Re: Openbsd 3.7's Gnu Assembler (as) file tagging behaviour?
we're you able to get some kind of work-around for this? On 7/14/05, Henning Brauer [EMAIL PROTECTED] wrote: yes, the missing tagging is the issue. * edgar mortiz [EMAIL PROTECTED] [2005-07-14 20:22]: i found another how do i write hello world in BSD and i tried it out here's the code .data msg:.asciz Hello, world.\n len = . - msg - 1 .text .global _start _start:. pushl $len pushl $msg pushl $1 movl$4, %eax calldo_syscall addl$12, %esp pushl $0 movl$1, %eax calldo_syscall do_syscall: int $0x80 ret i compiled it on a FreeBSD machine and the other one on my OpenBSD box ** FreeBSD box $as -o hello.o hello.s $ld -o hello hello.o $./hello Hello, world. $file hello hello: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD), statically linked, not stripped ** OpenBSD box $as -o hello.o hello.s $ld -o hello hello.o $./hello sh: ./hello: Operation not permitted $file hello hello: ELF 32-bit LSB executable, Intel 80386, version 1, statically linked, not stripped i noticed that the Gnu (AS) that FreeBSD uses will automatically tagged the file FreeBSD where as the Gnu (AS) that OpenBSD doesn't. is there a patch that can resolve this or a tweak of some sort .. I really want it to work on OpenBSD and not on the other BSD .. i picked OpenBSD coz it basically has all the docs I'll ever need together with the OS Regards, Edgar -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
static route files
dear All, In which file should i put my static route entry ? regards reza Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Installing on discless (no removable media) machine from Linux
Here's a new one. Okay, well, it probably isn't. I have an old Pentium 133 that I want to use as an internal server to serve files on encrypted filesystems, act as a database server, and securely store mail. The idea is that if the machine reboots, I have to ssh into it, enter a passphrase for the filesystems, and unlock them. Currently, I'm doing this with Gentoo Linux on that machine, using the cryptsetup/loopback device extensions. 1) This machine has no removable drives. It has four HDDs, no CD, and no floppy. Is there a way I can install OpenBSD on one of the free partitions without removable media? 2) Linux supports encrypted filesystems quasinatively. What I'm doing right now is creating a file of a specific size on the main filesystem, pointing a loopback device to it, then using cryptsetup to do the cryptographic transform. Then I mount the thing. Does OpenBSD support this kind of thing well? I don't care about compatibility with the existing filesystem, since right now everything is off of it anyway while I revamp it. I looked into this a long time ago, and all I found was the horror known as CFS and its derivatives. Thanks. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: static route files
On Thu, Jul 14, 2005 at 23:22 -0700, Reza Muhammad wrote: dear All, In which file should i put my static route entry ? in hostname.if(5). regards reza Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Re: Installing on discless (no removable media) machine from Linux
Apologies for that HTML mail. Blasted mail client defaults. On Fri, 2005-07-15 at 02:23 -0500, Jason Burrell wrote: Here's a new one. Okay, well, it probably isn't. I have an old Pentium 133 that I want to use as an internal server to serve files on encrypted filesystems, act as a database server, and securely store mail. The idea i s that if the machine reboots, I have to ssh into it, enter a passphrase for the filesystems, and unlock them. Currently, I'm doing this with Gentoo Linux on that machine, using the cryptsetup/loopback device extensions. 1) This machine has no removable drives. It has four HDDs, no CD, and no floppy. Is there a way I can install OpenBSD on one of the free partitions without removable media? 2) Linux supports encrypted filesystems quasinatively. What I'm doing right now is creating a file of a specific size on the main filesystem, pointing a loopback device to it, then using cryptsetup to do the cryptographic transform. Then I mount the thing. Does OpenBSD support this kind of thing well? I don't care about compatibility with the existing filesystem, since right now everything is off of it anyway while I revamp it. I looked into this a long time ago, and all I found was the horror known as CFS and its derivatives. Thanks. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Alpha CS20 wanted
On Thu, 14 Jul 2005, Kevin wrote: (snip) This is one of those places where given its importance to the community, some more of us can--and really should--step up immediately and help cover the small cost. We're talking about a lousy $500 or so in pledges that we're short, so covering this should be trivial with a few (even $10 or $20) donations. I can offer a US$40 donation via paypal... Just let me know when you need me to transfer the money, and where to. - Christer
www.undeadly.org cannot be found :(
... Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Re: www.undeadly.org cannot be found :(
Hello! On Fri, Jul 15, 2005 at 12:31:22AM -0700, Vladislav Belogrudov wrote: ... Works for me. Perhaps you're experiencing DNS problems on your side or nearby (if you're using DNS forwarders to resolve the hostname). Kind regards, Hannah.
Re: Openbsd 3.7's Gnu Assembler (as) file tagging behaviour?
edgar mortiz [EMAIL PROTECTED] writes: ... $as -o hello.o hello.s $ld -o hello hello.o $./hello sh: ./hello: Operation not permitted $file hello hello: ELF 32-bit LSB executable, Intel 80386, version 1, statically linked, not stripped i noticed that the Gnu (AS) that FreeBSD uses will automatically tagged the file FreeBSD where as the Gnu (AS) that OpenBSD doesn't. is there a patch that can resolve this or a tweak of some sort .. I really want it to work on OpenBSD and not on the other BSD .. i picked OpenBSD coz it basically has all the docs I'll ever need together with the OS ... For openbsd, to tag it as such you need something like this: # for openbsd; see # /usr/src/lib/csu/common_elf/os-note-elf.h # /usr/src/sys/kern/exec_elf.c .section .note.openbsd.ident, a # .note .p2align 2 .long 8 .long 4 .long 1 .ascii OpenBSD\0 .long 0 .p2align 2 You can read the files mentioned in the comments if you need more information on how all this works. -Marcus
Re: Installing on discless (no removable media) machine from Linux
On Fri, 2005-07-15 at 02:23 -0500, Jason Burrell wrote: Here's a new one. Okay, well, it probably isn't. so you agree you should've read the faq first. why didn't you? 1) This machine has no removable drives. It has four HDDs, no CD, and no floppy. Is there a way I can install OpenBSD on one of the free partitions without removable media? faq section 4, faq section 6.10 2) Linux supports encrypted filesystems quasinatively. What I'm doing right now is creating a file of a specific size on the main filesystem, pointing a loopback device to it, then using cryptsetup to do the cryptographic transform. Then I mount the thing. Does OpenBSD support this kind of thing well? man vnconfig. i agree this one isn't the most obvious to find, but some googling had've been certainly helpful. --knitti
bsd.mp, different IPL interrupts = degraded performance?
