Re: Extract tar balls

[Edgar Pettijohn]

On 10/30/21 3:51 PM, Bob Bernstein wrote:

On Fri, 29 Oct 2021, John Nemeth wrote:

If you don't use the default shell, then it is up to you to know how 
your shell functions.


You may be right.

Perhaps you can help me with this statement found in

https://www.netbsd.org/docs/current/#tagging

--snip--

Tagging a successful build

   If the build completes successfully, and
   produces a working set of binaries, it can
   be useful to tag the working sources. This
   allows rewinding to a working build tree
   with a single CVS command in the event that
   the current tree becomes unbuildable for any
   reason. This can be performed by issuing the
   following command:
$ cvs tag successful-build-build date

--snip--

My execution of that command (issued in /usr/src) yields:

$ cvs tag successful-build-build date
cvs tag: nothing known about date
cvs [tag aborted]: correct the above errors first!


A quick look at the manual for cvs looks like it probably should have 
just been:



cvs tag successful-build-$DATE


where $DATE is todays date.


Edgar

Re: Extract tar balls

[Edgar Pettijohn]

On 10/29/21 10:15 PM, Bob Bernstein wrote:
I'm trying to follow _The NetBSD Guide_, but I am stymied by these 
instructions, at https://netbsd.org/docs/guide/en/chap-fetch.html


$ for file in *.tgz

do
tar -xzf $file -C /
done


Entering that first line and pressing  just yields

"for: Command not found."

Are those steps, as printed, dependent on the use of a certain shell? 
I like tcsh.




try:


foreach file (*.tgz)

    tar -xz $file -C /

end

Re: Timer for X-windows?

[Edgar Pettijohn]

On 10/24/21 11:06 AM, Ignatios Souvatzis (GSG) wrote:


Am 23. Oktober 2021 04:55:21 MESZ schrieb Simon Burge :
  
#!/bin/sh

  $*


osd_cat is in pkgsrc/x11/xosd


  I've used xmessage for similar tasks (in xbase)



Same here. Its easy enough to script a timer and pop up an xmessage.

Re: Unicode to ASCII

[Edgar Pettijohn]

The attached script should do it.

usage: convert.pl  

Edgar


convert.pl
Description: Perl program

Re: Daemonizing processes in NetBSD

[Edgar Pettijohn]

If you have perl available the following should do what you
need. Wouldn't be too difficult to write something similar
in C as well.

#!/usr/bin/env perl

use strict;
use warnings;

use POSIX qw//;

sub daemonize {
defined (my $pid = fork()) or die "Can't fork: $!";
exit if $pid;
defined (my $ppid = fork()) or die "Can't fork: $!";
exit if $ppid;
chdir "/" or die "Can't chdir '/': $!";
POSIX::setsid or die "Can't start new session: $!";
}

daemonize();

eval {
my @cmd = @ARGV;
    exec @cmd;
};

warn $@ if $@;

exit;

Edgar

Re: postfix for 2 domains on 1 vps 1 ip

[Edgar Pettijohn]

On Fri, Jan 01, 2021 at 09:35:33PM +0530, Mayuresh wrote:
> On Fri, Jan 01, 2021 at 09:53:13AM -0600, Edgar Pettijohn wrote:
> > If you set up spf, dkim, and dns correctly you shouldn't have any issues.
> 
> How exactly - meaning if these are set reverse dns check is not applied by
> peers or does it mean these mechanisms deal with multiple reverse map as
> desired?
> 

Look into dns PTR records.

> -- 
> Mayuresh

Re: postfix for 2 domains on 1 vps 1 ip

[Edgar Pettijohn]

On Fri, Jan 01, 2021 at 09:18:12PM +0530, Mayuresh wrote:
> On Fri, Jan 01, 2021 at 07:15:45PM +0530, Mayuresh wrote:
> > I am faced with a requirement to merge the mail servers running on 2 VPSes
> > into 1, with a single ip address on NetBSD 9.1 amd64.
> 
> What happens with reverse DNS when one uses same ip for multiple domains
> and would it lead to some mail servers rejecting the mails of either
> domain?
> 

If you set up spf, dkim, and dns correctly you shouldn't have any issues.

Edgar

> -- 
> Mayuresh

Re: Postfix and local mail delivery - still relevant in 2020?

[edgar]

The dragonfly mailer is an improved version of femail.http://quigon.bsws.de/femail/femail-1.0.tgzOn Jun 6, 2020 2:05 PM, Sad Clouds  wrote:On Sat, 6 Jun 2020 16:57:11 - (UTC)
mlel...@serpens.de (Michael van Elst) wrote:

> cryintotheblue...@gmail.com (Sad Clouds) writes:
> 
> >I've been wondering - why have Postfix in the base system and why
> >have it enabled by default?
> 
> Simple answer, mail is used by automated tasks to deliver results
> to users.
> 

OK, but does this really require the entire Postfix infrastructure?
A small mail delivery tool would be sufficient, e.g somebody mentioned
Dragonfly mail agent.

I kind of understand that it is traditional in Unix to email daily
reports to a sysadmin. This may have been reasonable decades ago, but
in 2020 it seems a bit primitive and not very useful for even a medium
number of networked systems.

There is a lot of information that can be collected on a daily basis,
for example - cpu/memory/disk/network metrics, thermal metrics, firewall
logs and alerts, mail/web/database/backup logs/alerts, etc. Sifting
through all of that in emails does not seem very productive.

I'm thinking that Postfix and similar, are good for running mail
servers, but for system monitoring and alerting, there may be better
tools out there. If you want to keep it really simple, why bother with
SMTP and mail clients at all? Just sftp all the results to a central
location and ssh there when you want to view them. 

Re: Finding parameters of existing ext2fs partition

[Edgar Pettijohn]

On 02/23/20 19:54, Thomas Mueller wrote:

from Jason Mitchell:



Does dumpfs supply any useful info?


amelia2# dumpfs /dev/dk19
dumpfs: /dev/dk19: could not find superblock, skipped


I didn't think dumpfs would work on non-ffs/ufs filesystems.


Tom



My manual claims that -O 1 is the default at least for:

NetBSD laptop 9.0 NetBSD 9.0 (GENERIC) #0: Fri Feb 14 00:06:28 UTC 2020 
mkre...@mkrepro.netbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64


 -O filesystem-format
 Select the filesystem-format.
   0    `GOOD_OLD_REV'; this option is primarily 
used to
    build root file systems that can be 
understood by

    old or dumb firmwares for bootstrap.
   1    `DYNAMIC_REV'; the default.  Various 
extended (and

    ^
    sometimes incompatible) features are enabled
    (though not all features are supported on 
NetBSD).

    Currently only the following features are
    supported:
  RESIZE   Prepare some reserved
   structures which enable 
future

   file system resizing.
  FTYPE    Store file types in 
directory
   entries to improve 
performance.
  SPARSESUPER  Prepare superblock 
backups for
   the fsck_ext2fs(8) 
utility on

   not all but sparse block
   groups.
  LARGEFILE    Enable files larger than 2G
   bytes.

Re: sqlite3 issues

[Edgar Pettijohn]

On Feb 17, 2020 6:37 AM, Roy Marples  wrote:
>
> On 17/02/2020 02:34, Edgar Pettijohn wrote:
> > On 02/16/20 20:31, Edgar Pettijohn wrote:
> >> I'm trying to learn to use sqlite3 and I have encountered an oddity. I 
> >> don't 
> >> have another system to test on at the moment. So I'm not sure if its me, 
> >> sqlite3, or netbsd. Either way. Here are the commands give:
> >>
> >> laptop$ /usr/bin/sqlite3 test.db
> >> SQLite version 3.26.0 2018-12-01 12:34:55
> >> Enter ".help" for usage hints.
> >> sqlite> CREATE TABLE os_groups (
> >>    ...> os_group INTEGER PRIMARY KEY,
> >>    ...> os_type TEXT NOT NULL
> >>    ...> );
> >> sqlite> INSERT INTO os_groups (os_type)
> >>    ...> VALUES
> >>    ...> ('BSD'),
> >>    ...> ('LINUX'),
> >>    ...> ('other');
> >> sqlite> CREATE TABLE os (
> >>    ...> os_id INTEGER PRIMARY KEY,
> >>    ...> os_name TEXT NOT NULL,
> >>    ...> os_group INTEGER,
> >>    ...> FOREIGN KEY (os_group)
> >>    ...> REFERENCES os_groups (os_type)
> >>    ...> ON UPDATE SET NULL
> >>    ...> ON DELETE SET NULL
> >>    ...> );
> >> sqlite> INSERT INTO os (os_name, os_group)
> >>    ...> VALUES('NetBSD', 1);
> >> sqlite> INSERT INTO os (os_name, os_group)
> >>    ...> VALUES('Slackware', 2);
> >> sqlite> INSERT INTO os (os_name, os_group)
> >>    ...> VALUES('Winders', 3);
> >> sqlite> DELETE FROM os_groups WHERE os_group = 3;
> >> sqlite> SELECT * FROM os;
> >> 1
> >> 2
> >> 3
> >>
> >> I was expecting the `3
> >>
> >> The os_group should have been set to NULL.
> >>
> >> NetBSD laptop 9.0 NetBSD 9.0 (GENERIC) #0: Fri Feb 14 00:06:28 UTC 2020 
> >> mkre...@mkrepro.netbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64
> >>
> >>
> >> Thanks,
> >>
> >>
> >> Edgar
> >>
> > Not sure why but the last bit got eaten along the way.
> > 
> > sqlite> select * from os;
> > 1
> > 2
> > 3
> > 
> > I was expecting the `3
>
> Have you enabled foreign key support at the application?
> https://www.sqlite.org/foreignkeys.html
> sqlite> PRAGMA foreign_keys = ON;
>
> Roy

That may be it.

