ASUS A7V8X-X anyone?

2006-01-22 Thread Joakim Roubert
Hi!

Searching archives for ASUS A7V8X-X, I have found some bug reports from
2003-2004, but then nothing. Is anybody using that motherboard with e.g.
3.8, and if so, is it working/stable?

Best regards,

/Joakim
-- 
 http://www.df.lth.se/~jokke/



openbsd on irix

2006-01-22 Thread Lars Weste
hi, 
 
reading http://www.openbsd.org/sgi.html, confuses a bit. at the top it is 
stated that the port will run at r4000 and up. at the bottom, in 
supported hardware, the r5000 is the smallest supported processor. Which 
statement is right? 
 
lars 

-- 
Telefonieren Sie schon oder sparen Sie noch?
NEU: GMX Phone_Flat http://www.gmx.net/de/go/telefonie



Re: openbsd on irix

2006-01-22 Thread Jonathan Gray
On Sun, Jan 22, 2006 at 09:43:56AM +0100, Lars Weste wrote:
 hi, 
  
 reading http://www.openbsd.org/sgi.html, confuses a bit. at the top it is 
 stated that the port will run at r4000 and up. at the bottom, in 
 supported hardware, the r5000 is the smallest supported processor. Which 
 statement is right? 

You take it out of context.

OpenBSD/sgi is a fully featured 64 bit port and will thus only run on systems 
based on 64 bit processors, i.e. R4000 and up.

Currently only O2s are supported which start at r5k.  The port could
be enhanced to support older machines based around r4k processors but
this has not yet been done.



Seja feliz ! 22/1/2006

2006-01-22 Thread Mour
SEJA FELIZ, AGORA!

A felicidade i um trajeto, nco um destino.

Trabalhe,

como se vocj precisasse de dinheiro...

Ame,

como se vocj nunca tivesse sido magoado.

E dance,

como se ninguim estivesse vendo vocj! 

I que ha coisas que nco podem esperar ...

SER FELIZ I UMA DELAS! VISITE: www.jpmourao.cim.br
Vote na ENQUETE, leia as NOTMCIAS
*
Inspire-se na Natureza e seja um vencedor.
Sincera e fraternalmente,  jpMourco



OBSERVAGCO: Caso NCO  deseje mais receber minhas mensagens, CLIQUE AQUI
ou envie, por favor, um e-mail para [EMAIL PROTECTED], com o assunto:
REMOVER. /FONT /DIV



Re: openbsd on irix

2006-01-22 Thread Lars Weste
Hi, 
  
 You take it out of context. 
  
 OpenBSD/sgi is a fully featured 64 bit port and will thus only run on 
 systems based on 64 bit processors, i.e. R4000 and up. 
  
 Currently only O2s are supported which start at r5k.  The port could 
 be enhanced to support older machines based around r4k processors but 
 this has not yet been done. 
  
 
thanks for making this clear to me. 
 
lars 

-- 
Lust, ein paar Euro nebenbei zu verdienen? Ohne Kosten, ohne Risiko!
Satte Provisionen f|r GMX Partner: http://www.gmx.net/de/go/partner



Re: ASUS A7V8X-X anyone?

2006-01-22 Thread Matthias Kilian
On Sun, Jan 22, 2006 at 09:40:32AM +0100, Joakim Roubert wrote:
 Searching archives for ASUS A7V8X-X, I have found some bug reports from
 2003-2004, but then nothing. Is anybody using that motherboard with e.g.
 3.8,

Yes.

and if so, is it working/stable?

Yes, dmesg below.

I only have to config(4) pcibios(4) flags to 0x04, because without
this the system freezes when configuring the audio controller.

Ciao,
Kili

OpenBSD 3.9-beta (GENERIC) #148: Sat Jan 21 19:48:03 CET 2006
[EMAIL PROTECTED]:/var/compile/GENERIC
cpu0: AMD Athlon(TM) XP 2400+ (AuthenticAMD 686-class, 256KB L2 cache) 1.99 
GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
cpu0: AMD Powernow: TS
real mem  = 1073307648 (1048152K)
avail mem = 972668928 (949872K)
using 4278 buffers containing 53768192 bytes (52508K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(bf) BIOS, date 04/21/04, BIOS32 rev. 0 @ 0xf1aa0
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x2162
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xd000 0xd/0x6000! 0xd8000/0x1800 0xdc000/0x8000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 VIA VT8377 PCI rev 0x00
ppb0 at pci0 dev 1 function 0 VIA VT8235 AGP rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 ATI Radeon 9200 SE Sec rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ATI Radeon 9200 SE rev 0x01 at pci1 dev 0 function 1 not configured
bce0 at pci0 dev 9 function 0 Broadcom BCM4401 rev 0x01: irq 6, address 
00:e0:18:9a:2a:7d
bmtphy0 at bce0 phy 1: BCM4401 10/100baseTX PHY, rev. 0
trm0 at pci0 dev 13 function 0 Tekram DC-3x5U rev 0x01: irq 9
scsibus0 at trm0: 8 targets
trm0: target 0 using 8 bit 20.83 MHz, Offset 8 data transfers 
cd0 at scsibus0 targ 0 lun 0: PIONEER, DVD-ROM DVD-303R, 1.10 SCSI2 5/cdrom 
removable
trm0: target 2 using 8 bit 10.0 MHz, Offset 15 data transfers 
cd1 at scsibus0 targ 2 lun 0: TEAC, CD-R55S, 1.0J SCSI2 5/cdrom removable
trm1 at pci0 dev 14 function 0 Tekram DC-3x5U rev 0x01: irq 5
scsibus1 at trm1: 16 targets
trm1: target 1 using 16 bit 20.83 MHz, Offset 15 data transfers 
st0 at scsibus1 targ 1 lun 0: HP, C5683A, C104 SCSI2 1/sequential removable
st0: drive empty or not ready
uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x80: irq 5
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x80: irq 5
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x80: irq 5
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 16 function 3 VIA VT6202 USB rev 0x82: irq 5
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: VIA EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
viapm0 at pci0 dev 17 function 0 VIA VT8235 ISA rev 0x00
iic0 at viapm0
asbtm0 at iic0 addr 0x2d
lm1 at iic0 addr 0x2f: W83791D
pciide0 at pci0 dev 17 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 
0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: Maxtor 6Y080L0
wd0: 16-sector PIO, LBA, 78167MB, 160086528 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6
pciide0: channel 1 disabled (no drives)
auvia0 at pci0 dev 17 function 5 VIA VT8233 AC97 rev 0x50: irq 6
ac97: codec id 0x414c4720 (Avance Logic ALC650)
ac97: codec features 20 bit DAC, 18 bit ADC, Realtek 3D
audio0 at auvia0
isa0 at mainbus0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
biomask ff25 netmask ff65 ttymask ffe7
pctr: user-level cycle counter enabled
mtrr: Pentium Pro MTRR support
umass0 at uhub3 port 3 configuration 1 interface 0
umass0: Genesyslogic USB Mass Storage Device, rev 2.00/0.33, addr 2
umass0: using SCSI over Bulk-Only
scsibus2 at umass0: 2 targets
sd0 at scsibus2 targ 1 lun 0: SAMSUNG, SV1604N, 0811 SCSI0 0/direct fixed
sd0: 152627MB, 152627 cyl, 64 head, 32 sec, 512 bytes/sec, 312581808 sec total
umass1 at uhub3 port 4 configuration 1 interface 0
umass1: Iomega Optical USB 2.0 Drive, rev 2.00/0.01, addr 3
umass1: using SCSI over Bulk-Only
scsibus3 at umass1: 2 

Re: Partition advice

2006-01-22 Thread Peter N. M. Hansteen
M... [EMAIL PROTECTED] writes:

 I want to run a mailsever (20 users),
 (spamassasin/clamav) mailing list server (20 lists),
 ftp and web servers, (maybe 100MB or so of data)
 adding them in and seeing how it handles the load.

 I was thinking of doing

 / = 500MB
 /tmp - 100MB
 /usr - 1GB
 /var - 1GB
 /home - 1.4GB

Seeing that you are putting /var, /usr/ and /tmp, on separate
partitions, you should be able to shrink the / considerably, see
ftp://ftp.openbsd.org/pub/OpenBSD/3.8/SIZES.  The values in SIZES
however do not seem to take into account such things as a ports tree or
system and X source code, both of which go into /usr somewhere.

On a system within reach here with full source and a ports tree, the
partition which houses /, /tmp and /usr has about 3.8 used, with /usr
consuming roughly 3.4 gigabytes. Skip X and system sources, you'll go a
lot lighter.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
First, we kill all the spammers The Usenet Bard, Twice-forwarded tales



running snapshot (obsd 3.9-beta), not able to compile GENERIC kernel

2006-01-22 Thread Didier Wiroth
Hi, 
I've installed (on a newly formated disk) openbsd 3.9-beta (snapshot from 19.1) 
on my laptop  
I've added a few packages from the snapshot/packages/i386 (kdebase etc...) 
Then I've fetched the latest sources: 
cvs -q -d [EMAIL PROTECTED]:/cvs get -P src 
 
I tried to build a kernel like usual: 
config GENERIC, make clean depend and make etc... 
It failed after some time with the same error, see below. 
 
I downloaded and redownloaded a few times my sources because I thought it might 
be an unclean source tree but I had no luck so far. 
 
