Re: Any other Java developers?
Before jvm use the mpm model like apache2, or OpenBSD implement kernel level pthreads, I don't think there will have many java developers using OpenBSD as their native platform. 2008/3/11, Mayuresh Kathe <[EMAIL PROTECTED]>: > Hello, > > Are there any other Java developers using OpenBSD as their native platform? > > ~Mayuresh > http://mayuresh.kathe.in/
Any other Java developers?
Hello, Are there any other Java developers using OpenBSD as their native platform? ~Mayuresh http://mayuresh.kathe.in/
How to make that kernel pppoe assign a mpath default route?
Hi, I'm trying to configure box that uses 2 ISP connections: cable and adsl. (Failover and load balance between the ISP connections) Neither of the connections have fixed IP addresses: - The cable connection receives the addresses by means of the DHCP protocol. - The pppoe0 interface gets it's addresses from the ppp negotiation. The first question is how to configure the 'hostname.if' files to get a correct routing table. Also I need to create static routes to the DNS servers of each of the providers, because I need to access each one of the DNS servers from within the address space to the respective ISP provider. As the DNS server addresses are also obtained by dhcp or negotiated with ppp, the question is how to automate the creation of those static routes, to avoid problems if the provider changes the addresses of the servers in the future. Thank you in advance, Mauricio
Re: ath0 - not reachable - system hangs
> ath0 at pci0 dev 12 function 0 "Atheros AR2413" rev 0x01: irq 9 > ath0: AR2413 7.8 phy 4.5 rf 5.6, FCC2A*, address 00:1d:0f:af:98:88 According to the CVS log at http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/ic/ath.c#rev1.56 "support is still incomplete" for the AR2413 chipset.
Re: problems passing radius traffic through pf
On 2008-03-09, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > I have a Domain Controller in a DMZ which is handling radius requests from > my access point. I'm having problems passing the radius information > successfully through pf. The pf box is a soekris running 4.1. > > Mar 09 09:58:56.467664 rule 3/(match) block in on sis4: 172.30.30.5.1812 > > 10.50.3.11.2055: Axs! id:1 [1477] [|radius] (frag 25868:[EMAIL PROTECTED]) > Mar 09 09:58:56.467745 rule 3/(match) block in on sis4: 172.30.30.5 > > 10.50.3.11: (frag 25868:[EMAIL PROTECTED]) I think it may be connected with the fragments, please have a look at pf.conf(5) about fragment reassembly/scrub. It might be useful to turn on extended logging (pfctl -xmisc) and check syslog. > # more /etc/pf.conf | grep pix_if scrub rules are certainly relevant here.. it's generally useful if you can send a whole config, preferably reduced to the minimum that shows the problem (I am sure many people fix things in the process of doing this anyway :-) preferably with rule numbers (pfctl -sr -vv) to match against the tcpdump output.
Re: ath0 - not reachable - system hangs
On Mon, Mar 10, 2008 at 6:18 PM, Richard Daemon <[EMAIL PROTECTED]> wrote: > > On Mon, Mar 10, 2008 at 5:16 PM, Dirk Mast <[EMAIL PROTECTED]> wrote: > > Hello, > > > > I use a Atheros Mini-PCI Card, which I brought up with the following > command > > (via the Book of pf): > > > > sudo ifconfig ath0 up mediaopt hostap mode 11b chan 11 nwid pla nwkey > pladoh > > > > sudo ifconfig ath0 10.50.90.1 > > > > > > I then can't find the AP, even when standing a few centimeters away. > > > > (Not when using OpenBSD, and not when using Backtrack w/ Kismet) > > > > That's the first issue (not working is bad..) but when I then > > change the ath0 setup anyhow with ifconfig, > > like ifconfig ath0 down or change the IP, the whole box hangs: > > - doesn't answer to pings > > - stops forwarding packets > > - is not reachable anymore on all interfaces > > > > > > here's the ifconfig output: > > ath0: flags=8863 mtu > 1500 > > lladdr 00:1d:0f:af:98:88 > > groups: wlan > > media: IEEE802.11 autoselect mode 11b hostap > > status: active > > ieee80211: nwid con chan 11 bssid 00:1d:0f:af:98:88 nwkey stoke > > none > > inet6 fe80::21d:fff:feaf:9888%ath0 prefixlen 64 scopeid 0x4 > > inet 10.50.90.1 netmask 0xff00 broadcast 10.255.255.255 > > > > > > and here an excerpt from dmesg: > > ath0 at pci0 dev 12 function 0 "Atheros AR2413" rev 0x01: irq 9 > > ath0: AR2413 7.8 phy 4.5 rf 5.6, FCC2A*, address 00:1d:0f:af:98:88 > > > > Platform is an Alix2c3, which works very well except from this issue. > > > > Any ideas? > > Should I provide some additional logs/infos? > > > > > > I'm having the exact same issue(s), system completely locks up. > > Be it ALIX, WRAP or PC with Atheros wireless cards. I don't have any > others to test but Mini-PCI and PCI have both done it. > > Would like to hear more too. > > Thx! > BTW, I forgot to mention that I'm running 4.2-stable (February) and using GENERIC.
Re: Novatel Wireless U720 umsm connection only partially works.