Thanks,

Edgar

Re: [*EXT*] sqlite3 issues

[Edgar Pettijohn]

On 02/16/20 20:31, Edgar Pettijohn wrote:
I'm trying to learn to use sqlite3 and I have encountered an oddity. I 
don't have another system to test on at the moment. So I'm not sure if 
its me, sqlite3, or netbsd. Either way. Here are the commands give:


laptop$ /usr/bin/sqlite3 test.db
SQLite version 3.26.0 2018-12-01 12:34:55
Enter ".help" for usage hints.
sqlite> CREATE TABLE os_groups (
   ...> os_group INTEGER PRIMARY KEY,
   ...> os_type TEXT NOT NULL
   ...> );
sqlite> INSERT INTO os_groups (os_type)
   ...> VALUES
   ...> ('BSD'),
   ...> ('LINUX'),
   ...> ('other');
sqlite> CREATE TABLE os (
   ...> os_id INTEGER PRIMARY KEY,
   ...> os_name TEXT NOT NULL,
   ...> os_group INTEGER,
   ...> FOREIGN KEY (os_group)
   ...> REFERENCES os_groups (os_type)
   ...> ON UPDATE SET NULL
   ...> ON DELETE SET NULL
   ...> );
sqlite> INSERT INTO os (os_name, os_group)
   ...> VALUES('NetBSD', 1);
sqlite> INSERT INTO os (os_name, os_group)
   ...> VALUES('Slackware', 2);
sqlite> INSERT INTO os (os_name, os_group)
   ...> VALUES('Winders', 3);
sqlite> DELETE FROM os_groups WHERE os_group = 3;
sqlite> SELECT * FROM os;
1
2
3

I was expecting the `3

The os_group should have been set to NULL.

NetBSD laptop 9.0 NetBSD 9.0 (GENERIC) #0: Fri Feb 14 00:06:28 UTC 
2020 
mkre...@mkrepro.netbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64



Thanks,


Edgar


Not sure why but the last bit got eaten along the way.

sqlite> select * from os;
1|NetBSD|1
2|Slackware|2
3|Winders|3

I was expecting the `3|Winders|3' to look like `3|Winders|'.

Thanks,

Edgar

sqlite3 issues

[Edgar Pettijohn]

I'm trying to learn to use sqlite3 and I have encountered an oddity. I 
don't have another system to test on at the moment. So I'm not sure if 
its me, sqlite3, or netbsd. Either way. Here are the commands give:


laptop$ /usr/bin/sqlite3 test.db
SQLite version 3.26.0 2018-12-01 12:34:55
Enter ".help" for usage hints.
sqlite> CREATE TABLE os_groups (
   ...> os_group INTEGER PRIMARY KEY,
   ...> os_type TEXT NOT NULL
   ...> );
sqlite> INSERT INTO os_groups (os_type)
   ...> VALUES
   ...> ('BSD'),
   ...> ('LINUX'),
   ...> ('other');
sqlite> CREATE TABLE os (
   ...> os_id INTEGER PRIMARY KEY,
   ...> os_name TEXT NOT NULL,
   ...> os_group INTEGER,
   ...> FOREIGN KEY (os_group)
   ...> REFERENCES os_groups (os_type)
   ...> ON UPDATE SET NULL
   ...> ON DELETE SET NULL
   ...> );
sqlite> INSERT INTO os (os_name, os_group)
   ...> VALUES('NetBSD', 1);
sqlite> INSERT INTO os (os_name, os_group)
   ...> VALUES('Slackware', 2);
sqlite> INSERT INTO os (os_name, os_group)
   ...> VALUES('Winders', 3);
sqlite> DELETE FROM os_groups WHERE os_group = 3;
sqlite> SELECT * FROM os;
1|NetBSD|1
2|Slackware|2
3|Winders|3

I was expecting the `3|Winders|3' line to look something like `3|Winders|'

The os_group should have been set to NULL.

NetBSD laptop 9.0 NetBSD 9.0 (GENERIC) #0: Fri Feb 14 00:06:28 UTC 2020 
mkre...@mkrepro.netbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64



Thanks,


Edgar

Re: Upgrading to current by compiling leads to failed boot

[Edgar Pettijohn]

On 2019-12-07 15:38, Carolyn "Lynn" Knight-Serrano wrote:

Howdy! I'm trying to upgrade a NetBSD-9.0_RC1 install to current but I'm having 
a strange issue. I followed the documentation for compiling and upgrading 
netbsd to current exactly but when I try to boot, the bootloader says /netbsd 
and all the sets can't be found.
-/-\-/-\-/-

Carolyn "Lynn" Knight-Serrano [xe/xem/xyr/xemself]

PGP Fingerprint: 0xf02b733b4382e451c8c2fff550858748146544cb

Fediverse: @gigavinyl@catgirl.science



Which documentation? There unfortunantly is stuff spread everywhere. I 
personally would recommend downloading the install kernel and put the 
sets on a usb stick, and use sysinst to upgrade. It is much more user 
friendly, plus it doesn't take near as long.


Good luck.


Edgar

Re: Non-blocking socket bug

[Edgar Pettijohn]

On Sat, Oct 26, 2019 at 09:42:47PM +0100, Sad Clouds wrote:
> On Sat, 26 Oct 2019 15:20:42 -0500
> Edgar Pettijohn  wrote:
> 
> > 
> > On Oct 26, 2019 2:44 PM, Sad Clouds 
> > wrote:
> > >
> > > I've come across an issue when testing networking code, which looks
> > > like a bug. This is on NetBSD-8.1
> > >
> > > When a listening socket is set non-blocking and we call accept() on
> > > that socket, the new socket returned by accept() will also be
> > > non-blocking.
> > >
> > > I think this is a bug. I thought all new sockets/file descriptors
> > > would be non-blocking by default. I've attached a test program to
> > > demonstrate the issue.
> > 
> > That is how the manual describes it to be.
> 
> Can you be more specific please, which manual and which case does it
> describe, accept() returning blocking or non-blocking socket?
> 
> I'm not sure at this stage if this is a bug or BSD specific feature.

http://man.openbsd.org/NetBSD-8.1/accept

The accept() argument extracts the first connection request on the queue of 
pending connections, creates a new socket with the same properties of s and 
allocates a new file descriptor for the socket.

Same properties being the key concept here I believe.

Edgar

Re: Non-blocking socket bug

[Edgar Pettijohn]

On Oct 26, 2019 2:44 PM, Sad Clouds  wrote:
>
> I've come across an issue when testing networking code, which looks
> like a bug. This is on NetBSD-8.1
>
> When a listening socket is set non-blocking and we call accept() on
> that socket, the new socket returned by accept() will also be
> non-blocking.
>
> I think this is a bug. I thought all new sockets/file descriptors would
> be non-blocking by default. I've attached a test program to demonstrate
> the issue.

That is how the manual describes it to be.

>
> On Linux:
> $ ./a.out
> Create server thread
> Create client thread
> Accept connection, fd=5, addr=127.0.0.1, port=47746
> Connected socket is blocking
>
> On NetBSD:
> $ ./a.out
> Create server thread
> Create client thread
> Accept connection, fd=5, addr=127.0.0.1, port=65534
> Connected socket is non-blocking
>
> Any ideas or comments?
>
> Thanks. 

Re: Write an install image to a flash drive?

[Edgar Pettijohn]

On Aug 26, 2019 8:59 AM, Jason Mitchell  wrote:
>
> On Aug 25, 2019, at 8:26 AM, Rhialto  wrote:
>
> >>  | I _can't imagine_ how many stupid things I just did, but could 
> >>  | someone please tell me how to get that install image onto the 
> >>  | flash drive in a form that will boot?
> >> 
> >> You cannot.  "That" image is in ISO format, which have a booting
> >> method unique in the universe.  You need an image set up for booting
> >> from a memory stick, which is much more similar to a regular drive
> >> than a CD (ISO format).
> > 
> > *Some* BIOSes allow booting USB sticks even if they contain ISO images.
> > I'm certain I've done it a few times with Ubuntu images. But last time I
> > tried it with a NetBSD ISO image, it failed. (But I'm not sure if I
> > actually tried it on the same computer for instance, or if maybe the
> > Ubuntu images contain something special to make this possible).
> > 

I believe it has something to do with the SYSLINUX that makes it possible.

https://en.m.wikipedia.org/wiki/SYSLINUX

> > -Olaf.
> > -- 
> > Olaf 'Rhialto' Seibert -- rhialto at falu dot nl
> > ___  Anyone who is capable of getting themselves made President should on
> > \X/  no account be allowed to do the job.   --Douglas Adams, "THGTTG"
>
> Are you talking about an .iso image on a FAT filesystem or what programs like 
> Rufus (Windows) or Etcher (MacOS) do, which is taking an iso image and 
> writing it to a USB drive. I always assumed that there was some conversion 
> involved, but I could be wrong. Rufus also talks about “hybrid” iso images 
> which have a partition table, apparently.

Re: Write an install image to a flash drive?

[Edgar Pettijohn]

Just install the system to the flash drive instead of the hard drive.
On Aug 25, 2019 3:54 PM, Bob Bernstein  wrote:
>
> Thanks for your reflections on USB sticks and booting therefrom!
>
> I know I am going to do more experiments with them. I bought two 
> 64 gig sticks, one of which I used to upgrade my 'current' 
> NetBSD machine, but the other is still in its package. Not sure 
> what I will do with it.
>
> I would like to have a USB stick that would boot up to a running 
> Netbsd system that is presenting me with a login prompt, rather 
> than defaulting to the sysinst interface with which the 
> install.img presents one.
>
> I'm certain this is child's play for the wizards around here, 
> and I use that term only with immense respect, because the 
> incredible level of expertise shown by many on this list is only 
> ever gained by work, work, work, and work, followed by more um 
> WORK! 
>
> Thank you -- a bit wordy here this afternoon (in New England).
>
> -- 
> Poobah

Re: Zfs on NetBSD

[Edgar Pettijohn]

Haven't used it myself, but there is probably a module you need to load first.