I would like to understand what's wrong, did I do a mistake ...? 
 
Thank you very much for helping. 
 
Here is the error output: 
 
cc  -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes  -Wno-uninitialized 
-Wno-format -Wno-main  
-fno-builtin-printf -fno-builtin-log -O2 -pipe -nostdinc -I. 
-I/usr/src/sys/arch/i386/compile/GENERIC/../../../../arch 
-I/usr/src/sys/arch/i386/compile/GENERIC/../../../.. -DDDB -DDIAGNOSTIC 
-DKTRACE -DACCOUNTING 
-DKMEMSTATS -DPTRACE -DCRYPTO -DSYSVMSG -DSYSVSEM -DSYSVSHM -DUVM_SWAP_ENCRYPT 
-DCOMPAT_35 -DCOMPAT_43 -DLKM -DFFS -DFFS_SOFTUPDATES -DUFS_DIRHASH -DQUOTA 
-DEXT2FS -DMFS -DXFS -DTCP_SACK -DTCP_ECN -DTCP_SIGNATURE -DNFSCLIENT 
-DNFSSERVER 
-DCD9660 -DUDF -DMSDOSFS -DFIFO -DPORTAL -DINET -DALTQ -DINET6 -DIPSEC 
-DPPP_BSDCOMP 
-DPPP_DEFLATE -DMROUTING -DBOOT_CONFIG -DI386_CPU -DI486_CPU -DI586_CPU 
-DI686_CPU 
-DUSER_PCICONF -DUSER_LDT -DAPERTURE -DCOMPAT_SVR4 -DCOMPAT_IBCS2 
-DCOMPAT_LINUX 
-DCOMPAT_FREEBSD -DCOMPAT_BSDOS -DCOMPAT_AOUT -DPROCFS -DACPIVERBOSE 
-DPCIVERBOSE -DEISAVERBOSE -DUSBVERBOSE -DWSDISPLAY_COMPAT_USL 
-DWSDISPLAY_COMPAT_RAWKBD -DWSDISPLAY_DEFAULTSCREENS=6 
-DWSDISPLAY_COMPAT_PCVT 
-DPCIAGP -D_KERNEL -Di386  -c 
/usr/src/sys/arch/i386/compile/GENERIC/../../../../dev/pci/trm_pci.c 
/usr/src/sys/dev/pci/trm_pci.c:67: warning: excess elements in struct 
initializer 
/usr/src/sys/dev/pci/trm_pci.c:67: warning: (near initialization for 
`trm_pci_ca') 
*** Error code 1 
 
Stop in /usr/src/sys/arch/i386/compile/GENERIC (line 2595 of Makefile). 

--
Ministry of Higher Education
CEDIES
rte d'Esch, 211
L-1471 Luxembourg
Tel: (+352) 478-8669
Fax: (+352) 455656

Pgp key:
http://www.cedies.public.lu/pgp-keys/
--



Re: ASUS A7V8X-X anyone?

2006-01-22 Thread Andy Hayward
On 1/22/06, Joakim Roubert [EMAIL PROTECTED] wrote:
 Searching archives for ASUS A7V8X-X, I have found some bug reports from
 2003-2004, but then nothing. Is anybody using that motherboard with e.g.
 3.8, and if so, is it working/stable?

Works perfectly, as long as you either tweak the pcibios(4) flags, or
disable the audio device in the BIOS.

-- ach



Re: Partition sizing

2006-01-22 Thread Joachim Schipper
On Sat, Jan 21, 2006 at 02:15:37PM -0600, J Moore wrote:
 On Sat, Jan 21, 2006 at 05:42:08PM +0800, the unit calling itself Lars 
 Hansson wrote:
  On Sat, 21 Jan 2006 03:30:34 -0600
 
   Get a bigger H/D... 40 GB is about the smallest you can buy today; 4 GB 
   drives have not been made in years.
  
  Why? 4Gb is more than enough for trying out OpenBSD.
 
 Why? What's the point of learning how to do anything on marginal, 
 nearly-antique hardware? What is lost by using a reasonably sized, 
 current piece of hardware? He asked for advice  I think that's the 
 best course of action.

Marginal, nearly-antique hardware tends to constrain one from doing
things too inefficiently, which is a good thing.

However, 4 GB is usually sufficient. Unless you are compiling KDE from
source, storing your entire music collection, storing a couple of
videos, or storing years' worth of very inefficient documents [1], or
doing something similar, 4 GB is likely to be sufficient.

That said, most of my machines have more disk, and it certainly makes
life easier. That does not mean it is necessary, though.

Joachim

[1] One of my servers stores such for eight to ten years, with an
average of, say, four to five people working on it; the whole thing
comes out to 12 GB, with a lot of duplicate files and no coordinated
effort to clean out the old cruft; all this in Word documents - when
using plain text files, or something like LaTeX, it is almost
impossible.



Re: running snapshot (obsd 3.9-beta), not able to compile GENERIC kernel

2006-01-22 Thread Lukasz Sztachanski
On Sun, Jan 22, 2006 at 12:01:18PM +, Didier Wiroth wrote:
 /usr/src/sys/dev/pci/trm_pci.c:67: warning: excess elements in struct 
 initializer 
 /usr/src/sys/dev/pci/trm_pci.c:67: warning: (near initialization for 
 `trm_pci_ca') 
 *** Error code 1 
  
 Stop in /usr/src/sys/arch/i386/compile/GENERIC (line 2595 of Makefile). 
 
i had same error yesterday; today, i've synced -current, and everything
is all right.



- Lukasz Sztachanski


-- 
0x058B7133 // 16AB 4EBC 29DA D92D 8DBE  BC01 FC91 9EF7 058B 7133
http://szati.blogspot.com
http://szati.entropy.pl



Re: running snapshot (obsd 3.9-beta), not able to compile GENERIC kernel

2006-01-22 Thread Jonathan Gray
On Sun, Jan 22, 2006 at 12:01:18PM +, Didier Wiroth wrote:
 Hi, 
 I've installed (on a newly formated disk) openbsd 3.9-beta (snapshot from 
 19.1) on my laptop  
 I've added a few packages from the snapshot/packages/i386 (kdebase etc...) 
 Then I've fetched the latest sources: 
 cvs -q -d [EMAIL PROTECTED]:/cvs get -P src 
  
 I tried to build a kernel like usual: 
 config GENERIC, make clean depend and make etc... 
 It failed after some time with the same error, see below. 
  
 I downloaded and redownloaded a few times my sources because I thought it 
 might 
 be an unclean source tree but I had no luck so far. 
  
 I would like to understand what's wrong, did I do a mistake ...? 
  
 Thank you very much for helping. 
  
 Here is the error output: 
  
 cc  -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes  
 -Wno-uninitialized -Wno-format -Wno-main  
 -fno-builtin-printf -fno-builtin-log -O2 -pipe -nostdinc -I. 
 -I/usr/src/sys/arch/i386/compile/GENERIC/../../../../arch 
 -I/usr/src/sys/arch/i386/compile/GENERIC/../../../.. -DDDB -DDIAGNOSTIC 
 -DKTRACE -DACCOUNTING 
 -DKMEMSTATS -DPTRACE -DCRYPTO -DSYSVMSG -DSYSVSEM -DSYSVSHM 
 -DUVM_SWAP_ENCRYPT 
 -DCOMPAT_35 -DCOMPAT_43 -DLKM -DFFS -DFFS_SOFTUPDATES -DUFS_DIRHASH -DQUOTA 
 -DEXT2FS -DMFS -DXFS -DTCP_SACK -DTCP_ECN -DTCP_SIGNATURE -DNFSCLIENT 
 -DNFSSERVER 
 -DCD9660 -DUDF -DMSDOSFS -DFIFO -DPORTAL -DINET -DALTQ -DINET6 -DIPSEC 
 -DPPP_BSDCOMP 
 -DPPP_DEFLATE -DMROUTING -DBOOT_CONFIG -DI386_CPU -DI486_CPU -DI586_CPU 
 -DI686_CPU 
 -DUSER_PCICONF -DUSER_LDT -DAPERTURE -DCOMPAT_SVR4 -DCOMPAT_IBCS2 
 -DCOMPAT_LINUX 
 -DCOMPAT_FREEBSD -DCOMPAT_BSDOS -DCOMPAT_AOUT -DPROCFS -DACPIVERBOSE 
 -DPCIVERBOSE -DEISAVERBOSE -DUSBVERBOSE -DWSDISPLAY_COMPAT_USL 
 -DWSDISPLAY_COMPAT_RAWKBD -DWSDISPLAY_DEFAULTSCREENS=6 
 -DWSDISPLAY_COMPAT_PCVT 
 -DPCIAGP -D_KERNEL -Di386  -c 
 /usr/src/sys/arch/i386/compile/GENERIC/../../../../dev/pci/trm_pci.c 
 /usr/src/sys/dev/pci/trm_pci.c:67: warning: excess elements in struct 
 initializer 
 /usr/src/sys/dev/pci/trm_pci.c:67: warning: (near initialization for 
 `trm_pci_ca') 
 *** Error code 1 
  
 Stop in /usr/src/sys/arch/i386/compile/GENERIC (line 2595 of Makefile). 

The tree was very briefly broken, do a cvs update and this should be fixed.



Re: Downloads limiting with PF

2006-01-22 Thread Marco Peereboom
http://www.openbsd.org/faq/pf/queueing.html
http://www.openbsd.org/cgi-bin/man.cgi?query=pf.confapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html

That should get you started.

