Re: Forwarding roots mail to another account , seperate email server
Henning Brauer wrote: * Jay Hart [EMAIL PROTECTED] [2008-02-11 17:58]: Regardless, I can't seem to get mail forwarding working. The two main openbsd books say all I need to do is create a .forwarding file and give the name of the email address to forward to, but for two months not one email was forwarded. it is ~/.forward - not .forwarding you could also set up all mail to be sent to a smart host: three changes required - * configure sendmail to use a remote host for all mail in /etc/mail/submit.cf # changes to fwd mail directly to smart host #D{MTAHost}[127.0.0.1] D{MTAHost}[smtp.muse.net.nz] * configure local aliases mapping to remap users to a destination address in /etc/mail/aliases # Well-known aliases these should be filled in! # root: root: [EMAIL PROTECTED] permit relaying on smart host (postfix in my case) in /etc/postfix/main.cf mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, somehost.$mydomain although Henning's solution is simpler, the other one moves all config into /etc which i like more. a+ scorch
arp: attempt to overwrite entry for 10.0.0.2 on sis0 by 00:30:cd:00:00:78 on sis2
I seem to be getting a fair few of these on my firewall recently, looking like arp cache poisoning. it may be related to me losing service occasionally. I can't see how i could get pf to filter on what is effectively a lower level protocol. what other options do i have? a+ scorch
Re: seeking hardware token recommendations
On Fri, Dec 07, 2007 at 03:23:13PM -0600, K K wrote: the goal is to allow only users with (1) a hardware token and (2) the correct passwords to access services (IMAPS, etc) on openbsd machines. you may want to look at http://www.fatsquirrel.org/veghead/wot/skey.php and its corresponding software for your mobile phone. if this is interesting for you i have a list of similar links; reply offlist i can send these through. some of these are skey based and some are other 2 factor solutions. a+ scorch
Re: seems like packet is lost between pf and interface
Imre Oolberg wrote: Hallo! I am observing seemingly perplexing problem on OpenBSD 4.1 firewall. Some dns queries work from behind firewall towards internet and others doesnt. For example doesnt work query which has a big response of TXT data. If someone could explain to me where to look to or what to tune to regain those packages which seem to be lost somewhere between pf and interface. how about providing a bit more information? such as more of pf.conf than just 2 lines; there's nothing mentioned about dns there. my guess based on the information you've not provided is that you're only passing UDP DNS not TCP DNS appropriately. cheers, scorch
Re: howto restored rm-ed files/directory
Insan Praja SW wrote: Hi Misc, I got an important directory in my 4.1 bsd and it's deleted using rm -rf :(. Anyone had experience restoring them? I really.. (I mean Really) need help on this one.. Thanks, Kind Regards, Insan depends how much trouble you want to go to and in what format your files were. there are companies who will charge 800-2000$ for recovery... for a DYI-er: stop using the box/filesystem use dd or something like that to get a bit-for-bit copy of the filesystem. the underlying data is probably still there, maybe not so accessible - something like this: dd if=/dev/rsd0f of=/var/tmp/dd_rsd0f bs=64k use strings(1) and then grep or less on this to see what readable stuff you can get out of it. txt files will emerge quite usable, but not necessarily in order. if you need complete unadulterated data then there are a few other things you could try, but basically you'll need to get down dirty with disk blocks. NB suggest using vsconfig to mount a copy of your dd file as a volume again, and then fsdb to see what you can recover. a+ scorch
lib not found expat.8.0 - requires xbase42.tgz - insufficient disk on CF card
hi, i need the gettext package, requiring expat.8.0 from xbase42.tgz as covered in the FAQ. unfortunately I've struck this issue on a 256MB CF soekris build where I don't have enough space for a full install :-( are there any pointers on if or how one can extract the minimum needed for expat.8.0 out of xbase42.tgz? cheers, scorch
Re: Tapes on ciss
Theo de Raadt wrote: I've got a Compaq DL380G1 with a Smart 5300 card (ciss). I've got an array plugged into port 1, and a tape plugged into port 2. The BIOS setup for the card sees everything, but OpenBSD doesn't see the tape, nothing in dmesg. I don't even see the second scsibus for ciss. Any suggestions? talking to tape drives and such things behind raid controllers typically takes a lot more work, and few of our drivers have support for that. IIRC (and thats debatable as this is old memory) a number of the compaq array cards do *not* support tape devices behind the scsi bus. it was only intended for connecting further disks to. i think its expected to see it in the bios though even if it can't be used in pass-through configuration. if this applies to your device, it will be documented in the 5300 technical info. cheers, scorch
OT: phone applet for OTP or two factor authentication, for remote access
about 2 months ago, I found a URL for an opensource applet that runs inside a std mobile phone, generating something like a securID token, for authenticating remote access, without the need for the additional h/w. of course, now my customer is interested in such a solution but i can't find the link again (damn those bookmarks..) can any OT:reader provide me with a reminder URL? thanks, scorch
ath0 power on soekris 4801 -- wistrom senao miniPCI