On 2008-03-10, Michael <[EMAIL PROTECTED]> wrote: > This establishes a tun0 interface and I am able to ping out and resolve dns. > Something like ping openbsd.org works ok, so does dig openbsd.org, and so does > ftp ftp://ftp.openbsd.org > > But when I try to open http://openbsd.org in lynx, try to telnet openbsd.org > 80 > and GET /index.html HTTP/1.0, whois openbsd.org, or I try to pkg_add > something, > it doesn't work. Nothing happens. this is a classic symptom of broken Van-Jacobson header compression. try "disable vjcomp". On 2008-03-10, Alexey Suslikov <[EMAIL PROTECTED]> wrote: > Michael <[EMAIL PROTECTED]> wrote: > >> tun0: flags=8051 mtu 1500 >>groups: tun egress >>inet 75.192.185.229 --> 66.174.20.4 netmask 0xff0 >> > > How about adjusting mtu on tun to take ppp encapsulation overhead > in account? that's not it, 1500 MTU is fine over a serial connection. it's only a problem when encapsulated in a fixed-size media (like Ethernet). some people might reduce it so there's less delay to send interactive traffic during a bulk transfer but millions of people who never even heard of MTU have used 1500 MTU over PPP.
Re: ath0 - not reachable - system hangs
On Mon, Mar 10, 2008 at 5:16 PM, Dirk Mast <[EMAIL PROTECTED]> wrote: > Hello, > > I use a Atheros Mini-PCI Card, which I brought up with the following command > (via the Book of pf): > > sudo ifconfig ath0 up mediaopt hostap mode 11b chan 11 nwid pla nwkey pladoh > > sudo ifconfig ath0 10.50.90.1 > > > I then can't find the AP, even when standing a few centimeters away. > > (Not when using OpenBSD, and not when using Backtrack w/ Kismet) > > That's the first issue (not working is bad..) but when I then > change the ath0 setup anyhow with ifconfig, > like ifconfig ath0 down or change the IP, the whole box hangs: > - doesn't answer to pings > - stops forwarding packets > - is not reachable anymore on all interfaces > > > here's the ifconfig output: > ath0: flags=8863 mtu 1500 > lladdr 00:1d:0f:af:98:88 > groups: wlan > media: IEEE802.11 autoselect mode 11b hostap > status: active > ieee80211: nwid con chan 11 bssid 00:1d:0f:af:98:88 nwkey stoke > none > inet6 fe80::21d:fff:feaf:9888%ath0 prefixlen 64 scopeid 0x4 > inet 10.50.90.1 netmask 0xff00 broadcast 10.255.255.255 > > > and here an excerpt from dmesg: > ath0 at pci0 dev 12 function 0 "Atheros AR2413" rev 0x01: irq 9 > ath0: AR2413 7.8 phy 4.5 rf 5.6, FCC2A*, address 00:1d:0f:af:98:88 > > Platform is an Alix2c3, which works very well except from this issue. > > Any ideas? > Should I provide some additional logs/infos? > > I'm having the exact same issue(s), system completely locks up. Be it ALIX, WRAP or PC with Atheros wireless cards. I don't have any others to test but Mini-PCI and PCI have both done it. Would like to hear more too. Thx!
ath0 - not reachable - system hangs
Hello, I use a Atheros Mini-PCI Card, which I brought up with the following command (via the Book of pf): sudo ifconfig ath0 up mediaopt hostap mode 11b chan 11 nwid pla nwkey pladoh sudo ifconfig ath0 10.50.90.1 I then can't find the AP, even when standing a few centimeters away. (Not when using OpenBSD, and not when using Backtrack w/ Kismet) That's the first issue (not working is bad..) but when I then change the ath0 setup anyhow with ifconfig, like ifconfig ath0 down or change the IP, the whole box hangs: - doesn't answer to pings - stops forwarding packets - is not reachable anymore on all interfaces here's the ifconfig output: ath0: flags=8863 mtu 1500 lladdr 00:1d:0f:af:98:88 groups: wlan media: IEEE802.11 autoselect mode 11b hostap status: active ieee80211: nwid con chan 11 bssid 00:1d:0f:af:98:88 nwkey stoke none inet6 fe80::21d:fff:feaf:9888%ath0 prefixlen 64 scopeid 0x4 inet 10.50.90.1 netmask 0xff00 broadcast 10.255.255.255 and here an excerpt from dmesg: ath0 at pci0 dev 12 function 0 "Atheros AR2413" rev 0x01: irq 9 ath0: AR2413 7.8 phy 4.5 rf 5.6, FCC2A*, address 00:1d:0f:af:98:88 Platform is an Alix2c3, which works very well except from this issue. Any ideas? Should I provide some additional logs/infos?
Novatel Wireless U720 umsm connection only partially works.
Michael <[EMAIL PROTECTED]> wrote: > tun0: flags=8051 mtu 1500 >groups: tun egress >inet 75.192.185.229 --> 66.174.20.4 netmask 0xff0 > How about adjusting mtu on tun to take ppp encapsulation overhead in account? - Alexey.
Novatel Wireless U720 umsm connection only partially works.
I was really excited to learn that as of late OpenBSD has support for Sierra
Novatell Wireless cards. The lack of support held me back from using OpenBSD on
my laptop because I need the wireless access.
So I bought the Novatel Wireless U720 which is listed as "Devices suspected of
being compatible" in the umsm manial page. I followed the umsm and ppp man pages
and can establish a ppp connection doing the following (conf files and dmesg
outputs follow).