On Sat, Jan 21, 2006 at 11:27:50PM +0200, Maxim Vetsalo wrote:
 Hi
 
 Sorry for my english first :-( I try to explain my problem as clean as I can.
 I have internet connection with very low bandwidth and many users. Bandwidth 
 is enough if users don't download large files, but if only one of them start 
 to download, others must wait long time for any webpage (and it's 
 understandable :-)). I tried to limit size of downloadable object with Sqiud, 
 but users start to complain. Ideal solution for me in such situation seems 
 follow: when user start download it got full bandwidth untill some (fixed) 
 limit in bytes reached, after that without breaking download connection got 
 restricted bandwitdh.
 The question is - can I achive this with PF+ALTQ on my OpenBSD 3.7-stable 
 router?
 
 Maxim.



Re: running snapshot (obsd 3.9-beta), not able to compile GENERIC kernel

2006-01-22 Thread Didier Wiroth
On Sun, Jan 22, 2006 at 12:01:18PM +, Didier Wiroth wrote:
/usr/src/sys/arch/i386/compile/GENERIC/../../../../dev/pci/trm_pci.c
 /usr/src/sys/dev/pci/trm_pci.c:67: warning: excess elements in struct 
 initializer
 /usr/src/sys/dev/pci/trm_pci.c:67: warning: (near initialization for 
 `trm_pci_ca')
 *** Error code 1
 
 Stop in /usr/src/sys/arch/i386/compile/GENERIC (line 2595 of Makefile).

The tree was very briefly broken, do a cvs update and this should be fixed.

Thx a lot, fixed now!
Regards
Didier

--
Ministry of Higher Education
CEDIES
rte d'Esch, 211
L-1471 Luxembourg
Tel: (+352) 478-8669
Fax: (+352) 455656

Pgp key:
http://www.cedies.public.lu/pgp-keys/
--



Hardware+OpenBSD wiki

2006-01-22 Thread Travers Buda
In light of all the recent activity on misc about will OpenBSD run on 
X? perhaps someone would like to host a wiki for strange/new hardware? 

Travers 



Re: Partition advice

2006-01-22 Thread M...
--- Peter N. M. Hansteen [EMAIL PROTECTED] wrote:


 On a system within reach here with full source and a
 ports tree, the
 partition which houses /, /tmp and /usr has about
 3.8 used, with /usr
 consuming roughly 3.4 gigabytes. Skip X and system
 sources, you'll go a
 lot lighter.
 
 -- 
 Peter N. M. Hansteen, member of the first RFC 1149


I'm not using x-windows or games.  I'll be using the
commandline/shell

Thanks everyone for the info.
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



Re: Hardware+OpenBSD wiki

2006-01-22 Thread Darrin Chandler

Travers Buda wrote:

In light of all the recent activity on misc about will OpenBSD run on 
X? perhaps someone would like to host a wiki for strange/new hardware? 

Travers 
 



Are you volunteering?

It wasn't long ago that the OpenBSD Metastore got going, amid some 
controversy. I haven't heard anything about it lately. Last I looked, 
there were a handful of useful things there that you could look at, and 
links to online sources to buy them. As long as you weren't from Taiwan, 
that is. Anyway, I think it's not as easy task. And also it's not 
something that you do once and move on. It would be an ongoing, 
substantial commitment for someone. Personally, I wish there were such a 
resource, but I can understand why there isn't.


--
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |



Re: ASUS A7V8X-X anyone?

2006-01-22 Thread Joakim Roubert
On 22/01/06 11:41, Matthias Kilian wrote:

 Yes, dmesg below.

On 22/01/06 13:15, Andy Hayward wrote:

 Works perfectly, as long as you either tweak the pcibios(4) flags, or
 disable the audio device in the BIOS.

Thanks a lot!!
I have bought that computer now, and the guy who sold it actually had an
OpenBSD on it! Super!!

Best regards,

/Joakim
-- 
 http://www.df.lth.se/~jokke/



NIS/NFS server and MFS

2006-01-22 Thread Jose Fragoso
Hi,

I was given the task to setup an OpenBSD NFS server. The machine allocated for 
the task is fairly well served with RAM memory (2G). I though of using MFS for 
the /tmp filesystem, but I don't know:

1. How much space would I need in /tmp for this task. Is NFS/NIS hungry of /tmp 
space?

2. If I would have any significant gain in performance by doing this or leave 
the memory allocation for the operating system.

I thank in advance any comments, suggestions and criticisms.

Best regards,

Josi


-- 
___
Play 100s of games for FREE! http://games.mail.com/



Re: Hardware+OpenBSD wiki

2006-01-22 Thread Srebrenko Sehic
There is OpenBSD Server Hardware Compatibility List (OSCL). But that
only covers stock hardware from major vendors. But it's constantly
being updated.

http://www.armorlogic.com/openbsd_information_server_compatibility_list.html

Contribute if you have something.

On 1/22/06, Darrin Chandler [EMAIL PROTECTED] wrote:
 Travers Buda wrote:

 In light of all the recent activity on misc about will OpenBSD run on
 X? perhaps someone would like to host a wiki for strange/new hardware?
 
 Travers
 
 

 Are you volunteering?

 It wasn't long ago that the OpenBSD Metastore got going, amid some
 controversy. I haven't heard anything about it lately. Last I looked,
 there were a handful of useful things there that you could look at, and
 links to online sources to buy them. As long as you weren't from Taiwan,
 that is. Anyway, I think it's not as easy task. And also it's not
 something that you do once and move on. It would be an ongoing,
 substantial commitment for someone. Personally, I wish there were such a
 resource, but I can understand why there isn't.

 --
 Darrin Chandler|  Phoenix BSD Users Group
 [EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
 http://www.stilyagin.com/  |



redirecting domain names

2006-01-22 Thread Peter Fraser
On my windows machines, I use the hosts file
from http://www.mvps.org/winhelp2002/hosts.htm;
which removes a lot of junk from the internet.

Rather than going to each machine an installing
this hosts file in \windows\system32\drivers\etc
I would rather have my firewall block these
names instead.

Please note the blocking has to be done on the name,
not the ip address. The ip address could easily
be at some hosting site, and also be used for some
entirely valid web site.

Does any one know how to implement this?



Re: pkg_add package very slow

2006-01-22 Thread scorch

On Sat, Jan 21, 2006 at 02:32:27PM +0100, Adam PAPAI wrote:

Hi

I've got a problem with pkg_add. I usually install 1-2 OpenBSD system a 
week. Some of them has got problem with pkg_add.


For example pkg_add -vv screen-4.0.2.tgz takes 10 minutes.

And it's abnormal. What can I do to speed up this slowliness? I guess 
probably must be wrong with the perl.


i am pretty sure you are right -- it's probably perl, everybody knows that 
stuff is bad. and don't forget all that low-quality coding that goes into 
openbsd. yes, now i think about it, its probably some poor french developer 
so low on caffeine he can't even think through those last cvs commits properly.


or _perhaps_ its something else, more probable, like your PKG_PATH is 
pointing where you expect it, and the delay is due to needing to snarf the 
pkg down from the 'net somewhere, as it can't find the bits locally.


where does pkg_add go to get your bits? i.e. what's in your PKG_PATH?  a 
local repository? scp? ftp? http? are they being pulled off a remote 
filesystem, nfs 


are the all the dependencies you need for screenXYZ in /usr/ports/packages/* 
? or any other repositories in PKG_PATH ?


try starting your pkg_add XYZ and then run a netstat. anything doing ftp 
while you're not looking?


have the dependencies for XYZ changed since you last downloaded them? do you 
get the same doggy speed when 'the bits' and all its dependencies are in 
/tmp/ ?e.g. PKG_PATH=/tmp; pkg_add -v /tmp/screen-4.0.2.tgz - slow/fast/borks?


are you running 3.8, stable,  ?

if you're convinced its the perl, try adding some debug statements in 
/usr/libdata/perl5/OpenBSD/* and then you'll be able to find the bug  
submit a patch.


cheers, scorch
--
out of the frying pan and into the fire



Re: redirecting domain names

2006-01-22 Thread Stuart Henderson
On 2006/01/22 12:39, Peter Fraser wrote:
 Rather than going to each machine an installing
 this hosts file in \windows\system32\drivers\etc
 I would rather have my firewall block these
 names instead.
 
 Please note the blocking has to be done on the name,
 not the ip address.

You'll need to use a web proxy for this.



Re: redirecting domain names

2006-01-22 Thread Nick Holland
Stuart Henderson wrote:
 On 2006/01/22 12:39, Peter Fraser wrote:
 Rather than going to each machine an installing
 this hosts file in \windows\system32\drivers\etc
 I would rather have my firewall block these
 names instead.
 
 Please note the blocking has to be done on the name,
 not the ip address.
 
 You'll need to use a web proxy for this.


You COULD use a proxy for this (actually, it would have to be a more
general proxy, not just web), but you can do this in simpler ways, too
(which I would argue are at least as effective in real life than the
more technically perfect proxy system).  Just set up a poisoned DNS
resolver to mangle resolution of any domain or subdomain you don't want
people going to, which is what you are doing in a machine-by-machine
basis with a hosts file:

  http://www.holland-consulting.net/tech/imblock.html

I'm very fond of this idea of DNS mangling, both to eliminate things I
find personally annoying, plus as an aid for managing other people's
computers.  See the Disadvantages section in that article for a list
of limitations and disclaimers.

