Re: IPv6 and illegal prefixlen

[Björn Ketelaars]

Marco S Hyman wrote:

  up giftunnel 212.182.166.172 64.71.128.81
  up inet6 2001:470:1F01:::1AE1 2001:470:1F01:::1AE0 prefixlen 128
  !route add -inet6 default 2001:470:1F01:::1AE0

Mine looks like this (and it works just fine)

- hostname.gif0 -
tunnel 208.201.244.208 208.201.234.221
inet6 alias 2001:05a8:0:1::0123 128
dest 2001:05a8:0:1::0122
! route add -inet6 default ::1
! route change -inet6 default -ifp gif0
- hostname.gif0 -

With this setup route show also has the route: illegal prefixlen message.
Ignore it.  I don't think it has anything to do with your problem.

// marc



I used your hostname.gif0 as an example which, of course, gave the same 
result. This means that I still experience the same problem.


When I try to setup rtadvd the daemon spits out:

rtadvd[2175]: ra_output sendmsg on fxp1: No route to host

I have a gut feeling that this message is related to the route: illegal 
prefixlen message.


For completeness:

rtadvd.conf

fxp1:\
:addr=2001:838:3c6:::prefixlen#64:

my sysctl.conf contains:

net.inet6.ip6.forwarding=1
net.inet6.ip6.accept_rtadv=0

Kind regards,

Bjvrn

Re: Thinkpad X40 running OpenBSD has trouble recognizing SD cards

[Claudio Jeker]

On Wed, Dec 27, 2006 at 05:44:39PM -0600, Matthew R. Dempsky wrote:
 On Wed, Dec 27, 2006 at 11:12:00AM +0100, Claudio Jeker wrote:
  I have the same issue on my X40. After I used the SD slot I need to reboot
  to make it work again.
 
 Hard reboot, not soft reboot, right?
 

Reboot as in typing reboot and waiting till I get back a login prompt.
Btw. I'm rebooting with the SD card inserted perhaps that does the trick.

  I have the feeling this is a BIOS issue as other
  X40 users (like uwe@) do not seem to have this issue.
 
 I just upgraded my BIOS and Embedded Controller software to the latest
 available on IBM's website, and still no luck.  Right after upgrading,
 I was able to insert an SD card twice and have it recognized both
 times, but after rebooting I'm back to just one shot per hard reboot.
 

Grmpf, here goes my theory. Damn it.

  Upgrading my X40 BIOS seems to be impossible without some Virus Runtime
  Environment from Redmond.
 
 I extracted the floppy disk images as per Stuart's instructions, and
 then used pxelinux + memdisk to netboot the updater programs.
 

Thanks for the tip.

-- 
:wq Claudio

looking for (custom) dial-in

[Peter Philipp]

Hi misc@,

I know OpenBSD isn't a telco nor an internet service provider, but 
perhaps someone out there has a spare POTS
line where they can hook a modem to.  I'm looking for people in the 
following countries willing to provide dial-in service for 10 hours a 
month at no more than 12 euros a year.  If your POTS is sitting around 
doing nothing and you could use 12 euros a year, the internet 
connectivity does not need to give an IP it can be NAT service just as 
long as
one can get Internet.  I'm looking for connects in denmark, belgium, 
netherlands, luxemburg, switzerland, czech republic, france, austria, 
poland and germany.  The service can be anything from 2400 bps through 
whatever is
highest now, just as long as my modems can completely handshake.  
Whether the services behind the dial-in are
OpenBSD-run is irrelevant to me.  Alternatively if it isn't too much of 
your time send me a list of Internet providers that
provide cheap dial-in in your respective country.  Yer a great bunch 
fellers!


-p

Re: adduser, batch

[Otto Moerbeek]

On Thu, 28 Dec 2006, Darren Spruell wrote:

 On 12/27/06, Uwe Dippel [EMAIL PROTECTED] wrote:
  you put your test1 into an existing group; in your case staff,wheel; in
  the example guest,staff,beer. It does work here, if I put nobody. But I
  don't want nobody; since after some hundred it will complain of being too
  long, and I did the whole thing ('nobody') originally only, to get it
  working. In your case, I'd like
   $ sudo adduser -batch test1 test1 'Test User 1' \
   '$2a$06$kaLk/lPsfDpSibjO4frBf.WyoWOGY98illmMOL/bo6QsPTBmovsoC'
  , if you understand what I mean. That is: test1 into its own group and
  only into its own group. And I read man adduser surely 30 times up and
  down; this is why I tried all those -group veriations, of which none
  worked here (see original thread).
  
  I take the example for more clarity:
  adduser -batch falken nobody 'Prof. Falken' joshua
  (is okay, like in man adduser)
  adduser -batch falken falken 'Prof. Falken' joshua
  Group ``falken'' does not exist
 
 All right, I missed that subtlety. I can confirm the same behavior.
 
 # adduser -batch falken falken 'Prof. Falken' joshua
 Group ``falken'' does not exist
 
 But, adduser(8) states:
 
 -group login_group
 Specify the default login group.  A value of USER means that the
 username is to be used as the login group.
 
 So, this suggests that the -group option sets the _default_ login
 group - I don't take that as meaning a group setting for that
 instance of creating a new user. I don't know (and perhaps I'm way
 off here) if this means that -group can even be used with -batch.
 
 At any rate, using them together fails for me:
 
 # adduser -group USER -batch falken 'Prof. Falken' joshua
 Group ``Prof.'' does not exist
 Group ``Falken'' does not exist
 
 adduser(8) also says that -group is for setting the default login
 group, and that it does. If set to 'USER' it serves to put the new
 user in a group that matches their user name if invoked as follows:
 
 # adduser -batch falken
 Added user ``falken''
 # grep falken /etc/{passwd,group}
 /etc/passwd:falken:*:1002:998::/home/falken:/bin/ksh
 /etc/group:falken:*:998:
 
 ...but tagging the full name and password information onto the above
 command fails all the same. Maybe someone else can confirm if it is
 possible to use adduser in batch mode to add a user to non-existent
 groups somehow, whether or not the -group option is what it takes.

adduser -batch joe '' 'Joe Blow'

-Otto

Re: OpenVPN bridge

[Stuart Henderson]

On 2006/12/28 03:20, Pontus Stenetorp wrote:
 It seems that something fails with the tun/tap, but I am not sure what.
 The owner of the VPN Server suggested that I'd use tap as an option
 instead since OpenBSD should have a tap driver. I haven't been able to
 Google forth any info on this and it seems that the howto;s approach
 with tun is the correct one since OpenBSD has included tap-functionality
 under tun.

You need to use the tun device, with the link0 flag set on it (in
/etc/hostname.tun0 or via ifconfig).

Re: Gigabit NICs for Soekris hardware

[Stuart Henderson]

On 2006/12/27 19:02, Matt Radtke wrote:
 Good evening all
 
 Has anyone found a Gigabit NIC that works in a Soekris
 4801?  Bonus points if its small enough to fit in one
 of their cases as well.  

The em(4) I tried works fine. Probably any gigabit NIC will work.
Make sure you plug it in the right way round: the port goes at the
front where the metal of the case is (i.e. you'll need to cut a
hole in the front of the case to use it).

Performance is pretty much the same as the onboard sis(4) devices;
this is only worth doing if you need to connect to something that
doesn't support 100Mb and you don't actually need the throughput.

If you actually want 100Mb (or 100Mb even), you'll need a system
which handles PCI better than the Geode-based ones.