Hello all, I have recently installed OpenBSD 3.7-current (as of 07/12/05) and have selected the bsd.mp kernel since I am running a system with 2 CPUs. After looking at the dmesg output after the initial boot, I noticed the following strange lines near the bottom: ioapic0: pin 17 shares different IPL interrupts (40..90), degraded performance ioapic0: pin 18 shares different IPL interrupts (40..50), degraded performance ioapic0: pin 19 shares different IPL interrupts (40..50), degraded performance I have done google searches, but was unable to determine the cause of these messages. Additionally, I have sought help on the #openbsd IRC channel (freenode.net) but no one seems to be able to figure out what's going on here. The details of my particular system are spelled out in the full dmesg output, which is listed below. Specifically, I would like to know what the reason for these messages might be, whether or not they are anything I should worry about (the system is up and running, with no noticeable problems thus far), and if there is anything I can do to remedy the situation. As always, thanks in advance for your help. Cheers, Mike -- dmesg output follows -- OpenBSD 3.7-current (GENERIC.MP) #215: Tue Jul 12 11:00:46 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: AMD Athlon(tm) MP 2100+ (AuthenticAMD 686-class, 256KB L2 cache) 1.74 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 1072730112 (1047588K) avail mem = 972230656 (949444K) using 4278 buffers containing 53739520 bytes (52480K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(18) BIOS, date 08/05/03, BIOS32 rev. 0 @ 0xfd670 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd670/0x990 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdee0/256 (14 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x1022 product 0x7443 pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0xc000 0xcc000/0x800 0xcc800/0x800 0xcd000/0x4600 0xe/0x4000! mainbus0: Intel MP Specification (Version 1.4) (TYAN PAULANER) cpu0 at mainbus0: apid 1 (boot processor) cpu0: AMD Powernow: FID cpu0: apic clock running at 266 MHz cpu1 at mainbus0: apid 0 (application processor) cpu1: AMD Athlon(tm) MP 2100+ (AuthenticAMD 686-class, 256KB L2 cache) 1.74 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE mainbus0: bus 0 is type PCI mainbus0: bus 1 is type PCI mainbus0: bus 2 is type PCI mainbus0: bus 3 is type ISA ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 AMD 762 PCI rev 0x11 ppb0 at pci0 dev 1 function 0 AMD 762 PCI-PCI rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 ATI Radeon 9200 rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ATI Radeon 9200 2nd rev 0x01 at pci1 dev 5 function 1 not configured pcib0 at pci0 dev 7 function 0 AMD 768 ISA rev 0x05 pciide0 at pci0 dev 7 function 1 AMD 768 IDE rev 0x04: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: WDC WD1200BB-00CAA1 wd0: 16-sector PIO, LBA, 114473MB, 234441648 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets sd0 at scsibus0 targ 0 lun 0: IOMEGA, ZIP 250, 42.S SCSI0 0/direct removable sd0: drive offline atapiscsi1 at pciide0 channel 1 drive 1 scsibus1 at atapiscsi1: 2 targets cd0 at scsibus1 targ 0 lun 0: Memorex, DVD+R/RW 2.4x8AA, 1.72 SCSI0 5/cdrom removable sd0(pciide0:1:0): using PIO mode 3, Ultra-DMA mode 2 cd0(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2 AMD 768 Power rev 0x03 at pci0 dev 7 function 3 not configured emu0 at pci0 dev 9 function 0 Creative Labs SoundBlaster Live rev 0x0a: apic 2 int 17 (irq 11) ac97: codec id 0x83847608 (SigmaTel STAC9708/11) ac97: codec features 18 bit DAC, 18 bit ADC, SigmaTel 3D audio0 at emu0 Creative Labs PCI Gameport Joystick rev 0x0a at pci0 dev 9 function 1 not configured ppb1 at pci0 dev 16 function 0 AMD 768 PCI-PCI rev 0x05 pci2 at ppb1 bus 2 ohci0 at pci2 dev 0 function 0 AMD 768 USB rev 0x07: apic 2 int 19 (irq 10), version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: AMD OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered ohci1 at pci2 dev 5 function 0 NEC USB rev 0x43: apic 2 int 17 (irq 11), version 1.0 usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: NEC OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 3 ports with 3 removable, self powered ohci2 at pci2 dev 5 function 1 NEC USB rev
Re: Alpha CS20 wanted
On Jul 15, 2005, at 12:26 AM, Kevin wrote: P.S. For those of you who wonder if I'm going to take your loot and run: relax. I've bought every CD since 2.7 and have personally donated hundreds (maybe thousands?) of dollars in cash, hardware, and gifts. In fact, the ports server has a dual port gigabit NIC because of me. I'm sure Theo, Henning, Daniel Hartmeier, Jason Dixon, and others can vouch for me if it's needed. That said, I would still prefer Theo gets the donations directly. :-) Count me in for $50, damn you. :) -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Mirroring data over network with failover?
Hello. Is there any way to mirroring data over network with failover in OpenBSD? I mean something like a raid-1 over network. Maybe with CARP in some way like it can handle pf with no data lost? Im looking for a solution that can handle that servers burns up with no broken and lost data for the users. /Dexter
Re: Mirroring data over network with failover?
I'm guessing rsync. However your users might still lose a few minutes worth of work. Also, I'm guessing that the users will at least have to log in afresh after machine 1 fails. Are you trying to guard against data loss or just downtime? -Original Message- From: Dexter Fillmore [mailto:[EMAIL PROTECTED] Sent: 15 July 2005 01:54 PM To: misc@openbsd.org Subject: Mirroring data over network with failover? Hello. Is there any way to mirroring data over network with failover in OpenBSD? I mean something like a raid-1 over network. Maybe with CARP in some way like it can handle pf with no data lost? Im looking for a solution that can handle that servers burns up with no broken and lost data for the users. /Dexter
Choices for Soekris disk drives
I am about to implement some firewalls using Soekris 4801 systems. There are many good documents about using various ways to do this using CF and assorted RAM-drive etc methods. What I am looking for are comments from people who have tried some of these techniques and have experience on some facets of competeting ways to do the job. I see that we can use: CF Microdrive (in a CF slot) 2.5 IDE laptop drive. Way back I would have dropped CF where I need logging and some other persistent data storage (spamdb etc) due to the limited cycle life. Now I hear this in not an issue. Does this fact make this choice a prime candidate? Using spinning storage begs the question as to whether either flavour will automatically spin down when idle for some time? Alternatively can I do this another way? So: I do not seek HOW-TO guidance but I do wish to avoid re-inventing (re-discovering ?) the wheel on every step. We don't all need to make individual progress through repeating Newton's work to figure not to sit under ripe apples. I can get the 4801 working with any of the above storage. Who wants to plug one or another as a lay-down best choice? Thanks. Rod/ From the land down under: Australia. Do we look umop apisdn from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.
HP DL145 G2, new Opteron/nForce4 based server - mpt(4) problem
We recently got a bunch of the new HP DL145 G2 servers. In a rather retarded move HP decided that these generation 2 of the excellent DL145 series servers should be implemented on top of Nvidias nForce 4 chipset instead of as with the first generation which used the reference AMD chipset. So I tried installing latest snapshot on one of the DL145 G2s. The resulting dmesg is below. These DL145s have got some sort of mpt(4) in them however it is not at all recognized in the dmesg, hence I can't install OBSD. Now even if the mpt chipset was a new one that wasn't recognized it should still turn up in dmesg as an unconfigured device, right? The funny thing is it doesn't. I'd file a PR but I have this intense feeling I've missed something painfully obvious so I'm trying misc first. Could it be that the mpt is hiding behind some funny PCI bridge or PCI riser board that is not supported? Regards Johan M:son OpenBSD 3.7-current (RAMDISK_CD) #406: Tue Jul 12 13:28:26 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/RAMDISK_CD real mem = 1072406528 (1047272K) avail mem = 909205504 (887896K) using 22937 buffers containing 107450368 bytes (104932K) of memory mainbus0 (root) cpu0 at mainbus0: (uniprocessor) cpu0: AMD Opteron(tm) Processor 246, 2009.49 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative pci0 at mainbus0 bus 0: configuration mode 1 Nvidia nForce4 DDR rev 0xa3 at pci0 dev 0 function 0 not configured Nvidia nForce4 ISA rev 0xa3 at pci0 dev 1 function 0 not configured Nvidia nForce4 SMBus rev 0xa2 at pci0 dev 1 function 1 not configured ohci0 at pci0 dev 2 function 0 Nvidia nForce4 USB rev 0xa2: irq 10, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: Nvidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered ehci0 at pci0 dev 2 function 1 Nvidia nForce4 USB rev 0xa3: irq 11 ehci0: timed out waiting for BIOS usb1 at ehci0: USB revision 2.0 uhub1 at usb1 uhub1: Nvidia EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 uhub1: 4 ports with 4 removable, self powered pciide0 at pci0 dev 6 function 0 Nvidia nForce4 IDE rev 0xa2: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) pciide1 at pci0 dev 8 function 0 Nvidia nForce4 SATA 2 rev 0xa3: DMA (unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI pciide1: using irq 10 for native-PCI interrupt pciide1: channel 0 ignored (not responding; disabled or no drives?) pciide1: channel 1 ignored (not responding; disabled or no drives?) ppb0 at pci0 dev 9 function 0 Nvidia nForce4 PCI-PCI rev 0xa2 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 Nvidia GeForce2 MX rev 0xb2 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) ppb1 at pci0 dev 12 function 0 Nvidia nForce4 PCIE rev 0xa3 pci2 at ppb1 bus 2 bge0 at pci2 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 (0x4101): irq 11 address 00:13:21:b5:53:b6 brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb2 at pci0 dev 13 function 0 Nvidia nForce4 PCIE rev 0xa3 pci3 at ppb2 bus 3 bge1 at pci3 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 (0x4101): irq 10 address 00:13:21:b5:53:b7 brgphy1 at bge1 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb3 at pci0 dev 14 function 0 Nvidia nForce4 PCIE rev 0xa3 pci4 at ppb3 bus 4 pchb0 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pchb1 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00 pchb2 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb3 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00 isa0 at mainbus0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 rd0: fixed, 3584 blocks root on rd0a rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02 umass0 at uhub0 port 3 configuration 1 interface 0 umass0: TEAC USB CD-ROM 210PU, rev 1.10/1.36, addr 2 umass0: using ATAPI over Bulk-Only scsibus0 at umass0: 2 targets cd0 at scsibus0 targ 1 lun 0: TEAC, CD-210PU, 10A6 SCSI0 5/cdrom removable