my soekris 4801 with either a wistrom CM9 or senao 400mW miniPCI card ath chipset are not putting out as much grunt under OpenBSD as under FreeBSD/pfSense, at least according to my end users in the downstairs flat :-) 2 questions: is there anything simple that could quantify the power, e.g. using some feature of ports@ or openbsd? is there anything further i could do to boost up the range? other than the 2nd aerial which has definitely helped... at least anecdotally? $ ifconfig ath0 ath0: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:0b:6b:4e:84:27 groups: wlan media: IEEE802.11 autoselect hostap status: active ieee80211: nwid x chan 1 bssid 00:0b:6b:4e:84:27 inet 172.16.0.1 netmask 0xff00 broadcast 172.16.0.255 inet6 fe80::20b:6bff:fe4e:8427%ath0 prefixlen 64 scopeid 0x4 $ cat /etc/hostname.ath0 inet 172.16.0.1 0xff00 NONE \ media autoselect mediaopt hostap nwid x -bssid -chan up lastly i got a panic (something new to me) while ifconfig up'ing ath0 with various parameters. i think this should be repeatable, so i'll read through http://www.openbsd.org/report.html when i have time come back with something more concrete; at least here it's not going to get lost/forgotten. panic: ieee80211_newstate: bogus xmit rate 7 setup Starting stack trace... panic(d0bd7000,dac37960,d0bd6030,1,d0bd6030) at panic+0x71 panic(d06835ed,d068360c,7,919f7,d3d3ec00) at panic+0x71 ieee80211_rssadapt_choose(d0bd6030,4,,919f7) at ieee80211_rssadapt_choose ath_newstate(d0bd6030,4,,fff30064,30) at ath_newstate+0x181 ieee80211_create_ibss(d0bd6030,d0bd6292,d08ace04,d03a09d3,d3d3ec00) at ieee80211_create_ibss+0x11b ieee80211_end_scan(d0bd6030,a012,d0be6980,d08ace04) at ieee80211_end_scan+0x21e ath_next_scan(d0bd6000,d0b53d00,0,d08ab000,0) at ath_next_scan+0x3d softclock(d0200058,d08a0010,10,d08a0010,d08ab000) at softclock+0x22c Bad frame pointer: 0xd08ace24 End of stack trace. dmesg: OpenBSD 4.1 (GENERIC) #1435: Sat Mar 10 19:07:45 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by National Semi (Geode by NSC 586-class) 267 MHz cpu0: FPU,TSC,MSR,CX8,CMOV,MMX cpu0: TSC disabled real mem = 133787648 (130652K) avail mem = 114675712 (111988K) using 1663 buffers containing 6811648 bytes (6652K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 20/50/29, BIOS32 rev. 0 @ 0xf7840 pcibios0 at bios0: rev 2.0 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc8000/0x9000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Cyrix GXm PCI rev 0x00 sis0 at pci0 dev 6 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 10, address 00:00:24:c5:37:30 nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1 sis1 at pci0 dev 7 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 10, address 00:00:24:c5:37:31 nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1 sis2 at pci0 dev 8 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 10, address 00:00:24:c5:37:32 nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1 ath0 at pci0 dev 14 function 0 Atheros AR5212 rev 0x01: irq 11 ath0: AR5213 5.9 phy 4.3 rf5112a 3.6, FCC2A*, address 00:0b:6b:4e:84:27 gscpcib0 at pci0 dev 18 function 0 NS SC1100 ISA rev 0x00 gpio0 at gscpcib0: 64 pins NS SC1100 SMI rev 0x00 at pci0 dev 18 function 1 not configured pciide0 at pci0 dev 18 function 2 NS SCx200 IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: TOSHIBA THNCF512MMA wd0: 1-sector PIO, LBA, 488MB, 1000944 sectors wd0(pciide0:0:0): using PIO mode 2 geodesc0 at pci0 dev 18 function 5 NS SC1100 X-Bus rev 0x00: iid 6 revision 3 wdstatus 0 ohci0 at pci0 dev 19 function 0 Compaq USB OpenHost rev 0x08: irq 5, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: Compaq OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered isa0 at gscpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 nsclpcsio0 at isa0 port 0x2e/2: NSC PC87366 rev 9: GPIO VLM TMS gpio1 at nsclpcsio0: 29 pins gscsio0 at isa0 port 0x15c/2: SC1100 SIO rev 1: npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom0: console pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo biomask f3e5 netmask ffe5 ttymask ffe7 pctr: no performance counters in CPU dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302
named lookup failures through pf fw
i seem to be having a dns/fw issues that i can't figure out. basically, wifi clients can't lookup dns successfully unless the entry is already cached on the openbsd 4.0 box first. this has just started after introducing a new firewall config but i have _no_ idea what the difference between a fresh vs cached lookup should be from the client side! this is surely a misunderstanding on my part. can you see what i'm missing? what's there: openbsd 4.0 dns servers 10.0.0.11 12 openbsd 4.1 firewall sis2internet, 121.73.27.x sis1/2 bridged 10.0.0.11 12 via crossover ath0wifi 172.16.x.x dhcp for clients dhcp side: the clients (macos, windows, whatever) receive a dhcp address can access services such as email on the 10.x network, and anything on the internet via IP address. but when a name lookup is done from 172. to the 10. dns servers, the request goes through to the 10. dns server just fine - which then replies with a 'not found' type error. running the same lookup again on the 10. dns server directly works. then re-running the same query from the client side retrieves the new cached version correctly. presumably the fw rules are ok as traffic is passing each time. but what am i missing? i've not changed the dns servers since 3.9, but there is a new pfSense firewall in between. pf.conf named.conf follow the dns trace. en1: flags=8863UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST mtu 1500 tunnel inet -- inet 172.16.0.10 netmask 0xff00 broadcast 172.16.0.255 ether 00:19:e3:0f:1a:6b media: autoselect status: active supported media: autoselect vlan: 0 parent interface: none bond interfaces: none non-cached from client: May 17 07:19:52.391667 172.16.0.10.49319 10.0.0.11.53: [udp sum ok] 21247+ A? www.novell.com. (32) (ttl 63, id 17885, len 60) return to client: May 17 07:19:52.392233 10.0.0.11.53 172.16.0.10.49319: 21247- 0/13/13 (451) (ttl 64, id 20192, len 479) non-cached from dns server: May 17 07:20:08.675725 10.0.0.2.40578 203.96.152.4.53: [udp sum ok] 13112+ [1au] A? www.novell.com. (43) (ttl 64, id 6400, len 71) reply from dns forwarder: May 17 07:20:08.686623 203.96.152.4.53 10.0.0.2.40578: 13112 1/3/3 www.novell.com. A 130.57.5.25 (162) (DF) (ttl 124, id 11878, len 190) cached from client: May 17 07:20:13.695183 172.16.0.10.49320 10.0.0.11.53: [udp sum ok] 50027+ A? www.novell.com. (32) (ttl 63, id 17961, len 60) cached reply from dns server: May 17 07:20:13.695563 10.0.0.11.53 172.16.0.10.49320: 50027- 1/3/2 www.novell.com. A 130.57.5.25 (151) (ttl 64, id 18118, len 179) pf.conf === # $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $ # # See pf.conf(5) and /usr/share/pf for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. # macro definitions # interfaces ext_if = sis2 wii_if = ath0 dmz_if = { sis0 sis1 bridge0 } int_if = { sis0 sis1 bridge0 ath0 } # networks ext_nw = { 121.73.27.0/24 } wii_nw = { 172.16.0.0/24 } dmz_nw = { 10.0.0.0/24 } int_nw = { 10.0.0.0/24 172.16.0.0/24 } # dmz hosts dmz_web = 10.0.0.20 dmz_mail = 10.0.0.21 dmz_ssh = 10.0.0.31 # port groups mail_ports = { imap, imaps, smtp } web_ports = { http, https } # tables table spamd-white persist table internal_net persist {10.0.0.0/24, 172.16.0.0/24} # options set skip on lo set require-order yes set block-policy drop set optimization normal set loginterface none set loginterface ath0 # normalisation scrub in all scrub out all # translation redirection nat on $ext_if inet proto {icmp, tcp, udp} \ from !