Project Management seminars in Beirut-Lebanon

[CMCCO]

LIST OF OUR SERVICES:


Dear Sir/Madam,
Our company Construction Management Consultant is organizing the following
Project Management seminars in Beirut-Lebanon:




Upcoming Seminars in Lebanon

Description Start Date End Date
May, 2010
Project Feasibility Study11/5/201013/5/2010
Professional Project Management (PMP certification preparation)
18/5/201020/5/2010
Project Maintenance Management Systems25/5/201027/5/2010
June, 2010
Site Construction Management1/6/20103/6/2010
Risk Management8/6/201010/6/2010
Professional Quality control Program15/6/201017/6/2010
Professional Design Management  Review22/6/201024/6/2010
Management of Design  Build Contracts29/6/20101/7/2010
July, 2010
Project Communication Management6/7/20108/7/2010
Design Protection with Fire Code NFPA Implementation13/7/201015/7/2010
Water and Energy Management20/7/201022/7/2010
Total Quality Management for Engineering27/7/201029/7/2010
August, 2010
Senior Quantity Surveying Techniques3/8/20105/8/2010
Real Estate Investment, Development, Purchasing Contract   Leasing
Analysis10/8/201012/8/2010
Professional management of Projects Planning  Primavera (6)
App17/8/201019/8/2010
FIDIC Conditions of Contract  Claims Management 24/8/201026/8/2010
Professional Procurement Management 31/8/20102/9/2010
September, 2010
Project Estimation  Cost Control  Access Applications7/9/20109/9/2010
Construction Contracts  Contracting Management14/9/201016/9/2010
Value Engineering Analysis and Reports Presentation21/9/201023/9/2010
Project Manager Skills28/9/201030/9/2010
October, 2010
Essentials of Occupational Safety and Health Program5/10/20107/10/2010
Extension of Time Claims  Disputes Resolution12/10/201014/10/2010


Terms of Registration  Other Conditions
For registration please contact us to send you application form to be filled,
signed and send back (Fax or mail) including payment terms.

Deadline for registration is a week in advance.

If you are not interested receiving further Newsletters click here to remove
Beirut Head Office: Tell: 00961-1-736171  Tel/Fax: 00961-1-744049Cell:
00961-3-644526

Jeddah Branch Office:  Tel/Fax: 00966 2 6752644Mobile: 00966-560055588

E-mail: i...@cmcco.com Webpage: www.cmcco.com

Project Management Consultation
Procedures Development Consultation
Quality Management Consultation
Risk  Management Consultation
Design Management Consultation
Value  Engineering Consultation

Environmental Management Consultation

TrainingServices

Re: Relayd on localhost with multiple SSL Certificates

[Jens Teglhus Møller]

On Wed, May 12, 2010 04:46, Daniel Ouellet wrote:
 On 5/11/10 8:05 PM, Keith wrote:
 Hi. is it possible to get multiple http relayd relays listening on
 localhost each with a different port # and each with a different ssl
 certificate ?

 SSL certificate are host name bound, not port bound isn't it?

 So, I would say no, but I could be wrong.



Well that would actually be the reason it could work. Multiple dns names
mapped to the same ip address and configured on separate ports and a given
certificate (virtual host) bound to a given port.

But whether this will work with relayd i dont know, but i believe it would
work fine with apache.

/jtm

Re: OpenBSD does not detect connection ( no carrier ) to ASMI52 Leased Line modem

[Stuart Henderson]

On 2010-05-12, Siju George sgeorge...@gmail.com wrote:
 On Tue, May 11, 2010 at 3:21 PM, Stuart Henderson s...@spacehopper.org 
 wrote:
 Did you 'ifconfig iface up'? Some NICs show link before this is
 done, others do not.



 Ok :-)

 # ifconfig rl2 up
 # ifconfig rl2
 rl2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
 lladdr 00:0b:5d:4c:5b:30
 priority: 0
 media: Ethernet autoselect (none)
 status: no carrier
 inet6 fe80::2e0:4dff:fe06:2b68%rl2 prefixlen 64 scopeid 0x3
 inet 132.181.20.26 netmask 0xfffc broadcast 132.181.20.27

 does not seem to work :-(

 Thanks for the reply Stuart :-)

 --Siju



Are you able to try any different types of NIC? (either a newer realtek
card using the re(4) driver, or something like fxp, de, sk, bge, em).

Alternatively, connecting the modem via a switch might work.

Re: Serious problems with current since end of april, related to scsi controllers (Adaptec/LSILogic)

[Landry Breuil]

On Tue, May 11, 2010 at 5:30 PM, Ulrich Kahl ulrich.k...@cityweb.de wrote:
 Hi!

 Since end of april, sorry I don't have a more precise date, one of my
 systems has serious problems.
 It can't boot sucessfully with a Adaptec controller anymore, the first
 sign is that it can't find one library, e.g. libc or libz, and later
 the hard disks transfer rate can't established and the system freezes. See
 the first dmesg.

 After switching the controller to a LSILogic one, the system boots
 correctly, but (presumly) under higher disk io load the system panics,
 syncing my local cvs repository with cvsync in this case. See second
 dmesg and trace output.

 Does someone else encounter similar problems?

With the LSILogic using mpi(4), be sure to really run current, r 1.143
of dev/ic/mpi.c was causing this problem and has been backed out some
days ago.
No idea for the adapted problem though.

Landry

Re: Relayd on localhost with multiple SSL Certificates

[Keith]

I've been following the tutorials from https://https://calomel.org

I am using a modified version of their pf.conf that can be found at 
https://calomel.org/pf_config.html  and the relayd tutorial that can be 
found at https://calomel.org/relayd.html


The following is an extract from their pf tutorial page   As an 
added layer of security all services will be running on localhost and 
only those clients negotiating the redirect rules (rdr) will be able to 
connect. The ideology is if the firewall is off or disabled in some way 
then the services on the firewall are not available to anyone.


Were doing the above and have relayd listening in 127.0.0.1 port 8080 
and have pf rdr rules redirecting https traffic to 127.0.0.1:8080 and 
the certificate that the https relay is using is called 127.0.0.1.crt
This works fine but what if we want to host another ssl certificate ? I 
can add another IP address to the firewall and put a rdr rules in to pf 
and can put another relay in to relayd.conf but what name does the 
certificate get now ?  This is where I am stuck..


Keith


On 12/05/2010 01:05, Keith wrote:
Hi. is it possible to get multiple http relayd relays listening on 
localhost each with a different port # and each with a different ssl 
certificate ?


I've followed a tutorial I found on the net about setting up a 
firewall up so that no services we bound to any network interfaces and 
then using pf rdr's to pass say https traffic to localhost where you 
have relayd listening and let it do the ssl decryption. So if pf 
failed for some reason then there would be no services available for 
anyone to connect to !


I've got this setup working for http and a single https certificate 
just now and it seems to be working fine but I need to be able to host 
multiple SSL Certificates. If seems that the certificate appears to 
need to be named after the IP  that it's listening on and this is 
going to cause issues as there's only one 127.0.0.1 I think.


Our current setup consists of a pair of firewalls running openbsd, 
carp, pf and relayd. Currently the carp interface has just one IP but 
we will assign others to as we free up the other IP addresses in our 
range.


I guess it's not the best idea to do the ssl offloading on the 
firewall so in the future when another  server becomes available I 
will probably want it to do the SSL decryption. I guess if we do that 
we could just get the new server a number of IP addresses and let 
relayd listed on each of them with the SSL certs named after each IP.  
(If that makes sense)


Could anyone give me some advice plz ?

Thanks
Keith

Re: pf change in upgrade47.html

[Rod Whitworth]

On Mon, 10 May 2010 15:23:45 +0059, Jason McIntyre wrote:

On Mon, May 10, 2010 at 03:08:19PM +1000, Rod Whitworth wrote:
 
 Then come back and tell me why ALL the examples start with match ?
 (i.e. NAT in man pf.conf for 4.7)
 

maybe the idea was that it's simpler to write pass/block rules for your
traffic, then just match the nat stuff. i don;t know.

And neither does anyone else who hangs out here, it seems.


 
 jmc said that we don't need a collection of pf.conf examples. Maybe
 not, but in the past there was a skeleton that worked if you
 uncommented the features you needed and did some minor editing in the
 macros.
 

that is not quite correct (i hope). i meant that the stuff that was
previously in /usr/share/examples was useless, so it was removed. there
are other, better places, like the faq.

Guess why Nick was in the address list?

No sign that he knows any more than I do.
He's trying to find out what is the best way to make NAT work too, I
suppose.


 Have a look at 4.7's default. Not a mention of NAT anywhere. The
 commonest function required by a raw beginner doesn't show up but all
 the spamd and ftp-proxy stuff does (and that's fine), but no NAT.
 Crazy!
 

the best way to change something you don;t agree with is to submit a
diff.
It's awfully hard to write a diff when the info one needs to do it
correctly is not forthcoming.

I guess that nobody who writes the existing hints (man page etc) is
short of global IPs..

:{((



*** NOTE *** Please DO NOT CC me. I am subscribed to the list.
Mail to the sender address that does not originate at the list server is 
tarpitted. The reply-to: address is provided for those who feel compelled to 
reply off list. Thankyou.

Rod/
---
This life is not the real thing.
It is not even in Beta.
If it was, then OpenBSD would already have a man page for it.

Re: Relayd on localhost with multiple SSL Certificates

[Scott McEachern]

On 05/12/10 04:53, Keith wrote:
Were doing the above and have relayd listening in 127.0.0.1 port 8080 
and have pf rdr rules redirecting https traffic to 127.0.0.1:8080 and 
the certificate that the https relay is using is called 127.0.0.1.crt
This works fine but what if we want to host another ssl certificate ? 
I can add another IP address to the firewall and put a rdr rules in to 
pf and can put another relay in to relayd.conf but what name does the 
certificate get now ?  This is where I am stuck..