#ppp -ddial default
This establishes a tun0 interface and I am able to ping out and resolve dns.
Something like ping openbsd.org works ok, so does dig openbsd.org, and so does
ftp ftp://ftp.openbsd.org
But when I try to open http://openbsd.org in lynx, try to telnet openbsd.org 80
and GET /index.html HTTP/1.0, whois openbsd.org, or I try to pkg_add something,
it doesn't work. Nothing happens. The request is sent but no response is
displayed. So I really can't figure out what the issue is. I'm not running PF
and I have activated the card on Windows. I tried all this as root to be sure
it's not a permission issue. Please take a look at my configuration and log
files and let me know what I can do?
PS I'm really excited that all the ACPI stuff on my laptop now works with 4.3
Current like the brightness buttons and halt -p. If I can get this stuff
resolved with the wireless card, OpenBSD will be the OS of choice on not only my
desktop and servers, but laptop as well. Thanks OpenBSD!
/etc/ppp/ppp.conf:
default:
set device /dev/cuaU0
set speed 230400
set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT OK-AT-OK ATE1Q0 OK
\\dATDT\\T TIMEOUT 40 CONNECT"
set phone "#777"
set login
set authname [EMAIL PROTECTED]
set authkey vzw
set timeout 120
set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
add default HISADDR
enable dns
iconfig:
lo0: flags=8049 mtu 33208
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
enc0: flags=0<> mtu 1536
tun0: flags=8051 mtu 1500
groups: tun egress
inet 75.192.185.229 --> 66.174.20.4 netmask 0xff00
/var/log/ppp.log
Mar 10 10:11:26 laptop ppp[17724]: Phase: Using interface: tun0
Mar 10 10:11:26 laptop ppp[17724]: Phase: deflink: Created in closed state
Mar 10 10:11:26 laptop ppp[5169]: Phase: PPP Started (ddial mode).
Mar 10 10:11:26 laptop ppp[5169]: Phase: bundle: Establish
Mar 10 10:11:26 laptop ppp[5169]: Phase: deflink: closed -> opening
Mar 10 10:11:27 laptop ppp[5169]: Phase: deflink: Connected!
Mar 10 10:11:27 laptop ppp[5169]: Phase: deflink: opening -> dial
Mar 10 10:11:29 laptop ppp[5169]: Phase: deflink: dial -> carrier
Mar 10 10:11:30 laptop ppp[5169]: Phase: deflink: /dev/cuaU0 doesn't support CD
Mar 10 10:11:30 laptop ppp[5169]: Phase: deflink: carrier -> login
Mar 10 10:11:30 laptop ppp[5169]: Phase: deflink: login -> lcp
Mar 10 10:11:31 laptop ppp[5169]: Phase: deflink: lcp -> open
Mar 10 10:11:31 laptop ppp[5169]: Phase: bundle: Network
Mar 10 10:11:31 laptop ppp[5169]: Phase: deflink: IPV6CP protocol reject closes
IPV6CP !
Mar 10 10:11:31 laptop ppp[5169]: Phase: deflink: IPV6CP protocol reject closes
IPV6CP !
Mar 10 10:11:31 laptop ppp[5169]: Warning: 0.0.0.0/0: Change route failed:
errno: No such process
Mar 10 10:11:31 laptop ppp[5169]: Warning: ff01:5::/32: Change route failed:
errno: Network is unreachable
Mar 10 10:11:31 laptop ppp[5169]: Warning: ff02:5::/32: Change route failed:
errno: Network is unreachable
Mar 10 10:11:34 laptop ppp[5169]: Phase: deflink: IPV6CP protocol reject closes
IPV6CP !
Mar 10 10:11:43 laptop last message repeated 3 times
Mar 10 10:12:31 laptop ppp[5169]: Phase: deflink: HDLC errors -> FCS: 5, ADDR:
0, COMD: 0, PROTO: 0
Mar 10 10:13:32 laptop ppp[5169]: Phase: deflink: HDLC errors -> FCS: 3, ADDR:
0, COMD: 0, PROTO: 0
dmesg:
OpenBSD 4.3 (GENERIC) #695: Tue Mar 4 14:28:56 MST 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 1.60GHz ("GenuineIntel" 686-class) 1.60
GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX
,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2
real mem = 501706752 (478MB)
avail mem = 477003776 (454MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 10/08/04, BIOS32 rev. 0 @ 0xfd6d0, SMBIOS
rev. 2.31 @ 0xdf010 (39 entries)
bios0: vendor Phoenix version "W320.F05" date 10/08/2004
bios0: Gateway 3522GZ
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP BOOT APIC SSDT SSDT
acpi0: wakeup devices LID0(S3) SLPB(S3) PWRB(S4) LANC(S4) MODM(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (AGPB)
acpiprt2 at acpi0: bus 2 (PCIB)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2, C1, FVS, 1600, 600 MHz
acpitz0 at acpi0: critical temperature 100 degC
acpiac0 at acpi0: AC unit online
acpibat0 at acpi0: BAT0 serial W32044Ltype Li oem " Arima "
acpibtn0 at acpi0: LID0
acpibtn1
Re: problems passing radius traffic through pf
You haven't really supplied enough information, the full pf.conf and
firewall ip addresses would have been better. This is a slight guess at
whats wrong.