($ext_if) - ($ext_if:0) rdr pass on $ext_if inet proto tcp \ from any to $ext_nw port $web_ports - $dmz_web rdr pass on $ext_if inet proto tcp \ from any to $ext_nw port $mail_ports - $dmz_mail rdr pass on $ext_if inet proto tcp \ from any to $ext_nw port ssh - $dmz_ssh # filtering block in all block out log all block quick proto { tcp, udp } from any port = 0 to any block quick proto { tcp, udp } from any to any port = 0 # block
Re: named lookup failures through pf fw [RESOLVED]
On Thu, May 17, 2007 at 10:42:46AM +0200, Mats O Jansson wrote: On Thu, 17 May 2007 [EMAIL PROTECTED] wrote: i seem to be having a dns/fw issues that i can't figure out. basically, wifi clients can't lookup dns successfully unless the entry is already cached on the openbsd 4.0 box first. I guess you have to add the wifi network in the acl clients list in named.conf. -moj thanks Mats, sorted! a+ scorch
Re: PF rules2
On Fri, May 04, 2007 at 08:00:06AM +0200, Tang Tse wrote: Hi again, I follow with my own fight with PF. ( sorry to send other mail, but i can't really fix this ). If I reduce pf.conf to the following rules: block in all pass in on $int_if proto {tcp,udp] from any to any port 22 keep state I can connect to ssh, but it takes at least on minute to ask me the user and pass. If i change it to block in on $ext_if all, then i can connect with the normal speed. so there's a question begging here - what _other_ traffic is being blocked by block in all that is allowed through by the other option? hint: think about running sshd in debug to see what takes so long. or use pf block in log all (or whatever the appropriate syntax is) to see what is dropped. my guess is that your resolver is not accessible for some reason in the slow case and ssh is timing out on the reverse lookup for the client connection. a+ scorch
Re: AFS Server on OpenBSD
I have been trying to find some information on setting up a AFS server on OpenBSD, is it even possible? Rico. If you have more questions regarding openafs, ask [EMAIL PROTECTED] what you're asking about is really AFS-centric, not openBSD-centric. -Marcus Watts Or you could just have a look at net/openafs port... hey Rico, short answer is yes its possible, but the net/openafs port is subtly broken. i plan to re-test openafs 1.4.4 when 4.1 is released publically (as I donate but don't grab CDs). i've been using openafs on openbsd for about 3 years now happily in the main apart from a headache between 3.8-3.9 i think. currently i'm running openbsd40 + inbuilt heimdal + openafs 1.4.3 + (a few patches) without any issues, other than the recent openafs security advisory. with a bit of support from todd@ hopefully 1.4.4 will be in 4.1-current soon afterwards. if you're hosting openafs for larger networks then i believe that the recommendation is usually rhel i suspect solaris. best to check that with openafs-info tho. in my experience, broadly speaking the biggest headache is likely to be that the arla version we have in openbsd is not the latest greatest. for a small network it works fine for me, YMMV. it's not IMHO always plug-n-play solution for laptop users but this could be debated on openafs-info again. i suggest you contact me offline on this as i've got some notes on putting this all together. i'll send these through. a+ scorch
Re: make release question
Didier Wiroth wrote: Hello, I've customized /usr/src/etc/etc.i386/Makefile.inc to create 2 additional kernels: bsd.acpi + bsd.mp.acpi I created a custom cd which now has the following kernels: bsd.rd bsd bsd.mp bsd.acpi bsd.mp.acpi When launching the standard install process with bsd.rd, you can only see/select the standard files: bsd bsd.mp base41.tgz etc41.tgz etc xbase41.tgz but bsd.acpi + bsd.mp.acpi are not shown, why? How or what do I have to modify to be able to select and install my custom kernels (bsd.acpi + bsd.mp.acpi) during the standard setup procedure? have you modified index.txt in the same folder? i'm not near a box to check but IIRC this works for *.tgz, so perhaps its also ok for bsd.* scorch
Re: About commands
Stephen Liu wrote: What will be the equivalent command on OBSD? TIA i suggest you bone up on the first 3 links at http://www.xs4all.nl/~hanb/documents/topic.html before posting again. RTFM, STFW would be the standard answer round here. or maybe we have more time free than you have? are you even in front of a keyboard? On Linux World, $ fdisk -l displaying all partitions of a HD $ fdisk -l fdisk: unknown option -- l usage: fdisk [-ieu] [-c cylinders -h heads -s sectors] [-f mbrfile] device -i: initialize disk with virgin MBR -u: update MBR code, preserve partition table -e: edit MBRs on disk interactively -f: specify non-standard MBR template -chs: specify disk geometry `disk' may be of the forms: sd0 or /dev/rsd0c. $ sudo fdisk wd0 Disk: wd0 geometry: 2480/255/63 [39841200 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: idC H S -C H S [ start: size ] 0: 000 0 0 -0 0 0 [ 0: 0 ] unused 1: 000 0 0 -0 0 0 [ 0: 0 ] unused 2: 000 0 0 -0 0 0 [ 0: 0 ] unused *3: A60 1 1 - 2479 254 63 [ 63:39841137 ] OpenBSD NB disklabel will be more use to you probably. $ df -h displaying all partitions with size and use $ df -h Filesystem SizeUsed Avail Capacity iused ifree %iused Mounted on /dev/wd0a 1006M292M664M31%4871 139383 3% / /dev/wd0d 5.9G3.5G2.1G63% 264441 53926933% /usr /dev/wd0e 5.9G2.8G2.8G49% 14292 789418 2% /var /dev/wd0g 3.9G2.0K3.7G 0% 1 535805 0% /tmp /dev/wd1a 113G 18.7G 88.4G17% 12521 14969493 0% /vicepa /dev/xfs0 10.6G 0B 10.6G 0% 04711 0% /afs you really are lazy. scorch -- out of the frying pan into the fire
Re: Running OpenOffice on OpenBSD-How do I start it?
