Need Quad Ethernet for router box
We finally got some money to build a router for the center of a 200-300 user network. Upon arrival I found it to be one giant segment with old old switches (sort of - not real ones) and terrible sprawl. I need to build a router that will handle 7 segments, 4 of which are very heavily used, 3 of which are pretty light. I was contemplating a Quad gigabit card and a 100MB Quad card (to keep the price down). I've got a budget of $3000 US to build this thing. I was thinking the Intel Pro 1000 Quad cards, but thats pretty pricy considering I have to aquire the hardware also. Can someone recommend another good obsd friendly good performer / value for the price Quad Ethernet 1000 card? If I can keep it down, I would use two and not do the 100MB on the slow segments. Also is going PCI-X going to get me much? I was reading some notes in the archives (obsd?) that showed the cards won't need it that much, and another post saying it was going to be slammed by a Quad card. Thanks for any advice Bill
Re: Need Quad Ethernet for router box
On 7/21/05, Bill Chmura [EMAIL PROTECTED] wrote: We finally got some money to build a router for the center of a 200-300 user network. Upon arrival I found it to be one giant segment with old old switches (sort of - not real ones) and terrible sprawl. I need to build a router that will handle 7 segments, 4 of which are very heavily used, 3 of which are pretty light. Can you define very heavily used ? Have you considered aggregating the lightly-used segments in a slightly more modern switch (e.g. a 3524XL), configuring a trunk port from the switch to uplink multiple VLANs to a single GigE physical interface on the BSD router? Alternately, if you really do need router throughput at or above 1000Mbps, you might want to consider a purpose-built gigabit router from Cisco :) Both suggestions are under the assumption that the router is not primarily intended as a security separation between subnets. I was contemplating a Quad gigabit card and a 100MB Quad card (to keep the price down). I've got a budget of $3000 US to build this thing. I was thinking the Intel Pro 1000 Quad cards, but thats pretty pricy considering I have to aquire the hardware also. We are very happy with the Intel PRO/1000MT quad copper GigE cards, but we are not coming close to pushing their limits, I'm still waiting for OC-3. Can someone recommend another good obsd friendly good performer / value for the price Quad Ethernet 1000 card? If I can keep it down, I would use two and not do the 100MB on the slow segments. Also is going PCI-X going to get me much? I was reading some notes in the archives (obsd?) that showed the cards won't need it that much, and another post saying it was going to be slammed by a Quad card. If you expect to push hundreds of megabits at peak through the multiport card, then PCI-X will buy you some headroom. One caveat, many PCI-X motherboards can only run one card at the full 133Mhz speed. Kevin Kadow
Re: '.' in username
Shawn K. Quinn wrote: Bruno Rohee wrote: Thus breaking a behaviour that people have been used too for about the last 30 years. Telnet was used for most of the last 30 years, too. telnet is still a wonderful tool that I use all the time. $ telnet hostname 25 $ telnet hostname 80 $ telnet hostname 22 It's great for testing basic service availability, version strings, or even a manual session without a lot of process overhead or connection negotiation. Tim
Re: MySQL socket problem
On Thu, 21 Jul 2005 10:35:38 +0300 Tomas [EMAIL PROTECTED] wrote: Hallo everyone, I've setup a web server with OpenBSD 3.7, default install Apache, PHP 5.0.3 and MySQL 4.0.23. When I connect from other hosts to mysql, everything works fine, and then I try to connect to mysql local console, it works too. I know that apache is chrooted so my rc.local looks like this: --snip-- if [ X${mysql} == XYES -a -x /usr/local/bin/mysqld_safe ]; then echo -n ' mysqld'; /usr/local/bin/mysqld_safe --user=_mysql --bind-address=10.30.1.222 --log=/var/mysql/errorlog /dev/null 21 for i in 1 2 3 4 5 6; do if [ -S /var/run/mysql/mysql.sock ]; then break else sleep 1 echo -n '.' fi done sleep 5 ln -sf /var/run/mysql/mysql.sock /var/www/var/run/mysql/mysql.sock fi /--snip-- Like you see I'm using soft link, it's because my /var and /var/www are on different mount points, so hard links can't be made. To test if socket is working I've issued this command: mysqladmin --socket=/var/www/var/run/mysql/mysql.sock version -u 'user' -p And it works perfectly, but when I try to use a test web page with code: --snip-- ? $link = mysql_connect('localhost', 'user', 'password'); if (!$link) { die('Could not connect: ' . mysql_error()); } echo 'Connected successfully'; mysql_close($link); ? /--snip-- I get an error: --snip-- [error] PHP Warning: mysql_connect() [a href='function.mysql-connect'function.mysql-connect/a]: Can't connect to local MySQL server through socket '/var/www/var/run/mysql/mysql.sock' (2) /--snip-- I've been playing around with this configuration for about too days and it seems I've tried everything, but I can't get it working, please help me, what I'm missing here... a soft link can't be created within a chroot()-ed area to point to a file that is outside the chroot()-ed area (you might want to read about soft links and how they actually work). what you need to do is have mysql create its socket within the chroot()-ed area: mysqld_safe --socket=/var/www/var/run/mysql/mysql.sock