Edgar
On Jul 26, 2019 1:55 PM, Ron Georgia  wrote:
>
> All,
> I am trying to setup (i.e. learn about) zfs. I see /sbin/zfs; however, when I 
> issue a zfs command I get the following error. I can’t find much info on 
> setting up ZFS on NetBSD. Any links or pointers would be helpful.
>
> $ zfs status
> internal error: failed to initialize ZFS library
>
> Even though I am running current, I thought the users mailing list might be 
> best.
>
> $ uname -a
> NetBSD clement.ronverbs.dev 8.99.51 NetBSD 8.99.51 (GENERIC) #0: Sun Jul 21 
> 21:07:12 UTC 2019  
> mkre...@mkrepro.netbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>
> Ron Georgia
> “90% of my problems are due to ignorance, the other 10% is because I just 
> don’t know any better.”
>
>
>
>

Re: gpg2 with mutt

[Edgar Pettijohn]

On Mar 9, 2019 4:14 PM, Bob Bernstein  wrote:
>
> I am running afould the cursed "Can't open PGP subprocess!: No such 
> file or directory (errno = 2)" message trying to sign a message in 
> mutt. 
>
> Are the gpg2 executables not being found because they are in our 
> /usr/pkg directory tree?
>
> I use the plural above because mutt responds with the same error 
> message if I place 
>
> set pgp_use_gpg_agent = yes
>
> in my .muttrc.
>
> All best,
>
> -- 
> Bob Bernstein
>
>
I don't know but you could easily test your hypothesis with a symlink or 
putting /usr/pkg in your $PATH if it isn't already.

Edgar

Re: Raspberry Pi as bridge

[Edgar Pettijohn]

On Jan 22, 2019 1:49 PM, Greg Troxel  wrote:
>
> Jörn Clausen  writes:
>
> > I am trying to use a Raspberry Pi running
> >
> > NetBSD armv7 8.99.30 NetBSD 8.99.30 (RPI2)
> >
> > as a bridge to extend my WiFi net to some devices. I have two NICs,
> > usmsc0 (internal RJ45) and urtwn0 (WiFi USB). urtwn0 is up and running
> > and works as desired. I have followed the bridge instructions in the
> > NetBSD guides, i.e.
> >
> > $ cat /etc/ifconfig.bridge0
> > create
> > !brconfig $int add urtwn0 add usmsc0 up
>
> That is probably ok, but note that the interfaces each have to be up,
> and generally you would have one configured with an address and one not.
> I have done this on a box with two wired ethernets.  It generally works,
> but there is some wierdness with ND6 in terms of getting replies on the
> secondary (no-addr) interface with the mac addr of the primary
> interface.
>
> You didn't mention what you are doing about urtwn0 and config.   If you
> are using it in hostap mode and using a different ssid, then that sounds
> plausible.  I am unclear on what happens if the same ssid.
>
> > tcpdump on either interface shows that broadcast packages are passed
> > between interfaces, but nothing else. A DHCP request coming in via
> > usmsc0 from a device is visible on urtwn0 but is not passed on to my
> > DHCP server.
>
> Defintely run 'brconfig bridge0' and look at the output.  In particular
> you should see an "address cache" section, showing which mac addrs have
> been learned as on each side.
>
> To support bridging, an interface has to do PROMISC mode in hardware, so
> that incoming packets with not-us unicast mac addresses are received.
> The cache will help in understanding how that is working.
>
> > I have
> >
> > net.inet.ip.forwarding = 1
> >
> > and because it sounded helpful also
> >
> > net.inet.ip.subnetsarelocal = 0
> >
> > but no change.
>
> Your box is not intending to do ip forwarding.  So that's irrelevant,
> and I would undo that setting, not because it's harmful, but because
> it's non-standard and not helpful, and simpler is better.
>
> > Any ideas? Is the Raspi kernel missing something that makes it
> > unusable as a bridge?
>
> If 'brconfig bridge0' looks ok, it has "pseudo-device bridge".
>
>
> Feel free to send me 'ifconfig' and 'brconfig bridge0' offlist (as
> unwrapped text/plain :-).

You may want to look into dhcrelay(8). 

Re: postfix alternatives on NetBSD / pkgsrc

[Edgar Pettijohn]

On Jan 18, 2019 8:16 AM, Mayuresh  wrote:
>
> On Fri, Jan 18, 2019 at 08:03:41AM -0600, Edgar Pettijohn wrote:
> > > 554 5.7.1
> > 
> > Seems like 550 would be a better error code for this situation.
>
> I was trying to set that (as I noticed gmail didn't complain for a mail
> that was bounced "normally" - such as non existent id).
>
> But struggling to find out an example of how to do it - how do I relate my
> reject point with a certain reject code?
>
> Mayuresh

The only way I know is through an access(5) map. But I'm not sure if it can be 
done with this specific use case. 

Edgar

Re: postfix alternatives on NetBSD / pkgsrc

[Edgar Pettijohn]

On Jan 18, 2019 7:41 AM, Mayuresh  wrote:
>
> On Fri, Jan 18, 2019 at 06:45:06AM -0600, Edgar Pettijohn wrote:
> > I think you should post the logs from your postfix test with Gmail
> > issue. I bet someone here knows an option to correct it.
>
> Not much I can see. I think it has more to do with the error code
> interpretation by gmail. For other rejects such as mails directed to non
> existent users gmail doesn't call the server as misconfigured.
>
> Jan 18 09:21:15 localhost postfix/smtpd[28050]: connect from 
> mail-lj1-f177.google.com[209.85.208.177]
> Jan 18 09:21:15 localhost postfix/smtpd[28050]: NOQUEUE: reject: RCPT from 
> mail-lj1-f177.google.com[209.85.208.177]: 554 5.7.1 : 
> Recipient address rejected: Access denied; from= 
> to= proto=ESMTP helo=
> Jan 18 09:21:16 localhost postfix/smtpd[28050]: disconnect from 
> mail-lj1-f177.google.com[209.85.208.177] ehlo=1 mail=1 rcpt=0/1 data=0/1 
> quit=1 commands=3/5
>
>
> Gmail bounced to y...@gmail.com says:
>
>
> Message not delivered Your message couldn't be delivered to
> x...@myhost.com because the remote server is misconfigured. See technical
> details below for more information. 
>
> The response from the remote server was:
>
> 554 5.7.1

Seems like 550 would be a better error code for this situation.

 : Recipient address rejected: Access denied 
>
> I have also posted my postfix conf in previous mail.
>
> Mayuresh

Re: postfix alternatives on NetBSD / pkgsrc

[Edgar Pettijohn]

On Jan 18, 2019 2:08 AM, Mayuresh  wrote:
>
> On Fri, Jan 18, 2019 at 07:50:52AM +0100, Niels Dettenbach (Syndicat IT & 
> Internet) wrote:
> > We use EXIM since decades now from small satellite mailer setups to very 
> > large ISP setups after migrated from sendmail and postfix as they brought 
> > our hardware down in performance with heavy mail loads.
> > 
> > EXIM is very (!) efficient - especially when build from sources the 
> > "official" way (what is provided by pkgsrc by build options). This means 
> > you just compile fucntionality / code into the binary what you really need.
>
>
> Thanks a lot - a first hand account really helps.
>
> In general searches on comparison between the two, most often claim
> postfix to have better performance than exim (some qualify the statement
> saying "for large queues" - which does not bother me for my use case, but
> in your case you have seen it scaling well as well).
>
> > The security footprint is very good.
> > 
> > The config is very flexible but of consistent syntax (developed my a 
> > mathematican - Phillip Hazel) - for me much more transparent then on 
> > postfix. There are many of good examples and howtos out there which provide 
> > single config files you could easily adapt and use. But you can split 
> > config files too if you prefer that.
>
> By profession I am a in programming languages researchers and have created
> many DSLs in my career. I can say in light of whatever little experience
> of inventing notations I have, postfix notation does not really sound
> intuitive, particularly when the problem domain does not require it to be
> that complex. I'll definitely give exim a try on this aspect.
>
> Mayuresh


I prefer opensmtpd. Unfortunately the pkgsrc version is quite old. I like the 
config it's quite simple. I also like postfix. The only problem with postfix is 
the overwhelming number of options to research. I think you should post the 
logs from your postfix test with Gmail issue. I bet someone here knows an 
option to correct it.

Edgar

Re: libstdc++.so.7 is missing

[edgar]

On Fri, Jan 18, 2019 at 09:26:48AM +1100, Simon Burge wrote:
> Edgar Pettijohn wrote:
> 
> >  On Jan 17, 2019 7:35 AM, Pedro Pinho  wrote:
> >  >
> >  > While we are at it... is there a pkgin command to remove every installed 
> > package?
> >
> >  I don't think so. I do it like so:
> >
> >  pkg_info | awk '{print $1}' > pkgs.txt
> >
> >  remove pkgin from the list
> >
> >  while read -r pkg; do
> >  pkgin remove $pkg
> >  done < pkgs.txt
> >
> >  forgive errors. I'm writing from memory on my phone.
> 
> Do you need to use pkgin (which I've never used) or can you use

No.

> pkg_delete?  This will remove all installed packages:
> 
>   pkg_delete -r '*'

I didn't realize that it could take a glob. Definantly easier.

Edgar
> 
> Cheers,
> Simon.

