Помощь юриста.
PP4QP0P2QQP2QP9QP5! PP5P=Q P7PP2QQ PP5QPP=P8P:P0. PPP4P3PQPP2P;Q P4PP:QPP5P=QQ P4P;Q QP5P3P8QQQP0QP8P8 , P?P5QP5QP5P3P8QQQP0QP8P8, P;P8P:P2P8P4P0QP8P8 PPP P8 PP, P0 QP0P:P6P5 QPQQP0P2P;Q P4PP3PP2PQ, P?QP5QP5P=P7P8Q P8 P8P=QP5 P4PP:QPP5P=QQ. PQPP:PP=QQP;QQP8QQQ P?P P2PP?QPQP0P P1P8P7P=P5QP0. P! QP2P0P6P5P=P8P5P, PP5QPP=P8P:P0 P.QP8P4P8QP5QP:P8P9 PQP4P5P; PP5P;: (495)721-84-10
APP - a timesaving electronic solution - free info pack
Please forward to the Headteacher or School Office Manager if incorrectly addressed | If you have trouble reading this email click here [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] APP Assessment Online Classroom Monitor is a simple, online APP Assessment tool for primary and secondary schools. Each teachers uses simple APP markbooks to record pupil progress against APP criteria and assessment focuses. Classroom Monitor works hard so that one ongoing teacher assessment feeds into: * Assessment for learning - detailed next steps in pupil friendly speak can be shared instantly with pupils. * Planning - teachers can share resources, lesson plans and resources across the school using the markbook. More info * Evidence recording - As pupil's work is assessed, evidence can be attached to pupils' records instantly (and then shared with parent and pupil online). More info * Detailed pupil and cohort tracking information - available instantly including: target setting, termly tracking sheets, progress graphs etc. * Online reporting to parents- teachers can note comments and observations from their assessment, link photos, targets and resources: available late 2010. * Choose your phase of education using the quick links below Click here to request your free information Pack [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] New Release! Contact us Evidence and Resources February 2010 You can now add evidence to support assessments in Classroom Monitor and attach teaching resources to share best practice! [IMAGE] Arrange a no obligation in-school consultation, an online phone demo or order a memory stick with full information pack from us. [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] Email communications are consistent with the 'e-confident school' initiative and the government's e-business and e-government initiatives. This is a legitimate business-to-business email, addressed to the official administrative email address of the school, published by the Local Authority or the school. This email is not 'spam' - a term that applies to emails sent to personal addresses. This email is delivered under DMA guidelines to the published email contact and is valuable information which we ask you to forward to the relevant staff member. To manage your preferences, please contact subscr...@edmailing.com. [IMAGE]
Re: format of i386/index.txt
http://marc.info/?l=openbsd-miscm=126678113118214w=2 Has the format of ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/i386/index.txt changed again? It seems to be 'ls -l' now.
Re: installing amd64 using i386 to boot then amd64 for install?
On 15Mar2010 23:11, J.C. Roberts list-...@designtools.org wrote: | On Tue, 16 Mar 2010 14:59:01 +1100 Cameron Simpson c...@zip.com.au | wrote: | | I have the apparently common problem of CD2 (amd64) from the OpenBSD | distro not booting on an IBM x336. And of course there's no floppy | and the box won't boot off a USB device at all. | | apparently common ? --Never heard of it. This is the bought amd64+macppc CD2 disc image. It seems common enough for the shipped install instructions to suggest using the floppy image as a boot alternative for this architecture and for me to have tripped over this issue in the past. For what it's worth, I've downloaded the 4.5 amd64 install45.iso image and _it_ boots just fine. I've installed from there now. However, if I use the amd64 disc from the bought distro, it does not boot. I'm presuming its weird and different, perhaps doing something odd in an attempt to also boot on a PPC system? Just guessing. | If there is something wrong with your install media for amd64, then | download the ISO and burn a new copy. | ftp://ftp.openbsd.org/pub/OpenBSD/4.6/amd64/install46.iso | Even better, since we're right next to 4.7 release, install the | most recent -current snapshot: | ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/amd64/install47.iso | Your subsequent upgrade to 4.7 -release in a month or two will go a lot | more smoothly. I'm actually going with 4.5 to match this machine's partner machine. | One of the avenues I'm considering is booting off the i386 CD1 and | then using the CD2 disc for the install data. Will that work, or will | the i386 install still load up some inappropriate i386 items (eg the | boot sector)? | | Why shoot yourself in the foot? Because I was facing an install on a machine which won't boot off USB, has no floppy and an apparently useless amd64 install CD. Hence my desire to try getting off the ground with the i386 CD. | A better and supported alternative is to netboot the system with | the correct bsd.rd kernel and install the sets via ftp. I'll try to find the time to try out such a setup at home sometime. I was in a co-lo with few resources and some time pressure. I'd like to thank folks for the many replies to my unusual query. Cheers, -- Cameron Simpson c...@zip.com.au DoD#743 http://www.cskk.ezoshosting.com/cs/ ep0: 3c509 in test mode. Erase pencil mark! This means that someone has scribbled with pencil in the test area on the card. Erase the pencil mark and reboot. (This is not a joke). - OpenBSD 2.3 ep(4) ethernet drive manual entry