Nick.



Re: Tyan S2885, 3 Video Cards Trouble

2006-01-22 Thread Nick Holland
Robert Jacobs wrote:
 Hello all,
 
 I got a Tyan S2885 motherboard and am trying to get Xorg to work with 3 PCI
 Radeon video cards. I have always had X work with this many or more video
 cards so I'm thinking that there might be something specific to this setup
 that is screwed up. First tried current then 3.8 Release. It works perfectly
 with 2 video cards but with any combination (2 pci - 1 agp, 3 pci, etc) of 3
 video cards, X -configure crashes or gives the following error:

you provide some good information about your configuration, but it
sounds like you stuffed three video cards in place and are trying to get
that to work.  Either you know something I don't know (not out of the
question...what I thought I knew about X is being tested by the
upgrade-induced demize of fluffy, my three-headed machine), or you are
going about this all wrong...

Try this strategy...
Remove all but one video card.
Get X working on that one card, using an xorg.conf file.
Insert a second card, keep X working on the one card (this seems to be
an important step...and not quite as trivial as it sounds).
Get X working on the two cards.
Insert third card, keep X working on the two previous cards.
Get X working on third card.
Let brain recover from the serious frying you just gave it.


As indicated, I'm doing this battle myself at the moment -- my primary
machine used an X configuration no longer supported in OpenBSD (Matrox
G400 dual-head card, which required a Matrox-provided binary HAL file,
which no longer works in -current...I'm amazed I got away with using a
Linux XFree86 file as long as I did!), plus the machine failed while
working on it (again, not a surprise, it has had issues since I got it
from a friend's scrap pile), so it is getting a well-deserved upgrade.
But so far, I'm stuck at two monitors.  (and where did I leave that pile
of good Matrox PCI cards?? :)

Nick.



Routing problem?

2006-01-22 Thread Jonas Lindskog

Hello,

We are running Open BSD 3.8 as a firewall router. The router has two 
internal networks to handle; a DMZ with real
ip adresses and a NAT network to which our workstations are connected. 
The problem I have is that its not possible to
connect to the server on the DMZ (ip 38.87.5.122, netmask 
255.255.255.252) from the outside (but from the inside).
I guess that I somehow has to make the external interface listen to the 
same adress as the server (they are on the same net), but if I add
an alias to the external interface it doesn't (of course) route packages 
to the DMZ. How do I make OpenBSD route packages to the server

(and the DMZ subnet)?

Our ISP has given us a net that has the following data:

Net segment: 38.87.5.112 /28 
net address:   38.87.5.112

gw address:   38.87.5.113
firewall:  38.87.5.114
free ip ip: 38.87.5.115-126
broadcast address:38.87.5.127
netmask:  255.255.255.240

the server has the following interfaces configured:
### interfaces 
#external interface
inet 38.87.5.114 255.255.255.240 NONE

#internal interface
inet 192.168.97.254 255.255.255.0 NONE

# dmz
inet 38.87.5.121 255.255.255.252 NONE

Thanks in advance

Jonas



Re: redirecting domain names

2006-01-22 Thread Joakim Aronius
Hi,

I use DNS to solve this too. Got my list from http://pgl.yoyo.org/adservers/ 
which can generate config files in a bunch if different formats. Works great.

Cheers,
/jkm

* Nick Holland ([EMAIL PROTECTED]) wrote:
 Stuart Henderson wrote:
  On 2006/01/22 12:39, Peter Fraser wrote:
  Rather than going to each machine an installing
  this hosts file in \windows\system32\drivers\etc
  I would rather have my firewall block these
  names instead.
  
  Please note the blocking has to be done on the name,
  not the ip address.
  
  You'll need to use a web proxy for this.
 
 
 You COULD use a proxy for this (actually, it would have to be a more
 general proxy, not just web), but you can do this in simpler ways, too
 (which I would argue are at least as effective in real life than the
 more technically perfect proxy system).  Just set up a poisoned DNS
 resolver to mangle resolution of any domain or subdomain you don't want
 people going to, which is what you are doing in a machine-by-machine
 basis with a hosts file:
 
   http://www.holland-consulting.net/tech/imblock.html
 
 I'm very fond of this idea of DNS mangling, both to eliminate things I
 find personally annoying, plus as an aid for managing other people's
 computers.  See the Disadvantages section in that article for a list
 of limitations and disclaimers.
 
 Nick.



Re: OpenBSD 3.8, fxp, device timeout

2006-01-22 Thread receive . mailinglists
Hello,

I just want to inform you that the problems are resolved with the current
OpenBSD 3.9 bootfloppy
(ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/i386/floppy39.fs). I just
added to the bootfloppy /etc/boot.conf (for console output via serial
port) and the network works without any problems ;)

Here is my current dmesg:

OpenBSD 3.9-beta (RAMDISK) #1003: Thu Jan 19 12:54:01 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK
cpu0: Intel(R) Celeron(R) CPU 2.40GHz (GenuineIntel 686-class) 2.40 GHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MC
A,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS, HTT,TM,SBF,CNXT-ID
real mem = 536387584 (523816K)
avail mem = 485257216 (473884K)
using 4278 buffers containing 26923008 bytes (26292K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(c0) BIOS, date 05/27/03, BIOS32 rev. 0 @ 0xfb330
apm0 at bios0: Power Management spec V1.2
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0xdf84
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde90/240 (13 entries)
pcibios0: PCI Exclusive IRQs: 5 10 11 12
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371SB ISA rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82845 Host rev 0x04
ppb0 at pci0 dev 1 function 0 Intel 82845 AGP rev 0x04
pci1 at ppb0 bus 1
ppb1 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x05
pci2 at ppb1 bus 2
fxp0 at pci2 dev 6 function 0 Intel 8255x rev 0x08, i82559: irq 12,
address 00:30:48:52:c9:fc
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
fxp1 at pci2 dev 7 function 0 Intel 8255x rev 0x08, i82559: irq 12,
address 00:30:48:52:c9:fd
inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4
vga1 at pci2 dev 8 function 0 ATI Rage XL rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
ichpcib0 at pci0 dev 31 function 0 Intel 82801BA LPC rev 0x05
pciide0 at pci0 dev 31 function 1 Intel 82801BA IDE rev 0x05: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: ExcelStor Technology J360
wd0: 16-sector PIO, LBA48, 58644MB, 120103200 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 disabled (no drives)
Intel 82801BA SMBus rev 0x05 at pci0 dev 31 function 3 not configured
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask efe5 netmask ffe5 ttymask ffe7
rd0: fixed, 3800 blocks
dkcsum: wd0 matches BIOS drive 0x80
root on rd0a
rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02


Best regards,
Sven


 Hello,

 I've a server at the German hoster Strato and I try to install OpenBSD
 3.8 on this machine. But I always get a device timeout of the Intel Nic
 (because of a wrong irq assignment?)  :(

 Here is the dmesg output:

 OpenBSD 3.8 (RAMDISK) #9: Tue Jan  17 18:24:51 CET 2006
 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK
 cpu0: Intel(R) Celeron(R) CPU 2.40GHz (GenuineIntel 686-class) 2.40 GHz
 cpu0:
 FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,
 ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID
 real mem  = 536387584 (523816K)
 avail mem = 485179392 (473808K)
 using 4278 buffers containing 26923008 bytes (26292K) of memory
 mainbus0 (root)
 acpi0 at mainbus0: revision 0 attached
 acpitimer at acpi0 not configured
 acpi device at acpi0 from table DSDT not configured
 acpi device at acpi0 from table FACP not configured
 bios0 at mainbus0: AT/286+(c0) BIOS, date 05/27/03, BIOS32 rev. 0 @
 0xfb330
 apm0 at bios0: Power Management spec V1.2
 apm0: flags 70102 dobusy 1 doidle 1
 pcibios0 at bios0: rev 2.1 @ 0xf/0xdf84
 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde90/240 (13 entries)
 pcibios0: PCI Exclusive IRQs: 5 10 11 12
 pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371SB ISA rev 0x00)
 pcibios0: PCI bus #2 is the last bus
 bios0: ROM list: 0xc/0x8000 0xc8000/0x1000
 cpu0 at mainbus0
 pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
 pchb0 at pci0 dev 0 function 0 Intel 82845 Host rev 0x04
 ppb0 at pci0 dev 1 function 0 Intel 82845 AGP rev 0x04
 pci1 at ppb0 bus 1
 ppb1 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x05
 pci2 at ppb1 bus 2
 fxp0 at pci2 dev 6 function 0 Intel 82557 rev 0x08, i82559: irq 12,
 address 00:30:48:52:c9:fc
 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
 fxp1 at pci2 dev 7 function 0 Intel 82557 rev 0x08, i82559: irq 12,
 address 00:30:48:52:c9:fd
 inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4
 vga1 at pci2 dev 8 function 0 ATI Rage XL rev 0x27
 

Re: NIS/NFS server and MFS

2006-01-22 Thread Otto Moerbeek
On Sun, 22 Jan 2006, Jose Fragoso wrote:

 Hi,
 
 I was given the task to setup an OpenBSD NFS server. The machine allocated 
 for the task is fairly well served with RAM memory (2G). I though of using 
 MFS for the /tmp filesystem, but I don't know:

Wrap your lines!