Re: looking for (custom) dial-in

[Lawrence Horvath]

May i ask why?
I'm sure google could tell you quite a few dial-up company's in the
country's you would like



On 12/28/06, Peter Philipp [EMAIL PROTECTED] wrote:

Hi misc@,

I know OpenBSD isn't a telco nor an internet service provider, but
perhaps someone out there has a spare POTS
line where they can hook a modem to.  I'm looking for people in the
following countries willing to provide dial-in service for 10 hours a
month at no more than 12 euros a year.  If your POTS is sitting around
doing nothing and you could use 12 euros a year, the internet
connectivity does not need to give an IP it can be NAT service just as
long as
one can get Internet.  I'm looking for connects in denmark, belgium,
netherlands, luxemburg, switzerland, czech republic, france, austria,
poland and germany.  The service can be anything from 2400 bps through
whatever is
highest now, just as long as my modems can completely handshake.
Whether the services behind the dial-in are
OpenBSD-run is irrelevant to me.  Alternatively if it isn't too much of
your time send me a list of Internet providers that
provide cheap dial-in in your respective country.  Yer a great bunch
fellers!

-p





--
-Lawrence
-Student ID 1028219

Spamassassin segfaults

[Karel Kulhavy]

Hi

How do I figure out who is the maintainer of Spamassassin? I put
How to figure out who is a maintainer of an openbsd package into google
and got to http://www.openbsd.org/faq/faq15.html
Where they write:
To see who is the maintainer of the port, type, for example:
$ cd /usr/ports/archivers/unzip
$ make show=MAINTAINER

[EMAIL PROTECTED]:~$ cd /usr/ports 
bash: cd: /usr/ports: No such file or directory

My OpenBSD is 3.9 installed from packages.
When I run sa-learn, Perl segfaults after some time and leaves a stale lock.
Seems in some database library:

#0  0x05cce49a in hash_access (hashp=0x87dcb000, action=HASH_GET, 
key=0xcfbea700, val=0xcfbea6f8) at /usr/src/lib/libc/db/hash/hash.c:624
rbufp = (BUFHEAD *) 0x89cfb700
bufp = (BUFHEAD *) 0x2
save_bufp = (BUFHEAD *) 0x89cfb700
bp = (u_int16_t *) 0x86b0a1fe
n = 670
ndx = 255
off = -2121377408
size = 53
kp = 0x818e5980 [EMAIL PROTECTED]
pageno = 563
#1  0x0b49cb0c in XS_DB_File_FETCH ()
   from /usr/lib/perl5/5.8.6/OpenBSD.i386-openbsd/auto/DB_File/DB_File.so
No symbol table info available.
#2  0x1c064c4e in Perl_pp_entersub ()
No symbol table info available.
#3  0x1c05eac4 in Perl_runops_standard ()
No symbol table info available.
#4  0x1c0188e6 in S_call_body ()
No symbol table info available.
#5  0x1c01882f in Perl_call_sv ()
No symbol table info available.

When I clear the stale lock and re-run it, then it segfaults again.  Are you
familiar with this problem? I will try yet erasing the .spamassassin directory
(no idea how to erase the db without corrupting the contents of .spamassassin)
and then retrain. What I also don't like is that SA is very slow. I don't
believe Bayesian statistics are so computationally expensive.

Can you recommend a different tool than spamassassin? I wonder what CRM114 is
http://crm114.sourceforge.net/

CL

Re: Spamassassin segfaults

[Marc Espie]

On Thu, Dec 28, 2006 at 11:30:27AM +0100, Karel Kulhavy wrote:
 When I clear the stale lock and re-run it, then it segfaults again.  Are you
 familiar with this problem? I will try yet erasing the .spamassassin directory
 (no idea how to erase the db without corrupting the contents of .spamassassin)
 and then retrain. What I also don't like is that SA is very slow. I don't
 believe Bayesian statistics are so computationally expensive.
 
 Can you recommend a different tool than spamassassin? I wonder what CRM114 is
 http://crm114.sourceforge.net/

I don't use spamassassin for its bayesian filters. I have a combo
spamassassin + bogofilter, where spamassassin only sees the stuff
when bogofilter cannot classify it.

Re: OpenVPN bridge

[Pontus Stenetorp]

Stuart Henderson wrote:
 On 2006/12/28 03:20, Pontus Stenetorp wrote:
 It seems that something fails with the tun/tap, but I am not sure what.
 The owner of the VPN Server suggested that I'd use tap as an option
 instead since OpenBSD should have a tap driver. I haven't been able to
 Google forth any info on this and it seems that the howto;s approach
 with tun is the correct one since OpenBSD has included tap-functionality
 under tun.
 
 You need to use the tun device, with the link0 flag set on it (in
 /etc/hostname.tun0 or via ifconfig).
 
 
I have tried to do so, sorry about not mentioning it in the first mail.
I shall try to be more specific. This is my current status.

I am using
dev-type tap
dev tun0
which makes the tun0 device show up as an ethernet device and OpenVPN to
launch as intended.

I have set hostname.tun0 to
link0 up
and bridgename.bridge0 to
add 'int_iface'
add 'tun_iface'
up
I did a reboot in order to activate the bridge, this was stated at the
networking howto at openbsd.org. I haven't been able to launch OpenVPN
on boot however. This shouldn't be the issue, right?

After all this I expected packages from the internal network to flow to
the VPN Server. They do, but only if you specify the VPN Server IP,
otherwise they will use the normal route instead and ignore the tunnel.
I checked this using traceroute.

I couldn't change the default route at the GW but I changed so that the
route for the ip of www.whatismyip.org should be routed through the
OpenVPN server. Doing that caused whatismyip not to respond from my WS.
Leaving me curious why not all the traffic will be bridged and why the
OpenVPN Server won't do what I just think I told it to do.

Now I don't know how to proceed. How should I manage to force all
internet traffic oven the tunnel and do you agree with the OpenVPN
Server supplier that using tun screws this up(in my opinion tun should
work just as well when used properly)?

Re: Spamassassin segfaults

[Stuart Henderson]

On 2006/12/28 11:30, Karel Kulhavy wrote:
 How do I figure out who is the maintainer of Spamassassin? I put
 How to figure out who is a maintainer of an openbsd package into google
 and got to http://www.openbsd.org/faq/faq15.html
 Where they write:
 To see who is the maintainer of the port, type, for example:

That requires an unpacked ports tree. You may like to try
sqlports and sqlitebrowser (or look at the Maakefile with cvsweb,
or http://ports.openbsd.nu/).

 What I also don't like is that SA is very slow. I don't
 believe Bayesian statistics are so computationally expensive.

 Can you recommend a different tool than spamassassin? I wonder what CRM114 is
 http://crm114.sourceforge.net/

The other checks take their time (unpacking html, lots of regex
searches, DNS lookups, and lots of compilation if you don't run it as
a daemon).

I haven't tried it myself but maybe dspam would be suitable?
It's in ports. Or feed a greylisting spamd with some good spamtraps...

Re: Spamd Korea and Samsung

[Peter N. M. Hansteen]

Peter Fraser [EMAIL PROTECTED] writes:

 But recently, I mailed Samsung a question (about a clp-510
 printer) and I haven't received an answer. It occurred to 
 me that rather then Samsung not answering, they could not
 answer because of the spamd blacklist.

You should not rule out entirely that they are just taking some time
before actually replying.  You should be able to find any any contact
attempts from likely Samsung IP addresses in your spamd log.

I have not used that particular blacklist myself, but the major issue
with any list is how well it is maintained.  I have yet to encounter
blacklists which did not produce false positives, except (I am
reasonably confident by now after almost one year) Bob Beck's
traplist.  The reason the traplist is so good is that it is rather
aggressively maintained - no entry stays in there for more than 24
hours.  Repeat offenders will of course be more or less permanently
banned, but that is to be expected too. 