Re: Still stuck with this assembly stuff (amd64)
Brian [EMAIL PROTECTED] writes: I spent the last three days reading through all the archives. And I have no clue what I am doing wrong. I only started down this road because of some of the other posters. I figured I would give assembly a shot. Why? Do you like pain? I read Assembly Step by Step, which is really geared toward DOS and linux, but it's a pretty good overview. Right. And i386 too I suspect, which is a different architecture than amd64, but that just sounds like such a minor problem. There are probably some alpha and sparc examples out there too, try them, they might work. Never mind that the way that code does syscalls is unsupported even on i386. Never mind that the calling conventions on amd64 are different. Never mind that you're using 32-bit pointers on a 64-bit architecture. Never mind that the syscall entry point you're using shouldn't even be there. From what I have read of the history, openBSD went from aout to ELF around 3.0 with the addition of some extra information. Ah, yes. The painful switch from a.out to elf on amd64. Two years before the first processors were released we had a flag day to deal with all the legacy binaries out there. You will find that the tolerance for people who like pain is slightly low on these mailing lists. Find your pain somewhere else, please. //art
Re: sniffer
On Tue, 19 Jul 2005 [EMAIL PROTECTED] wrote: I saw that ports has ettercap and sniffit but I didn' get around to testing them to see if they will do the job I need. Can anyone recommend other tools that will do the work? As mentioned, use the -s option in tcpdump. There's also a tool called tcpflow (http://www.circlemud.org/~jelson/software/tcpflow/) which can help you parse the payloads. from the man page: [...] tcpflow reconstructs the actual data streams and stores each flow in a separate file for later analysis. -- inc
Re: MySQL socket problem
On 21/07/05, chaton [EMAIL PROTECTED] wrote: On Thu, 21 Jul 2005 10:35:38 +0300 Tomas [EMAIL PROTECTED] wrote: Hallo everyone, I've setup a web server with OpenBSD 3.7, default install Apache, PHP 5.0.3 and MySQL 4.0.23. When I connect from other hosts to mysql, everything works fine, and then I try to connect to mysql local console, it works too. I know that apache is chrooted so my rc.local looks like this: --snip-- if [ X${mysql} == XYES -a -x /usr/local/bin/mysqld_safe ]; then echo -n ' mysqld'; /usr/local/bin/mysqld_safe --user=_mysql --bind-address=10.30.1.222 --log=/var/mysql/errorlog /dev/null 21 for i in 1 2 3 4 5 6; do if [ -S /var/run/mysql/mysql.sock ]; then break else sleep 1 echo -n '.' fi done sleep 5 ln -sf /var/run/mysql/mysql.sock /var/www/var/run/mysql/mysql.sock fi /--snip-- Like you see I'm using soft link, it's because my /var and /var/www are on different mount points, so hard links can't be made. To test if socket is working I've issued this command: mysqladmin --socket=/var/www/var/run/mysql/mysql.sock version -u 'user' -p And it works perfectly, but when I try to use a test web page with code: --snip-- ? $link = mysql_connect('localhost', 'user', 'password'); if (!$link) { die('Could not connect: ' . mysql_error()); } echo 'Connected successfully'; mysql_close($link); ? /--snip-- I get an error: --snip-- [error] PHP Warning: mysql_connect() [a href='function.mysql-connect'function.mysql-connect/a]: Can't connect to local MySQL server through socket '/var/www/var/run/mysql/mysql.sock' (2) /--snip-- I've been playing around with this configuration for about too days and it seems I've tried everything, but I can't get it working, please help me, what I'm missing here... a soft link can't be created within a chroot()-ed area to point to a file that is outside the chroot()-ed area (you might want to read about soft links and how they actually work). what you need to do is have mysql create its socket within the chroot()-ed area: mysqld_safe --socket=/var/www/var/run/mysql/mysql.sock What worked for me was to create the dir /var/www/var/run/mysql and then ln -s /var/www/var/run/mysql /var/run/mysql ;)
libXrender ?
I'm trying to build the gkrellm port in 3.7, and it fails at the link stage looking for libCrender.so.3.1. Where should this be coming from? -- U.S. Encouraged by Vietnam Vote - Officials Cite 83% Turnout Despite Vietcong Terror - New York Times 9/3/1967
Re: Still stuck with this assembly stuff (amd64)
On Thu, Jul 21, 2005 at 11:17:31AM +0200, Artur Grabowski wrote: Never mind that the way that code does syscalls is unsupported even on i386. Never mind that the calling conventions on amd64 are different. Never mind that you're using 32-bit pointers on a 64-bit architecture. Never mind that the syscall entry point you're using shouldn't even be there. Of course Art is right here... what you should be doing is trawling the web with Google looking for the amd64 ABI specification so you can understand how embarressing that code really is. One also wonders why, if you are determined to do this, you don't just compile a hello_world.c and disassemble the output (or just make the compiler output the .s file for you...) -- Brett Lymn
Re: libXrender ?