 
 1. How much space would I need in /tmp for this task. Is NFS/NIS hungry of 
 /tmp space?

No, NFS and NIS do not use /tmp at all.

 
 2. If I would have any significant gain in performance by doing this or leave 
 the memory allocation for the operating system.

Given the above, no performance gain will be expected.

-Otto

 
 I thank in advance any comments, suggestions and criticisms.
 
 Best regards,
 
 Josi



Re: Partition sizing

2006-01-22 Thread Ted Unangst
On 1/21/06, Kevin [EMAIL PROTECTED] wrote:
 On 1/21/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
  Lots of fsck time and an unbootable system if I understand this stuff.

 Actually, since fsck is all about metadata (inodes), a big, mostly-empty
 isn't going to take much longer to check than a smaller partition with
 the same number of used inodes and cylinder groups.

untrue.



Re: redirecting domain names

2006-01-22 Thread Stuart Henderson
On 2006/01/22 13:54, Nick Holland wrote:
  You'll need to use a web proxy for this.
 
  Just set up a poisoned DNS
 resolver to mangle resolution of any domain or subdomain you don't want
 people going to, which is what you are doing in a machine-by-machine
 basis with a hosts file:

ahh, of course. That's a much better idea, I don't know what I was
thinking..!



Re: Routing problem?

2006-01-22 Thread Jason Dixon

On Jan 22, 2006, at 1:07 PM, Jonas Lindskog wrote:


Hello,

We are running Open BSD 3.8 as a firewall router. The router has  
two internal networks to handle; a DMZ with real
ip adresses and a NAT network to which our workstations are  
connected. The problem I have is that its not possible to
connect to the server on the DMZ (ip 38.87.5.122, netmask  
255.255.255.252) from the outside (but from the inside).
I guess that I somehow has to make the external interface listen to  
the same adress as the server (they are on the same net), but if I add
an alias to the external interface it doesn't (of course) route  
packages to the DMZ. How do I make OpenBSD route packages to the  
server

(and the DMZ subnet)?


http://www.openbsd.org/faq/pf/rdr.html#reflect

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net



CARP not preempt-ing correctly

2006-01-22 Thread Chris Cameron
When one interface fails in a carp setup, it is my understanding that if 
net.inet.carp.preempt is set to '1', that both interfaces on the single 
machine should fail. However I'm not seeing this happening and I'm 
hoping this is why I'm dropping connections during fail over. If I fail 
both interfaces at the exact same time I have no problems with dropped 
connections.


My setup is as follows, I'll mention that pfsync traffic is going over 
the local network. Also, I've tried with setting advskew to 100 one one 
firewall, as well as not setting it at all with net.inet.carp.preempt set.



Firewall 1:

# sysctl -a | grep carp
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.carp.log=1
net.inet.carp.arpbalance=0

# ifconfig -a
 ...
gem0: 
flags=8b63UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST 
mtu 1500

lladdr 00:03:ba:94:5f:06
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 209.82.103.244 netmask 0xfff8 broadcast 209.82.103.247
inet6 fe80::203:baff:fe94:5f06%gem0 prefixlen 64 scopeid 0x1
gem1: 
flags=8b63UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST 
mtu 1500

lladdr 00:03:ba:94:5f:07
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.121.2 netmask 0xff00 broadcast 192.168.121.255
inet6 fe80::203:baff:fe94:5f07%gem1 prefixlen 64 scopeid 0x2
pflog0: flags=141UP,RUNNING,PROMISC mtu 33192
pfsync0: flags=41UP,RUNNING mtu 1348
pfsync: syncdev: gem1 maxupd: 128
enc0: flags=0 mtu 1536
carp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
carp: BACKUP carpdev gem0 vhid 1 advbase 1 advskew 100
groups: carp
inet 209.82.103.246 netmask 0xfff8 broadcast 209.82.103.247
carp1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
carp: BACKUP carpdev gem1 vhid 2 advbase 1 advskew 100
groups: carp
inet 192.168.121.1 netmask 0xff00 broadcast 192.168.121.255

# cat pf.conf | grep -v #

nat on gem0 from 192.168.121.0/24 to any - 209.82.103.246

rdr pass on gem0 proto tcp from any to any port 25 - 192.168.121.10
rdr pass on gem0 proto udp from any to any port 53 - 192.168.121.10
rdr pass on gem0 proto tcp from any to any port 6881 - 192.168.121.123

pass quick on gem1 proto pfsync
pass on { gem0 gem1 } proto carp keep state
pass out on gem0 keep state
pass in on gem0 keep state



Firewall 2:

# sysctl -a | grep carp
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.carp.log=1
net.inet.carp.arpbalance=0

# ifconfig -a
 ...
gem0: 
flags=8b63UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST 
mtu 1500

lladdr 00:03:ba:94:5f:1c
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 209.82.103.245 netmask 0xfff8 broadcast 209.82.103.247
inet6 fe80::203:baff:fe94:5f1c%gem0 prefixlen 64 scopeid 0x1
gem1: 
flags=8b63UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST 
mtu 1500

lladdr 00:03:ba:94:5f:1d
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.121.3 netmask 0xff00 broadcast 192.168.121.255
inet6 fe80::203:baff:fe94:5f1d%gem1 prefixlen 64 scopeid 0x2
pflog0: flags=141UP,RUNNING,PROMISC mtu 33192
pfsync0: flags=41UP,RUNNING mtu 1348
pfsync: syncdev: gem1 maxupd: 128
enc0: flags=0 mtu 1536
carp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
carp: MASTER carpdev gem0 vhid 1 advbase 1 advskew 0
groups: carp
inet 209.82.103.246 netmask 0xfff8 broadcast 209.82.103.247
carp1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
carp: MASTER carpdev gem1 vhid 2 advbase 1 advskew 0
groups: carp
inet 192.168.121.1 netmask 0xff00 broadcast 192.168.121.255

# cat pf.conf | grep -v #

nat on gem0 from 192.168.121.0/24 to any - 209.82.103.246

rdr pass on gem0 proto tcp from any to any port 25 - 192.168.121.10
rdr pass on gem0 proto udp from any to any port 53 - 192.168.121.10
rdr pass on gem0 proto tcp from any to any port 6881 - 192.168.121.123


pass quick on { gem1 } proto pfsync
pass on { gem0 gem1 } proto carp keep state

pass out on gem0 all keep state
pass in on gem0 all keep state



Any help on this would be appreciated.

Thanks,
Chris



Re: Routing problem?

2006-01-22 Thread Melameth, Daniel D.
Jonas Lindskog wrote:
 We are running Open BSD 3.8 as a firewall router. The router has two
 internal networks to handle; a DMZ with real
 ip adresses and a NAT network to which our workstations are connected.
 The problem I have is that its not possible to
 connect to the server on the DMZ (ip 38.87.5.122, netmask
 255.255.255.252) from the outside (but from the inside).
 I guess that I somehow has to make the external interface listen to
 the same adress as the server (they are on the same net), but if I add
 an alias to the external interface it doesn't (of course) route
 packages to the DMZ. How do I make OpenBSD route packages to the
 server (and the DMZ subnet)?
 
 Our ISP has given us a net that has the following data:
 
 Net segment: 38.87.5.112 /28
 net address:   38.87.5.112
 gw address:   38.87.5.113
 firewall:  38.87.5.114
 free ip ip: 38.87.5.115-126
 broadcast address:38.87.5.127
 netmask:  255.255.255.240
 
 the server has the following interfaces configured:
 ### interfaces 
 #external interface
 inet 38.87.5.114 255.255.255.240 NONE
 
 #internal interface
 inet 192.168.97.254 255.255.255.0 NONE
 
 # dmz
 inet 38.87.5.121 255.255.255.252 NONE

This is not an OpenBSD issue--you might want to learn about IP routing.
Either loose a bunch IPs and route the traffic properly, by putting
38.87.5.114/30 on your external interface and 38.87.5.121/29 on your DMZ
interface, or use NAT for everything.  There might be a better way to
route this without loosing any IPs, but, if so, I haven't thought about
it/done it before.



Debugging httpd

2006-01-22 Thread Alexander Farber
Hi,

how could I please compile the in-tree Apache with -ggdb added and -O2 removed?

I've tried setting EXTRA_CFLAGS=-ggdb in src/Configuration, but that file seems
not to be used. Also I've tried looking at src/Makefile.bsd-wrapper
and the .included
/usr/share/mk/bsd.{own,obj,subdir}.mk, but couldn't find the right
setting anywhere yet

Regards
Alex



Re: Tyan S2885, 3 Video Cards Trouble

2006-01-22 Thread Robert Jacobs
Try this strategy...

Remove all but one video card.
Get X working on that one card, using an xorg.conf file.
Insert a second card, keep X working on the one card (this seems to be
an important step...and not quite as trivial as it sounds).
Get X working on the two cards.
Insert third card, keep X working on the two previous cards.
Get X working on third card.
Let brain recover from the serious frying you just gave it.

Of course done that and as I previously mentioned it works perfectly with
one or two cards but not at all with 3. I have been running openbsd with 3
monitors since 3.6 and have not come across this problem up till now.
 I found a workaround, I tried OpenBSD i386 3.9BETA instead of AMD64
3.8RELEASE/Current and it works with 3 video cards. This is a
workaround but
not a solution to the problem and most likely indicates that something is
wrong with OpenBSD or X in that area (Im sorry it is not in my experience to
be able to explain it, perhaps someone else can read the error log and
understand the problem). I will take the performance reduction from amd64 to
i386 for now to use my 3 monitors, but I hope someone more knowledgeable
could get around to fixing the issue.