 Does anyone have a whitelist of the good (in the sense that they
 don't spam) Korean and Chinese companies?

Imagine the effort needed to maintain that list.  I don't think such a
list exists.  In the situation you describe, I would seriously
consider going for a pure greylisting config, or greylisting plus the
traplist.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
First, we kill all the spammers The Usenet Bard, Twice-forwarded tales
20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds

Re: looking for (custom) dial-in

[Peter Philipp]

Yes you may ask why.  I'm german, and like any german I plan on taking 
over the world.  In fact I'm working on germanys neighbouring countries 
first.


ktx.


Am 28.12.2006 um 10:45 schrieb Lawrence Horvath:


May i ask why?
I'm sure google could tell you quite a few dial-up company's in the
country's you would like



On 12/28/06, Peter Philipp [EMAIL PROTECTED] wrote:

Hi misc@,

I know OpenBSD isn't a telco nor an internet service provider, but
perhaps someone out there has a spare POTS
line where they can hook a modem to.  I'm looking for people in the
following countries willing to provide dial-in service for 10 hours a
month at no more than 12 euros a year.  If your POTS is sitting around
doing nothing and you could use 12 euros a year, the internet
connectivity does not need to give an IP it can be NAT service just as
long as
one can get Internet.  I'm looking for connects in denmark, belgium,
netherlands, luxemburg, switzerland, czech republic, france, austria,
poland and germany.  The service can be anything from 2400 bps through
whatever is
highest now, just as long as my modems can completely handshake.
Whether the services behind the dial-in are
OpenBSD-run is irrelevant to me.  Alternatively if it isn't too much 
of

your time send me a list of Internet providers that
provide cheap dial-in in your respective country.  Yer a great bunch
fellers!

-p





--
-Lawrence
-Student ID 1028219

Re: looking for (custom) dial-in

[Stuart Henderson]

On 2006/12/28 13:54, Peter Philipp wrote:
 Yes you may ask why.  I'm german, and like any german I plan on taking 
 over the world.  In fact I'm working on germanys neighbouring countries 
 first.

Did your ISP eventually get fed up with the one-minute-long pppoe
connections, then?

Re: OpenVPN bridge

[Stuart Henderson]

On 2006/12/28 11:04, Pontus Stenetorp wrote:
 and bridgename.bridge0 to
   add 'int_iface'
   add 'tun_iface'
   up

Do you mean that you literally have 'int_iface' and 'tun_iface' in the
file? Or do you have something like:

/etc$ grep . hostname.tun0 bridgename.bridge0
hostname.tun0:link0 up
bridgename.bridge0:add vlan42
bridgename.bridge0:add tun0
bridgename.bridge0:up

 I did a reboot in order to activate the bridge, this was stated at the
 networking howto at openbsd.org. I haven't been able to launch OpenVPN
 on boot however. This shouldn't be the issue, right?

Add it to rc.local: something like
/usr/local/sbin/openvpn --config /etc/openvpn/server.ovpn

 Now I don't know how to proceed. How should I manage to force all
 internet traffic oven the tunnel

You can't route *all* internet traffic over the tunnel; how else would
you reach the OpenVPN endpoint?

You should be able to do what you're after by adding static routes
for the VPN endpoint and for anything you need to locate that (e.g.
DNS servers if you need them) over your normal internet connection,
and then changing the default route to the IP address of a router
on the remote network.

 and do you agree with the OpenVPN Server supplier that using tun
 screws this up(in my opinion tun should work just as well when used
 properly)?

tun-in-ethernet-emulating-mode (i.e. with link0 so it behaves like
a tap on other OS) should work fine.

Re: Gigabit NICs for Soekris hardware

[Jason Faulkner]

Matt Radtke wrote:

Good evening all

Has anyone found a Gigabit NIC that works in a Soekris
4801?  Bonus points if its small enough to fit in one
of their cases as well.  


thanks

  


Matt, for your own sake -- don't put these things in production routing 
gigabit traffic. The bus is horribly designed and your CPU will get 
eaten up by interrupts very quickly.


Do yourself a favor -- buy a real server and route with it.

--
Jason Faulkner
Systems Manager
Broadwick Corporation
(919) 459-2509
[EMAIL PROTECTED]

OT Was: Gigabit NICs for Soekris hardware

[Diana Eichert]

On Thu, 28 Dec 2006, Jacob Yocom-Piatt wrote:

 has anyone found a V-12 engine that will fit in a Geo Metro?

Not that this has anything to do with the OP.

http://motorcyclistonline.com/features/122_Kawv12_Engllg+Kawasaki_2300cc_V12+Full_Engine_View.jpg

personally I rather have a  Daihatsu G11R Charade

Re: OT Was: Gigabit NICs for Soekris hardware

[Timo Schoeler]

thus Diana Eichert spake:

On Thu, 28 Dec 2006, Jacob Yocom-Piatt wrote:


has anyone found a V-12 engine that will fit in a Geo Metro?


Not that this has anything to do with the OP.

http://motorcyclistonline.com/features/122_Kawv12_Engllg+Kawasaki_2300cc_V12+Full_Engine_View.jpg

personally I rather have a  Daihatsu G11R Charade


hm,

i had a Porsche 993 Turbo engine (around 450 BHP) built in an 1968 VW 
Beetle. very nice ;)


--
Timo Schoeler | http://riscworks.net/~tis | [EMAIL PROTECTED]
RISCworks -- Perfection is a powerful message
Ex-ISP | RISC aficinados | Networking, Security, OpenBSD services
GPG Key fingerprint = C9CA 7A13 4250 44EF CC58  938F AE29 5465 6E09 3093

What are you gonna do? Release the dogs?! Or the bees?! Or dogs with 
bees in their mouth so that when they bark they shoot bees at you? 
(Homer J. Simpson)

bgpd questions

[Frans Haarman]

Hi! We are wondering about a certain bgp setup.
We want to announce some private networks to a select group of neighhbors.

Is it possible to define multiple networks in bgp.conf ?  Can I choose
which networks get announced to which neighbors ? I ask this because
the manual states I can announce self, none, default-route, all.

I am hoping I can use communities and or filters to achieve what I
want. Any pointers/example configs would be nice.



Regards,
Frans

Re: bgpd questions

[Stuart Henderson]

On 2006/12/28 15:30, Frans Haarman wrote:
 Is it possible to define multiple networks in bgp.conf ?  Can I choose
 which networks get announced to which neighbors ? I ask this because
 the manual states I can announce self, none, default-route, all.

Those announce are shortcuts to generating filter rules for simpler
configurations. If you want more control you can write the filter rules
yourself. Set a config file up with some announce and run it through
bgpd -nv, you should see what to do.

Re: firewall

[Marc Ravensbergen]

Thanks for all off your help so far;
to those of you mentioning the fact that laptops are not reliable
running 24/7, I am not too worried about it. The only other use for
this old notebook is as a paperweight. It has a nice bios so things
like suspending and turning off the harddisk are all handled
automatically.

I have knocked off feature #1 on the list, so I guess I will try the
squid configuration next.

Thanks again,
Marc


On 12/28/06, laurent FANIS [EMAIL PROTECTED] wrote:

On 12/27/06, Marc Ravensbergen [EMAIL PROTECTED] wrote:
 Hi, I have a little home network that I am trying to protect from the
 nasty outside world. I have previously used ipcop (linux based) as an
 all-in-one router / firewall / dns server... etc, and I would really
 like to have a similar setup again, only based on openbsd instead. If
 somebody could help me put this together (or direct me to some
 excellent websites) I would really appreciate it.