I think you might be looking for something like this:

[ fw0:/etc ]
# cat hostname.lo0
inet alias 127.0.0.10 255.255.255.0
inet alias 127.0.0.11 255.255.255.0
inet alias 127.0.0.12 255.255.255.0
inet alias 127.0.0.13 255.255.255.0
inet alias 127.0.0.14 255.255.255.0
[ fw0:/etc ]
# ls -l /etc/ssl/127*
-rw-r--r--  1 root  wheel  928 Mar  8 03:12 /etc/ssl/127.0.0.10.crt
-rw-r--r--  1 root  wheel  940 Mar  8 03:12 /etc/ssl/127.0.0.11.crt
-rw-r--r--  1 root  wheel  940 Mar  8 03:12 /etc/ssl/127.0.0.12.crt
-rw-r--r--  1 root  wheel  936 Mar  8 03:12 /etc/ssl/127.0.0.13.crt
-rw-r--r--  1 root  wheel  936 Mar  8 03:12 /etc/ssl/127.0.0.14.crt

Tweak to your needs, of course.

--
- RSM
www.erratic.ca

Individuals/Organisation Required for Business Partnership

[Techen Ind China]

Techen Ind. Co. Ltd.and is a New and Smale Scale Company With Intent in 
Business Partnership for our North American office



We Seek Individuals/Organization to Offer Offshore Logistics/Financial 
Accounting



North American Agent will Receive and Process funds on our Behalf Through T/T 
Wire,Swift Bank Transfers,International Bankers Checks from Our Clients



Please do forward To my Email Contacts Names and Phone No. for a Quicker 
response and More discussions.



Xi ling (0perations Manager)

Techen Ind Co, China,

3 Sec.2 Chung-Cheng E. Rd.

R.O.C

Multiple dhclients and next hops towards a single ISP, yet a single dhcp-server-identifier

[Teemu Rinta-aho]

Hi all,

I have an OpenBSD machine as a router/firewall. It has 4 ethernet interfaces:
re0, em0, em1 and em2. All emX -interfaces are connected to the same
ADSL box, re0 connects to my home network switch.

My subscription allows me to have 5 public IP addresses, so
this way I can fetch 3 of them. 2 of the IPs are binat'ed to two different
hosts in my home network, and the third one is a regular nat for the rest
of the nodes. Once I got it up and running (with some minor patches
to dhclient-script and rc), I faced a new problem with dhclient
for which I can't find information from man pages or Google. Before
getting to source code I decided to spam you.

All interfaces em0, em1 and em2 get a different next hop. I use
mpath routing with three default routes, one to each interface. The
problem seems to be that the next hop on one of the interfaces (em1)
is also used as the dhcp-server-identifier by my ISP for all the
three leases (em0, em1, em2). Therefore, also the dhclients on em0
and em2 try to send DHCP renews to that address. But it seems to
get routed to em1:

May 12 11:25:08 fw dhclient[1864]: DHCPREQUEST on em2 to 88.192.128.1 port 67
May 12 11:25:08 fw dhclient[1864]: send_packet: No route to host
May 12 11:25:20 fw dhclient[13007]: DHCPREQUEST on em1 to 88.192.128.1 port
67
May 12 11:25:20 fw dhclient[13007]: DHCPACK from 88.192.128.1
(00:0b:45:b6:ef:c0)
May 12 11:25:20 fw dhclient[13007]: bound to 88.192.133.155 -- renewal in 5180
seconds.

I wonder why dhclient looks up the routing table instead of preferring
the interface its sitting on. Can this be somehow changed (without patching
code)? I know this DHCP server is reachable via any of the three interfaces.
Maybe I could manually (i.e. in dhclient-script) add mpath routes to this
DHCP server's address for each interface?

BR,
Teemu Rinta-aho

mount problem with recent (apr 27) sparc64 snapshot

[Markus Lude]

Hello,
after upgrading to the latest snapshot for sparc64 from april 27th I'm
no longer able to mount /dev/wd0i, /dev/wd0j and /dev/wd0k. I get:

  mount_ffs: /dev/wd0j on /var/www: Device not configured

Does anyone have any hint what is going wrong here? Was the some
additional restriction introduced lately on the number of partitions (8
instead of 16)?

Regards,
Markus

Re: pf change in upgrade47.html

[Robert]

On Wed, 12 May 2010 19:35:14 +1000
Rod Whitworth glis...@witworx.com wrote:

 On Mon, 10 May 2010 15:23:45 +0059, Jason McIntyre wrote:
 
 On Mon, May 10, 2010 at 03:08:19PM +1000, Rod Whitworth wrote:
  
  Then come back and tell me why ALL the examples start with
  match ? (i.e. NAT in man pf.conf for 4.7)
  
 
 maybe the idea was that it's simpler to write pass/block rules for
 your traffic, then just match the nat stuff. i don;t know.
 
 And neither does anyone else who hangs out here, it seems.

?
http://www.openbsd.org/faq/current.html#20090901
http://marc.info/?l=openbsd-miscm=125181847818600w=2

Re: pf change in upgrade47.html

[Rod Whitworth]

On Wed, 12 May 2010 13:05:15 +0200, Robert wrote:

On Wed, 12 May 2010 19:35:14 +1000
Rod Whitworth glis...@witworx.com wrote:

 On Mon, 10 May 2010 15:23:45 +0059, Jason McIntyre wrote:
 
 On Mon, May 10, 2010 at 03:08:19PM +1000, Rod Whitworth wrote:
  
  Then come back and tell me why ALL the examples start with
  match ? (i.e. NAT in man pf.conf for 4.7)
  
 
 maybe the idea was that it's simpler to write pass/block rules for
 your traffic, then just match the nat stuff. i don;t know.
 
 And neither does anyone else who hangs out here, it seems.

?
http://www.openbsd.org/faq/current.html#20090901
http://marc.info/?l=openbsd-miscm=125181847818600w=2


Have you actually written and tested a ruleset using either of those
documents?
If so please show us.

Particularly seeing I referenced both of those in my original post as
not being helpful and I've been trying to get somebody - anybody - to
write a minimal NAT ruleset and show me.
*** NOTE *** Please DO NOT CC me. I am subscribed to the list.
Mail to the sender address that does not originate at the list server is 
tarpitted. The reply-to: address is provided for those who feel compelled to 
reply off list. Thankyou.

Rod/
---
This life is not the real thing.
It is not even in Beta.
If it was, then OpenBSD would already have a man page for it.

[SOLVED] mount problem with recent (apr 27) sparc64 snapshot

[Markus Lude]

On Wed, May 12, 2010 at 11:55:10AM +0200, Markus Lude wrote:
 Hello,
 after upgrading to the latest snapshot for sparc64 from april 27th I'm
 no longer able to mount /dev/wd0i, /dev/wd0j and /dev/wd0k. I get:
 
   mount_ffs: /dev/wd0j on /var/www: Device not configured
 
 Does anyone have any hint what is going wrong here? Was the some
 additional restriction introduced lately on the number of partitions (8
 instead of 16)?

I re-added the missing disklabel entries. All looks good again now.

Regards,
Markus

Interlang Your translation Votre traduction

[mel....@orange-business.fr]

Hello my name is Emma !  (independent translator)
Do you sometimes need a professional translation from English to French ?  
I will be happy to do it for you !
 Do not hesitate to contact me for more information.
 I look forward to collaborating with you.
 
Bonjour je m'appelle Emma ! (traductrice indipendante)
  Avez vous besoin de traductions professionnelles de l'anglais vers le 
frangais ? Je serais heureuse de m'en charger !
  N'hisitez pas ` m'icrire pour plus d'information.
  Cordialement.

Emma

Re: nested vlans: safe to use?

[Pete Vickers]

something like this:

http://www.openbsd.org/papers/asiabsdcon2010_vether/index.html

especially page 6/7...


/Pete



On 11. mai 2010, at 13.45, Toni Mueller wrote:

 Hi,
 
 I've been trying to figure out whether I can use OpenBSD in a nested
 vlan scenario. I'm looking at a data centre where I want to get two
 wires, each carrying several vlans, and funneling them home across a
 WAN link. Various switch vendors claim to be able to do it, but I
 couldn't really figure out what the current state of affairs wrt.
 OpenBSD is. On the other side of the wires or fibres, I'll be talking
 to Junipers, Ciscos (6509), and/or Foundy switches and/or routers on
 the other side(s).
 
 The desired setup looks like this:
 
  data centre LAN --- switch --- WAN --- home (OpenBSD)
 
 I want to run at least three vlans across the WAN link, and need to
 keep the vlans strictly separated. I also need to do traffic shaping on
 a per-vlan basis. :/
 
 
 TIA!
 
 
 
 Kind regards,
 --Toni++

Re: pf change in upgrade47.html

[David Gwynne]

On 12/05/2010, at 9:28 PM, Rod Whitworth wrote:

 Particularly seeing I referenced both of those in my original post as
 not being helpful and I've been trying to get somebody - anybody - to
 write a minimal NAT ruleset and show me.

i use the following on my router at home:

pass
block log on $if_external

anchor ftp-proxy/*

pass in on $if_external proto tcp from $host_jp to ($if_external) port smtp
rdr-to $host_apathy port smtp
pass in on $if_external proto tcp to ($if_external) port { https ssh } rdr-to
$host_apathy port ssh
pass in on $if_external proto tcp to ($if_external) port imaps rdr-to
$host_apathy port imaps

pass in on $if_external inet proto icmp to ($if_external:0) icmp-type echoreq
pass in on $if_external inet proto { tcp udp } to ($if_external:0) port domain
keep state (max 128)

pass in on $if_external inet proto udp from port isakmp to ($if_external:0)
port isakmp
pass in on $if_external inet proto esp to ($if_external:0)

pass out on $if_external from ($if_external:0)
match out on $if_external inet from { $if_wired:network $if_wireless:network }
nat-to ($if_external:0)
pass out quick on $if_external inet proto tcp to port { 80 443 } scrub
(max-mss 1280)
pass out on $if_external

pass on internal
pass in quick on internal proto tcp to port ftp rdr-to 127.0.0.1 port 8021

Re: pf change in upgrade47.html

[Peter Hessler]

On 2010 May 12 (Wed) at 21:28:03 +1000 (+1000), Rod Whitworth wrote:
:Particularly seeing I referenced both of those in my original post as
:not being helpful and I've been trying to get somebody - anybody - to
:write a minimal NAT ruleset and show me.

