Re: ls in color

[Jean-François Simon]

Also can be using parameters for example:

export CLICOLOR=1
export LSCOLORS=ExfxcxdxCxegedabagacad

Jean-François

On 12/8/23 19:47, Mike Larkin wrote:

On Fri, Dec 08, 2023 at 07:41:23PM +0100, Karel Lucas wrote:

Hi all,

In openBSD V7.4 I would like to see the output of ls in color, and therefore
would like to know how to configure that. The output of "man ls" provides no
information about this. Can anyone give me a tip?


pkg_add colorls

alias ls='/usr/local/bin/colorls -GF'

Re: OpenBSD 7.4 released -- Oct 16, 2023

[Jean-François Simon]

Awesome new release as usual and the artwork is also superb.

Regards, Jean-François

Re: Asked ChatGPT 4 about contributing to OpenBSD, this was its reply

[Jean-François Simon]

Guess it did a pretty standard response, it's not really saying as much 
as the FAQ does so long as i'm concerned. Faq and man pages better 
starting point.


On 9/27/23 16:10, Christoff Humphries wrote:





--- Original Message ---
On Wednesday, September 27th, 2023 at 2:07 PM, Ingo Schwarze  
wrote:




Christoff Humphries wrote on Wed, Sep 27, 2023 at 01:21:42PM +:


Asked ChatGPT 4 about contributing to OpenBSD, this was its reply


That's both totally pointless and completely off topic here.

Gimme a break, ChatGPT is a fucking language model, so it aims for
very little except grammatical correctness of its responses.

As expected, parts of the reply are pilfered from official,
authoritative resources, parts are common sense truisms of
varying relevance, and parts are totally misleading rubbish
that may all the same sound convincing to the ignorant.

Without prior knowledge, you have no idea which is which.
With prior knowledge, you have no need for any of it.

Indeed my mistake. I have been informed of my mistake in posting it.
I didn't mean to start negativity and division, I thought it was
interesting and helpful.

I appreciate the folks that also emailed me off-list to let me know.

I meant no harm and do apologize. I'd delete the post if I could.

Re: Does openBSD come with a web browser?

[Jean-François Simon]

Neat

On 9/25/23 02:03, Christoff Humphries wrote:

The FAQ is nice, but there are also folks out there that have written
some additional handy resources, such as:

- https://www.k58.uk/openbsd.html (on installing and getting XFCE
   and Firefox working, including changes to staff group to increase
   allowed resource limits, etc)

- https://www.openbsdhandbook.com/ (howtos on many things)
-- including https://www.openbsdhandbook.com/services/webserver/ssl/
(how to setup httpd with acme-client with multiple domains)


Note that after you install packages via pkg_add, there may be a
note displayed telling you to read a file. Within that file is
important information you should know. They're usually in the
/usr/local/share/doc/pkg-readmes directory and you should read them.

For Firefox in particular it will tell you things you may want to
do to get the behavior you're used to. See:
https://github.com/openbsd/ports/blob/master/www/mozilla-firefox/pkg/README

And for XFCE:
https://github.com/openbsd/ports/blob/master/meta/xfce/pkg/README-main



--- Original Message ---
On Sunday, September 24th, 2023 at 11:34 PM, Jean-François Simon 
 wrote:




Hi Eric,

You'll find how to install OpenBSD following FAQ pretty easily.

After install, you'll be able to add packages (install software) with a
simple internet connection.

You'd have to install for example XFCE, Thunderbird, Firefox, Chromium.

OpenBSD base install does includes a set of GUI and packages, but not a
full fledged OS, but that's easy to do and above recommended packages
should do well.

Forget about searches, at this point you can easily start install base
OS, packages, if needed get help on mail list or IRC, first go to the
man and FAQ on website, they provide a path to get you up and running no
difficulty.

Regards

Jean-François


On 9/12/23 08:21, Eric Demer wrote:


(I am considering getting a laptop with openBSD, but have
not yet done so, which is why I can't easily check on my own.)

Does openBSD come with a web browser?
The "the FAQ and" parts of https://www.openbsd.org/mail.html
suggest that it does, but I haven't found any more
detail regarding this at https://www.openbsd.org/ .
Quite frankly, if you're incapable of using one, I'd steer clear.
The answer to this is the result of a very basic web search.
Cheers!

Perhaps I should steer clear anyway, but what's probably
the reason I didn't find that answer may change things.

Specifically, do you find that information with a basic web search
while using none of Stackexchange , Reddit , Youtube , Google ?

For the reasons explained in the following paragraphs, I am
not willing to use those four sites. I still got into results saying
that one can easily install Firefox on openBSD, and remember at
least one result saying that some people use Lynx on it, but those
didn't address whether there's one that comes already installed.

I did go into results saying that one can easily install
Firefox on openBSD, and remember at least one result saying
that some people use Lynx on it, but those didn't
address whether there's one that comes already installed.
The other search results (from using duckduckgo) I found
that mentioned openBSD - as opposed to just freeBSD -
were all from stackexchange and reddit and youtube.

I left Stackexchange when it adopted Terms according to which,
them changing those terms other than the arbitration clause
as I am scrolling a page on their site would result in
me being bound by whatever they changed the Terms to.
Since the trigger for those Terms was something like,
using their Network in any way, I have never intentionally
gone back there, and have left immediately when I've
accidentally when I've accidentally gone back there.
(In particular, if they no longer have
such Terms then I don't know that.)

My brief search for Reddit's Terms brought up Reddit
result previews suggesting that Reddit's Terms are also
such that according to them, using their site to view
their terms would constitute acceptance of those terms.
Furthermore, according to
https://github.com/OpenTermsArchive/contrib-versions
/blob/main/Reddit/Terms%20of%20Service.md
, the changes provision in Reddit's Terms manages
to be even worse than that of Stackexchange's Terms:
Its change-acceptance is from access to or use of "the Services on or
after the Effective Date of the revised Terms", and it does not say
the Effective Date can't be before the revised Terms were posted.

Youtube's Terms are better, but (0) it's Google, and
(1) the "launch a new product or feature" exception is
merely a timing restriction: It's not limited to changes
that have anything else to do with the new product or feature.
Google's Terms seem to have the same changes provision.

Eric Demer

Re: Does openBSD come with a web browser?

[Jean-François Simon]

Hi Eric,

You'll find how to install OpenBSD following FAQ pretty easily.

After install, you'll be able to add packages (install software) with a 
simple internet connection.


You'd have to install for example XFCE, Thunderbird, Firefox, Chromium.

OpenBSD base install does includes a set of GUI and packages, but not a 
full fledged OS, but that's easy to do and above recommended packages 
should do well.


Forget about searches, at this point you can easily start install base 
OS, packages, if needed get help on mail list or IRC, first go to the 
man and FAQ on website, they provide a path to get you up and running no 
difficulty.


Regards

Jean-François


On 9/12/23 08:21, Eric Demer wrote:

(I am considering getting a laptop with openBSD, but have
not yet done so, which is why I can't easily check on my own.)
  
Does openBSD come with a web browser?

The "the FAQ and" parts of https://www.openbsd.org/mail.html
suggest that it does, but I haven't found any more
detail regarding this at https://www.openbsd.org/ .

Quite frankly, if you're incapable of using one, I'd steer clear.
The answer to this is the result of a very basic web search.
Cheers!



Perhaps I should steer clear anyway, but what's probably
the reason I didn't find that answer may change things.

Specifically, do you find that information with a basic web search
while using none ofStackexchange , Reddit , Youtube , Google  ?

For the reasons explained in the following paragraphs, I am
not willing to use those four sites.  I still got into results saying
that one _can easily install_ Firefox on openBSD, and remember at
least one result saying that some people _use_ Lynx _on_ it, but those
didn't address whether there's one that comes _already_ installed.


I did go into results saying that one _can easily install_
Firefox on openBSD, and remember at least one result saying
that some people _use_ Lynx _on_ it, but those didn't
address whether there's one that comes _already_ installed.
The other search results (from using duckduckgo) I found
that mentioned openBSD - as opposed to just freeBSD -
were all from stackexchange and reddit and youtube.

I left Stackexchange when it adopted Terms according to which,
them changing those terms other than the arbitration clause
as I am scrolling a page on their site would result in
me being bound by whatever they changed the Terms to.
Since the trigger for those Terms was something like,
using their Network in any way, I have never intentionally
gone back there, and have left immediately when I've
accidentally when I've accidentally gone back there.
(In particular, if they no longer have
such Terms then I don't know that.)

My brief search for Reddit's Terms brought up Reddit
result previews suggesting that Reddit's Terms are also
such that according to them, using their site to view
their terms would constitute acceptance of those terms.
Furthermore, according to
https://github.com/OpenTermsArchive/contrib-versions
/blob/main/Reddit/Terms%20of%20Service.md
,  the changes provision in Reddit's Terms manages
to be even worse than that of Stackexchange's Terms:
Its change-acceptance is from access to or use of "the Services on or
after the Effective Date of the revised Terms", and it does not say
the Effective Date can't be _before_ the revised Terms were posted.

Youtube's Terms are better, but (0) it's Google, and
(1) the "launch a new product or feature" exception is
merely a timing restriction:  It's not limited to changes
that have anything else to do with the new product or feature.
Google's Terms seem to have the same changes provision.




Eric Demer

Re: Installing openBSD

[Jean-François Simon]

Further multi-boot is absolutely not a good idea from experience. Some OS
just don't care about your boot, they claim they own the platform and will
occasionally quite mess with it.

That's not just Windows.

Best option is multi drive and select bootable drive on bios short-key 
but each

one is essentially its own complete OS/Boot partition independently from the
others.

That's pretty safe and working not too bad.

Regard

Jean-François

On 7/31/23 19:08, Theo de Raadt wrote:

Multiboot support will never be a priority in OpenBSD.

None of the developers are using multiboot scenarios.  We develop and
test OpenBSD to support what we use, that is why it is so good at what
it does, and that is also also why it sucks ass for multiboot.

I suggest you get over it.  If that is a dealbreaker, I guess OpenBSD
is not for you!

We'll be perfectly happy if people insisting on multiboot go elsewhere.
They'll be happier also.

ykla  wrote:


Actually, I think it's a bug that OpenBSD cannot create EFI partitions 
manually. File
systems that write MSDOS, mount points that write /boot/efi, or none at all are 
not
recognized by the system, and the installer will indicate that it can't install 
the
boot and fail to boot the system. If you want to use a custom partition, you 
must
first use AutoPartition to create a number of partitions, including an 
i-partition,
i.e., an efi partition. Then do it manually by deleting the partitions other 
than the
i-partition. This is the only way to customize the partition. Any manually 
created efi
partition system will not be recognized.

Umgeher Torgersen  于 2023年8月1日周二 上午12:21写道：

  On Mon, Jul 31, 2023 at 09:37:13AM -0600, Theo de Raadt wrote:
  > Omar Polo  wrote:
  >
  > > On 2023/07/31 17:19:59 +0200, Karel Lucas  wrote:
  > > >
  > > > Hi,
  > > >
  > > > But fdisk also has an option to edit the existing partition table.
  > >
  > > only if you want to do stuff manually, which from the thread I assume
  > > you don't need.
  > >
  > > > This
  > > > allows me to delete only the partitions related to PfSense without
  > > > deleting the (U)EFI partition.
  > >
  > > yeah, if you ask to do things by yourself, you get to do the things
  > > manually :)
  > >
  > > > The question here is whether I will need
  > > > it to boot openBSD's root partition.
  > >
  > > choose 'use whole disk' and let the installer nuke and re-create the
  > > partition table.  it'll do the right thing for a standard
  > > installation.
  > >
  >
  > Karel,
  >
  > I will be going for a walk first.
  >
  > I'm trying to figure out if I should put my left foot first.
  > Or should it be the right?

  both

  > I'm so terribly confused!  I would not want to put the wrong foot first.
  >

Re: Installing openBSD

[Jean-François Simon]

Always the right one

On 7/31/23 17:37, Theo de Raadt wrote:

Omar Polo  wrote:


On 2023/07/31 17:19:59 +0200, Karel Lucas  wrote:

Hi,

But fdisk also has an option to edit the existing partition table.

only if you want to do stuff manually, which from the thread I assume
you don't need.


This
allows me to delete only the partitions related to PfSense without
deleting the (U)EFI partition.

yeah, if you ask to do things by yourself, you get to do the things
manually :)


The question here is whether I will need
it to boot openBSD's root partition.

choose 'use whole disk' and let the installer nuke and re-create the
partition table.  it'll do the right thing for a standard
installation.


Karel,

I will be going for a walk first.

I'm trying to figure out if I should put my left foot first.
Or should it be the right?

I'm so terribly confused!  I would not want to put the wrong foot first.

Re: Home NAS

[Jean-François Simon]

Hi,

I found it, there exist glastree which is available from ports.

Nice small "poor man's" backup as the author qualifies,
though makes incremental backup through hard links:

# if yesterday does not exist or today is newer, copy the file
# else hard link the file to yesterday

Ports: http://ports.su/sysutils/glastree
Source: https://github.com/jeremywohl/glastree

You can simply run it from crontab and even setup a short time daily and long 
time monthly
or what ever else suits best through running the utility with different 
configurations from
multiple crontab lines (daily, monthly, etc ...)

glastree-1.04p0 – poor man's daily snapshot

The poor man's daily snapshot, glastree builds live backup trees, with
branches for each day. Users directly browse the past to recover older
documents or retrieve lost files. Hard links serve to compress out
unchanged files, while modified ones are copied verbatim. A prune
utility effects a constant, sliding window.

