Re: Openbsd 3.7's Gnu Assembler (as) file tagging behaviour?

[edgar mortiz]

we're you able to get some kind of work-around for this?

On 7/14/05, Henning Brauer [EMAIL PROTECTED] wrote:
 yes, the missing tagging is the issue.
 
 * edgar mortiz [EMAIL PROTECTED] [2005-07-14 20:22]:
  i found another how do i write hello world in BSD and i tried it out
  here's the code
 
  .data
 
  msg:.asciz Hello, world.\n
  len = . - msg - 1
 
  .text
  .global _start
 
  _start:.
  pushl   $len
  pushl   $msg
  pushl   $1
  movl$4, %eax
  calldo_syscall
  addl$12, %esp
 
  pushl   $0
  movl$1, %eax
  calldo_syscall
 
  do_syscall:
   int $0x80
   ret
 
  i compiled it on a FreeBSD machine and the other one on my OpenBSD box
 
  ** FreeBSD box
 
  $as -o hello.o hello.s
  $ld -o hello hello.o
  $./hello
  Hello, world.
 
  $file hello
  hello: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD),
  statically linked, not stripped
 
  ** OpenBSD box
 
  $as -o hello.o hello.s
  $ld -o hello hello.o
  $./hello
  sh: ./hello: Operation not permitted
 
  $file hello
  hello: ELF 32-bit LSB executable, Intel 80386, version 1, statically
  linked, not stripped
 
  i noticed that the Gnu (AS) that FreeBSD uses will automatically
  tagged the file FreeBSD where as the Gnu (AS) that OpenBSD doesn't.
  is there a patch that can resolve this or a tweak of some sort .. I
  really want it to work on OpenBSD and not on the other BSD .. i picked
  OpenBSD coz it basically has all the docs I'll ever need together with
  the OS
 
 
  Regards,
  Edgar
 
 
 --
 BS Web Services, http://www.bsws.de/
 OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
 Unix is very simple, but it takes a genius to understand the simplicity.
 (Dennis Ritchie)

static route files

[Reza Muhammad]

dear All,

In which file should i put my static route entry ?

regards
reza




Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 

Installing on discless (no removable media) machine from Linux

[Jason Burrell]

Here's a new one. Okay, well, it probably isn't.

I have an old Pentium 133 that I want to use as an internal server to
serve files on encrypted filesystems, act as a database server, and
securely store mail. The idea is that if the machine reboots, I have to
ssh into it, enter a passphrase  for the filesystems, and unlock them.
Currently, I'm doing this with Gentoo Linux on that machine, using the
cryptsetup/loopback device extensions.

1) This machine has no removable drives. It has four HDDs, no CD, and no
floppy. Is there a way I can install OpenBSD on one of the free
partitions without removable media?

2) Linux supports encrypted filesystems quasinatively. What I'm doing
right now is creating a file of a specific size on the main filesystem,
pointing a loopback device to it, then using cryptsetup to do the
cryptographic transform. Then I mount the thing. Does OpenBSD support
this kind of thing well? I don't care about compatibility with the
existing filesystem, since right now everything is off of it anyway
while I revamp it. I looked into this a long time ago, and all I found
was the horror known as CFS and its derivatives.

Thanks.

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: static route files

[Mike Belopuhov]

On Thu, Jul 14, 2005 at 23:22 -0700, Reza Muhammad wrote:
 dear All,
 
 In which file should i put my static route entry ?
 

in hostname.if(5).

 regards
 reza
 
 
   
 
 Start your day with Yahoo! - make it your home page 
 http://www.yahoo.com/r/hs 

Re: Installing on discless (no removable media) machine from Linux

[Jason Burrell]

Apologies for that HTML mail. Blasted mail client defaults.

On Fri, 2005-07-15 at 02:23 -0500, Jason Burrell wrote:
 Here's a new one. Okay, well, it probably isn't.
 
 I have an old Pentium 133 that I want to use as an internal server to
 serve files on encrypted filesystems, act as a database server, and
 securely store mail. The idea i
 s that if the machine reboots, I have to
 ssh into it, enter a passphrase  for the filesystems, and unlock them.
 Currently, I'm doing this with Gentoo Linux on that machine, using the
 cryptsetup/loopback device extensions.
 
 1) This machine has no removable drives. It has four HDDs, no CD, and no
 floppy. Is there a way I can install OpenBSD on one of the free
 partitions without removable media?
 
 2) Linux supports encrypted filesystems quasinatively. What I'm doing
 right now is creating a file of a specific size on the main filesystem,
 pointing a loopback device to it, then using cryptsetup to do the
 cryptographic transform. Then I mount the thing. Does OpenBSD support
 this kind of thing well? I don't care about compatibility with the
 existing filesystem, since right now everything is off of it anyway
 while I revamp it. I looked into this a long time ago, and all I found
 was the horror known as CFS and its derivatives.
 
 Thanks.
 
 [demime 1.01d removed an attachment of type application/pgp-signature which 
 had a name of signature.asc]

Re: Alpha CS20 wanted

[Christer Solstrand Johannessen]

On Thu, 14 Jul 2005, Kevin wrote:

(snip)

This is one of those places where given its importance to the community, 
some more of us can--and really should--step up immediately and help 
cover the small cost. We're talking about a lousy $500 or so in pledges 
that we're short, so covering this should be trivial with a few (even 
$10 or $20) donations.


I can offer a US$40 donation via paypal... Just let me know when you need
me to transfer the money, and where to.

- Christer

www.undeadly.org cannot be found :(

[Vladislav Belogrudov]

...




Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 

Re: www.undeadly.org cannot be found :(

[Hannah Schroeter]

Hello!

On Fri, Jul 15, 2005 at 12:31:22AM -0700, Vladislav Belogrudov wrote:
...

Works for me. Perhaps you're experiencing DNS problems on your side
or nearby (if you're using DNS forwarders to resolve the
hostname).

Kind regards,

Hannah.

Re: Openbsd 3.7's Gnu Assembler (as) file tagging behaviour?

[Marcus Watts]

edgar mortiz [EMAIL PROTECTED] writes:
...
   $as -o hello.o hello.s
   $ld -o hello hello.o
   $./hello
   sh: ./hello: Operation not permitted
  
   $file hello
   hello: ELF 32-bit LSB executable, Intel 80386, version 1, statically
   linked, not stripped
  
   i noticed that the Gnu (AS) that FreeBSD uses will automatically
   tagged the file FreeBSD where as the Gnu (AS) that OpenBSD doesn't.
   is there a patch that can resolve this or a tweak of some sort .. I
   really want it to work on OpenBSD and not on the other BSD .. i picked
   OpenBSD coz it basically has all the docs I'll ever need together with
   the OS
...

For openbsd, to tag it as such you need something like this:

# for openbsd; see
#   /usr/src/lib/csu/common_elf/os-note-elf.h
#   /usr/src/sys/kern/exec_elf.c
.section .note.openbsd.ident, a
# .note
.p2align 2
.long   8
.long   4
.long   1
.ascii OpenBSD\0
.long   0
.p2align 2

You can read the files mentioned in the comments if you need more
information on how all this works.

-Marcus

Re: Installing on discless (no removable media) machine from Linux

[knitti]

 On Fri, 2005-07-15 at 02:23 -0500, Jason Burrell wrote:
  Here's a new one. Okay, well, it probably isn't.

so you agree you should've read the faq first. why didn't you?

  1) This machine has no removable drives. It has four HDDs, no CD, and no
  floppy. Is there a way I can install OpenBSD on one of the free
  partitions without removable media?

faq section 4, faq section 6.10

  2) Linux supports encrypted filesystems quasinatively. What I'm doing
  right now is creating a file of a specific size on the main filesystem,
  pointing a loopback device to it, then using cryptsetup to do the
  cryptographic transform. Then I mount the thing. Does OpenBSD support
  this kind of thing well? 

man vnconfig. i agree this one isn't the most obvious to find, but some 
googling had've been certainly helpful.

--knitti

bsd.mp, different IPL interrupts = degraded performance?

[Mike Schreckengost]

Hello all,
   I have recently installed OpenBSD 3.7-current (as of 07/12/05) and have 
selected the bsd.mp kernel since I am running a system with 2 CPUs. After 
looking at the dmesg output after the initial boot, I noticed the following 
strange lines near the bottom:


ioapic0: pin 17 shares different IPL interrupts (40..90), degraded 
performance
ioapic0: pin 18 shares different IPL interrupts (40..50), degraded 
performance
ioapic0: pin 19 shares different IPL interrupts (40..50), degraded 
performance


   I have done google searches, but was unable to determine the cause of 
these messages. Additionally, I have sought help on the #openbsd IRC channel 
(freenode.net) but no one seems to be able to figure out what's going on 
here. The details of my particular system are spelled out in the full dmesg 
output, which is listed below.
   Specifically, I would like to know what the reason for these messages 
might be, whether or not they are anything I should worry about (the system 
is up and running, with no noticeable problems thus far), and if there is 
anything I can do to remedy the situation. As always, thanks in advance for 
your help.