: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Thu, 21 Jul 2005 06:34:05 -0400 stan [EMAIL PROTECTED] wrote: I'm trying to build the gkrellm port in 3.7, and it fails at the link stage looking for libCrender.so.3.1. Where should this be coming from? [EMAIL PROTECTED]:~ ldconfig -r | grep Xrender 38:-lXrender.4.0 = /usr/X11R6/lib/libXrender.so.4.0 Maybe setting LDFLAGS=-L/usr/X11R6/lib will help. Ulrich
cd0: Medium Not Present at boot
During system boot, I see this: Jul 21 10:52:05 tekkaman /bsd: cd0(atapiscsi0:0:0): Check Condition (error 0x70) on opcode 0x0 Jul 21 10:52:06 tekkaman /bsd: SENSE KEY: Not Ready Jul 21 10:52:06 tekkaman /bsd: ASC/ASCQ: Medium Not Present Is it normal? Why the kernel should complain about that during boot? This machine has ONLY cdrom attached to the motherboard ide controller, while the disks are attached to a pci ide controller; another system with disk and cdrom on the same flat cable doesn't that give that Medium Not Present warning. Only an old mail found on google about this topic, with no response.. Kernel is GENERIC with RAIDframe enable. Greetings dk OpenBSD 3.7-stable (SPATOF) #1: Tue Jul 19 22:24:24 CEST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/SPATOF cpu0: AMD Athlon(tm) Processor (AuthenticAMD 686-class) 908 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR real mem = 267931648 (261652K) avail mem = 236773376 (231224K) using 3296 buffers containing 13500416 bytes (13184K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(1a) BIOS, date 03/06/01, BIOS32 rev. 0 @ 0xf0f50 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown pcibios0 at bios0: rev 2.1 @ 0xf/0x17d2 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf1720/176 (9 entries) pcibios0: PCI Interrupt Router at 000:04:0 (VIA VT82C686 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xbc00 0xcc000/0x4600 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA VT8363 Host rev 0x03 ppb0 at pci0 dev 1 function 0 VIA VT8363 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 Nvidia GeForce2 MX rev 0xb2 wsdisplay0 at vga1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 4 function 0 VIA VT82C686 ISA rev 0x40 pciide0 at pci0 dev 4 function 1 VIA VT82C571 IDE rev 0x06: ATA100, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: LG, DVD-ROM DRD8160B, 1.00 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) uhci0 at pci0 dev 4 function 2 VIA VT83C572 USB rev 0x16: irq 5 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 4 function 3 VIA VT83C572 USB rev 0x16: irq 5 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered viaenv0 at pci0 dev 4 function 4 VIA VT82C686 SMBus rev 0x40: HWM disabled eap0 at pci0 dev 10 function 0 Ensoniq CT5880 rev 0x02: irq 12 eap0: eap1371_read_codec timeout 2 ac97: codec id 0x83847609 (SigmaTel STAC9721/23) ac97: codec features 18 bit DAC, 18 bit ADC, SigmaTel 3D audio0 at eap0 midi0 at eap0: AudioPCI MIDI UART pciide1 at pci0 dev 11 function 0 HighPoint HPT36x/37x IDE rev 0x03: DMA pciide1: using irq 10 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: Maxtor 6B200P0 wd0: 16-sector PIO, LBA48, 194481MB, 398297088 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 wd1 at pciide1 channel 1 drive 0: Maxtor 6B200P0 wd1: 16-sector PIO, LBA48, 194481MB, 398297088 sectors wd1(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5 rl0 at pci0 dev 12 function 0 Realtek 8139 rev 0x10: irq 11 address 00:e0:7d:7f:47:dd rlphy0 at rl0 phy 0: RTL internal phy isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi1 at pcppi0: PC speaker sysbeep0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask e765 netmask ef65 ttymask efe7 pctr: user-level cycle counter enabled mtrr: Pentium Pro MTRR support Kernelized RAIDframe activated cd0(atapiscsi0:0:0): Check Condition (error 0x70) on opcode 0x0 SENSE KEY: Not Ready ASC/ASCQ: Medium Not Present raid0 (root): (RAID Level 1) total number of sectors is 397624704 (194152 MB) as root dkcsum: wd0 matched BIOS disk 80 dkcsum: wd1 matched BIOS disk 81 rootdev=0x1300 rrootdev=0x3600 rawdev=0x3602 -- Hi, I'm a .signature virus! Copy me to your .signature file and help me propagate, thanks!
Re: Need Quad Ethernet for router box
* Kevin [EMAIL PROTECTED] [2005-07-21 09:21]: Alternately, if you really do need router throughput at or above 1000Mbps, you might want to consider a purpose-built gigabit router from Cisco :) why would you want to deal with such crap? geez. I was contemplating a Quad gigabit card and a 100MB Quad card (to keep the price down). I've got a budget of $3000 US to build this thing. I was thinking the Intel Pro 1000 Quad cards, but thats pretty pricy considering I have to aquire the hardware also. sk(4), way better than em and cheaper too. I dunno wether there are 4ports tho. as somebody else noticed already, using a VLAN-capable switch and hanging the OpenBSD machine off a tagged port might make sense. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: '.' in username
On Wed, Jul 20, 2005 at 08:32:45PM -0700, Tim Hammerquist wrote: Shawn K. Quinn wrote: It's great for testing basic service availability, version strings, or even a manual session without a lot of process overhead or connection negotiation. I've also been using telnet to do that kind of job. However nc(1) has been my tool of choice since the day I realised my favourite bsd ships with it. Be well. /Bjvrn
Re: '.' in username
--On 21 July 2005 14:11 +0200, BjC6rn SjC6berg wrote: On Wed, Jul 20, 2005 at 08:32:45PM -0700, Tim Hammerquist wrote: Shawn K. Quinn wrote: It's great for testing basic service availability, version strings, or even a manual session without a lot of process overhead or connection negotiation. I've also been using telnet to do that kind of job. However nc(1) has been my tool of choice since the day I realised my favourite bsd ships with it. nc(1) doesn't work for the telnet cli on speedtouch ADSL routers, though.
Re: Need Quad Ethernet for router box
On Thu, Jul 21, 2005 at 01:37:52PM +0200, Henning Brauer wrote: * Kevin [EMAIL PROTECTED] [2005-07-21 09:21]: Alternately, if you really do need router throughput at or above 1000Mbps, you might want to consider a purpose-built gigabit router from Cisco :) why would you want to deal with such crap? geez. Besides the fact it would EASILY cost way more than his budget allows. Quad gigabit card and a 100MB Quad card (to keep the price down). I've got a budget of $3000 US to build this thing. I was thinking the Intel Pro 1000 Quad cards, but thats pretty pricy considering I have to aquire the hardware also. sk(4), way better than em and cheaper too. I dunno wether there are 4ports tho. I have only seen dual port cards, wish they would make a quad card though. as somebody else noticed already, using a VLAN-capable switch and hanging the OpenBSD machine off a tagged port might make sense.