Re: libstdc++.so.7 is missing

[Edgar Pettijohn]

On Jan 17, 2019 7:35 AM, Pedro Pinho  wrote:
>
> Nope, this was/is 8.0 from the start.
> I've done a full upgrade from Q3 to Q4 that's all. I know I shouldn't mix quaternary releases.
> Please, have a look at http://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/amd64/8.0/All/ and you will see that packages are missing, firefox was an example.
>
> While we are at it... is there a pkgin command to remove every installed package? 
I don't think so. I do it like so:
pkg_info | awk '{print $1}' > pkgs.txt
remove pkgin from the list
while read -r pkg; do
pkgin remove $pkg
done < pkgs.txt
forgive errors. I'm writing from memory on my phone.
It's been awhile since I've done this so can't make any guarantee.
Edgar
I have a feeling this may be needed if I would need to go back to the Q3 release.
> Although, I would prefer if Q4 would work as I would like to use Midori as main browser. After all, I've requested it on WIP a month or so ago.
>
> Den 17 jan. 2019 14:24 skrev "Greg Troxel" :
>>
>> What version of NetBSD are you running?  If 7, you will almost certainly
>> be better off upgrading to 8.
>>
>> Generally, all packages need to be from a consistent build.   If you
>> have seme from one branch and some from another, that can be trouble.
>> But, your problem sounds like upgrading from netbsd-7 to netbsd-8 and
>> having some packages from netbsd-7.   Or maybe all; did you change your
>> pkgin repo line?
>>
>>
>>
>

Re: Mailing list manager on NetBSD

[Edgar Pettijohn]

On Jan 10, 2019 10:16 PM, Brett Lymn  wrote:
>
> On Thu, Jan 10, 2019 at 07:07:02PM -0600, ed...@pettijohn-web.com wrote:
> > 
> > Take a look at fdm. It can be used to fetch from imap/pop and deliver
> > locally or take messages from stdin and deliver them. The config allows
> > for piping through and executing external commands. Its syntax is
> > similar to pf.
> > 
>
> Sorry, not for me, as you say, fdm wants to talk to pop/imap.  The
> situation where I use procmail I am using it in my .forward so the
> filtering happens when the mail is delivered.

You should check out the MANUAL for fdm on GitHub. There is a section for using 
it from a .forward file. 

>
> I wonder how hard it would be to fix the issues found by the fuzzers.
> To my mind, just because the code base is old doesn't mean it needs to be
> thrown out.  Escpecially when nothing else covers the same
> functionality.
>
> -- 
> Brett Lymn
> "We are were wolves",
> "You mean werewolves?",
> "No we were wolves, now we are something else entirely",
> "Oh"

I'm a big fdm advocate. It can do a lot. It all comes down to personal 
preference though.

Edgar

Re: Mailing list manager on NetBSD

[edgar]

On Fri, Jan 11, 2019 at 10:29:04AM +1030, Brett Lymn wrote:
> On Wed, Jan 09, 2019 at 10:16:22PM -0600, ed...@pettijohn-web.com wrote:
> > 
> > The last maintainer of procmail says not to use it. Thats reason enough
> > for me not to.
> > 
> > https://marc.info/?l=openbsd-ports=141634350915839=2
> > 
> 
> Oh, wonderful.  A quick search shows that the most likely replacement is
> maildrop but that does not easily do some things that procmail will do
> (e.g. pipe mail to a script which I can see people would consider
> dangerous but damn convenient when processing automated messages)
> 
> -- 
> Brett Lymn
> "We are were wolves",
> "You mean werewolves?",
> "No we were wolves, now we are something else entirely",
> "Oh"

Take a look at fdm. It can be used to fetch from imap/pop and deliver
locally or take messages from stdin and deliver them. The config allows
for piping through and executing external commands. Its syntax is
similar to pf.

Edgar

sending patches

[edgar]

Hello,

To which list do people generally send patches for adding features, etc.
I am aware of the send-pr(1), but that seems more bug related.

Thanks,

Edgar

Re: rmt(8)

[Edgar Pettijohn]

On Jan 10, 2019 4:13 AM, Chavdar Ivanov  wrote:
>
> Historically the remote tape path:
>
> % grep '/etc/rmt' /usr/src/sbin/dump/pathnames.h
> #define   _PATH_RMT   "/etc/rmt"
>

Cool. I kinda guessed it was historical.

Thanks,

Edgar
> On Thu, 10 Jan 2019 at 03:22,  wrote:
> >
> > Hello list,
> >
> > I'm just curious why there is a link to /usr/sbin/rmt in /etc?
> >
> > deathstar$ ls -l /etc | grep rmt
> > lrwxr-xr-x   1 root  wheel  13 Jul 17 09:59 rmt -> /usr/sbin/rmt
> >
> > edgar
>
>
>
> -- 
> 

Re: Mailing list manager on NetBSD

[edgar]

On Thu, Jan 10, 2019 at 09:33:09AM +0530, Mayuresh wrote:
> On Wed, Jan 09, 2019 at 09:34:16PM -0600, ed...@pettijohn-web.com wrote:
> > man aliases
> > 
> > list-name:include:/path/to/file/with/aliases
> > 
> > look into allow_mail_to_commands and allow_mail_to_files for postfix
> > so that you can also pipe it to a script that saves it in some db.
> 
> Thanks. It seems more economical to do it postfix level. Just that
> procmail spec can be written without postfix/root privileges giving some
> comfort on that aspect.
> 
> Would there be some downsides of doing it with procmail - besides cpu
> cycles?
> 
> Mayuresh

The last maintainer of procmail says not to use it. Thats reason enough
for me not to.

https://marc.info/?l=openbsd-ports=141634350915839=2

Edgar

Re: Mailing list manager on NetBSD

[edgar]

On Thu, Jan 10, 2019 at 08:51:38AM +0530, Mayuresh wrote:
> On Tue, Jan 08, 2019 at 09:45:16PM +0530, Mayuresh wrote:
> > I am looking to set up a mailing list manager on a NetBSD server.
> > 
> > The member count is more or less fixed between 300 to 350 and isn't going
> > to grow beyond.
> > 
> > The email archive should be browsable and searchable through a web
> > interface. ("searchable" is less critical of the two requirements as even
> > google search can be used to search through the archive.)
> > 
> > I need the email storage to be in text format so as to be able to write
> > tools of my own, on the server, to analyze the emails (say to grep
> > patterns or even to do NLP).
> 
> After going through the nuances of some available solutions, I wonder:
> 
> - Do I really need a specialized mail manager software or can I just use
>   .forward (or procmail) to bounce the mails to registered members?

man aliases

list-name:include:/path/to/file/with/aliases

look into allow_mail_to_commands and allow_mail_to_files for postfix
so that you can also pipe it to a script that saves it in some db.
> 
> - I do not need automated subscribe / unsubscribe, this being for a closed
>   group of size not exceeding 300/350. Manual registration, with very
>   occasional changes is fine.
> 
> - I need "member-only" restriction for posting to the list email id, which
>   I think procmail can manage.

I don't use postfix but I'm sure there is a way to restrict this with
some sort of access map.

Edgar
> 
> - I do need a web archiver with thread view etc. (and ability to write
>   text pattern searches of my own on the mail texts), for which there
>   might be alternatives that do just that - archiving. (E.g. HyperKitty
>   which mailman uses, which can be used standalone also.)
> 
> Would appreciate views on whether I am missing something, if I do not use
> a proper mailing list software for above requirement.
> 
> Mayuresh
> 
> 

rmt(8)

[edgar]

Hello list,

I'm just curious why there is a link to /usr/sbin/rmt in /etc?

deathstar$ ls -l /etc | grep rmt
lrwxr-xr-x   1 root  wheel  13 Jul 17 09:59 rmt -> /usr/sbin/rmt

edgar

Re: Mailing list manager on NetBSD

[Edgar Pettijohn]

On Jan 8, 2019 7:49 PM, Mayuresh  wrote:
>
> On Tue, Jan 08, 2019 at 11:21:30AM -0600, Edgar Pettijohn wrote:
> > > Lastly it needs to be available in pkgsrc.
> > >
> > 
> > I'm not sure if it is in pkgsrc but mlmmj is nice.
>
> Thanks. Seems to be a successor of ezmlm. But looks like it is not
> constrained to work with qmail like ezmlm.
>
> Seems to be in pkgsrc-wip. For a production use I'd tend to have a little
> bias towards pkgsrc.
>
> Still, are there things with mlmmj that you can mention as specific likes?
> I'd even look at slimness and compact resource footprint as pluses.
>
> Mayuresh

It's just super simple. Sometimes less is more :)

Edgar

Re: Mailing list manager on NetBSD

[Edgar Pettijohn]

On Jan 8, 2019 10:15 AM, Mayuresh  wrote:
>
> I am looking to set up a mailing list manager on a NetBSD server.
>
> The member count is more or less fixed between 300 to 350 and isn't going
> to grow beyond.
>
> The email archive should be browsable and searchable through a web
> interface. ("searchable" is less critical of the two requirements as even
> google search can be used to search through the archive.)
>
> I need the email storage to be in text format so as to be able to write
> tools of my own, on the server, to analyze the emails (say to grep
> patterns or even to do NLP).
>
> Lastly it needs to be available in pkgsrc.
>

I'm not sure if it is in pkgsrc but mlmmj is nice.

http://mlmmj.org

> I first looked up majordomo as that's the one NetBSD mailing lists use.
> But looks like it is not an active project, with last release being in
> 2000.
>
> Saw mailman and sympa to be talked about more and there is a nice
> comparison here[1].
>
> Would appreciate inputs on this.
>
> An OT question: Does NetBSD mailing list prefer majordomo or it's a legacy
> with no specific reason to change (or are there thoughts about changing
> it?)
>
>
> Mayuresh
>
> [1] https://www.sympa.org/documentation/mailmanvssympa.html

message board recommendations

[edgar]

Can anyone recommend a good* message board to use? I would prefer perl, but
I'm not opposed to other languages. I didn't find anything with pkgin search 
so if there is already something packaged then please let me know.

*It doesn't have to have all the bells and whistles. Just as long as its easy
to install and maintain. Or I should say relatively easy. I Have already looked
at YaBB, which I think will meet my needs. Unfortunantly the installation may
prove faulty. The file permissions listed in their docs don't work. I had to 
revert to the ole chmod -R 777 to get it working. Don't think I want to spend
the time finding the least permissions per file.