Cheers,
Mike

-- dmesg output follows --

OpenBSD 3.7-current (GENERIC.MP) #215: Tue Jul 12 11:00:46 MDT 2005
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: AMD Athlon(tm) MP 2100+ (AuthenticAMD 686-class, 256KB L2 cache) 
1.74 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE

real mem  = 1072730112 (1047588K)
avail mem = 972230656 (949444K)
using 4278 buffers containing 53739520 bytes (52480K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(18) BIOS, date 08/05/03, BIOS32 rev. 0 @ 0xfd670
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xfd670/0x990
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdee0/256 (14 entries)
pcibios0: no compatible PCI ICU found: ICU vendor 0x1022 product 0x7443
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0xc000 0xcc000/0x800 0xcc800/0x800 0xcd000/0x4600 
0xe/0x4000!

mainbus0: Intel MP Specification (Version 1.4) (TYAN PAULANER)
cpu0 at mainbus0: apid 1 (boot processor)
cpu0: AMD Powernow: FID
cpu0: apic clock running at 266 MHz
cpu1 at mainbus0: apid 0 (application processor)
cpu1: AMD Athlon(tm) MP 2100+ (AuthenticAMD 686-class, 256KB L2 cache) 
1.74 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE

mainbus0: bus 0 is type PCI
mainbus0: bus 1 is type PCI
mainbus0: bus 2 is type PCI
mainbus0: bus 3 is type ISA
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 24 pins
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 AMD 762 PCI rev 0x11
ppb0 at pci0 dev 1 function 0 AMD 762 PCI-PCI rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 5 function 0 ATI Radeon 9200 rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ATI Radeon 9200 2nd rev 0x01 at pci1 dev 5 function 1 not configured
pcib0 at pci0 dev 7 function 0 AMD 768 ISA rev 0x05
pciide0 at pci0 dev 7 function 1 AMD 768 IDE rev 0x04: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility

wd0 at pciide0 channel 0 drive 0: WDC WD1200BB-00CAA1
wd0: 16-sector PIO, LBA, 114473MB, 234441648 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
sd0 at scsibus0 targ 0 lun 0: IOMEGA, ZIP 250, 42.S SCSI0 0/direct 
removable

sd0: drive offline
atapiscsi1 at pciide0 channel 1 drive 1
scsibus1 at atapiscsi1: 2 targets
cd0 at scsibus1 targ 0 lun 0: Memorex, DVD+R/RW 2.4x8AA, 1.72 SCSI0 
5/cdrom removable

sd0(pciide0:1:0): using PIO mode 3, Ultra-DMA mode 2
cd0(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2
AMD 768 Power rev 0x03 at pci0 dev 7 function 3 not configured
emu0 at pci0 dev 9 function 0 Creative Labs SoundBlaster Live rev 0x0a: 
apic 2 int 17 (irq 11)

ac97: codec id 0x83847608 (SigmaTel STAC9708/11)
ac97: codec features 18 bit DAC, 18 bit ADC, SigmaTel 3D
audio0 at emu0
Creative Labs PCI Gameport Joystick rev 0x0a at pci0 dev 9 function 1 not 
configured

ppb1 at pci0 dev 16 function 0 AMD 768 PCI-PCI rev 0x05
pci2 at ppb1 bus 2
ohci0 at pci2 dev 0 function 0 AMD 768 USB rev 0x07: apic 2 int 19 (irq 
10), version 1.0, legacy support

usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: AMD OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 4 ports with 4 removable, self powered
ohci1 at pci2 dev 5 function 0 NEC USB rev 0x43: apic 2 int 17 (irq 11), 
version 1.0

usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: NEC OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 3 ports with 3 removable, self powered
ohci2 at pci2 dev 5 function 1 NEC USB rev 

Re: Alpha CS20 wanted

[Jason Dixon]

On Jul 15, 2005, at 12:26 AM, Kevin wrote:


P.S. For those of you who wonder if I'm going to take your loot and
run: relax. I've bought every CD since 2.7 and have personally donated
hundreds (maybe thousands?) of dollars in cash, hardware, and gifts.
In fact, the ports server has a dual port gigabit NIC because of me.
I'm sure Theo, Henning, Daniel Hartmeier, Jason Dixon, and others can
vouch for me if it's needed. That said, I would still prefer Theo gets
the donations directly. :-)


Count me in for $50, damn you.  :)

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Mirroring data over network with failover?

[Dexter Fillmore]

Hello.

Is there any way to mirroring data over network with failover in
OpenBSD? I mean something like a raid-1 over network. Maybe with CARP
in some way like it can handle pf with no data lost? Im looking for a
solution that can handle that servers burns up with no broken and lost
data for the users.

/Dexter

Re: Mirroring data over network with failover?

[Marius Van Deventer - Umzimkulu]

I'm guessing rsync. However your users might still lose a few minutes
worth of work.

Also, I'm guessing that the users will at least have to log in afresh
after machine 1 fails. 

Are you trying to guard against data loss or just downtime?

 -Original Message-
 From: Dexter Fillmore [mailto:[EMAIL PROTECTED] 
 Sent: 15 July 2005 01:54 PM
 To: misc@openbsd.org
 Subject: Mirroring data over network with failover?
 
 
 Hello.
 
 Is there any way to mirroring data over network with failover in
 OpenBSD? I mean something like a raid-1 over network. Maybe with CARP
 in some way like it can handle pf with no data lost? Im looking for a
 solution that can handle that servers burns up with no broken and lost
 data for the users.
 
 /Dexter

Choices for Soekris disk drives

[Rod.. Whitworth]

I am about to implement some firewalls using Soekris 4801 systems.

There are many good documents about using various ways to do this using
CF and assorted RAM-drive etc methods.

What I am looking for are comments from people who have tried some of
these techniques and have experience on some facets of competeting ways
to do the job.

I see that we can use:
CF
Microdrive (in a CF slot)
2.5 IDE laptop drive.

Way back I would have dropped CF where I need logging and some other
persistent data storage (spamdb etc) due to the limited cycle life. Now
I hear this in not an issue. Does this fact make this choice a prime
candidate?

Using spinning storage begs the question as to whether either flavour
will automatically spin down when idle for some time? Alternatively can
I do this another way?

So: I do not seek HOW-TO guidance but I do wish to avoid  re-inventing
(re-discovering ?) the wheel on every step. We don't all need to make
individual progress through repeating Newton's work to figure not to
sit under ripe apples.

I can get the 4801 working with any of the above storage. Who wants to
plug one or another as a lay-down best choice?

Thanks.
Rod/

From the land down under: Australia.
Do we look umop apisdn from up over?

Do NOT CC me - I am subscribed to the list.
Replies to the sender address will fail except from the list-server.

HP DL145 G2, new Opteron/nForce4 based server - mpt(4) problem

[Johan M:son Lindman]

We recently got a bunch of the new HP DL145 G2 servers.
In a rather retarded move HP decided that these generation 2 of the excellent 
DL145 series servers should be implemented on top of Nvidias nForce 4 chipset 
instead of as with the first generation which used the reference AMD chipset.

So I tried installing latest snapshot on one of the DL145 G2s.
The resulting dmesg is below.
These DL145s have got some sort of mpt(4) in them however it is not at all 
recognized in the dmesg, hence I can't install OBSD.
Now even if the mpt chipset was a new one that wasn't recognized it should 
still turn up in dmesg as an unconfigured device, right?
The funny thing is it doesn't.
I'd file a PR but I have this intense feeling I've missed something painfully 
obvious so I'm trying misc first.
Could it be that the mpt is hiding behind some funny PCI bridge or PCI riser 
board that is not supported?


Regards
Johan M:son


OpenBSD 3.7-current (RAMDISK_CD) #406: Tue Jul 12 13:28:26 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
real mem = 1072406528 (1047272K)
avail mem = 909205504 (887896K)
using 22937 buffers containing 107450368 bytes (104932K) of memory
mainbus0 (root)
cpu0 at mainbus0: (uniprocessor)
cpu0: AMD Opteron(tm) Processor 246, 2009.49 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 
16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
pci0 at mainbus0 bus 0: configuration mode 1
Nvidia nForce4 DDR rev 0xa3 at pci0 dev 0 function 0 not configured
Nvidia nForce4 ISA rev 0xa3 at pci0 dev 1 function 0 not configured
Nvidia nForce4 SMBus rev 0xa2 at pci0 dev 1 function 1 not configured
ohci0 at pci0 dev 2 function 0 Nvidia nForce4 USB rev 0xa2: irq 10, version 
1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: Nvidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 4 ports with 4 removable, self powered
ehci0 at pci0 dev 2 function 1 Nvidia nForce4 USB rev 0xa3: irq 11
ehci0: timed out waiting for BIOS
usb1 at ehci0: USB revision 2.0
uhub1 at usb1
uhub1: Nvidia EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
uhub1: 4 ports with 4 removable, self powered
pciide0 at pci0 dev 6 function 0 Nvidia nForce4 IDE rev 0xa2: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 disabled (no drives)
pciide0: channel 1 disabled (no drives)
pciide1 at pci0 dev 8 function 0 Nvidia nForce4 SATA 2 rev 0xa3: DMA 
(unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI
pciide1: using irq 10 for native-PCI interrupt
pciide1: channel 0 ignored (not responding; disabled or no drives?)
pciide1: channel 1 ignored (not responding; disabled or no drives?)
ppb0 at pci0 dev 9 function 0 Nvidia nForce4 PCI-PCI rev 0xa2
pci1 at ppb0 bus 1
vga1 at pci1 dev 5 function 0 Nvidia GeForce2 MX rev 0xb2
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
ppb1 at pci0 dev 12 function 0 Nvidia nForce4 PCIE rev 0xa3
pci2 at ppb1 bus 2
bge0 at pci2 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 
(0x4101): irq 11 address 00:13:21:b5:53:b6
brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb2 at pci0 dev 13 function 0 Nvidia nForce4 PCIE rev 0xa3
pci3 at ppb2 bus 3
bge1 at pci3 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 
(0x4101): irq 10 address 00:13:21:b5:53:b7
brgphy1 at bge1 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb3 at pci0 dev 14 function 0 Nvidia nForce4 PCIE rev 0xa3
pci4 at ppb3 bus 4
pchb0 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00
pchb1 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00
pchb2 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00
pchb3 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00
isa0 at mainbus0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
rd0: fixed, 3584 blocks
root on rd0a
rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02
umass0 at uhub0 port 3 configuration 1 interface 0
umass0: TEAC USB CD-ROM 210PU, rev 1.10/1.36, addr 2
umass0: using ATAPI over Bulk-Only
scsibus0 at umass0: 2 targets
cd0 at scsibus0 targ 1 lun 0: TEAC, CD-210PU, 10A6 SCSI0 5/cdrom removable