В Э Д компании: особенности таможенного регулирования в рамках Таможенного союзаbo
* 24 - 26 PP0QQP0 2010 P3. (3 P4P=Q) * * PP-P P:PPP?P0P=P8P8: PQPP1P5P=P=PQQP8 PPPPPPPPPPP P PPP#PPP PPPPPP/ P2 QP0PP:P0Q PPPPPPPPPPP P!PP.PP * PQP5QP4P=P5P2P=QP9 P?QP0P:QP8QP5QP:P8P9 P:QQQ PP PPPPPPPP'PP P4P;Q: P3P5P=P5QP0P;QP=QQ P4P8QP5P:QPQPP2, QQP:PP2PP4P8QP5P;P5P9 P8 QPQQQP4P=P8P:PP2 QP;QP6P1 PP-P P8 P;PP3P8QQP8P:P8, QQP8QQPP2 P:PPP?P0P=P8P9, P7P0P=P8PP0QQ P8QQQ P2P=P5QP=P5Q P:PP=PPP8QP5QP:PP9 P4P5QQP5P;QP=PQQQQ. PP0 QP0PPP8QP5 PP5P6P3PQQP4P0QQQP2P5P=P=PP3P QPP2P5QP0 PP2QPP7P-Q, QPQQPQP2QP5PQQ 27 P=PQP1QQ 2009 P3PP4P0 P2 PP8P=QP:P5, P8 P=P0 P7P0QP5P4P0P=P8P8 P3P;P0P2 PQP0P2P8QP5P;QQQP2 QQQP0P= PP2QPP7P-Q 11 P4P5P:P0P1QQ 2009 P3PP4P0 P2 P!P0P=P:Q-PP5QP5QP1QQP3P5, P1QP;P0 P?PP4P?P8QP0P=Q PQP=PP2P=QP5 P4PP:QPP5P=QQ P=PQPP0QP8P2P=P-P?QP0P2PP2PP9 P1P0P7Q PP0PPP6P5P=P=PP3P QPQP7P0 P P$, PP0P7P0QQQP0P=P0 P8 PP5P;P0QQQP8. P! 01 QP=P2P0QQ 2010 P3PP4P0 P2QQQP?P8P;P8 P2 QP8P;Q: - PPP2P0QP=P0Q P=PPP5P=P:P;P0QQQP0 PP-P P8 PP0PPP6P5P=P=QP9 QP0QP8Q PP0PPP6P5P=P=PP3P QPQP7P0. - PP4P8P=QP5 P?QP0P2P8P;P0 P=P5QP0QP8QP=PP3P QP5P3QP;P8QPP2P0P=P8Q P=P0 QP5QQP8QPQP8P8 PP0PPP6P5P=P=PP3P QPQP7P0. - PP4P8P=QP5 P?QP0P2P8P;P0 QP0PPP6P5P=P=P-QP0QP8QP=PP3P QP5P3QP;P8QPP2P0P=P8Q P=P0 QP5QQP8QPQP8P8 P3PQQP4P0QQQP2-QQP0QQP=P8P:PP2 PP0PPP6P5P=P=PP3P QPQP7P0. PP;P0P2P0PP8 QQP5Q P3PQQP4P0QQQP2 P?QP8P=QQ PP0PPP6P5P=P=QP9 P:PP4P5P:Q PP0PPP6P5P=P=PP3P QPQP7P0, P:PQPQQP9 Q 01 P8QP;Q 2010 P3PP4P0 QQP0P=P5Q P3P;P0P2P=QP P7P0P:PP=PP4P0QP5P;QP=QP P0P:QPP, P:PQPQQP P1QP4QQ QQP:PP2PP4QQP2PP2P0QQQQ P?QP8 QPP2P5QQP5P=P8P8 P2P=P5QP=P5QPQP3PP2QQ PP?P5QP0QP8P9 QQP0QQP=P8P:P8 PP-P. PPP5QQP5 Q PP0PPP6P5P=P=QP P:PP4P5P:QPP PP0PPP6P5P=P=PP3P QPQP7P0 01 P8QP;Q 2010 P3PP4P0 P2QQQP?QQ P2 QP8P;Q: - P!PP3P;P0QP5P=P8Q P P?PQQP4P:P5 P4P5P:P;P0QP8QPP2P0P=P8Q QP0PPP6P5P=P=PP9 QQPP8PPQQP8 QPP2P0QPP2 P8 P P?PQQP4P:P5 PQQQ P5QQP2P;P5P=P8Q P:PP=QQPP;Q P?QP0P2P8P;QP=PQQP8 PP?QP5P4P5P;P5P=P8Q QP0PPP6P5P=P=PP9 QQPP8PPQQP8 QPP2P0QPP2, P?P5QP5PP5QP0P5PQQ QP5QP5P7 QP0PPP6P5P=P=QQ P3QP0P=P8QQ QP0PPP6P5P=P=PP3P QPQP7P0. - PP0P:P5Q P4PP:QPP5P=QPP2, QP5P3P;P0PP5P=QP8QQQQ P8Q P?PQQP4PP: P?QP8PP5P=P5P=P8Q QP0P=P8QP0QP=QQ, P2P5QP5QP8P=P0QP=P-QP0P=P8QP0QP=QQ P8 QP8QPQP0P=P8QP0QP=QQ PP5Q, PQPP1P5P=P=PQQP8 P8 P?PQQP4PP: PP1QP0Q P5P=P8Q P?QPP4QP:QP8P8, P?PP4P;P5P6P0Q P5P9 PP1QP7P0QP5P;QP=PP9 PQP5P=P:P5 (P?PP4QP2P5QP6P4P5P=P8Q) QPPQP2P5QQQP2P8Q P=P0 QP0PPP6P5P=P=PP9 QP5QQP8QPQP8P8 PP0PPP6P5P=P=PP3P QPQP7P0. - P!PP3P;P0QP5P=P8P5 P P?QP8P=QP8P?P0Q P2P7P8PP0P=P8Q P:PQP2P5P=P=QQ P=P0P;PP3PP2 P?QP8 Q P:QP?PQQP5 P8 P8PP?PQQP5 QPP2P0QPP2 P8 P?QPQPP:PP; P P?PQQP4P:P5 P2P7P8PP0P=P8Q P:PQP2P5P=P=QQ P=P0P;PP3PP2 P8 PP5QP0P=P8P7PP5 P:PP=QQPP;Q P7P0 P8Q QP?P;P0QPP9 P?QP8 Q P:QP?PQQP5 P8 P8PP?PQQP5 QPP2P0QPP2 P2 PP0PPP6P5P=P=PP QPQP7P5. PP5P4P5QQQ QP0P7QP0P1PQP:P0 P=PQPP0QP8P2P=P-P?QP0P2PP2PP9 P1P0P7Q, P:PP=P:QP5QP8P7P8QQQQ P5P9 PQPP1P5P=P=PQQP8 P?QP0P2PP?QP8PP5P=P8QP5P;QP=PP9 P?QP0P:QP8P:P8 P2P=PP2Q P?QP8P=QQQQ P7P0P:PP=PP4P0QP5P;QP=QQ P0P:QPP2 PP0PPP6P5P=P=PP3P QPQP7P0. PPPP, P!PPPPPP P: P?PP4P3PQPP2P8QQ QQP0QQP=P8P:PP2 PP-P P: P?QP0P:QP8QP5QP:PP9 QP0P1PQP5 P2 QQP;PP2P8QQ P4P5P9QQP2P8Q QP0PPP6P5P=P=PP3P P7P0P:PP=PP4P0QP5P;QQQP2P0 PP0PPP6P5P=P=PP3P QPQP7P0. PP PPP PPPP P!PPPPPP P PPPPP PPP/ PPPPPPPPPP#P P P2P=P5QP=P5Q P:PP=PPP8QP5QP:PP9 P4P5QQP5P;QP=PQQP8 (PP-P) PP0PPP6P5P=P=PP3P P!PQP7P0 (PP!), P2QQQP?P8P2QP0Q P2 QP8P;Q Q 01 QP=P2P0QQ 2010 P3PP4P0, P5P5 PQP=PP2P=QP5 PQP;P8QP8Q PQ PP PP-P P P$. PQPP1P5P=P=PQQP8 QP0PPP6P5P=P=P-QP0QP8QP=PP3P QP5P3QP;P8QPP2P0P=P8Q P=P0 QP5QQP8QPQP8P8 PP0PPP6P5P=P=PP3P QPQP7P0 Q 01 QP=P2P0QQ 2010 P3PP4P0 - PP4P8P=QP9 QP0PPP6P5P=P=QP9 QP0QP8Q PP0PPP6P5P=P=PP3P QPQP7P0. - PP0QP8QP=QP5 P?QP5QP5QP5P=QP8P8 P2 PQP=PQP5P=P8P8 QPP2P0QPP2, P2P2PP7P8PQQ P=P0 QP5QQP8QPQP8Q PP0PPP6P5P=P=PP3P QPQP7P0. - PP0QP8QP=QP5 P;QP3PQQ. - PP0QP8QP=QP5 P:P2PQQ. PPPPPP PPPPP PP$PPP P PPP#PPP PPPPPP P=P0 QP5QQP8QPQP8P8 PP0PPP6P5P=P=PP3P QPQP7P0 Q 01 QP=P2P0QQ 2010 P3PP4P0 - PPQQP4PP: P2P2P5P4P5P=P8Q P8 P?QP8PP5P=P5P=P8Q PP5Q, P7P0QQP0P3P8P2P0QQP8Q P2P=P5QP=QQ QPQP3PP2P;Q QPP2P0QP0PP8, P=P0 P5P4P8P=PP9 QP0PPP6P5P=P=PP9 QP5QQP8QPQP8P8 P2 PQP=PQP5P=P8P8 QQP5QQP8Q QQQP0P=. - PPP2P0QQ, P2
Re: format of i386/index.txt
On Wed, 17 Mar 2010 11:34:16 +0100 Jan Stary h...@stare.cz wrote: http://marc.info/?l=openbsd-miscm=126678113118214w=2 Has the format of ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/i386/index.txt changed again? It seems to be 'ls -l' now. Hi Jan, I think this is the second time I've seen you mention the format of the index.txt file... so it seems you're mistakenly trying to parse index.txt to get the file/path names of the stuff you need to download. (pardon me if my mind reading skills are slightly off) --- #!/bin/ksh ftp_host=ftp.openbsd.org basepath=pub/OpenBSD/snapshots arch=`uname -m` ftp -i -n EOF ftp.log open $ftp_host user anonymous none@ nlist $basepath/$arch ftp.files EOF # exclude floppy*.fs and *.iso for FNAME in `grep -v -e \.iso -e \.fs ftp.files | sed -e s:$basepath/$arch/::`; do if [[ -z $FLIST ]]; then FLIST=$FNAME; else FLIST=$FLIST FNAME fi done --- NOTE the for ... is wrapped, The result is $FLIST contains just a list of all the file names of the stuff on the ftp server in the given directory excluding the *.fs and *.iso files. The real magic in the above is in the nlist command of ftp, and you don't necessarily need to do it in a shell script. perl would work equally well. If my mind reading skills are off, and you're trying to check the time stamp of files on the ftp server, then check out the ftp modtime command, and point it at the SHA256 file (that should be there). In other words, the format of index.txt should not matter since there are better ways to get the information you want. jcr
