #1003: Thu Jan 19 12:54:01 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK
cpu0: Intel(R) Celeron(R) CPU 2.40GHz ("GenuineIntel" 686-class) 2.40 GHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MC
A,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS, HTT,TM,SBF,CNXT-ID
real mem = 536387584 (523816K)
avail mem = 485257216 (473884K)
using 4278 buffers containing 26923008 bytes (26292K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(c0) BIOS, date 05/27/03, BIOS32 rev. 0 @ 0xfb330
apm0 at bios0: Power Management spec V1.2
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0xdf84
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde90/240 (13 entries)
pcibios0: PCI Exclusive IRQs: 5 10 11 12
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371SB ISA" rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82845 Host" rev 0x04
ppb0 at pci0 dev 1 function 0 "Intel 82845 AGP" rev 0x04
pci1 at ppb0 bus 1
ppb1 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x05
pci2 at ppb1 bus 2
fxp0 at pci2 dev 6 function 0 "Intel 8255x" rev 0x08, i82559: irq 12,
address 00:30:48:52:c9:fc
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
fxp1 at pci2 dev 7 function 0 "Intel 8255x" rev 0x08, i82559: irq 12,
address 00:30:48:52:c9:fd
inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4
vga1 at pci2 dev 8 function 0 "ATI Rage XL" rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
ichpcib0 at pci0 dev 31 function 0 "Intel 82801BA LPC" rev 0x05
pciide0 at pci0 dev 31 function 1 "Intel 82801BA IDE" rev 0x05: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 58644MB, 120103200 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 disabled (no drives)
"Intel 82801BA SMBus" rev 0x05 at pci0 dev 31 function 3 not configured
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask efe5 netmask ffe5 ttymask ffe7
rd0: fixed, 3800 blocks
dkcsum: wd0 matches BIOS drive 0x80
root on rd0a
rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02


Best regards,
Sven


> Hello,
>
> I've a server at the German hoster Strato and I try to install OpenBSD
> 3.8 on this machine. But I always get a device timeout of the Intel Nic
> (because of a wrong irq assignment?)  :(
>
> Here is the dmesg output:
>
> OpenBSD 3.8 (RAMDISK) #9: Tue Jan  17 18:24:51 CET 2006
> [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK
> cpu0: Intel(R) Celeron(R) CPU 2.40GHz ("GenuineIntel" 686-class) 2.40 GHz
> cpu0:
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,
> ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID
> real mem  = 536387584 (523816K)
> avail mem = 485179392 (473808K)
> using 4278 buffers containing 26923008 bytes (26292K) of memory
> mainbus0 (root)
> acpi0 at mainbus0: revision 0 attached
> acpitimer at acpi0 not configured
> acpi device at acpi0 from table DSDT not configured
> acpi device at acpi0 from table FACP not configured
> bios0 at mainbus0: AT/286+(c0) BIOS, date 05/27/03, BIOS32 rev. 0 @
> 0xfb330
> apm0 at bios0: Power Management spec V1.2
> apm0: flags 70102 dobusy 1 doidle 1
> pcibios0 at bios0: rev 2.1 @ 0xf/0xdf84
> pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde90/240 (13 entries)
> pcibios0: PCI Exclusive IRQs: 5 10 11 12
> pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371SB ISA" rev 0x00)
> pcibios0: PCI bus #2 is the last bus
> bios0: ROM list: 0xc/0x8000 0xc8000/0x1000
> cpu0 at mainbus0
> pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
> pchb0 at pci0 dev 0 function 0 "Intel 82845 Host" rev 0x04
> ppb0 at pci0 dev 1 function 0 "Intel 82845 AGP" rev 0x04
> pci1 at ppb0 bus 1
> ppb1 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x05
> pci2 at ppb1 bus 2
> fxp0 at pci2 dev 6 function 0 "Intel 82557" rev 0x08, i82559: irq 12,
> address 00:30:48:52:c9:fc
> inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
> fxp1 at pci2 dev 7 function 0 "Intel 82557" rev 0x08, i82559: irq 12,
> address 00:30:48:52:c9:fd
> inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4
> vg

Re: redirecting domain names

[Joakim Aronius]

Hi,

I use DNS to solve this too. Got my list from http://pgl.yoyo.org/adservers/ 
which can generate config files in a bunch if different formats. Works great.

Cheers,
/jkm

* Nick Holland ([EMAIL PROTECTED]) wrote:
> Stuart Henderson wrote:
> > On 2006/01/22 12:39, Peter Fraser wrote:
> >> Rather than going to each machine an installing
> >> this hosts file in \windows\system32\drivers\etc
> >> I would rather have my firewall block these
> >> names instead.
> >> 
> >> Please note the blocking has to be done on the name,
> >> not the ip address.
> > 
> > You'll need to use a web proxy for this.
> 
> 
> You COULD use a proxy for this (actually, it would have to be a more
> general proxy, not just web), but you can do this in simpler ways, too
> (which I would argue are at least as effective in real life than the
> more "technically perfect" proxy system).  Just set up a "poisoned" DNS
> resolver to mangle resolution of any domain or subdomain you don't want
> people going to, which is what you are doing in a machine-by-machine
> basis with a hosts file:
> 
>   http://www.holland-consulting.net/tech/imblock.html
> 
> I'm very fond of this idea of DNS mangling, both to eliminate things I
> find personally annoying, plus as an aid for managing other people's
> computers.  See the "Disadvantages" section in that article for a list
> of limitations and disclaimers.
> 
> Nick.

