Re: pf rdr to multiple machines in the subnet

[Bret S. Lambert]

On Tue, Feb 09, 2010 at 08:19:14AM +0100, Joakim Aronius wrote:
> * Jean-Frangois SIMON (jfsimon1...@gmail.com) wrote:
> > 2010/2/7 Bret S. Lambert 
> > >
> > > No, you'd have to so a seperate rdr line for each backend host.
> > >
> >
> > Would a rule like this one work (2 lines).
> >  rdr pass on $ext_if proto tcp from any to any port 1024:65535 -> 10.0.1.32
> >  rdr pass on $ext_if proto tcp from any to any port 1024:65535 -> 10.0.1.33
> 
> You can't redirect one port to multiple machines, your options are:
> 1) redirect different ports to different machines, i.e.:
> rdr pass on $ext_if proto tcp from any to any port 1024:5000 -> 10.0.1.32
> rdr pass on $ext_if proto tcp from any to any port 5001:65535 -> 10.0.1.33
> 
> 2) get more external IP addresses.

Or use tables:

table  = { $list_of_ips }
rdr pass on $ext_if proto tcp from any to any port 1024:65535 -> 

or run relayd

The OP would do well to read the PF guide on openbsd.org.

Re: pf rdr to multiple machines in the subnet

[Joakim Aronius]

* Jean-Frangois SIMON (jfsimon1...@gmail.com) wrote:
> 2010/2/7 Bret S. Lambert 
> >
> > No, you'd have to so a seperate rdr line for each backend host.
> >
>
> Would a rule like this one work (2 lines).
>  rdr pass on $ext_if proto tcp from any to any port 1024:65535 -> 10.0.1.32
>  rdr pass on $ext_if proto tcp from any to any port 1024:65535 -> 10.0.1.33

You can't redirect one port to multiple machines, your options are:
1) redirect different ports to different machines, i.e.:
rdr pass on $ext_if proto tcp from any to any port 1024:5000 -> 10.0.1.32
rdr pass on $ext_if proto tcp from any to any port 5001:65535 -> 10.0.1.33

2) get more external IP addresses.

/jkm

Re: AMD power reduction

[Daniel Gracia Garallar]

If absolute raw power is not mandatory, you may have a look at 
Atom-based servers -like 
http://www.supermicro.es/?opcion=contenido&plt=notas&id=137 for example-.


This servers consumption should make a difference when working on 
renovable energy sources.


Regards!

Jean-Francois escribis:

Le lundi 08 fivrier 2010 04:10:22, Nick Holland a icrit :

With all this talk about power reduction...I'm going to toss out one
small suggestion:

Get a Wattmeter, and measure...  Don't waste your time speculating.


Hello,

I did. It's consuming some 90 Watts at idle.
Actually, it's an Athlon but the latest Sempron has an even reduced TDP.
My next server will be based on it.
Actually even 70 Watts is a little bit high for my next server given the fact
it will be in an autonomous environment (small wind/solar generators).

Regards

Sanal Albümler

[Duyurular]

\cretsiz Ful alb|mler hemde yasal olarak indirebilirsiniz. Alb|m sahiplerinin
izniyle.

   


Kat}lmak igin t}klay}n}z...


Yeni alb|mler haz}rlan}yor, k}sa s|rede eklenecektir.

Google, automation, and lack of security

[Doug Milam]

Not directly about OpenBSD, but worth reading:

http://blogs.techrepublic.com.com/security/?p=3007

Re: AMD power reduction

[Stuart Henderson]

> Le lundi 08 fivrier 2010 10:41:18, Daniel Gracia Garallar a icrit :
>> If absolute raw power is not mandatory, you may have a look at
>> Atom-based servers -like
>> http://www.supermicro.es/?opcion=contenido&plt=notas&id=137 for example-.

those work ok (i386/amd64 kernels). you must use a 2.5" drive if you
want to use the PCIE slot (get the 1x2.5" carrier, not the dual one,
if you want that), and note that the PCI slots aren't usable in that
chassis.

supermicro also have some newer mini-itx Atom boards - ICH9: more sata,
em(4), optional IPMI - and there are also numerous low-power systems from
a range of manufacturers using various CPUs (VIA, Geode, EP80579, Atom,
..).