Thanks in advance,

Edgar

Re: git https issue

[edgar]

On Aug 19, 2018 2:06 PM, matthew sporleder  wrote:
>
> On Sun, Aug 19, 2018 at 4:26 AM, Riccardo Mottola
>  wrote:
> > Hi,
> >
> >
> > On 19/08/2018 02:26, Matt Sporleder wrote:
> >>
> >>
> >> Can you do curl -vvv to GitHub?
> >
> >
> > hmm, if you mean just to the homepage like below, we have an issue :(
> >
> > narsil$ curl -vvv https://github.com/
> > *   Trying 192.30.253.113...
> > * TCP_NODELAY set
> > * Connected to github.com (192.30.253.113) port 443 (#0)
> > * ALPN, offering http/1.1
> > * Cipher selection:
> > ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
> > * successfully set certificate verify locations:
> >   CAfile: none
> >   CApath: /etc/openssl/certs
> > * TLSv1.2 (OUT), TLS header, Certificate Status (22):
> > * TLSv1.2 (OUT), TLS handshake, Client hello (1):
> > * TLSv1.2 (IN), TLS handshake, Server hello (2):
> > * TLSv1.2 (IN), TLS handshake, Certificate (11):
> > * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
> > * TLSv1.2 (IN), TLS handshake, Server finished (14):
> > * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
> > * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
> > [1]   Illegal instruction (core dumped) curl -vvv https://github.com/
> >
> > gdb tells me:
> > * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
> >
> > Thread 1 received signal SIGILL, Illegal instruction.
> > 0xb66f3d50 in gcm_ghash_4bit_mmx () from /usr/lib/libcrypto.so.12
> >
> >
> > (gdb) bt
> > #0  0xb66f3d50 in gcm_ghash_4bit_mmx () from /usr/lib/libcrypto.so.12
> > #1  0x in ?? ()
> >
> > very nice :)
> >
> > now I don't remember if this CPU has MMX or not...
> > cpu0 at mainbus0
> > cpu0: Intel 586-class, 232MHz, id 0x581
> > cpu0: package 0, core 0, smt 0
> >
> > It should though, according to: https://www.thinkwiki.org/wiki/Category:600
> >
> >
> > Riccardo
>
> Looks like you found the issue.

There was a thread on tech I believe talking about something very similar not 
too long ago. Might be worth looking through the archives. 

Re: Booting netbsd-8 fails

[edgar]

You probably just need to build the modules and install them.

Or you can build your kernel with npf included.

Edgar
On Jul 23, 2018 9:39 AM, Gua Chung Lim  wrote:
>
> Thanks for your very kind responses,
>
> * Martin Husemann (mar...@duskware.de) wrote:
> >> But where shall I extract these modules?
> >> You said /, but aren't module sets in /stand/ARCH/X.Y/modules/?
> > 
> > Yes, just extract it in / too - the modules in there have the proper path
> > and will extract to stand/...
> Noted and thanks.
> But I really want to fix it from source.
> That is one of all the reasons I love NetBSD.
>
> * ed...@pettijohn-web.com (ed...@pettijohn-web.com) wrote:
> > I'm pretty sure I've had the same happen before and it was because I had 
> > forgotten to build new modules also. Might be worth a try to just not load 
> > the npf modules. If it boots that's it.
> Thanks for shining light. :-)
> I have resurrected it from crash.
> I boot from dvd and mount /dev/wd0a then edit /boot.cfg .
> Then I remove these three lines.
>
> load=npf
> load=npf_ext_log
> load=npf_ext_normalize
>
> That's it. It boots.
>
> But how can I re-enable NPF in NetBSD 8?
>
> Thank you,
>
> -- 
> Gua Chung Lim
>
> "UNIX is basically a simple operating system,
> but you have to be a genius to understand the simplicity."
> -- Dennis M. Ritchie

Re: Booting netbsd-8 fails

[edgar]

I'm pretty sure I've had the same happen before and it was because I had 
forgotten to build new modules also. Might be worth a try to just not load the 
npf modules. If it boots that's it.

Edgar
On Jul 22, 2018 6:00 AM, Martin Husemann  wrote:
>
> On Sun, Jul 22, 2018 at 05:55:30PM +0700, Gua Chung Lim wrote:
> > * Martin Husemann (mar...@duskware.de) wrote:
> > > Can you please try with a kernel from the official build?
> > > Since you had (unclear) local build issues, this would rule out any
> > > local issues (and also allow us to map the crash address better).
> > Does this mean I have to reinstall the new OS from binary and everything in 
> > pkgsrc, once again?
>
> No, just extracting the kernel and module sets in / would be good enough.
>
> Martin

Re: sshguard fails to start

[edgar]

On May 21, 2018 11:50 AM, Mayuresh  wrote:
>
> # /etc/rc.d/sshguard start
> Starting sshguard.
>
> # /etc/rc.d/sshguard status
> sshguard is not running.
>
> # /etc/rc.d/sshguard rcvar 
> # sshguard
> $sshguard=YES
>
> What is up with sshguard here, unable to start and no log or message that
> gives any clue.
>
> On 8.0_RC1 amd64. sshguard-1.5nb1 built with default option: ipfilter.
>
> Mayuresh

Personally I prefer pf with max-src-conn and a blacklist table. 0 dependencies 
and works quite well.

Re: npf woes

[Edgar Pettijohn]

On Sun, May 13, 2018 at 09:33:43AM -0500, Edgar Pettijohn wrote:
> On Sun, May 13, 2018 at 09:18:18PM +0700, Gua Chung Lim wrote:
> > * Edgar Pettijohn (ed...@pettijohn-web.com) wrote:
> > > Looks like I may need to load some modules. 
> > 
> > # modload npf
> > # cd /dev
> > # sh MAKEDEV npf
> > # modload npf_ext_log
> > # modload npf_ext_normalize
> > # ifconfig npflog0 create
> > # npfctl reload
> > # npfctl start
> > 
> > Append the followings to /boot.cfg.
> > load=npf
> > load=npf_ext_log
> > load=npf_ext_normalize
> > 
> > -- 
> > Gua Chung Lim
> >  
> > "UNIX is basically a simple operating system,
> > but you have to be a genius to understand the simplicity."
> > -- Dennis M. Ritchie
> 
> Thanks, unfortunantly my modules got out of sink with the rest
> of the system.  I'm rebuilding now.

That seems to have done it. However, I can't get my npflog0 to be
created on boot.  My /etc/ifconfig.npflog0 contains the single line
`create'. After booting I am able to create it and restart npfd without 
issue.

Thanks

Re: npf woes

[Edgar Pettijohn]

On Sun, May 13, 2018 at 09:18:18PM +0700, Gua Chung Lim wrote:
> * Edgar Pettijohn (ed...@pettijohn-web.com) wrote:
> > Looks like I may need to load some modules. 
> 
> # modload npf
> # cd /dev
> # sh MAKEDEV npf
> # modload npf_ext_log
> # modload npf_ext_normalize
> # ifconfig npflog0 create
> # npfctl reload
> # npfctl start
> 
> Append the followings to /boot.cfg.
> load=npf
> load=npf_ext_log
> load=npf_ext_normalize
> 
> -- 
> Gua Chung Lim
>  
> "UNIX is basically a simple operating system,
> but you have to be a genius to understand the simplicity."
> -- Dennis M. Ritchie

Thanks, unfortunantly my modules got out of sink with the rest
of the system.  I'm rebuilding now.

Re: npf woes

[Edgar Pettijohn]

Looks like I may need to load some modules. 

npf woes

[Edgar Pettijohn]

I'm attempting to test npf, but can't get it started. I am getting the 
following:

laptop$ sudo service npf start
Enabling NPF.
npfctl: cannot open '/dev/npf': Device not configured
npfctl: cannot open '/dev/npf': Device not configured
laptop$ ls -l /dev | grep npf
crw---  1 root   wheel 198,   0 May 19 05:17 npf
laptop$ sudo service npfd start
Starting npfd.
npfd: cannot open '/dev/npf': Device not configured

With a simple config:

laptop$ cat /etc/npf.conf
$ext_if = { inet4(iwn0) }

alg "icmp"

procedure "log" {
log: npflog0
}

group "external" on $ext_if {
pass stateful out final all
}

group default {
pass final all
block all apply "log"
}

Have I missed a preliminary step?

Thanks,

Edgar

Re: edgerouter lite

[Edgar Pettijohn]

On Mon, May 07, 2018 at 09:19:23PM +, m...@netbsd.org wrote:
> On Mon, May 07, 2018 at 06:51:42AM -0500, ed...@pettijohn-web.com wrote:
> > Appreciate your response. I feel confident I can install. More curious 
> > about what isn't supported yet. Such as multiple processors, altq, and the 
> > like.
> 
> yeah, SMP is what isn't working. I don't know what makes it eventually
> panic, though it does make it to multiuser in -current.
> Modules also won't work, you will need everything as a builtin.
> 
> MIPS has* fixed size instructions, so 64bit instructions are very big,
> and so it runs a 32bit userland that only runs on 64bit CPUs, kinda like
> the amd64 x32 ABI.
> 
> Most architectures don't have as good a reason to do it, so MIPS is the
> 'official 32bit compat tester'. Most bugs of missing features were
> actually missing 32bit compat. I suspect we forgot to backport some
> things.
> 
> I have an ERLITE, but I don't use it as a router, so I can't tell you
> how well it does. MIPS is just my favourite architecture.
> Other netbsd people do use it as a router though.
> 
> * They now made a variant which isn't like this

I'm currently using OpenBSD on a soekris with no problems. So I doubt I 
really need SMP for my home network, but I really want to give NPF a 
solid shot. 

Re: Synaptics trackpad

[Edgar Pettijohn]

On Mon, May 07, 2018 at 05:27:53PM -0400, C?g wrote:
> The version of xf86-input-synaptics in wip is 1.2.1; it cannot be
> compiled because of LocalDevicePtr errors ('unknown type name'); now
> the latest version is 1.9.0, and it can't be compiled because it can't
> find sys/mouse.h. What is sys/mouse.h? A quick search reveals that it
> exists on QNX and FreeBSD, but then how can the driver be compiled on
> other platforms? There was a similar discussion from 2015[0], but it
> gives more questions than answers.
> 
> Synaptics can work with the generic, xf86-input-mouse, driver. But the
> behavior is far from desirable: taps are recognized as clicks and there
> is no way to disable it, there's no scrolling (side/two-finger, natural,
> circular).
> 
> There is a new driver, libinput, but it doesn't exist in pkgsrc.
> 
> What are the options left? People who use NetBSD on their laptops, how
> do you configure your trackpad? Those with Synaptics, do you have the
> same issues? Does scrolling work for anybody? I noticed that trackpad
> experience is different for everybody.
> 
> Thanks in advance
> 
> [0]: https://mail-index.netbsd.org/pkgsrc-users/2015/02/22/msg021075.html
> 
> -- 
> ca?c
> 

I use the following in xorg.conf. It makes it bearable. I can use the center 
button and then finger scroll on my ThinkPad. It would be great to use the 
2-finger scroll though.