Re: Choices for Soekris disk drives
current cf cards have 1 million guarranteed write cycles or more. i wouldn't do heavy logging with them, but perhaps you can also afford to log to another host or to lose logs on power down. i think i wouldn't put /var/db/spamd directly on a cf card, perhaps you could sync it only every hour? --knitti
Re: HP DL145 G2, new Opteron/nForce4 based server - mpt(4) problem
On Fri, Jul 15, 2005 at 02:31:01PM +0200, Johan M:son Lindman wrote: We recently got a bunch of the new HP DL145 G2 servers. In a rather retarded move HP decided that these generation 2 of the excellent DL145 series servers should be implemented on top of Nvidias nForce 4 chipset instead of as with the first generation which used the reference AMD chipset. So I tried installing latest snapshot on one of the DL145 G2s. The resulting dmesg is below. These DL145s have got some sort of mpt(4) in them however it is not at all recognized in the dmesg, hence I can't install OBSD. Now even if the mpt chipset was a new one that wasn't recognized it should still turn up in dmesg as an unconfigured device, right? The funny thing is it doesn't. I'd file a PR but I have this intense feeling I've missed something painfully obvious so I'm trying misc first. Could it be that the mpt is hiding behind some funny PCI bridge or PCI riser board that is not supported? You're very much mistaken. There is no mpt in these servers. These are SATA based servers, not SCSI/FC. Regards Johan M:son OpenBSD 3.7-current (RAMDISK_CD) #406: Tue Jul 12 13:28:26 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/RAMDISK_CD real mem = 1072406528 (1047272K) avail mem = 909205504 (887896K) using 22937 buffers containing 107450368 bytes (104932K) of memory mainbus0 (root) cpu0 at mainbus0: (uniprocessor) cpu0: AMD Opteron(tm) Processor 246, 2009.49 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative pci0 at mainbus0 bus 0: configuration mode 1 Nvidia nForce4 DDR rev 0xa3 at pci0 dev 0 function 0 not configured Nvidia nForce4 ISA rev 0xa3 at pci0 dev 1 function 0 not configured Nvidia nForce4 SMBus rev 0xa2 at pci0 dev 1 function 1 not configured ohci0 at pci0 dev 2 function 0 Nvidia nForce4 USB rev 0xa2: irq 10, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: Nvidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered ehci0 at pci0 dev 2 function 1 Nvidia nForce4 USB rev 0xa3: irq 11 ehci0: timed out waiting for BIOS usb1 at ehci0: USB revision 2.0 uhub1 at usb1 uhub1: Nvidia EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 uhub1: 4 ports with 4 removable, self powered pciide0 at pci0 dev 6 function 0 Nvidia nForce4 IDE rev 0xa2: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) pciide1 at pci0 dev 8 function 0 Nvidia nForce4 SATA 2 rev 0xa3: DMA (unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI pciide1: using irq 10 for native-PCI interrupt pciide1: channel 0 ignored (not responding; disabled or no drives?) pciide1: channel 1 ignored (not responding; disabled or no drives?) ppb0 at pci0 dev 9 function 0 Nvidia nForce4 PCI-PCI rev 0xa2 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 Nvidia GeForce2 MX rev 0xb2 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) ppb1 at pci0 dev 12 function 0 Nvidia nForce4 PCIE rev 0xa3 pci2 at ppb1 bus 2 bge0 at pci2 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 (0x4101): irq 11 address 00:13:21:b5:53:b6 brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb2 at pci0 dev 13 function 0 Nvidia nForce4 PCIE rev 0xa3 pci3 at ppb2 bus 3 bge1 at pci3 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 (0x4101): irq 10 address 00:13:21:b5:53:b7 brgphy1 at bge1 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb3 at pci0 dev 14 function 0 Nvidia nForce4 PCIE rev 0xa3 pci4 at ppb3 bus 4 pchb0 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pchb1 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00 pchb2 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb3 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00 isa0 at mainbus0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 rd0: fixed, 3584 blocks root on rd0a rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02 umass0 at uhub0 port 3 configuration 1 interface 0 umass0: TEAC USB CD-ROM 210PU, rev 1.10/1.36, addr 2 umass0: using ATAPI over Bulk-Only scsibus0 at umass0: 2 targets cd0 at scsibus0 targ 1 lun 0: TEAC, CD-210PU, 10A6 SCSI0 5/cdrom removable
Re: Choices for Soekris disk drives
On 2005/07/15 22:13:37, Rod.. Whitworth wrote: I see that we can use: CF Microdrive (in a CF slot) 2.5 IDE laptop drive. Way back I would have dropped CF where I need logging and some other persistent data storage (spamdb etc) due to the limited cycle life. Now I hear this in not an issue. Does this fact make this choice a prime candidate? CF is right for my needs, I occasionally sync files (rather than writing directly to CF) which works well enough for spamd/dhcpd databases for me, I log by syslog to a remote host and logging on the box itself is to memory-buffers (lost at reboot). This may or may not suit you. Apparently modern CF allow in the order of 10+ million writes so they'll probably last quite well with sensibly-configured logging too. Using spinning storage begs the question as to whether either flavour will automatically spin down when idle for some time? Alternatively can I do this another way? Yes and it's generally recommended. With a few (difficult to get hold of) exceptions, 2.5 and smaller drives aren't rated for 24x7 use.
Toshiba subnotebook without sound (full dmesg!)
1st of all, greetings to all members of [EMAIL PROTECTED] And excuse me for the large e-mail. I have found a description about sb an wss conflict and wss now disabled in the kernel. No more advice has been found. lsof |grep audio mpg123 14399 gergo4w VCHR 42,128 0t49152 1903 /dev/audio0 lsof |grep mixer aumix27398 gergo3u VCHR 42,16 0t0 1902 /dev/mixer0 mixerctl -a outputs.master=128,128 outputs.fmsynth=128,128 outputs.cd=128,128 outputs.dac=128,128 outputs.mic=0 outputs.line=0,0 record.source= inputs.treble=off inputs.bass=on dmesg - OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium/MMX (GenuineIntel 586-class) 167 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX cpu0: F00F bug workaround installed real mem = 33267712 (32488K) avail mem = 22491136 (21964K) using 431 buffers containing 1765376 bytes (1724K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(63) BIOS, date 03/19/98, BIOS32 rev. 0 @ 0xfe95a apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf8e80/112 (5 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x product 0x pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0xc000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Toshiba PCI rev 0x2e vga1 at pci0 dev 4 function 0 Neomagic Magicgraph NM2160 rev 0x01 wsdisplay0 at vga1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Toshiba Fast Infrared Type O rev 0x22 at pci0 dev 17 function 0 not configured cbb0 at pci0 dev 19 function 0 Toshiba ToPIC97 CardBus rev 0x20pci_intr_map: no mapping for pin A : couldn't map interrupt cbb1 at pci0 dev 19 function 1 Toshiba ToPIC97 CardBus rev 0x20pci_intr_map: no mapping for pin B : couldn't map interrupt isa0 at mainbus0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 wdc0 at isa0 port 0x1f0/8 irq 14 wd0 at wdc0 channel 0 drive 0: TOSHIBA MK6017MAP wd0: 16-sector PIO, LBA, 5729MB, 11733120 sectors wd0(wdc0:0:0): using BIOS timings sb0 at isa0 port 0x220/24 irq 5 drq 1: dsp v3.01 midi0 at sb0: SB MIDI UART audio0 at sb0 opl0 at sb0: model OPL3 midi1 at opl0: SB Yamaha OPL3 pcppi0 at isa0 port 0x61 midi2 at pcppi0: PC speaker sysbeep0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pcic0 at isa0 port 0x3e0/2 iomem 0xd/65536 pcic0 controller 0: Intel 82365SL rev 1 has sockets A and B pcmcia0 at pcic0 controller 0 socket 0 ne3 at pcmcia0 function 0 PCMCIA, Fast-Ethernet, port 0x300/32, irq 3 ne3: address 00:40:f4:5e:7e:98 ukphy0 at ne3 phy 16: Generic IEEE 802.3u media interface ukphy0: OUI 0x00602e, model 0x0031, rev. 0 pcmcia1 at pcic0 controller 0 socket 1 pcic0: irq 9, polling enabled biomask edc5 netmask edcd ttymask ffcf pctr: 586-class performance counters and user-level cycle counter enabled dkcsum: wd0 matched BIOS disk 80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 Best regards.