if you don't need i386 compatibility, keep an eye on OpenBSD/loongson
too. (or OpenBSD/armish but the supported hardware doesn't seem to be
available new any more, the closest replacement for Thecus N2100 uses
a different CPU [still arm-based, but this time a slower Oxford
Semiconductor one rather than the XScale]).

but without more information on what "server" means to you, it's hard
to say what might actually be suitable...

eshop.gr: Ενημερωτικό δελτίο 9/2/2010

[members]

Episjeuhe_te tgm die}humsg http://www.e-shop.gr/newsletter/mail-100211.html
cia ma de_te tir pqosvoq]r lar



TGKEVYMIJES PAQACCEKIES 9:00-20:00 STO  211
5000500

Oi til]r isw}oum ap| 06/02/10 l]wqi 20/02/10, ]yr enamtk^seyr tym
apohel\tym jai l|mo cia ta l]kg tou e-shop.gr

Am h]kete ma diacqave_te ap| tg
k_sta emgl]qysgr tou e-shop.gr, paqajako}le apamt^ste sto paq|m le
t_tko(subject) tou lgm}lat|r sar: DIACQAVG.

Re: Apache can't resume downloads after upgrade to 4.6

[Matthew Mulrooney]

> I'm using OpenBSD since 4.4 and today I noticed that httpd server doesn''t
> support resuming while a file is downloading.

The in-tree Apache (Apache 1.3.29 + improvements) doesn't support the 
range header (so you can't resume a previous download);  as far as I 
know, it never has.

If you need resume support, install the Apache httpd 2.2.11 package.

Matthew

On Mon, 8 Feb 2010, aTANAS wLADIMIROW wrote:

> Hello misc,
> I'm using OpenBSD since 4.4 and today I noticed that httpd server doesn''t
> support resuming while a file is downloading.
> I made an upgrade from 4.5 to 4.6 couple days ago. I googled this problem
> and it appears that Apache supports resuming by default. I made the
> following  tests:
> I ran orbit downloader on a Windows machine and it turns out that the web
> server doesn't support resuming. When pausing the download everything begins
> from scratch after resuming.
> I ran wget on my time server (FreeBSD 4.11)  and here are the results:
>
> ==
> [time]/root# wget -c -O ./xx http://bsdbg.net/pf
> --22:58:36--  http://bsdbg.net/pf
>   => `./xx'
> Resolving bsdbg.net... done.
> Connecting to bsdbg.net[192.168.1.1]:80... connected.
> HTTP request sent, awaiting response... 200 OK
>
> Continued download failed on this file, which conflicts with `-c'.
> Refusing to truncate existing file `pf'.
>
> 
>
> All of the tests were made after resetting the Apache config to default.
> Has anyone experienced such problems?
> Thanks in advance.
>
> *Here is uname:*
>
> [ns]~# uname -a
> OpenBSD ns.bsdbg.net 4.6 GENERIC#0 i386
>
> 
>


---
Matthew Mulrooney
Teamify - Team Management Simplified - http://www.teamify.com
---

New Year Promotion from Systat Software

[Systat Software, Inc.]

Dear Researcher,

Systat Software would like to thank you for trying out our products.

If you would like to take advantage of our current New Year promotion, please
give us a call or email us.

For Academic and non-profit inquiries, please call Amanda McDowell at
1-800-797-7401 Option 1 or email her at amcdow...@systat.com

For all Corporate or Government inquiries, please call Vivian Le at
1408-715-7081 or email her at v...@systat.com

Thanks again and we hope to hear from you soon.