You say the request is from access point to radius server I would expect
to see a rule like this in your pf.conf
pass in on $ proto udp from 10.50.3.11 to 172.30.30.5 port 1812
The pass rules keeps the state, allowing the return udp traffic. What
your seeing is blocked return udp traffic, because the udp state is
established in the opposite direction, the pass is ignored. Looks like
you have the rule on the wrong interface also. The other interfaces are
missing as full pf.conf not supplied. You might have to pass port 1813
also replacing 1812 by { 1812, 1813 }.
Regards
Nigel Taylor
[EMAIL PROTECTED] wrote:
> I have a Domain Controller in a DMZ which is handling radius requests from
> my access point. I'm having problems passing the radius information
> successfully through pf. The pf box is a soekris running 4.1.
>
> Mar 09 09:58:56.467664 rule 3/(match) block in on sis4: 172.30.30.5.1812 >
> 10.50.3.11.2055: Axs! id:1 [1477] [|radius] (frag 25868:[EMAIL PROTECTED])
> Mar 09 09:58:56.467745 rule 3/(match) block in on sis4: 172.30.30.5 >
> 10.50.3.11: (frag 25868:[EMAIL PROTECTED])
>
> # more /etc/pf.conf | grep pix_if
> pix_if = "sis4"
> pass quick log on $pix_if from any to 10.50.3.11
> block in log on $pix_if
> pass out on $pix_if
>
> In this case, 172.30.30.5 is my radius server, and 10.50.3.11 is my access
> point. Even though I am logging the pass rule, I do not seeing getting
> hit through tcpdump. If I take out the block in log on $pix_if, radius
> information flows ok.
>
> Thanks,
>
> runelind at runelind dot net
Re: Limit ssh bandwidth
Hello, perhaps this helps: man scp: -l limit Limits the used bandwidth, specified in Kbit/s. Regards Hagen Volpers > -Urspr|ngliche Nachricht- > Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Im Auftrag von Marc Rene Arns > Gesendet: Montag, 10. Mdrz 2008 19:30 > An: misc@openbsd.org > Betreff: Limit ssh bandwidth > > Hi, > > for my client I have set up an mini sftp-Server (on Windows > in their Intranet) > and on my webserver (FreeBSD) there is a cronjob looking for > new files to > load them via sftp/ssh to the webserver. > > Now we need to limit the bandwidth of the sftp-uploads (ADSL). > > For several reasons it would be better, if I could limit the > traffic on the > webserver side. I thought, I would configure pf with altq to > limit the > bandwidth of the ssh-client. > > > > Intranet | | Webserver > sftpd ==> ssh-client (cron) > limited| | pf / altq > upload bw | | > | | > > Now the idea was to force the sftpd to use less bandwidth by > limiting the > bandwidth of the ssh-client (via pf). > > As I read on http://www.openbsd.org/faq/pf/queueing.html altq > limits by > dropping packets. So I am not sure if this would cause the > sftpd to send less > packets. I would even expect that the sftpd would send more > packets to > compensate the lost ones and therefor use even more bandwidth. > > Or is it part of the ssh protocol to agree on a lower > bandwidth based on the > number of lost packets? > > Perhaps there is a way for the ssh-client to tell the sftpd > how much bandwith > to use? > > Is there a way to solve this without QoS on the sftpd side? > > Regards, > Benny
Re: Installation freeze....
On 10/03/2008, Massimiliano Giorgi <[EMAIL PROTECTED]> wrote: > > It is working! (two days) > I have modified the bios settings to "reserve" the irq 9 and now all the > ethernet irqs are dispatched to irq 11. > I don't know why the irq 9 "is bad" for the "Intel PRO/1000MT Dual Port > Server Adapter" (but with Linux 2.6.18 it works). > Thanks to all for the suggestions... > > -Massimiliano this goes back to the dawn of the IBM PC... on the XT, there were only 8 IRQ originally - 0= timer, 1=keybd, etc. then out came the AT with a new 8259A PIC supporting cascading. IRQ 2 triggered automatically IRQ 9 to allow access to the other additional 7 IRQs. IRQ 2 & 9 became known as "troublesome" because the drivers didn't handle well sharing their interrupts, though there's nothing forbidding it IIRC. in the immortal words of Nick Holland - http://monkey.org/openbsd/archive/misc/0011/msg00927.html perhaps that will lead others to comment further on my hazy memory. wd0a: aborted command, interface CRC error reading fsbn 403040 of > 403040-403071 (wd0 bn 79041215; cn 4920 tn 22 sn 29), retrying > wd0: soft error (corrected) > wd0: transfer error, downgrading to Ultra-DMA mode 4 > wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 > wd0a: aborted command, interface CRC error reading fsbn 138080 of > 138080-138111 (wd0 bn 78776255; cn 4903 tn 151 sn 47), retrying > wd0: soft error (corrected) > > & the next thing you need to do is to replace wd0 - its on its way out. A+ Dave
Re: bad ascii art on the increase
> Just noting that there seems to be an increase in improperly constructed > ascii art/diagrams. Nevermind that, what about the ascii pr0n?? _ Share what Santa brought you https://www.mycooluncool.com
bad ascii art on the increase
Just noting that there seems to be an increase in improperly constructed ascii art/diagrams. If ascii diagrams are not created with a fixed-pitch font then they will not display correctly - even when the readers view them with a fixed-pitch font.