The ruleset I use on my laptop (which sometimes provides network for
experimental boxes), is simply thus:


pass# to establish keep-state

# By default, do not permit remote connections to X11
block in on ! lo0 proto tcp to port 6000:6010

match out log on egress from !(egress) to any nat-to (egress:0)



-- 
One is not superior merely because one sees the world as odious.
-- Chateaubriand (1768-1848)

Re: pf change in upgrade47.html

[Robert]

On Wed, 12 May 2010 21:28:03 +1000
Rod Whitworth glis...@witworx.com wrote:

 On Wed, 12 May 2010 13:05:15 +0200, Robert wrote:

 http://www.openbsd.org/faq/current.html#20090901
 http://marc.info/?l=openbsd-miscm=125181847818600w=2
 
 
 Have you actually written and tested a ruleset using either of those
 documents?
 If so please show us.

(oh, you didn't sent this only to me offlist, once more for the ml)

I am sending this through an OpenBSD firewall with match nat...
Yes, i changed the old syntax prompted by the commit and the following
-current faq.

 Particularly seeing I referenced both of those in my original post as
 not being helpful and I've been trying to get somebody - anybody - to
 write a minimal NAT ruleset and show me.

I didn't read up on the whole thread.
Only wondered what is so hard about changing the nat line to the new
syntax.

Here would be a condensed version of what i am actually running in my
adsl gateway. (striped and generalised)

IF_EXT = pppoe0
IF_INT = sk0
antispoof for $IF_EXT inet
set skip on lo0
match in all scrub (no-df)
match out on $IF_EXT all scrub (no-df random-id max-mss 1440)
match out on $IF_EXT inet from any to ! $IF_INT:network nat-to ($IF_EXT)
block log all
block quick inet6 all
pass in  on $IF_INT
pass out on $IF_EXT

Not minimal and generic enough to make into a default cfg, but simple
with some nice to have stuff left.

[patch] Re: fdisk and bootable flag

[Thomas Pfaff]

On Tue, 11 May 2010 22:14:26 +0200
Thomas Pfaff tpf...@tp76.info wrote:

 On Tue, 11 May 2010 12:34:28 -0700 (PDT)
 stupidmail4me stupidmail...@yahoo.com wrote:
  
  Anyone know how to edit the default MBR record so fdisk -iy creates
  one partition with no bootable flag, or how to unset the bootable flag?
 
 I think the following should do it:
 
 fdisk: 1 flag partition 0
 
 I suppose the man page should mention that this operation can take on
 a second operand.
 

diff if this should be mentioned.  It was in fact mentioned in the man
page but the text was commented out.  Not sure why.

Index: fdisk.8
===
RCS file: /cvs/src/sbin/fdisk/fdisk.8,v
retrieving revision 1.69
diff -u -p -r1.69 fdisk.8
--- fdisk.8 27 Mar 2010 13:56:49 -  1.69
+++ fdisk.8 12 May 2010 13:15:04 -
@@ -303,14 +303,14 @@ may be appended to indicate bytes, kilob
 The special size value
 .Sq *
 will cause the partition to be sized to use the remainder of the disk.
-.It Cm flag Ar #
+.It Cm flag Ar # Op Ar value
 Make the given MBR partition table entry bootable.
 Only one entry can be marked bootable.
 .\ If you wish to boot from an extended
 .\ MBR partition, you will need to mark the MBR partition table entry for the
 .\ extended MBR partition as bootable.
-.\ If an optional value is given, the MBR partition is marked with the given
-.\ value, and other MBR partitions are not touched.
+If an optional value is given, the MBR partition is marked with the given
+value, and other MBR partitions are not touched.
 .It Cm update
 Update the machine MBR bootcode and 0xAA55 signature in the memory copy
 of the currently selected boot block.

Cannot reboot an Alix.1D board

[Pierre Berthier]

Hi

I cannot get an Alix.1D board (http://www.pcengines.ch/alix1d.htm)
rebooting cleanly with OpenBSD 4.6 and -current.  After installing and
booting into OpenBSD on a 4GB CF Card (Sandisk Extreme III), I can
issue the command reboot, and the operating system restarts, I can
see the BIOS messages up to the point where the BIOS displays:

Detecting IDE Drives...

After hanging here 60 seconds, it goes further and displays the name of
the CF card as Primary master, and hangs a little while again.  After
this, it tries to boot the network card as if the CF card was not
bootable.

If I turn the power off and on again, I can boot off the CF card
without problem.

I have tried several things, that did not change anything to the
problem:

- install two more recent Alix BIOSes from 8/27/08 and the latest Beta

- install OpenBSD -current instead of 4.6

- use another CF card (same manufacturer, but speed only half)

It has been suggested on the Alix forum that the method used by OpenBSD
to reboot the board (whatever it is) might cause the problem, and that
known working ways of rebooting the board could be found at that
location: http://www.pcengines.ch/file/alixllc.zip

It seems to me that the OpenBSD reboot code involved is
in /usr/src/sys/arch/i386/i386/machdep.c in the function cpu_reset().
Unfortunately I am not knowledgeable enough to fully understand what
OpenBSD exactly does here to reboot the board, and even less to compare
it to the examples given by the manufacturer.

Any suggestions?

Thank you!

Pierre

dmesg:
OpenBSD 4.7-current (GENERIC) #642: Wed Apr 28 11:46:47 MDT 2010
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD
586-class) 333 MHz cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX
real mem  = 259350528 (247MB)
avail mem = 242053120 (230MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 01/16/09, BIOS32 rev. 0 @ 0xfa960
apm0 at bios0: Power Management spec V1.2 (slowidle)
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev 2.1 @ 0xf/0xdfb4
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf40/112 (5 entries)
pcibios0: bad IRQ table checksum
pcibios0: PCI BIOS has 5 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 5 10 11
pcibios0: no compatible PCI ICU found
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0xa800 0xef000/0x1000!
cpu0 at mainbus0: (uniprocessor)
amdmsr0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x31
vga1 at pci0 dev 1 function 1 AMD Geode LX Video rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES
vr0 at pci0 dev 13 function 0 VIA VT6105M RhineIII rev 0x96: irq 11,
address 00:0d:b9:0d:69:08 ukphy0 at vr0 phy 1: Generic IEEE 802.3u
media interface, rev. 3: OUI 0x004063, model 0x0034 glxpcib0 at pci0
dev 15 function 0 AMD CS5536 ISA rev 0x03: rev 3, 32-bit 3579545Hz
timer, watchdog, gpio gpio0 at glxpcib0: 32 pins pciide0 at pci0 dev 15
function 2 AMD CS5536 IDE rev 0x01: DMA, channel 0 wired to
compatibility, channel 1 wired to compatibility wd0 at pciide0 channel
0 drive 0: SanDisk SDCFX3-004G wd0: 4-sector PIO, LBA, 3919MB,
8027712 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled) auglx0 at pci0 dev 15 function 3
AMD CS5536 Audio rev 0x01: irq 11, CS5536 AC97 ac97: codec id
0x414c4770 (Avance Logic ALC203 rev 0) ac97: codec features headphone,
20 bit DAC, 18 bit ADC, No 3D Stereo audio0 at auglx0
ohci0 at pci0 dev 15 function 4 AMD CS5536 USB rev 0x02: irq 5,
version 1.0, legacy support ehci0 at pci0 dev 15 function 5 AMD CS5536
USB rev 0x02: irq 5 usb0 at ehci0: USB revision 2.0
uhub0 at usb0 AMD EHCI root hub rev 2.00/1.00 addr 1
isa0 at glxpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
wbsio0 at isa0 port 0x2e/2: W83627HF rev 0x41
lm1 at wbsio0 port 0x290/8: W83627HF
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 AMD OHCI root hub rev 1.00/1.00 addr 1
biomask f7e5 netmask ffe5 ttymask 
mtrr: K6-family MTRR support (2 registers)
vscsi0 at root
scsibus0 at vscsi0: 256 targets
softraid0 at root
root on wd0a swap on wd0b dump on wd0b


--

~
Pierre Berthier
Institute of Neuroinformatics
University of Zurich and ETH Zurich
Winterthurerstrasse 190, CH-8057 Zurich, Switzerland

[demime 1.01d removed an attachment of type 

Re: pf change in upgrade47.html

[J.C. Roberts]

On Wed, 12 May 2010 21:28:03 +1000 Rod Whitworth
glis...@witworx.com wrote:
 Have you actually written and tested a ruleset using either of those
 documents?
 If so please show us.
 
 Particularly seeing I referenced both of those in my original post as
 not being helpful and I've been trying to get somebody - anybody - to
 write a minimal NAT ruleset and show me.


Creating a minimal rule set for a firewall doing NAT is very simple; 
basically, it's a one-liner 'match' rule, but with 4.7-RELEASE/STABLE
you should be more verbose if you're using ppp(8) and possibly pppd(8),
and create the typical interface-based rules.