Re: '.' in username
On Thu, 2005-07-21 at 14:11 +0200, Bjvrn Sjvberg wrote: On Wed, Jul 20, 2005 at 08:32:45PM -0700, Tim Hammerquist wrote: Shawn K. Quinn wrote: It's great for testing basic service availability, version strings, or even a manual session without a lot of process overhead or connection negotiation. I did not write the above text; please be more careful with your attributions. Thanks. -- Shawn K. Quinn [EMAIL PROTECTED]
Re: Blocking many accesses to ssh port from single IP
Another option is to do something like: STATE_LIMIT=(source-track rule, max-src-nodes 75, max-src-states 3) ... $NET0_IN inet proto tcp from any to $RAS port ssh flags $tcpInit \ keep state $STATE_LIMIT Garance A Drosihn wrote: At 12:16 AM +0200 7/19/05, Romain GAILLEGUE wrote: Today, I look in my log file and just before an attack i see that there is this kind of line : Jul 18 22:40:51 llaw sshd[15543]: Did not receive identification string from 80.57.221.58 so with swatch and pf (for example) it's possible to block this ip for some hours just before the attack. I looked over some records I have from a few hosts, and while that error did pop up for some attacks, it did not pop up for other attacks. So, while that is an interesting indicator of a possible attack, you will still have to handle attacks which will not give you that advance warning. Also, in some cases that advance warning showed up less than 20 minutes before the attack, so you can't assume that you will have hours to react even if you do see the warning. -- John R. Shannon [EMAIL PROTECTED]
Re: Writes to samba server very, very slow
On 7/19/05, Gary Clemans-Gibbon [EMAIL PROTECTED] wrote: Forgot about the /dev/null idea. interesting result. I scp'd a 10 Mb file from my gentoo box and it completed fast in a few seconds - speed 3.3 Mb/s. Not great but faster than the other experiences. I then did the same with a 2.5Gb file and it started off at 3.3 or 3.5 Mb/sec but tailed of continuously until by the time the transfer was 12% done the transfer speed was down to 50 kb/sec. heres a clue: have done anything with Nick's suggestions yet?
starting kde on boot
Folk, This one has me scratching my head: I can boot into kdm, login as a regular user and have a stock X working. I can type startx once I'm logged in and have kde up, but with no mouse functionality. The relevant section of /etc/rc.local reads thus: #based on a solution posted by S.Marley echo -n ' kdm'; (sleep 5; /usr/local/bin/kdm ${kdm_flags}) Kdm_flags is set in rc.local.conf I have a .xsession file in ~ that has this line exec startx I have also tried startkde instead of startx in .xsession, but I cannot get kde to come up once I'm logged in. /etc/X11/xdm/xsession has been edited. Any clues? something I've missed? TIA
Re: starting kde on boot
I can boot into kdm, login as a regular user and have a stock X working. I can type startx once I'm logged in and have kde up, but with no mouse functionality. ? Not sure about that one, if your mouse works in kdm. The relevant section of /etc/rc.local reads thus: #based on a solution posted by S.Marley echo -n ' kdm'; (sleep 5; /usr/local/bin/kdm ${kdm_flags}) Don't do that. Use /etc/ttys if thats the effect you want. Kdm_flags is set in rc.local.conf I have a .xsession file in ~ that has this line exec startx no. You would not put startx in .xsession. you would put exec startkde or exec wmaker for example. Then upon running startx on the shell, it would then execute your wm. I have also tried startkde instead of startx in .xsession, but I cannot get kde to come up once I'm logged in. Thats right if your are going to use xdm. kdm will do all of that malarky for you however. To summarize, if you want to use kdm, .xsession is not relevant. I think you need to tell us what exactly how you want your workstation to behave. Edd
Re: Need Quad Ethernet for router box
* Bill Chmura [EMAIL PROTECTED] [2005-07-21 18:12]: I too looked for the sk cards, but there is no Quad for them. I was hoping to reduce interrupts by using Quad cards... wrong assumption. quad card does as many ints as 4 one port cards with the same type of chip. If I went with several sk dual cards, say 3 of them, would my interrupts be killing me? bo, because, opposed to the intel shit, sk does proper interrupt mitigation. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: starting kde on boot
Am Donnerstag, 21. Juli 2005 17:44 schrieben Sie: Hi, Since you are using KDE, did you run genkdmconf to create the kdm configuration files (eg. /usr/local/share/config/kdm/Xsession)? HTH, Stephan Folk, This one has me scratching my head: I can boot into kdm, login as a regular user and have a stock X working. I can type startx once I'm logged in and have kde up, but with no mouse functionality. The relevant section of /etc/rc.local reads thus: #based on a solution posted by S.Marley echo -n ' kdm'; (sleep 5; /usr/local/bin/kdm ${kdm_flags}) Kdm_flags is set in rc.local.conf I have a .xsession file in ~ that has this line exec startx I have also tried startkde instead of startx in .xsession, but I cannot get kde to come up once I'm logged in. /etc/X11/xdm/xsession has been edited. Any clues? something I've missed? TIA
Re: sgi 02 R5K irix 6.3 4.3 unsuccessful installation