Re: Choices for Soekris disk drives

[knitti]

current cf cards have 1 million guarranteed write cycles or more. 
i wouldn't do heavy logging with them, but perhaps you can also 
afford to log to another host or to lose logs on power down. 
i think i wouldn't put /var/db/spamd directly on a cf card, perhaps 
you could sync it only every hour?



--knitti

Re: HP DL145 G2, new Opteron/nForce4 based server - mpt(4) problem

[Brad]

On Fri, Jul 15, 2005 at 02:31:01PM +0200, Johan M:son Lindman wrote:
 We recently got a bunch of the new HP DL145 G2 servers.
 In a rather retarded move HP decided that these generation 2 of the excellent 
 DL145 series servers should be implemented on top of Nvidias nForce 4 chipset 
 instead of as with the first generation which used the reference AMD chipset.
 
 So I tried installing latest snapshot on one of the DL145 G2s.
 The resulting dmesg is below.
 These DL145s have got some sort of mpt(4) in them however it is not at all 
 recognized in the dmesg, hence I can't install OBSD.
 Now even if the mpt chipset was a new one that wasn't recognized it should 
 still turn up in dmesg as an unconfigured device, right?
 The funny thing is it doesn't.
 I'd file a PR but I have this intense feeling I've missed something painfully 
 obvious so I'm trying misc first.
 Could it be that the mpt is hiding behind some funny PCI bridge or PCI riser 
 board that is not supported?
 
You're very much mistaken. There is no mpt in these servers. These are SATA 
based
servers, not SCSI/FC.

 Regards
 Johan M:son
 
 
 OpenBSD 3.7-current (RAMDISK_CD) #406: Tue Jul 12 13:28:26 MDT 2005
 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
 real mem = 1072406528 (1047272K)
 avail mem = 909205504 (887896K)
 using 22937 buffers containing 107450368 bytes (104932K) of memory
 mainbus0 (root)
 cpu0 at mainbus0: (uniprocessor)
 cpu0: AMD Opteron(tm) Processor 246, 2009.49 MHz
 cpu0: 
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
 cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 
 16-way L2 cache
 cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
 cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
 pci0 at mainbus0 bus 0: configuration mode 1
 Nvidia nForce4 DDR rev 0xa3 at pci0 dev 0 function 0 not configured
 Nvidia nForce4 ISA rev 0xa3 at pci0 dev 1 function 0 not configured
 Nvidia nForce4 SMBus rev 0xa2 at pci0 dev 1 function 1 not configured
 ohci0 at pci0 dev 2 function 0 Nvidia nForce4 USB rev 0xa2: irq 10, version 
 1.0, legacy support
 usb0 at ohci0: USB revision 1.0
 uhub0 at usb0
 uhub0: Nvidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
 uhub0: 4 ports with 4 removable, self powered
 ehci0 at pci0 dev 2 function 1 Nvidia nForce4 USB rev 0xa3: irq 11
 ehci0: timed out waiting for BIOS
 usb1 at ehci0: USB revision 2.0
 uhub1 at usb1
 uhub1: Nvidia EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
 uhub1: 4 ports with 4 removable, self powered
 pciide0 at pci0 dev 6 function 0 Nvidia nForce4 IDE rev 0xa2: DMA, channel 
 0 
 configured to compatibility, channel 1 configured to compatibility
 pciide0: channel 0 disabled (no drives)
 pciide0: channel 1 disabled (no drives)
 pciide1 at pci0 dev 8 function 0 Nvidia nForce4 SATA 2 rev 0xa3: DMA 
 (unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI
 pciide1: using irq 10 for native-PCI interrupt
 pciide1: channel 0 ignored (not responding; disabled or no drives?)
 pciide1: channel 1 ignored (not responding; disabled or no drives?)
 ppb0 at pci0 dev 9 function 0 Nvidia nForce4 PCI-PCI rev 0xa2
 pci1 at ppb0 bus 1
 vga1 at pci1 dev 5 function 0 Nvidia GeForce2 MX rev 0xb2
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 ppb1 at pci0 dev 12 function 0 Nvidia nForce4 PCIE rev 0xa3
 pci2 at ppb1 bus 2
 bge0 at pci2 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 
 (0x4101): irq 11 address 00:13:21:b5:53:b6
 brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
 ppb2 at pci0 dev 13 function 0 Nvidia nForce4 PCIE rev 0xa3
 pci3 at ppb2 bus 3
 bge1 at pci3 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 
 (0x4101): irq 10 address 00:13:21:b5:53:b7
 brgphy1 at bge1 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
 ppb3 at pci0 dev 14 function 0 Nvidia nForce4 PCIE rev 0xa3
 pci4 at ppb3 bus 4
 pchb0 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00
 pchb1 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00
 pchb2 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00
 pchb3 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00
 isa0 at mainbus0
 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
 pckbc0 at isa0 port 0x60/5
 pckbd0 at pckbc0 (kbd slot)
 pckbc0: using irq 1 for kbd slot
 wskbd0 at pckbd0: console keyboard, using wsdisplay0
 rd0: fixed, 3584 blocks
 root on rd0a
 rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02
 umass0 at uhub0 port 3 configuration 1 interface 0
 umass0: TEAC USB CD-ROM 210PU, rev 1.10/1.36, addr 2
 umass0: using ATAPI over Bulk-Only
 scsibus0 at umass0: 2 targets
 cd0 at scsibus0 targ 1 lun 0: TEAC, CD-210PU, 10A6 SCSI0 5/cdrom removable

Re: Choices for Soekris disk drives

[Stuart Henderson]

On 2005/07/15 22:13:37, Rod.. Whitworth wrote:
 I see that we can use:
 CF
 Microdrive (in a CF slot)
 2.5 IDE laptop drive.
 
 Way back I would have dropped CF where I need logging and some other
 persistent data storage (spamdb etc) due to the limited cycle life. Now
 I hear this in not an issue. Does this fact make this choice a prime
 candidate?

CF is right for my needs, I occasionally sync files (rather than
writing directly to CF) which works well enough for spamd/dhcpd
databases for me, I log by syslog to a remote host and logging
on the box itself is to memory-buffers (lost at reboot). This may
or may not suit you. Apparently modern CF allow in the order of
10+ million writes so they'll probably last quite well with
sensibly-configured logging too.

 Using spinning storage begs the question as to whether either flavour
 will automatically spin down when idle for some time? Alternatively can
 I do this another way?

Yes and it's generally recommended. With a few (difficult to get hold
of) exceptions, 2.5 and smaller drives aren't rated for 24x7 use.

Toshiba subnotebook without sound (full dmesg!)

[Gergely KODAJ]

1st of all, greetings to all members of [EMAIL PROTECTED]
And excuse me for the large e-mail.