ident message in /var/log/daemon
I get the following messages in /var/log/daemon Mar 17 07:41:29 b03ls15le inetd[29887]: ident/tcp: bind: Address already in use Mar 17 07:51:29 b03ls15le inetd[29887]: ident/tcp6: bind: Address already in use it is a -current a week or two old, i386 Should I care about this? What does it mean? OpenBSD 4.7-beta (GENERIC) #538: Thu Feb 25 16:05:09 MST 2010 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Celeron(R) CPU 2.66GHz (GenuineIntel 686-class) 2.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF, SSE3,MWAIT,DS-CPL,TM2,CNXT-ID,CX16,xTPR real mem = 519598080 (495MB) avail mem = 494772224 (471MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 11/28/06, BIOS32 rev. 0 @ 0xfad60, SMBIOS rev. 2.3 @ 0xf0100 (34 entries) bios0: vendor Award Software International, Inc. version F4 date 11/28/2006 bios0: Gigabyte Technology Co., Ltd. 8I865GME-775-RH acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC acpi0: wakeup devices HUB0(S4) USB0(S1) USB1(S1) USB2(S1) USB3(S1) USBE(S1) PCI0(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 133MHz ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 4, remapped to apid 2 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (HUB0) acpicpu0 at acpi0 acpitz0 at acpi0: critical temperature 75 degC acpibtn0 at acpi0: PWRB bios0: ROM list: 0xc/0xa400! pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82865G Host rev 0x02 vga1 at pci0 dev 2 function 0 Intel 82865G Video rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0xf000, size 0x800 inteldrm0 at vga1: apic 2 int 16 (irq 5) drm0 at inteldrm0 uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: apic 2 int 16 (irq 5) uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: apic 2 int 19 (irq 6) uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: apic 2 int 18 (irq 11) uhci3 at pci0 dev 29 function 3 Intel 82801EB/ER USB rev 0x02: apic 2 int 16 (irq 5) ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: apic 2 int 23 (irq 9) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb0 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xc2 pci1 at ppb0 bus 1 fxp0 at pci1 dev 8 function 0 Intel PRO/100 VE rev 0x02, i82562: apic 2 int 20 (irq 10), address 00:1a:4d:60:a0:01 inphy0 at fxp0 phy 1: i82562G 10/100 PHY, rev. 0 ichpcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02 pciide0 at pci0 dev 31 function 2 Intel 82801EB SATA rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configwd0 at pciide0 channel 0 drive 0: WDC WD800JD-00MSA1 wd0: 16-sector PIO, LBA48, 76318MB, 156299375 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6 ichiic0 at pci0 dev 31 function 3 Intel 82801EB/ER SMBus rev 0x02: apic 2 int 17 (irq 3) iic0 at ichiic0 spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM non-parity PC3200CL3.0 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 usb4 at uhci3: USB revision 1.0 uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 it0 at isa0 port 0x2e/2: IT8712F rev 8, EC port 0x290 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 mtrr: Pentium Pro MTRR support uhidev0 at uhub2 port 1 configuration 1 interface 0 Peppercon AG Multidevice rev 2.00/0.01 addr 2 uhidev0: iclass 3/1 ukbd0 at uhidev0: 8 modifier keys, 6 key codes wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 uhidev1 at uhub2 port 1 configuration 1 interface 1 Peppercon AG Multidevice rev 2.00/0.01 addr 2 uhidev1: iclass 3/1 ums0 at uhidev1: 3 buttons, Z dir wsmouse1 at ums0 mux 0 vscsi0 at root scsibus0 at vscsi0: 256 targets softraid0 at root root on wd0a swap on wd0b dump on wd0b wskbd1: disconnecting from wsdisplay0 wskbd1 detached ukbd0 detached uhidev0 detached wsmouse1 detached ums0 detached uhidev1 detached ured to compatibility -- A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a
Re: format of i386/index.txt