Robert Goulding wrote: To load OpenOffice with linux emulation I went to http://www.xs4all.nl/~hanb/documents/openoffice_on_openbsd.html Running OpenOffice on OpenBSD hi Robert, i followed this found openoffice somewhat unreliable under linux emulation. i believe there'll be an openoffice package in 4.1 which will be released in the near future. i've been using it under -current it's really solid, thanks to a lot of work from robert nagy. if you're really starting from scratch it might be worth waiting for that to come out instead. perhaps its worth Han changing his site to avoid leading people down the garden path, now we have a port in place. a+ scorch
routing configuration for a soekris + wifi ath0
I've just received a miniPCI ath0 card for my soekris, plan to eliminate the current draytek wireless router from my home LAN. however this is a little further out of my currrent skill set than before, esp. in the subnet/routing arena before i dig in too deep i could do with some feedback on the right way to set this up. currently i have this mess in place: soekris: FreeBSD/pfSense sis0internet, static IP sis110.0.0.5 going to eth1 router || router: eth110.0.0.1 cabled to sis1 eth2to webserver at 10.0.0.2 eth3to mailserver at 10.0.0.3 eth4to desktop with dhcp what i'm hoping to do, under OpenBSD is the following: soekris:openbsd4.0, pf, dhcp, spamd, ntpd, routing sis0internet sis1going to webserver at 10.0.0.2 sis2going to mailserver at 10.0.0.3 ath0wifi going to desktop with dhcp i.e. soekris would route between sis0, wifi, sis1/2 as needed, provide ntpd, pf, dhcp services to the LAN. the questions: -is this a workable/sensible config? - am i correct in planning to set up sis1/2 as a bridge? - do i _need_ to assign an IP to the sis1/2 interfaces then? - can i use the same default gateway for all boxes - planning 10.0.0.1? - or does the ath0 wifi need a separate subnet to sis1/2? thanks! a+ scorch
Re: pkg_add with http?
John Brooks wrote: first manually download the package to your machine via ftp. then run pkg_add against the file you just downloaded. if something doesn't work, you'll know exactly which part is failing. -- John Brooks [EMAIL PROTECTED] Hi, how can I make pkg_add work with http? I already have PKG_PATH=http://ftp-stud.fht-esslingen.de/pub/OpenBSD/4.0/packages/i386/; FETCH_CMD=/usr/local/bin/wget but pkg_add -v doesn't work. Best Martin pkg_add does all of this for you - without the need for a separate FETCH_CMD or enclosing PKG_PATH in quotes. use pkg_add built in smarts to do both for you - use the PKG_CACHE mechanism to store locally any packages, and pkg_add to do the right thing for you - search first in your downloaded/cached packages, then on the cdrom (if mounted), and finally get from your chosen mirror: mkdir /packages/ PKG_ARCH=`uname -s`/`uname -r`/packages/`uname -m` PKG_PATH=/packages:/cdrom/`uname -r`/packages/`uname -m`/:http://ftp-stud.fht-esslingen.de/pub/$PKG_ARCH/ PKG_CACHE=/packages/ this looks like this on my box: PKG_ARCH=OpenBSD/4.0/packages/i386 PKG_CACHE=/packages/ PKG_PATH=/packages:/cdrom/4.0/packages/i386/:http://ftp-stud.fht-esslingen.de/pub/OpenBSD/4.0/packages/i386/ then you only need to do each time: pkg_add -iv pkgname it will be downloaded/installed as needed. on my box the above works fine - i.e. retrieving packages via http:// is understood by pkg_add - as documented/expected! a+ scorch
getting started with spamd/pf
i've started looking at spamd to be honest i'm a little confused even after reading man google. could somebody run a quick check over all of this to reassure me? NB special thanks to peter@ for http://home.nuug.no/~peter/pf/en/ this was a godsend! scenario: pf fw running as inet gateway NATs smtp to postfix on different host. this works just fine but of course receives spam occasionally! spamd appears to be a drop-on-top of your existing (working) MTA config - i.e. no changes are required to my pf fw postfix setup at all. am i right? changes - all on postfix box only: - enabled pf set a pf.conf (below) - use default spamd.conf this seems to work but - i don't see a greylist table anywhere in pfctl -s all. is one needed? pf in-memory table spamd-white doesn't persist between reboots. is this expected? here's my config (all on the postfix box) - supposedly following vanilla openbsd40/release: rc.conf.local:spamd_grey=YES rc.conf.local:spamd_flags=-v 127.0.0.1 rc.conf.local:spamlogd_flags= thanks, scorch file:/etc/pf.conf ext_if=fxp0 table spamd persist table spamd-white persist file /etc/whitelist.txt set skip on lo scrub in rdr pass on $ext_if proto tcp from spamd to port smtp \ - 127.0.0.1 port spamd rdr pass on $ext_if proto tcp from !spamd-white to port smtp \ - 127.0.0.1 port spamd pass in on $ext_if proto tcp to ($ext_if) port ssh pass in log on $ext_if proto tcp to ($ext_if) port smtp pass out log on $ext_if proto tcp from ($ext_if) to port smtp file:/etc/spamd.conf # $OpenBSD: spamd.conf,v 1.19 2006/07/11 05:40:33 djm Exp $ # # spamd config file, read by spamd-setup(8) for spamd(8) # # See spamd.conf(5) # # Configures whitelists and blacklists for spamd # # Strings follow getcap(3) convention escapes, other than you # can have a bare colon (:) inside a quoted string and it # will deal with it. See spamd-setup(8) for more details. # # all must be here, and defines the order in which lists are applied. # Whitelists apply to the previous blacklist. More than one whitelist # may be applied to each blacklist. # # As of November 2004, a place to search for black lists is # http://spamlinks.net/filter-bl.htm # # Some of the URLs below point to www.openbsd.org locations. Those # files are likely to be mirrored to other OpenBSD www mirrors located # around the world. Hence, it is possible to edit this file and rewrite # www.openbsd.org with, for instance, to www.de.openbsd.org all:\ :spews1:china:korea: # Mirrored from http://www.spews.org/spews_list_level1.txt spews1:\ :black:\ :msg=SPAM. Your address %A is in the spews level 1 database\n\ See http://www.spews.org/ask.cgi?x=%A for more details:\ :method=http:\ :file=www.openbsd.org/spamd/spews_list_level1.txt.gz: # Mirrored from http://www.spews.org/spews_list_level2.txt spews2:\ :black:\ :msg=SPAM. Your address %A is in the spews level 2 database\n\ See http://www.spews.org/ask.cgi?x=%A for more details:\ :method=http:\ :file=www.openbsd.org/spamd/spews_list_level2.txt.gz: # Mirrored from http://www.okean.com/chinacidr.txt china:\ :black:\ :msg=SPAM. Your address %A appears to be from China\n\ See http://www.okean.com/asianspamblocks.html for more details:\ :method=http:\ :file=www.openbsd.org/spamd/chinacidr.txt.gz: # Mirrored from http://www.okean.com/koreacidr.txt korea:\ :black:\ :msg=SPAM. Your address %A appears to be from Korea\n\ See http://www.okean.com/asianspamblocks.html for more details:\ :method=http:\ :file=www.openbsd.org/spamd/koreacidr.txt.gz: whitelist:\ :white:\ :method=file:\ :file=/etc/whitelist.txt:
Re: getting started with spamd/pf
Didier Wiroth wrote: scenario: pf fw running as inet gateway NATs smtp to postfix on different host. this works just fine but of course receives spam occasionally! spamd appears to be a drop-on-top of your existing (working) MTA config - i.e. no changes are required to my pf fw postfix setup at all. am i right? changes - all on postfix box only: - enabled pf set a pf.conf (below) - use default spamd.conf this seems to work but - i don't see a greylist table anywhere in pfctl -s all. is one needed? ok sorted this out, these are found using spamdb... :-) pf in-memory table spamd-white doesn't persist between reboots. is this expected? Are you running spamdlogd, this is the daemon that should read and load the IPs (from spamd) in the pf table? yes i'm running spamlogd. however the issue is that i didn't understand the pf table - it loads a file from disk, but doesn't use the same table for updates. so i added a second table for the permanent whitelist in pf.conf Please note, to use your whitelist entry in spamd.conf you should have something like: all:\ :spews1:whitelist:china:whitelist:korea:whitelist: now yes - this makes sense. You should really consider to use the latest current /etc/mail/spamd.conf from the cvs repository, as there are far better hosts in it. ok done. thanks for your comments Didier! so now i have (maybe) 1 last problem - i want to pass through the connections on disk before the spamd rules take place. but my modified pf.conf won't parse, due to an error. i understand *why* but not how to set this up correctly. basically this rule needs to be moved somewhere else: #pass in log on $ext_if proto tcp from spamd-clear to port smtp a+ scorch # pfctl -gnf /etc/pf.conf /etc/pf.conf:x: Rules must be in order: options, normalization, queueing, translation, filtering ... file:/etc/pf.conf ext_if=fxp0 int_if=lo0 table spamd persist table spamd-white persist table spamd-clear persist file /etc/whitelist.txt set skip on lo scrub in # spam filters - spamd-clear go straight through, the rest grey/tar as needed #pass in log on $ext_if proto tcp from spamd-clear to port smtp rdr pass on $ext_if proto tcp from spamd to port smtp \ - 127.0.0.1 port spamd rdr pass on $ext_if proto tcp from !spamd-white to port smtp \ - 127.0.0.1 port spamd pass in on $ext_if proto tcp to ($ext_if) port ssh #pass in log on $ext_if proto tcp to ($ext_if) port smtp pass out log on $ext_if proto tcp from ($ext_if) to port smtp
Re: will Tandberg StorageLoader play nice?
Henrik Hellerstedt wrote: According to ch(4) virtually any tape changer / scsi juke box will work, but before I order one it would be nice if the community could recommend a juke box they know works well. Something like Tandbergs StorageLoader is what I had i mind: http://www.tandbergdatacorp.com/products/products_automation_StorageLoaderLTO2.htm Sincerely Henrik Hellerstedt [EMAIL PROTECTED] what h/w underneath you are going to have to drive that? LTO requires a high level of throughput from both the underlying disk subsystem and also the backup app - e.g. tar/cpio are lousy compared to the commercial products. blocksize 256k also helps a lot, but needs to be benchmarked for _your_ system. a+ scorch
Re: binary updates
On 2/26/07, Default User [EMAIL PROTECTED] wrote: When will we ever see binary updates for OpenBSD? Taking a system off-line for over 20 hours to do a source code rebuild is just too long, and just tracking RELEASE means running an insecure system. Binary updating - try it, you'll like it! you *can* do this - use snapshots. i just did one today - check openbsd.org/ for any upgrade information - download bsd.rd, reboot on that follow (u)pgrade instructions - it uses ftp to retrieve the rest of the sets you need - use pkg_add -uiv to upgrade any packages for the final finishing touches looks like a binary upgrade to me. or are you expecting something else? a+ scorch
Re: serial console on macbook?
Ben Calvert wrote: can't install 4.0 or snapshots on my macbook due to what appear to be issues with the usb controller. ( lots of errors about the usb controller, and the keyboard is nonresponsive... no capslock light, no input ) does anyone have any ideas about how to capture the dmesg so i can submit? thanks, ben sounds like a similar pb i had on an hp omnibook - you can't get the installer to complete to get a dmesg, maybe you don't have a suitable serial cable or port to capture it otherwise. i'm not sure about the lights loss of input, maybe that's a different problem. but you can try the following in either case: make a new boot cd with an additional file, as follows, based on 4.0 release or a -current: file:///etc/boot.conf set timeout 5 boot -c this will drop you into the ukc before the device probing starts, so you can try try again disabling various things, such as : verbose disable uhci* disable ehci* disable ohci* disable usb* this got me to a working state then i could fine-tune adding them back in until things were usable again. info on making the CD, ymmv: http://www.webengr.com/development/tools/openbsd/tips/cdrom/ http://undeadly.org/cgi?action=articlesid=20031105030127 a+ scorch
Re: is there [EMAIL PROTECTED] archive?