Re: [bug fix] Problem installing OpenBSD 4.2
Nick Holland wrote: > Saulo Bozzi Daleprane wrote: > >> I have a problem installing OpenBSD 4.2 in old machines. >> >> The bug fix instructs to use disc 2 of amd64, but what's the name of >> this ISO?! >> > > lots of responses, all wrong. > > This issue ONLY impacted the official, purchased CD sets, not the > downloadable images. If you have the official CD set, you just use > the disk labeled "amd64", not the one labeled i386. That's pretty > painfully obvious if you own the CDs, so I think you are referring > to the downloaded images. > > So, if you can't install from the downloads, you have a problem other > than what you are looking at. > > Provide useful info, we can provide guidance. > > Note: i386 machines I call "old" can't boot from CD. :) > > Nick. > > Yes Nick, this is it. I've tried with images ISO of ftp.openbsd.org. I have an old machine, which is: proliant ml370 compaq; cdrom scsi, etc. and it does not boot by cdrom: install42.iso release, amd64, cd42.iso, cdemu.iso. 4.3 snapshot. I'll make a disc with floppyB42.fs and floppy42.fs (amd64) and try. This today. My problem is with the cdrom. Ok...we'll see. -- *Saulo Bozzi Daleprane* /"Truly great madness cannot be achieved without significant intelligence"./
Limit ssh bandwidth
Hi, for my client I have set up an mini sftp-Server (on Windows in their Intranet) and on my webserver (FreeBSD) there is a cronjob looking for new files to load them via sftp/ssh to the webserver. Now we need to limit the bandwidth of the sftp-uploads (ADSL). For several reasons it would be better, if I could limit the traffic on the webserver side. I thought, I would configure pf with altq to limit the bandwidth of the ssh-client. Intranet | | Webserver sftpd ==> ssh-client (cron) limited| | pf / altq upload bw | | | | Now the idea was to force the sftpd to use less bandwidth by limiting the bandwidth of the ssh-client (via pf). As I read on http://www.openbsd.org/faq/pf/queueing.html altq limits by dropping packets. So I am not sure if this would cause the sftpd to send less packets. I would even expect that the sftpd would send more packets to compensate the lost ones and therefor use even more bandwidth. Or is it part of the ssh protocol to agree on a lower bandwidth based on the number of lost packets? Perhaps there is a way for the ssh-client to tell the sftpd how much bandwith to use? Is there a way to solve this without QoS on the sftpd side? Regards, Benny
Re: carp vs. ospf ?
On 2008-03-10, clifford bailey <[EMAIL PROTECTED]> wrote:
>>> router-id 1.2.3.4
>>>
>>> auth-type crypt
>>> auth-md 1 mekmitasdigoat
>>> auth-md-keyid 1
>>>
>>> hello-interval 1
>>> router-dead-time 4
>>>
>>> area 0.0.0.0 {
>>> interface vlan701
>>> interface carp72 { passive }
>>> interface carp42 { passive }
>>> interface carp209 { passive }
>>> interface carp168 { passive }
>>> }
>>>
>>>
>> Is that possible to do? I tried something similar on my setup and as
>> soon as I removed the real interface from the area, nothing was
>> advertised at all. Admittedly I didn't have the interface set as
>> passive before, so that might have been my problem. I'll try that out
>> now. My initial assumption was because I saw in an openospfd doc (by
>> Claudio Jeker if it helps), that it was "impossible to run ospf on a
>> carp interface", so assumed this was the correct behaviour. Anyway, if
>> you're right, that's great news for me!
>> (Thanks for the quick response too!)
>
> Having played around with this for a bit and given it a bit more
> thought, I'm worried I'm wasting my time. If I understand correctly, the
> passive carp statements in your setup above, simply advertise those
> addresses over other interfaces (in your case the vlan701 interface),
> rather than running ospf on them. I wanted to be able to have ospf
> running on the carp interface, rather than the real interface. If I run
> ospf on the real interfaces of both firewalls, advertising the carp
> interface as above, then ospf will decide which firewall to route
> traffic through, not carp
In my example vlan701 faces the rest of the network and participates
fully in OSPF; the carp interfaces face servers/PCs behind this pair
of firewalls (no other OSPF speakers on those networks).
OSPF announcements track the interface state: if an interface is
regarded as down (in the case of carp, backup == down) then its
addresses are not announced. When the interface is carp master it
starts to be announced.
> I don't have any servers directly connecting to
> the firewall, the firewalls sit in the middle of an ospf cloud, rather
> than at the edge of one,
In that case sorry this probably doesn't help you, it seems like
quite an unusual place to have firewalls though..
Re: Samba(SMB) or Netatalk(AFP)?
Sunnz wrote: Basically I want to set up a network share on my OpenBSD box which my Mac laptops and Linux laptops can access to. Smb seems kind of weird in a environment with no M$ systems... however this is probably what I am most familiar with because I did it in the past on OpenBSD and it was a breeze to set up. SMB works nicely with Mac OS X. It what I use to in my lab. NFS is also a choice. SMB is very easy to setup.
Re: Samba(SMB) or Netatalk(AFP)?