On Mar 17 05:16:32, J.C. Roberts wrote: On Wed, 17 Mar 2010 11:34:16 +0100 Jan Stary h...@stare.cz wrote: http://marc.info/?l=openbsd-miscm=126678113118214w=2 Has the format of ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/i386/index.txt changed again? It seems to be 'ls -l' now. Hi Jan, I think this is the second time I've seen you mention the format of the index.txt file... so it seems you're mistakenly trying to parse index.txt to get the file/path names of the stuff you need to download. (pardon me if my mind reading skills are slightly off) Indeed, that's what I've been using index.txt for. (Sorry for not enough mind writing.) Isn't that why index.txt is there? #!/bin/ksh ftp_host=ftp.openbsd.org basepath=pub/OpenBSD/snapshots arch=`uname -m` ftp -i -n EOF ftp.log open $ftp_host user anonymous none@ nlist $basepath/$arch ftp.files EOF # exclude floppy*.fs and *.iso for FNAME in `grep -v -e \.iso -e \.fs ftp.files | sed -e s:$basepath/$arch/::`; do if [[ -z $FLIST ]]; then FLIST=$FNAME; else FLIST=$FLIST FNAME fi done --- NOTE the for ... is wrapped, The result is $FLIST contains just a list of all the file names of the stuff on the ftp server in the given directory excluding the *.fs and *.iso files. Very similar to my script here, except I get my list from index.txt #!/bin/sh error() { echo $@ 2 } fatal() { error $@ exit 1 } usage() { error usage: ${0##*/} release destination [master] error as in: ${0##*/} '`uname -r` ~/WWW ftp://openbsd.ftp.fu-berlin.de' error as in: ${0##*/} snapshots /install ftp://ftp.openbsd.org error as in: ${0##*/} snapshots /install exit 1 } [ $# -ge 2 ] || usage DEST=$2/pub/OpenBSD/$1/`uname -m` mkdir -p $DEST || fatal cannot create $DEST cd $DEST || fatal cannot cd to $DEST SITE=${3:-ftp://ftp.openbsd.org} SITE=$SITE/pub/OpenBSD/$1/`uname -m` ftp -a -V $SITE/index.txt || fatal cannot fetch index.txt cat index.txt | sed s,^,$SITE/, | xargs ftp -a -k30 -V cksum -c SHA256 The real magic in the above is in the nlist command of ftp, and you don't necessarily need to do it in a shell script. perl would work equally well. (Aaargh, I use a shell script whenever I don't necessarily need to use perl, thank you.) If my mind reading skills are off, and you're trying to check the time stamp of files on the ftp server, then check out the ftp modtime command, and point it at the SHA256 file (that should be there). In other words, the format of index.txt should not matter since there are better ways to get the information you want. It's been a long time I have read ftp(1), and apparently I forgot about 'nlist' - thanks. Anyway, what really is the purpose of index.txt being there then? To tell the times and sizes? Jan
Re: bsd.mp and dual/quad core cpu
On Tue, Mar 16, 2010 at 10:36:25PM -0600, Ted Roby wrote: I believe OpenBSD supports up to 16 processors or cores? That is architecture dependant. it's 32 on i386 or amd64 (it is just a bit mask). 256 on sparc64 (for the niagra boxen). -0- -- You can measure a programmer's perspective by noting his attitude on the continuing viability of FORTRAN. -- Alan Perlis
Re: kde4 dead?
On Wed, Mar 17, 2010 at 02:18:21PM +0900, Jordi Beltran Creix wrote: 2010/3/16 Marc Espie es...@nerim.net: ... the C++ is crap, everything that matters should be written in C mentality. ... clang+LLVM is barely able of bootstrapping itself while already generating highly optimized code for C and Objective-C for a long time. If compiler-crafting C++ wizards have such a hard time getting it right, what chance is there for newcomers? Parsing C++ must be really difficult, but it doesn't stop idiots like me from making a living writing C++ code. If being capable of writing the front end to a compiler for a langauge were a prerequisite for programming in that language, then I wonder how many modules CPAN would have. Hmmm, I better not say that again. I can think of some people who would consider that a great gatekeeper for the profession: everyone has to write his or her own compiler for all the coding they do. -- Mike Small sma...@panix.com
anoncvs.nl.openbsd.org password ?
Hi, There's no maintainer listed for anoncvs.nl.openbsd.org, so perhaps someone can enlighten me as to the correct password to use for anoncvs access over ssh. I've tried anonymous, blank, anoncvs . nothing seems to work ?
Re: pfctl(8): unclear docs
* Toni Mueller openbsd-m...@oeko.net [2010-03-15 12:59]: Not using -R is not too good, either, as on this particular box, reloading everything results in a severance of all existing connections. I don't believe you. pfctl -f /etc/pf.conf doesn't do that. ok, shouldn't, but I don't see where that could break. A clarification in the docs is imho the way to go. no, we'll kill that bullshit, soon. it is just leftover pf must be ipf alike goo. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: pfctl(8): unclear docs
* Toni Mueller openbsd-m...@oeko.net [2010-03-15 10:52]: I've just run into the following problem on a 4.6 box: /etc/pf.conf (excerpt): table rfc1918 const { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 } block out on $extif from rfc1918 # /sbin/pfctl -F rules -R -f pf.conf rules cleared pfctl: Must enable table loading for optimizations # /sbin/pfctl -s r # Imho, this interaction should be documented in the man page. One needs to specify '-Tl', or else no rules will be loaded. -A, -O, -R are bullshit and I'll happily remove them. soon. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: questions about OpenBSD 4.7
* Andreas Gerdd kryptos...@gmail.com [2010-03-16 17:14]: -Why is the stock Apache not getting a version update? It is dozens times older than the current 1.3.42 one. I know that its a modified-by-openbsd one with bugfixes, and so. But such a huge version difference makes me think, there might be at least some performance, stability improvements. yes, there are massive improvents. in ours. not theirs. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: anoncvs.nl.openbsd.org password ?