From: Roger Neth Jr [EMAIL PROTECTED] Date: Wed, 20 Jul 2005 11:57:04 -0700 Went to the SGI O2 command monitor and input boot -f dksc(0,4,8) What happens if you try boot -f dksc(0,4,8)/boot On my system that loads the bootloader from from cdrom and then continues to load the already installed OpenBSD kernel from disk. If your O2 currently has IRIX installed, then things will probably fail. Of the above command displays something like: OpenBSD/sgi Arcbios boot ... Try setenv SystemPartition pci(0)scsi(0)cdrom(4)rdisk(0)partition(8) unsetenv OSLoadPartition unsetenv OSLoadFilename boot -f boot /bsd This should land you in the OpenBSD installation process. Mark
Re: Need Quad Ethernet for router box
For the sk(4) cards, if you buy the Linksys ones (only single seaters i believe) you should make sure to get the rev.2 ones, as the rev.3 is realtek based, you can tell on the retail box, it shows the little crab on the chip. Happy hunting - J On 7/21/05, Bill Chmura [EMAIL PROTECTED] wrote: After getting some much needed sleep I realized the key things I left out of the last post. Ethernet wise, currently the whole mess is at 100MB... It will be that way at least for 12 months after this. As far as heavily used, I just got on the scene myself and the usage is way down. School, summers off. But the end of the year is crazy for them network wise. So in the end, all I can say at this point is that its barely running at peak usage on 100MB. I was thinking Gigabit for the larger buffers they have, and support future expansion - In a few months, or sooner I want to bring one of the segments up to GigE from the router out to the switches in that building. Part of the segmentation is to get students and faculity onto different segments and give me more control at either the inner firewall or the outer firewall. I can however, as you suggested, aggregate a few into one subnet. I will look into that today - but the lightly used ones can be definately be done that way. The other reason for segmentation is the incredible sprawl this has... It stretches from each end of campus to the other. Space is not a factor, I can fit a 6U into the rack without much trouble. I too looked for the sk cards, but there is no Quad for them. I was hoping to reduce interrupts by using Quad cards... If I went with several sk dual cards, say 3 of them, would my interrupts be killing me? Thanks Bill On Thu, 21 Jul 2005 02:09:22 -0500 Kevin [EMAIL PROTECTED] wrote: On 7/21/05, Bill Chmura [EMAIL PROTECTED] wrote: We finally got some money to build a router for the center of a 200-300 user network. Upon arrival I found it to be one giant segment with old old switches (sort of - not real ones) and terrible sprawl. I need to build a router that will handle 7 segments, 4 of which are very heavily used, 3 of which are pretty light. Can you define very heavily used ? Have you considered aggregating the lightly-used segments in a slightly more modern switch (e.g. a 3524XL), configuring a trunk port from the switch to uplink multiple VLANs to a single GigE physical interface on the BSD router? Alternately, if you really do need router throughput at or above 1000Mbps, you might want to consider a purpose-built gigabit router from Cisco :) Both suggestions are under the assumption that the router is not primarily intended as a security separation between subnets. I was contemplating a Quad gigabit card and a 100MB Quad card (to keep the price down). I've got a budget of $3000 US to build this thing. I was thinking the Intel Pro 1000 Quad cards, but thats pretty pricy considering I have to aquire the hardware also. We are very happy with the Intel PRO/1000MT quad copper GigE cards, but we are not coming close to pushing their limits, I'm still waiting for OC-3. Can someone recommend another good obsd friendly good performer / value for the price Quad Ethernet 1000 card? If I can keep it down, I would use two and not do the 100MB on the slow segments. Also is going PCI-X going to get me much? I was reading some notes in the archives (obsd?) that showed the cards won't need it that much, and another post saying it was going to be slammed by a Quad card. If you expect to push hundreds of megabits at peak through the multiport card, then PCI-X will buy you some headroom. One caveat, many PCI-X motherboards can only run one card at the full 133Mhz speed. Kevin Kadow
Re: starting kde on boot
On Thu, Jul 21, 2005 at 05:04:49PM +0100, Edd Barrett wrote: #based on a solution posted by S.Marley echo -n ' kdm'; (sleep 5; /usr/local/bin/kdm ${kdm_flags}) Don't do that. Use /etc/ttys if thats the effect you want. Any good reason not to? I posted the a solution using ttys too, but both required a sleep. To the OP: run genkdmconf -- stephen
Re: Need Quad Ethernet for router box
Hi, ...on Thu, Jul 21, 2005 at 11:50:20AM -0400, Bill Chmura wrote: Ethernet wise, currently the whole mess is at 100MB... It will be that way at least for 12 months after this. As far as heavily used, I just got on the scene myself and the usage is way down. School, summers off. But the end of the year is crazy for them network wise. So in the end, all I can say at this point is that its barely running at peak usage on 100MB. As others suggested, getting a decent switch with VLAN support and using a single GigE trunk to you router might be a good start (and even cheaper as a bunch of 4-port GigE cards). I don't think you will run into bandwidth problems on the trunk if everything is at 100mbit now, and you will just have much more flexibility with the segmentation. You can still push high-volume VLANs to another trunk port (or dedicated links to the router) later, if that turns out to be neccessary. Also, will all the traffic really pass the router, or will much of it be local to the respective segments? Thinking about how to redesign the network to reduce the load on the router might be a good idea. Alex.