Routing problem?

[Jonas Lindskog]

Hello,

We are running Open BSD 3.8 as a firewall router. The router has two 
internal networks to handle; a DMZ with "real"
ip adresses and a NAT network to which our workstations are connected. 
The problem I have is that its not possible to
connect to the server on the DMZ (ip 38.87.5.122, netmask 
255.255.255.252) from the outside (but from the inside).
I guess that I somehow has to make the external interface listen to the 
same adress as the server (they are on the same net), but if I add
an alias to the external interface it doesn't (of course) route packages 
to the DMZ. How do I make OpenBSD route packages to the server

(and the DMZ subnet)?

Our ISP has given us a net that has the following data:

Net segment: 38.87.5.112 /28 
net address:   38.87.5.112

gw address:   38.87.5.113
firewall:  38.87.5.114
free ip ip: 38.87.5.115-126
broadcast address:38.87.5.127
netmask:  255.255.255.240

the server has the following interfaces configured:
### interfaces 
#external interface
inet 38.87.5.114 255.255.255.240 NONE

#internal interface
inet 192.168.97.254 255.255.255.0 NONE

# dmz
inet 38.87.5.121 255.255.255.252 NONE

Thanks in advance

Jonas

Re: Tyan S2885, 3 Video Cards Trouble

[Nick Holland]

Robert Jacobs wrote:
> Hello all,
> 
> I got a Tyan S2885 motherboard and am trying to get Xorg to work with 3 PCI
> Radeon video cards. I have always had X work with this many or more video
> cards so I'm thinking that there might be something specific to this setup
> that is screwed up. First tried current then 3.8 Release. It works perfectly
> with 2 video cards but with any combination (2 pci - 1 agp, 3 pci, etc) of 3
> video cards, X -configure crashes or gives the following error:

you provide some good information about your configuration, but it
sounds like you stuffed three video cards in place and are trying to get
that to work.  Either you know something I don't know (not out of the
question...what I thought I knew about X is being tested by the
upgrade-induced demize of fluffy, my three-headed machine), or you are
going about this all wrong...

Try this strategy...
Remove all but one video card.
Get X working on that one card, using an xorg.conf file.
Insert a second card, keep X working on the one card (this seems to be
an important step...and not quite as trivial as it sounds).
Get X working on the two cards.
Insert third card, keep X working on the two previous cards.
Get X working on third card.
Let brain recover from the serious frying you just gave it.


As indicated, I'm doing this battle myself at the moment -- my primary
machine used an X configuration no longer supported in OpenBSD (Matrox
G400 dual-head card, which required a Matrox-provided binary HAL file,
which no longer works in -current...I'm amazed I got away with using a
Linux XFree86 file as long as I did!), plus the machine failed while
working on it (again, not a surprise, it has had "issues" since I got it
from a friend's scrap pile), so it is getting a well-deserved upgrade.
But so far, I'm stuck at two monitors.  (and where did I leave that pile
of good Matrox PCI cards?? :)

Nick.

Re: redirecting domain names

[Nick Holland]

Stuart Henderson wrote:
> On 2006/01/22 12:39, Peter Fraser wrote:
>> Rather than going to each machine an installing
>> this hosts file in \windows\system32\drivers\etc
>> I would rather have my firewall block these
>> names instead.
>> 
>> Please note the blocking has to be done on the name,
>> not the ip address.
> 
> You'll need to use a web proxy for this.


You COULD use a proxy for this (actually, it would have to be a more
general proxy, not just web), but you can do this in simpler ways, too
(which I would argue are at least as effective in real life than the
more "technically perfect" proxy system).  Just set up a "poisoned" DNS
resolver to mangle resolution of any domain or subdomain you don't want
people going to, which is what you are doing in a machine-by-machine
basis with a hosts file:

  http://www.holland-consulting.net/tech/imblock.html

I'm very fond of this idea of DNS mangling, both to eliminate things I
find personally annoying, plus as an aid for managing other people's
computers.  See the "Disadvantages" section in that article for a list
of limitations and disclaimers.

Nick.

Re: redirecting domain names

[Stuart Henderson]

On 2006/01/22 12:39, Peter Fraser wrote:
> Rather than going to each machine an installing
> this hosts file in \windows\system32\drivers\etc
> I would rather have my firewall block these
> names instead.
> 
> Please note the blocking has to be done on the name,
> not the ip address.

You'll need to use a web proxy for this.

Re: pkg_add package very slow

[scorch]

On Sat, Jan 21, 2006 at 02:32:27PM +0100, Adam PAPAI wrote:

Hi

I've got a problem with pkg_add. I usually install 1-2 OpenBSD system a 
week. Some of them has got problem with pkg_add.


For example pkg_add -vv screen-4.0.2.tgz takes 10 minutes.