-
#   $OpenBSD: pf.conf,v 1.49 2009/09/17 06:39:03 jmc Exp $
#
# See pf.conf(5) for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

ext_if = tun0
int_if = xl0
set skip on lo
# set block-policy drop

# default block
block in log all
# block log quick inet6

# filter rules and anchor for ftp-proxy(8)
# anchor ftp-proxy/*
# pass in log on $int_if proto tcp to port ftp rdr-to 127.0.0.1 port 8021

# anchor for relayd(8)
# anchor relayd/*

# nat for local network
match out on $ext_if from ($int_if:network) nat-to ($ext_if:0)

pass in on $int_if
pass out on $ext_if

# rules for spamd(8)
#table spamd-white persist
#table nospamd persist file /etc/mail/nospamd
#pass in on egress proto tcp from any to any port smtp \
#rdr-to 127.0.0.1 port spamd
#pass in on egress proto tcp from nospamd to any port smtp
#pass in log on egress proto tcp from spamd-white to any port smtp
#pass out log on egress proto tcp to any port smtp


#block in quick from urpf-failed to any # use with care

# By default, do not permit remote connections to X11
block in on ! lo0 proto tcp to port 6000:6010
-

NOTE: I don't know enough about interface groups or how they work with pf,
  and I'm still testing and learning, so my advice is *VERY* dodgy. ;)

One of the issues is not well stated, namely, the improvements in pf ruleset
syntax have a goal of simplification such as hardware-independent rules. This
is being accomplished by using interface groups as noted in ifconfig(8).

You'll note how the default pf.conf ruleset *intentionally* avoids using the
previously typical hardware-dependent syntax such as defining 'ext_if' and
'int_if' then using them in the rules. The more complex hardware-dependent
syntax still works fine if used (as above), and providing an example might
be useful for the short term.

Long term, it is better to use hardware-independent rules. The previously
mentioned one-liner would simply be:

match out on egress from ! egress nat-to egress

Though the above *mostly* works, the trouble is, 'egress' is actually a *GROUP*
of interfaces, so what pf is really doing is less than crystal clear unless 
you've worked with it a bit. I don't know how well the above one-liner works on
4.7-RELEASE/STABLE but I *just* started testing it on -CURRENt with a rather
unstable ppp connection (via umodem EVDO/Verizon).

With -CURRENT I've found one bug with using 'egress' NAT and it seems to be due
to the tun0 interface being destroyed and recreated by ppp(8) so pf loses track
of the (only) 'egress' interface. Manually reloading the pf ruleset after ppp(8)
recreates the tun0 interface and reestablishes the connection, fixes the 
problem, so I could easily put the pf reload in /etc/ppp/ppp.linkup to solve
the problem.

Since manually reloading pf rules is not necessary when using the full 
interface-based ruleset above, it also should not be necessary when using a 
hardware independent group-based ruleset (i.e. with 'egress').

I haven't gotten to testing how pppd(8) behaves, but the 'egress group bug'
might be there as well.

NOTE:
I just discovered the above bug a few minutes ago, but the -CURRENT on
that box is stale (Mar9) so I'll update and retest to see if it's already
fixed before filing a PR. None the less, it might also exist in 4.7-RELEASE
or 4.7-STABLE and I'll try to get that tested as well. I don't have RELEASE
installed anywhere, so I'll have to build up a new box. Luckily, my 4.7 set
was pre-ordered and is sitting right next to me.

Ya, our new super-simple-syntax seems to have a show stopper bug on release
because you, me, and everyone else, have failed to do adequate testing.

-- 
The OpenBSD Journal - http://www.undeadly.org

Re: pf change in upgrade47.html

[J.C. Roberts]

On Wed, 12 May 2010 07:46:59 -0700 J.C. Roberts
list-...@designtools.org wrote:
 Long term, it is better to use hardware-independent rules. The
 previously mentioned one-liner would simply be:
 
   match out on egress from ! egress nat-to egress
 
 Though the above *mostly* works

It seems the ppp issue is because I botched the syntax. It should be:

match out on egress from !(egress) nat-to (egress:0)

Now I need to figure out why...

-- 
The OpenBSD Journal - http://www.undeadly.org

Espionnage et Renseignement

[Philippe DYLEWSKI]

BONJOUR,

Je suis Philippe Dylewski et je dirige l’agence de ditectives privis
AGAKURE ` Charleroi (Belgique).

J'ai icrit un guide pratique du renseignement et de l'espionnage au
quotidien et je me suis dit que ga pouvait vous intiresser ou vous
amuser, et dans l'idial les deux.

Espionnage et renseignement. Comment tout savoir sur tout le monde, dans
les entreprises et ailleurs. (Tout un pohme !)

Le livre est une compilation de mithodes venant des outils de
l'intelligence iconomique, des ficelles du ditective privi, et de
compitences comportementales utiles dans l'obtention d'informations
sensibles.

Le lecteur saura comment:

• ; Trouver l'information sensible sur toute personne;

• ; Dicouvrir des donnies clis sur ses concurrents et partenaires
commerciaux

• ; Mener des recherches pointues sur le net en un minimum de temps;

• ; Accider au web cachi (partie du web non accessible via les
moteurs de recherche);

• ; Rechercher une personne, n’importe oy dans le monde;

•n bsp; Trouver et utiliser logiciels et matiriels
d'espionnage (icoute de conversations ` distance, suivre un vihicule ou
une personne ` distance, accider ` un ordinateur ou un gsm,...);

• ; Ditecter le mensonge par des techniques comportementales.

Toutes les techniques expliquies le sont de manihre ` pouvoir jtre
utilisies par des gens pourvus d'un cerveau normal. Inutile d'jtre un
inginieur en informatique (je ne le suis pas) ou un hacker boutonneux (je
ne le suis pas non plus).

Cela va sans dire, j'aimerais beaucoup vous faire connaitre mon bibi
(tous les papas aiment parler de leur rejeton).

Bien ` vous,

Philippe

Philippe Dylewski

P.S. 1: Si ce mail stimule votre infatigable curiositi, venez faire un
tour sur mon site oy vous trouverez renseignements et articles sur le
bouquin (y compris des commentaires de lecteurs)

P.S. 2 : Ce mail ne sera envoyi qu’une seule fois. Aucun harchlement
publicitaire n’est envisagi. Votre adresse n’est pas conservie (ni
cidie). Si vous en doutez, vous pouvez toujours vous disinscrire ici

[IMAGE]

Re: VPN Clients Behind OpenBSD 4.6 PF NAT

[Jorge Enrique Valbuena Vargas]

hi,

what about pass in and pass out with proto esp or ah ?






On Mon, May 10, 2010 at 6:23 PM, dontek don...@gmail.com wrote:

 The only change to sysctl.conf from default install is uncommenting:

 net.inet.ip.forwarding=1
 net.inet6.ip6.forwarding=1

 I am running a slightly pruned version of the FAQ Example: Firewall for
 Home or Small Office pf.conf.
 -
 ext_if=fxp0
 int_if=xl0

 tcp_services={ 22 }
 icmp_types=echoreq

 set block-policy return
 set loginterface $ext_if

 set skip on lo

 match in all scrub (no-df)

 nat on $ext_if from !($ext_if) - ($ext_if:0)
 nat-anchor ftp-proxy/*
 rdr-anchor ftp-proxy/*

 rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021

 block in

 pass out keep state

 anchor ftp-proxy/*

 antispoof quick for { lo $int_if }

 pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services
 flags S/SA keep state

 pass in inet proto icmp all icmp-type $icmp_types keep state

 pass in quick on $int_if
 -

 -Original Message-
 From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
 Jorge Enrique Valbuena Vargas
 Sent: Monday, May 10, 2010 5:47 PM
 To: Don Reis
 Cc: misc@openbsd.org
 Subject: Re: VPN Clients Behind OpenBSD 4.6 PF NAT

 HI,

 can you send the pf.conf and sysctl.conf files ?



 On Mon, May 10, 2010 at 2:56 PM, Don Reis reisd...@gmail.com wrote:

  Hey guys, I got a little problem:
 
 
 
  First let me say I am running a fresh install of OpenBSD 4.6 and besides
  turning on IP forwarding in sysctl and installing the pf.conf example
 from
  the FAQ (modified of course to fit my NIC's), I have changed nothing in
 the
  default install.
 
 
 
  The scenario is I am attempting to connect to various external VPN's from
  inside my NAT network.  I have tried both the Cisco and Shrew Soft VPN
  Clients with various Cisco and Netgear VPN concentrators and appliances,
  all
  with the exact same results.
 
 
 
  I initiate the connection, Phase 1 completes, Phase 2 completes, the
 tunnel
  comes up.  I'm connected now right, except, packets only flow one
 direction
  over the tunnel,  my outbound traffic gets through the tunnel to the
 remote
  network, but nothing ever comes back.
 
 
 
  If I jack my computer directly into my internet connection, everything is
  peachy on all clients and all endpoints.
 
 
 
  I've searched quite a bit and almost all of what I find is people
  complaining they can't get a connection over NAT and other people
  recommending various port redirects to a single machine running the VPN
  client to make things work.
 
 
 
  This is of course not like my situation.  All VPN negotiations work just
  fine, I just never receive anything over the tunnel once it's up.
 
 
 
  Give me a clue.  I assume this should just work behind PF NAT, since both
  clients are negotiating and using NAT-T.
 
 
 
  Thanks,
 
 
 
  don..

Re: nested vlans: safe to use?

[Toni Mueller]

Hi,

On Wed, 12.05.2010 at 01:09:55 +, Stuart Henderson s...@spacehopper.org 
wrote:
 First talk to your wan provider, they might either be able to allocate
 you a couple of vlans that they'll carry for you, or do QinQ (i.e. you
 feed the provider plain vlans, and they appear directly at the other
 side).

I would very much prefer to abstain from reshuffling vlans in the
remote data centre. If possible, I'll try to arrange for
non-overlapping vlan ids, which would solve the immediate problem, but
could allow for unauthorized use of vlans (eg. what if someone
reconfigures their vlan stuff, and suddenly their packets enter the
wrong vlan?). I need to prevent this scenario. Using QinQ directly
would be much better.

The carrier said that they will transport all packets up to 64k per
frame fully transparently, w/o any alteration. I need to re-hash the
frametype issue, though.

 In-tree, there is the option of 'ifconfig vlanXXX vlandev vlanYYY which
 might get you somewhere. This uses the same ethertype on inner and
 outer vlans and doesn't interoperate with other vendors vlan stacking,
 but you might be able to do something with it (or maybe you'll just
 confuse your providers switches).

So I can't change the frame types on a per-vlan basis, eg. to match
their respective switches' expectations... hmmm.