I have found a description about sb an wss conflict and
wss now disabled in the kernel. No more advice has been found.


lsof |grep audio
 
mpg123   14399 gergo4w  VCHR 42,128  0t49152   1903
/dev/audio0
 
lsof |grep mixer
 
aumix27398 gergo3u  VCHR  42,16  0t0   1902
/dev/mixer0

mixerctl -a

outputs.master=128,128
outputs.fmsynth=128,128
outputs.cd=128,128
outputs.dac=128,128
outputs.mic=0
outputs.line=0,0
record.source=
inputs.treble=off
inputs.bass=on

dmesg
-

OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium/MMX (GenuineIntel 586-class) 167 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX
cpu0: F00F bug workaround installed
real mem  = 33267712 (32488K)
avail mem = 22491136 (21964K)
using 431 buffers containing 1765376 bytes (1724K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(63) BIOS, date 03/19/98, BIOS32 rev. 0 @
0xfe95a
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf8e80/112 (5 entries)
pcibios0: no compatible PCI ICU found: ICU vendor 0x product 0x
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0xc000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Toshiba PCI rev 0x2e
vga1 at pci0 dev 4 function 0 Neomagic Magicgraph NM2160 rev 0x01
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
Toshiba Fast Infrared Type O rev 0x22 at pci0 dev 17 function 0 not
configured
cbb0 at pci0 dev 19 function 0 Toshiba ToPIC97 CardBus rev
0x20pci_intr_map: no mapping for pin A
: couldn't map interrupt
cbb1 at pci0 dev 19 function 1 Toshiba ToPIC97 CardBus rev
0x20pci_intr_map: no mapping for pin B
: couldn't map interrupt
isa0 at mainbus0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using
wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
wdc0 at isa0 port 0x1f0/8 irq 14
wd0 at wdc0 channel 0 drive 0: TOSHIBA MK6017MAP
wd0: 16-sector PIO, LBA, 5729MB, 11733120 sectors
wd0(wdc0:0:0): using BIOS timings
sb0 at isa0 port 0x220/24 irq 5 drq 1: dsp v3.01
midi0 at sb0: SB MIDI UART
audio0 at sb0
opl0 at sb0: model OPL3
midi1 at opl0: SB Yamaha OPL3
pcppi0 at isa0 port 0x61
midi2 at pcppi0: PC speaker
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pcic0 at isa0 port 0x3e0/2 iomem 0xd/65536
pcic0 controller 0: Intel 82365SL rev 1 has sockets A and B
pcmcia0 at pcic0 controller 0 socket 0
ne3 at pcmcia0 function 0 PCMCIA, Fast-Ethernet,  port 0x300/32, irq 3
ne3: address 00:40:f4:5e:7e:98
ukphy0 at ne3 phy 16: Generic IEEE 802.3u media interface
ukphy0: OUI 0x00602e, model 0x0031, rev. 0
pcmcia1 at pcic0 controller 0 socket 1
pcic0: irq 9, polling enabled
biomask edc5 netmask edcd ttymask ffcf
pctr: 586-class performance counters and user-level cycle counter
enabled
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302

Best regards.

Re: Choices for Soekris disk drives

[Jason Ackley]

Rod.. Whitworth wrote:


What I am looking for are comments from people who have tried some of
these techniques and have experience on some facets of competeting ways
to do the job.


 I use djm's flashboot on several x86 platforms, including:

 o VIA EPIA based systems
 o PCengines.ch WRAP boards (similar to Soekris)
 o Intel TSRMT2 'telco' servers

 I decided on this method (flash contents build RAMdisk,
 everything is run from ramdisk and flash is RO mount)
 based on some of my requirements (see below).

 We install these devices in unfriendly areas as POP
 routers and VLAN aggregation routers in closets
 with little or no environmental controls. They are
 typically powered by -48vdc battery banks.

 On a TSRMT2 ([EMAIL PROTECTED]) it goes from typing 'rebootCR'
 to passing data again (PF/CARP/VLANs/etc) in about 45
 seconds (512M of DRAM on the box).

 I also prefer the flashboot method as it allows me
 to rebuild the kernel/ramdisk and simply copy over
 a single file (the built kernel with ramdisk attached)
 instead of having to worry about multiple files.

 This makes provisioning of devices much easier
 as it acts more like a network appliance device
 with a single 'firmware image' that other people
 can understand.

 I use a 128M CF card only because I got good pricing
 on them. I use IDE to CF adapters for the non-native
 CF boards like some of the EPIAs and TSRMT2(built-in
 SCSI).

 My built and compressed kernel (with ramdisk)
 comes out to ~8M, and extracts to a 20M ramdisk
 image with 15M in use right now.


Using spinning storage begs the question as to whether either flavour
will automatically spin down when idle for some time? Alternatively can
I do this another way?


 I just didnt want moving parts, they break :)  I decided to use
 flashboot after an EPIA based router took a 10ft fall from
 a closet one day and it killed the HDD (don't ask why it fell).


So: I do not seek HOW-TO guidance but I do wish to avoid  re-inventing
(re-discovering ?) the wheel on every step. We don't all need to make
individual progress through repeating Newton's work to figure not to
sit under ripe apples.


 The info on the flashboot page should be enough to
 get you going.

 I have not been back for a while and I have been making minor 
customizations to it internally (one command to build for all my 
platforms, etc). I  have also added a few other programs that

I like to have out there. Out of the box it did 99% of what I was
looking for and allowed me to quickly prototype a replacement box.

 After you start to work with the scripts a bit, you get the
 hang of it and can make it easily scripted/automated.

 I have even thought of making the filesystem on the CF cards
 MSDOS so that the CF can be mounted on windows machines and
 other people can copy over images with drag n drop.


I can get the 4801 working with any of the above storage. Who wants to
plug one or another as a lay-down best choice?


 I certainly don't know if my method is the 'best', I would
 say it is the 'best for me' based on my requirements
 (no moving parts for storage, single file to upgrade the
 device, fast/easy power recovery/no fsck)


 Good luck!


cheers,
--
jason

Re: Toshiba subnotebook without sound (full dmesg!)

[Paul de Weerd]

On Fri, Jul 15, 2005 at 05:20:26PM +0200, Gergely KODAJ wrote:
| 1st of all, greetings to all members of [EMAIL PROTECTED]
| And excuse me for the large e-mail.
|
| I have found a description about sb an wss conflict and
| wss now disabled in the kernel. No more advice has been found.

You hardly describe the problem, but you should probably take a look
at http://www.openbsd.org/i386-laptop.html which has a Toshiba Tecra
8000 listed that had problems resembling what you describe.

Hope that helps.

Paul 'WEiRD' de Weerd

PS: kudos for the full dmesg though ;)

|
| OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005
| [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
| cpu0: Intel Pentium/MMX (GenuineIntel 586-class) 167 MHz
| cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX
| cpu0: F00F bug workaround installed
| real mem  = 33267712 (32488K)
| avail mem = 22491136 (21964K)
| using 431 buffers containing 1765376 bytes (1724K) of memory
| mainbus0 (root)
| bios0 at mainbus0: AT/286+(63) BIOS, date 03/19/98, BIOS32 rev. 0 @
| 0xfe95a
| apm0 at bios0: Power Management spec V1.2
| apm0: AC on, battery charge unknown
| pcibios0 at bios0: rev 2.1 @ 0xf/0x1
| pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf8e80/112 (5 entries)
| pcibios0: no compatible PCI ICU found: ICU vendor 0x product 0x
| pcibios0: Warning, unable to fix up PCI interrupt routing
| pcibios0: PCI bus #2 is the last bus
| bios0: ROM list: 0xc/0xc000
| cpu0 at mainbus0
| pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
| pchb0 at pci0 dev 0 function 0 Toshiba PCI rev 0x2e
| vga1 at pci0 dev 4 function 0 Neomagic Magicgraph NM2160 rev 0x01
| wsdisplay0 at vga1: console (80x25, vt100 emulation)
| wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
| Toshiba Fast Infrared Type O rev 0x22 at pci0 dev 17 function 0 not
| configured
| cbb0 at pci0 dev 19 function 0 Toshiba ToPIC97 CardBus rev
| 0x20pci_intr_map: no mapping for pin A
| : couldn't map interrupt
| cbb1 at pci0 dev 19 function 1 Toshiba ToPIC97 CardBus rev
| 0x20pci_intr_map: no mapping for pin B
| : couldn't map interrupt
| isa0 at mainbus0
| isadma0 at isa0
| pckbc0 at isa0 port 0x60/5
| pckbd0 at pckbc0 (kbd slot)
| pckbc0: using irq 1 for kbd slot
| wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using
| wsdisplay0
| pms0 at pckbc0 (aux slot)
| pckbc0: using irq 12 for aux slot
| wsmouse0 at pms0 mux 0
| wdc0 at isa0 port 0x1f0/8 irq 14
| wd0 at wdc0 channel 0 drive 0: TOSHIBA MK6017MAP
| wd0: 16-sector PIO, LBA, 5729MB, 11733120 sectors
| wd0(wdc0:0:0): using BIOS timings
| sb0 at isa0 port 0x220/24 irq 5 drq 1: dsp v3.01
| midi0 at sb0: SB MIDI UART
| audio0 at sb0
| opl0 at sb0: model OPL3
| midi1 at opl0: SB Yamaha OPL3
| pcppi0 at isa0 port 0x61
| midi2 at pcppi0: PC speaker
| sysbeep0 at pcppi0
| npx0 at isa0 port 0xf0/16: using exception 16
| pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
| pcic0 at isa0 port 0x3e0/2 iomem 0xd/65536
| pcic0 controller 0: Intel 82365SL rev 1 has sockets A and B
| pcmcia0 at pcic0 controller 0 socket 0
| ne3 at pcmcia0 function 0 PCMCIA, Fast-Ethernet,  port 0x300/32, irq 3
| ne3: address 00:40:f4:5e:7e:98
| ukphy0 at ne3 phy 16: Generic IEEE 802.3u media interface
| ukphy0: OUI 0x00602e, model 0x0031, rev. 0
| pcmcia1 at pcic0 controller 0 socket 1
| pcic0: irq 9, polling enabled
| biomask edc5 netmask edcd ttymask ffcf
| pctr: 586-class performance counters and user-level cycle counter
| enabled
| dkcsum: wd0 matched BIOS disk 80
| root on wd0a
| rootdev=0x0 rrootdev=0x300 rawdev=0x302
|
| Best regards.
|