Chrooted CGI+Mysql Problem
Hello all, I've been playing around with database driven web stuff lately in the chrooted apache. I've got a pretty simple CGI written in C that selects all of my blog entries from a database and displays them in a web page. I got things working running httpd with the -u flag and now i'm attempting to chroot everything. A ldd on /cgi-bin/blogger reveals: /usr/local/lib/libmysqlclient.so.12.0 /usr/lib/libz.so.4.0 /usr/lib/libc.so.34.2 so I created the directory structure and copied those libraries into them, however when I run the cgi I see in my logs: can't load library 'libmysqlclient.so.12.0' I'm trying to recompile mysql in ports with the static linking enabled don't know if that will help, but I figured I'd ask the list to see if anyone else has seen this problem before. Thanks guys. Brandon
Re: '.' in username
On 2005/07/21 15:32:37, Alexander Bochmann wrote: ...on Thu, Jul 21, 2005 at 01:18:46PM +0100, Stuart Henderson wrote: nc(1) doesn't work for the telnet cli on speedtouch ADSL routers, though. That's probably because, quite unlike telnet(1), nc(1) isn't a telnet client (but you can use nc -t, if you absolutely want to). Actually, it's because the speedtouch cli wants cr+lf and not just lf. Unlike telnet(1), nc(1) doesn't translate these.
Re: Still stuck with this assembly stuff (amd64)
Thanks. I just wasn't sure if my problem was an openBSD problem or an assembly problem. It's definitely the later. And I just found the amd64 ABI, which is making the problems clear for me. Pushing those args on the stack is definitely wrong. Anyway, I appreciate the feedback. And thanks Art for pointing out that the assembly was wrong. That put me on the right track to finding a solution. The recent threads about the notes section just confused me and put me down the wrong track. Thanks, Brian --- STeve Andre' [EMAIL PROTECTED] wrote: Brian, its always good idea to learn stuff, but this isn't the right place to talk about assembly problems. One of the newsgroups devoted to programming would be a far better source, or one of the many web forums out there. As someone said, compiling programs and looking at the code is a great way of seeing how things are done. Thats one of the ways I learned, quite some time ago with Digital Research C, an awful compiler that gave me lots of pain... The other thing you might want to think about is getting experience on a simpler cpu, perhaps the z80. There are tons and tons of documents on it, and I'm pretty sure that you could write stuff and then run it on an emulator, faster than the hardware I had, back when I used them. At any rate, misc@ isn't the best place for your questions. I'm sure there are some assembler freaks out there who would just love to talk with you and help out. --STeve Andre' Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
OSCON - Failover Firewalls with OpenBSD and CARP
I'll be presenting a talk and demonstration at the upcoming OSCON event in Portland, OR on August 4th. If anyone's going to be in the area Aug 1-4, I'd love to hook up for an ad-hoc OpenBSD BoF over some beers. http://conferences.oreillynet.com/cs/os2005/view/e_sess/6475 -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: starting kde on boot
On 21/07/05, Stephen Marley [EMAIL PROTECTED] wrote: On Thu, Jul 21, 2005 at 05:04:49PM +0100, Edd Barrett wrote: #based on a solution posted by S.Marley echo -n ' kdm'; (sleep 5; /usr/local/bin/kdm ${kdm_flags}) Don't do that. Use /etc/ttys if thats the effect you want. Any good reason not to? I posted the a solution using ttys too, but both required a sleep. To the OP: run genkdmconf -- stephen they do? I use xdm and I didnt use a sleep. Maybe its a kdm issue? Edd
Re: Need Quad Ethernet for router box
On Thu, Jul 21, 2005 at 09:05:13PM +0200, Daniel Polak wrote: Original message from Bill Chmura at 21-7-2005 20:02 All of the traffic pretty much will be passing over the router. I see the wisdom of what you are saying with redesigning the network and I will give it some thought, but the majority of the resources are located in one spot. I will mull that over though. As it stands, only some students doing filesharing would not pass the router. I am liking the VLAN concept more and more for the less active segments. The whole thing has to fit into the budget. We have a few Cisco 3500XL switches that I think support VLAN, so I could task one of those to the job probably. After Henning pointed out to me with the SK cards I don't need to go the route of the quad, I am planning on the SK dual port cards. http://www.syskonnect.com/products/sk-9s22.htm - but when I searched it seems like the .2 revs are becoming hard to find and the .3 is unsupported. Bill, As it happens I have been e-mailing with SysKonnect about the SK-9S22 and a possible quad port card today! They are thinking about a doing a quad port card but need to be sure that there is enough interest. Anybody interested in a quad port SysKonnect card please e-mail me and I will pass on your e-mail address to SysKonnect so they can let you know when the quad port card becomes available. According to the SK man page at http://www.openbsd.org/cgi-bin/man.cgi?query=skapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html the SK-9S22 is currently not supported by OpenBSD. Daniel Note, there are cards that are supported that are not listed in the man page. It's hard to have an exact list when there are so many cards out there and sometimes even different revisions with the same name and different chipsets. The chipset revision is what really matters.