Theo de Raadt wrote: i'm looking for new mobos (both embedded normal) wondered if there's any way to search through sumbitted [EMAIL PROTECTED] (you do all send in your dmesg don't you?) to see what people ran into previously. gmane marc have proved reasonably light on Sorry, but I have thought about this and do not plan to change our policy . not asking you to :-) it's a good reason. i'll send something to Nick for the FAQ. the only thing i found was http://www.nycbug.org/?NAV=dmesgd;f_bsd=OpenBSD which was not extensive enough - but a nice interface! And they will NEVER receive as many dmesg's as we do, because our we promise privacy... There's no middle ground. i many others would be happy to have a public dmesg. if nycbug have a mail-accessible interface, are happy to share, could we add a note to either afterboot or FAQ to point people there to upload one for reference? i don't see why there shouldn't be a choice for something so useful. a+ scorch out of the frying pan into the fire
Re: is there [EMAIL PROTECTED] archive?
[EMAIL PROTECTED] wrote: Theo de Raadt wrote: And they will NEVER receive as many dmesg's as we do, because our we promise privacy... There's no middle ground. Our developers never look at those, so they do not serve our purposes. We don't want to distract our users from sending in reports which actually serve our developers, and thus make better code. Sorry, but I do not agree with your direction on this. VERY OFTEN we do not document something because it hurts other things. i follow your point on privacy. but not the latter part (isn't this exactly what you/we are concerned about from vendors - lack of disclosure of useful information, due to hurting commercial interests? more to the point, i wish to buy stuff that works well under openbsd, clearly this is linked to the policies of vendors on disclosure, and developer interest. now if i can only guess at equipment that was fully documented, followed up with support for the developers, then how can i allow my $$ to reward vendors with those policies, that help you write better code that we enjoy using? if i follow you correctly - #1 there's a strict requirement for privacy for dmesg@ - fair enough. i've sent a line to nick@ to clarify this in the FAQ as i've not seen it mentioned elsewhere. #2 you don't want to suggest to people that they can _also_ send a dmesg somewhere else as this might confuse them, you won't get bug reports. i would hope somebody able to file the bug reports you ask for is able to manage CC'ing a dmesg to somewhere else as well without getting lost on the way. if I can't easily identify stuff that works well then I end up spending 500$ on a mobo destined for dust-ware, instead of on your admittedly great OS. since my first CD was a 2.8 one, i'm loath to waste my money on junk kit that doesn't run well on openbsd. the http://www.openbsd.org/i386.html page doesn't include any info on motherboards, although it does cover the peripheral side pretty well. i'd be happy enough with a few notes on mobos that work here - but where would i as a user go to get this information? if you think it's our business to send in updates for this page, i'll do so - but i think i am not a good person to tell when a mobo is fully supported, or if the h/w vendor was helpful. if you stick to refusing #2, well, as always, it's your OS, your call as developers. but i think that you are reducing your support base if there is no reference point for stuff that works well. a+ scorch
rsyncing -current packages -- pattern matching problems
hi, i am rsyncing -current packages taking advantage of rsync's pattern matching to avoid specifying the package versions, to make a local repository for upgrades. there are several packages that i _don't_ want to retrieve flavours for, e.g. cyrus-sasl as an example. but i haven't been able to force just the base package, without specifying identically the filename - which defeats the purpose of what i was trying to achieve. here's my current go, trimmed to show the specific problem: $ cat snapshot.inc # include file for rsync cvsync-* cyrus-sasl-* - cyrus-sasl-*db* - cyrus-sasl-*mysql* - cyrus-sasl-*ldap* db-4* - *.tgz $ rsync -thrivz --stats --del -n rsync://rsync.de.openbsd.org/OpenBSD/snapshots/packages/i386 /var/tmp/packages/ --include-from=snapshot.inc [...] f+++ i386/cvsync-0.24.19.tgz f+++ i386/cyrus-sasl-2.1.21p2-db4.tgz f+++ i386/cyrus-sasl-2.1.21p2-ldap.tgz f+++ i386/cyrus-sasl-2.1.21p2-mysql.tgz f+++ i386/cyrus-sasl-2.1.21p2.tgz f+++ i386/db-4.2.52p11.tgz f+++ i386/index.txt [...] but I _don't_ want to retrieve all the{db4,ldap,mysql} flavors - just the base one. can anybody help? a+ scorch out of the frying pan into the fire
SOLVED Re: rsyncing -current packages -- pattern matching problems
RW wrote: thanks - that was it - natch the order of rsync includes/excludes is mentioned in the cryptic man page. so, you need to: exclude the more specific entry, and then finally include the required one last as a generic entry: - cyrus-sasl-*mysql* - cyrus-sasl-*db4* - cyrus-sasl-*postgres* - cyrus-sasl-*ldap* cyrus-sasl-* achieves the required result. yes it was a bit off topic but i was hoping to see how others did this. a+ scorch i am rsyncing -current packages taking advantage of rsync's pattern matching to avoid specifying the package versions, to make a local repository for upgrades. there are several packages that i _don't_ want to retrieve flavours for, e.g. cyrus-sasl as an example. but i haven't been able to force just the base package, without specifying identically the filename - which defeats the purpose of what i was trying to achieve. here's my current go, trimmed to show the specific problem: $ cat snapshot.inc # include file for rsync cvsync-* cyrus-sasl-* - cyrus-sasl-*db* - cyrus-sasl-*mysql* - cyrus-sasl-*ldap* db-4* - *.tgz $ rsync -thrivz --stats --del -n rsync://rsync.de.openbsd.org/OpenBSD/snapshots/packages/i386 /var/tmp/packages/ --include-from=snapshot.inc [...] f+++ i386/cvsync-0.24.19.tgz f+++ i386/cyrus-sasl-2.1.21p2-db4.tgz f+++ i386/cyrus-sasl-2.1.21p2-ldap.tgz f+++ i386/cyrus-sasl-2.1.21p2-mysql.tgz f+++ i386/cyrus-sasl-2.1.21p2.tgz f+++ i386/db-4.2.52p11.tgz f+++ i386/index.txt [...] but I _don't_ want to retrieve all the{db4,ldap,mysql} flavors - just the base one. can anybody help? I don't have a chance to check (no rsync file or man page to check) but: Maybe in the rules you constructed first match wins. Once a match happens no further rules are evaluated? Otherwise you might go ask on an rsync list - I'd guess the folk there wouldn't have to go look at the manpages It really is OT here.
is there [EMAIL PROTECTED] archive?
i'm looking for new mobos (both embedded normal) wondered if there's any way to search through sumbitted [EMAIL PROTECTED] (you do all send in your dmesg don't you?) to see what people ran into previously. gmane marc have proved reasonably light on the only thing i found was http://www.nycbug.org/?NAV=dmesgd;f_bsd=OpenBSD which was not extensive enough - but a nice interface! a+ scorch
Re: i386 -current snapshots hanging?