And it's abnormal. What can I do to speed up this slowliness? I guess 
probably must be wrong with the perl.


i am pretty sure you are right -- it's probably perl, everybody knows that 
stuff is bad. and don't forget all that low-quality coding that goes into 
openbsd. yes, now i think about it, its probably some poor french developer 
so low on caffeine he can't even think through those last cvs commits properly.


or _perhaps_ its something else, more probable, like your PKG_PATH is 
pointing where you expect it, and the delay is due to needing to snarf the 
pkg down from the 'net somewhere, as it can't find the bits locally.


where does pkg_add go to get your bits? i.e. what's in your PKG_PATH?  a 
local repository? scp? ftp? http? are they being pulled off a remote 
filesystem, nfs 


are the all the dependencies you need for screenXYZ in /usr/ports/packages/* 
? or any other repositories in PKG_PATH ?


try starting your pkg_add XYZ and then run a netstat. anything doing ftp 
while you're not looking?


have the dependencies for XYZ changed since you last downloaded them? do you 
get the same doggy speed when 'the bits' and all its dependencies are in 
/tmp/ ?e.g. PKG_PATH=/tmp; pkg_add -v /tmp/screen-4.0.2.tgz - slow/fast/borks?


are you running 3.8, stable,  ?

if you're convinced its the perl, try adding some debug statements in 
/usr/libdata/perl5/OpenBSD/* and then you'll be able to find the bug & 
submit a patch.


cheers, scorch
--
out of the frying pan and into the fire

redirecting domain names

[Peter Fraser]

On my windows machines, I use the hosts file
from "http://www.mvps.org/winhelp2002/hosts.htm";
which removes a lot of junk from the internet.

Rather than going to each machine an installing
this hosts file in \windows\system32\drivers\etc
I would rather have my firewall block these
names instead.

Please note the blocking has to be done on the name,
not the ip address. The ip address could easily
be at some hosting site, and also be used for some
entirely valid web site.

Does any one know how to implement this?

Re: Hardware+OpenBSD wiki

[Srebrenko Sehic]

There is OpenBSD Server Hardware Compatibility List (OSCL). But that
only covers stock hardware from major vendors. But it's constantly
being updated.

http://www.armorlogic.com/openbsd_information_server_compatibility_list.html

Contribute if you have something.

On 1/22/06, Darrin Chandler <[EMAIL PROTECTED]> wrote:
> Travers Buda wrote:
>
> >In light of all the recent activity on misc about "will OpenBSD run on
> >X?" perhaps someone would like to host a wiki for strange/new hardware?
> >
> >Travers
> >
> >
>
> Are you volunteering?
>
> It wasn't long ago that the "OpenBSD Metastore" got going, amid some
> controversy. I haven't heard anything about it lately. Last I looked,
> there were a handful of useful things there that you could look at, and
> links to online sources to buy them. As long as you weren't from Taiwan,
> that is. Anyway, I think it's not as easy task. And also it's not
> something that you do once and move on. It would be an ongoing,
> substantial commitment for someone. Personally, I wish there were such a
> resource, but I can understand why there isn't.
>
> --
> Darrin Chandler|  Phoenix BSD Users Group
> [EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
> http://www.stilyagin.com/  |

NIS/NFS server and MFS

[Jose Fragoso]

Hi,

I was given the task to setup an OpenBSD NFS server. The machine allocated for 
the task is fairly well served with RAM memory (2G). I though of using MFS for 
the /tmp filesystem, but I don't know:

1. How much space would I need in /tmp for this task. Is NFS/NIS hungry of /tmp 
space?

2. If I would have any significant gain in performance by doing this or leave 
the memory allocation for the operating system.

I thank in advance any comments, suggestions and criticisms.

Best regards,

Josi


-- 
___
Play 100s of games for FREE! http://games.mail.com/

Re: ASUS A7V8X-X anyone?

[Joakim Roubert]

On 22/01/06 11:41, Matthias Kilian wrote:

> Yes, dmesg below.

On 22/01/06 13:15, Andy Hayward wrote:

> Works perfectly, as long as you either tweak the pcibios(4) flags, or
> disable the audio device in the BIOS.

Thanks a lot!!
I have bought that computer now, and the guy who sold it actually had an
OpenBSD on it! Super!!

Best regards,

/Joakim
-- 
 http://www.df.lth.se/~jokke/

Re: Hardware+OpenBSD wiki

[Darrin Chandler]

Travers Buda wrote:

In light of all the recent activity on misc about "will OpenBSD run on 
X?" perhaps someone would like to host a wiki for strange/new hardware? 

Travers 
 



Are you volunteering?

It wasn't long ago that the "OpenBSD Metastore" got going, amid some 
controversy. I haven't heard anything about it lately. Last I looked, 
there were a handful of useful things there that you could look at, and 
links to online sources to buy them. As long as you weren't from Taiwan, 
that is. Anyway, I think it's not as easy task. And also it's not 
something that you do once and move on. It would be an ongoing, 
substantial commitment for someone. Personally, I wish there were such a 
resource, but I can understand why there isn't.


--
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |

Re: Partition advice

[M...]

--- "Peter N. M. Hansteen" <[EMAIL PROTECTED]> wrote:


> On a system within reach here with full source and a
> ports tree, the
> partition which houses /, /tmp and /usr has about
> 3.8 used, with /usr
> consuming roughly 3.4 gigabytes. Skip X and system
> sources, you'll go a
> lot lighter.
> 
> -- 
> Peter N. M. Hansteen, member of the first RFC 1149


I'm not using x-windows or games.  I'll be using the
commandline/shell

Thanks everyone for the info.
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Hardware+OpenBSD wiki

[Travers Buda]

In light of all the recent activity on misc about "will OpenBSD run on 
X?" perhaps someone would like to host a wiki for strange/new hardware? 