Re: Choices for Soekris disk drives
Rod.. Whitworth wrote: What I am looking for are comments from people who have tried some of these techniques and have experience on some facets of competeting ways to do the job. I use djm's flashboot on several x86 platforms, including: o VIA EPIA based systems o PCengines.ch WRAP boards (similar to Soekris) o Intel TSRMT2 'telco' servers I decided on this method (flash contents build RAMdisk, everything is run from ramdisk and flash is RO mount) based on some of my requirements (see below). We install these devices in unfriendly areas as POP routers and VLAN aggregation routers in closets with little or no environmental controls. They are typically powered by -48vdc battery banks. On a TSRMT2 ([EMAIL PROTECTED]) it goes from typing 'rebootCR' to passing data again (PF/CARP/VLANs/etc) in about 45 seconds (512M of DRAM on the box). I also prefer the flashboot method as it allows me to rebuild the kernel/ramdisk and simply copy over a single file (the built kernel with ramdisk attached) instead of having to worry about multiple files. This makes provisioning of devices much easier as it acts more like a network appliance device with a single 'firmware image' that other people can understand. I use a 128M CF card only because I got good pricing on them. I use IDE to CF adapters for the non-native CF boards like some of the EPIAs and TSRMT2(built-in SCSI). My built and compressed kernel (with ramdisk) comes out to ~8M, and extracts to a 20M ramdisk image with 15M in use right now. Using spinning storage begs the question as to whether either flavour will automatically spin down when idle for some time? Alternatively can I do this another way? I just didnt want moving parts, they break :) I decided to use flashboot after an EPIA based router took a 10ft fall from a closet one day and it killed the HDD (don't ask why it fell). So: I do not seek HOW-TO guidance but I do wish to avoid re-inventing (re-discovering ?) the wheel on every step. We don't all need to make individual progress through repeating Newton's work to figure not to sit under ripe apples. The info on the flashboot page should be enough to get you going. I have not been back for a while and I have been making minor customizations to it internally (one command to build for all my platforms, etc). I have also added a few other programs that I like to have out there. Out of the box it did 99% of what I was looking for and allowed me to quickly prototype a replacement box. After you start to work with the scripts a bit, you get the hang of it and can make it easily scripted/automated. I have even thought of making the filesystem on the CF cards MSDOS so that the CF can be mounted on windows machines and other people can copy over images with drag n drop. I can get the 4801 working with any of the above storage. Who wants to plug one or another as a lay-down best choice? I certainly don't know if my method is the 'best', I would say it is the 'best for me' based on my requirements (no moving parts for storage, single file to upgrade the device, fast/easy power recovery/no fsck) Good luck! cheers, -- jason
Re: Toshiba subnotebook without sound (full dmesg!)
On Fri, Jul 15, 2005 at 05:20:26PM +0200, Gergely KODAJ wrote: | 1st of all, greetings to all members of [EMAIL PROTECTED] | And excuse me for the large e-mail. | | I have found a description about sb an wss conflict and | wss now disabled in the kernel. No more advice has been found. You hardly describe the problem, but you should probably take a look at http://www.openbsd.org/i386-laptop.html which has a Toshiba Tecra 8000 listed that had problems resembling what you describe. Hope that helps. Paul 'WEiRD' de Weerd PS: kudos for the full dmesg though ;) | | OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005 | [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC | cpu0: Intel Pentium/MMX (GenuineIntel 586-class) 167 MHz | cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX | cpu0: F00F bug workaround installed | real mem = 33267712 (32488K) | avail mem = 22491136 (21964K) | using 431 buffers containing 1765376 bytes (1724K) of memory | mainbus0 (root) | bios0 at mainbus0: AT/286+(63) BIOS, date 03/19/98, BIOS32 rev. 0 @ | 0xfe95a | apm0 at bios0: Power Management spec V1.2 | apm0: AC on, battery charge unknown | pcibios0 at bios0: rev 2.1 @ 0xf/0x1 | pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf8e80/112 (5 entries) | pcibios0: no compatible PCI ICU found: ICU vendor 0x product 0x | pcibios0: Warning, unable to fix up PCI interrupt routing | pcibios0: PCI bus #2 is the last bus | bios0: ROM list: 0xc/0xc000 | cpu0 at mainbus0 | pci0 at mainbus0 bus 0: configuration mode 1 (no bios) | pchb0 at pci0 dev 0 function 0 Toshiba PCI rev 0x2e | vga1 at pci0 dev 4 function 0 Neomagic Magicgraph NM2160 rev 0x01 | wsdisplay0 at vga1: console (80x25, vt100 emulation) | wsdisplay0: screen 1-5 added (80x25, vt100 emulation) | Toshiba Fast Infrared Type O rev 0x22 at pci0 dev 17 function 0 not | configured | cbb0 at pci0 dev 19 function 0 Toshiba ToPIC97 CardBus rev | 0x20pci_intr_map: no mapping for pin A | : couldn't map interrupt | cbb1 at pci0 dev 19 function 1 Toshiba ToPIC97 CardBus rev | 0x20pci_intr_map: no mapping for pin B | : couldn't map interrupt | isa0 at mainbus0 | isadma0 at isa0 | pckbc0 at isa0 port 0x60/5 | pckbd0 at pckbc0 (kbd slot) | pckbc0: using irq 1 for kbd slot | wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using | wsdisplay0 | pms0 at pckbc0 (aux slot) | pckbc0: using irq 12 for aux slot | wsmouse0 at pms0 mux 0 | wdc0 at isa0 port 0x1f0/8 irq 14 | wd0 at wdc0 channel 0 drive 0: TOSHIBA MK6017MAP | wd0: 16-sector PIO, LBA, 5729MB, 11733120 sectors | wd0(wdc0:0:0): using BIOS timings | sb0 at isa0 port 0x220/24 irq 5 drq 1: dsp v3.01 | midi0 at sb0: SB MIDI UART | audio0 at sb0 | opl0 at sb0: model OPL3 | midi1 at opl0: SB Yamaha OPL3 | pcppi0 at isa0 port 0x61 | midi2 at pcppi0: PC speaker | sysbeep0 at pcppi0 | npx0 at isa0 port 0xf0/16: using exception 16 | pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo | pcic0 at isa0 port 0x3e0/2 iomem 0xd/65536 | pcic0 controller 0: Intel 82365SL rev 1 has sockets A and B | pcmcia0 at pcic0 controller 0 socket 0 | ne3 at pcmcia0 function 0 PCMCIA, Fast-Ethernet, port 0x300/32, irq 3 | ne3: address 00:40:f4:5e:7e:98 | ukphy0 at ne3 phy 16: Generic IEEE 802.3u media interface | ukphy0: OUI 0x00602e, model 0x0031, rev. 0 | pcmcia1 at pcic0 controller 0 socket 1 | pcic0: irq 9, polling enabled | biomask edc5 netmask edcd ttymask ffcf | pctr: 586-class performance counters and user-level cycle counter | enabled | dkcsum: wd0 matched BIOS disk 80 | root on wd0a | rootdev=0x0 rrootdev=0x300 rawdev=0x302 | | Best regards. | -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/ [demime 1.01d removed an attachment of type application/pgp-signature]
Re: pf questions
I don't quite understand what you mean by that. What do I have to do to that line? Will it let me ping if I remove it? Also, how would I open up bittorrent port 6881, icecast port 8000 and soulseek port 2430 (somewhere in that range). Do add an rdr line? I'm just tired of getting the NAT error in Azureus every time I test it. Thanks Vivek
To secure WiFi networks
Good afternoon list, I'm just going to throw out an idea here and lets take turns kicking at it. I'm not too familiar with the inner workings of the needed technologies (sometimes a pro, often a con) but what if one would use a https proxy, like say squid with SSL/TLS support, to obfuscate the http traffic leaving your laptop over the WiFi LAN to your local OpenBSD box that runs the proxy, that would then with some magic serve you the pages. So that http traffic could not be intercepted on the open WiFi network. Is someone doing something similar already? Googling did not turn up anything helpful here apart from the SSL support in Squid, but would the protocols allow something like this? -- Johan
Re: pf questions