Best Regards,
Sales Team
SYSTAT Software Inc
1735 Technology Drive Suite 430
San Jose, CA 95110
New Website: http://www.sigmaplot.com
http://www.sigmaplot.com/optout/

Re: AMD power reduction

[Jean-Francois]

Le lundi 08 fivrier 2010 10:41:18, Daniel Gracia Garallar a icrit :
> If absolute raw power is not mandatory, you may have a look at
> Atom-based servers -like
> http://www.supermicro.es/?opcion=contenido&plt=notas&id=137 for example-.
>
> This servers consumption should make a difference when working on
> renovable energy sources.
>
> Regards!
>
> Jean-Francois escribis:
> > Le lundi 08 fivrier 2010 04:10:22, Nick Holland a icrit :
> >> With all this talk about power reduction...I'm going to toss out one
> >> small suggestion:
> >>
> >> Get a Wattmeter, and measure...  Don't waste your time speculating.
> >
> > Hello,
> >
> > I did. It's consuming some 90 Watts at idle.
> > Actually, it's an Athlon but the latest Sempron has an even reduced TDP.
> > My next server will be based on it.
> > Actually even 70 Watts is a little bit high for my next server given the
> > fact it will be in an autonomous environment (small wind/solar
> > generators).
> >
> > Regards
>

Thank you for this information. Is it working ok with OpenBSD ? Standard x86
is suitable ?

Regards.

Apache can't resume downloads after upgrade to 4.6

[Атанас Владимиров]

Hello misc,
I'm using OpenBSD since 4.4 and today I noticed that httpd server doesn''t
support resuming while a file is downloading.
I made an upgrade from 4.5 to 4.6 couple days ago. I googled this problem
and it appears that Apache supports resuming by default. I made the
following  tests:
I ran orbit downloader on a Windows machine and it turns out that the web
server doesn't support resuming. When pausing the download everything begins
from scratch after resuming.
I ran wget on my time server (FreeBSD 4.11)  and here are the results:

==
[time]/root# wget -c -O ./xx http://bsdbg.net/pf
--22:58:36--  http://bsdbg.net/pf
   => `./xx'
Resolving bsdbg.net... done.
Connecting to bsdbg.net[192.168.1.1]:80... connected.
HTTP request sent, awaiting response... 200 OK

Continued download failed on this file, which conflicts with `-c'.
Refusing to truncate existing file `pf'.



All of the tests were made after resetting the Apache config to default.
Has anyone experienced such problems?
Thanks in advance.

*Here is uname:*

[ns]~# uname -a
OpenBSD ns.bsdbg.net 4.6 GENERIC#0 i386



*Here is dmesg*

[ns]~# dmesg
OpenBSD 4.6-stable (GENERIC) #0: Fri Feb  5 20:34:04 EET 2010
r...@ns.bsdbg.net:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Sempron(tm) Processor 3200+ ("AuthenticAMD" 686-class, 128KB L2
cache) 1.81 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,CX16
real mem  = 1055420416 (1006MB)
avail mem = 1011703808 (964MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 02/05/08, BIOS32 rev. 0 @ 0xf2030,
SMBIOS rev. 2.4 @ 0xf (70 entries)
bios0: vendor Phoenix Technologies, LTD version "ASUS M2NPV-VM ACPI BIOS
Revision 1301" date 02/05/2008
bios0: ASUSTek Computer INC. M2NPV-VM
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP MCFG APIC
acpi0: wakeup devices HUB0(S5) XVRA(S5) XVRB(S5) XVRC(S5) UAR1(S5) UAR2(S5)
PS2M(S4) PS2K(S4) USB0(S4) USB2(S4) AZAD(S5) MMAC(S5) MMCI(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 200MHz
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (HUB0)
acpicpu0 at acpi0
acpitz0 at acpi0: critical temperature 75 degC
acpibtn0 at acpi0: PWRB
bios0: ROM list: 0xc/0xec00
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
"NVIDIA C51 Host" rev 0xa2 at pci0 dev 0 function 0 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 1 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 2 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 3 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 4 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 5 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 6 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 7 not configured
vga1 at pci0 dev 5 function 0 "NVIDIA GeForce 6150" rev 0xa2
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"NVIDIA MCP51 Host" rev 0xa2 at pci0 dev 9 function 0 not configured
pcib0 at pci0 dev 10 function 0 "NVIDIA MCP51 ISA" rev 0xa3
nviic0 at pci0 dev 10 function 1 "NVIDIA MCP51 SMBus" rev 0xa3
iic0 at nviic0
spdmem0 at iic0 addr 0x50: 512MB DDR2 SDRAM non-parity PC2-5300CL5
spdmem1 at iic0 addr 0x51: 512MB DDR2 SDRAM non-parity PC2-5300CL5
iic1 at nviic0
"NVIDIA MCP51 Memory" rev 0xa3 at pci0 dev 10 function 2 not configured
pciide0 at pci0 dev 13 function 0 "NVIDIA MCP51 IDE" rev 0xa1: DMA, channel
0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 disabled (no drives)
ppb0 at pci0 dev 16 function 0 "NVIDIA MCP51 PCI-PCI" rev 0xa2
pci1 at ppb0 bus 1
xl0 at pci1 dev 8 function 0 "3Com 3c905C 100Base-TX" rev 0x74: apic 2 int
16 (irq 10), address 00:50:da:e1:34:84
bmtphy0 at xl0 phy 24: 3C905C internal PHY, rev. 6
xl1 at pci1 dev 9 function 0 "3Com 3c905C 100Base-TX" rev 0x74: apic 2 int
17 (irq 11), address 00:04:76:18:a5:3f
bmtphy1 at xl1 phy 24: 3C905C internal PHY, rev. 6
pchb0 at pci0 dev 24 function 0 "AMD AMD64 0Fh HyperTransport" rev 0x00
pchb1 at pci0 dev 24 function 1 "AMD AMD64 0Fh Address Map" rev 0x00
pchb2 at pci0 dev 24 function 2 "AMD AMD64 0Fh DRAM Cfg" rev 0x00
kate0 at pci0 dev 24 function 3 "AMD AMD64 0Fh Misc Cfg" rev 0x00: core rev
DH-F2
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
it0 at is