Travers 

Re: running snapshot (obsd 3.9-beta), not able to compile GENERIC kernel

[Didier Wiroth]

On Sun, Jan 22, 2006 at 12:01:18PM +, Didier Wiroth wrote:
/usr/src/sys/arch/i386/compile/GENERIC/../../../../dev/pci/trm_pci.c
> /usr/src/sys/dev/pci/trm_pci.c:67: warning: excess elements in struct 
> initializer
> /usr/src/sys/dev/pci/trm_pci.c:67: warning: (near initialization for 
> `trm_pci_ca')
> *** Error code 1
> 
> Stop in /usr/src/sys/arch/i386/compile/GENERIC (line 2595 of Makefile).

>The tree was very briefly broken, do a cvs update and this should be fixed.

Thx a lot, fixed now!
Regards
Didier

--
Ministry of Higher Education
CEDIES
rte d'Esch, 211
L-1471 Luxembourg
Tel: (+352) 478-8669
Fax: (+352) 455656

Pgp key:
http://www.cedies.public.lu/pgp-keys/
--

Re: Downloads limiting with PF

[Marco Peereboom]

http://www.openbsd.org/faq/pf/queueing.html
http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html

That should get you started.

On Sat, Jan 21, 2006 at 11:27:50PM +0200, Maxim Vetsalo wrote:
> Hi
> 
> Sorry for my english first :-( I try to explain my problem as clean as I can.
> I have internet connection with very low bandwidth and many users. Bandwidth 
> is enough if users don't download large files, but if only one of them start 
> to download, others must wait long time for any webpage (and it's 
> understandable :-)). I tried to limit size of downloadable object with Sqiud, 
> but users start to complain. Ideal solution for me in such situation seems 
> follow: when user start download it got full bandwidth untill some (fixed) 
> limit in bytes reached, after that without breaking download connection got 
> restricted bandwitdh.
> The question is - can I achive this with PF+ALTQ on my OpenBSD 3.7-stable 
> router?
> 
> Maxim.

Re: C programm for led blink on lpt

[Paul de Weerd]

On Sun, Jan 22, 2006 at 03:14:50AM +0100, Bc. Radek Krejca wrote:
| Hello,
|
|   I very bad in C language and I have following program written for
|   Linux. I need to change this source for working on bsd could you
|   help me? This programm shlould control LED on lpt port.
|
| file pokus.c
| 
| #include 
| #include 
| #include 
| #include 
| #define base 0x378 /* adresa paralelneho portu*/
| main(int argc, char **argv)
| {
| int value;
| if (argc!=2)
| fprintf(stderr, "Bad number of arguments.\n"), exit(1);
| if (sscanf(argv[1],"%i",&value)!=1)
| fprintf(stderr, "Argument isnt a number.\n"), exit(1);
| if ((value<0) || (value>255))
| fprintf(stderr, "Bad range\n"),
| exit(1);
| if (ioperm(base,1,1))
| fprintf(stderr, "Port doesnt exists on address %x\n", base),
| exit(1);
| outb((unsigned char)value, base);
| }
| -
|
|
| I switched #include  to #include  , but
| complilation with command # gcc -O pokus.c -o pokus
| fails.
|
| # gcc -O pokus.c -o pokus
| pokus.c: In function `main':
| pokus.c:18: warning: comparison is always true due to limited range of data
type
| pokus.c:18: warning: large integer implicitly truncated to unsigned type
| pokus.c:18: warning: large integer implicitly truncated to unsigned type
| /tmp//ccTe4507.o(.text+0x81): In function `main':
| : undefined reference to `ioperm'
| collect2: ld returned 1 exit status

First of all, this is not the complete source code to your program. Or
at least, not to the source that gave you the above errormessage.
There is no comparison on line 18 of the code you included. You may
want to check in to the warnings gcc gives you concerning line 18.

The errormessage says it all, "undefined reference to `ioperm'". This
is a linux function, on OpenBSD I suggest you take a look at
i386_get_ioperm(2) and the manual pages it references.

Always be very carefull writing such programs as you can completely
crash your machine doing your own IO, including losing all your data.
Also remember that you need elevated privileges to run such code.

Good luck.

Paul 'WEiRD' de Weerd

--
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
 http://www.weirdnet.nl/

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: running snapshot (obsd 3.9-beta), not able to compile GENERIC kernel

[Jonathan Gray]