Section "InputDevice"
Identifier  "Mouse0"
Driver  "mouse"
Option  "Protocol" "wsmouse"
Option  "Device" "/dev/wsmouse"
Option  "ZAxisMapping" "4 5 6 7"
Option  "EmulateWheel" "true"
Option  "EmulateWheelButton" "2"
Option  "XAxisMapping" "6 7"
Option  "YAxisMapping" "4 5"
EndSection

Re: edgerouter lite

[edgar]

On May 6, 2018 11:48 PM, m...@netbsd.org wrote:
>
> On Mon, May 07, 2018 at 04:46:41AM +, m...@netbsd.org wrote:
> > Attach console cable and ethernet cable.
> > On host, configure it to a known IP, e.g. I use
> > ifconfig re0 192.168.0.1
> > enable tftp via uncommenting the /etc/inetd.conf entry and restarting
> > inetd.
> > in /tftpboot, place ERLITE INSTALL kernel.
> > e.g. /tftpboot/erlite-install
> > 
> > cu -s 115200 -l /dev/ttyU0
> > 
> > On u-boot console (not in linux):
> > set serverip 192.168.0.1
> > set ipaddr 192.168.0.5
> > tftp $loadaddr erlite-install
> > bootoctlinux
> > 
> > netbsd should boot fine. ignore the installer.
> > In the msdos filesystem, replace vmlinux.64 with a netbsd ERLITE kernel
> > (not INSTALL).
> > replace the ext4 filesystem with a better root filesysttem for
> > netbsd,like FFSv2.
> > 
> > Configure networking to fetch the sets from the host. Use mips64eb sets.
> > ifconfig cnmac0 192.168.0.5
> > route add default 192.168.0.1
> > 
> > scp myhostusername@192.168.0.1:/path/to/sets/*.tgz .
> > cd /
> cd /targetroot
> > for i in *.tgz; do tar xzpf $i; done
> cd /targetroot/dev
> sh MAKEDEV all
> echo "rc_configured=YES" >> /targetroot/etc/rc.conf
> Adjust /etc/fstab
>
> > 
> > Reboot.
> > 
> > It works, but some things are not supported as good as e.g. amd64.

Appreciate your response. I feel confident I can install. More curious about 
what isn't supported yet. Such as multiple processors, altq, and the like.

Thanks

edgerouter lite

[Edgar Pettijohn]

I'm curious as to the current state of affairs for the 
edgerouter lite. I saw this:

https://blog.netbsd.org/tnf/entry/hands_on_experience_with_edgerouter

However, it is a couple of years old now. I tried to find an
INSTALL.html for it, but have been unsuccessful. Any information
is appreciated.

Thanks,

Edgar

edgerouter lite

[Edgar Pettijohn]

Just curious if anyone knows the current state of affairs for the
edgerouter lite. I saw this 
https://blog.netbsd.org/tnf/entry/hands_on_experience_with_edgerouter.
Its a couple of years old now though. I found the install media and
what not, but I didn't see an INSTALL.html file.

Thanks,

Edgar

Re: Gah... How usable is www/firefox on NetBSD?

[edgar]

On May 1, 2018 12:09 PM, Robert Elz  wrote:
>
>     Date:    Tue, 1 May 2018 21:29:21 +0530
>     From:    Mayuresh 
>     Message-ID:  <20180501155921.ga19...@warunjikardental.com>
>
>   | Any other browser or older firefox or 59 is
>   | just alright for you?
>
> I use seamonkey
>
> pkg_info  seamonkey
> Information for seamonkey-2.49.1nb3:
> [...]
>
>
> Its UI is better than firefox (though it has all the crud included, which 
> makes
> it bigger) and is mostly stable - this version occasionally simply exits, 
> mostly related to flash video I think - but that (for me) happens no more than
> perhaps once a week (usually less), so is tolerable, if not nice.
>
> My current version:
> kre    1523  0.0  6.5 3887592 2171796 ?  Sl   23Apr18 222:59.32 seamonkey 
> so it has been up for 8 days (and that last restart was because I forgot to
> plug in my laptop, and went to sleep that is, I went to sleep, the laptop 
> did not.)
>
> I built this seamonkey a couple of months ago (on NetBSD-current of the time) 
> and
> haven;t checked if that's still the version in pkgsrc.
>
> kre
>

I prefer the monkey but switched because I was experiencing unbearable crashes. 
Perhaps the OP will have the opposite.

Re: Gah... How usable is www/firefox on NetBSD?

[edgar]

On May 1, 2018 11:09 AM, Kamil Rytarowski  wrote:
>
> On 01.05.2018 17:59, Mayuresh wrote:
> > Not able to browse continuously even for a minute without facing "Gah.
> > Your tab just crashed." in www/firefox (59).
> > 
> > Can't even login to gmail, nothing happens on clicking "Next" on entering
> > email id.
> > 
> > Is it just NetBSD or firefox 59? Or is it just me?!
> > 
> > I switched back to using NetBSD after 8.0 RC1 was available. Wasn't using
> > NetBSD for quite a while due to USB problems with my hardware that NetBSD
> > wasn't handling before. While all my issues seem to be resolved by 8.0
> > RC1, I was then greeted with an unusable browser.
> > 
> > Curious how other users who (have to) use a web browser with javascript on
> > NetBSD are coping with this. Any other browser or older firefox or 59 is
> > just alright for you?
> > 
> > Mayuresh
> > 
>
> This was an occasional problem in the past. Nowadays it's crashing all
> the time and the only known workaround to me is to keep restarting the
> browser.
>

I just upgraded to 8.0 and haven't experienced your problem. It does drop core 
upon each initial startup, but then it's fine afterwards.

Pf, squif-pf, transparent proxy

[Rodolfo Edgar]

Hi,

I am going to do a proxy server on my lan network, I want to use pf as my
firewall, then I remember a long time ago that ipfilter it works with mode
transparent, but pf does not work with transparent proxy, by default is no
enabled pf in squid, I dont exactly.
I use squid -v
I see ipf enabled transparent mode, pf does not see
I installed using pkgsrc, by default, my question is how can I know that
squid-pf and transparent mode is enable and how can I enabled  the
transparent proxy in NetBSD 7.1, thanks in advice

Re: Can I use NetBSD as a desktop system?

[Edgar Pettijohn]

Depends on the desk.

⁣Sent from BlueMail ​

On Jul 17, 2017, 1:31 PM, at 1:31 PM, SOUL_OF_ROOT 55  
wrote:
>Can I use NetBSD as a desktop system?

Re: NetBSD 7.1 i386 on Virtualbox (fatal breakpoint trap in supervisor mode)

[Rodolfo Edgar]

2017-07-16 8:53 GMT-05:00, Valery Ushakov <u...@stderr.spb.ru>:
> Rodolfo Edgar <sololistasdecor...@gmail.com> wrote:
>
>> 2017-07-15 20:35 GMT-05:00, Valery Ushakov <u...@stderr.spb.ru>:
>>> Rodolfo Edgar <sololistasdecor...@gmail.com> wrote:
>>>
>>>> I have machine when I am using virtualbox, I use 32 bits operating
>>>> system as Debian, CentOS, FreeBSD, but NetBSD and OpenBSD have
>>>> problem, in this case NetBSD 6.x or 7.x have problem:
>>>> The screenshot about NetBSD and VirtualBox
>>>>
>>>> http://i.imgur.com/RtynhXn.png
>>>>
>>>> I want to use NetBSD, what is the procedure to do NetBSD install
>>>> normally? Thanks you for your reply.
>>>
>>> Do you have VT-x enabled on the host?
>>
>> Is not necesary,  because I can run 32 bits machines, currently have
>> my real machine is a Notebook compaq 610, I have operating system 64
>> bits, my guest all are 32 bits operating system, I have FreeBSD and
>> others 32 bits, it's works, but NetBSD 32 bits nothing :(
>
> What do you mean by "is not necessary"?  Do you have VT-x enabled or
> not?
My machine don't support VT-x, is intel, but i can run 32 bits
operating system as FreeBSD 32 bits, GNU/Linux 32 bits, but NetBSD
nothing :(

>
> -uwe
>
>

Re: NetBSD 7.1 i386 on Virtualbox (fatal breakpoint trap in supervisor mode)

[Rodolfo Edgar]

2017-07-15 20:35 GMT-05:00, Valery Ushakov <u...@stderr.spb.ru>:
> Rodolfo Edgar <sololistasdecor...@gmail.com> wrote:
>
>> I have machine when I am using virtualbox, I use 32 bits operating
>> system as Debian, CentOS, FreeBSD, but NetBSD and OpenBSD have
>> problem, in this case NetBSD 6.x or 7.x have problem:
>> The screenshot about NetBSD and VirtualBox
>>
>> http://i.imgur.com/RtynhXn.png
>>
>> I want to use NetBSD, what is the procedure to do NetBSD install
>> normally? Thanks you for your reply.
>
> Do you have VT-x enabled on the host?

Is not necesary,  because I can run 32 bits machines, currently have
my real machine is a Notebook compaq 610, I have operating system 64
bits, my guest all are 32 bits operating system, I have FreeBSD and
others 32 bits, it's works, but NetBSD 32 bits nothing :(

>
> -uwe
>
>

Re: npf configuration

[Edgar Pettijohn]

On 07/15/17 13:18, Jan Danielsson wrote:

On 07/15/17 20:08, Edgar Pettijohn wrote:

pass in on egress inet proto tcp from any to (egress) port { 80 443 }
rdr-to 192.168.1.2

would redirect $ext_if port http, https to $int_if port http, https

[---]

Looked through the manual again and it looks like I need to use a map.
The syntax is throwing me off however.  Can anyone provide an example
that would be similar to the above pf example?