On Wed, Mar 17, 2010 at 03:12:50PM +, a b wrote: Hi, There's no maintainer listed for anoncvs.nl.openbsd.org, so perhaps someone can enlighten me as to the correct password to use for anoncvs access over ssh. I've tried anonymous, blank, anoncvs . nothing seems to work calyx.nl (which was runing the cvs mirror) was taken over some time ago. I suppose they stopped runing te cvs mirror. I'll remove the entry from the list. -Otto
addendum: 4.7 causes different problem Re: spurious need to frag messages
Hi, On Mon, 15.03.2010 at 19:10:12 +0100, Toni Mueller openbsd-m...@oeko.net wrote: # pfctl -s a |grep mss # ifconfig|grep mtu|grep -v 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33152 enc0: flags=41UP,RUNNING mtu 1536 pflog0: flags=141UP,RUNNING,PROMISC mtu 33152 # And that's it... Sample message from tcpdump: 19:03:59.805030 1.2.3.4 5.6.7.8: icmp: 1.2.3.20 unreachable - need to frag (mtu 1420) for 5.6.7.8.80 1.2.3.20.59495: 2079874237 [|tcp] (DF) (ttl 243, id 22121, len 1500) (ttl 255, id 23060, len 56) I've rebooted the machine, and the problem went away. I don't know for how long, though. -- Kind regards, --Toni++
Re: format of i386/index.txt
On Wed, 17 Mar 2010 15:02:19 +0100 Jan Stary h...@stare.cz wrote: Anyway, what really is the purpose of index.txt being there then? To tell the times and sizes? To break scripts? ;) To put it bluntly, index.txt seems pointless, or more likely, there is some super double secret reason for it to still exist that I simply don't know... My only *GUESS* is, some mirrors are HTTP, but due to brainless accountants mindlessly running security auditing tools, they forbid real directory listings, and are configured to only return an existing /index.* file to the useragent. Hopefully, someone who actually has a clue (not me) will chime in with the real reason why index.txt exists. jcr
4.7: doesn't route IPSEC traffic very well
Hi, I've installed the latest snapshot, with kernel bsd.mp#488, on a machine that has several IPSEC connections to handle, some fixed (branch offices), some for road warriors. The setup per se runs well for several years, but after this upgrade, traffic to the branch offices stopped. I checked one of the branch office's firewalls, which runs a slightly older version of OpenBSD, that the encryped packets arrive on the WAN interface. So I conclude that the gateway, running the snapshot, pushes the packets out ok (I can observe these packets on the gateway's enc0 interface, too, so confidence is high). In the branch office's gateway, using 'netstat -rnf encap', I see all the entries that there used to be, but I see _NO_ packets on its enc0 interface. Ideas about how to debug these, are most welcome! Kind regards, --Toni++
Re: pfctl(8): unclear docs
Hi, On Wed, 17.03.2010 at 16:24:42 +0100, Henning Brauer lists-open...@bsws.de wrote: -A, -O, -R are bullshit and I'll happily remove them. soon. that's ok with me. I thought that changing the docs was the less-intrusive thing to do, and I have no experience with ipf, so that certainly wasn't on my mind. TIA! -- Kind regards, --Toni++
Re: 4.7: doesn't route IPSEC traffic very well
Darn, I should write better messages. So here goes an important addendum: On Wed, 17.03.2010 at 17:55:34 +0100, Toni Mueller openbsd-m...@oeko.net wrote: I've installed the latest snapshot, with kernel bsd.mp#488, on a machine that has several IPSEC connections to handle, some fixed (branch offices), some for road warriors. The setup per se runs well for several years, but after this upgrade, traffic to the branch offices stopped. I checked one of the branch office's firewalls, which runs a slightly older version of OpenBSD, that the encryped packets arrive on the WAN interface. So I conclude that the gateway, running the snapshot, pushes the packets out ok (I can observe these packets on the gateway's enc0 interface, too, so confidence is high). In the branch office's gateway, using 'netstat -rnf encap', I see all the entries that there used to be, but I see _NO_ packets on its enc0 interface. This was binary-upgrading an existing machine from 4.6-stable to -current, including 'sysmerge', and it is i386 (again). Traffic from and to road warriors is unaffected by the problem, only traffic to networks (with a netmask 32 - I can only test /16 so far). If you want me to test something, that can probably be arranged. -- Kind regards, --Toni++
Re: format of i386/index.txt
On Wed, Mar 17, 2010 at 9:44 AM, J.C. Roberts list-...@designtools.org wrote: On Wed, 17 Mar 2010 15:02:19 +0100 Jan Stary h...@stare.cz wrote: Anyway, what really is the purpose of index.txt being there then? To tell the times and sizes? To break scripts? ;) To put it bluntly, index.txt seems pointless, or more likely, there is some super double secret reason for it to still exist that I simply don't know... My only *GUESS* is, some mirrors are HTTP, but due to brainless accountants mindlessly running security auditing tools, they forbid real directory listings, and are configured to only return an existing /index.* file to the useragent. Hopefully, someone who actually has a clue (not me) will chime in with the real reason why index.txt exists. jcr Actually the installer uses it to make a list of file sets to present to the user. If it isn't there then no sets are presented. From src/distrib/miniroot/install.sub: # Get list of files from the server. if [[ $_url_type == ftp -z $ftp_proxy ]] ; then _file_list=$(ftp $FTPOPTS $_url_base/) ftp_error Login failed. $_file_list return ftp_error No such file or directory. $_file_list return else # Assumes index file is index.txt for http (or proxy) # We can't use index.html since the format is server-dependent _file_list=$(ftp $FTPOPTS -o - $_url_base/index.txt | \ sed -e 's/^.* //' | sed -e 's/ //') fi -N
Re: format of i386/index.txt
On Wed, 17 Mar 2010 09:44:50 -0700 J.C. Roberts list-...@designtools.org wrote: On Wed, 17 Mar 2010 15:02:19 +0100 Jan Stary h...@stare.cz wrote: Anyway, what really is the purpose of index.txt being there then? To tell the times and sizes? To break scripts? ;) To put it bluntly, index.txt seems pointless, or more likely, there is some super double secret reason for it to still exist that I simply don't know... My only *GUESS* is, some mirrors are HTTP, but due to brainless accountants mindlessly running security auditing tools, they forbid real directory listings, and are configured to only return an existing /index.* file to the useragent. Hopefully, someone who actually has a clue (not me) will chime in with the real reason why index.txt exists. jcr afaik you guessed right. It is used by install.sub to get a list of the files, because of funny http servers.