On Sun, Jan 22, 2006 at 12:01:18PM +, Didier Wiroth wrote:
> Hi, 
> I've installed (on a newly formated disk) openbsd 3.9-beta (snapshot from 
> 19.1) on my laptop  
> I've added a few packages from the snapshot/packages/i386 (kdebase etc...) 
> Then I've fetched the latest sources: 
> cvs -q -d [EMAIL PROTECTED]:/cvs get -P src 
>  
> I tried to build a kernel like usual: 
> config GENERIC, make clean depend and make etc... 
> It failed after some time with "the same error", see below. 
>  
> I downloaded and redownloaded a few times my sources because I thought it 
> might 
> be an unclean source tree but I had no luck so far. 
>  
> I would like to understand what's wrong, did I do a mistake ...? 
>  
> Thank you very much for helping. 
>  
> Here is the error output: 
>  
> cc  -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes  
> -Wno-uninitialized -Wno-format -Wno-main  
> -fno-builtin-printf -fno-builtin-log -O2 -pipe -nostdinc -I. 
> -I/usr/src/sys/arch/i386/compile/GENERIC/../../../../arch 
> -I/usr/src/sys/arch/i386/compile/GENERIC/../../../.. -DDDB -DDIAGNOSTIC 
> -DKTRACE -DACCOUNTING 
> -DKMEMSTATS -DPTRACE -DCRYPTO -DSYSVMSG -DSYSVSEM -DSYSVSHM 
> -DUVM_SWAP_ENCRYPT 
> -DCOMPAT_35 -DCOMPAT_43 -DLKM -DFFS -DFFS_SOFTUPDATES -DUFS_DIRHASH -DQUOTA 
> -DEXT2FS -DMFS -DXFS -DTCP_SACK -DTCP_ECN -DTCP_SIGNATURE -DNFSCLIENT 
> -DNFSSERVER 
> -DCD9660 -DUDF -DMSDOSFS -DFIFO -DPORTAL -DINET -DALTQ -DINET6 -DIPSEC 
> -DPPP_BSDCOMP 
> -DPPP_DEFLATE -DMROUTING -DBOOT_CONFIG -DI386_CPU -DI486_CPU -DI586_CPU 
> -DI686_CPU 
> -DUSER_PCICONF -DUSER_LDT -DAPERTURE -DCOMPAT_SVR4 -DCOMPAT_IBCS2 
> -DCOMPAT_LINUX 
> -DCOMPAT_FREEBSD -DCOMPAT_BSDOS -DCOMPAT_AOUT -DPROCFS -DACPIVERBOSE 
> -DPCIVERBOSE -DEISAVERBOSE -DUSBVERBOSE -DWSDISPLAY_COMPAT_USL 
> -DWSDISPLAY_COMPAT_RAWKBD -DWSDISPLAY_DEFAULTSCREENS="6" 
> -DWSDISPLAY_COMPAT_PCVT 
> -DPCIAGP -D_KERNEL -Di386  -c 
> /usr/src/sys/arch/i386/compile/GENERIC/../../../../dev/pci/trm_pci.c 
> /usr/src/sys/dev/pci/trm_pci.c:67: warning: excess elements in struct 
> initializer 
> /usr/src/sys/dev/pci/trm_pci.c:67: warning: (near initialization for 
> `trm_pci_ca') 
> *** Error code 1 
>  
> Stop in /usr/src/sys/arch/i386/compile/GENERIC (line 2595 of Makefile). 

The tree was very briefly broken, do a cvs update and this should be fixed.

Re: running snapshot (obsd 3.9-beta), not able to compile GENERIC kernel

[Lukasz Sztachanski]

On Sun, Jan 22, 2006 at 12:01:18PM +, Didier Wiroth wrote:
> /usr/src/sys/dev/pci/trm_pci.c:67: warning: excess elements in struct 
> initializer 
> /usr/src/sys/dev/pci/trm_pci.c:67: warning: (near initialization for 
> `trm_pci_ca') 
> *** Error code 1 
>  
> Stop in /usr/src/sys/arch/i386/compile/GENERIC (line 2595 of Makefile). 
> 
i had same error yesterday; today, i've synced -current, and everything
is all right.



- Lukasz Sztachanski


-- 
0x058B7133 // 16AB 4EBC 29DA D92D 8DBE  BC01 FC91 9EF7 058B 7133
http://szati.blogspot.com
http://szati.entropy.pl

trouble setting the network, couldn't recogn. network card on install

[kamen]

Hi



I downloaded CD-image for installing OpenBSD 3.8 from one of the mirrors, 
listed in openbsd.org . When I started installing obsd, just after I choose 
"Yes" to start configuring the network it shows me only the line: "No more 
network interfaces found" (without any network interfaces listed  ). After I 
finished installing obsd, I tried to power up the network, following the 
instructions in man ifconfig, but without success. In openbsd.org I saw that my 
lan card (ethernet adapter) is supported. My ethernet adapter is integrated in 
the nvidia nforce2 mainboard, in openbsd.org/i386.html I found that:



NVidia nForce2 integrated 3Com 9201 (nForce2-ST, nForce2-GT)



which is the same, sure.



I attach dmesg.txt 



Is this a real "bug" in your product??? Simultaneously with these troubles, I 
use network with Arabian Linux and Windows XP on the same PC without any 
problems.





Hope that the problem can be passed, but if it wouldn't, I hope a lot that I 
won't have troubles with the 3.9 version :)