OT: Interupted system call/broken pipe with squid & squidguard

[Theodore Wynnychenko]

Hello:
I recently installed squid Version 2.7.STABLE6 and SquidGuard: 1.4 Berkeley
DB 4.6.21 on OpenBSD 4.5.
At this point, I am still setting things up, so it is not proxying much of
anything, except for testing, but I have been getting this error every
morning at 7:00AM local time:

Feb  3 07:01:01 server squid[12276]: The url_rewriter helpers are crashing
too rapidly, need help! 
Feb  3 07:01:01 server squid[7601]: Squid Parent: child process 12276 exited
due to signal 6
Feb  3 07:01:04 server squid[7601]: Squid Parent: child process 29122
started

I have no idea why this happens.  After squid shuts down, it restarts
without an issue, and runs fine until 7AM the next day.
I am using newsyslog to manage the log files, and I send a squid -k
reconfigure after the logs are rotated for squidguard; and a squid -k rotate
after the squid logs rotate. But that happens at 3AM.
I thought maybe there was some sort of problem with the file descriptors
running out (I don't know what that means) after squid/squidguard was
running for 24 hours, but I ran a script to shutdown and restart
squid/squidguard at 3:32 AM, but the same errors occurred at 7AM.
The ONLY thing that I can think of is that 7AM is the start of "dayhours" in
my squidguard.conf.  But I have no idea why that would be causing these
errors.
In any case, other than the fact that it all dies and then is reborn at 7AM
every day, it is all good.  It bothers me to have this issue. Any ideas to
correct this would be welcome.
Below I have included the output of (in this order): 
/var/squid/logs/cache.log
/var/log/squidguard/squidGuard.log

As well as my squidGuard.conf.