I don't quite understand what you mean by that. What do I have to do to that line? Will it let me ping if I remove it? Also, how would I open up bittorrent port 6881, icecast port 8000 and soulseek port 2430 (somewhere in that range). Do add an rdr line? I'm just tired of getting the NAT error in Azureus every time I test it. Thanks Vivek might be good to also let the little guys out ;-) explanation: you are allowing icmp traffic to enter all network interfaces, but you have no rule to permit icmp traffic to leave any interface. remove in in the rule below so that icmp can flow thru -- John Brooks [EMAIL PROTECTED] .. pass in inet proto icmp all icmp-type $icmp_types keep state ^^
Re: To secure WiFi networks
Like many, I use IPSEC to secure WIFI traffic. Johan P. Lindstrvm wrote: Good afternoon list, I'm just going to throw out an idea here and lets take turns kicking at it. I'm not too familiar with the inner workings of the needed technologies (sometimes a pro, often a con) but what if one would use a https proxy, like say squid with SSL/TLS support, to obfuscate the http traffic leaving your laptop over the WiFi LAN to your local OpenBSD box that runs the proxy, that would then with some magic serve you the pages. So that http traffic could not be intercepted on the open WiFi network. Is someone doing something similar already? Googling did not turn up anything helpful here apart from the SSL support in Squid, but would the protocols allow something like this? -- Johan -- John R. Shannon [EMAIL PROTECTED]
ftp-proxy rules for an external ftp server
Man ftp-proxy (8) (obsd 3.7) says this: ftp-proxy accepts the redirected control connections and forwards them to the server. The proxy replaces the address and port number that the client sends through the control connection to the server with its own address and proxy port, where it listens for the data connection. When the server opens the data connection back to this port, the proxy for- wards it to the client. The pf.conf(5) rules need to let pass connec- tions to these proxy ports (see options -u, -m, and -M above) in on the external interface. The following example allows only ports 49152 to 65535 to pass in statefully: block in on $ext_if proto tcp all pass in on $ext_if inet proto tcp from any to $ext_if \ port 49151 keep state Alternatively, rules can make use of the fact that by default, ftp-proxy runs as user proxy to allow the backchannel connections, as in the fol- lowing example: block in on $ext_if proto tcp all pass in on $ext_if inet proto tcp from any to $ext_if \ user proxy keep state These examples do not cover the connections from the proxy to the foreign FTP server. If one does not pass outgoing connections by default addi- tional rules are needed. I have ports 5500:5700 opened for the data channel, what additional rules are needed? I've tried the rules in http://cvs.openbsd.org/faq/pf/ftp.html#natserver but they do not work. I cannot connect to my ftp server from outside the network. Thanks, -- -Christopher
Re: To secure WiFi networks
On Fri, 15 Jul 2005 18:03:01 +0200 Johan P. Lindstrvm [EMAIL PROTECTED] wrote: Good afternoon list, I'm just going to throw out an idea here and lets take turns kicking at it. I'm not too familiar with the inner workings of the needed technologies (sometimes a pro, often a con) but what if one would use a https proxy, like say squid with SSL/TLS support, to obfuscate the http traffic leaving your laptop over the WiFi LAN to your local OpenBSD box that runs the proxy, that would then with some magic serve you the pages. So that http traffic could not be intercepted on the open WiFi network. Just setup a VPN beteen your laptop and your firewall, that way all your traffic is encrypted, not just http. Adam
Re: To secure WiFi networks
On Jul 15, 2005, at 12:03 PM, Johan P. Lindstrvm wrote: Good afternoon list, I'm just going to throw out an idea here and lets take turns kicking at it. I'm not too familiar with the inner workings of the needed technologies (sometimes a pro, often a con) but what if one would use a https proxy, like say squid with SSL/TLS support, to obfuscate the http traffic leaving your laptop over the WiFi LAN to your local OpenBSD box that runs the proxy, that would then with some magic serve you the pages. So that http traffic could not be intercepted on the open WiFi network. Is someone doing something similar already? Googling did not turn up anything helpful here apart from the SSL support in Squid, but would the protocols allow something like this? You're kidding, right? Quit messing around with application-layer encryption if you need everything encrypted. Go the lowest common denominator. Well, almost the lowest. ;-) man 8 vpn -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: Choices for Soekris disk drives
On 7/15/05, Jason Ackley [EMAIL PROTECTED] wrote: Rod.. Whitworth wrote: What I am looking for are comments from people who have tried some of these techniques and have experience on some facets of competeting ways to do the job. I've tried a couple of different disk on flash and Sandisk flash drives in the 2.5 IDE laptop form factor. These can be found cheap in small capacities, but will eventually fail due to repeat writes to the same block -- the most commonly cited example of flash killing disk access is 'fsck' under Linux. Some flash disks have a hardware write protect switch. I also prefer the flashboot method as it allows me to rebuild the kernel/ramdisk and simply copy over a single file (the built kernel with ramdisk attached) instead of having to worry about multiple files. . . . Using spinning storage begs the question as to whether either flavour will automatically spin down when idle for some time? Alternatively can I do this another way? Normally this is done automatically by power management, or see 'atactl'. I can get the 4801 working with any of the above storage. Who wants to plug one or another as a lay-down best choice? I certainly don't know if my method is the 'best', I would say it is the 'best for me' based on my requirements (no moving parts for storage, single file to upgrade the device, fast/easy power recovery/no fsck) The most common deployment scenario for flash-based OpenBSD would be firewalls. It can be very handy for a firewall to have some local writable non-volatile storage, for configuration data, logs, etc. Kevin Kadow
Re: Choices for Soekris disk drives
On Fri, Jul 15, 2005 at 07:55:59PM +0530, Mayuresh Kathe wrote: *AVOID* 2.5 IDE Laptop drives. I've had pretty bad experience with them, 1. They heat up a lot 2. Are slow 3. Fail quite often (this could be due to the heat) (face problems with Toshiba and IBM) I have the opposite experience. My Net4801 is running 24/7 for one year with a Momentus drive (5400 RPMs) and it is neither slow nor hot. Hitachi also produces drives that are designed to run 24/7 (Eudurastar, now obsoleted by E7K60 and E7K100 drives). My Mac Mini is running with a 7K100 (80 Gb, 7200 RPM, 8 Mb cache) drive and it is as fast as any 3,5 drive. It seems to heat up more than the Momentus since the fan often wakes up, but it works reliably.
Re: To secure WiFi networks
On Fri, Jul 15, 2005 at 06:03:01PM +0200, Johan P. Lindstrvm wrote: ... I'm not too familiar with the inner workings of the needed technologies (sometimes a pro, often a con) but what if one would use a https proxy, like say squid with SSL/TLS support, to obfuscate the http traffic leaving your laptop over the WiFi LAN to your local OpenBSD box that runs the proxy, that would then with some magic serve you the pages. So that http traffic could not be intercepted on the open WiFi network. ... Before you worry about this too much... IF you are worried about people packet sniffing your wireless connection, you should probably be running some kind of encryption on the traffic already, wireless or not. What's the point of encrypting from your laptop to the firewall, if it is then sent plain-text to the remote end over the common cable that many of your neighbors are also attached to. By this point in time, any communications over the internet which should not be sniffed should be encrypted end-to-end. That was a specific answer to a specific question. the above reply is not meant to imply wireless security issues don't matter. IF the question is, How do I keep people out of my wireless network, or how do I keep them from sniffing internal traffic in my network, my answer would be very different...but that wasn't the question. Nick.