Please if you solve the problem, re-email me.
OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Sempron(tm) 2400+ ("AuthenticAMD" 686-class, 256KB L2 cache) 1.67 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
cpu0: AMD Powernow: FID
real mem  = 536387584 (523816K)
avail mem = 482533376 (471224K)
using 4278 buffers containing 26923008 bytes (26292K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(e2) BIOS, date 09/24/04, BIOS32 rev. 0 @ 0xfb4a0
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0xdf84
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde60/288 (16 entries)
pcibios0: PCI Exclusive IRQs: 3 5 11
pcibios0: no compatible PCI ICU found
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0xfc00 0xd/0x4000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Nvidia nForce2 PCI" rev 0xa2
"Nvidia nForce2" rev 0xa2 at pci0 dev 0 function 1 not configured
"Nvidia nForce2" rev 0xa2 at pci0 dev 0 function 2 not configured
"Nvidia nForce2" rev 0xa2 at pci0 dev 0 function 3 not configured
"Nvidia nForce2" rev 0xa2 at pci0 dev 0 function 4 not configured
"Nvidia nForce2" rev 0xa2 at pci0 dev 0 function 5 not configured
pcib0 at pci0 dev 1 function 0 "Nvidia nForce2 ISA" rev 0xa4
"Nvidia nForce2 SMBus" rev 0xa2 at pci0 dev 1 function 1 not configured
ohci0 at pci0 dev 2 function 0 "Nvidia nForce2 USB" rev 0xa4: irq 5, version 
1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: Nvidia OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 3 ports with 3 removable, self powered
ohci1 at pci0 dev 2 function 1 "Nvidia nForce2 USB" rev 0xa4: irq 11, version 
1.0, legacy support
usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: Nvidia OHCI root hub, rev 1.00/1.00, addr 1
uhub1: 3 ports with 3 removable, self powered
ehci0 at pci0 dev 2 function 2 "Nvidia nForce2 USB" rev 0xa4: irq 3
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: Nvidia EHCI root hub, rev 2.00/1.00, addr 1
uhub2: 6 ports with 6 removable, self powered
"Nvidia nForce2 LAN" rev 0xa1 at pci0 dev 4 function 0 not configured
auich0 at pci0 dev 6 function 0 "Nvidia nForce2 AC97" rev 0xa1: irq 5, nForce2 
AC97
ac97: codec id 0x414c4760 (Avance Logic ALC655)
audio0 at auich0
ppb0 at pci0 dev 8 function 0 "Nvidia nForce2 PCI-PCI" rev 0xa3
pci1 at ppb0 bus 1
pciide0 at pci1 dev 11 function 0 "VIA VT8237 SATA" rev 0x50: DMA
pciide0: using irq 11 for native-PCI interrupt
vendor "VIA", unknown product 0x4149 (class mass storage subclass RAID, rev 
0x80) at pci1 dev 11 function 1 not configured
pciide1 at pci0 dev 9 function 0 "Nvidia nForce2 IDE" rev 0xa2: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
wd0 at pciide1 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 78533MB, 160836480 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 6
atapiscsi0 at pciide1 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom 
removable
cd0(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 2
ppb1 at pci0 dev 30 function 0 "Nvidia nForce2 AGP" rev 0xa2
pci2 at ppb1 bus 2
vga1 at pci2 dev 0 function 0 "Nvidia GeForce FX 5600" rev 0xa1
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
lm0 at isa0 port 0x290

Re: Partition sizing

[Joachim Schipper]

On Sat, Jan 21, 2006 at 02:15:37PM -0600, J Moore wrote:
> On Sat, Jan 21, 2006 at 05:42:08PM +0800, the unit calling itself Lars 
> Hansson wrote:
> > On Sat, 21 Jan 2006 03:30:34 -0600
> 
> > > Get a bigger H/D... 40 GB is about the smallest you can buy today; 4 GB 
> > > drives have not been made in years.
> > 
> > Why? 4Gb is more than enough for trying out OpenBSD.
> 
> Why? What's the point of learning how to do anything on marginal, 
> nearly-antique hardware? What is lost by using a reasonably sized, 
> current piece of hardware? He asked for advice & I think that's the 
> best course of action.

Marginal, nearly-antique hardware tends to constrain one from doing
things too inefficiently, which is a good thing.

However, 4 GB is usually sufficient. Unless you are compiling KDE from
source, storing your entire music collection, storing a couple of
videos, or storing years' worth of very inefficient documents [1], or
doing something similar, 4 GB is likely to be sufficient.

That said, most of my machines have more disk, and it certainly makes
life easier. That does not mean it is necessary, though.

Joachim

[1] One of my servers stores such for eight to ten years, with an
average of, say, four to five people working on it; the whole thing
comes out to 12 GB, with a lot of duplicate files and no coordinated
effort to clean out the old cruft; all this in Word documents - when
using plain text files, or something like LaTeX, it is almost
impossible.

Re: ASUS A7V8X-X anyone?

[Andy Hayward]

On 1/22/06, Joakim Roubert <[EMAIL PROTECTED]> wrote:
> Searching archives for ASUS A7V8X-X, I have found some bug reports from
> 2003-2004, but then nothing. Is anybody using that motherboard with e.g.
> 3.8, and if so, is it working/stable?

Works perfectly, as long as you either tweak the pcibios(4) flags, or
disable the audio device in the BIOS.

-- ach

running snapshot (obsd 3.9-beta), not able to compile GENERIC kernel

[Didier Wiroth]

Hi, 
I've installed (on a newly formated disk) openbsd 3.9-beta (snapshot from 19.1) 
on my laptop  
I've added a few packages from the snapshot/packages/i386 (kdebase etc...) 
Then I've fetched the latest sources: 
cvs -q -d [EMAIL PROTECTED]:/cvs get -P src 
 
I tried to build a kernel like usual: 
config GENERIC, make clean depend and make etc... 
It failed after some time with "the same error", see below. 
 
I downloaded and redownloaded a few times my sources because I thought it might 
be an unclean source tree but I had no luck so far. 
 
I would like to understand what's wrong, did I do a mistake ...? 
 
Thank you very much for helping. 
 