 - I have an HP Omnibook 5700ct (which refuses to die on me) to be used
 as the dedicated firewall
 - specs are: pentium 150 Mhz, 80 MB ram, 2- 3GB harddisk, cdrom (non
 bootable) and floppy.
 - internet is via dialup modem (don't laugh, that's all I can get here
 in the country)

I'm in no better position so i won't laugh at you.

 - ethernet card is via pcmcia, modem is USR external (via serial port)
 or IBM pcmcia


Laptops are not made to run 24/7 so it will die on you sooner then
later if you use it too much.


 The good news is that I have openbsd 4.0 installed on this laptop and
 it all works excellent. I can use either modem, and the ethernet
 traffic is routed to my switch to my private network. When my desktop
 (corncob) wants internet, it sends it out to my little router
 (kiwi) which then dial's on demand, and disconnects after 2 mins of
 no activity. This is all wonderful stuff.

 What I would like to do is add the following features...
 1) DNS server (for my private network only) so that my computers can
 use kiwi instead of the ISP dns servers (which change from time to
 time and are really, really slow at times). If kiwi could cache the
 addresses it would save a _lot_ of time reaching my common websites.
 This feature doesn't sound difficult, I just need a few tips here and
 there (package name, sample config)
 2) transparent web proxy; something along the lines of squid (I
 believe this is used by ipcop) to cache my frequent websites. I've
 never set this up by itself before, but again, probably manageable.
 3) Make the system boot from harddisk, load the settings, unmount the
 harddisk (so that it can turn off after 3 mins; controlled by bios)
 and cache all settings into a ram drive of some sort. I am thinking
 power consumption here, so I would really like to turn off the disk.
 The bios does this already,but every once in a while it spins up,
 grinds and then turns off. I suspect that this is not the most
 life-preserving disk activity. My cache size would then be limited to
 80mb minus the ram used by kernel and running proc's. I don't know if
 this feature is possible to implement.


You might want to try what has been discussed so far.
Check out http://www.kernel-panic.it/openbsd.html they have some nice
material.

Or you might also try a combination of opensoekris/openboxing and the
such and add squid on another partition. Usually the firewall will
work great in stripped down version of openbsd (32 Megs) and the
partitions are mounted MFS so all is in memory . Get squid running on
it's own partition so the HD will only spin when you browse.

 I am aware of various live-cd type projects in a similar vein as ipcop
 (monowall etc), but the problem is that 1) my cdrom is _not_ bootable;
 it's that old, 2) I might want to add packages to the system later on
 (smtp server for sending email etc).


Sendmamil is in the default install.

 I do not know of any floppy open-bsd based systems that are up to date.


Floppies are unreliable so don't bother.

 Any tips or tricks are very much appreciated.
 Marc



Good luck and maybe write some guide if you find something interessting .


Best Laurent

Re: bgpd questions

[Claudio Jeker]

On Thu, Dec 28, 2006 at 03:30:02PM +0100, Frans Haarman wrote:
 Hi! We are wondering about a certain bgp setup.
 We want to announce some private networks to a select group of neighhbors.
 
 Is it possible to define multiple networks in bgp.conf ?  Can I choose
 which networks get announced to which neighbors ? I ask this because
 the manual states I can announce self, none, default-route, all.
 
 I am hoping I can use communities and or filters to achieve what I
 want. Any pointers/example configs would be nice.
 

This is a more complex setup. In such cases it is best to add networks
with a community tag network 10.1.2/24 set community $as:123 and filter
on these communities later on to allow or deny the prefix.

-- 
:wq Claudio

Re: looking for (custom) dial-in

[Craig Skinner]

On Thu, Dec 28, 2006 at 01:54:52PM +0100, Peter Philipp wrote:
 Yes you may ask why.  I'm german, and like any german I plan on taking 
 over the world.  In fact I'm working on germanys neighbouring countries 
 first.
 

Why not start out by leaving your towel on phone sockets that you find?
Just like you lot do to sun loungers while on holiday everywhere in
Europe!

Re: bgpd questions

[Frans Haarman]

On 12/28/06, Claudio Jeker [EMAIL PROTECTED] wrote:


This is a more complex setup. In such cases it is best to add networks
with a community tag network 10.1.2/24 set community $as:123 and filter
on these communities later on to allow or deny the prefix.



Right. Thanks for both replies. Will report my findings when we have
things running.

Curious: Is there an OpenBGPD FAQ in the making ?  I am sure you are
all bgp guru's and what not, but I am a simple chela and need
instructions ;p

Regards,
Frans

Re: IPv6 and illegal prefixlen

[Claudio Jeker]

On Thu, Dec 28, 2006 at 09:20:19AM +0100, Bjvrn Ketelaars wrote:
 Marco S Hyman wrote:
   up giftunnel 212.182.166.172 64.71.128.81
   up inet6 2001:470:1F01:::1AE1 2001:470:1F01:::1AE0 prefixlen 128
   !route add -inet6 default 2001:470:1F01:::1AE0
 
 Mine looks like this (and it works just fine)
 
 - hostname.gif0 -
 tunnel 208.201.244.208 208.201.234.221
 inet6 alias 2001:05a8:0:1::0123 128
 dest 2001:05a8:0:1::0122
 ! route add -inet6 default ::1
 ! route change -inet6 default -ifp gif0
 - hostname.gif0 -
 
 With this setup route show also has the route: illegal prefixlen message.
 Ignore it.  I don't think it has anything to do with your problem.
 
 // marc
 
 
 I used your hostname.gif0 as an example which, of course, gave the same 
 result. This means that I still experience the same problem.
 
 When I try to setup rtadvd the daemon spits out:
 
   rtadvd[2175]: ra_output sendmsg on fxp1: No route to host
 
 I have a gut feeling that this message is related to the route: illegal 
 prefixlen message.
 

I doubt that. The route: illegal prefixlen message is a bad type
conversion in route(8) itself and the following diff resolves this issue.

I'm not using IPv6 and so I don't know what your rtadvd issue is.

-- 
:wq Claudio

Index: sbin/route/show.c
===
RCS file: /cvs/src/sbin/route/show.c,v
retrieving revision 1.55
diff -u -p -r1.55 show.c
--- sbin/route/show.c   17 Nov 2006 01:11:23 -  1.55
+++ sbin/route/show.c   28 Dec 2006 13:29:07 -
@@ -677,7 +677,7 @@ netname6(struct sockaddr_in6 *sa6, struc
masklen = 0;
if (mask) {
lim = mask-sin6_len - offsetof(struct sockaddr_in6, sin6_addr);
-   lim = lim  sizeof(struct in6_addr) ?
+   lim = lim  (int)sizeof(struct in6_addr) ?
lim : sizeof(struct in6_addr);
for (p = (u_char *)mask-sin6_addr, i = 0; i  lim; p++) {
if (final  *p) {
Index: usr.bin/netstat/show.c
===
RCS file: /cvs/src/usr.bin/netstat/show.c,v
retrieving revision 1.3
diff -u -p -r1.3 show.c
--- usr.bin/netstat/show.c  17 Nov 2006 01:11:23 -  1.3
+++ usr.bin/netstat/show.c  28 Dec 2006 13:30:42 -
@@ -683,7 +683,7 @@ netname6(struct sockaddr_in6 *sa6, struc
masklen = 0;
if (mask) {
lim = mask-sin6_len - offsetof(struct sockaddr_in6, sin6_addr);
-   lim = lim  sizeof(struct in6_addr) ?
+   lim = lim  (int)sizeof(struct in6_addr) ?
lim : sizeof(struct in6_addr);
for (p = (u_char *)mask-sin6_addr, i = 0; i  lim; p++) {
if (final  *p) {

Politics, but worth a read.