Satoru Takabayashi has written a similar program, in Ruby, pdumpfs.

Inspired by Plan9, of course.

Regards,
Jean-Francois

Le 15 nov. 2019 à 11:04, Raf Czlonka a écrit :

> On Fri, Nov 15, 2019 at 08:54:54AM GMT, Andrew Luke Nesbit wrote:
>> On 15/11/2019 10:11, gwes wrote:
>> 
>>> The backup(8) program can assist this by storing deltas so that
>>> more frequent backups only contain deltas from the previous
>>> less frequent backup.
>> 
>> I've not used backup(8) before, thanks for the suggestion.  I will have a
>> look.
>> 
> 
> Hi Andrew,
> 
> There is no backup(8) - gwes either meant a generic "backup" software,
> or dump(8), and restore(8), specifically.
> 
> Regards,
> 
> Raf
> 

Re: Home NAS

[Jean-François Simon]

Hi,

I remind there was an incremental backup which I used to run in cron,
doing good job of making daily, weekly and monthly backups of deltas.

I could not find the name of this, it was available from packages as far as I 
remember
and created directory trees to the dates filled in with only modified files.

Jean-François 

Le 15 nov. 2019 à 11:04, Raf Czlonka a écrit :

> On Fri, Nov 15, 2019 at 08:54:54AM GMT, Andrew Luke Nesbit wrote:
>> On 15/11/2019 10:11, gwes wrote:
>> 
>>> The backup(8) program can assist this by storing deltas so that
>>> more frequent backups only contain deltas from the previous
>>> less frequent backup.
>> 
>> I've not used backup(8) before, thanks for the suggestion.  I will have a
>> look.
>> 
> 
> Hi Andrew,
> 
> There is no backup(8) - gwes either meant a generic "backup" software,
> or dump(8), and restore(8), specifically.
> 
> Regards,
> 
> Raf
> 

Re: Gdm and Gnome with OpenBSD 5.2

[Jean-François SIMON]

2012/11/12 Antoine Jacoutot 

> On Mon, Nov 12, 2012 at 09:40:51PM +0100, Jean-François SIMON wrote:
> > Dear all,
> >
> > I am sorry, I can't work out finding gdm or running Gnome with OpenBSD
> 5.2,
> > could someone please send a link or some informations ?
> > I used to have it working before, just now I would like xdm to launch
> gnome
> > but starting gnome-session ends up with various errors and back to xdm
> > console.
> >
> > Sorry again and thanks for help
>
> # pkg_add gnome
>
> Then read this:
> /usr/local/share/doc/pkg-readmes/gnome-*
>
> If it still fails, provide error messages..
>
> --
> Antoine
>

Perfect !

Gdm and Gnome with OpenBSD 5.2

[Jean-François SIMON]

Dear all,

I am sorry, I can't work out finding gdm or running Gnome with OpenBSD 5.2,
could someone please send a link or some informations ?
I used to have it working before, just now I would like xdm to launch gnome
but starting gnome-session ends up with various errors and back to xdm
console.

Sorry again and thanks for help

JF

RAID hardware

[Jean-François SIMON]

Hello,

I would like to know which hardware you'd recommend for use with softraid
for at least 4 HD ? I am looking for hardware which would suipport plug
live change of a failed drive.
If you have good experiences with some hardware, I would be interested in
your experience.

Thank you

J-F.

forgot to fdisk -i sd2

[Jean-François SIMON]

Hello,

Yesterday, I have asked someone to install, disklabel, newfs and mount a
disk on a small local server machine.
I have forgotten to fdisk -i in the first place, it does however apparently
work well.

Please could you let me know which type of problem there could be or not at
all if we do not fdisk -i this particular disk in the future, for normal
storage use ...

Thanks for help,

Jean-François

Re: daily script - running through all drives

[Jean-François SIMON]

2011/6/15 Jean-Frangois SIMON 

> Hello,
>
> Backing up this question, I've not yet been able to clearly understand
> which part of the dail / security script makes the system to go through all
> disks and certainly dive into the whole of the file system directory.
>
> Has one soul an answer ?
>
> Jean-Frangois
>

Sorry, I just understand that apparently this is related to a patch. I've
been using 4.4 for a while.

http://www.openbsd.org/plus46.html

   - Make the
security(8)
script
   honor the SUIDSKIP variable to exclude paths from setuid and device
checks.

daily script - running through all drives

[Jean-François SIMON]

Hello,

Backing up this question, I've not yet been able to clearly understand which
part of the dail / security script makes the system to go through all disks
and certainly dive into the whole of the file system directory.

Has one soul an answer ?

Jean-Frangois

Control of OpenBSD through a web interface

[Jean-François SIMON]

Hi,

I have a remote controlled machine which I manage by ssh and yet I'm in the
process of making up a small web page through which basic commands can be
passed.

I have no clear idea regarding how to design this, in the first place I
thought about a cgi script written in C which I did manage to have it say
"hello world" at the present time, but not yet much more.

There's not yet clear clues regarding how to make this peace of web
interface talk to the system and I would like to make it clean by means of
elegant way to deal with web page <-> system communication.

Any clue regarding the way it could be ?

Thanks,

Jean-Frangois

Re: faq 14.15

[Jean-François SIMON]

It is an interesting advice in manpage point 1. We should always keep that
in mind.

2011/5/30 Martin Schrvder 

> 2011/5/30 Jean-Frangois SIMON :
> > scanffs is not is my manual "man scanffs" => no results
> >
> > Is this ad addon program ?
>
> http://www.openbsd.org/faq/faq14.html#OhBugger :-)

Re: faq 14.15

[Jean-François SIMON]

Hi

scanffs is not is my manual "man scanffs" => no results

Is this ad addon program ?

2011/5/29 russell 

> Just a thank you for the awesome documentation.
>
> Was upgrading my home file server, doing my normal half assed job.
> decided to install 49 while I was at it and during the disklabel
> "I though my new disk was bigger?, oh shit..."
>
> "you do keep a backup disklabel right?",  "well... err... *cough* I do
> now."
>
> and then the angels sang out, a beam of light came down
> and when the glare settled there was faq 14.15
>
> /var/backup! score! I have a copy of that somewhere.
>
> bonus: scanffs(8), my new favorite man page.

Re: Loggin dmesge

[Jean-François SIMON]

Ah ok. Sorry was clear but I missed it.

Regards

2011/5/29 Peter N. M. Hansteen 

> Jean-Frangois SIMON  writes:
>
> > Are kernel messages logged (blue lines appearing e.g. device plugged, etc
> > ...) ? Obviously not in /var/log files.
> > In negative, is this possible to log them up ?
>
> Take a look in /var/log/dmesg.boot and /var/log/messages. It should all
> be there.
>
> - Peter
> --
> Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
> "Remember to set the evil bit on all malicious network traffic"
> delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Loggin dmesge

[Jean-François SIMON]

Are kernel messages logged (blue lines appearing e.g. device plugged, etc
...) ? Obviously not in /var/log files.
In negative, is this possible to log them up ?
Thanks,
J-F

Re: Loggin dmesge

[Jean-François SIMON]

All

Thanks for your answers, I've set up my question not accurately enought. I
would like to have a file logging the activity of dmesg after boot as well.
I'm not sure it is the reight way to set it up.

Here's my problem, I've seen on the screen in console tty0 the blue lines of
kernel messages which were related to hard drive hardware failures being
catched and automatically repaires in the way the hard disk are able to
manage them.

Those informations were as I said coming from kernel and therefore I would
like to log them and have a review after a while, e.g. if the machine is
rebooted meanwhile they are not lost.

So I assumed they were shown through dmesg, but I'm not sure about this.
Maybe you could help me a bit.

Regards

Loggin dmesge

[Jean-François SIMON]

Hello,

Please could you help me to log all messages of dmesg to a file - I've been
reading the man pages syslogd & its conf file but I'm not sure how to
properly set it up ...

Thanks

ftpd and port rdr-to

[Jean-François SIMON]

Hello,

I've been using ftpd behind a firewall for internet interface while
it's running all ports open on sub-net of course.

I basically am using a redirect rule on the external interface so as
not to keep port 21 open on the web this in pf.conf the following rule

pass in on $ext_if proto tcp to port 30021 rdr-to 127.0.0.1 port 21
pass in on $ext_if proto tcp to port > 49151

Is this a  correct way to do it ? It does work well, I have seen
things about proxy, is it needed ? What would it change ?

Regards

Re: RAID support

[Jean-François SIMON]

Hi,

Can we add, remove or change the chunks hard drives, rebuild, without
re-constructing the RAID ?

Regards

2010/10/7 Jean-Francois 

> Hi,
>
> Doing tests, I could not always do properly the kick off of a rebuild.
> What is exactly the procedure for doing a rebuild with bioctl -R ?
>
> In particular I don't understand, when you have say a build with chunks
> sd0a
> and sd1a, then remove one chunk, plug a new one, if it doe'nt appear as sd1
> but sd2 or whatever, then how do you attach it to the raid device - which
> is
> waiting for a sd1a (the offline device) ?
>
> Regards

problem with samba / broadcast

[Jean-François SIMON]

Hello,

I have tonight a small problem, if you could please check and see if
something is wrong here.
The samba share seems blocked, the packets are not broadcasted.

Thanks.

# tcpdump -eni pflog0
03:41:26.500159 rule 30/(match) block in on re1: 192.168.0.195.138 >
192.168.0.255.138: udp 207
03:41:49.296060 rule 30/(match) block in on re1: 192.168.1.186.137 >
192.168.1.255.137: udp 50

re1: flags=8b43 mtu
1500
lladdr 00:08:64:a9:51:81
priority: 0
media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
status: active
inet6 fe80::208:54ff:fea8:5181%re1 prefixlen 64 scopeid 0x2
inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255

ext_if="re0"
int_if="re1"

set skip on lo
match in all scrub (no-df max-mss 1440)

match out on $ext_if from 192.168.1.0/24 to any nat-to ($ext_if)

match in on $ext_if proto tcp from any to any port 4466 rdr-to
192.168.100.196
match in on $ext_if proto tcp from any to any port 3729 rdr-to
192.168.100.195
match in on $ext_if proto tcp from any to any port 3730 rdr-to
192.168.100.192
match in on $ext_if proto tcp from any to any port 3731 rdr-to
192.168.100.193
match in on $ext_if proto tcp from any to any port 3733 rdr-to
192.168.100.190
match in on $ext_if proto tcp from any to any port 3728 rdr-to 192.168.100.4
match in on $ext_if proto udp from any to any port 3740 rdr-to
192.168.100.187
match in on $ext_if proto udp from any to any port 46655 rdr-to
192.168.100.4
match in on $ext_if proto tcp from any to any port 3734 rdr-to
192.168.100.186
match in on $ext_if proto tcp from any to any port 3727 rdr-to
192.168.100.183
match in on $ext_if proto tcp from any to any port 3735 rdr-to
192.168.100.181
match in on $ext_if proto {tcp,udp} from any to any port 3389 rdr-to
192.168.100.186
match in on $ext_if proto tcp from any to any port 5800 rdr-to
192.168.100.186
match in on $ext_if proto tcp from any to any port 5900 rdr-to
192.168.100.186
match in on $ext_if proto tcp from any to any port 5801 rdr-to
192.168.100.181
match in on $ext_if proto tcp from any to any port 5901 rdr-to
192.168.100.181
match in on $ext_if proto tcp from any to any port 5902 rdr-to
192.168.100.193
match in on $ext_if proto tcp from any to any port 5903 rdr-to
192.168.100.183
match in on $ext_if proto {tcp,udp} from any to any port 80 rdr-to
192.168.100.184
match in on $ext_if proto {tcp,udp} from any to any port 20 rdr-to
192.168.100.184
match in on $ext_if proto tcp from any to any port 16022 rdr-to
192.168.100.186
match in on $ext_if proto udp from any to any port 63112 rdr-to
192.168.100.186
match in on $ext_if proto udp from any to any port 3726 rdr-to 192.168.100.3
match in on $ext_if proto udp from any to any port 31336:31341 rdr-to
192.168.100.186

pass out# connexions sortantes passantes
block in log all# connexions entrantes bloqueees par defaut

antispoof for $ext_if
pass in on $int_if proto icmp to any tagged macok
pass in on $int_if proto tcp to any tagged macok
pass in on $int_if proto udp to any tagged macok
pass in on $ext_if proto icmp to any
pass in on $ext_if proto {tcp,udp} to any port 3389
pass in on $ext_if proto udp to any port 3726
pass in on $ext_if proto tcp to any port 3727:3731
pass in on $ext_if proto tcp to any port 3733:3735
pass in on $ext_if proto udp to any port 3740
pass in on $ext_if proto tcp to any port 4466
pass in on $ext_if proto tcp to any port 5800:5801
pass in on $ext_if proto tcp to any port 5900:5903
pass in on $ext_if proto tcp to any port 16022
pass in on $ext_if proto udp to any port 63112
pass in on $ext_if proto udp to any port 46655
pass in on $ext_if proto {tcp,udp} to any port 20
pass in on $ext_if proto {tcp,udp} to any port 80

pass in on bridge1

# cat
/etc/hostname.bridge0

# **
# * Pour modifier les adresses adresses MAC, modifier la section I *
# **

# On cree un pont filtrant
add re1 -learn re1

# *
# * Section I (debut) *
# *

# DEBUT DES REGLES DE FILTRAGE MAC
# Adresses MAC des postes clients connus

rule pass in on re1 src c8:0a:a9:20:02:44 tag macok # PC portable JB
rule pass in on re1 src F0:DE:F1:07:56:77 tag macok # PC portable J-F

# FIN DES REGLES DE FILTRAGE MAC

# ***
# * Section I (fin) *
# ***

# activation du pont filtrant
up

preserving editor files

[Jean-François SIMON]

Hi All,

At start-up the OS stays several minutes on "preserving editor files".