Sam Smith wrote: is anyone else seeing i386-current lockups with both yesterday's snapshot and one from last week? the machien is doing a fair bit of disc thrashing when it wedges. Not been able to get a core sample out of it as yet. Sam no. both stable as houses here, on this 800MHz laptop :-) + scorch OpenBSD 4.0-current (GENERIC) #1355: Tue Jan 30 02:01:24 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class) 797 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 267939840 (261660K) avail mem = 236535808 (230992K) [...]
building php5-gd-{hardened, no_x11} from source
hi misc@, the php5-gd-*-hardened-no_x11 package is the only php package missing to complete implementing http://zenphoto.org/ pic blog tool for me. however i can't seem to persuade the build system to build _only_ that package for me - I can only generate the whole php5-extensions in one single package. this is killing my bandwidth by downloading the kitchen sink.. pine, curl, etc etc... ad nauseam. starting point: openbsd, 4.0 release + ports/src trees from cd. $ cd /usr/ports/www/php5 $ env FLAVOR=no_x11 hardened SUBPACKAGE='-gd' make ..config make stuff ... === Faking installation for mhash-0.9.1p1 .. etc.. -- what should i be doing differently here, just to build the -gd- part without needing to download build all the other stuff? do i need to install all the prior php5- packages to avoid this? NB thanks to previous threads noting that xbase etc. needed to be installed! a+ scorch
Re: ntpd on -current 8 hours off
On Fri, Jan 26, 2007 at 09:30:49AM +0100, Stephan A. Rickauer wrote: on a current snapshot from last week ntpd -s will successfully synchronize the clock at once, but 8 hours off the real time. 4.0-release and older snapshots behave as expected. Is there some new 'feature' I need to learn about? seems more like your TZ is off after upgrade perhaps to US timezone. a+ scorch
Re: 80x50 console res but .. clean font
Darrin Chandler said the following on 2006-02-28 16:24: In default console res, the font is crisp and clear but using the example: wsfontload -h 8 -e ibm /usr/share/misc/pcvtfonts/vt220l.808 Try installing the package for terminus fonts and use the appropriate one with wsfontload. Terminus is very crisp and clean and may make you happier. thanks for the suggestion. however these fonts seem all to be X11. are there any ways to convert there to 80x50 resolution, and also identify which ones are vt220 compatible etc? cheers, scorch -- out of the frying pan and into the fire
Re: serial console
Gustavo Rios said the following on 2006-02-28 20:36: Hey folks, i am trying to set my desktop serial console in order to be able to have serial access to my soekris box. hola gustavo, i've just done this. perhaps you are over-complicating things. #1 you do need the same speed at both ends #2 you may find it easier the first few times round using minicom (packages) # set up serial parameters # minicom -s # minicom you should be away. NB i used 19200, 8n1 instead of 9600. this seems to be a bit less unreliable during boot phase, but faster during normal usage. YMMV. 9600 is the standard for everything else so perhaps its better to set your soekris to 9600 to match the rest. cheers, scorch -- out of the frying pan and into the fire
openbsd 3.9beta -- panic when installing to IDE on soekris net4801
hi, i've moved 1 net4801 from openbsd 3.8 to 3.9beta (snap feb 20) successfully. this one uses only CF for storage runs happily. next stage is running the same beast from a 20GB IDE - tested known good in a spare laptop. i boot from tftp, using PXEBOOT/DHCP. unfortunately i get a panic during the point i'd normally get to run disklabel. panic: root filesystem has size 0 just before that i get the following warnings wd1(pciide0:0:1): timeout type: ata c_bcount: 8192 c_skip: 0 pciide0:0:1: bus-master DMA error: missing interrupt, status=0x41 so after reading up: http://article.gmane.org/gmane.os.openbsd.misc/93704 and setting config wd0 0xffc0, i get a little further: wd1(pciide0:0:1): timeout type: ata c_bcount: 8192 c_skip: 0 pciide0:0:1: bus-master DMA error: missing interrupt, status=0x60 i.e. not really any much further along :-( 2 questions: what DMA mode (or whatever) should i be using to get this to work? what are the meaning of 0xffc0 ? i've read the man pages below and don't feel anymore enlightened. http://www.openbsd.org/cgi-bin/man.cgi?query=configapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html and http://www.openbsd.org/cgi-bin/man.cgi?query=wdapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html dmesg follows, from the CF install.. no its not generic, but it IS a 4801 built using flashdist. i've not gotten a dmesg from the hanging GENERIC successfully. cheers, scorch -- out of the frying pan and into the fire OpenBSD 3.9-beta (NET4801) #2: Wed Feb 22 00:29:21 CET 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/NET4801 cpu0: Geode(TM) Integrated Processor by National Semi (Geode by NSC 586-class) 267 MHz cpu0: FPU,TSC,MSR,CX8,CMOV,MMX cpu0: TSC disabled real mem = 133799936 (130664K) avail mem = 119648256 (116844K) using 1658 buffers containing 6791168 bytes (6632K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 20/50/29, BIOS32 rev. 0 @ 0xf7840 pcibios0 at bios0: rev 2.0 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc8000/0x9000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Cyrix GXm PCI rev 0x00 sis0 at pci0 dev 6 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 10, address 00:00:24:c5:37:30 nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1 sis1 at pci0 dev 7 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 10, address 00:00:24:c5:37:31 nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1 sis2 at pci0 dev 8 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 10, address 00:00:24:c5:37:32 nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1 gscpcib0 at pci0 dev 18 function 0 NS SC1100 ISA rev 0x00 gpio0 at gscpcib0: 64 pins NS SC1100 SMI rev 0x00 at pci0 dev 18 function 1 not configured pciide0 at pci0 dev 18 function 2 NS SCx200 IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compati bility wd0 at pciide0 channel 0 drive 0: Ritek Corporation wd0: 1-sector PIO, LBA, 122MB, 250368 sectors wd1 at pciide0 channel 0 drive 1: IBM-DJSA-220 wd1: 16-sector PIO, LBA, 19077MB, 39070080 sectors wd0(pciide0:0:0): using PIO mode 2 wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2 geodesc0 at pci0 dev 18 function 5 NS SC1100 X-Bus rev 0x00: iid 6 revision 3 wdstatus 0 ohci0 at pci0 dev 19 function 0 Compaq USB OpenHost rev 0x08: irq 11, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: Compaq OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered isa at gscpcib0 not configured isa0 at mainbus0 isadma0 at isa0 nsclpcsio0 at isa0 port 0x2e/2: NSC PC87366 rev 9: GPIO VLM TMS gpio1 at nsclpcsio0: 29 pins gscsio0 at isa0 port 0x15c/2: SC1100 SIO rev 1: npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom0: console pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo biomask fbe7 netmask ffe7 ttymask ffe7 dkcsum: wd0 matches BIOS drive 0x80 dkcsum: wd1 matches BIOS drive 0x81 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 /dev/rwd0a: file system is clean; not checking mfs: mounting /tmp... mfs: populating /tmp... databases: dev securelevel: kern.securelevel: 0 - 1 watchdog: kern.watchdog.period: 0 - 32 watchdog: kern.watchdog.auto: 1 - 1 hostname: setting hostname to akai... inet: configuring IP on system interfaces... route: adding default route... add net default: gateway 10.0.0.1 pf/nat: configuring and enabling... pf enabled syslogd: starting log daemon...