Is this what you're looking for:

$ext_if = "re0"
$ext_v4 = inet4(re0)

# Map incoming port 10022 to .4.16's port 22
map $ext_if dynamic 192.168.4.16 port 22 <- $ext_v4 port 10022

.. ?

I believe so.  The syntax seems weird to me, but I think your example 
helps me understand it.


Thanks

npf configuration

[Edgar Pettijohn]

I was curious if npf can perform redirects similar to pf?  For example 
the following pf rule:


pass in on egress inet proto tcp from any to (egress) port { 80 443 } 
rdr-to 192.168.1.2


would redirect $ext_if port http, https to $int_if port http, https


I've read the npf.conf manual and it doesn't look like this is possible, 
but maybe I've overlooked something.



Thanks,


Edgar

Re: rc and login classes

[Edgar Pettijohn]

It's not the same. Irregardless you are running the script as user root and 
class tor. Then the script executes the daemon as `user`. I don't know if it 
will have the desired effect, but perhaps do
# usermod -L tor tor_user. Change tor_user to the correct user.

⁣Sent from BlueMail ​

On Jul 7, 2017, 3:10 PM, at 3:10 PM, Alexander Nasonov <al...@yandex.ru> wrote:
>Edgar Pettijohn wrote:
>> Look at rc.subr. it calls su to start the daemon. Look at the
>> manual for rc.subr I think there are some variables you could add
>> to the rc.d script to change the behavior.
>
>I only see su -m user -c ... in rc.subr. It's not the same as su -c
>class user.
>
>$ man su
>..
>When a -c option is included after the login name it is not a su
>option,
>   because any arguments after the login are passed to the shell.  (See
>csh(1), ksh(1) or sh(1) for details.)  To execute arbitrary command
>with
> privileges of user username, execute:
>
>   su username -c "command args"
>
>--
>Alex

Re: rc and login classes

[Edgar Pettijohn]

On 07/07/17 15:11, Alexander Nasonov wrote:

Edgar Pettijohn wrote:

Look at rc.subr. it calls su to start the daemon. Look at the
manual for rc.subr I think there are some variables you could add
to the rc.d script to change the behavior.

I only see su -m user -c ... in rc.subr. It's not the same as su -c class user.

$ man su
..
  When a -c option is included after the login name it is not a su option,
  because any arguments after the login are passed to the shell.  (See
  csh(1), ksh(1) or sh(1) for details.)  To execute arbitrary command with
  privileges of user username, execute:

su username -c "command args"


I think you can do the following in rc.conf:

tor_cmd="su -c class -m user -c 'sh -c /path/to/tor args'"

obviously change class, user, and the correct path.

Re: rc and login classes

[Edgar Pettijohn]

Sorry for top post, this mua sucks.

Look at rc.subr. it calls su to start the daemon. Look at the manual for 
rc.subr I think there are some variables you could add to the rc.d script to 
change the behavior.

⁣Sent from BlueMail ​

On Jul 7, 2017, 1:50 AM, at 1:50 AM, Alexander Nasonov <al...@yandex.ru> wrote:
>Edgar Pettijohn wrote:
>> did you:
>> # cap_mkdb /etc/login.conf
>
>Yes, I did run it.
>
>> > My understaning is that the tor process doesn't move to the "tor"
>> > login class when switching a user. As a result, I can't restart it
>> > when I login as root. I have to set the login class with su -c like
>> > this:
>> >
>> ># su -c tor root /etc/rc.d/tor restart
>> I think that will just run the script /etc/rc.d/tor as class tor, not
>> actually start the daemon as class tor.
>
>Daemon inherits the class from /etc/rc.d/tor, doesn't it?
>
>> I'm not a su expert, but perhaps try the following and see what
>happens.
>>
>> su -c tor root /path/to/tor
>
>Sure, starting tor manually like this will work.
>
>--
>Alex

Re: rc and login classes

[Edgar Pettijohn]

On 07/06/17 16:00, Alexander Nasonov wrote:

Another issue on my server was trying to start a service (tor relay in
my case) with a low limit on open files in the default login class.

The relay starts as root but then it swiches to user "tor". I set the
login class of the tor user to "tor" which further extends a limit of
the daemon class. Both have big enough limit.


did you:
# cap_mkdb /etc/login.conf

My understaning is that the tor process doesn't move to the "tor"
login class when switching a user. As a result, I can't restart it
when I login as root. I have to set the login class with su -c like
this:

# su -c tor root /etc/rc.d/tor restart
I think that will just run the script /etc/rc.d/tor as class tor, not 
actually start the daemon as class tor.

I'm not a su expert, but perhaps try the following and see what happens.

su -c tor root /path/to/tor


But somehow the relay starts fine at boot time. Is it because rc
is run with the daemon login class at boot?

/usr/pkg best practices

[Edgar Pettijohn]

I'm curious the best way to override utilities from base with utilities 
in /usr/pkg.


For now I've just moved /usr/pkg up in my $PATH.  Seems like there may 
be a more NetBSDish way to do it.



Thanks,


Edgar

Re: powerd

[Edgar Pettijohn]

On 07/02/17 03:40, Robert Elz wrote:

 Date:Sat, 1 Jul 2017 22:17:12 -0500
 From:Edgar Pettijohn <ed...@pettijohn-web.com>
 Message-ID:  <8fde5619-8942-3a5b-2be5-ac8772811...@pettijohn-web.com>

   | so I'm not really sure which list to send what to yet.

This list is fine for this kind of question.

   | I was reading the powerd manual and it says:

   | Shouldn't that be asynchronously? Or is my definitions backwards?

It depends upon what you are reading the synchronisation to be
relative to .. if you're connecting the power event and the script
you might be right.

But that's not what it is trying to say, it is using terminology as it
is typically used with the shell (since powerd scripts are shell scripts).

There, the synchronisation is with other commands being run, an asynchronous
command is one run "in the background" - that is one that runs in parallel
with other commands also being run, with no co-ordination (or synchrpnisation)
between them.

In shell terminology, if you do

command &

you're running an asynchronous command, and the shell does not wait for
the command to finish before starting on the next.

That's what the powerd manual page is trying to say is not happening, so
it wants to use the opposite of asynchronous, which would be synchronous.

If you'd like to suggest better wording, please do (the best way for that
is to send in a bug report, with send-pr - or using
http://www.netbsd.org/cgi-bin/sendpr.cgi?gndb=netbsd

kre
I went back and read the code and then re-read the manual.  I concur 
with your analysis.  I think it just confused me initially.


Thanks,

Edgar

powerd

[Edgar Pettijohn]

Just started with NetBSD, so I'm not really sure which list to send what 
to yet.



I was reading the powerd manual and it says:

"Configuration scripts are run synchronously; powerd will start the 
script and wait for its completion before it handles the next event."


Shouldn't that be asynchronously? Or is my definitions backwards?

Thanks,

Edgar

Packages to NetBSD 7.1

[Rodolfo Edgar]

Hi guys,

I want to use NetBSD 7.1 and the packages (binaries) are 7.1 in the
installer, but in the ftp server there is not  the 7.1 packages, I
changed to 7.0.2, but when I install some package I see warnings.
My question is the packages to release 7.1 is the same to 7.0.2, thanks

Re: Keyboard latin american NetBSD?

[Rodolfo Edgar]

Thanks Leonardo!

2016-11-07 5:35 GMT-05:00, Leonardo Taccari <l...@netbsd.org>:
> Hello Rodolfo,
>
> Rodolfo Edgar writes:
>> Hi guys, I have a question, NetBSD has support for keyboard latin
>> american? Because when I am installing never I saw keyboard latin
>> american only spanish, my key board is latin, thanks you for you reply
> If no such layout exists I think that you can start from the most
> similar existing layout and then adjust it similarly to what is done
> via /usr/share/wscons/keymaps/ and then load that via `mapfile' in
> /etc/wscons.cfg.
>
> In order to write a mapfile just running `wsconsctl map' to list
> all the keycodes can be helpful; then you need to "remap" just the
> different keycodes and write them like e.g.
> /usr/share/wscons/keymaps/pckbd.sv.ascii.
>
Ok is a good explanation, but I want to see in the default install to
choose the keyboard latin american, my friends always say: if OpenBSD
and FreeBSD have keyboard latin american why has not NetBSD? Please
consider to include keboard latin american keyboard, Sur America
(Bolivia, Perú, Argentina, etc.) are using keyboard latin american,
thanks you.

Keyboard latin american NetBSD?

[Rodolfo Edgar]

Hi guys, I have a question, NetBSD has support for keyboard latin
american? Because when I am installing never I saw keyboard latin
american only spanish, my key board is latin, thanks you for you reply

Re: Packages to NetBSD 7.0.2

[Rodolfo Edgar]

2016-10-28 14:03 GMT-05:00, Manuel Bouyer <bou...@antioche.eu.org>:
> On Fri, Oct 28, 2016 at 01:12:04PM -0500, Rodolfo Edgar wrote:
>> Hi everyone my question is When will it be available binary packages
>> for NetBSD 7.0.2?
>> I am trying NetBSD 7.0.2 and I saw that pkgin is not available because
>> packages does not exit in the mirror
>
> packages for 7.0 will work on other tiny releases, so what's missing is
> only a symlink 7.0.2 -> 7.0
> I created it on the master and on ftp.fr.netbsd.org

Thanks a lot, in the default install I saw the error, currently I see
the mirror:
http://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/i386/7.0.2/



>
> --
> Manuel Bouyer <bou...@antioche.eu.org>
>  NetBSD: 26 ans d'experience feront toujours la difference
> --
>

Packages to NetBSD 7.0.2

[Rodolfo Edgar]

Hi everyone my question is When will it be available binary packages
for NetBSD 7.0.2?
I am trying NetBSD 7.0.2 and I saw that pkgin is not available because
packages does not exit in the mirror

How to enable squid-pf

[Rodolfo Edgar]

Hi guys,

I want to use mode transparent with squid and pf, the default install
squid3 with pkgsrc and pkgin does not enable squid-pf, I am going to
see via pkgsrc make show-options that, help me please how enable
--enable-pf-transparent to squid3, thanks a lot.