Thanks for any advice
Bye - ted

-
/var/squid/logs/cache.log

2010/02/03 07:00:00| WARNING: url_rewriter #1 (FD 9) exited
2010/02/03 07:00:00| WARNING: url_rewriter #3 (FD 11) exited
2010/02/03 07:00:00| WARNING: url_rewriter #2 (FD 10) exited
2010/02/03 07:00:00| Too few url_rewriter processes are running
2010/02/03 07:00:00| Starting new helpers
2010/02/03 07:00:00| helperOpenServers: Starting 5 'squidGuard' processes
2010/02/03 07:00:00| WARNING: url_rewriter #4 (FD 12) exited
2010/02/03 07:00:00| WARNING: url_rewriter #5 (FD 13) exited
2010/02/03 07:00:30| WARNING: url_rewriter #5 (FD 29) exited
2010/02/03 07:00:30| WARNING: url_rewriter #1 (FD 9) exited
2010/02/03 07:00:30| WARNING: url_rewriter #4 (FD 26) exited
2010/02/03 07:00:30| Too few url_rewriter processes are running
2010/02/03 07:00:30| Starting new helpers
2010/02/03 07:00:30| helperOpenServers: Starting 5 'squidGuard' processes
2010/02/03 07:00:30| ipcCreate: PARENT: hello read test failed
2010/02/03 07:00:30| --> read: (4) Interrupted system call
2010/02/03 07:00:30| WARNING: Cannot run '/usr/local/bin/squidGuard'
process.
2010/02/03 07:00:30| write FD 12: (32) Broken pipe
2010/02/03 07:00:30| ipcCreate: CHILD: hello write test failed
2010/02/03 07:00:31| WARNING: url_rewriter #3 (FD 25) exited
2010/02/03 07:00:31| WARNING: url_rewriter #2 (FD 11) exited
2010/02/03 07:01:01| WARNING: url_rewriter #4 (FD 12) exited
2010/02/03 07:01:01| WARNING: url_rewriter #1 (FD 9) exited
2010/02/03 07:01:01| Too few url_rewriter processes are running
2010/02/03 07:01:01| Starting new helpers
2010/02/03 07:01:01| helperOpenServers: Starting 5 'squidGuard' processes
2010/02/03 07:01:01| ipcCreate: PARENT: hello read test failed
2010/02/03 07:01:01| --> read: (4) Interrupted system call
2010/02/03 07:01:01| WARNING: Cannot run '/usr/local/bin/squidGuard'
process.
2010/02/03 07:01:01| ipcCreate: PARENT: hello read test failed
2010/02/03 07:01:01| --> read: (4) Interrupted system call
2010/02/03 07:01:01| WARNING: Cannot run '/usr/local/bin/squidGuard'
process.
2010/02/03 07:01:01| write FD 25: (32) Broken pipe
2010/02/03 07:01:01| ipcCreate: CHILD: hello write test failed
2010/02/03 07:01:01| ipcCreate: PARENT: hello read test failed
2010/02/03 07:01:01| --> read: (4) Interrupted system call
2010/02/03 07:01:01| WARNING: Cannot run '/usr/local/bin/squidGuard'
process.
2010/02/03 07:01:01| write FD 25: (32) Broken pipe
2010/02/03 07:01:01| ipcCreate: CHILD: hello write test failed
2010/02/03 07:01:01| ipcCreate: PARENT: hello read test failed
2010/02/03 07:01:01| --> read: (4) Interrupted system call
2010/02/03 07:01:01| WARNING: Cannot run '/usr/local/bin/squidGuard'
process.
2010/02/03 07:01:01| WARNING: url_rewriter #3 (FD 10) exited
2010/02/03 07:01:01| Too few url_rewriter processes are running
2010/02/03 07:01:01| storeDirWriteCleanLogs: Starting...
2010/02/03 07:01:01| write FD 25: (32) Broken pipe
2010/02/03 07:01:01| ipcCreate: CHILD: hello write test failed
2010/02/03 07:01:01| write FD 25: (32) Broken pipe
2010/02/03 07:01:01| ipcCreate: CHILD: hello write test failed
2010/02/03 07:01:01|   Finished.  Wrote 1020 entries.
2010/02/03 07:01:01|   Took 0.1 seconds (15190.8 entries/sec).
FATAL: The url_rewriter helpers are crashing too rapidly, need help!

Squid Cache (Version 2.7.

Re: Inconsistency between IPv6 and IPv4 announces between eBGP peers hooked through an iBGP session (OpenBGPd)

[Laurent CARON]

On 08/02/2010 18:41, Claudio Jeker wrote:

Could you give it a spin?


I just tried it and so far it seems successful.

I'll let it run for a few days on my secondary bgp box and upgrade the 
primary one if successful.


Many thanks

route6d bug

[Florian Fuessl]

Hi,

current route6d does not add advertised RipNG routes of other systems to the
routing table. This problem seems to go back to 2008, as older OpenBSD
releases do also suffer from this problem, here.