On Mar 11 01:01:45, Sunnz wrote: > Basically I want to set up a network share on my OpenBSD box which my > Mac laptops and Linux laptops can access to. Then use NFS, the standard UNIX technology for this. > Smb seems kind of weird in a environment with no M$ systems... however > this is probably what I am most familiar with because I did it in the > past on OpenBSD and it was a breeze to set up. NFS is a breeze to setup, too. > I also tried out NFS in the past on OpenBSD. Got it to work but I > don't really understand how it works. There aren't any form of > authentication, just a list of IP that has access to it... which > always seemed weird to me... NFS was not designed with security in mind. As you give no description of your environment, I can only guess that "your Mac/Linux laptops" are onsidered inside your home network, which should be already protected by other means. > that it uses whatever permission on the > OpenBSD on the laptop, which doesn't really work out... like the group > "users" can have a very different gid on Linux than on Mac. Maybe I am > not using it correctly or understood how it is supposed to work? NFS is a relative of NIS, where user/group IDs are not local to every computer, but distrubuted over the network. > So now I am looking at AFP via Netatalk, which seem to be Unix like > enough but have password authentication like Smb, and some suggested > that it would have good performance with Mac... and Linux has support > for it through FUSE... however I have no experience with it... is it > good or not? Both AFP and Netatalk seem a bit Apple-centric, while NFS is the standard and is IMHO much more supported. > So I can't decide what to do at this moment... I'll most likely are > going to try out netatalk... but if you have a similar environment, > like one without much concern for M$, please suggest what would you do > for file sharing, and why thanks a lot!! You don't really describe your environment, except that a laptop needs to see files from elsewhere. If you _need_ proper authentication, you might want to look for options, but if you don't (as is the case in my home network of two BSD servers and a few laptops), NFS works just fine. Jan
Protocol testing
Hi All, I've been doing some research and i want to experiment some network protocols that, due the nature of them, i'll probably not work with them in my day to day work, but i want to learn them. The protocols in question are bgp and ospf. I know that i'll use virtual machines, and i already have them set up. Just want to know if someone, that know these protocols deeply, have some idea on how to begin these experiments, and the issues that you've run into the real world, so i could try to reproduce them for learning purposes. I want to do this to gain more knowledge of how the internet works today (i know bgp has *everything* to do with it). My next study would be IPv6, since i only read about it, never put two machines to talk IPv6 only. But that's another history. Thanks in advance, -- Giancarlo Razzolini Linux User 172199 Red Hat Certified Engineer no:804006389722501 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Ubuntu 7.04 Feisty Fawn Snike Tecnologia em Informatica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: OpenLDAP and Berkeley DB 4.6
--On Sunday, March 09, 2008 11:13 PM +0800 Dongsheng Song <[EMAIL PROTECTED]> wrote: Since OpenLDAP 2.3 is incompatible[1] with Berkeley DB 4.6, so I must stick to BDB 4.5 or upgrade to OpenLDAP 2.4 ? Yes. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration
Re: carp vs. ospf ?
clifford bailey wrote:
Stuart Henderson wrote:
On 2008-03-10, clifford bailey <[EMAIL PROTECTED]> wrote:
Having got a nice redundant firewall setup working with openbsd 4.2
pf + carp + pfsync. My next step was to integrate it with ospf. My
initial plan was to continue to treat the firewall pair, as a single
'virtual firewall' within the network and use ospf to advertise
routes through just the carp interfaces. Looking at a couple of docs
for ospf though, I was disappointed to find out I can't do this.
don't you mean something like this?
router-id 1.2.3.4
auth-type crypt
auth-md 1 mekmitasdigoat
auth-md-keyid 1
hello-interval 1
router-dead-time 4
area 0.0.0.0 {
interface vlan701
interface carp72 { passive }
interface carp42 { passive }
interface carp209 { passive }
interface carp168 { passive }
}
Is that possible to do? I tried something similar on my setup and as
soon as I removed the real interface from the area, nothing was
advertised at all. Admittedly I didn't have the interface set as
passive before, so that might have been my problem. I'll try that out
now. My initial assumption was because I saw in an openospfd doc (by
Claudio Jeker if it helps), that it was "impossible to run ospf on a
carp interface", so assumed this was the correct behaviour. Anyway, if
you're right, that's great news for me!
(Thanks for the quick response too!)
Hi,
Having played around with this for a bit and given it a bit more
thought, I'm worried I'm wasting my time. If I understand correctly, the
passive carp statements in your setup above, simply advertise those
addresses over other interfaces (in your case the vlan701 interface),
rather than running ospf on them. I wanted to be able to have ospf
running on the carp interface, rather than the real interface. If I run
ospf on the real interfaces of both firewalls, advertising the carp
interface as above, then ospf will decide which firewall to route
traffic through, not carp, and carp will be rendered at best useless and
at worst a hinderance. I don't have any servers directly connecting to
the firewall, the firewalls sit in the middle of an ospf cloud, rather
than at the edge of one, so I've returned to my initial assumption that
it's not possible to use carp here. Please correct me if I'm wrong
though, as removing carp from the picture, drastically complicates my
proposed network layout.
Thanks.
Re: [OFFTOPIC] Naming convention for programs
Thank you guys for your ideas. I'll give them a second thought before deciding. Regards, -- Gerardo Santana
Information sur votre raison sociale
Bonjour, Suite ` la progression constante des litiges liis aux diptts frauduleux des noms de domaine, il est disormais primordial pour une entreprise de protiger sa marque ou sa raison sociale sur Internet. Le nom de domaine est devenu un viritable enjeu commercial pour les sociitis. Tous les jours, nous conseillons sur la protection des noms de domaine aussi bien les administrations, les commergants que les grands comptes nationaux. DâÂÂun simple clic, virifiez gratuitement la disponibiliti et protigez vous en .FR .COM et .EU auprhs de notre iquipe de spicialistes. Dans lâÂÂattente dâÂÂun prochain contact, Veuillez accepter nos salutations distinguies. Marie-Thi ROBIN Responsable gestion noms de domaine http://www.nom-domaine.fr SOCIETE VIADUC SIRET : 478 350 333 00025 Pour ne plus recevoir nos informations, suivez le lien .