[Johan P. Lindström]

For everyone interested in hardware drivers and the open source world,
an interesting read.

http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt

-- JPL

Re: bgpd questions

[Claudio Jeker]

On Thu, Dec 28, 2006 at 04:32:16PM +0100, Frans Haarman wrote:
 On 12/28/06, Claudio Jeker [EMAIL PROTECTED] wrote:
 
 This is a more complex setup. In such cases it is best to add networks
 with a community tag network 10.1.2/24 set community $as:123 and filter
 on these communities later on to allow or deny the prefix.
 
 
 Right. Thanks for both replies. Will report my findings when we have
 things running.
 
 Curious: Is there an OpenBGPD FAQ in the making ?  I am sure you are
 all bgp guru's and what not, but I am a simple chela and need
 instructions ;p
 

Nope, nobody worked on that. As a starter you could read
http://www.openbsd.org/papers/linuxtag06-network.pdf
This gives a brief introduction.

-- 
:wq Claudio

§抱歉打扰你！如果你不需要 请帮忙转交给你身边 需要改变的人§谢谢

[liou ka]

!l 1'G84rHEDc#!Hg9{Dc2;PhR* Gk0oCW*=;8xDcIm1_ PhR*8D1d5DHK !l P;P;



Hg9{DcR;PDOkR*8vLz79Mk , DGDcR;6(;aE,A=xHk9+R;z99 , 02027]7]R;12WS#;

Hg9{DcR;PDOkR*8v=p79Mk , DGDcR;6(;aE,A?=xRxPP , 9T9TWvHKR5DV0T1#;

Hg9{DcR;PDOkN*WT:4rTlWjJ/79Mk , DGDcR;6(R*SHkNRCGMxBg44R55DPPAP#;

Dc?IOk9}Im4Ub3dBz44PB5DJ14z , DcJG7qV;JGR;TYKf2(VpAw , ?42;{Q[G05D;z;a . 
R*V*5@ , OVTZSP2;[EMAIL PROTECTED]-??WEMxBg44Tl*HK2F8; ,
K{CG?IRTF=hWE2F8;LaTg5=40 Kj;r 30 KjMMKP] , DGDcDX?? OqW(RK55DR;Qy , 
SHk5=DG60% [EMAIL PROTECTED]@5DPPAPBp???

DcJGOBAPUbP)HKBp

Hg9{DcJGWxAl8_P=5D?FPB9s , GkDcWPO8OkOk , DcT8RbR;12WSV;JGLf1pHK4rF4 , 
7nOWKySPJ1dSZ9$WwIOBp ??

Hg9{Dc2;Ok , N*:NC;Ok9}TKSCMxBg , ?*44WTNRJBR5 ?

Hg9{DcJGS5SP7a:qMKP]Y:5DHK , TZN*MKP]Iz;n8CHg:N4rKc73DUBp ? 
Dc5DJBR55Z6~4:JG?IRTGaRW44Tl5D , V;R*Dc?OPP6/ ,
DGNRCGKyLa9)5D22;JGR;8v?UL85D;z;a , 6xJGJ5TZ5DP-VzDc44R5!#

Hg9{ ;

;y1IO , 2;9\DcJGJ2C4130 , WnVXR*5DJG , DC3vDc5DvPDHCNRCG?45= , L}5=08PJ\5= 
, DGNRCGR2x6T;[EMAIL PROTECTED] .
UbJGR;[EMAIL PROTECTED] , DcOVTZV;PhW18 N*WT:?*44JBR5 5Da6(RbV , [EMAIL 
PROTECTED];Ph042=M0`5DH%J5PP , Dc5D3I9=+JG200% 5D5=4o!!

Hg9{NRR*SHkR*WvJ2C4W18

DcV;PhS5SPG?AR5D44R5RbV , PiPDQ'O05DPD , E,ATYE,A5D;}+L,6H ---

Gk G W!

Ub22;JGR;7bMfPPE , RrN*NRCGC;UbC4N^AD!

UbR22;JGR;7bU)F-PE , RrN*NRCGC;UbC4OP!

UbJGR;7bGkDc:MNRCGR;M,G0=x3I95DQ{GkPE

GkIsIwK?DcKyR*5D



SHk5=NRCGSEPc5D44R5PPR5

*2;1X4r?(#,2;1X4)VF7~IOOB0`#,J1dWT:v6(** *

*2;1X3!5XWb=p#,2;1XHKJB9\Oz** *

*R*W,6`IYG.2YV.TZNR#,W,5DG.6JGWT:5D** *

RQ[EMAIL PROTECTED]

Dc;9TZSLT%Bp?

TZDcSLT%5DFZd#,RQ-SP:\6`HKRrN*Ub8vO5M36x3I9AK#,

Dc;9TZ5HJ2C4? 5H5=Dj;[EMAIL PROTECTED]@40C;ZBp?

DcSPSBFx3JTPB5D9$WwD#J=Bp?

DcSBSZ8D1dBp?

Gk=xHkNRCG5DMxU[EMAIL PROTECTED]@0I#!

SP8D1d:M44R55DPhGs5DDz,

PP6/4z1mDcJG2;JGD\4o3ID?1j

*** ;6S-IOMxKwH!Cb7Q44R5P!2aWS ***

Qialiou.51.com http://qialiou.51.com/

!r  Hg9{DzSP8D1d;r44R55DPhGs5D;0emil @4Cb7QKwH!44R5P!2aWS, 2AtOBDcUfJ5VPND 
PUC{ ! 5g;0 !SJOd !NRCG=+SPW(HKSkDcA*Bg

!r ;X84SJOdGkP4 [EMAIL PROTECTED]

!r  *** Hg9{C;AtOBU}H7PUC{Sk5g;0PEOdR;8v2;MjU{5DHKNRCGR;BII3}5t ***

!r !l P;P;[EMAIL PROTECTED]

Re: OpenVPN bridge

[Mike Alaimo]

This a response to a previous reply in hopes to aid successful operation :)


You should be able to do what you're after by adding static routes
for the VPN endpoint and for anything you need to locate that (e.g.
DNS servers if you need them) over your normal internet connection,
and then changing the default route to the IP address of a router
on the remote network.


I thought with bridging you did not need to create any extra routes.
Isn't that the point of a bridge, or am i wrong.

Please read here
http://openvpn.net/howto.html#scope
and
http://openvpn.net/bridge.html

Anyway Good Luck with your OpenVPN Bridging Ventures!

Re: bgpd questions

[Henning Brauer]

* Frans Haarman [EMAIL PROTECTED] [2006-12-28 15:38]:
 Hi! We are wondering about a certain bgp setup.
 We want to announce some private networks to a select group of neighhbors.
 
 Is it possible to define multiple networks in bgp.conf ?

errr... yes of course.

 Can I choose which networks get announced to which neighbors ?

yes, you need to write filters in that case.

 I ask this because
 the manual states I can announce self, none, default-route, all.

so you chose self and filter out the private ones where you don't wanna 
announce them

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: WARNING, but worth a read.

[Rui Miguel Silva Seabra]

Qui, 2006-12-28 C s 16:53 +0100, Johan P. LindstrC6m escreveu:
 For everyone interested in hardware drivers and the open source world,
 an interesting read.

 http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt

I reject your subject and changed it to WARNING, which is far more
appropriate.

If you do read it, it goes far beyond politics and denounces quite
straight forward and evident problems for people who so far ignored the
Windows world.

Now it's not enough to ignore them. Even ignoring they are actively
working towards ruining Free Software hardware support by explicitly
recommending hardware creators do hide information that could help
people write non-content-providers-blessed-drivers.

Executive executive executive summaries with the complete content
attached should be sent to each and every member of parliament available
on your country of choice to live.