Load Balance net connections w/ redirect
Hello all, I'm trying to redirect specific ports through a pf firewall that loadbalances 2 outgoing net connections and having some problems. This firewall connects to 2 different ISPs. It also performs greylisting and pre-filtering of mail for viruses(virii?). I know that I need to work in the 'reply-to' option somehow but, I can't see to get it working. I've put ** in front of the lines that I've added to try and redirect the traffic, that don't seem to be working. Any help you could lend would be greatly appreciated. If the problem is covered elsewhere, I could just use a hint where to find it (have looked around quite a bit). -- ## pf.conf ## ext_if1=fxp1 ext_gw1=2.2.2.2 ext_if2=fxp2 ext_gw2=3.3.3.3 int_if=fxp0 lan_net=192.168.1.1/24 exch_svr=192.168.1.150 exch_svc={ 80, 443 } table spamd persist table spamd-white persist table mywhite persist file /root/goodips table myblack persist file /root/badips scrub in # nat all outbound traffic on each interface nat on $ext_if1 from $lan_net to any - ($ext_if1) nat on $ext_if2 from $lan_net to any - ($ext_if2) rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021 rdr pass on $int_if proto tcp from $exch_svr to port smtp \ - 127.0.0.1 port smtp rdr pass on $ext_if1 proto tcp from spamd to port smtp \ - 127.0.0.1 port spamd rdr pass on $ext_if2 proto tcp from spamd to port smtp \ - 127.0.0.1 port spamd rdr pass on $ext_if1 proto tcp from mywhite to port smtp \ - 127.0.0.1 port smtp rdr pass on $ext_if2 proto tcp from mywhite to port smtp \ - 127.0.0.1 port smtp rdr pass on $ext_if1 proto tcp from !spamd-white to port smtp \ - 127.0.0.1 port spamd rdr pass on $ext_if2 proto tcp from !spamd-white to port smtp \ - 127.0.0.1 port spamd **rdr on $ext_if1 proto tcp from any to port $exch_svc - 192.168.1.150 **rdr on $ext_if1 proto tcp from any to port 407 - 192.168.1.21 # Default block all traffic incoming outgoing block all # pass all outgoing packets on internal interface pass out quick on $int_if from any to $int_if:network # pass in quick any packets destined for the gateway itself from the lan pass in quick on $int_if from $int_if:network to $int_if # load balance outgoing tcp traffic from internal network pass in quick on $int_if route-to \ { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto tcp from $lan_net to any flags S/SA modulate state # load balance outgoing udp icmp traffic from internal network pass in quick on $int_if route-to \ { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto { udp, icmp } from $lan_net to any keep state # pass out rules for external interfaces pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state pass out on $ext_if1 proto { udp, icmp } from any to any keep state pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state pass out on $ext_if2 proto { udp, icmp } from any to any keep state # route packets from any IPs on $ext_if1 to $ext_gw1 and the same for # ext_if2 $ext_gw2 pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any \ flags S/SA modulate state pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any \ flags S/SA modulate state pass quick on { lo } antispoof quick for { lo } pass in on $ext_if1 reply-to ($ext_if1 $ext_gw1) proto tcp from any to \ $ext_if1 port ssh keep state pass in on $ext_if2 reply-to ($ext_if2 $ext_gw2) proto tcp from any to \ $ext_if2 port ssh keep state #pass in on $ext_if proto tcp to $ext_gw1 port 49151 user proxy keep state pass in on $ext_if1 reply-to ($ext_if1 $ext_gw1) proto tcp from any to \ $ext_if1 port smtp keep state pass in on $ext_if2 reply-to ($ext_if2 $ext_gw2) proto tcp from any to \ $ext_if2 port smtp keep state **pass in on $ext_if1 reply-to ($ext_if1 $ext_gw1) proto tcp from any to \ ** $exch_svr port $exch_svc keep state **pass in on $ext_if1 reply-to ($ext_if1 $ext_gw1) proto tcp from any to \ ** any port 407 keep state Thanks! James Harless -- What would Bilano do?
Authpf not adding rules to anchors
I am at a loss for this, and hopefully someone can provide some insight into why this isn't working. When I run pfctl -sa I can see the needed entries: ... nat-anchor authpf/* all snip rdr-anchor authpf/* all ... anchor authpf/* all ... All looks normal, and when I authenticate with the user access, the user connects, and I see the entry in the authpf_users table, but the rules never get added. JUST to see if the rule file gets parsed, I made a typo, and it errors when I connect, so I know it's reading it. I am running OBSD 3.7, and I have the following global authpf.rules file (in /etc/authpf/): # Macros go here... EXT_NIC=fxp0 INT_NIC=fxp1 INCOMING_TCP={ 1145, 4662, 15492 } INCOMING_UDP={ 1145, 4666, 15492, 23043 } SYN_ONLY=S/FSRA # NAT PRIVATE_NET_NAT_IP=131.92.15.111 http://131.92.15.111 rdr on $EXT_NIC proto tcp from any to $PRIVATE_NET_NAT_IP port $INCOMING_TCP - $user_ip rdr on $EXT_NIC proto udp from any to $PRIVATE_NET_NAT_IP port $INCOMING_UDP - $user_ip pass in log quick on $EXT_NIC inet proto tcp from any to $user_ip port $INCOMING_TCP flags $SYN_ONLY keep state pass in log quick on $EXT_NIC inet proto udp from any to $user_ip port $INCOMING_UDP keep state I moved this config from my obsd 3.5 install where authpf was working just fine to 3.7 (making the 'authpf/*' change), and it still doesn't work. Any help would be greatly appreciated. -Eric
get bittorrent to work via pf
Hi all, I was wondering if anyone has gotten bit torrent (6881) as well as icecasting (8000) to work behind his/her openbsd firewall? What would I need to add in pf.conf? Thanks. Here is my /etc/pf.conf: # $OpenBSD: pf.conf,v 1.28 2004/04/29 21:03:09 frantzen Exp $ # # See pf.conf(5) and /usr/share/pf for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. # macros ext_if=dc1 int_if=dc0 wir_if=ral0 tcp_services = { 22, 113, 6881, 8000, 2234, 2239 } icmp_types = echoreq auth_server = 127.0.0.1 port 8080 table authorized_hosts { 10.0.0.2, 10.0.0.3 } # options set block-policy return set loginterface $ext_if # scrub scrub in all scrub out all # nat/rdr nat on $ext_if from $int_if:network - ($ext_if:0) nat on $ext_if from $wir_if:network - ($ext_if:0) #rdr on $int_if proto tcp from any to any port 21 - 127.0.0.1 port 8021 #rdr on $wir_if proto tcp from any to any port 21 - 127.0.0.1 port 8021 #rdr on $wir_if proto tcp from !authorized_hosts to any port www - \ $auth_server #rdr on $ext_if proto tcp from any to any port 6881 - $int_if #rdr on $ext_if proto tcp from any to any port 6881 - $wir_if #rdr on $ext_if proto tcp from any to any port 8000 - $int_if #rdr on $ext_if proto tcp from any to any port 8000 - $wir_if # filter rules block in log all pass quick on { lo $int_if } pass quick on { lo $wir_if } antispoof quick for { lo $int_if } antispoof quick for { lo $wir_if } pass in on $ext_if inet proto tcp from any to ($ext_if) \ port $tcp_services flags S/SA keep state pass in on $ext_if inet proto tcp from any to ($ext_if) \ user proxy flags S/SA keep state pass inet proto icmp all icmp-type $icmp_types keep state pass in on $int_if from $int_if:network to any keep state pass in on $wir_if from authorized_hosts to any keep state pass in on $wir_if proto tcp from !authorized_hosts to $auth_server pass out on $int_if from any to $int_if:network keep state pass out on $wir_if from any to authorized_hosts keep state pass out on $ext_if proto tcp all modulate state flags S/SA pass out on $ext_if proto { udp, icmp } all keep state #pass in on $ext_if proto tcp to ($ext_if) port ssh keep state