I am using NetBSD 6.1.5

Re: Proxy server, mode intercept on NetBSD 7.0.1

[Rodolfo Edgar]

2016-08-03 2:16 GMT-05:00, Christos Zoulas :
> In article
> <1470085391.2331984.683025593.376ee...@webmail.messagingengine.com>,
>   wrote:
>>Me butthurt?  That's comical.  You just wrote the most butthurt email
>>I've ever seen on the mailing lists, and that's saying something.
>>
>>My point, and I think it was pretty clear, is that NetBSD has long been
>>stable for me but suddenly requires an uncharacteristic amount of fixing
>>for a stable release.  I have the crash dumps to prove it.  If this
>>thread is any suggestion, I'm not the only one with ipfilter woes.
>>
>>You seem to take personal offense to this revelation and went full-on
>>Internet Tough Guy(TM).  That's the definition of butthurt.   Why do you
>>find this so personally insulting?  Perhaps you should talk it through
>>with a therapist.  It may help you.
>
> Well, I have been trying to fix some of the ipf issues on 7 with some
> success.

Thanks you!

> I think that the problem is that most of us have switched to npf, and so
> ipf

In my case I will try to use the npf to do my router, firewall and
proxy in my LANs networks

> is not getting a lot of testing. Perhaps you can try switching too? I
> prefer
> that you switch, and we are willing to help you do so, rather than spending
> time to fix ipf.

Thanks again, I think that some users need examples, similar to The
NetBSD Network FAQ. to use npf, currently I am reading the
https://www.netbsd.org/~rmind/npf/#_network_address_translation, I
hope to understand all, and use in my scenary.

>
> christos
>
>

Re: Proxy server, mode intercept on NetBSD 7.0.1

[Rodolfo Edgar]

Hi guys again, the problem is a bug of ipfilter 5, the same rules in
NetBSD 6.1.5 it works, version in NetBSD 6.1.5 of ipfilter is 4.


2016-07-27 5:05 GMT-05:00, Rodolfo Edgar <sololistasdecor...@gmail.com>:
> Hi guys,
>
> Help me please, I have a small LAN in my office, the scenary is:
>
> InternetRouter ISP(wm0-NetBSD-wm1,wm2)LAN1, LAN2
>
> wm0=192.168.1.85/24
> wm1=192.168.2.85/24
> wm2=192.168.3.85/24
>
> I am going to do proxy on wm1, currently NetBSD is a firewall and
> router, I use ipfilter, my rules are:
>
> +ipf.conf (basic rules)
>
> pass in from any to any
> pass out from any to any
>
> +ipnat.conf
>
> #wm1 interface
> map wm0 192.168.2.0/24 -> 0/32 portmap tcp/udp auto
> map wm0 192.168.2.0/24 -> 0/32
>
> #wm2 interface
> map wm0 192.168.3.0/24 -> 0/32 portmap tcp/udp auto
> map wm0 192.168.3.0/24 -> 0/32
>
> #Proxy server
> rdr wm1 0/0 port 80 -> 192.168.2.85 port 3129 tcp
>
> My rc.conf:
> #Firewall
> ipfilter=YES
> ipfilter_flags=""
> ipnat=YES
>
> #Service
> squid=YES
>
> My sysctl.conf to forwarding ipv4 is enable
> net.inet.ip.forwarding=1
>
> NetBSD as router is OK, but as proxy I have some problem, the setup to
> squid is basic
> ...
> #My simple acl
> acl lan1 src 192.168.2.0/24
> acl expno url_regex "/usr/pkg/etc/squid/expno"
> acl dono dstdomain "/usr/pkg/etc/squid/dono"
>
> #My rules
> http_access allow localhost
>
> http_access deny expno
> http_access deny dono
> http_access allow lan1
>
> http_access deny all
>
> http_port 192.168.2.85:3129 intercept
>
> cache_dir ufs /var/squid/cache/squid 100 16 256
>
> cache_mem 128 MB
>
> ...
>
> The files expno and dono are into the path
>
> The proxy is running, but I think that some thing I need to add or
> modify, because when I want to use some url the log of cache.log say:
>
> ...ERROR: No forward-proxy ports configured.
> ERROR: NAT/TPROXY lookup failed to locate original IPs on
> local=192.168.2.85:3129 remote=192.168.2.85:65508 FD 22 flags=33...
>
> The message is when I put in the browser a url for example
> www.netbsd.org or another that no use https protocol, but when I use
> some url that I put in dstdomain rule into dono for example
> xvideos.com, the proxy works, access deny say, BUT WHEN PU SOME URL
> normal without https the message says:
>
> empty response (zero size)
>
> Help me please, what is my mistake? I try to change the port, also add
> http_port 3128 and http_port 3129 intercept, I read the squid-cache
> http://wiki.squid-cache.org/KnowledgeBase/NoForwardProxyPorts, but I
> THINK THAT I need to add some thing, I remember that I did a similar
> proxy in early version of NetBSD and it was working perfect with
> ipfilter, the same rule, the rule copy of ipnat.conf man page. Thanks
> in advice for you reply, please help me.
>

Proxy server, mode intercept on NetBSD 7.0.1

[Rodolfo Edgar]

Hi guys,

Help me please, I have a small LAN in my office, the scenary is:

InternetRouter ISP(wm0-NetBSD-wm1,wm2)LAN1, LAN2

wm0=192.168.1.85/24
wm1=192.168.2.85/24
wm2=192.168.3.85/24

I am going to do proxy on wm1, currently NetBSD is a firewall and
router, I use ipfilter, my rules are:

+ipf.conf (basic rules)

pass in from any to any
pass out from any to any

+ipnat.conf

#wm1 interface
map wm0 192.168.2.0/24 -> 0/32 portmap tcp/udp auto
map wm0 192.168.2.0/24 -> 0/32

#wm2 interface
map wm0 192.168.3.0/24 -> 0/32 portmap tcp/udp auto
map wm0 192.168.3.0/24 -> 0/32

#Proxy server
rdr wm1 0/0 port 80 -> 192.168.2.85 port 3129 tcp

My rc.conf:
#Firewall
ipfilter=YES
ipfilter_flags=""
ipnat=YES

#Service
squid=YES

My sysctl.conf to forwarding ipv4 is enable
net.inet.ip.forwarding=1

NetBSD as router is OK, but as proxy I have some problem, the setup to
squid is basic
...
#My simple acl
acl lan1 src 192.168.2.0/24
acl expno url_regex "/usr/pkg/etc/squid/expno"
acl dono dstdomain "/usr/pkg/etc/squid/dono"

#My rules
http_access allow localhost

http_access deny expno
http_access deny dono
http_access allow lan1

http_access deny all

http_port 192.168.2.85:3129 intercept

cache_dir ufs /var/squid/cache/squid 100 16 256

cache_mem 128 MB

...

The files expno and dono are into the path

The proxy is running, but I think that some thing I need to add or
modify, because when I want to use some url the log of cache.log say:

...ERROR: No forward-proxy ports configured.
ERROR: NAT/TPROXY lookup failed to locate original IPs on
local=192.168.2.85:3129 remote=192.168.2.85:65508 FD 22 flags=33...

The message is when I put in the browser a url for example
www.netbsd.org or another that no use https protocol, but when I use
some url that I put in dstdomain rule into dono for example
xvideos.com, the proxy works, access deny say, BUT WHEN PU SOME URL
normal without https the message says:

empty response (zero size)

Help me please, what is my mistake? I try to change the port, also add
http_port 3128 and http_port 3129 intercept, I read the squid-cache
http://wiki.squid-cache.org/KnowledgeBase/NoForwardProxyPorts, but I
THINK THAT I need to add some thing, I remember that I did a similar
proxy in early version of NetBSD and it was working perfect with
ipfilter, the same rule, the rule copy of ipnat.conf man page. Thanks
in advice for you reply, please help me.

Re: Postfix-dovecot-squirrelmail in NetBSD 6.1 RC2 Warning: fd limit (ulimit -n)

[Edgar Rodolfo]

2013/3/24, Greg Troxel g...@ir.bbn.com:

 Edgar Rodolfo rodolfo...@gmail.com writes:

 Hi guys,

 I am testing the rc2 i386, i am learning to use basic mail server on
 NetBSD, currently i am doing a basic mail server with postfix, dovecot
 and squirrelmail.

 The warning that i see:
 Warning: fd limit (ulimit -n) is lower than required under max. load
 (7681000), because of default_client_count.

 then i see in my command line:

 #ulimit -n
 128

 This is a recurring issue in NetBSD, and we should perhaps revisit the
 default limits.  It's hard because a 64-processor machine with 64G of
 ram should have different limits than a beaglebone, but it would be
 perhaps confusing if they were autosized.

 So one of your programs (perhaps dovecot) is complaining that it expects
 to need 768 or 1000 open files,  but the limit is lower (but it's not
 giving it's actual limit).

 There are three approaches:

   change the sources to modify the default limits up, because 128 open
   files per process seems too small in 2013 (hard, have to rebuild,
   perhaps we should, but not my advice to you)

   adjust login.conf.  see the man page.   Someone at work was having
   trouble with this (for apache), so definitely use ulimit -a to see
   if it is working.

   in /etc/rc.d/dovecot, and so on, put ulimit -n 2048 or some such.

 I am presuming that your machine is big enough to do what you want.
 If it's a personal service (for a househould  or so), it doesn't need to
 be that big.  Beware that lots of GUI mail clients end up with many
 connections; I just checked a server used by 2 people, and it has 9 imap
 connections.

 I would also advise you to ulimit -a and look at all the limits.
 Probably the file limit is the one that will probably bother you.


Thanks a lot for your reply, i will test that :)