I'm still appalled at the sheer cost to do it here in Portugal. *sigh*

Rui

--
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: OpenVPN bridge

[Stuart Henderson]

On 2006/12/28 12:22, Mike Alaimo wrote:
 This a response to a previous reply in hopes to aid successful operation :)
 
 You should be able to do what you're after by adding static routes
 for the VPN endpoint and for anything you need to locate that (e.g.
 DNS servers if you need them) over your normal internet connection,
 and then changing the default route to the IP address of a router
 on the remote network.
 
 I thought with bridging you did not need to create any extra routes.
 Isn't that the point of a bridge, or am i wrong.

 Please read here
 http://openvpn.net/howto.html#scope
 and
 http://openvpn.net/bridge.html

These don't cover routing the main internet access over the VPN
as appeared to be what OP was asking about. You might want to do this
if e.g. you are working from various public networks (wifi and so on)
and want to encrypt all your comms.

auto start mysql and snort OpenBSD 4.0

[Edy]

Hi

I have googled and read on the man pages but something is missing here.

For example i have the following in my /etc/rc.local

if [ X${mysql} == XYES -a -x /usr/local/bin/safe_mysqld ]; then
echo -n  ' mysqld'; /usr/local/share/mysql/mysql.server start
fi

if [ X${snort} == XYES -a -x /usr/local/bin/snort ]; then
echo -n ' snort';   /usr/local/bin/snort -D -d -i fxp0 -c 
/etc/snort/snort.conf -u _snort -g _snort

fi

and in my /etc/rc.conf.local
mysql=YES
snort=YES

When the system rebooted, both processes are not started.

If i were to execute example echo -n  ' mysqld'; 
/usr/local/share/mysql/mysql.server start from command line, mysql 
started successfully.


Any clue?

Thanks!!!

Re: auto start mysql and snort OpenBSD 4.0

[Nico Meijer]

Hi Edy,

I dunno about snort, but MySQL I do use.

 Any clue?

Read this:
http://www.openbsdsupport.org/mysql.htm

HTH... Nico

newfs before restore

[Ray]

I am building my process for backup / restore using dump  restore.

Looking at the FAQ when restoring the file system, I noticed:

newfs /dev/r[drive][partition] 

for example:
newfs /dev/rwd0a

What is the 'r' before the wd0a and its purpose?

i.e. difference and thier affect on new file system in the examples:

newfs /dev/rwd0a 
and
newfs /dev/wd0a

Thanks!

Re: Thinkpad X40 running OpenBSD has trouble recognizing SD cards

[Matthew R. Dempsky]

On Thu, Dec 28, 2006 at 09:42:45AM +0100, Claudio Jeker wrote:
 Btw. I'm rebooting with the SD card inserted perhaps that does the trick.

Hm, I think I'm having the same experience then.

If I reboot(1) and have a (512MB) SD card inserted, I get the
``sdmmc0: can't enable card'' message at boot time, but upon
reinserting it, OpenBSD recognizes it.

If I don't have an SD card inserted, I have to poweroff(1) and power
back on to get OpenBSD to recognize the SD card reader again.

Re: auto start mysql and snort OpenBSD 4.0

[Daniel Ouellet]

Edy wrote:

Hi

I have googled and read on the man pages but something is missing here.

For example i have the following in my /etc/rc.local

if [ X${mysql} == XYES -a -x /usr/local/bin/safe_mysqld ]; then
echo -n  ' mysqld'; /usr/local/share/mysql/mysql.server start
fi

if [ X${snort} == XYES -a -x /usr/local/bin/snort ]; then
echo -n ' snort';   /usr/local/bin/snort -D -d -i fxp0 -c 
/etc/snort/snort.conf -u _snort -g _snort

fi

and in my /etc/rc.conf.local
mysql=YES
snort=YES

When the system rebooted, both processes are not started.

If i were to execute example echo -n  ' mysqld'; 
/usr/local/share/mysql/mysql.server start from command line, mysql 
started successfully.


Any clue?


I don't know about snort, but as far as MySQL is concern, why don't you 
do it right.


http://www.openbsdsupport.org/mysql.htm#/etc/rc.local

Then adjust it for your snort needs.

Best,

Daniel

Re: auto start mysql and snort OpenBSD 4.0

[Edy]

Daniel,

I have been to that site already and it does not start mysql when the 
system rebooted but i could start mysql by using the command.


Cheers,
-e

Daniel Ouellet wrote:

Edy wrote:

Hi

I have googled and read on the man pages but something is missing here.

For example i have the following in my /etc/rc.local

if [ X${mysql} == XYES -a -x /usr/local/bin/safe_mysqld ]; then
echo -n  ' mysqld'; /usr/local/share/mysql/mysql.server start
fi

if [ X${snort} == XYES -a -x /usr/local/bin/snort ]; then
echo -n ' snort';   /usr/local/bin/snort -D -d -i fxp0 -c 
/etc/snort/snort.conf -u _snort -g _snort

fi

and in my /etc/rc.conf.local
mysql=YES
snort=YES

When the system rebooted, both processes are not started.

If i were to execute example echo -n  ' mysqld'; 
/usr/local/share/mysql/mysql.server start from command line, mysql 
started successfully.


Any clue?


I don't know about snort, but as far as MySQL is concern, why don't 
you do it right.


http://www.openbsdsupport.org/mysql.htm#/etc/rc.local

Then adjust it for your snort needs.

Best,

Daniel

Re: newfs before restore

[Craig Skinner]

On Thu, Dec 28, 2006 at 05:55:06PM +, Ray wrote:
 I am building my process for backup / restore using dump  restore.
 
 Looking at the FAQ when restoring the file system, I noticed:
 
 newfs /dev/r[drive][partition] 
 
 for example:
 newfs /dev/rwd0a
 
 What is the 'r' before the wd0a and its purpose?

$ ls -l /dev/rwd0a
crw-r-  1 root  operator3,   0 Dec  1 14:49 /dev/rwd0a

The raw disk slice is accessed one character at a time, it is a
character device.



$ ls -l /dev/wd0a
brw-r-  1 root  operator0,   0 Dec  1 14:49 /dev/wd0a

This is block device, blocks of data can be read/written.

Re: auto start mysql and snort OpenBSD 4.0

[Dan Farrell]

I found this from Google quite some time ago, and now run 3 snort/mysql
boxes on 3.9 and 4.0 with no probs-

http://www.nomoa.com/bsd/mysql.htm

Happy Hunting,

Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
 Daniel Ouellet
 Sent: Thursday, December 28, 2006 2:21 PM
 To: misc@openbsd.org
 Subject: Re: auto start mysql and snort OpenBSD 4.0
 
 Edy wrote:
  Hi
 
  I have googled and read on the man pages but something is missing
here.
 
  For example i have the following in my /etc/rc.local
 
  if [ X${mysql} == XYES -a -x /usr/local/bin/safe_mysqld ]; then
  echo -n  ' mysqld'; /usr/local/share/mysql/mysql.server start
  fi
 
  if [ X${snort} == XYES -a -x /usr/local/bin/snort ]; then
  echo -n ' snort';   /usr/local/bin/snort -D -d -i fxp0 -c
  /etc/snort/snort.conf -u _snort -g _snort
  fi
 
  and in my /etc/rc.conf.local
  mysql=YES
  snort=YES
 
  When the system rebooted, both processes are not started.
 
  If i were to execute example echo -n  ' mysqld';
  /usr/local/share/mysql/mysql.server start from command line, mysql
  started successfully.
 
  Any clue?
 
 I don't know about snort, but as far as MySQL is concern, why don't
you
 do it right.
 
 http://www.openbsdsupport.org/mysql.htm#/etc/rc.local
 
 Then adjust it for your snort needs.
 