Re: Need Quad Ethernet for router box
* Kevin [EMAIL PROTECTED] [2005-07-21 20:06]: On 7/21/05, Henning Brauer [EMAIL PROTECTED] wrote: * Kevin [EMAIL PROTECTED] [2005-07-21 09:21]: Alternately, if you really do need router throughput at or above 1000Mbps, you might want to consider a purpose-built gigabit router from Cisco :) why would you want to deal with such crap? geez. To be blunt, because when an enterprise just needs pure unfiltered inter-VLAN routing, Cisco has CEF products which can route between interfaces at bps and pps rates unapproachable using a general purpose Unix OS and COTS hardware. and they are crap. OpenBSD boxes can do far more than you imagine, and if they can't keep up any more there's still the ability to use more than one, and even when that doesn't work out any more there is no reason to use crappy buggy overpriced cisco shit, there's pretty good gear out there by Extreme Networks and Juniper. I was contemplating a Quad gigabit card and a 100MB Quad card (to keep the price down). I've got a budget of $3000 US to build this thing. I was thinking the Intel Pro 1000 Quad cards, but thats pretty pricy considering I have to aquire the hardware also. sk(4), way better than em and cheaper too. I dunno wether there are 4ports tho. Correct -- SysKonnect does not offer 4 port cards. a lot more vendors than just syskonnect have sk card these days, most marvell based which is syskonnect v1 which is very good. can't really believe nobody is putting an 21152 or the like and 4 of them on a card. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: Chrooted CGI+Mysql Problem
Brandon Mercer wrote: Hello all, I've been playing around with database driven web stuff lately in the chrooted apache. I've got a pretty simple CGI written in C that selects all of my blog entries from a database and displays them in a web page. I got things working running httpd with the -u flag and now i'm attempting to chroot everything. A ldd on /cgi-bin/blogger reveals: /usr/local/lib/libmysqlclient.so.12.0 /usr/lib/libz.so.4.0 /usr/lib/libc.so.34.2 so I created the directory structure and copied those libraries into them, however when I run the cgi I see in my logs: can't load library 'libmysqlclient.so.12.0' I'm trying to recompile mysql in ports with the static linking enabled don't know if that will help, but I figured I'd ask the list to see if anyone else has seen this problem before. Thanks guys. Simplest thing to do copy /usr/local/lib/libmysqlclient.so.12.0 to the chrooted /var/www/usr/lib folder all is well. :-) Brandon
Re: Need Quad Ethernet for router box
On Thu, Jul 21, 2005 at 09:13:48PM +0200, Henning Brauer wrote: * Kevin [EMAIL PROTECTED] [2005-07-21 20:06]: On 7/21/05, Henning Brauer [EMAIL PROTECTED] wrote: * Kevin [EMAIL PROTECTED] [2005-07-21 09:21]: Alternately, if you really do need router throughput at or above 1000Mbps, you might want to consider a purpose-built gigabit router from Cisco :) why would you want to deal with such crap? geez. To be blunt, because when an enterprise just needs pure unfiltered inter-VLAN routing, Cisco has CEF products which can route between interfaces at bps and pps rates unapproachable using a general purpose Unix OS and COTS hardware. and they are crap. OpenBSD boxes can do far more than you imagine, and if they can't keep up any more there's still the ability to use more than one, and even when that doesn't work out any more there is no reason to use crappy buggy overpriced cisco shit, there's pretty good gear out there by Extreme Networks and Juniper. CEF was created to workaround the fact that Cisco has pathetically slow CPUs and that's it. Even brand new hardware to this day from Cisco comes with slow CPUs compared to other vendors like Juniper for example. I was contemplating a Quad gigabit card and a 100MB Quad card (to keep the price down). I've got a budget of $3000 US to build this thing. I was thinking the Intel Pro 1000 Quad cards, but thats pretty pricy considering I have to aquire the hardware also. sk(4), way better than em and cheaper too. I dunno wether there are 4ports tho. Correct -- SysKonnect does not offer 4 port cards. a lot more vendors than just syskonnect have sk card these days, most marvell based which is syskonnect v1 which is very good. can't really believe nobody is putting an 21152 or the like and 4 of them on a card. I do not have any SK-based cards using the newer Yukon-2 chips. If someone could get me a card or two then it would provide incentive to support the cards. SysKonnect stuff is much better than all the other Gig stuff out there.
Re: starting kde on boot
On Thu, Jul 21, 2005 at 08:03:49PM +0100, Edd Barrett wrote: On 21/07/05, Stephen Marley [EMAIL PROTECTED] wrote: they do? I use xdm and I didnt use a sleep. Maybe its a kdm issue? Yes, it's a kdm specific issue. It seems all gettys need to be spawned before kdm kicks in otherwise the keyboard doesn't work correctly or the X server shows up on the wrong console. -- stephen
Re: Adaptec 6944a or Sun Happy Meal
On 7/21/05, Steven Bowers [EMAIL PROTECTED] wrote: On 7/19/05, Ted Unangst [EMAIL PROTECTED] wrote: On Tue, 19 Jul 2005, Steven Bowers wrote: i'm not sure why you picked those two; neither would be near the top of any list i'd make. 6944a in particular is de(4), not the greatest. I picked them only because they are the only two quad port cards with whch I am familiar. If you can recommend something I would gladly welcome the advice. FYI - the card will be running an an Intel SE440BX if that makes any difference. I should add my neighbor will be sharing my Internet connection through a CAT5 cable buried between our homes so it's not like I need a high end card.
The windows world is catching on!
http://support.microsoft.com/default.aspx?scid=kb;en-us;555372
Re: Need Quad Ethernet for router box
On Thu, 21 Jul 2005, Daniel Polak wrote: SNIP Bill, As it happens I have been e-mailing with SysKonnect about the SK-9S22 and a possible quad port card today! They are thinking about a doing a quad port card but need to be sure that there is enough interest. Anybody interested in a quad port SysKonnect card please e-mail me and I will pass on your e-mail address to SysKonnect so they can let you know when the quad port card becomes available. Don't hold your breath, they've been talking to me for over 2 years about a particular card and they have yet to produce it and my work day perspective usually gives me some sway with vendors. diana
Re: The windows world is catching on!
On Thu, Jul 21, 2005 at 07:34:01PM +0100, Sevan / Venture37 wrote: http://support.microsoft.com/default.aspx?scid=kb;en-us;555372 You could post a URL that actually works..