 There's also a diff at 
 http://www.mail-archive.com/misc@openbsd.org/msg65694.html
 that switches ethertype so you can interoperate with other vendors QinQ (it
 will need updating for -current).

Thanks for pointing this out! I'll have a close look.

 But usually you just feed plain vlans to the wan provider and they handle
 translation or stacking..

?!?

 I also need to do traffic shaping on
  a per-vlan basis.
 
 This does seem to work but I'm under the impression that queueing
 should be done on the physical interface (vlandev).

I don't know how useful this really is. I need to limit and/or reserve
bandwidth of individual vlans on the (one) wan pipe.



Kind regards,
--Toni++

Re: nested vlans: safe to use?

[Toni Mueller]

Hi,

On Wed, 12.05.2010 at 14:23:18 +0200, Pete Vickers p...@systemnet.no wrote:
 http://www.openbsd.org/papers/asiabsdcon2010_vether/index.html
 
 especially page 6/7...

thanks, but... I may have mis-stated the problem.

I have no bandwidth or fragmentation problem, but rather a
configuration problem in a Metro-LAN-like setting.

Oh... and I forgot to add CARP into the mix - I want to automatically
fail over the whole stack of vlans to a second router of mine when one
interface fails.


Kind regards,
--Toni++

Re: X exiting after update (inteldrm error)

[J.C. Roberts]

On Wed, 12 May 2010 02:28:36 -0300 Alan R. S. Bueno
alan@gmail.com wrote:
 I'm not sure if misc@ is the right place to send this...
 
 After update kernel + userland + X (yesterday, in the morning (here in
 Brazil)... but with all the latest relevant changes in the trees src/
 and xenocara/ applied), X exited (today, tonight, here in Brazil...
 yeah! :) with the following error:

Both INTELDRM_GEM kernel and the corresponding new X intel driver were
recently committed. Due to mirrors being out of sync, your cvs update
may have only caught a portion of the needed changes. You should try
again with cvs update of src and xenocara.

Though not entirely relevant, you might also want to note:
http://www.openbsd.org/faq/current.html#20100510

jcr

-- 
The OpenBSD Journal - http://www.undeadly.org

Re: nested vlans: safe to use?

[Stuart Henderson]

On 2010/05/12 20:35, Toni Mueller wrote:
 The carrier said that they will transport all packets up to 64k per
 frame fully transparently, w/o any alteration. I need to re-hash the
 frametype issue, though.

Sounds like there's nothing to do and it should just work then...

  But usually you just feed plain vlans to the wan provider and they handle
  translation or stacking..
 
 ?!?

If they're doing nested vlans (tag stacking), usually you feed them
frames, they add their own tag to get the frames across their network,
and decapsulate when they handover to you.

Re: nested vlans: safe to use?

[Toni Mueller]

On Wed, 12.05.2010 at 19:48:47 +0100, Stuart Henderson s...@spacehopper.org 
wrote:
   But usually you just feed plain vlans to the wan provider and they handle
   translation or stacking..
  
  ?!?
 
 If they're doing nested vlans (tag stacking), usually you feed them
 frames, they add their own tag to get the frames across their network,
 and decapsulate when they handover to you.

Erm, this sounds backwards to me. I am the guy who needs to stack some
- possibly already stacked - vlans at the remote end, in the data
centre, and then feed this into the pipe (easy), and decapsulate
multiple times at home, and encapsulate everything at home before
sending it out through the wan pipe again, to be decapsulated in the
data centre and distributed to various other people there.


-- 
Kind regards,
--Toni++

Re: nested vlans: safe to use?

[Christian Weisgerber]

Stuart Henderson s...@spacehopper.org wrote:

 In-tree, there is the option of 'ifconfig vlanXXX vlandev vlanYYY which
 might get you somewhere.

If I remember correctly, at the time I added support for hardware
vlan tagging, this kind of stacking did not work--and I don't think
this has changed.

-- 
Christian naddy Weisgerber  na...@mips.inka.de

Re: pf change in upgrade47.html

[Stuart Henderson]

On 2010-05-10, Rod Whitworth glis...@witworx.com wrote:
 The latest pf.conf documentation is written by people who don't need
 documentation but, probably for the first time, they forgot that
 compleat newbies need docs that enable them to get things working if
 they RTveryFM. 

It's just been done as a conversion from the old syntax style to the
new one by the simplest method of converting, I think it it definitely
use rewriting into a nicer style...

 Just by the way, the default pf.conf for 4.7 has a line that says:
 #pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021

 I don't think that line is complete, is it?

that one's okay.

$ echo 'pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021' |
 pfctl -nvf -
pass in quick inet proto tcp from any to any port = ftp flags S/SA keep state 
rdr-to 127.0.0.1 port 8021

Re: X exiting after update (inteldrm error)

[Alan R. S. Bueno]

On Wed, May 12, 2010 at 3:41 PM, J.C. Roberts list-...@designtools.org wrote:
 Both INTELDRM_GEM kernel and the corresponding new X intel driver were
 recently committed. Due to mirrors being out of sync, your cvs update
 may have only caught a portion of the needed changes. You should try
 again with cvs update of src and xenocara.

No. The latest change that my cvs update caught was:

http://marc.info/?l=openbsd-cvsm=127357649215000w=2

After that change, no *relevant* change was made (neither in src/ nor
xenocara/) that can be the cause of the error; so, cvs update now is
irrelevant. If you are subscribed to source-changes@, check the latest
changes; if not, check here:

http://marc.info/?l=openbsd-cvsr=1b=201005w=2

 Though not entirely relevant, you might also want to note:
 http://www.openbsd.org/faq/current.html#20100510

It's not the case. Kernel + Userland + Xenocara are all up to date
(well, to the date in my dmesg head...).

Today my machine froze again in the same condictions. (I had to use
the power button.) :-(

Re: Virtual domains/users setup with smtpd.

[Gilles Chehade]

I have very sporadic access to internet this week, your mail is
very hard to read, can you summarize as much as possible and
describe your exact issue with output from smtpd -dv, smtpd.conf
and making sure you are running the latest smtpd ?

Will check back my mails tomorrow evening

Gilles

On Tue, May 11, 2010 at 10:19:19PM -0400, Daniel Ouellet wrote:
 Hi,
 
 I am very much hoping that I could get the input of a kind sole out 
 there, or even to send me a working configuration is find. But I spend 
 the last three days on/off to try to get the virtual alias/domains 
 working on smtpd and I can't get there.
 
 I read the man page no less the 20 times, google and all. Eve saw the 
 changes in alias done a few days, ago. 13 now.
 
 Even the latest fix here:
 
 http://www.mail-archive.com/misc@openbsd.org/msg90204.html
 
 Or the few example here:
 
 https://calomel.org/opensmtpd.html
 
 I try on 4.5, 4.7 and after the fix posted 13 days ago, I did try on 
 current as well.
 
 I even empty a bottle of wine tonight to calm me down as I hit the wall 
 a few times and I am getting upset. May be I don't understand the 
 english as it should be, but for me, there is something missing in the 
 man page that I can't break yet.
 
 I try no less then may be 100 variation on possible, and very unlikely 
 possibility to get this working, but I cant get there.
 
 I set up two servers to test, one with 4.5 one with current and even 
 test on 4.6 a few times.
 
 I strip to the minimum, but frankly, I hit the wall. It got to be the 
 most stupid missing details, but please any help would be great. I can't 
 figure it out with the docs I read so far and believe me I read a hell 
 of a lots so far.
 
 Below is what I understand, I guess at this time that should work as 
 writing all that I tried would be way to long.
 
 What am I missing?
 
 Here are the details:
 
 Now tested on current on sparc 64.
 
 I have multiple domains for testing and ll.
 
 All DNS are ok.
 
 I see the incoming right.
 
 I get constant errors at the receiving end:
 
 May 11 21:07:45 spamtrap smtpd[24488]: 1273626465.PixuMJ6IS1qoctUk: 
 from=dan...@presscom.net, relay=smtp1.realconnect.com [66.63.3.242], 
 stat=LocalError (530 5.0.0 Recipient rejected: dan...@opensipd.com)
 
 I can deliver local mail to local user on that box.
 
 I try to setup virtual users on that box, or virtual users forwarded to 
 remote address as well for testing.
 
 That I can't get there.
 
 Putting anything in /etc/mail/aliases and doing the newalias will not do it.
 
 The simplest configuration as I understand it based on the man page and 
 I even removed any tls stuff as well to keep it simple should be:
 
 mail to root@ the hostname will work, no problem.
 
 I create the virtual.db file with a single line as follow:
 
 # cat virtual
 dan...@opensipd.com: dan...@presscom.net
 
 makemap -t aliases -o /etc/mail/virtual.db /etc/mail/virtual
 
 the smtpd.conf have this:
 
 listen on lo0
 listen on dc0
 
 map aliases { source db /etc/mail/aliases.db }
 map virtual { source db /etc/mail/virtual.db }
 
 accept for all relay
 accept from all for local deliver to mbox
 accept for domain opensipd.com alias virtual deliver to mbox
 
 But the above isn't right and give configuration errors.
 
 Even if the man page suggest it should be possible;
 
 for domain domain [alias map]
   This rule applies to mail destined for the specified
   domain.  This parameter supports the `*' wildcard, so
   that a single rule for all sub-domains can be used, for
   example:
 
   accept for domain *.example.com deliver to mbox
 
   If specified, map is used for looking up alternative
   destinations for addresses in this domain.
 
 
 May be I don't understand that part properly.
 
 Anyway, putting:
 
 accept from all for domain opensipd.com alias virtual deliver to mbox
 
 give errors as well.
 
 accept from all for virtual virtual deliver to mbox
 
 give no success either.
 
 even f there isn't any error at the start.
 
 I still get the :
 
 530 5.0.0 Recipient rejected: dan...@opensipd.com
 
 Even trying this for a test;
 
 accept from all for virtual virtual relay
 
 will not go.
 