 Best,
 
 Daniel

Re: IPv6 and illegal prefixlen

[Björn Ketelaars]

Claudio Jeker wrote:

On Thu, Dec 28, 2006 at 09:20:19AM +0100, Bjvrn Ketelaars wrote:

Marco S Hyman wrote:

up giftunnel 212.182.166.172 64.71.128.81
up inet6 2001:470:1F01:::1AE1 2001:470:1F01:::1AE0 prefixlen 128
!route add -inet6 default 2001:470:1F01:::1AE0

Mine looks like this (and it works just fine)

- hostname.gif0 -
tunnel 208.201.244.208 208.201.234.221
inet6 alias 2001:05a8:0:1::0123 128
dest 2001:05a8:0:1::0122
! route add -inet6 default ::1
! route change -inet6 default -ifp gif0
- hostname.gif0 -

With this setup route show also has the route: illegal prefixlen message.
Ignore it.  I don't think it has anything to do with your problem.

// marc

I used your hostname.gif0 as an example which, of course, gave the same 
result. This means that I still experience the same problem.


When I try to setup rtadvd the daemon spits out:

rtadvd[2175]: ra_output sendmsg on fxp1: No route to host

I have a gut feeling that this message is related to the route: illegal 
prefixlen message.




I doubt that. The route: illegal prefixlen message is a bad type
conversion in route(8) itself and the following diff resolves this issue.

I'm not using IPv6 and so I don't know what your rtadvd issue is.


The diffs resolved the problem of the route: illegal prefixlen 
message. Thank you!


Thanks to Marc I finally figured it out; it seems that rtadvd 'pings' 
from the auto configured link-local address instead of from the inet6 
alias. This means that pf should pass icmp6 traffic from the link-local 
address to the internal network.


Thanks Marc and Claudio!

Re: auto start mysql and snort OpenBSD 4.0

[Vijay Sankar]

It should be /usr/local/bin/mysqld_safe NOT safe_mysqld

Vijay

On Fri, 2006-29-12 at 03:44 +0800, Edy wrote:
 Daniel,
 
 I have been to that site already and it does not start mysql when the 
 system rebooted but i could start mysql by using the command.
 
 Cheers,
 -e
 
 Daniel Ouellet wrote:
  Edy wrote:
  Hi
 
  I have googled and read on the man pages but something is missing here.
 
  For example i have the following in my /etc/rc.local
 
  if [ X${mysql} == XYES -a -x /usr/local/bin/safe_mysqld ]; then
  echo -n  ' mysqld'; /usr/local/share/mysql/mysql.server start
  fi
 
  if [ X${snort} == XYES -a -x /usr/local/bin/snort ]; then
  echo -n ' snort';   /usr/local/bin/snort -D -d -i fxp0 -c 
  /etc/snort/snort.conf -u _snort -g _snort
  fi
 
  and in my /etc/rc.conf.local
  mysql=YES
  snort=YES
 
  When the system rebooted, both processes are not started.
 
  If i were to execute example echo -n  ' mysqld'; 
  /usr/local/share/mysql/mysql.server start from command line, mysql 
  started successfully.
 
  Any clue?
 
  I don't know about snort, but as far as MySQL is concern, why don't 
  you do it right.
 
  http://www.openbsdsupport.org/mysql.htm#/etc/rc.local
 
  Then adjust it for your snort needs.
 
  Best,
 
  Daniel
 
 
 !DSPAM:1,45941f1f19861357919056!
 
-- 
Vijay Sankar, M.Eng., P.Eng.
ForeTell Technologies Limited
59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6
Phone: 204 885 9535, E-Mail: [EMAIL PROTECTED]

Re: newfs before restore

[Andreas Bihlmaier]

On Thu, Dec 28, 2006 at 07:51:08PM +, Craig Skinner wrote:
 On Thu, Dec 28, 2006 at 05:55:06PM +, Ray wrote:
  I am building my process for backup / restore using dump  restore.
  
  Looking at the FAQ when restoring the file system, I noticed:
  
  newfs /dev/r[drive][partition] 
  
  for example:
  newfs /dev/rwd0a
  
  What is the 'r' before the wd0a and its purpose?
 
 $ ls -l /dev/rwd0a
 crw-r-  1 root  operator3,   0 Dec  1 14:49 /dev/rwd0a
 
 The raw disk slice is accessed one character at a time, it is a
 character device.
 
 
 
 $ ls -l /dev/wd0a
 brw-r-  1 root  operator0,   0 Dec  1 14:49 /dev/wd0a
 
 This is block device, blocks of data can be read/written.

There is a utility called file(1), @Ray, not @Craig.

[EMAIL PROTECTED] ~  file /dev/rwd0c
/dev/rwd0c: character special (3/2)

[EMAIL PROTECTED] ~  file /dev/wd0c
/dev/wd0c: block special (0/2)

Regards,
ahb

Re: auto start mysql and snort OpenBSD 4.0

[Daniel Ouellet]

Edy wrote:

Daniel,

I have been to that site already and it does not start mysql when the 
system rebooted but i could start mysql by using the command.


Cheers,
-e


If you follow the instructions it does.

But like many you most likely put the starting scripts inside 
rc.conf.local instead of rc.local.


And it does work plenty.

Check your configuration again.

Best,

Daniel

Re: auto start mysql and snort OpenBSD 4.0

[Edy]

Thanks for those who has replied :)

The following is the working version:

if [ -x /usr/local/bin/mysqld_safe ]; then
   su -c _mysql root -c '/usr/local/bin/mysqld_safe '  /dev/null 
 echo -n ' mysql'

   sleep 20;
fi

# Start Snort after waiting for Mysql to complete (set it to 20seconds)
if [ -x /usr/local/bin/snort ]; then
   /usr/local/bin/snort -D -d -i fxp0 -c /etc/snort/snort.conf -u 
_snort -g _snort  /dev/null  echo -n ' snort'

fi

Cheers,
-e

Edy wrote:

Daniel,

I have been to that site already and it does not start mysql when the 
system rebooted but i could start mysql by using the command.


Cheers,
-e

Daniel Ouellet wrote:

Edy wrote:

Hi

I have googled and read on the man pages but something is missing here.

For example i have the following in my /etc/rc.local

if [ X${mysql} == XYES -a -x /usr/local/bin/safe_mysqld ]; then
echo -n  ' mysqld'; /usr/local/share/mysql/mysql.server start
fi

if [ X${snort} == XYES -a -x /usr/local/bin/snort ]; then
echo -n ' snort';   /usr/local/bin/snort -D -d -i fxp0 -c 
/etc/snort/snort.conf -u _snort -g _snort

fi

and in my /etc/rc.conf.local
mysql=YES
snort=YES

When the system rebooted, both processes are not started.

If i were to execute example echo -n  ' mysqld'; 
/usr/local/share/mysql/mysql.server start from command line, mysql 
started successfully.


Any clue?


I don't know about snort, but as far as MySQL is concern, why don't 
you do it right.


http://www.openbsdsupport.org/mysql.htm#/etc/rc.local

Then adjust it for your snort needs.

Best,

Daniel

Re: Spamassassin segfaults

[Matthias Kilian]

On Thu, Dec 28, 2006 at 11:30:27AM +0100, Karel Kulhavy wrote:
 Can you recommend a different tool than spamassassin? I wonder
 what CRM114 is http://crm114.sourceforge.net/

I've some unfinished ports for crm114 available, and i'm using it
for quite some time now to classify mail.

Works quite well, but you've to train it a lot in the beginning,
and you've still to watch out for false positives, especially after
training new false negatives.

Ciao,
Kili

PF question.