Using route6d build from Jul. 3, 2007 does add advertised RipNG routes to
the kernel routing table, but does not delete them on exit; at least if
running a recent kernel. :-(

Any hints how to patch this problem?

-Florian

Un año gratuito.Doble Titulo Internacional.Formacion online

[Divulgacion Dinamica]

SI NO VE LA INFORMACISN, HAGA CLICK AQUM

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

Cursos que ofrecemos:

MASTER EXPERTO EN COOPERACISN INTERNACIONAL Y DESARROLLO

MASTER EXPERTO EN GESTISN Y DESARROLLO DE PROGRAMAS DE INTERVENCISN
SOCIAL

MASTER EXPERTO EN GESTISN DE PROGRAMAS GERIATRICOS

MASTER EXPERTO EN RESOLUCISN DE CONFLICTOS

MASTER EXPERTO EN RECURSOS PATRIMONIALES Y TURMSTICOS

MASTER EXPERTO EN FORMACISN DE RECURSOS HUMANOS

MASTER EXPERTO EN ANIMACISN SOCIOCULTURAL

[IMAGE]

[IMAGE]

[IMAGE]

Conforme a la Ley de servicios de la sociedad de la informacisn y de
comercio electrsnico, y a la vigente Ley organica 15 13/12/1999 de
proteccisn de datos espaqola, le informamos que su direccisn de correo
esta incluida en nuestra base de datos, con la finalidad de enviarle
informacisn de su interis. Si no desea seguir recibiendo ningzn correo
futuro por nuestra parte o quiere modificar sus datos, por favor,
responda directamente este mail con su peticisn.

En caso de que no tengamos respuesta en este envmo, consideramos su
autorizacisn para posteriores envmos.

SI DESEA DARSE DE BAJA, HAGA CLICK AQUM

[IMAGE]

Re: Download rate and sysctl settings

[Sebastiano Pomata]

Il 06/02/10 19:43, Claudio Jeker ha scritto:

 Thank you for the clear answer. Anyway, trying to act on tcp.sendspace
 isn't affecting the upload capabilities of my OpenBSD server.
 I tried downloading a file through httpd, via ftp but results are
 still disappointing: 60-70 kbps between two boxes on the same switch.

 The box is going to become a webserver, could you please give me more
 hints about tuning network performance?

>>>
>>> Check your links. This sounds like a full-duplex issue between switch and
>>> machines. On a LAN even with default tcp send/recvspace you should get
>>> easily get up to 200Mbps.
>>>

Proceeding with debugging, I'm getting even more close to the problem
but still need some help.
Giving to OpenBSD box a local IP, and accessing from a same-subnet IP
machine, I get full speed (about 8 MB/s downloading).

Problems come when I give to OpenBSD box an IP of another range, that
goes behind a Cisco router: downloading from the same machine (and
adding a hop in the path, the router itself) only reaches 20-30 kB/s,
while giving the same IP to another linux machine and getting a file
with apache2 reaches 150 kB/s.

Any idea?

Re: flags for wd timeouts?

[Brynet]

Hi Roger,

Not entirely sure what is causing your problems, but there are several
options in your BIOS that are worth investigating.

http://www.supermicro.com/manuals/motherboard/HT2000/MNL-H8DSP-8i.pdf

Plug & Play OS
(might be worth setting this to "No")

KBC Clock Source
(try 8MHz)

S-ATA Mode
(IDE/MMIO or RAID, see if OpenBSD's behaviour changes)

ACPI Version Features
(1.0/2.0 or 3.0)

Another issue may be the UDMA mode, change "wd" again via UKC and
specify the flags 0xdfc (UDMA5,PIO 4).

Just some suggestions, which you may have already tried.

-Bryan.