Could you please inform me what to do about this  what is the system
then doing ? Is it normal ?

Thanks & regards

Re: network configuration problems

[Jean-François SIMON]

/etc/netstart issue ...

Thanks for this note, my mistake, of course it runs fine with /bin/sh.

Ok now everything goes right, but I don't understand the new philosophy of
the network address translation in pf.conf.

What is the equivalent for the following :
nat on $ext_if from ($int_if:network) -> ($ext_if)

Could it be :
match out on $ext_if from 192.168.0.0/16 to any nat-to ($ext_if)

What is the reason for changing this set of rules ? Is there now more
flexibility with NAT rules than it used to be ?

Thanks.

network configuration problems

[Jean-François SIMON]

Hi All,

I have some problem with network in OpenBSD 4.7.

The netstart script does strange output :

# bash /etc/netstart
/etc/netstart: line 44: set: -A: invalid option
set: usage: set [--abefhkmnptuvxBCHP] [-o option-name] [arg ...]
WARNING: /etc/hostname.re0 is insecure, fixing permissions
DHCPREQUEST on re0 to 255.255.255.255 port 67
DHCPACK from 192.168.30.1 (00:19:4b:07:6c:ad)
bound to 192.168.30.11 -- renewal in 302400 seconds.
/etc/netstart: line 44: set: -A: invalid option
set: usage: set [--abefhkmnptuvxBCHP] [-o option-name] [arg ...]
WARNING: /etc/hostname.re1 is insecure, fixing permissions
/etc/netstart: line 284: syntax error in conditional expression: unexpected
token `('
/etc/netstart: line 284: syntax error near `@(*'
/etc/netstart: line 284: `[[ $gw == @(*:*) ]] && continue'

One point being insecure permissions but they look good :# ls -l
/etc/hostname.*

-rw---  1 root  wheel  444 Jun 19 21:15 /etc/hostname.bridge0
-rw---  1 root  wheel5 Jun 13 01:53 /etc/hostname.re0
-rw---  1 root  wheel   66 Jun 13 20:18 /etc/hostname.re1

The other fact being not creating the bridge :
# cat
hostname.bridge0

add re1 -learn re1
rule pass in on re1 src 00:25:32:1b:d5:10 tag macok
rule pass in on re1 src 00:08:64:a8:71:81 tag macok
up

#
ifconfig

lo0: flags=8049 mtu 33160
priority: 0
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff00
re0: flags=8843 mtu 1500
lladdr 00:25:32:1b:d5:10
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
status: active
inet6 fe80::225:22ff:fe1b:d510%re0 prefixlen 64 scopeid 0x1
inet 192.168.30.11 netmask 0xff00 broadcast 192.168.30.255
re1: flags=8843 mtu 1500
lladdr 00:08:64:a8:71:81
priority: 0
media: Ethernet autoselect (none)
status: no carrier
inet6 fe80::208:54ff:fea8:7181%re1 prefixlen 64 scopeid 0x2
inet 192.168.100.1 netmask 0xff00 broadcast 192.168.100.255
enc0: flags=0<> mtu 1536
priority: 0
pflog0: flags=141 mtu 33160
priority: 0
groups: pflog

May I have you help to sort it out ?

Thank you,

Jean-Frangois

usb devices power off

[Jean-François SIMON]

Hi all

I am looking for a way to shut down the power of the usb hub and usb
devices.
Looking into the documentation plus trying various commands makes me think
there is no way to do this.
Particularly for usb pens supplied by the usb port, is there a way to power
off and on the usb hub ?

Thank you

Regards

#dmesg
cpu0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+, 2000.34 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
64b/line 16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: apic clock running at 200MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+, 2000.00 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
64b/line 16-way L2 cache
cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
ioapic0 at mainbus0 apid 4 pa 0xfec0, version 11, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 4
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (HUB0)
acpicpu0 at acpi0: PSS
acpicpu1 at acpi0: PSS
acpitz0 at acpi0: critical temperature 75 degC
acpibtn0 at acpi0: PWRB
cpu0: PowerNow! K8 2000 MHz: speeds: 2000 1800 1000 MHz
pci0 at mainbus0 bus 0
"NVIDIA MCP77 Memory" rev 0xa2 at pci0 dev 0 function 0 not configured
pcib0 at pci0 dev 1 function 0 "NVIDIA MCP77 ISA" rev 0xa2
nviic0 at pci0 dev 1 function 1 "NVIDIA MCP77 SMBus" rev 0xa1
iic0 at nviic0
spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity PC2-6400CL5
iic1 at nviic0
"NVIDIA MCP77 Memory" rev 0xa1 at pci0 dev 1 function 2 not configured
"NVIDIA MCP77 Co-processor" rev 0xa2 at pci0 dev 1 function 3 not configured
"NVIDIA MCP77 Memory" rev 0xa1 at pci0 dev 1 function 4 not configured
ohci0 at pci0 dev 2 function 0 "NVIDIA MCP77 USB" rev 0xa1: apic 4 int 10
(irq 10), version 1.0, legacy support
ehci0 at pci0 dev 2 function 1 "NVIDIA MCP77 USB" rev 0xa1: apic 4 int 11
(irq 11)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "NVIDIA EHCI root hub" rev 2.00/1.00 addr 1
ohci1 at pci0 dev 4 function 0 "NVIDIA MCP77 USB" rev 0xa1: apic 4 int 5
(irq 5), version 1.0, legacy support
ehci1 at pci0 dev 4 function 1 "NVIDIA MCP77 USB" rev 0xa1: apic 4 int 10
(irq 10)
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 "NVIDIA EHCI root hub" rev 2.00/1.00 addr 1
pciide0 at pci0 dev 6 function 0 "NVIDIA MCP77 IDE" rev 0xa1: DMA, channel 0
configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 disabled (no drives)
pciide0: channel 1 ignored (disabled)
azalia0 at pci0 dev 7 function 0 "NVIDIA MCP77 HD Audio" rev 0xa1: apic 4
int 10 (irq 10)
azalia0: codecs: Realtek ALC888, NVIDIA/0x0002, using Realtek ALC888
audio0 at azalia0
ppb0 at pci0 dev 8 function 0 "NVIDIA MCP77 PCI" rev 0xa1
pci1 at ppb0 bus 1
"TI TSB43AB22 FireWire" rev 0x00 at pci1 dev 8 function 0 not configured
pciide1 at pci0 dev 9 function 0 "NVIDIA MCP77 AHCI" rev 0xa2: DMA
(unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI
pciide1: using apic 4 int 11 (irq 11) for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: 
wd0: 1-sector PIO, LBA, 30800MB, 63078400 sectors
wd1 at pciide1 channel 1 drive 0: 
wd1: 16-sector PIO, LBA48, 953869MB, 1953525168 sectors
ppb1 at pci0 dev 11 function 0 "NVIDIA MCP77 PCIE" rev 0xa1
pci2 at ppb1 bus 2
vga1 at pci2 dev 0 function 0 vendor "NVIDIA", unknown product 0x0849 rev
0xa2
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb2 at pci0 dev 16 function 0 "NVIDIA MCP77 PCIE" rev 0xa1: apic 4 int 16
(irq 255)
pci3 at ppb2 bus 3
ppb3 at pci0 dev 18 function 0 "NVIDIA MCP77 PCIE" rev 0xa1: apic 4 int 16
(irq 255)
pci4 at ppb3 bus 4
pchb0 at pci0 dev 24 function 0 "AMD AMD64 0Fh HyperTransport" rev 0x00
pchb1 at pci0 dev 24 function 1 "AMD AMD64 0Fh Address Map" rev 0x00
pchb2 at pci0 dev 24 function 2 "AMD AMD64 0Fh DRAM Cfg" rev 0x00
kate0 at pci0 dev 24 function 3 "AMD AMD64 0Fh Misc Cfg" rev 0x00: core rev
BH-F2
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
it0 at isa0 port 0x2e/2: IT8716F rev 3, EC port 0x290
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
usb2 at ohci0: USB revision 1.0
uhub2 at usb2 "NVIDIA OHCI root hub" rev 1.00/1.00 addr 1
usb3 at ohci1: USB revision 1.0
uhub3 at usb3 "NVIDIA OHCI root hub" rev 1.

Re: pf rdr to multiple machines in the subnet

[Jean-François SIMON]

2010/2/7 Bret S. Lambert 

> On Sun, Feb 07, 2010 at 12:24:52PM +0100, Jean-Fran?ois SIMON wrote:
> > Hello,
> >
> > I am going to replace the rule
> > rdr pass on $ext_if proto tcp from any to any port 1024:65535 ->
> 10.0.1.32
> > port 1024:*
> > by a general rule for redirecting to all the machines that have a ip
> > starting by 10.0.1
> >
> > Is this even possible ? A rule like
> > rdr pass on $ext_if proto tcp from any to any port 1024:65535 -> 10.0.1.*
> > port 1024:*
> > or
> > rdr pass on $ext_if proto tcp from any to any port 1024:65535 -> 10.0.1
> port
> > 1024:*
> >
>
> No, you'd have to so a seperate rdr line for each backend host.
>

Would a rule like this one work (2 lines).
 rdr pass on $ext_if proto tcp from any to any port 1024:65535 -> 10.0.1.32
 rdr pass on $ext_if proto tcp from any to any port 1024:65535 -> 10.0.1.33

pf rdr to multiple machines in the subnet

[Jean-François SIMON]

Hello,

I am going to replace the rule
rdr pass on $ext_if proto tcp from any to any port 1024:65535 -> 10.0.1.32
port 1024:*
by a general rule for redirecting to all the machines that have a ip
starting by 10.0.1

Is this even possible ? A rule like
rdr pass on $ext_if proto tcp from any to any port 1024:65535 -> 10.0.1.*
port 1024:*
or
rdr pass on $ext_if proto tcp from any to any port 1024:65535 -> 10.0.1 port
1024:*

The meaning is to forward packets above 1024 to the subnetwork machines.

Thank you.

Regards

vsftpd

[Jean-François SIMON]

Hi List,

I am using vsftpd as ftp daemon. I actually launch this service as root
(sudo /usr/...) because this is the only way it actually starts.
Is this normal way or do I miss something ?
I don't see that it drops its privileges, through "top", I see it running as
root.

Regards

Re: Installing OpenBSD on SSD drives

[Jean-François SIMON]

2009/11/7 Richard Toohey 

> On 7/11/2009, at 10:25 AM, Jean-Frangois SIMON wrote:
>
>  It looks like the problem has nothing to do with SSD.
>> Thanks for hints about this issue.
>> I'll try to send the complete failure report within a few days, it end up
>> as
>> a kernel panic on first boot.
>>
>> Regards
>>
>>
> You are making an install that FAILS because the install media is CORRUPT.
>
> No surprise that the kernel panics - it has not been installed properly
> because
> the media is damaged.
>
> If you get exactly the same behaviour from a good install source, then
> (probably) worth reporting it.  But the first suggestion will be to try
> -current,
> and that will lead you back to an installation/upgrade.
>
> HTH.


I downloaded the image from ftp.fr.openbsd.org
In the first install I have used a bad cd but I saw that and changed for a
new one. The cd check was succesfull. And I tried to install from 3
different CD reader.

I will try again to download the -current, check the media and install
properly.

Re: Installing OpenBSD on SSD drives

[Jean-François SIMON]

2009/11/6 Jean-Frangois SIMON 

> 2009/11/6 
>
>> Quoting Jean-Frangois SIMON :
>>
>>
>> [cut]
>>
>> > The error actually appears while installing xfont46.tgz which is very
>> > very
>> > slow. It is normal speed util that particular file .
>> > errors : many "atascsi_atapi_cmd_done, timeout"
>> > one "d0(ahci0:3:0): Check Condition (error 0x70) on opcode 0x28
>> >  SENSE KEY: Illegal Request"
>>
>> Are you installing from CD - is the CD medium and the CD/DVD drive
>> definitely good?
>>
>> It might be a dumb question, but is it DEFINITELY the SSD at fault here?
>>
>> Thanks.
>>
>
> Hi,
> I tried booting on the CD from another device but it happened to do the
> same thing.
>
> There is no evidence that the SSD is the root cause but I assume because
> all other operating systems works fine on that machine, and the SSD is the
> only exotic thing in, also it just makes some errors on the disk while
> installing so I assume the disk is at fault.
>
> I will try to install on a standard drive see if there is any problem.
>
> Regards
>

It appears to go the same way on a normal hard drive.

I will try various things tonight.