Here is the error output: 
 
cc  -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes  -Wno-uninitialized 
-Wno-format -Wno-main  
-fno-builtin-printf -fno-builtin-log -O2 -pipe -nostdinc -I. 
-I/usr/src/sys/arch/i386/compile/GENERIC/../../../../arch 
-I/usr/src/sys/arch/i386/compile/GENERIC/../../../.. -DDDB -DDIAGNOSTIC 
-DKTRACE -DACCOUNTING 
-DKMEMSTATS -DPTRACE -DCRYPTO -DSYSVMSG -DSYSVSEM -DSYSVSHM -DUVM_SWAP_ENCRYPT 
-DCOMPAT_35 -DCOMPAT_43 -DLKM -DFFS -DFFS_SOFTUPDATES -DUFS_DIRHASH -DQUOTA 
-DEXT2FS -DMFS -DXFS -DTCP_SACK -DTCP_ECN -DTCP_SIGNATURE -DNFSCLIENT 
-DNFSSERVER 
-DCD9660 -DUDF -DMSDOSFS -DFIFO -DPORTAL -DINET -DALTQ -DINET6 -DIPSEC 
-DPPP_BSDCOMP 
-DPPP_DEFLATE -DMROUTING -DBOOT_CONFIG -DI386_CPU -DI486_CPU -DI586_CPU 
-DI686_CPU 
-DUSER_PCICONF -DUSER_LDT -DAPERTURE -DCOMPAT_SVR4 -DCOMPAT_IBCS2 
-DCOMPAT_LINUX 
-DCOMPAT_FREEBSD -DCOMPAT_BSDOS -DCOMPAT_AOUT -DPROCFS -DACPIVERBOSE 
-DPCIVERBOSE -DEISAVERBOSE -DUSBVERBOSE -DWSDISPLAY_COMPAT_USL 
-DWSDISPLAY_COMPAT_RAWKBD -DWSDISPLAY_DEFAULTSCREENS="6" 
-DWSDISPLAY_COMPAT_PCVT 
-DPCIAGP -D_KERNEL -Di386  -c 
/usr/src/sys/arch/i386/compile/GENERIC/../../../../dev/pci/trm_pci.c 
/usr/src/sys/dev/pci/trm_pci.c:67: warning: excess elements in struct 
initializer 
/usr/src/sys/dev/pci/trm_pci.c:67: warning: (near initialization for 
`trm_pci_ca') 
*** Error code 1 
 
Stop in /usr/src/sys/arch/i386/compile/GENERIC (line 2595 of Makefile). 

--
Ministry of Higher Education
CEDIES
rte d'Esch, 211
L-1471 Luxembourg
Tel: (+352) 478-8669
Fax: (+352) 455656

Pgp key:
http://www.cedies.public.lu/pgp-keys/
--

Re: Partition advice

[Peter N. M. Hansteen]

"M..." <[EMAIL PROTECTED]> writes:

> I want to run a mailsever (20 users),
> (spamassasin/clamav) mailing list server (20 lists),
> ftp and web servers, (maybe 100MB or so of data)
> adding them in and seeing how it handles the load.
>
> I was thinking of doing
>
> / = 500MB
> /tmp - 100MB
> /usr - 1GB
> /var - 1GB
> /home - 1.4GB

Seeing that you are putting /var, /usr/ and /tmp, on separate
partitions, you should be able to shrink the / considerably, see
ftp://ftp.openbsd.org/pub/OpenBSD/3.8/SIZES.  The values in SIZES
however do not seem to take into account such things as a ports tree or
system and X source code, both of which go into /usr somewhere.

On a system within reach here with full source and a ports tree, the
partition which houses /, /tmp and /usr has about 3.8 used, with /usr
consuming roughly 3.4 gigabytes. Skip X and system sources, you'll go a
lot lighter.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"

Re: ASUS A7V8X-X anyone?

[Matthias Kilian]

On Sun, Jan 22, 2006 at 09:40:32AM +0100, Joakim Roubert wrote:
> Searching archives for ASUS A7V8X-X, I have found some bug reports from
> 2003-2004, but then nothing. Is anybody using that motherboard with e.g.
> 3.8,

Yes.

and if so, is it working/stable?

Yes, dmesg below.

I only have to config(4) pcibios(4) flags to 0x04, because without
this the system freezes when configuring the audio controller.