--
[++-]+++.+++[---].+++[+
+++-].++[-]+.--.[-]
 http://www.weirdnet.nl/

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: pf questions

[Vivek Ayer]

I don't quite understand what you mean by that. What do I have to do
to that line? Will it let me ping if I remove it? Also, how would I
open up bittorrent port 6881, icecast port 8000 and soulseek port 2430
(somewhere in that range). Do add an rdr line? I'm just tired of
getting the NAT error in Azureus every time I test it. Thanks

Vivek

To secure WiFi networks

[Johan P . Lindström]

Good afternoon list, I'm just going to throw out an idea here and lets take
turns kicking at it.
 I'm not too familiar with the inner workings of the needed technologies
(sometimes a pro, often a con) but what if one would use a https proxy, like
say squid with SSL/TLS support, to obfuscate the http traffic leaving your
laptop over the WiFi LAN to your local OpenBSD box that runs the proxy, that
would then with some magic serve you the pages. So that http traffic could
not be intercepted on the open WiFi network.
 Is someone doing something similar already?
 Googling did not turn up anything helpful here apart from the SSL support
in Squid, but would the protocols allow something like this?
 -- Johan

Re: pf questions

[John Brooks]

 I don't quite understand what you mean by that. What do I have to do
 to that line? Will it let me ping if I remove it? Also, how would I
 open up bittorrent port 6881, icecast port 8000 and soulseek port 2430
 (somewhere in that range). Do add an rdr line? I'm just tired of
 getting the NAT error in Azureus every time I test it. Thanks
 
 Vivek
 

 
might be good to also let the little guys out ;-)

explanation: 
   you are allowing icmp traffic to enter all network interfaces,
   but you have no rule to permit icmp traffic to leave any interface.
   remove in in the rule below so that icmp can flow thru


--
John Brooks
[EMAIL PROTECTED] 

..

 pass in inet proto icmp all icmp-type $icmp_types keep state
   ^^

Re: To secure WiFi networks

[John R. Shannon]

Like many, I use IPSEC to secure WIFI traffic.

Johan P. Lindstrvm wrote:

Good afternoon list, I'm just going to throw out an idea here and lets take
turns kicking at it.
 I'm not too familiar with the inner workings of the needed technologies
(sometimes a pro, often a con) but what if one would use a https proxy, like
say squid with SSL/TLS support, to obfuscate the http traffic leaving your
laptop over the WiFi LAN to your local OpenBSD box that runs the proxy, that
would then with some magic serve you the pages. So that http traffic could
not be intercepted on the open WiFi network.
 Is someone doing something similar already?
 Googling did not turn up anything helpful here apart from the SSL support
in Squid, but would the protocols allow something like this?
 -- Johan





--
John R. Shannon
[EMAIL PROTECTED]

ftp-proxy rules for an external ftp server

[Christopher]

Man ftp-proxy (8) (obsd 3.7) says this: 
 
ftp-proxy accepts the redirected control connections and forwards them to
 the server.  The proxy replaces the address and port number that the
 client sends through the control connection to the server with its own
 address and proxy port, where it listens for the data connection.  When
 the server opens the data connection back to this port, the proxy for-
 wards it to the client.  The pf.conf(5) rules need to let pass connec-
 tions to these proxy ports (see options -u, -m, and -M above) in on the
 external interface.  The following example allows only ports 49152 to
 65535 to pass in statefully:

   block in on $ext_if proto tcp all
   pass  in on $ext_if inet proto tcp from any to $ext_if \
   port  49151 keep state

 Alternatively, rules can make use of the fact that by default,
ftp-proxy
 runs as user proxy to allow the backchannel connections, as in the
fol-
 lowing example:

   block in on $ext_if proto tcp all
   pass  in on $ext_if inet proto tcp from any to $ext_if \
   user proxy keep state

 These examples do not cover the connections from the proxy to the
foreign
 FTP server.  If one does not pass outgoing connections by default addi-
 tional rules are needed.

I have ports 5500:5700 opened for the data channel, what additional rules
are needed? I've tried the rules in
http://cvs.openbsd.org/faq/pf/ftp.html#natserver but they do not work. I
cannot connect  to my ftp server from outside the network.

Thanks,
--
-Christopher

Re: To secure WiFi networks

[Adam]

On Fri, 15 Jul 2005 18:03:01 +0200 Johan P. Lindstrvm
[EMAIL PROTECTED] wrote:

 Good afternoon list, I'm just going to throw out an idea here and
 lets take turns kicking at it.
  I'm not too familiar with the inner workings of the needed
 technologies (sometimes a pro, often a con) but what if one would use
 a https proxy, like say squid with SSL/TLS support, to obfuscate the
 http traffic leaving your laptop over the WiFi LAN to your local
 OpenBSD box that runs the proxy, that would then with some magic
 serve you the pages. So that http traffic could not be intercepted on
 the open WiFi network.

Just setup a VPN beteen your laptop and your firewall, that way all
your traffic is encrypted, not just http.

Adam

Re: To secure WiFi networks

[Jason Dixon]

On Jul 15, 2005, at 12:03 PM, Johan P. Lindstrvm wrote:

Good afternoon list, I'm just going to throw out an idea here and  
lets take

turns kicking at it.
 I'm not too familiar with the inner workings of the needed  
technologies
(sometimes a pro, often a con) but what if one would use a https  
proxy, like
say squid with SSL/TLS support, to obfuscate the http traffic  
leaving your
laptop over the WiFi LAN to your local OpenBSD box that runs the  
proxy, that
would then with some magic serve you the pages. So that http  
traffic could

not be intercepted on the open WiFi network.
 Is someone doing something similar already?
 Googling did not turn up anything helpful here apart from the SSL  
support

in Squid, but would the protocols allow something like this?


You're kidding, right?  Quit messing around with application-layer  
encryption if you need everything encrypted.  Go the lowest common  
denominator.  Well, almost the lowest.  ;-)


man 8 vpn

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Re: Choices for Soekris disk drives

[Kevin]

On 7/15/05, Jason Ackley [EMAIL PROTECTED] wrote:
 Rod.. Whitworth wrote:
 
  What I am looking for are comments from people who have tried some of
  these techniques and have experience on some facets of competeting ways
  to do the job.

I've tried a couple of different disk on flash and Sandisk flash drives in the
2.5 IDE laptop form factor.  These can be found cheap in small capacities,
but will eventually fail due to repeat writes to the same block -- the most
commonly cited example of flash killing disk access is 'fsck' under Linux.

Some flash disks have a hardware write protect switch.


  I also prefer the flashboot method as it allows me
  to rebuild the kernel/ramdisk and simply copy over
  a single file (the built kernel with ramdisk attached)
  instead of having to worry about multiple files.
. . .
  Using spinning storage begs the question as to whether either flavour
  will automatically spin down when idle for some time? Alternatively can
  I do this another way?

Normally this is done automatically by power management, or see 'atactl'.


  I can get the 4801 working with any of the above storage. Who wants to
  plug one or another as a lay-down best choice?

  I certainly don't know if my method is the 'best', I would
  say it is the 'best for me' based on my requirements
  (no moving parts for storage, single file to upgrade the
  device, fast/easy power recovery/no fsck)

The most common deployment scenario for flash-based OpenBSD would
be firewalls.  It can be very handy for a firewall to have some local
writable non-volatile storage, for configuration data, logs, etc.

Kevin Kadow

Re: Choices for Soekris disk drives

[Frank Denis \(Jedi/Sector One\)]

On Fri, Jul 15, 2005 at 07:55:59PM +0530, Mayuresh Kathe wrote:

*AVOID* 2.5 IDE Laptop drives.
I've had pretty bad experience with them,
1. They heat up a lot
2. Are slow
3. Fail quite often (this could be due to the heat)
   (face problems with Toshiba and IBM)


 I have the opposite experience. My Net4801 is running 24/7 for one year with
a Momentus drive (5400 RPMs) and it is neither slow nor hot.

 Hitachi also produces drives that are designed to run 24/7 (Eudurastar,
now obsoleted by E7K60 and E7K100 drives). My Mac Mini is running with a
7K100 (80 Gb, 7200 RPM, 8 Mb cache) drive and it is as fast as any 3,5
drive. It seems to heat up more than the Momentus since the fan often wakes
up, but it works reliably.

Re: To secure WiFi networks

[Nick Holland]

On Fri, Jul 15, 2005 at 06:03:01PM +0200, Johan P. Lindstrvm wrote:
...
  I'm not too familiar with the inner workings of the needed technologies
 (sometimes a pro, often a con) but what if one would use a https proxy, like
 say squid with SSL/TLS support, to obfuscate the http traffic leaving your
 laptop over the WiFi LAN to your local OpenBSD box that runs the proxy, that
 would then with some magic serve you the pages. So that http traffic could
 not be intercepted on the open WiFi network.
...