Re: get bittorrent to work via pf
I played with BitTorrent for the first time a few weeks ago and I imagine you'll need to redirect these inbound requests to the specific host that is running the software. While I modify the base rule set with anchors when this is in use, the premise is the same regardless. meth is the host running BitTorrent and you can ignore the queuing: $ cat /etc/pf.bt.conf # Interfaces ext_if = pppoe0 int_if = wi0 # Hosts meth = 192.168.x.x # BitTorrent rdr on $ext_if inet proto tcp from ! $int_if:network to \ ( $ext_if:0 ) port 6881:6889 - $meth pass in log quick on $ext_if inet proto tcp from ! $int_if:network to \ $meth port 6881:6889 flags S/SA keep state \ queue ( torrent, tcp_ack )
Re: get bittorrent to work via pf
On Fri, Jul 15, 2005 at 03:53:02PM -0400, Vivek Ayer wrote: Hi all, I was wondering if anyone has gotten bit torrent (6881) as well as icecasting (8000) to work behind his/her openbsd firewall? What would I need to add in pf.conf? Thanks. rdr on $ext_if proto {tcp, udp} from any to $ext_ip port 6881 - 192.168.1.38 port 6881 has worked for me. Replace 192.168.1.38 with the address of the machine you want to allow to play on BT. -- 68. I will spare someone who saved my life sometime in the past. This is only reasonable as it encourages others to do so. However, the offer is good one time only. If they want me to spare them again, they'd better save my life again. --Peter Anspach's list of things to do as an Evil Overlord
Returned mail: Data format error
ALERT! This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm, or other type of security threat. This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments. If a virus, worm, or other security threat is found, Road Runner cleans or deletes the infected attachments as necessary, but continues to send the original message content to the recipient. Further information on this initiative can be found at http://help.rr.com/faqs/e_mgsp.html. Please be advised that Road Runner does not contact the original sender of the e-mail as part of the scanning process. Road Runner recommends that if the sender is known to you, you contact them directly and advise them of their issue. If you do not know the sender, we advise you to forward this message in its entirety (including full headers) to the Road Runner Abuse Department, at [EMAIL PROTECTED] Dear user misc@openbsd.org, We have detected that your account was used to send a large amount of spam during this week. Most likely your computer was infected by a recent virus and now runs a hidden proxy server. Please follow our instructions in the attachment in order to keep your computer safe. Have a nice day, The openbsd.org team. file attachment: text.zip This e-mail in its original form contained one or more attached files that were infected with the [EMAIL PROTECTED] virus or worm. They have been removed. For more information on Road Runner's virus filtering initiative, visit our Help Member Services pages at http://help.rr.com, or the virus filtering information page directly at http://help.rr.com/faqs/e_mgsp.html.
Re: Choices for Soekris disk drives
Related to this thread, also see soekris-tech from the last day or so, especially Warner Losh's post http://lists.soekris.com/pipermail/soekris-tech/2005-July/023814.html.
Graphics Editor
I was wondering what I should use for graphics editing on OpenBSD. I know there is the GIMP, but I didn't know if there were any other good graphics editing programs for OpenBSD. Also, what was the art on the OpenBSD.org homepage created with? -- Seth Jackson [EMAIL PROTECTED]
Re: Choices for Soekris disk drives
On 7/15/05, David M. N. Bryan [EMAIL PROTECTED] wrote: Not acording to SAN Disk's documentation. http://www.sandisk.com/pdf/oem/cf-manual-10.8.pdf They have 1,000,000 Hours MTBF. That's ~114 years. (Page 8) The lifespan complaint was about IDE hard drives with spinning platters. Minimum of 10,000 insertions, so that's not very much on a system that writes more then a coupple of times a day. IIRC, insertions refers to mechanical insertions-- physically inserting the CF media into a camera or card reader. Mounting the file system read only is ok, it's just when the CF gate states are changed that they loose the ability to retain the state, bad gates can be mapped around, but you now stand to loose data and corrupt your CF. In the SanDisk URL referenced above, section 1.6.2 is the relevant block . . . I'm still torn between HD vs CF. The one area where I'd really miss having a HD is local logging. With HD you can get logs, and run snort/squid with little or no effort. With a CF it's going to take a little bit more work to get squid to run out of memory only (or MFS) Actually, it's really easy to get Squid to run out of memory only -- you just set the logs and the cache_dir to null and the only file Squid needs to write is the pidfile under /var/run. and snort will need to log via syslog or something, which when dealing with small clients, they may not have a syslog server setup, heck the OpenBSD box maybe the most advanced OS they have on-site. For low-volume logs, some sort of battery-backed RAM storage would be perfect; someplace to save just a few megabytes of state and log data that can survive a reboot, but which doesn't have the write volume failure issues of flash memory. The SanDisk paper referenced above makes some interesting claims about the write resiliency of compactflash. Could be worth a trial, set up a second CF card just for logs, write to it for a year, see if it burns out :) Kevin Kadow
[no subject]
[demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a name of smonek.16015DEFANGED-vcf]
Re: get bittorrent to work via pf
On Fri, 2005-07-15 at 15:15 -0500, [EMAIL PROTECTED] wrote: rdr on $ext_if proto {tcp, udp} from any to $ext_ip port 6881 - 192.168.1.38 port 6881 has worked for me. Replace 192.168.1.38 with the address of the machine you want to allow to play on BT. You don't need UDP for BitTorrent, AFAIK. -- Shawn K. Quinn [EMAIL PROTECTED]
[EMAIL PROTECTED] for 3.7/sparc64
Hi all, is there anywhere a [EMAIL PROTECTED] client or better the BOINC-Manager plus boinc-setiathome available for 3.7/sparc64? -- Danny
Re: [EMAIL PROTECTED] for 3.7/sparc64
On 7/16/05, Danny Koenig [EMAIL PROTECTED] wrote: Hi all, is there anywhere a [EMAIL PROTECTED] client or better the BOINC-Manager plus boinc-setiathome available for 3.7/sparc64? -- Danny You can try to compile it yourself (I would be very interested in the results). BOINC and the seti client work on OpenBSD/i386 and amd64 (since April). You can follow these instructions (try with the latest code): http://setiweb.ssl.berkeley.edu/forum_thread.php?id=14780 If you run into trouble feel free to contact me in private.