Re: Correct directory for group files
Where is the most appropriate place in the filesystem for this directory? I've considered both /home/photos and /var/photos, but I'm not quite if one is better than the other, or if it just doesn't make a difference. if you put them on /var run out of space due to people stuffing pr0n or baby photos (the difference is debatable) then apps that store stuff in /var like mysql may die due to lack of space. if you put them on /home your users can't work. it depends on who you want to suffer the pain. in this case, i usually go for the users; at least there's some link in responsibility to the issue at hand. cheers, scorch -- out of the frying pan and into the fire
Re: latin pedants (was theo fwd)
Theo doesn't need advocates to reply - if he wants too! Errare humanum est, perseverare autem diabolicum! Ioan Stilus email est humanus , tamen caput capitis - stipes est diabolical. and Quid quid latine dictum sit, altum videtur usque ad mortem bibendum :-) cheers, scorch -- out of the frying pan and into the fire
Re: CPU time off by a factor of two
intel powerstep or any other garbage -- try turning it off in the BIOS? cheers, scorch -- out of the frying pan and into the fire
Re: Problem with arla.
Jan Johansson said the following on 2005-09-29 11:44: Hello. I am having problems with arla. 2 of 3 reboots the afsd will be running but $ cd /afs ksh: cd: /afs - Not a directory I did not see this problem on 3.7. I did start to see it on my home pc but took it as a fluke because of the amount of problems I have with that machine. Today I installed OpenBSD 3.8-current (GENERIC) #159: Tue Sep 27 22:21:33 MDT 2005 on my laptop (that have been rock solid with 3.7) and see the problem imediatly. hi Jan, I can't speak from experience, I'm not running -current on OpenBSD with OpenAFS yet. my only issues in several months of reasonably heavy arla usage has been with physical disk IO errors, and then needing to flush the cache afterwards. try rm -rf /var/spool/afs before restarting arla next time, and also using these arla flags in your rc.* somewhere. afs=YES afsd_flags=--log=/var/log/arlad.log --recover maybe this will help get more info, also ensure a clean startup. can you determine if you always have the issue accessing a file from cache, or not? fs flush* may help here as well. cheers, scorch -- out of the frying pan and into the fire
Re: using restore command from files?
Matt Singerman said the following on 2005-08-29 22:32: I did the restore, and it actually appears to have worked! however. And ugh, this is a however. The drive partitions that I created are slightly, er, off. I mapped /usr to /dev/wd0g, but the system is looking for it in /dev/wd0f. Obviously, this is not working. How can I fix this?! looks like your /etc/fstab doesn't match your disklabel... or is there some error message you need to send us? cheers, scorch -- out of the frying pan and into the fire
Re: The Care and Feeding of OpenBSD
Will H. Backman said the following on 2005-08-17 21:25: Do you use dump and restore, or are you just giving and example? What about partition table backup? I do it using this script below. its proved to be sufficient for a restore, except for re-creating the mysql.sock on recovery. I recall somebody else had a bootable CD with an embedded SSH server, that would actually be pretty handy too... _*DRP method:*_ boot from official CD. don't install but drop to shell. use files in $dump/configuration to create disklabel then, to recover each filesystem, I do: newfs /dev/wd0x mount /dev/wd0x /mnt cd /mnt /sbin/restore -vrf 20050626.full.partition.dump that was enough. YMMV but at least you can get started. cheers, scorch -- out of the frying pan and into the fire #/bin/sh echo full dump of var root home usr echo === dump=/tmp/backup/`hostname -s` today=`/bin/date +%Y%m%d` rm -rf $dump mkdir -p $dump/configuration /sbin/chown -R root:wheel $dump /bin/chmod -R g+rw $dump cd $dump echo backing up configuration echo === /sbin/disklabel wd0 configuration/disklabel 21 /bin/cp /etc/fstab configuration/ /bin/cp /etc/host* configuration/ /bin/cp /etc/my* configuration/ /bin/cp /etc/resolv.conf configuration/ /bin/cp /var/run/dmesg.boot configuration/ /bin/df -ih configuration/df /bin/tar cpf - /etc configuration | bzip2 -c9 $today.configuration.tar.bz2 echo backing up mysql echo === mysqldump --user root --password='your_pwd_here' --all-databases --verbose --single-transaction --flush-logs=TRUE --compress=TRUE | bzip2 -c9 $today.full.mysql.bz2 echo backing up core filesystems echo === /sbin/dump -0uaf - /var | bzip2 $today.full.var.dump.bz2 /sbin/dump -0uaf - / | bzip2 $today.full.root.dump.bz2 /sbin/dump -0uaf - /home | bzip2 $today.full.home.dump.bz2 /sbin/dump -0uaf - /usr | bzip2 $today.full.usr.dump.bz2 echo === echo dump completed