Here are the stats if anyone would like to take a shot at it
dmesg: http://rjacobs.foxrex.net/mydmesg.txt
xorg.conf generated by X -configure: http://rjacobs.foxrex.net/myxorg.txt
error file generated by X -configure and startx:
http://rjacobs.foxrex.net/myxorglog.txt


Rob



Re: CARP not preempt-ing correctly

2006-01-22 Thread Daniel Ouellet

Chris Cameron wrote:
When one interface fails in a carp setup, it is my understanding that if 
net.inet.carp.preempt is set to '1', that both interfaces on the single 
machine should fail. However I'm not seeing this happening and I'm 
hoping this is why I'm dropping connections during fail over. If I fail 
both interfaces at the exact same time I have no problems with dropped 
connections.


Nope, just the carp interface that actually fail, not both. They are 
process independently of one an other


Also, what version of OS are you running?

My setup is as follows, I'll mention that pfsync traffic is going over 
the local network. Also, I've tried with setting advskew to 100 one one 
firewall, as well as not setting it at all with net.inet.carp.preempt set.




Re: CARP not preempt-ing correctly

2006-01-22 Thread Daniel Ouellet

Daniel Ouellet wrote:

Chris Cameron wrote:
When one interface fails in a carp setup, it is my understanding that 
if net.inet.carp.preempt is set to '1', that both interfaces on the 
single machine should fail. However I'm not seeing this happening and 
I'm hoping this is why I'm dropping connections during fail over. If I 
fail both interfaces at the exact same time I have no problems with 
dropped connections.


Nope, just the carp interface that actually fail, not both. They are 
process independently of one an other


Also, what version of OS are you running?



Hmmm. Just wait a minute, I may have put my foot in my mouth here. From man

Because of the preempt option, when one of the physical interfaces of 
host A fails, advskew is adjusted to 240 on all its carp interfaces. 
This will cause host B to preempt on both interfaces instead of just the 
failed one.




Re: Downloads limiting with PF

2006-01-22 Thread Maxim Vetsalo
On Sunday 22 January 2006 15:29, you wrote:
 http://www.openbsd.org/faq/pf/queueing.html
 http://www.openbsd.org/cgi-bin/man.cgi?query=pf.confapropos=0sektion=0ma
npath=OpenBSD+Currentarch=i386format=html

 That should get you started.

Greate thanks for your answer, Marco! I had read it, but didn't find solution 
for my problem yet. 

As I think, the solution must be aware of connection. But present stateful 
tracking options in pf.conf allow only to limit numer of concurrent 
connections. Or, limit badwidth for whole connection insted of part of it.

In pf source I find, that struct pf_state have array member bytes[2].
I guess it is in/out bytes counter for connection. But I can't use it to solve 
problem right now :-( So, I think I need to code a little bit.

Maxim.  

 On Sat, Jan 21, 2006 at 11:27:50PM +0200, Maxim Vetsalo wrote:
  Hi
 
  Sorry for my english first :-( I try to explain my problem as clean as I
  can. I have internet connection with very low bandwidth and many users.
  Bandwidth is enough if users don't download large files, but if only one
  of them start to download, others must wait long time for any webpage
  (and it's understandable :-)). I tried to limit size of downloadable
  object with Sqiud, but users start to complain. Ideal solution for me in
  such situation seems follow: when user start download it got full
  bandwidth untill some (fixed) limit in bytes reached, after that without
  breaking download connection got restricted bandwitdh.
  The question is - can I achive this with PF+ALTQ on my OpenBSD 3.7-stable
  router?
 
  Maxim.



Re: Downloads limiting with PF

2006-01-22 Thread Stuart Henderson
On 2006/01/23 00:23, Maxim Vetsalo wrote:
 Greate thanks for your answer, Marco! I had read it, but didn't find solution 
 for my problem yet. 

You missed the pf.conf(5) section on service curves, then.



Re: redirecting domain names

2006-01-22 Thread Rod.. Whitworth
On Sun, 22 Jan 2006 12:39:15 -0500, Peter Fraser wrote:

On my windows machines, I use the hosts file
from http://www.mvps.org/winhelp2002/hosts.htm;
which removes a lot of junk from the internet.

Rather than going to each machine an installing
this hosts file in \windows\system32\drivers\etc
I would rather have my firewall block these
names instead.

Please note the blocking has to be done on the name,
not the ip address. The ip address could easily
be at some hosting site, and also be used for some
entirely valid web site.

Does any one know how to implement this?


dnsspoof from the dsniff package does it for me with 127.0.0.1 as the
address returned for anything I don't want sending to my LAN in
response to http GETs to banner ads etc.
It does wild card naming which is great but take care because ads*.*
matches adsl.example.com and you might want to get to the latter type
of address although that quoted one is of course fictional.

From the land down under: Australia.
Do we look umop apisdn from up over?

Do NOT CC me - I am subscribed to the list.
Replies to the sender address will fail except from the list-server.



Re: Anonym.OS - OpenBSD-based live CD

2006-01-22 Thread Scott Francis
On 1/19/06, NetNeanderthal [EMAIL PROTECTED] wrote:
[snip]
 I'm less than impressed with it after mounting the iso and viewing the
 contents.  Their documentation is poor, if not void of content
 altogether.

you mean, aside from including man38.tgz? What else are you looking
for? There's some docs on their website, but why would you need
anything beyond what ships with OpenBSD? There's a man page for
everything, and while they don't include a we did the following steps
in this order, and here's why we have privoxy and pf and how they're
configured, it's easy enough to just read the config files and the
relevant man pages. Keep in mind also that this is, at best, a beta
release (if not alpha).

 Call Anonym.OS what it is, a coagulated lump of untrusted packages and
 scripts conveniently bundled for those who are unwilling or unable to
 use OpenBSD in its native form.

the packages are from the ports tree - are you saying they're somehow
less trusted because you didn't install/build them yourself? The boot
script is there for anybody to peruse who wants to; no trust is
required - or at least, no more than is required for, say, flashdist
or any other project based on a modified OpenBSD install. There's no
secret sauce, no binary blobs, no closed source or NDAs.

As far as unwilling or unable to use OpenBSD in its native form,
keep in mind the purpose of the project and their target audience. Not
everybody has the luxury of their own laptop, and it's always nice to
have something relatively secure to fall back on when stuck with a
less-than-sanitary public-use PC.

Let's not denigrate unnecessarily; we should be encouraging wider uses
and derivative projects, not biting the heads off of developers when
they release new OpenBSD-based projects. If it's a waste of time,
nobody will use it and it will disappear with no need for vitriol. On
the other hand, if it's a good project, well, that kind of development
is always a Good Thing.

This:

 It reeks of a clumsily-staged publicity stunt.

definitely comes off more like sour grapes than any kind of valid
criticism, IMO. Perhaps you didn't intend it that way.

 I digress; OpenBSD is free.

Definitely glad that it is.
--
[EMAIL PROTECTED],darkuncle.net} || 0x5537F527
encrypted email to the latter address please
http://darkuncle.net/pubkey.asc for public key



Suggestions about a replacement for FTP over SSL [long]

2006-01-22 Thread Joachim Schipper
Hello all,

I am currently migrating a server to a trio of machines using OpenBSD,
and ran into a bit of a design problem. Most of this is not OpenBSD
specific; I'll happily take this question elsewhere if told so, but it
would not exactly be the first non-OpenBSD-specific question here.

To start out with: the server is a typical do-everything-on-the-LAN
linux box. It handles firewalling, web serving, and quite a few
sensitive documents. I'm trying to separate it into a firewall, a web
server, and a third server for 'anything but web' which is the only one
with any more-or-less confidential data on it.

Since I'm a bit of a security hobbyist, I prefer the system to be at
least resistant to any known attack I can reasonably protect it from.

The main problem, right now, is file transfers. The old server serves
FTP over SSL. Both the data and the control stream are encrypted for
those accounts that are likely to handle confidential data. The problem
with encrypting the control stream, of course, is that it prevents
stateful firewalls - like the OpenBSD box in front - from working as
intended.

Switching to a different system is acceptable, but not preferred, as it
has taken quite a bit of effort to get all the users who should into
using FTP. (Then again, as long as it presents a GUI resembling an FTP
interface, it might as well be FTP to pretty much all of them.)

The users are a comparatively small group, which can be told to use a
different client if really required but will bitch and moan quite a
bit. They use Windows 98, XP, or Mac OS X. Additionally, I use OpenBSD.
The Windows users have been told to use CoreFTP; I use lftp on the rare
case that I need to access anything via FTP; and I have no idea what the
Mac users use, but I've not heard any complaints from the two of them.