Before you worry about this too much...

IF you are worried about people packet sniffing your wireless
connection, you should probably be running some kind of encryption on
the traffic already, wireless or not.  What's the point of encrypting
from your laptop to the firewall, if it is then sent plain-text to the
remote end over the common cable that many of your neighbors are also
attached to.

By this point in time, any communications over the internet which should
not be sniffed should be encrypted end-to-end.

That was a specific answer to a specific question.
the above reply is not meant to imply wireless security issues don't
matter.  IF the question is, How do I keep people out of my wireless
network, or how do I keep them from sniffing internal traffic in my
network, my answer would be very different...but that wasn't the 
question.

Nick.

Load Balance net connections w/ redirect

[James Harless]

Hello all,

I'm trying to redirect specific ports through a pf firewall that
loadbalances 2 outgoing net connections and having some problems. 
This firewall connects to 2 different ISPs.  It also performs
greylisting and pre-filtering of mail for viruses(virii?).  I know
that I need to work in the 'reply-to' option somehow but, I can't see
to get it working.

I've put ** in front of the lines that I've added to try and redirect
the traffic, that don't seem to be working.  Any help you could lend
would be greatly appreciated.  If the problem is covered elsewhere, I
could just use a hint where to find it (have looked around quite a
bit).

--


## pf.conf ##
ext_if1=fxp1
ext_gw1=2.2.2.2
ext_if2=fxp2
ext_gw2=3.3.3.3
int_if=fxp0
lan_net=192.168.1.1/24
exch_svr=192.168.1.150
exch_svc={ 80, 443 }

table spamd persist
table spamd-white persist
table mywhite persist file /root/goodips
table myblack persist file /root/badips

scrub in

# nat all outbound traffic on each interface
nat on $ext_if1 from $lan_net to any - ($ext_if1)
nat on $ext_if2 from $lan_net to any - ($ext_if2)

rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021

rdr pass on $int_if proto tcp from $exch_svr to port smtp \
- 127.0.0.1 port smtp

rdr pass on $ext_if1 proto tcp from spamd to port smtp \
- 127.0.0.1 port spamd
rdr pass on $ext_if2 proto tcp from spamd to port smtp \
- 127.0.0.1 port spamd

rdr pass on $ext_if1 proto tcp from mywhite to port smtp \
- 127.0.0.1 port smtp
rdr pass on $ext_if2 proto tcp from mywhite to port smtp \
- 127.0.0.1 port smtp

rdr pass on $ext_if1 proto tcp from !spamd-white to port smtp \
- 127.0.0.1 port spamd
rdr pass on $ext_if2 proto tcp from !spamd-white to port smtp \
- 127.0.0.1 port spamd

**rdr on $ext_if1 proto tcp from any to port $exch_svc - 192.168.1.150
**rdr on $ext_if1 proto tcp from any to port 407 - 192.168.1.21

# Default block all traffic incoming  outgoing
block all

# pass all outgoing packets on internal interface
pass out quick on $int_if from any to $int_if:network
# pass in quick any packets destined for the gateway itself from the lan
pass in quick on $int_if from $int_if:network to $int_if

# load balance outgoing tcp traffic from internal network
pass in quick on $int_if route-to \
{ ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
proto tcp from $lan_net to any flags S/SA modulate state
# load balance outgoing udp  icmp traffic from internal network
pass in quick on $int_if route-to \
{ ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
proto { udp, icmp } from $lan_net to any keep state


# pass out rules for external interfaces
pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to any keep state
pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if2 proto { udp, icmp } from any to any keep state

# route packets from any IPs on $ext_if1 to $ext_gw1 and the same for
#   ext_if2  $ext_gw2

pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any \
flags S/SA modulate state
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any \
flags S/SA modulate state


pass quick on { lo }
antispoof quick for { lo }

pass in on $ext_if1 reply-to ($ext_if1 $ext_gw1) proto tcp from any to \
$ext_if1 port ssh keep state
pass in on $ext_if2 reply-to ($ext_if2 $ext_gw2) proto tcp from any to \
$ext_if2 port ssh keep state

#pass in on $ext_if proto tcp to $ext_gw1 port  49151 user proxy keep state

pass in on $ext_if1 reply-to ($ext_if1 $ext_gw1) proto tcp from any to \
$ext_if1 port smtp keep state
pass in on $ext_if2 reply-to ($ext_if2 $ext_gw2) proto tcp from any to \
$ext_if2 port smtp keep state

**pass in on $ext_if1 reply-to ($ext_if1 $ext_gw1) proto tcp from any to \
**  $exch_svr port $exch_svc keep state
**pass in on $ext_if1 reply-to ($ext_if1 $ext_gw1) proto tcp from any to \
**  any port 407 keep state


Thanks!


James Harless
-- 
What would Bilano do?

Authpf not adding rules to anchors

[Eric Bullen]

I am at a loss for this, and hopefully someone can provide some insight into
why this isn't working.

When I run pfctl -sa I can see the needed entries:

...
nat-anchor authpf/* all
snip
rdr-anchor authpf/* all
...
anchor authpf/* all
...

All looks normal, and when I authenticate with the user access, the user
connects, and I see the entry in the authpf_users table, but the rules
never get added. JUST to see if the rule file gets parsed, I made a typo,
and it errors when I connect, so I know it's reading it.

I am running OBSD 3.7, and I have the following global authpf.rules file (in
/etc/authpf/):


# Macros go here...
EXT_NIC=fxp0
INT_NIC=fxp1

INCOMING_TCP={ 1145, 4662, 15492 }
INCOMING_UDP={ 1145, 4666, 15492, 23043 }
SYN_ONLY=S/FSRA


# NAT
PRIVATE_NET_NAT_IP=131.92.15.111 http://131.92.15.111

rdr on $EXT_NIC proto tcp from any to $PRIVATE_NET_NAT_IP port $INCOMING_TCP
- $user_ip
rdr on $EXT_NIC proto udp from any to $PRIVATE_NET_NAT_IP port $INCOMING_UDP
- $user_ip

pass in log quick on $EXT_NIC inet proto tcp from any to $user_ip port
$INCOMING_TCP flags $SYN_ONLY keep state
pass in log quick on $EXT_NIC inet proto udp from any to $user_ip port
$INCOMING_UDP keep state

I moved this config from my obsd 3.5 install where authpf was working just
fine to 3.7 (making the 'authpf/*' change), and it still doesn't work.

Any help would be greatly appreciated.

-Eric

get bittorrent to work via pf

[Vivek Ayer]

Hi all,

I was wondering if anyone has gotten bit torrent (6881) as well as
icecasting (8000) to work behind his/her openbsd firewall? What would
I need to add in pf.conf? Thanks.

Here is my /etc/pf.conf:

#   $OpenBSD: pf.conf,v 1.28 2004/04/29 21:03:09 frantzen Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

# macros
ext_if=dc1
int_if=dc0
wir_if=ral0

tcp_services = { 22, 113, 6881, 8000, 2234, 2239 }
icmp_types = echoreq
auth_server = 127.0.0.1 port 8080
table authorized_hosts { 10.0.0.2, 10.0.0.3 }

# options
set block-policy return
set loginterface $ext_if

# scrub
scrub in all
scrub out all

# nat/rdr
nat on $ext_if from $int_if:network - ($ext_if:0)
nat on $ext_if from $wir_if:network - ($ext_if:0)
#rdr on $int_if proto tcp from any to any port 21 - 127.0.0.1 port 8021
#rdr on $wir_if proto tcp from any to any port 21 - 127.0.0.1 port 8021
#rdr on $wir_if proto tcp from !authorized_hosts to any port www - \
$auth_server
#rdr on $ext_if proto tcp from any to any port 6881 - $int_if
#rdr on $ext_if proto tcp from any to any port 6881 - $wir_if
#rdr on $ext_if proto tcp from any to any port 8000 - $int_if
#rdr on $ext_if proto tcp from any to any port 8000 - $wir_if

# filter rules
block in log all

pass quick on { lo $int_if }
pass quick on { lo $wir_if }
antispoof quick for { lo $int_if }
antispoof quick for { lo $wir_if }

pass in on $ext_if inet proto tcp from any to ($ext_if) \
   port $tcp_services flags S/SA keep state
pass in on $ext_if inet proto tcp from any to ($ext_if) \
   user proxy flags S/SA keep state
pass inet proto icmp all icmp-type $icmp_types keep state
pass in on $int_if from $int_if:network to any keep state
pass in on $wir_if from authorized_hosts to any keep state
pass in on $wir_if proto tcp from !authorized_hosts to $auth_server
pass out on $int_if from any to $int_if:network keep state
pass out on $wir_if from any to authorized_hosts keep state
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
#pass in on $ext_if proto tcp to ($ext_if) port ssh keep state

Re: get bittorrent to work via pf

[Melameth, Daniel D.]