Reagrds

Re: Installing OpenBSD on SSD drives

[Jean-François SIMON]

2009/11/6 

> Quoting Jean-Frangois SIMON :
>
> [cut]
>
> > The error actually appears wjile installing xfont46.tgz which is very
> > very
> > slow. It is normal speed util that particular file .
> > errors : many "atascsi_atapi_cmd_done, timeout"
> > one "d0(ahci0:3:0): Check Condition (error 0x70) on opcode 0x28
> >  SENSE KEY: Illegal Request"
>
> Are you installing from CD - is the CD medium and the CD/DVD drive
> definitely good?
>
> It might be a dumb question, but is it DEFINITELY the SSD at fault here?
>
> Thanks.
>

Hi,
I tried booting on the CD from another device but it happened to do the same
thing.

There is no evidence that the SSD is the root cause but I assume because all
other operating systems works fine on that machine, and the SSD is the only
exotic thing in, also it just makes some errors on the disk while installing
so I assume the disk is at fault.

I will try to install on a standard drive see if there is any problem.

Regards

Re: Installing OpenBSD on SSD drives

[Jean-François SIMON]

2009/11/5 Robert 

> On Thu, 5 Nov 2009 20:08:48 +0100
> Jean-Frangois SIMON  wrote:
>
> > 2009/11/4 STeve Andre' 
> >
> > > On Wednesday 04 November 2009 16:10:06 Jean-Frangois SIMON wrote:
> > > >  Hello,
> > > > Is there any particular problem with installing OpenBSD on a SSD
> > > > HD ?  I once could on one machine but on my actual machine it
> > > > simply does'nt
> > > work.
> > > > After a while, the SSD disk becomes like overloaded and
> > > > unavailable to continue the installing process of 4.6.
> > > > Regards
> > >
> > > I played with one, briefly, and it seemed to work.  A litte weird,
> > > not hearing anything from it...
> > >
> > > But I'm not at all eager to actually use them just yet.  Look for
> > > the goofs Intel has had with them.  How long will they last, and
> > > what is the failure mode like?  More often than not a spinning disk
> > > will give notice of impending death with a few bad spots before The
> > > End.  But what of an SSD?  By its very nature I could see an
> > > address line going, leaving a very weird pattern of unaffected data.
> > >
> > > SSDs are the future, I'm fairly sure but I think they need to mature
> > > as well as get bigger.
> > >
> > > Lastly, saying where the install hangs would really help.  And of
> > > course how big is it and who made it?
> > >
> > > --STeve Andre'
> > >
> > >
> > Hello,
> > It will be a small SSD like 32 Go or 64 Go for my personal computer.
> > It actually works for my home server however installing on my main
> > computer fails during the installing process by going slower and
> > slower then making IO errors.
> > Regards
>
> Those errors are not printed to the screen?
> The SSD also inhibits printing of the dmesg?
> Sorry if i am mistaken and you don't want your issue resolved, but only
> rant. In that case you can disregard this mail.
>
> - Robert
>

I actually just posted them before (some ten minutes ago in the same
thread).
More cannot be done (like dmesg) at the moment because yes, it can be
printed out on the screen, but i'm not used to the stuff that makes it out
of a very minimalistic system such as a serial console, sorry for that.

Regards

Re: Installing OpenBSD on SSD drives

[Jean-François SIMON]

2009/11/4 Aaron Mason 

> 2009/11/5 Jean-Frangois SIMON :
> >  Hello,
> > Is there any particular problem with installing OpenBSD on a SSD HD ?  I
> > once could on one machine but on my actual machine it simply does'nt
> work.
> > After a while, the SSD disk becomes like overloaded and unavailable to
> > continue the installing process of 4.6.
> > Regards
> >
> >
>
> Hi Jean-Francios,
>
> Is this a used SSD?  That happens with used ones because they end up
> doing twice the work - once to erase the used block and again to
> actually write the block (and several blocks around them, AAMOF).
>
> If you have a "secure erase" option available, use it.  This will
> restore the data blocks to an unused state, and restore full speed
> again.
>
> HTH
>
>
Hi Aaron,
I'm not sure I fully understood you, yes it has been used many times. Should
I erase it completely in order to refresh properly the drive ?

BTW I actually make regular save of the while drive because I'm afraid that
it one days stops to works (the SSD on my server) and since it actually
hosts a website, that's a good reason for me to tarball it once in a while,
generally after many updates of the site.

Regards
Jean-Frangois

Re: Installing OpenBSD on SSD drives

[Jean-François SIMON]

2009/11/4 K K 

> 2009/11/4 Jean-Frangois SIMON :
> >  Hello,
> > Is there any particular problem with installing OpenBSD on a SSD HD ?  I
> > once could on one machine but on my actual machine it simply does'nt
> work.
> > After a while, the SSD disk becomes like overloaded and unavailable to
> > continue the installing process of 4.6.
> > Regards
>
> Sounds like an issue with your SSD?
> Can you supply a dmesg, and details on the SSD, make/model/supplier,
> as well as the motherboard and how the drive appears to the BIOS?
>
>
> On Wed, Nov 4, 2009 at 4:12 PM, Ted Unangst  wrote:
> > 2009/11/4 Roger Schreiter :
> >> it is like for any OS on SSD HD. Make sure, you are using
> >> no swap partition!
> >
> > This is ridiculous advice.
>
> This *was* reasonable advice for the older generations of
> CompactFlash, but may no longer be a consideration with newer
> flash/SSD drives.
>
> I have run many embedded servers (mostly OpenBSD on Soekris) without
> swap, never had any problems traceable to the lack of swap space.
>
>
> >> And if you are using an application, which is writing
> >> a lot of things into files, put the respective dirs into
> >> ramdisks!
> >
> > Combined with this is even dumber.
> >
> > If you can't swap, you're already in trouble if you run into memory
> > pressure.  So then you go and put the filesystem in RAM to make sure
> > there's lots of extra memory pressure?
>
> Actually, the above is standard advice for running any Unix on flash,
> as people have been doing with Soekris and CF since at least 2001.
>
> The idea isn't to put "the filesystem" into RAM, but rather to reduce
> the write operations by mounting filesystems used for frequently
> written smal files (e.g. /var/tmp) as ramdisks.
>
> Kevin
>
Model and make is not anymore available, it was LDLC (website ldlc.com). It
must be very recent since they removed their products from the market. This
is something possible that they do have has dome problems with it.

The error actually appears wjile installing xfont46.tgz which is very very
slow. It is normal speed util that particular file .
errors : many "atascsi_atapi_cmd_done, timeout"
one "d0(ahci0:3:0): Check Condition (error 0x70) on opcode 0x28
   SENSE KEY: Illegal Request"
The SSD appears in the bios as "Veritech SSD 2009-03"
Motherboard : Gigabyte GA-MA790X-DS4 F4

After quite a while, it finally finished the install process (passed the
various errors) but the boot on SSD drive fails and crashes.

Unfortunately, I am not used to extract from a machine that half works the
dmesg and kernel crash informations (using serial interface).

I have bought 2 cards (exactly identical) from the same supplier, and
actually one of them work in production on mye server, and the one on my
personal computer works fine with other operating systems (ex. Ubuntu).

Regards

Re: Installing OpenBSD on SSD drives

[Jean-François SIMON]

2009/11/4 STeve Andre' 

> On Wednesday 04 November 2009 16:10:06 Jean-Frangois SIMON wrote:
> >  Hello,
> > Is there any particular problem with installing OpenBSD on a SSD HD ?  I
> > once could on one machine but on my actual machine it simply does'nt
> work.
> > After a while, the SSD disk becomes like overloaded and unavailable to
> > continue the installing process of 4.6.
> > Regards
>
> I played with one, briefly, and it seemed to work.  A litte weird, not
> hearing anything from it...
>
> But I'm not at all eager to actually use them just yet.  Look for the
> goofs Intel has had with them.  How long will they last, and what is
> the failure mode like?  More often than not a spinning disk will give
> notice of impending death with a few bad spots before The End.  But
> what of an SSD?  By its very nature I could see an address line going,
> leaving a very weird pattern of unaffected data.
>
> SSDs are the future, I'm fairly sure but I think they need to mature
> as well as get bigger.
>
> Lastly, saying where the install hangs would really help.  And of
> course how big is it and who made it?
>
> --STeve Andre'
>
>
Hello,
It will be a small SSD like 32 Go or 64 Go for my personal computer.
It actually works for my home server however installing on my main computer
fails during the installing process by going slower and slower then making
IO errors.
Regards

Installing OpenBSD on SSD drives

[Jean-François SIMON]

Hello,

Is there any particular problem with installing OpenBSD on a SSD HD ?

I once could on one machine but on my actual machine it simply does'nt work.
After a while, the SSD disk becomes like overloaded and unavailable to
continue the installing process of 4.6.

Regards

Installing OpenBSD on SSD drives

[Jean-François SIMON]

 Hello,
Is there any particular problem with installing OpenBSD on a SSD HD ?  I
once could on one machine but on my actual machine it simply does'nt work.
After a while, the SSD disk becomes like overloaded and unavailable to
continue the installing process of 4.6.
Regards

Re: Simple internet question : packets are not forwarded anymore ?

[Jean-François SIMON]

Sorry for that is was a problem of the soft I use to dump the packets.

It has done something wrong with the rpobes and crashed PF somehow.

Reboot solved it.

Regards.

2009/8/9 Jean-Frangois SIMON 

> Hi
>
> I did something wrong is doing networks change yesterday and now the sub
> network has no internet access anymore. This scheme below used to work very
> well.
>
> I am struggling in order to find why packets from the sub network do not
> reach anymore the DSL box ?
>
> Please could you indicate where to look.
>
> - The OpenBSD box has access to internet (lynx works to access the web).
> - from the sub net I can ping 10.0.1.1 and 192.168.0.10 but not 192.168.0.1
> - PF does not block the packets from 10.0.1.* to 192.168.0.1
> - with tcpdump I can see that packets are not forwarded to ext_if when they
> need to reach 192.168.0.1
> - The pf.conf rules have not changed therefore should not be the problem
> here
> - route default is set to 192.168.0.1
> - subnet machines are set correctly (as before when it worked)
>
> Subnet machines
> 10.0.1.*
>
> 10.0.1.1 int_if
> OpenBSD firewall using NAT rules
> 192.168.0.10 ext_if
>
> ADSL box
> 192.168.0.1
>
> Internet

Simple internet question : packets are not forwarded anymore ?

[Jean-François SIMON]

Hi

I did something wrong is doing networks change yesterday and now the sub
network has no internet access anymore. This scheme below used to work very
well.

I am struggling in order to find why packets from the sub network do not
reach anymore the DSL box ?

Please could you indicate where to look.

- The OpenBSD box has access to internet (lynx works to access the web).
- from the sub net I can ping 10.0.1.1 and 192.168.0.10 but not 192.168.0.1
- PF does not block the packets from 10.0.1.* to 192.168.0.1
- with tcpdump I can see that packets are not forwarded to ext_if when they
need to reach 192.168.0.1
- The pf.conf rules have not changed therefore should not be the problem
here
- route default is set to 192.168.0.1
- subnet machines are set correctly (as before when it worked)

Subnet machines
10.0.1.*

10.0.1.1 int_if
OpenBSD firewall using NAT rules
192.168.0.10 ext_if

ADSL box
192.168.0.1

Internet

Re: Simplest and safest way to activate external mail transfert

[Jean-François SIMON]

Would the use of mini_sendmail-chroot help in any way ?
Thanks.

2009/8/3 Jean-Frangois SIMON 

> Many thanks.
>
> 2009/8/3 Stuart Henderson 
>
> On 2009-08-02, jean-francois  wrote:
>> > What would be the simplest and safest way in order to give php the
>> > possibility to transfert mails via the php mail command ?
>>
>> Assuming you're using chroot: you need to install some things under
>> /var/www:
>> some mail-relay program (I'd recommend femail), and /bin/sh (yes, really.
>> php
>> uses popen for this).
>>
>> If you don't absolutely need the mail() command there are various PHP
>> library functions to send mail by SMTP which don't need the shell.

Re: No audio : did I miss something basic ?

[Jean-François SIMON]

Thanks for your patience. No it just rest silent and here two successive
audioctl, no movement in the play sensor.