Re: Compile jdk 1.5 on amd64 run out of memory
Dongsheng Song wrote: > When I not set HOTSPOT_BUILD_JOBS, it trap to ddb. Please submit a full bug report for this using sendbug(1). See http://www.openbsd.org/faq/faq2.html#Bugs and http://www.openbsd.org/report.html for what information you need to collect for it to be useful. Thanks, -Kurt
Re: Samba(SMB) or Netatalk(AFP)?
On Tue, Mar 11, 2008 at 01:01:45AM +1100, Sunnz wrote: > Basically I want to set up a network share on my OpenBSD box which my > Mac laptops and Linux laptops can access to. > (snip) > So now I am looking at AFP via Netatalk, which seem to be Unix like > enough but have password authentication like Smb, and some suggested > that it would have good performance with Mac... and Linux has support > for it through FUSE... however I have no experience with it... is it > good or not? (snip) NETATALK is commented out of GENERIC, so one might question how much it it tested and/or supported. -- Mark
Re: Compile jdk 1.5 on amd64 run out of memory
Dongsheng Song wrote: > For idle: > $ swapctl -s > total: 4200966k bytes allocated = 4776k used, 4196190k available > > When I not set HOTSPOT_BUILD_JOBS, it trap to ddb. > Could you restrict the HOTSPOT_BUILD_JOBS not by cores, but also by memory ? Thanks. Yes I am planning on implementing that when the ports tree unlocks. > Just for interested: What's the default vaalue for HOTSPOT_BUILD_JOBS > and PARALLEL_BUILD_JOBS ? I will leave that question as an an exercise for the reader. However, I should point out the second env var is not called PARALLEL_BUILD_JOBS. It is called PARALLEL_COMPILE_JOBS. -Kurt
Samba(SMB) or Netatalk(AFP)?
Basically I want to set up a network share on my OpenBSD box which my Mac laptops and Linux laptops can access to. Smb seems kind of weird in a environment with no M$ systems... however this is probably what I am most familiar with because I did it in the past on OpenBSD and it was a breeze to set up. I also tried out NFS in the past on OpenBSD. Got it to work but I don't really understand how it works. There aren't any form of authentication, just a list of IP that has access to it... which always seemed weird to me... that it uses whatever permission on the OpenBSD on the laptop, which doesn't really work out... like the group "users" can have a very different gid on Linux than on Mac. Maybe I am not using it correctly or understood how it is supposed to work? So now I am looking at AFP via Netatalk, which seem to be Unix like enough but have password authentication like Smb, and some suggested that it would have good performance with Mac... and Linux has support for it through FUSE... however I have no experience with it... is it good or not? So I can't decide what to do at this moment... I'll most likely are going to try out netatalk... but if you have a similar environment, like one without much concern for M$, please suggest what would you do for file sharing, and why thanks a lot!!
Re: carp vs. ospf ?
Stuart Henderson wrote:
On 2008-03-10, clifford bailey <[EMAIL PROTECTED]> wrote:
Having got a nice redundant firewall setup working with openbsd 4.2 pf +
carp + pfsync. My next step was to integrate it with ospf. My initial
plan was to continue to treat the firewall pair, as a single 'virtual
firewall' within the network and use ospf to advertise routes through
just the carp interfaces. Looking at a couple of docs for ospf though, I
was disappointed to find out I can't do this.
don't you mean something like this?
router-id 1.2.3.4
auth-type crypt
auth-md 1 mekmitasdigoat
auth-md-keyid 1
hello-interval 1
router-dead-time 4
area 0.0.0.0 {
interface vlan701
interface carp72 { passive }
interface carp42 { passive }
interface carp209 { passive }
interface carp168 { passive }
}
Is that possible to do? I tried something similar on my setup and as
soon as I removed the real interface from the area, nothing was
advertised at all. Admittedly I didn't have the interface set as passive
before, so that might have been my problem. I'll try that out now. My
initial assumption was because I saw in an openospfd doc (by Claudio
Jeker if it helps), that it was "impossible to run ospf on a carp
interface", so assumed this was the correct behaviour. Anyway, if you're
right, that's great news for me!
(Thanks for the quick response too!)
Re: carp vs. ospf ?
On 2008-03-10, clifford bailey <[EMAIL PROTECTED]> wrote:
> Having got a nice redundant firewall setup working with openbsd 4.2 pf +
> carp + pfsync. My next step was to integrate it with ospf. My initial
> plan was to continue to treat the firewall pair, as a single 'virtual
> firewall' within the network and use ospf to advertise routes through
> just the carp interfaces. Looking at a couple of docs for ospf though, I
> was disappointed to find out I can't do this.
don't you mean something like this?
router-id 1.2.3.4
auth-type crypt
auth-md 1 mekmitasdigoat
auth-md-keyid 1
hello-interval 1
router-dead-time 4
area 0.0.0.0 {
interface vlan701
interface carp72 { passive }
interface carp42 { passive }
interface carp209 { passive }
interface carp168 { passive }
}
carp vs. ospf ?