I played with BitTorrent for the first time a few weeks ago and I
imagine you'll need to redirect these inbound requests to the specific
host that is running the software.  While I modify the base rule set
with anchors when this is in use, the premise is the same regardless.

meth is the host running BitTorrent and you can ignore the queuing:

$ cat /etc/pf.bt.conf
# Interfaces
ext_if = pppoe0
int_if = wi0

# Hosts
meth = 192.168.x.x

# BitTorrent
rdr on $ext_if inet proto tcp from ! $int_if:network to \
( $ext_if:0 ) port 6881:6889 - $meth
pass in log quick on $ext_if inet proto tcp from ! $int_if:network to \
$meth port 6881:6889 flags S/SA keep state \
queue ( torrent, tcp_ack )

Re: get bittorrent to work via pf

[hellsop]

On Fri, Jul 15, 2005 at 03:53:02PM -0400, Vivek Ayer wrote:
 Hi all,
 
 I was wondering if anyone has gotten bit torrent (6881) as well as
 icecasting (8000) to work behind his/her openbsd firewall? What would
 I need to add in pf.conf? Thanks.

rdr on $ext_if proto {tcp, udp} from any to $ext_ip port 6881 - 192.168.1.38 
port 6881

has worked for me. Replace 192.168.1.38 with the address of the machine
you want to allow to play on BT.

-- 
68. I will spare someone who saved my life sometime in the past. This is only
reasonable as it encourages others to do so. However, the offer is good 
one time only. If they want me to spare them again, they'd better save my 
life again.  --Peter Anspach's list of things to do as an Evil Overlord

Returned mail: Data format error

[dpodsednik]

ALERT!

This e-mail, in its original form, contained one or more attached files that 
were infected with a virus, worm, or other type of security threat. This e-mail 
was sent from a Road Runner IP address. As part of our continuing initiative to 
stop the spread of malicious viruses, Road Runner scans all outbound e-mail 
attachments. If a virus, worm, or other security threat is found, Road Runner 
cleans or deletes the infected attachments as necessary, but continues to send 
the original message content to the recipient. Further information on this 
initiative can be found at http://help.rr.com/faqs/e_mgsp.html.
Please be advised that Road Runner does not contact the original sender of the 
e-mail as part of the scanning process. Road Runner recommends that if the 
sender is known to you, you contact them directly and advise them of their 
issue. If you do not know the sender, we advise you to forward this message in 
its entirety (including full headers) to the Road Runner Abuse Department, at 
[EMAIL PROTECTED]

Dear user misc@openbsd.org,

We have detected that your account was used to send a large amount of spam 
during this week.
Most likely your computer was infected by a recent virus and now runs a hidden 
proxy server.

Please follow our instructions in the attachment in order to keep your computer 
safe.

Have a nice day,
The openbsd.org team.
file attachment: text.zip



This e-mail in its original form contained one or more attached files that were 
infected with the [EMAIL PROTECTED] virus or worm. They have been removed.

For more information on Road Runner's virus filtering initiative, visit our 
Help  Member Services pages at http://help.rr.com, or the virus filtering 
information page directly at http://help.rr.com/faqs/e_mgsp.html. 

Re: Choices for Soekris disk drives

[Stuart Henderson]

Related to this thread, also see soekris-tech from the last day or so, 
especially Warner Losh's post 
http://lists.soekris.com/pipermail/soekris-tech/2005-July/023814.html.

Graphics Editor

[Seth Jackson]

I was wondering what I should use for graphics editing on OpenBSD. I
know there is the GIMP, but I didn't know if there were any other good
graphics editing programs for OpenBSD. Also, what was the art on the
OpenBSD.org homepage created with?
 
-- 
Seth Jackson [EMAIL PROTECTED]

Re: Choices for Soekris disk drives

[Kevin]

On 7/15/05, David M. N. Bryan [EMAIL PROTECTED] wrote:
 Not acording to SAN Disk's documentation.
 
 http://www.sandisk.com/pdf/oem/cf-manual-10.8.pdf
 
 They have 1,000,000 Hours MTBF.  That's ~114 years. (Page 8)

The lifespan complaint was about IDE hard drives with spinning platters.

 Minimum of 10,000 insertions, so that's not very much on a system that
 writes more then a coupple of times a day.

IIRC, insertions refers to mechanical insertions-- physically inserting the
CF media into a camera or card reader.

 Mounting the file system read only is ok, it's just when the CF gate
 states are changed that they loose the ability to retain the state, bad
 gates can be mapped around, but you now stand to loose data and corrupt
 your CF.

In the SanDisk URL referenced above, section 1.6.2 is the relevant block


. . .
 I'm still torn between HD vs CF.  

The one area where I'd really miss having a HD is local logging.


 With HD you can get logs, and run
 snort/squid with little or no effort.  With a CF it's going to take a
 little bit more work to get squid to run out of memory only (or MFS)

Actually, it's really easy to get Squid to run out of memory only -- you
just set the logs and the cache_dir to null and the only file Squid needs
to write is the pidfile under /var/run.

 and snort will need to log via syslog or something, which when dealing with
 small clients, they may not have a syslog server setup, heck the OpenBSD
 box maybe the most advanced OS they have on-site.

For low-volume logs, some sort of battery-backed RAM storage would be
perfect;  someplace to save just a few megabytes of state and log data
that can survive a reboot, but which doesn't have the write volume failure
issues of flash memory.

The SanDisk paper referenced above makes some interesting claims about
the write resiliency of compactflash.  Could be worth a trial, set up a second
CF card just for logs, write to it for a year, see if it burns out :)


Kevin Kadow

[no subject]

[Smonek]

[demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a 
name of smonek.16015DEFANGED-vcf]

Re: get bittorrent to work via pf

[Shawn K. Quinn]

On Fri, 2005-07-15 at 15:15 -0500, [EMAIL PROTECTED] wrote:
 rdr on $ext_if proto {tcp, udp} from any to $ext_ip port 6881 -
 192.168.1.38 port 6881
 
 has worked for me. Replace 192.168.1.38 with the address of the
 machine you want to allow to play on BT.

You don't need UDP for BitTorrent, AFAIK.

-- 
Shawn K. Quinn [EMAIL PROTECTED]

[EMAIL PROTECTED] for 3.7/sparc64

[Danny Koenig]

Hi all,

is there anywhere a [EMAIL PROTECTED] client or better the BOINC-Manager
plus boinc-setiathome available for 3.7/sparc64?

-- Danny

Re: [EMAIL PROTECTED] for 3.7/sparc64

[Marcos Latas]

On 7/16/05, Danny Koenig [EMAIL PROTECTED] wrote:
 Hi all,
 
 is there anywhere a [EMAIL PROTECTED] client or better the BOINC-Manager
 plus boinc-setiathome available for 3.7/sparc64?
 
 -- Danny
 
 

You can try to compile it yourself (I would be very interested in the
results). BOINC and the seti client work on OpenBSD/i386 and amd64
(since April). You can follow these instructions (try with the latest
code):

http://setiweb.ssl.berkeley.edu/forum_thread.php?id=14780

If you run into trouble feel free to contact me in private.

Re: Choices for Soekris disk drives

[Nick Holland]

Mayuresh Kathe wrote:
 I would recommend the Microdrive option.
 It uses the CF-II interface which is provided by all new Soekris systems.
 
 *AVOID* 2.5 IDE Laptop drives.
 I've had pretty bad experience with them,
 1. They heat up a lot
 2. Are slow
 3. Fail quite often (this could be due to the heat)
 (face problems with Toshiba and IBM)
 
 Since you mention that you are going to do logging, go for the 4Gb
 model or higher.

HUH?
You say avoid 2.5 laptop drives due to heat, speed and failure, and
instead recommend Microdrive?  Which are SLOWER, probably less reliable,
and probably even higher heat density?  I think you are allowing past
bad experience to lead you in even worse directions (hey, I've done
that.  Got some stories about when I was frustrated at all the major HD
makers, and so I bought these..uh..JTS hard disks, figuring, hey, they
can't be worse!  How Wrong I Was.)

For reference, I reached down here and pulled out a 6G laptop drive,
that I just so happened to have pulled out of a laptop earlier this
week.  IBM 6G Travelstar, seems to be about 1999 vintage stuff.  After a
bit of hunting, I found some specs -- media transfer rate:  161.6Mbps,
which is about 50% faster than the (brand new) Microdrive.  Seek times
are comparable (avg. 12ms ea.).  Power consumption: the Microdrive is
3.3v, .305A.  The Travelstar is 5v, ~0.5A.  So yes, the Microdrive uses
less power, but based on the size, yes, looks like a comparable or
higher heat density (- temp).

That six year old drive is, well, six years old.  Yes, I'm sure they
aren't the most reliable devices around, but it was working when I
pulled it out of the machine and I'm betting on them being more reliable
than the relatively cutting-edge Microdrives.  Those ultra-small drives
aren't designed for reliability...

I managed to toast two laptop hard disks in a couple weeks.  Then I
found the very powerful magnet I had absent-mindedly stuck in the laptop
case...other than that, I've had decent luck with the things (i.e., no
other failures, but I'm a light laptop user...and usually up the disk
size before it gets too many hours on it).