I'm basically asking for recommendations on file transfers. I see a
couple of options:
- FTP without SSL
This works well, and is very universally usable. The lack of any
kind of password, let alone data, protection makes it a little too
insecure for my tastes, though.
- FTP with SSL
Requires tearing a big hole in the firewall, as ftp-proxy
understandably does not grok encrypted traffic, which also causes quite
a bit of insecurity.
If allowing only passive FTP, the hole is less dangerous, but
still...
- SFTP
This works well, but requires everyone to use a different
client. Additionally, it violates the principle of least privilige in
most implementations[1]. Requires another method for distributing
publicly available files, but this is not much of a problem - push the
files from the trusted server to the web server, and let httpd do its
thing.
- Collection of (PHP?) scripts on the web server
This should work. It's not scriptable and not very usable from
anything but a browser. Additionally, webapps tend toward lots of
security holes, which is why it was decided to put the web server on a
separate box with no important data. So this breaks the security model,
either way (either there is a web server on the 'other server', or there
are important documents on the untrusted web server)
- WebDAV
I've never used this. The Apache authentication features should
be plenty; however, Apache+mod_dav isn't quite as secure and carefree as
either stock ftpd or vsftpd. There are not that many clients, and
support is not quite universal. It's not quite FTP.

The other solution I can see is hacking ftp-proxy to catch any SSL-ish
commands, and then speak plain FTP to the server and FTP+SSL to the
client. This could get complicated fast, though, as it would probably
entail changing ftp-proxy from a simple inetd process to a full-fledged
daemon (to prevent the overhead of starting OpenSSL for each
connection), as well as tacking on a system to catch SSL and
authentication commands (as, for instance, the 'ftp' user should be
given free access without SSL, but the 'veryhighlypriviliged' user
should be required to use SSL for both control and data streams).

This does have a couple of advantages - it actually works on the
firewall, it's an interesting project, and it makes use of the installed
base. OTOH, there are some disadvantages, too - mostly that it is more
than a little complicated, and requires a fair bit of custom coding.

I am leaning a bit to the latter problem, mostly out of hobbyism, but
realise it is far from perfect. Which is why I though to sollicit some
input from misc@ first.

If you've made it through all this rambling, thanks for reading, at
least! I'll happily receive any replies.

Joachim

[1] Though if I can get everyone to use public key authentication, I
could use the command= syntax in ~/.ssh/authorized_keys (where is this
documented, anyway?). If I point that to a simple binary that does a
chroot and then execs sftp-server, the problem shouldn't be too serious.



float question

2006-01-22 Thread ramrunner
Hi , i am not sure if the following indicates a prob, if it does i
will issue a PR.
*sorry if i miss something here*
cosider the following: (obsd x86 3.8-current gcc version 3.3.5 (propolice))
float a;
int main()
{
for(;a3;a+=0.1)
printf(%f\n,a);
return 1;
}
output :
0.00
0.10

2.70
2.79
2.89
2.99
why does the add loses a decimal point?
again sorry if it's my mistake (probably) but i'm confused ;) .

please CC not in [EMAIL PROTECTED]
DsP



Re: Suggestions about a replacement for FTP over SSL [long]

2006-01-22 Thread Stuart Henderson
On 2006/01/23 00:57, Joachim Schipper wrote:
 The main problem, right now, is file transfers. The old server serves
 FTP over SSL.

Is passive FTP over SSH-tunnel any good? It's easy enough to use a
win32 build of OpenSSH, or plink from PuTTY, to give an easy-to-click
interface for Windows users, and apart from that they hardly have to
change the way they work.



Re: CARP not preempt-ing correctly

2006-01-22 Thread Chris Cameron

Running 3.8.


Chris


Daniel Ouellet wrote:

Chris Cameron wrote:
When one interface fails in a carp setup, it is my understanding that 
if net.inet.carp.preempt is set to '1', that both interfaces on the 
single machine should fail. However I'm not seeing this happening and 
I'm hoping this is why I'm dropping connections during fail over. If I 
fail both interfaces at the exact same time I have no problems with 
dropped connections.


Nope, just the carp interface that actually fail, not both. They are 
process independently of one an other


Also, what version of OS are you running?

My setup is as follows, I'll mention that pfsync traffic is going over 
the local network. Also, I've tried with setting advskew to 100 one 
one firewall, as well as not setting it at all with 
net.inet.carp.preempt set.




Re: Suggestions about a replacement for FTP over SSL [long]

2006-01-22 Thread viq
Just a thought - why not samba?
With some additions, like 
http://www.camden.rutgers.edu/HELP/Documentation/Unix/stunnel/S50-1331_stunnel.php
or otherwise VPN it.
...yeah, i guess it deviates then from the simple setup you had before...

-- 
viq

---
Cala prawda o mezczyznach  http://link.interia.pl/f18f1



Re: float question

2006-01-22 Thread David Higgs
Floating point numbers aren't perfectly precise.

See http://c-faq.com/fp/

--david

On 1/22/06, ramrunner [EMAIL PROTECTED] wrote:
 Hi , i am not sure if the following indicates a prob, if it does i
 will issue a PR.
 *sorry if i miss something here*
 cosider the following: (obsd x86 3.8-current gcc version 3.3.5 (propolice))
 float a;
 int main()
 {
 for(;a3;a+=0.1)
 printf(%f\n,a);
 return 1;
 }
 output :
 0.00
 0.10
 
 2.70
 2.79
 2.89
 2.99
 why does the add loses a decimal point?
 again sorry if it's my mistake (probably) but i'm confused ;) .

 please CC not in [EMAIL PROTECTED]
 DsP



Re: float question

2006-01-22 Thread theo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

ramrunner wrote:
 float a;
 int main()
 {
 for(;a3;a+=0.1)
 printf(%f\n,a);
 return 1;
 }
 output :
 0.00
 0.10
 
 2.70
 2.79
 2.89
 2.99
 why does the add loses a decimal point?


float is so tricky...
Never use it for precision.

For example :
float a,b; if(a==b) {} may fail.
if( abs(a-b)  0.1 ) {} may work.
You may want to look ceil(3) and floor(3) as well.


Using printf(%.2f\na) works for me. Error depends on the precision.

I would rather use something like that :
int main(void)
{
int a=0;
for(a=0; a30; a++)
printf(%f\n,a/10.); /* Do not forget the '.' */
/*or printf(%d.%d\n, a/10, a%10); depending on the
context. */
return 1;
}



cheers,
theo
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFD1Cq0SH6NzHMSyhIRAswgAJ9L6DvPZR03WF9VCQ3KAd+YsGlCVwCfcP9U
++cEzwTwb7Cxi3P7SdyWPIw=
=bjmn
-END PGP SIGNATURE-



overload and sub-Tables?

2006-01-22 Thread Sebastian Rother
Is it possible that I could do something like a better sorting using
Tables and PF?

I mean overload is a great function but if I use it for serval Ports
I've (as far as I know) to use multiple Tables if I wanna know who e.g.
does SSH-Brute-Forces or who does HTTP-CGI-Scanning and such crap.

In fact I use overload to prevent such things because they rely on a
fast connection and no SSH-bruteforce-Application supports
throtteling (e.g. just 3 attemps in 5 seconds) as far as I know.

Would it be possible to specify e.g. a Table like badguys.ssh
where .ssh means a subclass for this table?
So I could use one Table (badguys) to block all the unwanted connections but I
could e.g. use pfctl to see exactly who e.g. got in that table because
of ssh-Bruteforce-Attemps (badguys.ssh).

As I said: For now I would have to create multiple Tables and add the
count of every tables to the others to know how many hosts (at all) got
blocked.

This would be interesting for analyse-purpose only so I would like to
know your oppinion about this.

Today a script has to count all entries (wich works too) but maybe this
idea isn't that bad and could get a place with (very) low priority at
the developer-list?

Kind regards,
Sebastian



Re: Tyan S2885, 3 Video Cards Trouble

2006-01-22 Thread Nick Holland
Robert Jacobs wrote:
Try this strategy...
 
Remove all but one video card.
Get X working on that one card, using an xorg.conf file.
Insert a second card, keep X working on the one card (this seems to be
an important step...and not quite as trivial as it sounds).
Get X working on the two cards.
Insert third card, keep X working on the two previous cards.
Get X working on third card.
Let brain recover from the serious frying you just gave it.
 
 Of course done that and as I previously mentioned it works perfectly with
 one or two cards but not at all with 3. 

D'oh.  yes, you did say that.  My appologies.

 I have been running openbsd with 3
 monitors since 3.6 and have not come across this problem up till now.
  I found a workaround, I tried OpenBSD i386 3.9BETA instead of AMD64
 3.8RELEASE/Current and it works with 3 video cards. 

Do you mean you tried both 3.8-release and 3.8-current on amd64?
How current was -current?  3.9-beta has the new version of X in it.  If
your 3.8-current was more than a week or so old, you have the OLD
version of X.  This may be fixed in the new version of X.  Or maybe
not.  My luck hasn't been very good today...maybe yours will be better.

And feel free to ignore my comments, at this point, you have me beat.
You got three monitors to come up at all, most I can say is PART of my
problem has been a pcibios(4) issue, so now, at least, I can get two
monitors to come up with the second video card (the third head)
installed.  Progress, as I can now heat the room a little more...but not
much practical difference.

Nick.