Re: 4.7: doesn't route IPSEC traffic very well
Toni Mueller wrote: Darn, I should write better messages. So here goes an important addendum: On Wed, 17.03.2010 at 17:55:34 +0100, Toni Mueller openbsd-m...@oeko.net wrote: I've installed the latest snapshot, with kernel bsd.mp#488, on a machine that has several IPSEC connections to handle, some fixed (branch offices), some for road warriors. The setup per se runs well for several years, but after this upgrade, traffic to the branch offices stopped. I checked one of the branch office's firewalls, which runs a slightly older version of OpenBSD, that the encryped packets arrive on the WAN interface. So I conclude that the gateway, running the snapshot, pushes the packets out ok (I can observe these packets on the gateway's enc0 interface, too, so confidence is high). In the branch office's gateway, using 'netstat -rnf encap', I see all the entries that there used to be, but I see _NO_ packets on its enc0 interface. This was binary-upgrading an existing machine from 4.6-stable to -current, including 'sysmerge', and it is i386 (again). Traffic from and to road warriors is unaffected by the problem, only traffic to networks (with a netmask 32 - I can only test /16 so far). If you want me to test something, that can probably be arranged. Could the following be your issue 2010/01/10 - IPsec/HMAC-SHA2 incompatible change Two bugs in IPsec/HMAC-SHA2 were fixed, resulting in an incompatibility with the HMAC-SHA-256/384/512 hash algorithms with previous versions of OpenBSD and other IPsec implementations sharing the bugs. In particular the default authentication algorithm HMAC-SHA-256 is affected. Upgrade both sides together, or switch to another authentication algorithm during the transition. The per-packet overhead has increased; if you are clamping the MSS to exact values (i.e. without slack), this will need to be recalculated. -- Vijay Sankar, M.Eng., P.Eng. ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6 Phone: (204) 885-9535, E-Mail: vsan...@foretell.ca
Re: anoncvs.nl.openbsd.org password ?
Sounds good to me. Thanks Otto ! - Original Message From: Otto Moerbeek o...@drijf.net To: a b obsdmisc...@yahoo.co.uk Cc: misc@openbsd.org Sent: Wed, 17 March, 2010 16:06:09 Subject: Re: anoncvs.nl.openbsd.org password ? On Wed, Mar 17, 2010 at 03:12:50PM +, a b wrote: Hi, There's no maintainer listed for anoncvs.nl.openbsd.org, so perhaps someone can enlighten me as to the correct password to use for anoncvs access over ssh. I've tried anonymous, blank, anoncvs . nothing seems to work calyx.nl (which was runing the cvs mirror) was taken over some time ago. I suppose they stopped runing te cvs mirror. I'll remove the entry from the list. -Otto
Re: format of i386/index.txt
On Mar 17 10:14:36, Nick Bender wrote: On Wed, Mar 17, 2010 at 9:44 AM, J.C. Roberts list-...@designtools.org wrote: On Wed, 17 Mar 2010 15:02:19 +0100 Jan Stary h...@stare.cz wrote: Anyway, what really is the purpose of index.txt being there then? To tell the times and sizes? To break scripts? ;) To put it bluntly, index.txt seems pointless, or more likely, there is some super double secret reason for it to still exist that I simply don't know... My only *GUESS* is, some mirrors are HTTP, but due to brainless accountants mindlessly running security auditing tools, they forbid real directory listings, and are configured to only return an existing /index.* file to the useragent. Hopefully, someone who actually has a clue (not me) will chime in with the real reason why index.txt exists. jcr Actually the installer uses it to make a list of file sets to present to the user. If it isn't there then no sets are presented. From src/distrib/miniroot/install.sub: # Get list of files from the server. if [[ $_url_type == ftp -z $ftp_proxy ]] ; then _file_list=$(ftp $FTPOPTS $_url_base/) ftp_error Login failed. $_file_list return ftp_error No such file or directory. $_file_list return else # Assumes index file is index.txt for http (or proxy) # We can't use index.html since the format is server-dependent _file_list=$(ftp $FTPOPTS -o - $_url_base/index.txt | \ sed -e 's/^.* //' | sed -e 's/ //') fi In fact, the above just gets the content of index.txt and applies the 's/^.* //' smartness, thus eliminating exactly the difference between 'ls' and 'ls -l'. The installer does further work with this list: # Initialize _sets to the list of sets found in _src, and initialize # _get_sets to the intersection of _sets and DEFAULTSETS. (Indeed, I have never seen the installer present me with 'install.iso' or 'index.txt', which _are_ listed in index.txt too.) It still looks like index.txt is just a list of files that are there. Is there any reason to have this information in the 'ls' or 'ls -l' specifically? (It has changed back and forth in the last month.)
help with pf redirection (openbsd 4.6)
Help! I'm obviously overlooking something really obvious but I just can't see it. I'm building my first PF-based router/firewall using OpenBSD 4.6. For now, what I need it to do is pretty simple: 1. Allow all outbound traffic via NAT and allow all inbound responses. 2. Allow only ssh and auth to the external interface. 3. Redirect to ports (2000 4200) to two different hosts on the internal net. I've created a minimal pf.conf file that I thought would accomplish this. Goals 1 2 are working fine (I can connect outbound from hosts on the internal net and I can connect to the firewall inbound via ssh) but the redirections are not going anywhere. I don't know what to do next other than enable logging, fire up tcpdump and try to see what is actually happening. But I thought I'd ask first if anybody more familiar with pf can see something fundamentally flawed with my config. Here is the pf.conf (slightly edited to obscure the actual IPs) # pf.conf: agilulf.det2.gw00 # # MACROS # # interfaces ifExt = fxp0# 66.b.c.118 ifInt = fxp1# 192.x.y.2 # OPTIONS # set block-policy return set loginterface $ifExt set skip on lo # NAT Redirection # nat on $ifExt from !$ifExt - $ifExt:0 rdr pass on $ifExt proto tcp from any to any port 4200 - 192.x.y.40 port 4200 rdr pass on $ifExt proto tcp from any to any port 2000 - 192.x.y.21 port 2000 # # FILTER RULES # block in pass out keep state # internal clients pass in quick on $ifInt # external pass in inet proto icmp all icmp-type echoreq pass in on $ifExt inet proto tcp from any to $ifExt port { ssh, auth } ###EoF### And here is the result of loading pf.conf # pfctl -vf /etc/pf.conf ifExt = fxp0 ifInt = fxp1 set block-policy return set loginterface fxp0 set skip on { lo } nat on fxp0 inet from ! 66.b.c.118 to any - 66.b.c.118 rdr pass on fxp0 inet proto tcp from any to any port = 4200 - 192.x.y.40 port 4200 rdr pass on fxp0 inet proto tcp from any to any port = 2000 - 192.x.y.21 port 2000 block return in all pass out all flags S/SA keep state pass in quick on fxp1 all flags S/SA keep state pass in on fxp0 inet proto tcp from any to 66.b.c.118 port = ssh flags S/SA keep state pass in on fxp0 inet proto tcp from any to 66.b.c.118 port = auth flags S/SA keep state pass in inet proto icmp all icmp-type echoreq keep state # From the firewall box, I can ping and traceroute successfully to the two destination hosts for the redirections and I can connect to the destination ports of the redirections. I just can't make the redirected connections via the external interface of the firewall. Any help would be greatly appreciated.