Hi, Having got a nice redundant firewall setup working with openbsd 4.2 pf + carp + pfsync. My next step was to integrate it with ospf. My initial plan was to continue to treat the firewall pair, as a single 'virtual firewall' within the network and use ospf to advertise routes through just the carp interfaces. Looking at a couple of docs for ospf though, I was disappointed to find out I can't do this. I am not familiar with the internals of ospf, so there may be an obvious reason for this limitation, is it easy to explain, or could someone point me towards an explanation? Instead of doing this, I am now intending to drop carp out of the picture altogether and just use ospf to provide the failover. Is this the recommended solution? Does anyone else run this solution? Thanks in advance!
Re: Installation freeze....
It is working! (two days)
I have modified the bios settings to "reserve" the irq 9 and now all the
ethernet irqs are dispatched to irq 11.
I don't know why the irq 9 "is bad" for the "Intel PRO/1000MT Dual Port
Server Adapter" (but with Linux 2.6.18 it works).
Thanks to all for the suggestions...
-Massimiliano
this is the new dmesg:
OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: VIA Samuel 2 ("CentaurHauls" 686-class) 602 MHz
cpu0: FPU,DE,TSC,MSR,MTRR,PGE,MMX
real mem = 519598080 (495MB)
avail mem = 494751744 (471MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 03/11/04, BIOS32 rev. 0 @ 0xface0,
SMBIOS rev. 2.2 @ 0xf0800 (26 entries)
bios0: vendor Award Software International, Inc. version "6.00 PG" date
03/11/2004
bios0: VIA Technologies, Inc. VT8623-8235
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0xdba4
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdb10/144 (7 entries)
pcibios0: PCI Exclusive IRQs: 11
pcibios0: PCI Interrupt Router at 000:17:0 ("VIA VT82C596A ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xe000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA VT8623 PCI" rev 0x00
ppb0 at pci0 dev 1 function 0 "VIA VT8633 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "VIA CLE266" rev 0x03: aperture at
0xe000, size 0x1000
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
vr0 at pci0 dev 15 function 0 "VIA VT6105 RhineIII" rev 0x8b: irq 11,
address 00:40:63:de:4f:6c
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 9: OUI
0x004063, model 0x0034
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x80: irq 11
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x80: irq 11
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x80: irq 11
ehci0 at pci0 dev 16 function 3 "VIA VT6202 USB" rev 0x82: irq 11
usb0 at ehci0: USB revision 2.0
uhub0 at usb0: VIA EHCI root hub, rev 2.00/1.00, addr 1
viapm0 at pci0 dev 17 function 0 "VIA VT8235 ISA" rev 0x00
iic0 at viapm0
pciide0 at pci0 dev 17 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133,
channel 0 configured to compatibility, channel 1 configured to co
mpatibility
wd0 at pciide0 channel 0 drive 0:
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
vr1 at pci0 dev 18 function 0 "VIA RhineII-2" rev 0x74: irq 11, address
00:40:63:de:4f:8a
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 10: OUI
0x004063, model 0x0032
em0 at pci0 dev 19 function 0 "Intel PRO/1000MT (82546EB)" rev 0x01: irq
11, address 00:07:e9:1f:9f:46
em1 at pci0 dev 19 function 1 "Intel PRO/1000MT (82546EB)" rev 0x01: irq
11, address 00:07:e9:1f:9f:47
usb1 at uhci0: USB revision 1.0
uhub1 at usb1: VIA UHCI root hub, rev 1.00/1.00, addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2: VIA UHCI root hub, rev 1.00/1.00, addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3: VIA UHCI root hub, rev 1.00/1.00, addr 1
isa0 at mainbus0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0:
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
viasio0 at isa0 port 0x2e/2: VT1211 rev 0x02, HM, WDG not activated
viasio1 at isa0 port 0x4e/2: VT1211 rev 0x02, HM not activated, WDG not
activated
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pccom2 at isa0 port 0x3e8/8 irq 5: ns16550a, 16 byte fifo
biomask ef45 netmask ef45 ttymask ffc7
pctr: user-level cycle counter enabled
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a swap on wd0b dump on wd0b
wd0a: aborted command, interface CRC error reading fsbn 403040 of
403040-403071 (wd0 bn 79041215; cn 4920 tn 22 sn 29), retrying
wd0: soft error (corrected)
wd0: transfer error, downgrading to Ultra-DMA mode 4
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4
wd0a: aborted command, interface CRC error reading fsbn 138080 of
138080-138111 (wd0 bn 78776255; cn 4903 tn 151 sn 47), retrying
wd0: soft error (corrected)
james.townson has invited you to Spokeo
Hi misc@openbsd.org, [EMAIL PROTECTED] has invited you to Spokeo, which finds your friends' updates across the Web. On average, Spokeo finds 87 friends across 30 different social networks. See what Spokeo can find for you now! Click http://www.spokeo.com/public/join?c=bcc084f03c04fb7f5da41a95b9e3c58d40ffeec9 to accept your invitation. - This invitation was sent with james.townson's explicit approval. If you wish to opt out of all future emails, go to http://www.spokeo.com/optout?c=m495056555151565249 Copyright (c) 2008 Spokeo, Inc. All rights reserved. 1685 Plymouth Street #200, Mountain View, CA 94043