$ audioctl
name=SB Live!
version=0x00
config=emuxki
encodings=ulinear:8,mulaw:8*,alaw:8*,slinear:8*,slinear_le:16,ulinear_le:16*,slinear_be:16*,ulinear_be:16*
properties=full_duplex,mmap,independent
full_duplex=0
fullduplex=0
blocksize=8192
hiwat=8
lowat=6
output_muted=0
monitor_gain=0
mode=play
play.rate=48000
play.channels=2
play.precision=16
play.encoding=slinear_le
play.gain=255
play.balance=32
play.port=0x0
play.avail_ports=0x0
play.seek=0
play.samples=0
play.eof=0
play.pause=0
play.error=0
play.waiting=0
play.open=1
play.active=0
play.buffer_size=65536
play.block_size=8192
play.errors=0
record.rate=48000
record.channels=2
record.precision=16
record.encoding=slinear_le
record.gain=255
record.balance=32
record.port=0x1
record.avail_ports=0x7
record.seek=0
record.samples=0
record.eof=0
record.pause=0
record.error=0
record.waiting=0
record.open=0
record.active=0
record.buffer_size=65536
record.block_size=8192
record.errors=0

$ audioctl
name=SB Live!
version=0x00
config=emuxki
encodings=ulinear:8,mulaw:8*,alaw:8*,slinear:8*,slinear_le:16,ulinear_le:16*,slinear_be:16*,ulinear_be:16*
properties=full_duplex,mmap,independent
full_duplex=0
fullduplex=0
blocksize=8192
hiwat=8
lowat=6
output_muted=0
monitor_gain=0
mode=play
play.rate=48000
play.channels=2
play.precision=16
play.encoding=slinear_le
play.gain=255
play.balance=32
play.port=0x0
play.avail_ports=0x0
play.seek=0
play.samples=0
play.eof=0
play.pause=0
play.error=0
play.waiting=0
play.open=1
play.active=0
play.buffer_size=65536
play.block_size=8192
play.errors=0
record.rate=48000
record.channels=2
record.precision=16
record.encoding=slinear_le
record.gain=255
record.balance=32
record.port=0x1
record.avail_ports=0x7
record.seek=0
record.samples=0
record.eof=0
record.pause=0
record.error=0
record.waiting=0
record.open=0
record.active=0
record.buffer_size=65536
record.block_size=8192
record.errors=0


2009/7/29 Alexandre Ratchov 

> On Wed, Jul 29, 2009 at 06:40:11PM +0200, jean-francois wrote:
> > I still could'nt ear anything, I don't understand what wrong I am doing.
> > The integrated MB card is not detected at all thought I could look after
> > the bios settings, however not necessary and I prefer to use the SB Live
> > if this is something possible.
> >
>
> ok, could you run ``cat /dev/arandom >/dev/audio'' in
> background (or in another window) and then:
>
> run ``audioctl'' few times and check that play.pause=0,
> play.active=1, play.samples is increasing and play.errors
> stays around 0. I'm interested in getting two samples of the
> output of audioctl.
>
> then, check that your speakers work and are properly
> connected and start tweaking mixerctl as follows (the above
> command should continue running):
>
> set all continous knobs to the maximum (255), set to ``off'' all
> ``mute'' knobs.  Switch on/off other knobs outputs.extamp,
> outputs.spacial, try different combinations...
>
> you should end up hearing a heavy ``static'' noise. Let me
> know if it works.
>
> -- Alexandre

Re: No audio : did I miss something basic ?

[Jean-François SIMON]

Yes I have a sound card on the MB but seems not to be discovered.
Sound out from VLC and mplayer, which do not show any error about sound,
however I tried any jack of the MB and Sound Blaster card but no sound at
all ?

Full dmesg :

$ dmesg
OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Sempron(tm) Processor LE-1200 ("AuthenticAMD" 686-class, 512KB L2
cache) 2.01 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,MMX,FXSR,SSE,SSE2,SSE3,CX16
real mem  = 1039429632 (991MB)
avail mem = 996581376 (950MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 09/11/08, BIOS32 rev. 0 @ 0xf0010,
SMBIOS rev. 2.5 @ 0xfc520 (22 entries)
bios0: vendor American Megatrends Inc. version "P1.00" date 09/11/2008
apm0 at bios0: Power Management spec V1.2
apm0: battery life expectancy 0%
apm0: AC off, battery charge unknown, estimated 0:00 hours
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 3.0 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf44b0/400 (23 entries)
pcibios0: no compatible PCI ICU found: ICU vendor 0x10de product 0x0548
pcibios0: PCI bus #8 is the last bus
bios0: ROM list: 0xc/0xea00
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
"NVIDIA MCP67 Memory" rev 0xa2 at pci0 dev 0 function 0 not configured
pcib0 at pci0 dev 1 function 0 "NVIDIA MCP67 Host" rev 0xa2
nviic0 at pci0 dev 1 function 1 "NVIDIA MCP67 SMBus" rev 0xa2
iic0 at nviic0
spdmem0 at iic0 addr 0x51: 1GB DDR2 SDRAM non-parity PC2-5300CL5
iic1 at nviic0
vendor "NVIDIA", unknown product 0x0543 (class processor subclass
Co-processor, rev 0xa2) at pci0 dev 1 function 3 not configured
ohci0 at pci0 dev 2 function 0 "NVIDIA MCP67 USB" rev 0xa2: irq 11, version
1.0, legacy support
ehci0 at pci0 dev 2 function 1 "NVIDIA MCP67 USB" rev 0xa2: irq 10
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "NVIDIA EHCI root hub" rev 2.00/1.00 addr 1
ohci1 at pci0 dev 4 function 0 "NVIDIA MCP67 USB" rev 0xa2: irq 10, version
1.0, legacy support
ehci1 at pci0 dev 4 function 1 "NVIDIA MCP67 USB" rev 0xa2: irq 10
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 "NVIDIA EHCI root hub" rev 2.00/1.00 addr 1
pciide0 at pci0 dev 6 function 0 "NVIDIA MCP67 IDE" rev 0xa1: DMA, channel 0
configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 disabled (no drives)
pciide0: channel 1 ignored (disabled)
ppb0 at pci0 dev 8 function 0 "NVIDIA MCP67 PCI" rev 0xa2
pci1 at ppb0 bus 1
re0 at pci1 dev 8 function 0 "D-Link Systems DGE-528T" rev 0x10:
RTL8169/8110SB (0x1000), irq 10, address 00:22:b0:bd:32:61
rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 3
emu0 at pci1 dev 10 function 0 "Creative Labs SoundBlaster Audigy 2" rev
0x00: irq 10
ac97: codec id 0x83847650 (SigmaTel STAC9750/51)
ac97: codec features headphone, 20 bit DAC, 20 bit ADC, SigmaTel 3D
audio0 at emu0
pciide1 at pci0 dev 9 function 0 "NVIDIA MCP67 SATA" rev 0xa2: DMA
pciide1: using irq 15 for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: 
wd0: 1-sector PIO, LBA48, 30800MB, 63078400 sectors
wd1 at pciide1 channel 0 drive 1: 
wd1: 16-sector PIO, LBA48, 953869MB, 1953525168 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
wd1(pciide1:0:1): using PIO mode 4, Ultra-DMA mode 5
wd2 at pciide1 channel 1 drive 1: 
wd2: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
wd2(pciide1:1:1): using PIO mode 4, Ultra-DMA mode 5
nfe0 at pci0 dev 10 function 0 "NVIDIA MCP67 LAN" rev 0xa2: irq 10, address
00:19:66:97:0d:31
rgephy1 at nfe0 phy 3: RTL8169S/8110S PHY, rev. 2
ppb1 at pci0 dev 11 function 0 vendor "NVIDIA", unknown product 0x0562 rev
0xa2
pci2 at ppb1 bus 2
ppb2 at pci0 dev 12 function 0 "NVIDIA MCP67 PCIE" rev 0xa2
pci3 at ppb2 bus 3
ppb3 at pci0 dev 13 function 0 "NVIDIA MCP67 PCIE" rev 0xa2
pci4 at ppb3 bus 4
ppb4 at pci0 dev 14 function 0 "NVIDIA MCP67 PCIE" rev 0xa2
pci5 at ppb4 bus 5
ppb5 at pci0 dev 15 function 0 "NVIDIA MCP67 PCIE" rev 0xa2
pci6 at ppb5 bus 6
ppb6 at pci0 dev 16 function 0 "NVIDIA MCP67 PCIE" rev 0xa2
pci7 at ppb6 bus 7
ppb7 at pci0 dev 17 function 0 "NVIDIA MCP67 PCIE" rev 0xa2
pci8 at ppb7 bus 8
vga1 at pci0 dev 18 function 0 vendor "NVIDIA", unknown product 0x053b rev
0xa2
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
drm at vga1 unsupported
pchb0 at pci0 dev 24 function 0 "AMD AMD64 0Fh HyperTransport" rev 0x00
pchb1 at pci0 dev 24 function 1 "AMD AMD64 0Fh Address Map" rev 0x00
pchb2 at pci0 dev 24 function 2 "AMD AMD64 0Fh DRAM Cfg" rev 0x00
kate0 at pci0 dev 24 function 3 "AMD AMD64 0Fh Misc Cfg" rev 0x00: core rev
DH-G1
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pc

No audio : did I miss something basic ?

[Jean-François SIMON]

Hi,

I am runing VLC under fvwm but could not have any sound.

Are things working by default or there might be something to tune in
general, or in my case ?

Thanks for help.

dmesg | grep audio
audio0 at emu0

$ audioctl
name=SB Live!
version=0x00
config=emuxki
encodings=ulinear:8,mulaw:8*,alaw:8*,slinear:8*,slinear_le:16,ulinear_le:16*,slinear_be:16*,ulinear_be:16*
properties=full_duplex,mmap,independent
full_duplex=0
fullduplex=0
blocksize=8192
hiwat=8
lowat=1
output_muted=0
monitor_gain=0
mode=
play.rate=48000
play.channels=2
play.precision=16
play.encoding=slinear_le
play.gain=255
play.balance=32
play.port=0x0
play.avail_ports=0x0
play.seek=0
play.samples=0
play.eof=0
play.pause=0
play.error=0
play.waiting=0
play.open=0
play.active=0
play.buffer_size=65536
play.block_size=8192
play.errors=0
record.rate=48000
record.channels=2
record.precision=16
record.encoding=slinear_le
record.gain=255
record.balance=32
record.port=0x1
record.avail_ports=0x7
record.seek=0
record.samples=0
record.eof=0
record.pause=0
record.error=0
record.waiting=0
record.open=0
record.active=0
record.buffer_size=65536
record.block_size=8192
record.errors=0

$
mixerctl

outputs.master=255,255
outputs.master.mute=off
outputs.mono=255
outputs.mono.mute=off
outputs.mono.source=mixerout
outputs.headphones=255,255
outputs.headphones.mute=on
inputs.speaker=255
inputs.speaker.mute=off
inputs.phone=191
inputs.phone.mute=on
inputs.mic=255
inputs.mic.mute=on
inputs.mic.preamp=off
inputs.mic.source=mic0
inputs.line=255,255
inputs.line.mute=on
inputs.cd=255,255
inputs.cd.mute=on
inputs.video=191,191
inputs.video.mute=on
inputs.aux=255,255
inputs.aux.mute=on
inputs.dac=255,255
inputs.dac.mute=off
record.source=mic
record.volume=255,255
record.volume.mute=off
outputs.spatial=off
outputs.spatial.center=0
outputs.spatial.depth=0
outputs.extamp=off

Re: rplay dependency unsatisfied : cannot install

[Jean-François SIMON]

Thanks for your reply, however there is something I do not understand about
the below error. Are versions not compatible with each other ? the package
rplay was calling for gsm-1.0.10p0, I copied the only version available in
current which is gsm-1.0.13.tgz to the package directory (I am using OpenBSD
4.4) and got the following error :

$ sudo pkg add rplay-3.3.2p1.tgz
Unknown element: @sha /7zjWD2uDuusX4TGK8sIBcdDNPyA46d25a0e4eYopTU= in
SCALAR(0x885447ec),  at /usr/libdata/perl5/OpenBSD/PackingList.pm line 301,
<$fh> line 7.

Regards,
JF

2009/7/27 Stuart Henderson 

> On 2009-07-26, Josh Grosse  wrote:
> > On Sun, Jul 26, 2009 at 11:38:25PM +0200, Jean-Fran?ois SIMON wrote:
> >> Hi,
> >>
> >> The following happens. gsm seems to have been removed due to liscence.
> >> Please let me know how to proceed ? I need audio with fvwm which rplay
> seems
> >> to be able to provide with minimal resources as in my case.
> >
> > At 4.5-release, the license to distribute gsm was unclear.  You can build
> it
> > from the ports tree, as describe in FAQ 15.
> >
> >
>
> the license was since clarified, so gsm packages are available for
> 4.6/-current.

rplay dependency unsatisfied : cannot install

[Jean-François SIMON]

Hi,

The following happens. gsm seems to have been removed due to liscence.
Please let me know how to proceed ? I need audio with fvwm which rplay seems
to be able to provide with minimal resources as in my case.

quote

$ sudo pkg add rplay-3.3.2p1.tgz
Can't find gsm-1.0.10p0
/usr/sbin/pkg_add: gsm-1.0.10p0:Fatal error

unquote
Thanks.

Thank you for the quality of the FAQ and MAN

[Jean-François SIMON]

I just would like to thank the authors of the project documentation for its
real quality.

Re: crash after first boot

[Jean-François SIMON]

Finally this is due to a subtle disk failure.

While other systems could install and work, OpenBSD crashes at first boot,
which is in my sense a more sane behaviour.

2009/7/9 neal hogan 

> On Thu, Jul 09, 2009 at 12:12:49AM +0200, jean-francois wrote:
> > Hi,
> >
> > In the correct order of what happens from 1 to 5 please see attached the
> > crash report.
> >
> > Thanks for a help of any kind.
>
> Along the same lines as my response to your earlier post . . .
>
> You'll be asked if you've read the mailing-list protocoll and noticed that
> attachments are stripped.
>
> Note:I'm not suggesting that you won't get help.
>
> >
> > Rehards,
> >
> > Jean-FranC'ois
> >
> > [demime 1.01d removed an attachment of type image/jpeg which had a name
> of 1.JPG]
> >
> > [demime 1.01d removed an attachment of type image/jpeg which had a name
> of 2.JPG]
> >
> > [demime 1.01d removed an attachment of type image/jpeg which had a name
> of 3.JPG]
> >
> > [demime 1.01d removed an attachment of type image/jpeg which had a name
> of 4.JPG]
> >
> > [demime 1.01d removed an attachment of type image/jpeg which had a name
> of 5.JPG]

Re: Install difficulties

[Jean-François SIMON]

Anathae,

I hope to clarify this subject one last time :

This is not the way I installed the OSes in here.