 Or this;
 
 accept from all for domain virtual deliver to mbox
 
 no error at startup, but still no go.
 
 Anyway, I got a very long list of variation and all kind of trial and 
 nothing works for me so far.
 
 Please anyone can tell me what actually works in a step by step as long 
 like what ever I read just do not give me the answer and I am at a lost 
 to get it going.
 
 It got to very very stupid and I am sure I will beat myself over the 
 head when it's working, but I can't get it, or understand the man page 
 properly.
 
 Some small details is definitely missing for me to get it and may be a 
 very small additional example in the man page might help lost sole like me.
 
 Anyone have a small amount of time to graciously offer me to light my 
 candle here?
 

Re: [Bulk] Re: tls proxy in front of spamd?

[Kevin Chadwick]

On Thu, 6 May 2010 03:21:02 +0300
Jussi Peltola pe...@pelzi.net wrote:

 On Wed, May 05, 2010 at 07:27:46PM +0100, Kevin Chadwick wrote:
  Of course, if it's your mail server and clients you can use ips without
  dns have certficates tied to those ips and even block or monitor resets,
  none of which can be done with starttls and it is also a smaller window
  of opportunity. You can always reset the starttls too and man in the
  middle that, just one less opportunity.
  
 
 If it's your mail server and clients you can just force certificate
 checking on the hosts you want to connect to with tls. Using a different
 port adds no cryptographic security (authentication) at all, so it's
 useless complexity.
 

Sorry, been away, you can use authpf for authentication and
even a ssh tunnel for privacy.

The main points are that connecting via starttls is like waving a flag
saying I am going to connect again via ssl soon, when you could just
connect once, (less of a problem for OpenBSD connections). Also some
clients like iphones for example try ssl and fall back to plain. Using
a separate port also means a user has more options to be sure of a ssl
connection (desktop firewall, almost any mail client config etc.).

I was wondering what advantages does using port 25 alone have in the
light of reading Yahoo being criticised for not following the standard.

KeV

Come join me on Create Abundance 2020™ International Network

[CORE TEAM JHOVILYN NANOLA]

Create Abundance 2020b International Network: A community dedicated to 
creating a world that works for all


Come join me on Create Abundance 2020b International Network!

CORE TEAM JHOVILYN NANOLA

Click the link below to Join:
http://www.ca2020.net/?xgi=5f51xpsLnKAuQMxg_source=msg_invite_net

If your email program doesn't recognize the web address above as an active link,
please copy and paste it into your web browser



Members already on Create Abundance 2020b International Network
Alexxis Monique O. Gratela, Marc Vincent C. Panay, OLWENY San James, Lara 
Francia, Alvin Jake NaC1adiego Juria



About Create Abundance 2020b International Network
For people who are seeking mentors for growth and abundance in life, business 
and spirit. Visit www.iloveabundance.vox.com

11274 members
7237 photos
396 videos
945 discussions
102 Events
3112 blog posts



To control which emails you receive on the corner, or to opt-out, go to:
http://www.ca2020.net/?xgo=fbNhpL9aXbndCgDbukiNL2KG-/rASpifVvzyfoey6V-yk9Q6TzEZEwxg_source=msg_invite_net

Come join me on Create Abundance 2020™ International Network

[CORE TEAM JHOVILYN NANOLA]

Create Abundance 2020b International Network: A community dedicated to 
creating a world that works for all


Come join me on Create Abundance 2020b International Network!

CORE TEAM JHOVILYN NANOLA

Click the link below to Join:
http://www.ca2020.net/?xgi=5f51xpsLnKAuQMxg_source=msg_invite_net

If your email program doesn't recognize the web address above as an active link,
please copy and paste it into your web browser



Members already on Create Abundance 2020b International Network
Alexxis Monique O. Gratela, Marc Vincent C. Panay, OLWENY San James, Lara 
Francia, Alvin Jake NaC1adiego Juria



About Create Abundance 2020b International Network
For people who are seeking mentors for growth and abundance in life, business 
and spirit. Visit www.iloveabundance.vox.com

11274 members
7237 photos
396 videos
945 discussions
102 Events
3112 blog posts



To control which emails you receive on the corner, or to opt-out, go to:
http://www.ca2020.net/?xgo=Z--K6feN4krdCgDbukiNL2KG-/rASpifVvzyfoey6V-yk9Q6TzEZEwxg_source=msg_invite_net

Re: X exiting after update (inteldrm error)

[J.C. Roberts]

On Wed, 12 May 2010 17:20:28 -0300 Alan R. S. Bueno
alan@gmail.com wrote:
 On Wed, May 12, 2010 at 3:41 PM, J.C. Roberts
 list-...@designtools.org wrote:
  Both INTELDRM_GEM kernel and the corresponding new X intel driver
  were recently committed. Due to mirrors being out of sync, your cvs
  update may have only caught a portion of the needed changes. You
  should try again with cvs update of src and xenocara.
 
 No. The latest change that my cvs update caught was:
 
 http://marc.info/?l=openbsd-cvsm=127357649215000w=2
 
 After that change, no *relevant* change was made (neither in src/ nor
 xenocara/) that can be the cause of the error; so, cvs update now is
 irrelevant. If you are subscribed to source-changes@, check the latest
 changes; if not, check here:
 

I think you're right about the *relevant* changes since the intagp
stuff committed today seems to be for pineview from the commit logs.

 Today my machine froze again in the same condictions. (I had to use
 the power button.) :-(

Bummer. I've been testing the new intel driver (with GEM) for a few
weeks and it still has a few bugs with old 82845G. In my case, the
screen gets corrupted, but X doesn't actually crash. This happens
repeatably when switching to/from virtual terminals, and happens
occasionally when flipping between xterms and gtk-based apps in X.
Of course, once it's corrupted, a subsequent VT switch will crash X,
but the corruption alone does not.

The best thing you can do is enable DRM Debug in the kernel and try to
get a core dump.

$ cat /usr/src/sys/conf/GENERIC | grep DEBUG=
makeoptions DEBUG=-g  # compile full symbol table

$ cat /usr/src/sys/arch/i386/conf/GENERIC_DRMDEBUG
include arch/i386/conf/GENERIC
option  DRMDEBUG
option  DRMLOCKDEBUG

And then follow the instructions in xenocara/README for how to set up
and run the system to get a core file.

-- 
The OpenBSD Journal - http://www.undeadly.org

Re: Relayd on localhost with multiple SSL Certificates

[Kevin Chadwick]

On Wed, 12 May 2010 09:09:18 +0200 (CEST)
Jens Teglhus MC8ller j...@mostlyharmless.dk wrote:

 On Wed, May 12, 2010 04:46, Daniel Ouellet wrote:
  On 5/11/10 8:05 PM, Keith wrote:
  Hi. is it possible to get multiple http relayd relays listening on
  localhost each with a different port # and each with a different ssl
  certificate ?
 
  SSL certificate are host name bound, not port bound isn't it?
 
  So, I would say no, but I could be wrong.
 
 

 Well that would actually be the reason it could work. Multiple dns names
 mapped to the same ip address and configured on separate ports and a given
 certificate (virtual host) bound to a given port.

 But whether this will work with relayd i dont know, but i believe it would
 work fine with apache.

 /jtm


I can confirm that this works, but the port will need to be in the link
or ips attained.

I'm not sure if there are any problems that requiring the port may
cause to users?

Re: VPN Clients Behind OpenBSD 4.6 PF NAT

[dontek]

I have tried adding a pass in proto esp with no change to my working status.
(tunnel uses ESP)

If you would like to return my pf.conf with the rule(s) in the positions you
think should be necessary, I will try it and report back.

Thanks for trying, any other ideas?

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Jorge Enrique Valbuena Vargas
Sent: Wednesday, May 12, 2010 12:59 PM
To: Misc OpenBSD
Subject: Re: VPN Clients Behind OpenBSD 4.6 PF NAT

hi,

what about pass in and pass out with proto esp or ah ?






On Mon, May 10, 2010 at 6:23 PM, dontek don...@gmail.com wrote:

 The only change to sysctl.conf from default install is uncommenting:

 net.inet.ip.forwarding=1
 net.inet6.ip6.forwarding=1

 I am running a slightly pruned version of the FAQ Example: Firewall for
 Home or Small Office pf.conf.
 -
 ext_if=fxp0
 int_if=xl0

 tcp_services={ 22 }
 icmp_types=echoreq

 set block-policy return
 set loginterface $ext_if

 set skip on lo

 match in all scrub (no-df)

 nat on $ext_if from !($ext_if) - ($ext_if:0)
 nat-anchor ftp-proxy/*
 rdr-anchor ftp-proxy/*

 rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021

 block in

 pass out keep state

 anchor ftp-proxy/*

 antispoof quick for { lo $int_if }

 pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services
 flags S/SA keep state

 pass in inet proto icmp all icmp-type $icmp_types keep state

 pass in quick on $int_if
 -

 -Original Message-
 From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
 Jorge Enrique Valbuena Vargas
 Sent: Monday, May 10, 2010 5:47 PM
 To: Don Reis
 Cc: misc@openbsd.org
 Subject: Re: VPN Clients Behind OpenBSD 4.6 PF NAT

 HI,

 can you send the pf.conf and sysctl.conf files ?



 On Mon, May 10, 2010 at 2:56 PM, Don Reis reisd...@gmail.com wrote:

  Hey guys, I got a little problem:
 
 
 
  First let me say I am running a fresh install of OpenBSD 4.6 and besides
  turning on IP forwarding in sysctl and installing the pf.conf example
 from
  the FAQ (modified of course to fit my NIC's), I have changed nothing in
 the
  default install.
 
 
 
  The scenario is I am attempting to connect to various external VPN's
from
  inside my NAT network.  I have tried both the Cisco and Shrew Soft VPN
  Clients with various Cisco and Netgear VPN concentrators and appliances,
  all
  with the exact same results.
 