Re: Anonym.OS - OpenBSD-based live CD

2006-01-22 Thread NetNeanderthal
On 1/22/06, Scott Francis [EMAIL PROTECTED] wrote:
 you mean, aside from including man38.tgz? What else are you looking
 for? There's some docs on their website, but why would you need
 anything beyond what ships with OpenBSD? There's a man page for
 everything, and while they don't include a we did the following steps
 in this order, and here's why we have privoxy and pf and how they're
 configured, it's easy enough to just read the config files and the
 relevant man pages. Keep in mind also that this is, at best, a beta
 release (if not alpha).
'They' as in you, sure.. and they didn't.  Go to the site.  Go to
sf.net's doc page.  Neither contain any documentation.  My original
statement stands as-is.  OpenBSD is well documented, what was done to
produce this image is not.  In fact, it's about as safe as installing
OpenBSD from some ISO pulled from a random site.  Have a read for
yourself, straight from the FAQ:

http://openbsd.org/faq/faq3.html#ISO

The source of an unofficial image may or may not be trustworthy; it
is up to you to determine this for yourself.

So, by my own determination, I choose not to trust it.  You can find
no fault with that logic, especially considering the purpose of your
project.

 the packages are from the ports tree - are you saying they're somehow
 less trusted because you didn't install/build them yourself? The boot
 script is there for anybody to peruse who wants to; no trust is
 required - or at least, no more than is required for, say, flashdist
 or any other project based on a modified OpenBSD install. There's no
 secret sauce, no binary blobs, no closed source or NDAs.
So, if it's just a group of ports and a boot script, the kernel was
left untouched?  I did notice some .dist files in /etc.. perhaps
'diff' is all the documentation required.  The flashdist script isn't
applicable, they don't hand out images of OpenBSD but show you how to
'roll your own' and provide a script.  Sure, documentation there is
loose as well, but it's more than the sparse peppering of a
description provided by Anonym.OS.  How do you plan to keep this
patched?  How are vulnerabilities handled?  Errata?

 As far as unwilling or unable to use OpenBSD in its native form,
 keep in mind the purpose of the project and their target audience. Not
 everybody has the luxury of their own laptop, and it's always nice to
 have something relatively secure to fall back on when stuck with a
 less-than-sanitary public-use PC.
Agreed, somewhat.  This topic has been bludgeoned to death on misc,
your reasoning fails -- search the list archives.

 Let's not denigrate unnecessarily; we should be encouraging wider uses
 and derivative projects, not biting the heads off of developers when
 they release new OpenBSD-based projects. If it's a waste of time,
 nobody will use it and it will disappear with no need for vitriol. On
 the other hand, if it's a good project, well, that kind of development
 is always a Good Thing.
Copying a free OS and adding a few packages hardly constitutes the tag
'developer', perhaps .. installer? scripter?  I'm quite certain
OpenBSD developers really could care less if their project is taken
from its natural habitat and bastardized for the consumption of a
wider audience.  By your own words, this project is really not much
more than a HOWTO, sans end-user effort and the actual HOWTO document.
 Or did I miss something?

 This:
  It reeks of a clumsily-staged publicity stunt.
 definitely comes off more like sour grapes than any kind of valid
 criticism, IMO. Perhaps you didn't intend it that way.
I never claimed it as valid criticism, it's my opinion and I've a
right to it.  This is *yet another* (failed) attempt at positive PR
for this script+package project.  Sour grapes would imply that I am
pushing down your project to further my own agenda.  I won't lose
sleep over that one until I decouple myself from OpenBSD; until then,
good luck with your PR campaign!

Despite our philosophical differences, here's my constructive criticism:

1) If you're going to produce a bootable ISO image, also produce a
siteXX.tgz file and make it available via your website for download
during a 'regular' OpenBSD installation.
http://openbsd.org/faq/faq4.html#site

2) Consider, perhaps, even a script that will generate the bootable CD
ISO from that siteXX.tgz customization as well.

3) Documentation



Never mind... Re: pf by mac address?

2006-01-22 Thread David Benfell
On Sun, 22 Jan 2006 21:08:34 -0800, David Benfell wrote:
 
 Perhaps I'm looking for this the wrong way.  My local network now (and
 hopefully temporarily) includes hostile users.  I may need to exercise
 controls on their Internet usage by machine.
 
Still what I think I'd like to do -- because MAC address spoofing is a
level beyond the capability of the users I'm worried about, but I see
this has come up before...

http://archives.neohapsis.com/archives/openbsd/2002-06/0513.html

-- 
David Benfell, LCP
[EMAIL PROTECTED]
---
Resume available at http://www.parts-unknown.org/



pf by mac address?

2006-01-22 Thread David Benfell
Hello all,

Perhaps I'm looking for this the wrong way.  My local network now (and
hopefully temporarily) includes hostile users.  I may need to exercise
controls on their Internet usage by machine.

Now, I can certainly tell dhcpd to give certain machines certain IP
addresses by reference to their MAC address.  But that won't stop
these users from allocating their own IP address and essentially
bypassing dhcpd.

The environment includes a lot of wireless -- most users connect this
way.

So I'm thinking I'd like to be able to write packet filter rules based
on MAC address.  I'm not necessarily going to want to simply cut off
all their Internet access, but pf offers a lot of options to do what I
think I might want to do, if I can make rules by MAC address.  Traffic
shaping and additional rules about what ports they can access come to
mind.  Possibly other possibilities will come to your mind --
hopefully you see what I'm thinking.

Is it possible?

-- 
David Benfell, LCP
[EMAIL PROTECTED]
---
Resume available at http://www.parts-unknown.org/



Re: Anonym.OS - OpenBSD-based live CD

2006-01-22 Thread Bihlmaier Andreas
On Sun, Jan 22, 2006 at 11:49:05PM -0500, NetNeanderthal wrote:
 On 1/22/06, Scott Francis [EMAIL PROTECTED] wrote:
  you mean, aside from including man38.tgz? What else are you looking
  for? There's some docs on their website, but why would you need
  anything beyond what ships with OpenBSD? There's a man page for
  everything, and while they don't include a we did the following steps
  in this order, and here's why we have privoxy and pf and how they're
  configured, it's easy enough to just read the config files and the
  relevant man pages. Keep in mind also that this is, at best, a beta
  release (if not alpha).
 'They' as in you, sure.. and they didn't.  Go to the site.  Go to
 sf.net's doc page.  Neither contain any documentation.  My original
 statement stands as-is.  OpenBSD is well documented, what was done to
 produce this image is not.  In fact, it's about as safe as installing
 OpenBSD from some ISO pulled from a random site.  Have a read for
 yourself, straight from the FAQ:
 
 http://openbsd.org/faq/faq3.html#ISO
 
 The source of an unofficial image may or may not be trustworthy; it
 is up to you to determine this for yourself.
 
 So, by my own determination, I choose not to trust it.  You can find
 no fault with that logic, especially considering the purpose of your
 project.
 
  the packages are from the ports tree - are you saying they're somehow
  less trusted because you didn't install/build them yourself? The boot
  script is there for anybody to peruse who wants to; no trust is
  required - or at least, no more than is required for, say, flashdist
  or any other project based on a modified OpenBSD install. There's no
  secret sauce, no binary blobs, no closed source or NDAs.
 So, if it's just a group of ports and a boot script, the kernel was
 left untouched?  I did notice some .dist files in /etc.. perhaps
 'diff' is all the documentation required.  The flashdist script isn't
 applicable, they don't hand out images of OpenBSD but show you how to
 'roll your own' and provide a script.  Sure, documentation there is
 loose as well, but it's more than the sparse peppering of a
 description provided by Anonym.OS.  How do you plan to keep this
 patched?  How are vulnerabilities handled?  Errata?
 
  As far as unwilling or unable to use OpenBSD in its native form,
  keep in mind the purpose of the project and their target audience. Not
  everybody has the luxury of their own laptop, and it's always nice to
  have something relatively secure to fall back on when stuck with a
  less-than-sanitary public-use PC.
 Agreed, somewhat.  This topic has been bludgeoned to death on misc,
 your reasoning fails -- search the list archives.
 
  Let's not denigrate unnecessarily; we should be encouraging wider uses
  and derivative projects, not biting the heads off of developers when
  they release new OpenBSD-based projects. If it's a waste of time,
  nobody will use it and it will disappear with no need for vitriol. On
  the other hand, if it's a good project, well, that kind of development
  is always a Good Thing.
 Copying a free OS and adding a few packages hardly constitutes the tag
 'developer', perhaps .. installer? scripter?  I'm quite certain
 OpenBSD developers really could care less if their project is taken
 from its natural habitat and bastardized for the consumption of a
 wider audience.  By your own words, this project is really not much
 more than a HOWTO, sans end-user effort and the actual HOWTO document.
  Or did I miss something?
 
  This:
   It reeks of a clumsily-staged publicity stunt.
  definitely comes off more like sour grapes than any kind of valid
  criticism, IMO. Perhaps you didn't intend it that way.
 I never claimed it as valid criticism, it's my opinion and I've a
 right to it.  This is *yet another* (failed) attempt at positive PR
 for this script+package project.  Sour grapes would imply that I am
 pushing down your project to further my own agenda.  I won't lose
 sleep over that one until I decouple myself from OpenBSD; until then,
 good luck with your PR campaign!
 
 Despite our philosophical differences, here's my constructive criticism:
 
 1) If you're going to produce a bootable ISO image, also produce a
 siteXX.tgz file and make it available via your website for download
 during a 'regular' OpenBSD installation.
 http://openbsd.org/faq/faq4.html#site
 
 2) Consider, perhaps, even a script that will generate the bootable CD
 ISO from that siteXX.tgz customization as well.
 
 3) Documentation

I mailed the guys responsible for Anonym.OS in private and I was told
that they actually are working on documentation right now. They will
release it once it is cleaned up.

Regards,
ahb