I just removed the other disks when installing windows the mbr code is in
the very same disk that windows is (OpenBSD calls it sd1 and Linux sdb).

For sd2(sdc) the very same applies, I just choosed to install the mbr code
in sdc, not in anotherone.

Reason is I prefer to avoid dual boots, thus I actually have 3 hard disks
with independant mbr and I choose in the bios which disk is started.

As I said, this problem is solved, but OpenBSD, when installed on sd0, does
kernel panic at first boot.

2009/7/9 Anathae Townsend 

>
>
> > -Original Message-
> > From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf
> > Of Anathae Townsend
> > Sent: Thursday, July 09, 2009 1:02 PM
> > To: jfsimon1...@gmail.com; misc@openbsd.org
> > Subject: Re: Install difficulties
> >
> > read the install documentation.
> >
> > since you don't seem to be able to, here goes.
> >
> > when you install an operating system to a computer the majority
> > of them will store a boot record on the MBR (master boot record,
> > go figure) of the drive used by the BIOS to boot the system.
> >
> > I'm guessing that SD0 is your primary hard drive, the one used
> > to boot the system. installing openbsd changed the MBR. if you
> > want to be able to boot multiple operating systems, read up on
> > that.
>
> if you installed an os to a second and third drive, the boot code
> was still written to the first drive, so guess what, the boot
> code for your other two operating systems were on the MBR of the
> first drive, SD0.  again, read up on booting multiple operating
> systems.
>
>
> > > -Original Message-
> > > From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On
> > Behalf
> > > Of jean-francois
> > > Sent: Thursday, July 09, 2009 11:56 AM
> > > To: Theo de Raadt; misc@openbsd.org
> > > Subject: Re: Install difficulties
> > >
> > > I remember that I used to start install procedure on each disk
> > > answering
> > > yes to 'all disk should be used for this install', then I just
> > checked
> > > the size of the disk in the disklabel, in order to identify the one I
> > > was look for and then quit & reboot without more modifications (p at
> > > disklabel then q and halt).
> > >
> > > After this the two disks sdb/sdc that were hosting win and linux did
> > > not
> > > boot anymore.
> > >
> > > Could you tell me if doing so has modified in any way the partitions
> > or
> > > mbr ?
> > >
> > > Thank you

Re: Install difficulties

[Jean-François SIMON]

Hi,

That's a misunderstanding.

1) I have a problem to install OpenBSD on sda since this crashes at first
boot.
2) I had troubles with sdb and sdc but now I understood that I did a mistake
(*) but this is solved now.

So yes I am able to read and understand documentation, things are not so
easy, however thanks for dwelving into this explanations.

<* in the first time I did not know which disk of sda/b/c was the one I was
looking for to install openbsd, so knowing my disks from their size, I used
to start the install procedure until the disklabel. At this moment, I just
printed out the size of the disk.
After 3 checks I had the right disk which was sda. I tried to install
OpenBSD on it but this crashes at first boot, like I explained.
The other 2 disks did not boot (they have their own mbr/boot loader, sdb
being starting windows and sdc Ubuntu, choice made at bios this this one let
me choose booting different disks.
At this time other disks did not boot because the earlier steps modified the
ID of the partition to A6 which corresponds to OpenBSD.
I have now set the ID of the NTFS partition to 86 and the disk boot again
(and I reinstalled Ubuntu on sdc).
>

2009/7/9 Anathae Townsend 

> read the install documentation.
>
> since you don't seem to be able to, here goes.
>
> when you install an operating system to a computer the majority
> of them will store a boot record on the MBR (master boot record,
> go figure) of the drive used by the BIOS to boot the system.
>
> I'm guessing that SD0 is your primary hard drive, the one used
> to boot the system. installing openbsd changed the MBR. if you
> want to be able to boot multiple operating systems, read up on
> that.
>
> > -Original Message-
> > From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf
> > Of jean-francois
> > Sent: Thursday, July 09, 2009 11:56 AM
> > To: Theo de Raadt; misc@openbsd.org
> > Subject: Re: Install difficulties
> >
> > I remember that I used to start install procedure on each disk
> > answering
> > yes to 'all disk should be used for this install', then I just checked
> > the size of the disk in the disklabel, in order to identify the one I
> > was look for and then quit & reboot without more modifications (p at
> > disklabel then q and halt).
> >
> > After this the two disks sdb/sdc that were hosting win and linux did
> > not
> > boot anymore.
> >
> > Could you tell me if doing so has modified in any way the partitions or
> > mbr ?
> >
> > Thank you

Re: Install difficulties

[Jean-François SIMON]

I finally saw that in the very first steps of the install procedure, the
type of partition ID of assigned install disk is set to A6 overwriting from
the original value (in my case for NTFS this is 0x86 I assume) preventing to
boot what was the original system on that disk.
Changing to the original value the disk ID repaired this.

However this is only side effect since my original problem is in getting
openbsd working.

OpenbBSD crashes at the first boot.
Could one help with how to get the crash infos out of the console (ps trace)
; is the only way to copy on paper then write in an email or is there a way
to copy this one way or another ?

2009/7/9 jean-francois 

> I remember that I used to start install procedure on each disk answering
> yes to 'all disk should be used for this install', then I just checked
> the size of the disk in the disklabel, in order to identify the one I
> was look for and then quit & reboot without more modifications (p at
> disklabel then q and halt).
>
> After this the two disks sdb/sdc that were hosting win and linux did not
> boot anymore.
>
> Could you tell me if doing so has modified in any way the partitions or
> mbr ?
>
> Thank you
>
> Le jeudi 09 juillet 2009 ` 10:45 -0600, Theo de Raadt a icrit :
> > > Therefore I don'nt understand why installing openbsd on sd0 has changed
> > > anything on the MBR of other disks ?
> >
> > The installer does not touch the other disks.

Re: Install difficulties

[Jean-François SIMON]

Sorry, I mean, I installed on SD0 using "all disk space".
I am not sure the MBR has been modified, I have to look further what was
modified, however the other disks do not boot anymore.
Windows (sd1) starts and crashes during the load.
Ubuntu (sd2) says "no os" ?

I hope that other disks were not erased, since I only wanted to installed on
sd0.

FYI sd1 and sd2 had their own boot manager and OS, they were so to say
"stand alone" disks, choice of starting was made during the bios start,
selecting at this moment which disk will be booted up.

Thanks
BR
JF

2009/7/9 Richard Toohey 

> On 9/07/2009, at 7:41 PM, Eric Furman wrote:
>
>  This is the best advice you will get.
>> Don't try duel booting until you know what you are doing.
>> And I'm not trying to be a smartass.
>>
>
> duel[sic] booting - someone will end up getting shot!  8-)

Re: Install fails : hardware unsupported ?

[Jean-François SIMON]

After a while doing tests I finally am understanding that this is a disk
burn issue.Windows tools wil not burn so that any of Linux and BSD system
will install properly instead they will do I/O errors on the CD.

Burning with Brasero or K3B will do it.

Regards.

2009/6/29 Jean-Frangois SIMON 

> Hi All,
> While the 4.4 successfully installed on an AMD Sempron with a SSD HD,
> I actually had troubles trying to install OBSD 4.5 on Phenom architecture
> with a SSD hard drive.
> Maybe there is a problem with the video card, ATI Radeon HD 4800.
>
> Could one inform me wether there is a problem with the following hardware :
> AMD Phenom
> ATI Radeon HD 4800
>
> The problems are strange since the first install works and at reboot it
> fails during the kernel (blue lines).
>
> I understand that all other informations such as log at crash is required.
>
> I have not yet taken those informations therefore please let me know if
> there are currently known issues with basically this kind of proc and
> graphis card.
>
> Thanks,
>
> Jean-Frangois

Install fails : hardware unsupported ?

[Jean-François SIMON]

Hi All,
While the 4.4 successfully installed on an AMD Sempron with a SSD HD,
I actually had troubles trying to install OBSD 4.5 on Phenom architecture
with a SSD hard drive.
Maybe there is a problem with the video card, ATI Radeon HD 4800.

Could one inform me wether there is a problem with the following hardware :
AMD Phenom
ATI Radeon HD 4800

The problems are strange since the first install works and at reboot it
fails during the kernel (blue lines).

I understand that all other informations such as log at crash is required.

I have not yet taken those informations therefore please let me know if
there are currently known issues with basically this kind of proc and
graphis card.

Thanks,

Jean-Frangois

Re: ftp limits bandwidth

[Jean-François SIMON]

Hi,
Thanks for clarification.

Never said stock ... OBSD's brilliant.

Thnks ;)

2009/6/21 ropers 

> 2009/6/21 Jean-Frangois SIMON 
> >
> > It looks like filezilla uses several transfert at the same time to reach
> > 1Mo/s
>
> That indeed appears to be the case.
> From
>
http://itmanagement.earthweb.com/entdev/article.php/3802111/FileZilla-One-Swe
et-Free-FTP-Client.htm
> :
>
> > A multiple transfer function for example can support more than one
> transfer thread at a time; that's a big help when manipulating numerous
> smaller files.
>
> > If multiple threads aren't enough, FileZilla will go you one better by
> allowing multiple instances. That is, more than one copy of Firezilla can
be
> up and running at the same time. In practice this offers the possibility of
> uploading to multiple FTP servers or connecting to a single FTP server as
> more than one user.
>
> Multiple FTP transfers yay or nay are a tough call -- on the one hand,
> it's not nice, it's "cheating". OTOH, everybody and their grandmother
> have been doing multiple transfers for ages.
>
> In Filezilla, if you go to Edit -- Settings -- Transfers and set
> Maximum simultaneous transfers to 1, does Filezilla still transfer
> faster than OpenBSD's stock ftp(1)?
>
> regards,
> --ropers

Re: ftp limits bandwidth

[Jean-François SIMON]

It looks like filezilla uses several transfert at the same time to reach
1Mo/s however each transfert is ~400Ko/s as for OpenBSD's FTP client.

Maybe the bandwith limit per file transfered is limited from the server side
?

Is there any way to make multiple transferts at the same time with mget
since that would accelerate some transfers in some cases.

Regards,
JF

2009/6/20 Jean-Frangois SIMON 

> Hi,
>
> I forgot to tell you more sure, however the crystal ball worked very well.
>
> It's a 12M ADSL that works at approximately 1300 ko/s at max speed.
>
> When downloading with a browser a client such as filezilla it works at full
> speed but when I type ftp and use OBSD's one it is rather 350/380 max never
> more.
>
> Actually if anything would limit the bandwith the other client would be so.
>
> That's stange, I changed sysctl inet.tcp recv/send to 65536 but it's still
> same transfer speed. I use it on ftps that are rather fast so it looks like
> ftp is somewhere limited in my configuration.
>
> Regards,
> JF
>
> 2009/6/20 Marcos Laufer 
>
> This is a very interesting subject.
>> Is there any official paper describing how to tune TCP on OpenBSD?
>> Googling i found this two interesting links, but none specifically
>> mentions OpenBSD:
>>
>> Enabling high performance data transfers
>> http://www.psc.edu/networking/projects/tcptune/
>>
>> TCP tuning cookbook
>> http://proj.sunet.se/E2E/tcptune.html
>>
>> This other paper is about OpenBSD, but i do not know how accurate is it:
>>
>> Network and speed performance guide (OpenBSD)
>> https://calomel.org/network_performance.html
>>
>> Opinions?
>>
>> Marcos
>>
>>
>>
>> Markus Hennecke escribis:
>>
>>  Jesus Sanchez schrieb:
>>>
 Jean-Frangois SIMON escribis:

> Hi all,
>
> It looks like the max bandwidth of ftp is somehow 350 Kb/s.
> Is this normaland if so can it be increased ?
>

 ?? it must be your bandwidth limit, there's nothing
 about a 350 kb/s limit anywhere. please, read carefulle
 the ftp manpage.

>>>
>>> As there are some information missing, I look into my crystal ball and
>>> see that Jean-Frangois is downloading with help of the ftp program via
DSL
>>> which is either 6Mbit or faster.
>>>
>>> Due to the latency of the DSL line the standard settings for
>>> net.inet.tcp.recvspace (see sysctl) are not correct for this kind of
setup.
>>> He should try to increase it, for me 65536 works on 6Mbit DSL.
>>>
>>> Please tell me in case this is all wrong so that I can order a new
>>> crystal ball!
>>>
>>> Enough guessing, HTH
>>>  Markus

Re: ftp limits bandwidth

[Jean-François SIMON]

Hi,

I forgot to tell you more sure, however the crystal ball worked very well.

It's a 12M ADSL that works at approximately 1300 ko/s at max speed.

When downloading with a browser a client such as filezilla it works at full
speed but when I type ftp and use OBSD's one it is rather 350/380 max never
more.

Actually if anything would limit the bandwith the other client would be so.