 
 
  I initiate the connection, Phase 1 completes, Phase 2 completes, the
 tunnel
  comes up.  I'm connected now right, except, packets only flow one
 direction
  over the tunnel,  my outbound traffic gets through the tunnel to the
 remote
  network, but nothing ever comes back.
 
 
 
  If I jack my computer directly into my internet connection, everything
is
  peachy on all clients and all endpoints.
 
 
 
  I've searched quite a bit and almost all of what I find is people
  complaining they can't get a connection over NAT and other people
  recommending various port redirects to a single machine running the VPN
  client to make things work.
 
 
 
  This is of course not like my situation.  All VPN negotiations work just
  fine, I just never receive anything over the tunnel once it's up.
 
 
 
  Give me a clue.  I assume this should just work behind PF NAT, since
both
  clients are negotiating and using NAT-T.
 
 
 
  Thanks,
 
 
 
  don..

Re: pf change in upgrade47.html

[J.C. Roberts]

On Wed, 12 May 2010 20:18:14 + (UTC) Stuart Henderson
s...@spacehopper.org wrote:
  I don't think that line is complete, is it?
 
 that one's okay.
 
 $ echo 'pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port
 8021' | pfctl -nvf -
 pass in quick inet proto tcp from any to any port = ftp flags S/SA
 keep state rdr-to 127.0.0.1 port 8021

It's valid, but if uncommented in the default pf.conf ruleset, it would
allow anyone to use your ftp-proxy due to the following 'pass' rule.

http://www.openbsd.org/cgi-bin/cvsweb/src/etc/pf.conf?rev=1.49;content-type=text%2Fplain

It would be better to prevent such potential abuse by using the
egress interface group. The trouble is the 'on ...' will not allow
the use of parenthesis since it's denoting a group of interfaces
rather than a group of addresses assigned to interfaces. But this
is easily overcome by using 'from (...)' so when the underlying
address(es) change on any interface in the group, the rule will
reevaluated.

NOTE: At present, I don't understand how pf reacts when interface
groups are changed (interfaces added or deleted).


Index: pf.conf
===
RCS file: /cvs/src/etc/pf.conf,v
retrieving revision 1.49
diff -N -u -p pf.conf
--- pf.conf 17 Sep 2009 06:39:03 -  1.49
+++ pf.conf 12 May 2010 22:25:59 -
@@ -8,7 +8,8 @@ set skip on lo
 
 # filter rules and anchor for ftp-proxy(8)
 #anchor ftp-proxy/*
-#pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021
+#pass in quick on !egress proto tcp from !(egress) to port ftp \
+#  rdr-to 127.0.0.1 port 8021
 
 # anchor for relayd(8)
 #anchor relayd/*

Re: pf change in upgrade47.html

[Rod Whitworth]

On Wed, 12 May 2010 15:54:04 -0700, J.C. Roberts wrote:

On Wed, 12 May 2010 20:18:14 + (UTC) Stuart Henderson
s...@spacehopper.org wrote:
  I don't think that line is complete, is it?
 
 that one's okay.
 
 $ echo 'pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port
 8021' | pfctl -nvf -
 pass in quick inet proto tcp from any to any port = ftp flags S/SA
 keep state rdr-to 127.0.0.1 port 8021

It's valid, but if uncommented in the default pf.conf ruleset, it would
allow anyone to use your ftp-proxy due to the following 'pass' rule.

http://www.openbsd.org/cgi-bin/cvsweb/src/etc/pf.conf?rev=1.49;content-type=text%2Fplain

It would be better to prevent such potential abuse by using the
egress interface group. The trouble is the 'on ...' will not allow
the use of parenthesis since it's denoting a group of interfaces
rather than a group of addresses assigned to interfaces. But this
is easily overcome by using 'from (...)' so when the underlying
address(es) change on any interface in the group, the rule will
reevaluated.


What is wrong with the old rule:
rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021
being converted to:
pass in quick on $int_if proto tcp to port ftp rdr-to 127.0.0.1 port
8021
put in a location above any other rule applying to $inf_if  ??

The reason I queried whether the 4.7 construct was correct is that it
applies to traffic from any to any. Even my suggested rule would not be
universal. Maybe there's an ftp server on the LAN.


*** NOTE *** Please DO NOT CC me. I am subscribed to the list.
Mail to the sender address that does not originate at the list server is 
tarpitted. The reply-to: address is provided for those who feel compelled to 
reply off list. Thankyou.

Rod/
---
This life is not the real thing.
It is not even in Beta.
If it was, then OpenBSD would already have a man page for it.

unsupported atheros usb wifi wn721n

[Adam Borbely]

hi!

I just got a tp-link tl-wn721n usb adapter which looks like unsupported.
tried it on current. (vendor/product: 0x0cf3/0x9271)

my question: is there anybody who is working on any driver supporting
!

I just got a tp-link tl-wn721n usb adapter which looks like unsupported.
my question: is there anybody who is working on any driver supporting
this device. if there is then I could help testing it, if there's no one
then i thought it'd be a great opportunity to drive deeper and try to
write the driver for it. any suggestions?

Adamthis device. if there is then I could help testing it, if there's no one
then i thought it'd be a great opportunity to drive deeper and try to
write the driver for it. any suggestions?

Adam
OpenBSD 4.7-current (GENERIC.MP) #557: Tue Apr 27 00:36:31 MDT 2010
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz (GenuineIntel 686-class) 2 
GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM
real mem  = 2145669120 (2046MB)
avail mem = 2067898368 (1972MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 04/07/10, BIOS32 rev. 0 @ 0xfdc70, SMBIOS 
rev. 2.4 @ 0xe0010 (71 entries)
bios0: vendor LENOVO version 7KETC9WW (2.29 ) date 04/07/2010
bios0: LENOVO 8918B8G
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT SSDT 
SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) LURT(S3) DURT(S3) IGBE(S4) EXP0(S4) 
EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) 
USB3(S3) USB4(S3) EHC0(S3) EHC1(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz (GenuineIntel 686-class) 2 
GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 2, remapped to apid 1
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus 4 (EXP2)
acpiprt5 at acpi0: bus 5 (EXP3)
acpiprt6 at acpi0: bus 13 (EXP4)
acpiprt7 at acpi0: bus 21 (PCI1)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpipwrres0 at acpi0: PUBS
acpitz0 at acpi0: critical temperature 127 degC
acpitz1 at acpi0: critical temperature 100 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model 42T4513 serial  5561 type LION oem SANYO
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
acpidock0 at acpi0: GDCK not docked (0)
bios0: ROM list: 0xc/0xf000 0xcf000/0x1000 0xd/0x1000 0xe/0x1!
cpu0: Enhanced SpeedStep 1996 MHz: speeds: 2001, 2000, 1600, 1200, 800 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel GM965 Host rev 0x0c
ppb0 at pci0 dev 1 function 0 Intel GM965 PCIE rev 0x0c: apic 1 int 16 (irq 
10)
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 vendor NVIDIA, unknown product 0x0429 rev 0xa1
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
em0 at pci0 dev 25 function 0 Intel ICH8 IGP M rev 0x03: apic 1 int 20 (irq 
11), address 00:15:58:cb:d4:f4
uhci0 at pci0 dev 26 function 0 Intel 82801H USB rev 0x03: apic 1 int 20 (irq 
11)
uhci1 at pci0 dev 26 function 1 Intel 82801H USB rev 0x03: apic 1 int 21 (irq 
11)
ehci0 at pci0 dev 26 function 7 Intel 82801H USB rev 0x03: apic 1 int 22 (irq 
11)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 Intel 82801H HD Audio rev 0x03: apic 1 int 
17 (irq 11)
azalia0: codecs: Analog Devices AD1984, Conexant/0x2bfa, using Analog Devices 
AD1984
audio0 at azalia0
ppb1 at pci0 dev 28 function 0 Intel 82801H PCIE rev 0x03: apic 1 int 20 (irq 
11)
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 1 Intel 82801H PCIE rev 0x03: apic 1 int 21 (irq 
11)
pci3 at ppb2 bus 3
iwn0 at pci3 dev 0 function 0 Intel Wireless WiFi Link 4965 rev 0x61: apic 1 
int 17 (irq 11), MIMO 2T3R, MoW2, address 00:13:e8:ed:2c:cd
ppb3 at pci0 dev 28 function 2 Intel 82801H PCIE rev 0x03: apic 1 int 22 (irq 
11)
pci4 at ppb3 bus 4
ppb4 at pci0 dev 28 function 3 Intel 82801H PCIE rev 0x03: apic 1 int 23 (irq 
11)
pci5 at ppb4 bus 5
ppb5 at pci0 dev 28 function 4 Intel 82801H PCIE rev 0x03: apic 1 int 20 (irq 
11)
pci6 at ppb5 bus 13
uhci2 at pci0 dev 29 function 0 Intel 82801H USB rev 0x03: apic 1 int 16 (irq 
10)
uhci3 at pci0 dev 29 

Re: pf change in upgrade47.html

[J.C. Roberts]

On Thu, 13 May 2010 09:45:47 +1000 Rod Whitworth
glis...@witworx.com wrote:
 What is wrong with the old rule:
 rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021
 being converted to:
 pass in quick on $int_if proto tcp to port ftp rdr-to 127.0.0.1 port
 8021
 put in a location above any other rule applying to $inf_if  ??
 
 The reason I queried whether the 4.7 construct was correct is that it
 applies to traffic from any to any. Even my suggested rule would not
 be universal. Maybe there's an ftp server on the LAN.

Yep, the 'pass in quick' with 'any to any' in the default pf.conf
ruleset is bad juju, and hence the patch I posted. If deemed acceptable
and committed, I'll patch update47.html accordingly.

But to answer your question, the interface names such as int_if were
intentionally removed since we can now create hardware independent
rulesets by using interface groups. If you're overly accustomed to
using interface names like '$int_if' it takes a bit to wrap your head
around the new interface groups, but they're really cool.