Re: 4.7: doesn't route IPSEC traffic very well
* Toni Mueller openbsd-m...@oeko.net [2010-03-17 18:02]: Ideas about how to debug these, are most welcome! you forgot to read the release notes. ok, they don't exist yet. so it is current.html instead. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: 4.7: doesn't route IPSEC traffic very well
Try s/hmac-sha2-256/hmac-sha1/ until you have updated all your firewalls. Also try seeing http://www.openbsd.org/faq/current.html#20100110 .. Penned by Toni Mueller on 20100317 17:55.34, we have: | Hi, | | I've installed the latest snapshot, with kernel bsd.mp#488, on a | machine that has several IPSEC connections to handle, some fixed | (branch offices), some for road warriors. The setup per se runs well | for several years, but after this upgrade, traffic to the branch | offices stopped. I checked one of the branch office's firewalls, which | runs a slightly older version of OpenBSD, that the encryped packets | arrive on the WAN interface. So I conclude that the gateway, running | the snapshot, pushes the packets out ok (I can observe these packets on | the gateway's enc0 interface, too, so confidence is high). In the | branch office's gateway, using 'netstat -rnf encap', I see all the | entries that there used to be, but I see _NO_ packets on its enc0 | interface. | | Ideas about how to debug these, are most welcome! | | | Kind regards, | --Toni++ -- Todd Fries .. t...@fries.net _ | \ 1.636.410.0632 (voice) | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice) | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | 2525 NW Expy #525, Oklahoma City, OK 73112 \ sip:freedae...@ekiga.net | ..in support of free software solutions. \ sip:4052279...@ekiga.net \\ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt
Re: format of i386/index.txt
On 2010-03-17, Jan Stary h...@stare.cz wrote: (It has changed back and forth in the last month.) I tried using index.txt files for timestamps to monitor the latency of mirror updates, but had problems with some of them flipping between formats; I have a suspicion that some site or other regenerates index.txt files but I haven't been able to track it down yet...
Relayd
Hello, I know this is the OpenBSD mailing list, but I'm having an issue with relayd on FreeBSD and was just hoping to get some direction. I'm currently using relayd as a load balancer, and it's working fine. Now I'm trying to add ssl accelration, and that's where I'm having an issue. I can get relayd to run, and as the _relayd user I can use the random number generator, but when I try to make an ssl connection to the load balancer I get the following error: SSL library error: httpproxy: relay_ssl_accept: error:140B512D:SSL routines:SSL_GET_NEW_SESSION:ssl session id callback failed relay httpproxy, session 1 (1 active), 0, 192.168.103.80 - :80, SSL accept error This bug has been reported to FreeBSD, but no action has been taken on it in over a year. I'm wondering if anyone in the OpenBSD community has any insight? Thanks, Glenn
Re: format of i386/index.txt
On Wed, Mar 17, 2010 at 10:55 PM, Stuart Henderson s...@spacehopper.org wrote: On 2010-03-17, Jan Stary h...@stare.cz wrote: (It has changed back and forth in the last month.) I tried using index.txt files for timestamps to monitor the latency of mirror updates, but had problems with some of them flipping between formats; I have a suspicion that some site or other regenerates index.txt files but I haven't been able to track it down yet... That's why i used the timestamp method (mdtm) in Net::FTP for http://gruiik.info/up2date.html.. instead of parsing unknown-formatted files :) Landry
round-robin sticky-address Issues
In doing round-robin on two egress connections on 4.6, I am expecting all outgoing connections from a single IP to be redirected to the same redirection address, but this is not what's happening. In the details below, LAN client 172.16.0.101 is being redirected out both redirection addresses--with four established TCP states to one redirection address and one established TCP state to the other, which I thought was not possible with sticky-address. Relevant pf.conf snippets: pass in log on vr0 route-to { (vr1 72.x.y.z), (vr2 192.168.1.254) } round-robin sticky-address inet from any to ! 172.16.0.1 flags S/SA keep state pass in log on vr0 route-to { (vr1 72.x.y.z), (vr2 192.168.1.254) } round-robin sticky-address inet proto tcp from any to ! 172.16.0.1 port = ssh flags S/SA keep state tag interac ... pass out log on vr2 all flags S/SA keep state queue vr2_interac tagged interac pass out log on vr2 route-to (vr1 72.x.y.z) inet from 72.x.y.z to any flags S/SA keep state pass out log on vr1 all flags S/SA keep state queue vr1_interac tagged interac pass out log on vr1 route-to (vr2 192.168.1.254) inet from 192.168.1.65 to any flags S/SA keep state # pfctl -s states | grep ESTABLISHED all tcp 76.x.y.z:5050 - 172.16.0.101:55367 ESTABLISHED:ESTABLISHED all tcp 72.x.y.z:55812 (172.16.0.101:55367) - 76.x.y.z:5050 ESTABLISHED:ESTABLISHED all tcp 68.x.y.z:443 - 172.16.0.101:55372 ESTABLISHED:ESTABLISHED all tcp 72.x.y.z:53949 (172.16.0.101:55372) - 68.x.y.z:443 ESTABLISHED:ESTABLISHED all tcp 208.x.y.z:80 - 172.16.0.101:58751 ESTABLISHED:ESTABLISHED all tcp 72.x.y.z:54337 (172.16.0.101:58751) - 208.x.y.z:80 ESTABLISHED:ESTABLISHED all tcp 216.x.y.z:80 - 172.16.0.101:55699 ESTABLISHED:ESTABLISHED all tcp 192.168.1.65:55021 (172.16.0.101:55699) - 216.x.y.z:80 ESTABLISHED:ESTABLISHED all tcp 74.x.y.z:80 - 172.16.0.101:59518 ESTABLISHED:ESTABLISHED all tcp 192.168.1.65:53237 (172.16.0.101:59518) - 74.x.y.z:80 ESTABLISHED:ESTABLISHED # pfctl -s Sources 172.16.0.101 - 72.x.y.z ( states 2, connections 1, rate 0.0/0s ) 172.16.0.101 - 72.x.y.z ( states 2, connections 2, rate 0.0/0s ) 172.16.0.101 - 192.168.1.254 ( states 1, connections 1, rate 0.0/0s ) I would appreciate it if someone would clue me in to what I'm missing/how to troubleshoot/fix this. Thank you.