That's stange, I changed sysctl inet.tcp recv/send to 65536 but it's still
same transfer speed. I use it on ftps that are rather fast so it looks like
ftp is somewhere limited in my configuration.

Regards,
JF

2009/6/20 Marcos Laufer 

> This is a very interesting subject.
> Is there any official paper describing how to tune TCP on OpenBSD?
> Googling i found this two interesting links, but none specifically mentions
> OpenBSD:
>
> Enabling high performance data transfers
> http://www.psc.edu/networking/projects/tcptune/
>
> TCP tuning cookbook
> http://proj.sunet.se/E2E/tcptune.html
>
> This other paper is about OpenBSD, but i do not know how accurate is it:
>
> Network and speed performance guide (OpenBSD)
> https://calomel.org/network_performance.html
>
> Opinions?
>
> Marcos
>
>
>
> Markus Hennecke escribis:
>
>  Jesus Sanchez schrieb:
>>
>>> Jean-Frangois SIMON escribis:
>>>
 Hi all,

 It looks like the max bandwidth of ftp is somehow 350 Kb/s.
 Is this normaland if so can it be increased ?

>>>
>>> ?? it must be your bandwidth limit, there's nothing
>>> about a 350 kb/s limit anywhere. please, read carefulle
>>> the ftp manpage.
>>>
>>
>> As there are some information missing, I look into my crystal ball and see
>> that Jean-Frangois is downloading with help of the ftp program via DSL
which
>> is either 6Mbit or faster.
>>
>> Due to the latency of the DSL line the standard settings for
>> net.inet.tcp.recvspace (see sysctl) are not correct for this kind of
setup.
>> He should try to increase it, for me 65536 works on 6Mbit DSL.
>>
>> Please tell me in case this is all wrong so that I can order a new crystal
>> ball!
>>
>> Enough guessing, HTH
>>  Markus

ftp limits bandwidth

[Jean-François SIMON]

Hi all,

It looks like the max bandwidth of ftp is somehow 350 Kb/s.
Is this normaland if so can it be increased ?

Thx
Bye.

Re: problems setting up a firewall with nat

[Jean-François SIMON]

Hardware problem, thanks.

2009/5/10 Jean-Frangois SIMON 

> All,
> It was a hardware problem.
>
> Thanks for help
>
> 2009/5/10 Jean-Frangois SIMON 
>
> I do and have booted since.
>> Reagrds.
>>
>> 2009/5/10 Tony Abernethy 
>>
>>> Dorian B|ttner wrote:
>>>
>>> > Jean-Frangois SIMON schrieb:
>>> > > Hello James,
>>> > > If no output to parse means no errors, and verbose mode
>>> > just repeat all the
>>> > > lines of the pf.conf, then yes it parses.
>>> > >
>>> > > pflog0 keeps silent, nothing in here while trying to
>>> > connect from the subnet
>>> > > to the internet.
>>> > >
>>> > > 2009/5/10 James Records 
>>> > >
>>> > >
>>> > >> Does your pf.conf parse? Try pfctl -nf /etc/pf.conf if
>>> > it's not parsing it
>>> > >> will not load and behave as you describe also tcpdump on the pflog
>>> > >>
>>> > > interface
>>> > >
>>> > >> as well to give yourself another data point
>>> > >>
>>> > >> J
>>> > >>
>>> > >> Sent from my iPhone
>>> > >>
>>> > >> On May 9, 2009, at 3:05 PM, Jean-Frangois SIMON
>>> > 
>>> > >> wrote:
>>> > >>
>>> > >>  Sorry for forgotting the rest, here you are :
>>> > >>
>>> > >>> ext_if is actlually working, configures to an adsl box
>>> > using DHCP and
>>> > >>> actually lynx displays pages.
>>> > >>>
>>> > >>> int_if is the local network that I want to go through
>>> > openbsd box to
>>> > >>> access
>>> > >>> to internet so I can filter with pf.
>>> > >>>
>>> > >>> The configuration is a standard nat rule + packet
>>> > forwarding between the
>>> > >>> two
>>> > >>> interfaces so called em0 and em1 resp ext_if and int_if.
>>> > >>>
>>> > >>> As indicated before, I have pf enables, inet forward
>>> > lines uncommented in
>>> > >>> sysctl.con
>>> > >>>
>>> > >>> Packets are received on int_if but not forwarded to ext_if.
>>> > >>>
>>> > >>> Did I miss something ? Here below pf.conf
>>> > >>>
>>> > >>> 2009/5/9 Robert 
>>> > >>>
>>> > >>>  On Sat, 9 May 2009 22:52:32 +0200
>>> > >>>
>>> >  Jean-Frangois SIMON  wrote:
>>> >  # cat /etc/pf.conf
>>> >  #   $OpenBSD: pf.conf,v 1.38 2009/02/23 01:18:36
>>> > deraadt Exp $
>>> >  #
>>> >  # See pf.conf(5) for syntax and examples; this sample
>>> > ruleset uses
>>> >  # require-order to permit mixing of NAT/RDR and filter rules.
>>> >  # Remember to set net.inet.ip.forwarding=1 and/or
>>> >  net.inet6.ip6.forwarding=1
>>> >  # in /etc/sysctl.conf if packets are to be forwarded
>>> > between interfaces.
>>> > 
>>> >  ext_if="em0"
>>> >  int_if="em1"
>>> > 
>>> >  set loginterface $ext_if
>>> >  set require-order no
>>> >  set skip on lo
>>> >  scrub in all
>>> > 
>>> >  # NAT/filter rules and anchors for ftp-proxy(8)
>>> >  #nat-anchor "ftp-proxy/*"
>>> >  #rdr-anchor "ftp-proxy/*"
>>> >  nat on $ext_if from ($int_if:network) -> ($ext_if)
>>> >  #rdr pass on ! egress proto tcp to port ftp -> 127.0.0.1
>>> > port 8021
>>> >  #anchor "ftp-proxy/*"
>>> >  #pass out proto tcp from $proxy to any port ftp
>>> > 
>>> >  # NAT/filter rules and anchors for relayd(8)
>>> >  #rdr-anchor "relayd/*"
>>> >  #anchor "relayd/*"
>>> > 
>>> >  # NAT rules and anchors for spamd(8)
>>> >  #table  persist
>>> >  #table  persist file "/etc/mail/nospamd"
>>> >  #no rdr on egress proto tcp from  to any port smtp
>>> >  #no rdr on egress proto tcp from  to any port smtp
>>> >  #rdr pass on egress proto tcp from any to any port smtp
>>> > -> 127.0.0.1 port
>>> >  spamd
>>> > 
>>> >  #block in
>>> >  pass in
>>> >  pass out
>>> > 
>>> >  #pass in on $int_if proto tcp to any port 80
>>> > 
>>> >  #block in quick from urpf-failed to any # use with care
>>> > 
>>> >  # By default, do not permit remote connections to X11
>>> >  block in on ! lo0 proto tcp from any to any port 6000
>>> > 
>>> >  antispoof for ext_if
>>> > 
>>> >   Hello,
>>> > 
>>> > > Please can you help me with this :
>>> > >
>>> > > I just installed the 4.5 OpenBSD, set up the inet forwarding for
>>> > > unicast and multicase, include the standard NAT rule in
>>> > pf.conf such
>>> > > as : nat on $ext_if from ($int_if:network) -> ($ext_if)
>>> > > enable pf
>>> > > check with pfctl -s nat that the correct rule is set.
>>> > >
>>> > > That does not work, with tcpdump i see that packets are not
>>> > > forwarded, i see them on int_if but not on ext_if.
>>> > >
>>> > > Can you give me some help to find out where the problem is ?
>>> > >
>>> > > Thanks.
>>> > >
>>> > >
>>> >  Because you dont have a pass rule they get blocked?
>>> >  Guessing only goes so far.
>>> > 
>>> >  Tell us what you want to do.
>>> >  Tell us what you tried to get it working.
>>> >  Tell us what is in your relevant configs.
>>> > 
>>> >  Perhaps then someone can tell you what to do.
>>> > 
>>> >  - Robert
>>> > 

Re: problems setting up a firewall with nat

[Jean-François SIMON]

I do and have booted since.
Reagrds.

2009/5/10 Tony Abernethy 

> Dorian B|ttner wrote:
> > Jean-Frangois SIMON schrieb:
> > > Hello James,
> > > If no output to parse means no errors, and verbose mode
> > just repeat all the
> > > lines of the pf.conf, then yes it parses.
> > >
> > > pflog0 keeps silent, nothing in here while trying to
> > connect from the subnet
> > > to the internet.
> > >
> > > 2009/5/10 James Records 
> > >
> > >
> > >> Does your pf.conf parse? Try pfctl -nf /etc/pf.conf if
> > it's not parsing it
> > >> will not load and behave as you describe also tcpdump on the pflog
> > >>
> > > interface
> > >
> > >> as well to give yourself another data point
> > >>
> > >> J
> > >>
> > >> Sent from my iPhone
> > >>
> > >> On May 9, 2009, at 3:05 PM, Jean-Frangois SIMON
> > 
> > >> wrote:
> > >>
> > >>  Sorry for forgotting the rest, here you are :
> > >>
> > >>> ext_if is actlually working, configures to an adsl box
> > using DHCP and
> > >>> actually lynx displays pages.
> > >>>
> > >>> int_if is the local network that I want to go through
> > openbsd box to
> > >>> access
> > >>> to internet so I can filter with pf.
> > >>>
> > >>> The configuration is a standard nat rule + packet
> > forwarding between the
> > >>> two
> > >>> interfaces so called em0 and em1 resp ext_if and int_if.
> > >>>
> > >>> As indicated before, I have pf enables, inet forward
> > lines uncommented in
> > >>> sysctl.con
> > >>>
> > >>> Packets are received on int_if but not forwarded to ext_if.
> > >>>
> > >>> Did I miss something ? Here below pf.conf
> > >>>
> > >>> 2009/5/9 Robert 
> > >>>
> > >>>  On Sat, 9 May 2009 22:52:32 +0200
> > >>>
> >  Jean-Frangois SIMON  wrote:
> >  # cat /etc/pf.conf
> >  #   $OpenBSD: pf.conf,v 1.38 2009/02/23 01:18:36
> > deraadt Exp $
> >  #
> >  # See pf.conf(5) for syntax and examples; this sample
> > ruleset uses
> >  # require-order to permit mixing of NAT/RDR and filter rules.
> >  # Remember to set net.inet.ip.forwarding=1 and/or
> >  net.inet6.ip6.forwarding=1
> >  # in /etc/sysctl.conf if packets are to be forwarded
> > between interfaces.
> > 
> >  ext_if="em0"
> >  int_if="em1"
> > 
> >  set loginterface $ext_if
> >  set require-order no
> >  set skip on lo
> >  scrub in all
> > 
> >  # NAT/filter rules and anchors for ftp-proxy(8)
> >  #nat-anchor "ftp-proxy/*"
> >  #rdr-anchor "ftp-proxy/*"
> >  nat on $ext_if from ($int_if:network) -> ($ext_if)
> >  #rdr pass on ! egress proto tcp to port ftp -> 127.0.0.1
> > port 8021
> >  #anchor "ftp-proxy/*"
> >  #pass out proto tcp from $proxy to any port ftp
> > 
> >  # NAT/filter rules and anchors for relayd(8)
> >  #rdr-anchor "relayd/*"
> >  #anchor "relayd/*"
> > 
> >  # NAT rules and anchors for spamd(8)
> >  #table  persist
> >  #table  persist file "/etc/mail/nospamd"
> >  #no rdr on egress proto tcp from  to any port smtp
> >  #no rdr on egress proto tcp from  to any port smtp
> >  #rdr pass on egress proto tcp from any to any port smtp
> > -> 127.0.0.1 port
> >  spamd
> > 
> >  #block in
> >  pass in
> >  pass out
> > 
> >  #pass in on $int_if proto tcp to any port 80
> > 
> >  #block in quick from urpf-failed to any # use with care
> > 
> >  # By default, do not permit remote connections to X11
> >  block in on ! lo0 proto tcp from any to any port 6000
> > 
> >  antispoof for ext_if
> > 
> >   Hello,
> > 
> > > Please can you help me with this :
> > >
> > > I just installed the 4.5 OpenBSD, set up the inet forwarding for
> > > unicast and multicase, include the standard NAT rule in
> > pf.conf such
> > > as : nat on $ext_if from ($int_if:network) -> ($ext_if)
> > > enable pf
> > > check with pfctl -s nat that the correct rule is set.
> > >
> > > That does not work, with tcpdump i see that packets are not
> > > forwarded, i see them on int_if but not on ext_if.
> > >
> > > Can you give me some help to find out where the problem is ?
> > >
> > > Thanks.
> > >
> > >
> >  Because you dont have a pass rule they get blocked?
> >  Guessing only goes so far.
> > 
> >  Tell us what you want to do.
> >  Tell us what you tried to get it working.
> >  Tell us what is in your relevant configs.
> > 
> >  Perhaps then someone can tell you what to do.
> > 
> >  - Robert
> > 
> > Do you have sysctl net.inet.ip.forwarding=1? As described on
> > top of pf.conf?
> >
> Have you booted since?