[Der Engel]

Hi,

I have the below rule set in my firewall, both internal networks can
access the Internet and both internal networks can see each other, how
can i prevent each internal network from seeing each other? I have
tried various rule sets with no luck, any advice is appreciated.

Thanks,

Der

# macros
ext_if=fxp0
int_if=xl0
int_if2=bge0

tcp_services={ 22, 113 }
icmp_types=echoreq


# options
set block-policy return
set loginterface $ext_if

set skip on lo

# scrub
scrub in

# nat/rdr
nat on $ext_if from !($ext_if) - ($ext_if:0)
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*

rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021

# filter rules
block in

pass out keep state

anchor ftp-proxy/*
antispoof quick for { lo $int_if }

pass in on $ext_if inet proto tcp from any to ($ext_if) \
  port $tcp_services flags S/SA keep state

pass in inet proto icmp all icmp-type $icmp_types keep state

pass quick on $int_if

pass quick on $int_if2

Re: unsupported usb flash disk

[Markus Bergkvist]

Yeah, I know. The patch from Vatchenko made my iAudio U2 work :-)

# disklabel sd0
disklabel: ioctl DIOCGDINFO: Input/output error

# fdisk sd0
fdisk: DIOCGDINFO: Input/output error
fdisk: sysctl(machdep.bios.diskinfo): Device not configured
fdisk: Can't get disk geometry, please use [-chs] to specify.


/Markus

Joost wrote:

What's the output from:
disklabel sd0

If it's a 2048bytes/sector device check the mail archives, they are
not supported
yet

OpenBSD motherboard

[Anthony Hennessy]

I am currently looking for a well supported motherboard for use with a
Core 2 Duo processor. The only requirement is that it must have a
PCI-X 64bit slot for an LSI Megaraid 300-8x card.

I was thinking of using an Intel S3000AHLX because of their high build
quality, but was unsure how well it was supported by OpenBSD. Also, it
is listed as having an Intel 3000 chipset, which I was unable to find
information on compatibility with OpenBSD. It also has an ICH7R,
however that seems to be listed on the supported hardware page.

Does anyone have any suggestions on this or other motherboards that
have been successful with C2D  PCI-X?

Thanks,
Anthony

OpenBSD motherboard

[Edward McCarty]

I am currently looking for a well supported motherboard for use with a
Core 2 Duo processor. The only requirement is that it must have a
PCI-X 64bit slot for an LSI Megaraid 300-8x card.

I was thinking of using an Intel S3000AHLX because of their high build
quality, but was unsure how well it was supported by OpenBSD. Also, it
is listed as having an Intel 3000 chipset, which I was unable to find
information on compatibility with OpenBSD. It also has an ICH7R,
however that seems to be listed on the supported hardware page.

Does anyone have any suggestions on this or other motherboards that
have been successful with C2D  PCI-X?

Thanks,
Edward

Re: OpenBSD motherboard

[Stuart Henderson]

On 2006/12/28 17:33, Anthony Hennessy wrote:
 I am currently looking for a well supported motherboard for use with a
 Core 2 Duo processor. The only requirement is that it must have a
 PCI-X 64bit slot for an LSI Megaraid 300-8x card.

If you don't already have the 300-8x, look at the PCIE cards supported
by mfi(4) - all the SATA/SAS should work with SATA drives - also the Areca
cards supported by arc(4). PCIE should give you more motherboard options.

Re: OpenBSD motherboard

[Edward McCarty]

Sorry for the double post - my email client was acting up and didn't
think it went through so I sent it through my friend's account.

On 12/28/06, Edward McCarty [EMAIL PROTECTED] wrote:

I am currently looking for a well supported motherboard for use with a
Core 2 Duo processor. The only requirement is that it must have a
PCI-X 64bit slot for an LSI Megaraid 300-8x card.

I was thinking of using an Intel S3000AHLX because of their high build
quality, but was unsure how well it was supported by OpenBSD. Also, it
is listed as having an Intel 3000 chipset, which I was unable to find
information on compatibility with OpenBSD. It also has an ICH7R,
however that seems to be listed on the supported hardware page.

Does anyone have any suggestions on this or other motherboards that
have been successful with C2D  PCI-X?

Thanks,
Edward

Re: install pgsql package from snapshot - error

[Frank Bax]

At 06:37 PM 12/24/06, Frank Bax wrote:
# pkg_add 
postgresql-server-8.1.5p4.tgz

Can't install postgresql-client-8.1.5p1: lib not found c.40.3
Even by looking in the dependency tree:

Maybe it's in a dependent package, but not tagged with @lib ?
(check with pkg_info -K -L)
If you are still running 3.6 packages, update them.
Can't install postgresql-server-8.1.5p4.tgz: can't resolve 
postgresql-client-8.1.5p1



Doh!  As usual, when nobody replies to a question, the answer is right 
there staring me in the face; if only I had eyes to see it.  In this case, 
I unintentionally installed from -release, not -snapshot; then tried to 
install packages from -snapshot. 

Re: OpenBSD motherboard

[J.C. Roberts]

On Thursday 28 December 2006 15:33, Anthony Hennessy wrote:
 I was thinking of using an Intel S3000AHLX because of their high
 build quality

Either your personal experience with Intel mother boards is a 
statistical anomaly, or you've mistakenly believed the hype told by 
Intel sales and marketing.

Yes, Intel does employ some top-notch engineers and yes, extreme care is 
used when designing and building a small subset of their boards, but 
said subset are not mass market boards and are not available to the 
general public. The subset where extreme care is used is mainly their 
specialized designs used for internal chip/device development and 
testing within Intel itself. The stuff built for internal Intel use is 
absolutely beautiful and is as close to flawless as one can imagine.

The publicly available mass market mother boards with the Intel brand 
stamped on them are usually not engineered, designed or built by Intel. 
Worse yet, they are roughly reference designs built with a primary 
emphasis on cost. Intel dictates the specs, features and price point, 
then the work is farmed out to the lowest bidder. Dell and other brand 
name System Vendors regularly take the Intel designs and tweak them 
further to differentiate features and/or further reduce costs (as well 
as the usual bug fixing).

You should think of Intel branded mother boards the same way you think 
about Microsoft branded keyboards and mice... -A known brand name 
slapped on the work of another, unknown company, simply because the 
mistakenly trusted brand name will sell.

If you're really after build quality in a mother board, you'd be 
better off with SuperMicro for Intel procs. If you'd consider AMD 
Opteron, Sun is well known for their over-engineering, but truth be 
told, all of the Sun Opteron stuff is actually engineered and built by 
Sanmina-SCI yet in this case, it is extremely high quality work.

DISCLAIMER: Yes, I'm the same idiot who writes the PCB layout analysis 
software available at www.DesignTools.org, not all designs are done 
with the Cadence tool chain, and layout is only one chunk of many in 
the process of building a high quality board.

Kind Regards,
JCR

Re: plate logos a.k.a. case badges

[Matthew Mulrooney]

These are also known as case badges.

I've ordered from ScotGold.com before (Linux case badges), and had 
excellent results.  I haven't ordered anything custom.


I've sold or given away countless number of Tux variety - when people 
see them, they want at least a few.


Matthew


On Mon, 25 Dec 2006, Greg Thomas wrote:


On 12/25/06, Didier Wiroth [EMAIL PROTECTED] wrote:

 Hello,
 Actually  it would be nice to be able to buy some original openbsd plate
 logos.
 The stickers are nice but, I would also buy a few openbsd plate logos with
 a nice
 blowfish on it, if they were available ;-)


Yep, Puffy rocks.  I get tons of comments about the wireframe t-shirt
and the wireframe sticker from the audio CD that's on this Thinkpad.
Puffy has to be one of the most popular mascots around.

Greg