Re: Inconsistency between IPv6 and IPv4 announces between eBGP peers hooked through an iBGP session (OpenBGPd)

[Claudio Jeker]

On Sat, Jan 30, 2010 at 03:21:32PM +0100, Laurent CARON wrote:
> On 30/01/2010 14:59, Laurent CARON wrote:
> >My last test was with current as of 20100119.
> >
> >I did tests with 20091201 and 20091202 because the problem did appear
> >just between those 2 dates and is reproductible.
> >
> >I'll try to upgrade to current and see if it helps.
> 
> Since no commits were done on bgpd since 20100113 and my last test
> was from 20100119 with current from 20100119, I think the issue is
> still there.
> 

I just commited something that may be the reason for you IPv6 issues.
"Unbreak IPv6 local address lookups. Some idiot aka me optimised a loop and
because of that either the IPv4 or IPv6 local address was not set. Because
of this prefixes were sent out with all zero nexthops."

Could you give it a spin?
I still try to reproduce your problem but am unable to do so. Could I get
the bgpd.conf and ifconfig output for the interface to the failing system?
-- 
:wq Claudio

Re: pf rdr to multiple machines in the subnet

[Stuart Henderson]

On 2010-02-07, Jean-Fran?ois SIMON  wrote:
> I am going to replace the rule
> rdr pass on $ext_if proto tcp from any to any port 1024:65535 -> 10.0.1.32
> port 1024:*

rdr pass on $ext_if proto tcp to port 1024:65535 -> 10.0.1/24

Re: snort on openbsd with PF

[Paolo Supino]

Hi

  I apologize for not first RTFMing before asking. Section 4.4 of the 
Snort FAQ clearly states that scenario 1 is the one that will be ...



--
TIA
Paolo


On 2/8/10 3:18 PM, Paolo Supino wrote:

Hi

When snort on the external interface of an OpenBSD firewall, which
scenario will be the one happening:
1. Snort captures all incoming traffic before it reaches PF (there's
also NAT on the external interface).
2. Snort captures and analyzes only traffic that the firewall let
through on the interface.










--
TIA
Paolo

Re: anyone need old PC crap?

[J.C. Roberts]

On Sun, 07 Feb 2010 22:12:06 -0500 Nick Holland
 wrote:

> ropers wrote:
> > You (or anyone else, really) wouldn't happen to have any 1st or 2nd
> > generation PC stuff (as in, IBM 5150 PC / IBM 5155 Portable, or IBM
> > 5160 PC XT)?
> > 
> > http://en.wikipedia.org/wiki/IBM_5150
> > http://en.wikipedia.org/wiki/IBM_5155
> > http://en.wikipedia.org/wiki/IBM_5160
> 
> please answer off-list.
> Do not feed the old computer crap addition I have... :-/


Your subconscious speaks otherwise.

Re: Read_Write buffers for dd WAS: little cp diff

[Brad Tilley]

On Mon, 08 Feb 2010 09:06 -0500, "Sean Kennedy"  wrote:
> Moving this to m...@...
> 
> Would part of this discussion usefully related to such issues like using
> 'dd'
> for diskwipes/copies/reformatting and slow data movement speeds?
> 
> There are times when I am wiping (for reuse) hard disks using 'dd' and I
> set
> the BlockSize to > 512 (like 1M or so sometimes)


In my experience, a bs of 64k is about as big and fast as you'll get. Setting 
bs larger than that may make dd a tad faster, but not much.  Also, when IO 
errors occur with a larger bs you'll drop more data than you would have using a 
512 byte block. Some modified dd's, such as ddrescue, set larger blocksizes 
initially in an effort to increase speed, but revert to 512 bytes upon IO 
errors.

Brad


> and the transfer speeds are quite a lot slower than for using 'dd' on
> some
> other Operating systems. (Linux or Windows)
> 
> Mind you, for a lot of this, I am using oBSD RamDISK, so I am not
> anticipating
> a full-fledged OS support for the ATA or SCSI or USB2 platforms. But for
> those
> systems where I am using -stable or -current,  the speeds are still
> comparably
> slow.
> 
> I concur with Theo's point on portability and making a sysctl for kernel
> is
> hazardous, but what am I seeing in the above for 'dd' that would be
> causing
> the poor performance?
> (* BTW, I am using  if=/dev/zero for the baseline, other if=/...'es may
> have
> lower performance as an input for compare*)
> 
> 
> Just my 2 cents.
> 
> -sean
> 
> > Subject: Re: little cp diff
> > 2010/2/8 Theo de Raadt :
> > > For those of you who asked why cp needs to be portable, come on.
> > > You've got it all wrong.  If cp isn't written in a portable fashion,
> > > then what is the point of doing anything else in a portable fashion.
> > This is good and reasonable answer. So I think we should stop discussion.
> > antonvm