Re: kde4 dead?
On Wed, Mar 17, 2010 at 10:42:26AM -0400, Mike Small wrote: I can think of some people who would consider that a great gatekeeper for the profession: everyone has to write his or her own compiler for all the coding they do. With enough time on my hands, sure, why not ? But that's a main issue: I still need to have a day job to earn a living. Sponsor me to play with OpenBSD fulltime, and I might do wonderous things... ;)
Re: Relayd
On 2010-03-17, Glenn Beadle gl...@experts-exchange.com wrote: I know this is the OpenBSD mailing list, but I'm having an issue with relayd on FreeBSD and was just hoping to get some direction. the version in FreeBSD ports dates from December 2007, there have been many bug fixes and other improvements to relayd since then. imho if you're running relayd, especially with SSL, you really want to be tracking fairly -current code, which at this point means that the rest of the OS has to be later than the last big PF changes (i.e. -current not 4.6; at this point -current is well on the way towards becoming 4.7).
pf route-to and ifstated
Hello, I have this PF firewall with two ISPs connected to it and an internal network. This firewall is balancing the traffic through both ISPs, and it works great. Now I'm up to the task of making this firewall react when an ISP goes down and reroute all traffic to the other one. Both ISPs are unable to provide OSPF, BGP or RIP so those are out of question and a multi-path route would only react if my ethernet link goes down which is not really an indication of anything so I decided to go with ifstated. The rules that do the balancing magic are the following: pass in on $lan_if route-to {($ext1_if $ext1_gw),($ext2_if $ext2_gw)} \ round-robin inet proto tcp from $lan_net to any \ port $lan2net_tcp_services flags S/SA modulate state pass in on $lan_if route-to {($ext1_if $ext1_gw),($ext2_if $ext2_gw)} \ round-robin inet proto udp from $lan_net to any \ port $lan2net_udp_services pass in on $lan_if route-to {($ext1_if $ext1_gw),($ext2_if $ext2_gw)} \ round-robin inet proto icmp from $lan_net to any \ icmp-type $lan2net_icmp_services After asking around on irc and checking this maling list and other sources on the web, the only way I could come up to do it was to get this rules and put them inside an Anchor and make ifstated load different files for the different states of my interfaces and ping checks, this works but is ugly and doesn't scale well when adding more ISPs. But then I found this piece of documentation which gave me hope, from man pf.conf: Tables can also be used for the redirect address of nat and rdr rules and in the routing options of filter rules, but only for round-robin pools. Even if the man says this, it won't let me do the following: table gateways { 192.0.2.1, 192.0.2.10 } pass in on $lan_if route-to (gateways) round-robin from $lan_net to any Because according to the BNF syntax on the same man page it does requires the interface name. It's very powerful that we can specify the interface through which we want to route our packets, but would also be very nice if pf was capable of determining the interface by itself just by having the next-hop address. If this was possible, redirecting the traffic would be as simple as adding/deleting values from that table. I'm using 4.5 right now and I'm almost certain that all this is not possible and even though I read the changes for 4.6 and did not see anything like this, I wanted to ask if anyone knew this was possible in 4.6?. If not, maybe for 4.7? :P Thanks a lot for the great software and all the hard work.
Re: Relayd
I know this is the OpenBSD mailing list, but I'm having an issue with relayd on FreeBSD and was just hoping to get some direction. Sorry.
Re: How to make FTP work from the firewall system?
From the FAQ, read: http://www.openbsd.org/faq/pf/ftp.html Regards, Dani El 16/03/2010 4:49, Dave Anderson escribis: I'm configuring a notebook which will use PF to protect itself from the environments in which I use it, and would like to have FTP 'just work' on it -- whether it's from an explicit FTP command, from a browser, or embedded in some other program or script. Unfortunatly there doesn't seem to be any really good way to do this when a system is its own firewall; the best tool I've found so far is 'ftpsesame', which acknowledges a couple of significant problems (there's no guarantee that the PF rules changes it makes will happen in time, and inspecting packets 'on the fly' without a full TCP stack is errorprone). I'd expect this to be a rather common desire; is there a good solution that I've missed? Suggestions are very welcome. I do notice that 4.7 has a new divert-to-userland ability that looks like it could be used to solve this problem properly, by intercepting outbound and inbound control-connection packets on the egress interface. If I read the documentation correctly, ftp-proxy has not (yet) been updated to work this way; is anyone known to be planning to do this? Thanks, Dave
Re: Configuring openSBD like nat32
On Tue, 9 Mar 2010 13:49:20 +0530 Siju George sgeorge...@gmail.com wrote: Hi, How do I configure OpenBSD PF to be like Nat32 ( http://nat32.com/ ) The Idea is it has two internet connections and the second one should pick up if the first goes down and when the first one comes up it shoudl be the default route again. Thanks --Siju Hm. I looked at this nat32 and it looks relatively easy to do that sort of thing with obsd using the kind of hooks I describe in Message-Id: 20080806141429.01f689d4.campb...@neotext.ca Subject: Re: PF and DHCP hakz ... The basic idea in this hack was to allow the assignment of multiple external dhcp routes based on internal address (ip|port) using pf and dhclient-script. Since you can use this technique to map ports as well as address ranges to different external dhcp routes you can map services from internal networks to a pool of eternal links that you test/maintain with ifstated. Putting together all those picklists and radios and such might be a bit of a bear tho'. Dhu
Re: format of i386/index.txt
On Mar 17 21:55:33, Stuart Henderson wrote: On 2010-03-17, Jan Stary h...@stare.cz wrote: (It has changed back and forth in the last month.) I tried using index.txt files for timestamps to monitor the latency of mirror updates, but had problems with some of them flipping between formats; I have a suspicion that some site or other regenerates index.txt files but I haven't been able to track it down yet... I suspected a delayed mirror first, but this is actually ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/i386/index.txt And it's back to 'ls' right now. Huh.