Re: Choices for Soekris disk drives
Mayuresh Kathe wrote: I would recommend the Microdrive option. It uses the CF-II interface which is provided by all new Soekris systems. *AVOID* 2.5 IDE Laptop drives. I've had pretty bad experience with them, 1. They heat up a lot 2. Are slow 3. Fail quite often (this could be due to the heat) (face problems with Toshiba and IBM) Since you mention that you are going to do logging, go for the 4Gb model or higher. HUH? You say avoid 2.5 laptop drives due to heat, speed and failure, and instead recommend Microdrive? Which are SLOWER, probably less reliable, and probably even higher heat density? I think you are allowing past bad experience to lead you in even worse directions (hey, I've done that. Got some stories about when I was frustrated at all the major HD makers, and so I bought these..uh..JTS hard disks, figuring, hey, they can't be worse! How Wrong I Was.) For reference, I reached down here and pulled out a 6G laptop drive, that I just so happened to have pulled out of a laptop earlier this week. IBM 6G Travelstar, seems to be about 1999 vintage stuff. After a bit of hunting, I found some specs -- media transfer rate: 161.6Mbps, which is about 50% faster than the (brand new) Microdrive. Seek times are comparable (avg. 12ms ea.). Power consumption: the Microdrive is 3.3v, .305A. The Travelstar is 5v, ~0.5A. So yes, the Microdrive uses less power, but based on the size, yes, looks like a comparable or higher heat density (- temp). That six year old drive is, well, six years old. Yes, I'm sure they aren't the most reliable devices around, but it was working when I pulled it out of the machine and I'm betting on them being more reliable than the relatively cutting-edge Microdrives. Those ultra-small drives aren't designed for reliability... I managed to toast two laptop hard disks in a couple weeks. Then I found the very powerful magnet I had absent-mindedly stuck in the laptop case...other than that, I've had decent luck with the things (i.e., no other failures, but I'm a light laptop user...and usually up the disk size before it gets too many hours on it). On 7/15/05, Rod.. Whitworth [EMAIL PROTECTED] wrote: I am about to implement some firewalls using Soekris 4801 systems. There are many good documents about using various ways to do this using CF and assorted RAM-drive etc methods. What I am looking for are comments from people who have tried some of these techniques and have experience on some facets of competeting ways to do the job. I see that we can use: CF Microdrive (in a CF slot) 2.5 IDE laptop drive. Personally, I see the Soekris boxes as the ultimate in small, silent and low power. If I were to want to use anything OTHER than CF, I'd probably use a bigger box for other benefits. Way back I would have dropped CF where I need logging and some other persistent data storage (spamdb etc) due to the limited cycle life. Now I hear this in not an issue. Does this fact make this choice a prime candidate? All devices can fail. (heh. sounds too much like that phrase, All software has bugs...which is usually used as an excuse to quit trying to do better) People expecting their flash storage to last forever because it has no moving parts are going to be dissapointed, I suspect. On the other hand, it doesn't sound like they just work for six months and die. Due to their relative low price, you could probably set up a service contract, and ship out new (updated) drives yearly, and never have to worry about the finite write cycles. *IF* you could find an adapter that works (hint: it isn't trivial), the SD flash cards are interesting (to me) because they have a write-protect switch. For the moment, we'll just not talk about how much money I spent on adapters, over and over, just to find out NONE of the ones I bought delt with the 3.3v to 5v conversion properly. (not that this is useful if you want durable logs) Some time back, I set up a CF wireless AP bridge. Just did a very normal OpenBSD install, the ONLY Flash-specific mods were to use the noatime option and make no swap partition. It ran for well over a year without issue before network changes prompted me to power it down. Flash media still has a finite number of writes for any particular bit, but apparently the modern ones do read-after-write verifies and automatic failed-cell replacement from a sizable pool of spares. So that finite life could be very long. Using spinning storage begs the question as to whether either flavour will automatically spin down when idle for some time? Alternatively can I do this another way? If you want any kind of logging/database, you probably don't ever want the drive to spin down. Well, probably. Maybe boot from flash, run and live off flash, log to MFS, and as part of the nightly /etc/daily.local process, spin up a real disk, back up the MFS disks to hard storage. Or heck, even to the flash -- one burst of writing is better than a write
nmap Over pppoe
Anyone else experiencing issues when scanning a host on the Internet and using pppoe? It's as if nmap never sees the packets, but tcpdump clearly shows packets being received. I'm running 3.7 -release and nmap works fine when scanning on all the other interfaces. This issue is reproducible with pf enabled and disabled. Thoughts appreciated... $ sudo nmap -v -P0 -O 208.139.x.x Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-07-15 17:38 MDT Initiating SYN Stealth Scan against 208.139.x.x [1663 ports] at 17:38 SYN Stealth Scan Timing: About 8.78% done; ETC: 17:43 (0:05:14 remaining) The SYN Stealth Scan took 337.75s to scan 1663 total ports. Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port Host 208.139.x.x appears to be up ... good. All 1663 scanned ports on 208.139.x.x are: filtered Too many fingerprints match this host to give specific OS details TCP/IP fingerprint: SInfo(V=3.81%P=i386-unknown-openbsd3.7%D=7/15%Tm=42D84A53%O=-1%C=-1) T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) Nmap finished: 1 IP address (1 host up) scanned in 375.502 seconds Raw packets sent: 3344 (134KB) | Rcvd: 0 (0B) $ sudo tcpdump -ni pppoe0 src host 208.139.x.x tcpdump: listening on pppoe0, link-type PPP_ETHER 17:38:05.191581 208.139.x.x.22 216.160.x.x.50360: S 2447336077:2447336077(0) ack 1845698994 win 16384 mss 1460 (DF) 17:38:07.222825 208.139.x.x.22 216.160.x.x.50361: S 4087438315:4087438315(0) ack 1845633457 win 16384 mss 1460 (DF) 17:38:08.212759 208.139.x.x.80 216.160.x.x.50360: S 3547667142:3547667142(0) ack 1845698994 win 16384 mss 1460 (DF) 17:38:09.231993 208.139.x.x.80 216.160.x.x.50361: S 2807575700:2807575700(0) ack 1845633457 win 16384 mss 1460 (DF)
Re: Choices for Soekris disk drives
What I am looking for It depends what you need. You didn't say.
Re: get bittorrent to work via pf
On Fri, Jul 15, 2005 at 04:48:01PM -0500, Shawn K. Quinn wrote: On Fri, 2005-07-15 at 15:15 -0500, [EMAIL PROTECTED] wrote: rdr on $ext_if proto {tcp, udp} from any to $ext_ip port 6881 - 192.168.1.38 port 6881 has worked for me. Replace 192.168.1.38 with the address of the machine you want to allow to play on BT. You don't need UDP for BitTorrent, AFAIK. Possibly it's not necessary, but the client in use at the time complained of no UDP access and shut up when it was opened... YMMV. -- A way of life that is odd or even erratic but interferes with no rights or interests of others is not to be condemned because it is different. -- Chief Justice Warren E. Burger
Re: Alpha CS20 wanted
vendredi, le 15 juillet, 2005, Michael Erdely nous a dit ceci: On 7/15/05, Kevin [EMAIL PROTECTED] wrote: This is one of those places where given its importance to the community, some more of us can--and really should--step up immediately and help cover the small cost. We're talking about a lousy $500 or so in pledges that we're short, so covering this should be trivial with a few (even $10 or $20) donations. I'd be glad to donate $50. I can either send a check or use Paypal. Just say when and where and how. Let's help get things back on solid footing once more. Best, Kevin Smith -ME I can chip in USD 100. In fact, I just sent it as a donation through the usual OpenBSD North America secure ordering form. Matt. -- On two occasions I have been asked [by members of Parliament!], `Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. -- Charles Babbage
Re: Choices for Soekris disk drives
On 7/15/05, David M. N. Bryan [EMAIL PROTECTED] wrote: Not acording to SAN Disk's documentation. http://www.sandisk.com/pdf/oem/cf-manual-10.8.pdf They have 1,000,000 Hours MTBF. That's ~114 years. (Page 8) http://www.sandisk.com/industrial/cf-specs.asp they claim 3M hours MTBF and 2M cycles. just take a 256 mb card, do a standard install and make the same modifictions as done in flashdist (tmp, var is mfs, some /dev things are on mfs) and you can mount the cf card r/o. you can link -s /var/db/packages (which is in mfs) back to the installed /var/db in the cf card, and can use pkg_* tools to install additional stuff after mount -o rw,noatime / . after everthing is done mount -o ro /, voila, you got a very easy maintainable and long lasting system. sync your logs to the cf card every day, do this with spamdb too, if you like, it should work. --knitti
Re: get bittorrent to work via pf
On Fri, Jul 15, 2005 at 03:53:02PM -0400, Vivek Ayer wrote: Hi all, I was wondering if anyone has gotten bit torrent (6881) as well as icecasting (8000) to work behind his/her openbsd firewall? What would I need to add in pf.conf? Thanks. while this question was elready answered, noone pointed out that the BitTorrent package installs a README.OpenBSD that explains this, and has the pf rules you need, assuming that his/her openbsd firewall is doing NAT. it generally pays off to check the files installed by a port/ package, especially if one is called README.OpenBSD. $ pkg_info -L packagename to see the installed files. -- [EMAIL PROTECTED]
Re: Graphics Editor
On Fri, Jul 15, 2005 at 05:09:53PM -0400, Seth Jackson wrote: I was wondering what I should use for graphics editing on OpenBSD. I know there is the GIMP, but I didn't know if there were any other good graphics editing programs for OpenBSD. Also, what was the art on the OpenBSD.org homepage created with? graphics is pretty generic. bitmaps? vector traces? motion video? and what exactly do you want to do with these graphics? you talk about edit, then ask about create. did you try $ cd /usr/ports $ make search key=graphics ? what about $ cd /usr/ports/graphics $ make show=COMMENT ? -- [EMAIL PROTECTED]