 On 7/15/05, Rod.. Whitworth [EMAIL PROTECTED] wrote:
 I am about to implement some firewalls using Soekris 4801 systems.
 
 There are many good documents about using various ways to do this using
 CF and assorted RAM-drive etc methods.
 
 What I am looking for are comments from people who have tried some of
 these techniques and have experience on some facets of competeting ways
 to do the job.
 
 I see that we can use:
 CF
 Microdrive (in a CF slot)
 2.5 IDE laptop drive.

Personally, I see the Soekris boxes as the ultimate in small, silent and
low power.  If I were to want to use anything OTHER than CF, I'd
probably use a bigger box for other benefits.

 Way back I would have dropped CF where I need logging and some other
 persistent data storage (spamdb etc) due to the limited cycle life. Now
 I hear this in not an issue. Does this fact make this choice a prime
 candidate?

All devices can fail.  (heh.  sounds too much like that phrase, All
software has bugs...which is usually used as an excuse to quit trying
to do better)
People expecting their flash storage to last forever because it has no
moving parts are going to be dissapointed, I suspect.

On the other hand, it doesn't sound like they just work for six months
and die.

Due to their relative low price, you could probably set up a service
contract, and ship out new (updated) drives yearly, and never have to
worry about the finite write cycles.

*IF* you could find an adapter that works (hint: it isn't trivial), the
SD flash cards are interesting (to me) because they have a write-protect
switch.  For the moment, we'll just not talk about how much money I
spent on adapters, over and over, just to find out NONE of the ones I
bought delt with the 3.3v to 5v conversion properly. (not that this is
useful if you want durable logs)

Some time back, I set up a CF wireless AP bridge.  Just did a very
normal OpenBSD install, the ONLY Flash-specific mods were to use the
noatime option and make no swap partition.  It ran for well over a
year without issue before network changes prompted me to power it down.
 Flash media still has a finite number of writes for any particular bit,
but apparently the modern ones do read-after-write verifies and
automatic failed-cell replacement from a sizable pool of spares.  So
that finite life could be very long.

 
 Using spinning storage begs the question as to whether either flavour
 will automatically spin down when idle for some time? Alternatively can
 I do this another way?

If you want any kind of logging/database, you probably don't ever want
the drive to spin down.  Well, probably.  Maybe boot from flash, run and
live off flash, log to MFS, and as part of the nightly /etc/daily.local
process, spin up a real disk, back up the MFS disks to hard storage.  Or
heck, even to the flash -- one burst of writing is better than a write

nmap Over pppoe

[Melameth, Daniel D.]

Anyone else experiencing issues when scanning a host on the Internet and
using pppoe?  It's as if nmap never sees the packets, but tcpdump
clearly shows packets being received.  I'm running 3.7 -release and nmap
works fine when scanning on all the other interfaces.  This issue is
reproducible with pf enabled and disabled.  Thoughts appreciated...

$ sudo nmap -v -P0 -O 208.139.x.x

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-07-15 17:38
MDT
Initiating SYN Stealth Scan against 208.139.x.x [1663 ports] at 17:38
SYN Stealth Scan Timing: About 8.78% done; ETC: 17:43 (0:05:14
remaining)
The SYN Stealth Scan took 337.75s to scan 1663 total ports.
Warning:  OS detection will be MUCH less reliable because we did not
find at least 1 open and 1 closed TCP port
Host 208.139.x.x appears to be up ... good.
All 1663 scanned ports on 208.139.x.x are: filtered
Too many fingerprints match this host to give specific OS details
TCP/IP fingerprint:
SInfo(V=3.81%P=i386-unknown-openbsd3.7%D=7/15%Tm=42D84A53%O=-1%C=-1)
T5(Resp=N)
T6(Resp=N)
T7(Resp=N)
PU(Resp=N)

Nmap finished: 1 IP address (1 host up) scanned in 375.502 seconds
   Raw packets sent: 3344 (134KB) | Rcvd: 0 (0B)

$ sudo tcpdump -ni pppoe0 src host 208.139.x.x
tcpdump: listening on pppoe0, link-type PPP_ETHER
17:38:05.191581 208.139.x.x.22  216.160.x.x.50360: S
2447336077:2447336077(0) ack 1845698994 win 16384 mss 1460 (DF)
17:38:07.222825 208.139.x.x.22  216.160.x.x.50361: S
4087438315:4087438315(0) ack 1845633457 win 16384 mss 1460 (DF)
17:38:08.212759 208.139.x.x.80  216.160.x.x.50360: S
3547667142:3547667142(0) ack 1845698994 win 16384 mss 1460 (DF)
17:38:09.231993 208.139.x.x.80  216.160.x.x.50361: S
2807575700:2807575700(0) ack 1845633457 win 16384 mss 1460 (DF)

Re: Choices for Soekris disk drives

[Pedro la Peu]

 What I am looking for

It depends what you need. You didn't say.

Re: get bittorrent to work via pf

[hellsop]

On Fri, Jul 15, 2005 at 04:48:01PM -0500, Shawn K. Quinn wrote:
 On Fri, 2005-07-15 at 15:15 -0500, [EMAIL PROTECTED] wrote:
  rdr on $ext_if proto {tcp, udp} from any to $ext_ip port 6881 -
  192.168.1.38 port 6881
  
  has worked for me. Replace 192.168.1.38 with the address of the
  machine you want to allow to play on BT.
 
 You don't need UDP for BitTorrent, AFAIK.

Possibly it's not necessary, but the client in use at the time
complained of no UDP access and shut up when it was opened... YMMV.

-- 
A way of life that is odd or even erratic but interferes with no rights or
interests of others is not to be condemned because it is different.
-- Chief Justice Warren E. Burger

Re: Alpha CS20 wanted

[Matthew Clarke]

vendredi, le 15 juillet, 2005, Michael Erdely nous a dit ceci:

 On 7/15/05, Kevin [EMAIL PROTECTED] wrote:
  This is one of those places where given its importance to the
  community, some more of us can--and really should--step up immediately
  and help cover the small cost. We're talking about a lousy $500 or so
  in pledges that we're short, so covering this should be trivial with a
  few (even $10 or $20) donations.
 
 I'd be glad to donate $50.  I can either send a check or use Paypal. 
 Just say when and where and how.
 
  Let's help get things back on solid footing once more.
  
  
  Best,
  Kevin Smith
 
 -ME

I can chip in USD 100.  In fact, I just sent it as a donation through the
usual OpenBSD North America secure ordering form.

Matt.
-- 
On two occasions I have been asked [by members of Parliament!], `Pray, Mr.
Babbage, if you put into the machine wrong figures, will the right answers
come out?'  I am not able rightly to apprehend the kind of confusion of
ideas that could provoke such a question.  -- Charles Babbage

Re: Choices for Soekris disk drives

[knitti]

On 7/15/05, David M. N. Bryan [EMAIL PROTECTED] wrote:
 Not acording to SAN Disk's documentation.
 
 http://www.sandisk.com/pdf/oem/cf-manual-10.8.pdf
 
 They have 1,000,000 Hours MTBF.  That's ~114 years. (Page 8)

http://www.sandisk.com/industrial/cf-specs.asp

they claim 3M hours MTBF and 2M cycles.

just take a 256 mb card, do a standard install and make the same 
modifictions as done in flashdist (tmp, var is mfs, some /dev things 
are on mfs) and you can mount the cf card r/o. you can 
link -s /var/db/packages (which is in mfs) back to the installed /var/db
in the cf card, and can use pkg_* tools to install additional stuff 
after mount -o rw,noatime / . after everthing is done mount -o ro /, voila, 
you got a very easy maintainable and long lasting system. 

sync your logs to the cf card every day, do this with spamdb too,  if
you like, it should work.


--knitti

Re: get bittorrent to work via pf

[Jacob Meuser]

On Fri, Jul 15, 2005 at 03:53:02PM -0400, Vivek Ayer wrote:
 Hi all,
 
 I was wondering if anyone has gotten bit torrent (6881) as well as
 icecasting (8000) to work behind his/her openbsd firewall? What would
 I need to add in pf.conf? Thanks.

while this question was elready answered, noone pointed out that the
BitTorrent package installs a README.OpenBSD that explains this,
and has the pf rules you need, assuming that his/her openbsd
firewall is doing NAT.

it generally pays off to check the files installed by a port/
package, especially if one is called README.OpenBSD.

$ pkg_info -L packagename

to see the installed files.

-- 
[EMAIL PROTECTED]

Re: Graphics Editor

[Jacob Meuser]

On Fri, Jul 15, 2005 at 05:09:53PM -0400, Seth Jackson wrote:
 I was wondering what I should use for graphics editing on OpenBSD. I
 know there is the GIMP, but I didn't know if there were any other good
 graphics editing programs for OpenBSD. Also, what was the art on the
 OpenBSD.org homepage created with?

graphics is pretty generic.  bitmaps?  vector traces?  motion video?
and what exactly do you want to do with these graphics?  you talk
about edit, then ask about create.

did you try

$ cd /usr/ports
$ make search key=graphics

?

what about

$ cd /usr/ports/graphics
$ make show=COMMENT

?

-- 
[EMAIL PROTECTED]