Ciao,
Kili

OpenBSD 3.9-beta (GENERIC) #148: Sat Jan 21 19:48:03 CET 2006
[EMAIL PROTECTED]:/var/compile/GENERIC
cpu0: AMD Athlon(TM) XP 2400+ ("AuthenticAMD" 686-class, 256KB L2 cache) 1.99 
GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
cpu0: AMD Powernow: TS
real mem  = 1073307648 (1048152K)
avail mem = 972668928 (949872K)
using 4278 buffers containing 53768192 bytes (52508K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(bf) BIOS, date 04/21/04, BIOS32 rev. 0 @ 0xf1aa0
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x2162
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xd000 0xd/0x6000! 0xd8000/0x1800 0xdc000/0x8000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA VT8377 PCI" rev 0x00
ppb0 at pci0 dev 1 function 0 "VIA VT8235 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Radeon 9200 SE Sec" rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"ATI Radeon 9200 SE" rev 0x01 at pci1 dev 0 function 1 not configured
bce0 at pci0 dev 9 function 0 "Broadcom BCM4401" rev 0x01: irq 6, address 
00:e0:18:9a:2a:7d
bmtphy0 at bce0 phy 1: BCM4401 10/100baseTX PHY, rev. 0
trm0 at pci0 dev 13 function 0 "Tekram DC-3x5U" rev 0x01: irq 9
scsibus0 at trm0: 8 targets
trm0: target 0 using 8 bit 20.83 MHz, Offset 8 data transfers 
cd0 at scsibus0 targ 0 lun 0:  SCSI2 5/cdrom 
removable
trm0: target 2 using 8 bit 10.0 MHz, Offset 15 data transfers 
cd1 at scsibus0 targ 2 lun 0:  SCSI2 5/cdrom removable
trm1 at pci0 dev 14 function 0 "Tekram DC-3x5U" rev 0x01: irq 5
scsibus1 at trm1: 16 targets
trm1: target 1 using 16 bit 20.83 MHz, Offset 15 data transfers 
st0 at scsibus1 targ 1 lun 0:  SCSI2 1/sequential removable
st0: drive empty or not ready
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x80: irq 5
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x80: irq 5
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x80: irq 5
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 16 function 3 "VIA VT6202 USB" rev 0x82: irq 5
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: VIA EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
viapm0 at pci0 dev 17 function 0 "VIA VT8235 ISA" rev 0x00
iic0 at viapm0
asbtm0 at iic0 addr 0x2d
lm1 at iic0 addr 0x2f: W83791D
pciide0 at pci0 dev 17 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, channel 
0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 78167MB, 160086528 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6
pciide0: channel 1 disabled (no drives)
auvia0 at pci0 dev 17 function 5 "VIA VT8233 AC97" rev 0x50: irq 6
ac97: codec id 0x414c4720 (Avance Logic ALC650)
ac97: codec features 20 bit DAC, 18 bit ADC, Realtek 3D
audio0 at auvia0
isa0 at mainbus0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
biomask ff25 netmask ff65 ttymask ffe7
pctr: user-level cycle counter enabled
mtrr: Pentium Pro MTRR support
umass0 at uhub3 port 3 configuration 1 interface 0
umass0: Genesyslogic USB Mass Storage Device, rev 2.00/0.33, addr 2
umass0: using SCSI over Bulk-Only
scsibus2 at umass0: 2 targets
sd0 at scsibus2 targ 1 lun 0:  SCSI0 0/direct fixed
sd0: 152627MB, 152627 cyl, 64 head, 32 sec, 512 bytes/sec, 312581808 sec total
umass1 at uhub3 port 4 configuration 1 interface 0
umass1: Iomega Optical USB 2.0 Drive, rev 2.00/0.01, addr 3
umass1: using SCSI over Bulk-Only
scsibus3 at umass1: 2 targets
cd2 at scsibus3 targ 1 lun 0:  SCSI0 5/cdrom 
removable
uhub4 at uhub0 port 

Re: openbsd on irix

[Lars Weste]

Hi, 
>  
> You take it out of context. 
>  
> "OpenBSD/sgi is a fully featured 64 bit port and will thus only run on 
> systems based on 64 bit processors, i.e. R4000 and up." 
>  
> Currently only O2s are supported which start at r5k.  The port could 
> be enhanced to support older machines based around r4k processors but 
> this has not yet been done. 
>  
 
thanks for making this clear to me. 
 
lars 

-- 
Lust, ein paar Euro nebenbei zu verdienen? Ohne Kosten, ohne Risiko!
Satte Provisionen f|r GMX Partner: http://www.gmx.net/de/go/partner

Seja feliz ! 22/1/2006

[Mour]

SEJA FELIZ, AGORA!

A felicidade i um trajeto, nco um destino.

Trabalhe,

como se vocj precisasse de dinheiro...

Ame,

como se vocj nunca tivesse sido magoado.

E dance,

como se ninguim estivesse vendo vocj! 

I que ha coisas que nco podem esperar ...

SER FELIZ I UMA DELAS! VISITE: www.jpmourao.cim.br
Vote na ENQUETE, leia as NOTMCIAS
*
Inspire-se na Natureza e seja um vencedor.
Sincera e fraternalmente,  jpMourco



OBSERVAGCO: Caso NCO  deseje mais receber minhas mensagens, CLIQUE AQUI
ou envie, por favor, um e-mail para [EMAIL PROTECTED], com o assunto:
REMOVER.< /FONT>< /DIV>

Re: openbsd on irix

[Jonathan Gray]

On Sun, Jan 22, 2006 at 09:43:56AM +0100, Lars Weste wrote:
> hi, 
>  
> reading http://www.openbsd.org/sgi.html, confuses a bit. at the top it is 
> stated that the port will run at r4000 and up. at the bottom, in 
> supported hardware, the r5000 is the smallest supported processor. Which 
> statement is right? 

You take it out of context.

"OpenBSD/sgi is a fully featured 64 bit port and will thus only run on systems 
based on 64 bit processors, i.e. R4000 and up."

Currently only O2s are supported which start at r5k.  The port could
be enhanced to support older machines based around r4k processors but
this has not yet been done.

openbsd on irix

[Lars Weste]

hi, 
 
reading http://www.openbsd.org/sgi.html, confuses a bit. at the top it is 
stated that the port will run at r4000 and up. at the bottom, in 
supported hardware, the r5000 is the smallest supported processor. Which 
statement is right? 
 
lars 

-- 
Telefonieren Sie schon oder sparen Sie noch?
NEU: GMX Phone_Flat http://www.gmx.net/de/go/telefonie

ASUS A7V8X-X anyone?

[Joakim Roubert]

Hi!

Searching archives for ASUS A7V8X-X, I have found some bug reports from
2003-2004, but then nothing. Is anybody using that motherboard with e.g.
3.8, and if so, is it working/stable?

Best regards,

/Joakim
-- 
 http://www.df.lth.se/~jokke/