-- 
The OpenBSD Journal - http://www.undeadly.org

=?utf-8?Q?=C2=BFQue_Puede_Hacer_el_Internet_por_su_Negocio?_-_iMex=C2=B410_Auditorio_Hilton_-_Cierre_de_Inscripciones?=

[Fernanda Rivas]

Congreso Nacional Internet Marketing Experts 2010
Lunes 24 de Mayo - Hotel Hilton Guadalajara

[IMAGE]

Congreso Nacional Internet Marketing Experts 2010 Guadalajara

[IMAGE] Lunes 24 de Mayo de 2010

[IMAGE] Auditorio - Hilton Guadalajara

[IMAGE] 9:00 am - 7:00 pm

Ser Visto Para Ser Rentable

El Internet como medio de mercadotecnia ofrece beneficios excepcionales y
un potencial de reconocimiento de marca para todo tipo de industria. Un
evento sin precedentes que propone alternativas de vanguardia y
tecnologCa expuestas por lCderes en el C!mbito. La mercadotecnia por
Internet es altamente rentable, ofrece muchas ventajas C:nicas que la
publicidad tradicional no puede igualar, asC como herramientas de alto
impacto y desempeC1o que desarrollarC!n un verdadero vCnculo entre su
empresa y su mercado meta.

Objetivos y beneficios

B?QuC) puede hacer la mercadotecnia por internet por mi negocio?
b Generar trC!fico a su sitio web o instalaciones fCsicas (generaciC3n
de contactos, ventas, etc.)
b Mejorar sus actividades promocionales en lCnea b una forma mC!s de
llegar a los clientes
b Extender el posicionamiento de su marca en nuevos mercados
b Dar a su negocio una ventaja sobre su competencia
b Reducir sus costos de mercadotecnia a la vez que mejora sus
resultados

Algunos de los temas generales

b Tu presencia en internet
b Posicionamiento, trC!fico objetivo y mercadotecnia online
b Impacto de las redes sociales como estratC)gia de negocios
b Mobile Marketing
b e-mail Marketing

[IMAGE]

Lic. Fernanda Rivas
Sales Development Representative
Line 1: +52 (33) 1201-6898
Line 2: +52 (33) 1562-1784
Line 3: +52 (33) 3110-6502

InversiC3n del Evento
$3,800B:B: + IVA
Cuota por Participante[IMAGE]
PromociC3n Especial a Grupos

Copyright (C) 2010, Congress  Marketing Online S.C. Derechos reservados.
Congress  Marketing, El logo de Congress  Marketing, y Congress 
Marketing Online S.C. son marcas registradas y/o sus filiales en Estados
Unidos, Canada, Colombia, Brasil y Uruguay. ADVERTENCIA Congress 
Marketing no cuenta con alianzas estrategicas de ningun tipo dentro de la
republica mexicana. NO SE DEJE ENGACAR - DIGA NO A LA PIRATERIA. Todos
los logotipos, marcas comerciales e imC!genes son propiedad de sus
respectivas corporaciones y se utilizan con fines informativos solamente.

Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Congress
 Marketing o bien un usuario le refirio para recibir este newsletter.
Como usuario de Congress  Marketing, en este acto autoriza de manera
expresa que Congress  Marketing le puede contactar vCa correo
electrC3nico u otros medios. Si usted ha recibido este mensaje por error,
haga caso omiso de el y reporte su cuenta respondiendo este correo con el
subject BAJA CM000SCRMZ. Unsubscribe to this mailing list, reply a blank
message withe the subject UNSUBSCRIBE CM000SCRMZ Tenga en cuenta que la
gestiC3n de nuestras bases de datos es de suma importancia y no es
intenciC3n de la empresa la inconformidad del receptor.

Seminario sobre TOMA DE DECISIONES Y ADM. DEL TIEMPO - Montevideo, miercoles 19 de mayo.

[Ciclo de eventos 2010 - Uruguay]

Ciclo 2010

SEMINARIOS PRACTICOS INTENSIVOS



TOMA DE DECISIONES Y 

ADMINISTRACISN EFICAZ DEL TIEMPO



Herramientas para optimizar los resultados y mejorar nuestra productividad

MIIRCOLES 19 DE MAYO - HOTEL LAFAYETTE - MONTEVIDEO - DE 19 A 22 HS.



OBJETIVO:

En la actualidad, es cada vez mas complicado concentrarse en un solo proyecto 
urgente, ya que las cargas laborales son excesivas y todas son prioridad.



Esto interfiere en su vida familiar y profesional, ya que su imagen se ve 
daqada al no considerarsele altamente efectivo. Por ello hemos diseqado este 
seminario, el cual le ayudara a definir, organizar, desarrollar y culminar con 
ixito todos sus proyectos.



Se presentaran distintos aspectos que intervienen en la toma de decisiones con 
el propssito de ayudar al participante a identificar las oportunidades de 
mejora en su gestisn empresarial o privada.

Procesos sicolsgicos: Procrastinacisn y Autoengaqo.

Intereses de grupo y de sus partes. Por que no se hace lo que se sabe debiera 
hacerse?

Escenarios posibles, probabilidades y valor econsmico de los resultados. Con 
mmnima matematica. 

Lo que habrma que saber para mejor decidir y su costo en tiempo y dinero.

Razones desconocidas para hacer cosas. Creacisn de oportunidades.

Las Emociones y la Decisisn.

Se entregaran repartidos desarrollados aunque no alcanzara el tiempo para 
tratarlo profundamente todo.

Como administrar el tiempo

Como organizar y gestionar las tareas

EXPONEN:

 - Ing. Eustaquio Vera Iglesias: Master en administracisn (Universidad 
Standford, EE.UU.) y docente universitario.

 - Pablo W. Dorrego Duarte: Especializado en liderazgo (SRV, Houston) y 
gerencia (ESADE, Espaqa).

 - Se incluye diploma y material

INVERSISN:

$ 900 pesos (inscribiindose hasta el 17/5: $ 700).

Grupos pagan 2 entran 3, consulte por descuentos para asistentes del interior.

Informes y reservas: (02) 315 3330, Montevideo.

 

RESERVE HOY SU CUPO Y OBTENGA BENEFICIOS

 



 

Gracias por recibir esta propuesta por e-mail y no deseamos ser molestia para 
usted por dicha vma intentando las mmnimas comunicaciones.

Si no desea recibir mas mensajes envmenos un correo con la palabra remover o 
baja en el asunto, y el sistema automaticamente lo realiza.

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
le_mailings.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
tomad.jpg]

PMS DE MÉXICO LO INVITA A PARTICIPAR: SEMINARIO DE ALMACENES E INVENTARIOS PARA MEJOR CONTROL

[Lic. Hector Garcia]

PMS de MC)xicoB. lo invita al excelente seminario: 

Estrategias y TC)cnicas de SupervisiC3n y OrganizaciC3n de bAlmacenes e
Inventariosb 

MC)xico D.F. 24 De Mayo 2010

Una C3ptima ejecuciC3n en la cadena de suministro comienza con
planeaciC3n estratC)gica y procesos de negocio definidos. Los elementos
de la cadena, bien administrados apoyan la operaciC3n logCstica. El
resguardo de materiales resulta mC!s eficiente cuando va de la mano de
conceptos aplicados en concordancia con la estrategia del negocio.

Objetivos del seminario:

-Comprender el proceso de administraciC3n y su influencia en el
almacC)n. 

-Aplicar la Ley de Pareto para eficientar la confiabilidad de los
registros operativos. 

-Identificar los principios de administraciC3n de inventarios y los
sistemas de reposiciC3n mC!s comunes. 

-Aplicar conceptos en ejercicios y casos prC!cticos

Resultados:

Relacionar la importancia estratC)gica del almacC)n conforme los
objetivos del negocio. 

Ubicar el papel de PlaneaciC3n, Compras, Proveedores e Inventarios dentro
de la Cadena de Suministro, AplicaciC3n prC!ctica de conceptos en
ejercicios y dinC!micas.

Dirigido a:

Responsables de LogCstica, Inventarios, AlmacC)n, Planeadores de
materiales y Encargados de abastecimiento o compra de materiales 

Mayores informes responda este correo electrC3nico con los siguientes
datos. 

Empresa:

Nombre: 

TelC)fono: 

Email. 

NC:mero de Interesados:

Y en breve le haremos llegar la informaciC3n completa del evento. 

O bien comunCquese a nuestros telC)fonos un ejecutivo con gusto le
atenderC!. 

Tels. (33) 8851-2365, (33) 8851-2741, (33)3125-4658.

Reciba un cordial saludo.

Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de
MC)xico o bien un usuario le refiriC3 para recibir este boletCn. 

Como usuario de Pms de MC)xico, en este acto autoriza de manera expresa
que Pms de MC)xico le puede contactar vCa correo electrC3nico u otros
medios. Si usted ha recibido este mensaje por error, haga caso omiso de
el y reporte su cuenta respondiendo este correo con el subject
BAJAALMACEN

Unsubscribe to this mailing list, reply a blank message with the subject
UNSUBSCRIBE ALMACEN 

Tenga en cuenta que la gestiC3n de nuestras bases de datos es de suma
importancia y no es intenciC3n de la empresa la inconformidad del
receptor.

Re: X exiting after update (inteldrm error)

[David Coppa]

On Wed, May 12, 2010 at 11:34 PM, J.C. Roberts list-...@designtools.org wrote:

 Bummer. I've been testing the new intel driver (with GEM) for a few
 weeks and it still has a few bugs with old 82845G. In my case, the
 screen gets corrupted, but X doesn't actually crash. This happens
 repeatably when switching to/from virtual terminals, and happens
 occasionally when flipping between xterms and gtk-based apps in X.
 Of course, once it's corrupted, a subsequent VT switch will crash X,
 but the corruption alone does not.

I'm experiencing exactly the same issue on my X41 (915GM).

ciao,
david

OpenBSD 4.7 pictures

[Jordan Earls]

Just thought I'd share some pictures.

OpenBSD 4.7 just arrived in the mail today(I'm in Oklahoma, USA).
Checkout http://earlz.biz.tm/openbsd_pics/  for pictures of some of it