Re: Need Quad Ethernet for router box
On Thu, Jul 21, 2005 at 05:23:04PM -0600, Diana Eichert wrote: On Thu, 21 Jul 2005, Brad wrote: SNIP I do not have any SK-based cards using the newer Yukon-2 chips. If someone could get me a card or two then it would provide incentive to support the cards. SysKonnect stuff is much better than all the other Gig stuff out there. Brad, hink you can get them to start producing the 10Gb card I've been talking to them for almost 2 years about? diana It would be nice if they even sent us the hardware that was offered via you quite some time ago nevermind vaporware 10Gb cards.
Re: '.' in username
On 7/20/05, Tim Hammerquist [EMAIL PROTECTED] wrote: Shawn K. Quinn wrote: Bruno Rohee wrote: Thus breaking a behaviour that people have been used too for about the last 30 years. Telnet was used for most of the last 30 years, too. telnet is still a wonderful tool that I use all the time. $ telnet hostname 25 $ telnet hostname 80 $ telnet hostname 22 It's great for testing basic service availability, version strings, or even a manual session without a lot of process overhead or connection negotiation. Tim He meant telnetd of course -- Gerardo Santana Gsmez Garrido http://www.openbsd.org.mx/santana/ Entre los individuos, como entre las naciones, el respeto al derecho ajeno es la paz -Don Benito Juarez
Re: Need Quad Ethernet for router box
On Thu, 21 Jul 2005, Brad wrote: Brad, think you can get them to start producing the 10Gb card I've been talking to them for almost 2 years about? diana It would be nice if they even sent us the hardware that was offered via you quite some time ago nevermind vaporware 10Gb cards. Sorry to hear, they started getting flaky after they were bought out by Marvel. They quit responding to my e-mails in early January, guess they didn't want our business any more. diana
Re: dual boot client to DHCP gets different IP addresses on different OS
Vivek Ayer wrote: Hi guys, This has really been frustrating experience. I have a dual boot client behind an OpenBSD firewall that uses a DHCP server. When I boot into XP, I get an IP of 192.168.0.2 and in Linux I get 192.168.0.3. Because of this, I can do port forwarding without editing pf.conf every boot. Can I reset the dhcp lease in openbsd and if so, how would I do it so both OS get the same IP address? Thanks. Vivek You could add this to your dhcpd.conf: host dualbootclient_hostname { hardware ethernet dualbootclient_ethernet_address; fixed-address IP-address; } -Tobias
Re: The windows world is catching on!
Brad wrote: On Thu, Jul 21, 2005 at 07:34:01PM +0100, Sevan / Venture37 wrote: http://support.microsoft.com/default.aspx?scid=kb;en-us;555372 You could post a URL that actually works.. They took it down, but the KB article was How to ask a question. The text of the article seems to be reproduced at http://www.petri.co.il/how_to_ask_a_question.htm. Those darned hackers and open source enthusiasts.
Transparent pf firewall with load balance support
Hi, Just a little question that came up when designing a firewall system here, can a transparent bridge with pf do load balance to internal server even if the ifaces don't have any IP adresses? I have two ways to develop this firewall, or a transparent bridge on the switch to router link, or an frontend on the switch to call the internal server so i can use the load balance features, but i wanna to do both ways, there's a way? Thanks in advance, Vinicius
carp failover question
I'm trying to build a pair of 3.7 machines, to replace a pair of 3.5 machines. These machine will be a simple firewall, not NAT'ing just an internal, and an external interface, plus a dedicated network for pfsync. At hte moment I'm having trouble getting failover to ork, when I fail one of the side (internal or external). The xarp manpage sasy that if I have net.inet.carp.preeempt set, and I do ifconfig carp0 down on the master, both sudes should swithch. I'm not seeing that. Looking around a bit, it looks like thee was a utility called ifstated, which was used for making certain that (among other things) both sides failed over, but it seems to be depricated. Here are the hostname.* files for the master: hostname.carp0 inet 205.159.77.2 255.255.255.0 205.159.77.255 vhid 1 carpdev fxp0 pass hostname.carp1 inet 170.85.106.129 255.255.255.128 170.85.106.255 vhid 2 carpdev fxp2 pass hostname.fxp0 inet 205.159.77.11 255.255.255.0 NONE !route add default 205.159.77.234 hostname.fxp1 inet 192.168.254.253 255.255.255.0 NONE hostname.fxp2 inet 170.85.106.253 255.255.255.128 NONE hostname.pfsyanc0 up syncif fxp1 and the slave: hostname.carp0 inet 205.159.77.2 255.255.255.0 205.159.77.255 vhid 1 advskew 128 carpdev fxp0 pass hostname.carp1 inet 177.85.106.129 255.255.255.128 177.85.106.255 vhid 2 advskew 128 carpdev fxp2 pass hostname.fxp0 inet 205.159.77.10 255.255.255.0 NONE !route add default 205.159.77.234 hostname.fxp1 inet 192.168.254.254 255.255.255.0 NONE hostname.fxp2 inet 177.85.106.254 255.255.255.128 NONE hostname.pfsyanc0 up syncif fxp1 Anyone see what I'm doing wrong? -- U.S. Encouraged by Vietnam Vote - Officials Cite 83% Turnout Despite Vietcong Terror - New York Times 9/3/1967
Re: Need Quad Ethernet for router box
On Thu, 21 Jul 2005 12:35:27 -0500 Kevin [EMAIL PROTECTED] wrote: To be blunt, because when an enterprise just needs pure unfiltered inter-VLAN routing, Cisco has CEF products which can route between interfaces at bps and pps rates unapproachable using a general purpose Unix OS and COTS hardware. You know that CEF is just a poor exscuse for the pathetic performance of the CPU's Cisco put in, right? Dont' drink the Cisco sales rep's Kool-Aid. --- Lars Hansson