Re: problems setting up a firewall with nat

[Jean-François SIMON]

Hello James,
If no output to parse means no errors, and verbose mode just repeat all the
lines of the pf.conf, then yes it parses.

pflog0 keeps silent, nothing in here while trying to connect from the subnet
to the internet.

2009/5/10 James Records 

> Does your pf.conf parse? Try pfctl -nf /etc/pf.conf if it's not parsing it
> will not load and behave as you describe also tcpdump on the pflog
interface
> as well to give yourself another data point
>
> J
>
> Sent from my iPhone
>
> On May 9, 2009, at 3:05 PM, Jean-Frangois SIMON 
> wrote:
>
>  Sorry for forgotting the rest, here you are :
>> ext_if is actlually working, configures to an adsl box using DHCP and
>> actually lynx displays pages.
>>
>> int_if is the local network that I want to go through openbsd box to
>> access
>> to internet so I can filter with pf.
>>
>> The configuration is a standard nat rule + packet forwarding between the
>> two
>> interfaces so called em0 and em1 resp ext_if and int_if.
>>
>> As indicated before, I have pf enables, inet forward lines uncommented in
>> sysctl.con
>>
>> Packets are received on int_if but not forwarded to ext_if.
>>
>> Did I miss something ? Here below pf.conf
>>
>> 2009/5/9 Robert 
>>
>>  On Sat, 9 May 2009 22:52:32 +0200
>>> Jean-Frangois SIMON  wrote:
>>> # cat /etc/pf.conf
>>> #   $OpenBSD: pf.conf,v 1.38 2009/02/23 01:18:36 deraadt Exp $
>>> #
>>> # See pf.conf(5) for syntax and examples; this sample ruleset uses
>>> # require-order to permit mixing of NAT/RDR and filter rules.
>>> # Remember to set net.inet.ip.forwarding=1 and/or
>>> net.inet6.ip6.forwarding=1
>>> # in /etc/sysctl.conf if packets are to be forwarded between interfaces.
>>>
>>> ext_if="em0"
>>> int_if="em1"
>>>
>>> set loginterface $ext_if
>>> set require-order no
>>> set skip on lo
>>> scrub in all
>>>
>>> # NAT/filter rules and anchors for ftp-proxy(8)
>>> #nat-anchor "ftp-proxy/*"
>>> #rdr-anchor "ftp-proxy/*"
>>> nat on $ext_if from ($int_if:network) -> ($ext_if)
>>> #rdr pass on ! egress proto tcp to port ftp -> 127.0.0.1 port 8021
>>> #anchor "ftp-proxy/*"
>>> #pass out proto tcp from $proxy to any port ftp
>>>
>>> # NAT/filter rules and anchors for relayd(8)
>>> #rdr-anchor "relayd/*"
>>> #anchor "relayd/*"
>>>
>>> # NAT rules and anchors for spamd(8)
>>> #table  persist
>>> #table  persist file "/etc/mail/nospamd"
>>> #no rdr on egress proto tcp from  to any port smtp
>>> #no rdr on egress proto tcp from  to any port smtp
>>> #rdr pass on egress proto tcp from any to any port smtp -> 127.0.0.1 port
>>> spamd
>>>
>>> #block in
>>> pass in
>>> pass out
>>>
>>> #pass in on $int_if proto tcp to any port 80
>>>
>>> #block in quick from urpf-failed to any # use with care
>>>
>>> # By default, do not permit remote connections to X11
>>> block in on ! lo0 proto tcp from any to any port 6000
>>>
>>> antispoof for ext_if
>>>
>>>  Hello,
 Please can you help me with this :

 I just installed the 4.5 OpenBSD, set up the inet forwarding for
 unicast and multicase, include the standard NAT rule in pf.conf such
 as : nat on $ext_if from ($int_if:network) -> ($ext_if)
 enable pf
 check with pfctl -s nat that the correct rule is set.

 That does not work, with tcpdump i see that packets are not
 forwarded, i see them on int_if but not on ext_if.

 Can you give me some help to find out where the problem is ?

 Thanks.

>>>
>>>
>>> Because you dont have a pass rule they get blocked?
>>> Guessing only goes so far.
>>>
>>> Tell us what you want to do.
>>> Tell us what you tried to get it working.
>>> Tell us what is in your relevant configs.
>>>
>>> Perhaps then someone can tell you what to do.
>>>
>>> - Robert

Re: problems setting up a firewall with nat

[Jean-François SIMON]

Sorry for forgotting the rest, here you are :
ext_if is actlually working, configures to an adsl box using DHCP and
actually lynx displays pages.

int_if is the local network that I want to go through openbsd box to access
to internet so I can filter with pf.

The configuration is a standard nat rule + packet forwarding between the two
interfaces so called em0 and em1 resp ext_if and int_if.

As indicated before, I have pf enables, inet forward lines uncommented in
sysctl.con

Packets are received on int_if but not forwarded to ext_if.

Did I miss something ? Here below pf.conf

2009/5/9 Robert 

> On Sat, 9 May 2009 22:52:32 +0200
> Jean-Frangois SIMON  wrote:
> # cat /etc/pf.conf
> #   $OpenBSD: pf.conf,v 1.38 2009/02/23 01:18:36 deraadt Exp $
> #
> # See pf.conf(5) for syntax and examples; this sample ruleset uses
> # require-order to permit mixing of NAT/RDR and filter rules.
> # Remember to set net.inet.ip.forwarding=1 and/or
> net.inet6.ip6.forwarding=1
> # in /etc/sysctl.conf if packets are to be forwarded between interfaces.
>
> ext_if="em0"
> int_if="em1"
>
> set loginterface $ext_if
> set require-order no
> set skip on lo
> scrub in all
>
> # NAT/filter rules and anchors for ftp-proxy(8)
> #nat-anchor "ftp-proxy/*"
> #rdr-anchor "ftp-proxy/*"
> nat on $ext_if from ($int_if:network) -> ($ext_if)
> #rdr pass on ! egress proto tcp to port ftp -> 127.0.0.1 port 8021
> #anchor "ftp-proxy/*"
> #pass out proto tcp from $proxy to any port ftp
>
> # NAT/filter rules and anchors for relayd(8)
> #rdr-anchor "relayd/*"
> #anchor "relayd/*"
>
> # NAT rules and anchors for spamd(8)
> #table  persist
> #table  persist file "/etc/mail/nospamd"
> #no rdr on egress proto tcp from  to any port smtp
> #no rdr on egress proto tcp from  to any port smtp
> #rdr pass on egress proto tcp from any to any port smtp -> 127.0.0.1 port
> spamd
>
> #block in
> pass in
> pass out
>
> #pass in on $int_if proto tcp to any port 80
>
> #block in quick from urpf-failed to any # use with care
>
> # By default, do not permit remote connections to X11
> block in on ! lo0 proto tcp from any to any port 6000
>
> antispoof for ext_if
>
> > Hello,
> > Please can you help me with this :
> >
> > I just installed the 4.5 OpenBSD, set up the inet forwarding for
> > unicast and multicase, include the standard NAT rule in pf.conf such
> > as : nat on $ext_if from ($int_if:network) -> ($ext_if)
> > enable pf
> > check with pfctl -s nat that the correct rule is set.
> >
> > That does not work, with tcpdump i see that packets are not
> > forwarded, i see them on int_if but not on ext_if.
> >
> > Can you give me some help to find out where the problem is ?
> >
> > Thanks.
>
>
> Because you dont have a pass rule they get blocked?
> Guessing only goes so far.
>
> Tell us what you want to do.
> Tell us what you tried to get it working.
> Tell us what is in your relevant configs.
>
> Perhaps then someone can tell you what to do.
>
> - Robert

problems setting up a firewall with nat

[Jean-François SIMON]

Hello,
Please can you help me with this :

I just installed the 4.5 OpenBSD, set up the inet forwarding for unicast and
multicase, include the standard NAT rule in pf.conf such as :
nat on $ext_if from ($int_if:network) -> ($ext_if)
enable pf
check with pfctl -s nat that the correct rule is set.

That does not work, with tcpdump i see that packets are not forwarded, i see
them on int_if but not on ext_if.

Can you give me some help to find out where the problem is ?

Thanks.

Re : error : pkg add phpMyAdmin

[Jean-François SIMON]

Hi,
That's why i asked the man ref / link, i could'nt find anything.

But i see some do not understand what being patient with begininers mean.

It's only few months i now use this system but it's really not easy
thought theres a lot of documentations sometimes it's not easy to find
where, is'nt it ?!

Regards.


2009/4/14, Antoine Jacoutot :
> On Tue, 14 Apr 2009, Jean-Francois wrote:
>
>> Hello,
>> Can you please help me with this :
>>
>> $ sudo pkg add phpMyAdmin-2.11.7.1.tgz
>> Can't install php5-gd-5.2.6: lib not found X11.11.1
>> Dependencies for php5-gd-5.2.6 resolve to: jpeg-6bp3, php5-core-5.2.6,
>> t1lib-5.1.0p1, png-1.2.28
>> Full dependency tree is libiconv-1.12,jpeg-6bp3,libxml-2.6.32p1,php5-
>> core-5.2.6,t1lib-5.1.0p1,gettext-0.17,png-1.2.28
>> Can't install php5-gd-5.2.6: lib not found Xpm.8.0
>> Can't install php5-gd-5.2.6: lib not found freetype.16.1
>> Can't install phpMyAdmin-2.11.7.1: can't resolve php5-gd-5.2.6
>>
>> FYI box is 4.4 fresh install, i386, working as a server, so graphic
>> support.
>
> Not again!
> Can't people read??
>
> When buying something you don't know how it works. Do you wait someone
> to come home and fix it for you or do you read the manual?
>
> --
> Antoine

Re: slave data HDD drives waking up without access

[Jean-François SIMON]

Hi,
First of all I would prefer to awayke disks weekly instead of daily for just
the df purpose.
I would try to do this, your advises are also welcome if any.

Secondly this is because of two principle :
1) it disturbs one who is not away enough not to ear the noise of starting
disks
2) they keep starting sleeping every day which i prefer not to have when
there is no need for disks to start up, which is the case for just the df
operation

The reason for this is that those disks are only used at data storage which
is not every day accessed to.

The best is in my case to switch the df to weekly and put the time of that
op during day.

Bye,
JF

2009/3/30 Jan Stary 

> On Mar 30 13:28:39, Robert wrote:
> > On Mon, 30 Mar 2009 12:12:56 +0200
> > Jean-Francois  wrote:
> >
> > > Hi,
> > >
> > > Sure it comes from the df made daily.
> > >
> > > Please helkp me to change the time of the daily actions, I could not
> > > find it with man pages of cron, crontab, etc ...
> > >
> > > Thanks for help.
> >
> > from daily(8):
> >   The scripts are all run as part of root's crontab(5)
> >
> > # sudo crontab -e
> >
> > When you're at it, check the times for weekly and monthly...
>
> Also, check the logic of breaking daily(8) for the questionable
> gain of waking up disks at some time other than 01:30. Surely there
> is some other ultimate goal you are trying to achieve.
>
> Why do you even have them mounted
> if it's a problem that daily df's them?
>
>Jan

slave data HDD drives waking up without access

[Jean-François SIMON]

Hi All,
For my actual server, there is a primary SSD drive and secondary standard
rotating hard drives.

The secondary HDD have enter into sleep of about 1 hour.

At times Both secondary HDD wake up for no special reaso.

Those drives are both :
- mounted to a point
- shared by NFS

Since I am sure that no access are demanded when the drives wake up, approx
once per day or maybe less, could someone tell me if there is any special
occurence that wakes up the drives for just a check or an update of the
journal or anything else for mounted drives, especially when shared/NFS ?

(I reconfirm this is not due to an external access neither internal, no one
even connected when this occurs)

Re: Unfortunate dot was ... missing

[Jean-François SIMON]

This perfectly worked.

Thanks to all btw.

2009/2/24 Josh Grosse :
> On Tue, 24 Feb 2009 19:43:18 +0100, Jean-Francois wrote
>> All,
>>
>> I just forget the dot !! in the 'rm -r ./dev' so I have no /dev anymore
>> on my server box.
>> One can tell me if this is possible to backup the system without freshh
>> install ?
>> This is a i386 4.4 OpenBSD. One could eventually send me a way or
>> another the full /dev in case this option actually works ?
>>
>> Thanks
>> JF
>
> JF, I've missed the rest of your conversation, but ... here's a
> quick-and-dirty recovery procedure:
>
> Step 1.  Boot the ramdisk kernel, either from the hard drive (if you
installed
> it) or from your installation media.  If you installed it, at the boot
prompt,
> type "bsd.rd":
>
>   boot> bsd.rd
>
> At the Install/Upgrade/Shell prompt, select the shell.
>
> Step 2.  Mount your root partition.  This is usually the "a" partition on
your
> first drive (sd0 or wd0).  e.g.:
>
>   # mount /dev/wd0a /mnt
>
> Step 3.  Create a dev partition:
>
>   # mkdir -p /mnt/dev
>
> Step 4:  Copy the MAKEDEV script from the ramdisk kernel's /dev to
/mnt/dev:
>
>   # cp -p /dev/MAKEDEV /mnt/dev
>
> Step 5: Change your working directory to /mnt/dev:
>
>   # cd /mnt/dev
>
> Step 6:  Recreate all of your device nodes:
>
>   # sh MAKEDEV all
>
> 
>
> Good luck!