Re: Read_Write buffers for dd WAS: little cp diff

[Otto Moerbeek]

On Mon, Feb 08, 2010 at 09:06:21AM -0500, Sean Kennedy wrote:

> Moving this to m...@...
> 
> Would part of this discussion usefully related to such issues like using 'dd'
> for diskwipes/copies/reformatting and slow data movement speeds?
> 
> There are times when I am wiping (for reuse) hard disks using 'dd' and I set
> the BlockSize to > 512 (like 1M or so sometimes)
> and the transfer speeds are quite a lot slower than for using 'dd' on some
> other Operating systems. (Linux or Windows)
> 
> Mind you, for a lot of this, I am using oBSD RamDISK, so I am not anticipating
> a full-fledged OS support for the ATA or SCSI or USB2 platforms. But for those
> systems where I am using -stable or -current,  the speeds are still comparably
> slow.
> 
> I concur with Theo's point on portability and making a sysctl for kernel is
> hazardous, but what am I seeing in the above for 'dd' that would be causing
> the poor performance?
> (* BTW, I am using  if=/dev/zero for the baseline, other if=/...'es may have
> lower performance as an input for compare*)
> 
> 
> Just my 2 cents.
> 
> -sean


Well, for starters, different os, different caching behaviour.  You
should read from and write to the raw device, sync and use the actual
elapsed time. Even then your measurement might be influenced by
caching.

# sync
# time (dd if=/dev/rsd0a of=/dev/null bs=1m && sync)  
133+1 records in
133+1 records out
139797504 bytes transferred in 1.558 secs (89709129 bytes/sec)
0m1.56s real 0m0.00s user 0m0.07s system
# 

OTOH, we do use a smaller size of the physical writes than other OSes.
So a lower performance for modern hardware is not really a big
surprise.

-Otto

Read_Write buffers for dd WAS: little cp diff

[Sean Kennedy]

Moving this to m...@...

Would part of this discussion usefully related to such issues like using 'dd'
for diskwipes/copies/reformatting and slow data movement speeds?

There are times when I am wiping (for reuse) hard disks using 'dd' and I set
the BlockSize to > 512 (like 1M or so sometimes)
and the transfer speeds are quite a lot slower than for using 'dd' on some
other Operating systems. (Linux or Windows)

Mind you, for a lot of this, I am using oBSD RamDISK, so I am not anticipating
a full-fledged OS support for the ATA or SCSI or USB2 platforms. But for those
systems where I am using -stable or -current,  the speeds are still comparably
slow.

I concur with Theo's point on portability and making a sysctl for kernel is
hazardous, but what am I seeing in the above for 'dd' that would be causing
the poor performance?
(* BTW, I am using  if=/dev/zero for the baseline, other if=/...'es may have
lower performance as an input for compare*)


Just my 2 cents.

-sean

> Subject: Re: little cp diff
> 2010/2/8 Theo de Raadt :
> > For those of you who asked why cp needs to be portable, come on.
> > You've got it all wrong.  If cp isn't written in a portable fashion,
> > then what is the point of doing anything else in a portable fashion.
> This is good and reasonable answer. So I think we should stop discussion.
> antonvm


_

Re: anyone need old PC crap?

[Jacob Yocom-Piatt]

Nick Holland wrote:

ropers wrote:
  

You (or anyone else, really) wouldn't happen to have any 1st or 2nd
generation PC stuff (as in, IBM 5150 PC / IBM 5155 Portable, or IBM
5160 PC XT)?

http://en.wikipedia.org/wiki/IBM_5150
http://en.wikipedia.org/wiki/IBM_5155
http://en.wikipedia.org/wiki/IBM_5160



please answer off-list.
Do not feed the old computer crap addition I have... :-/

  



i smell an episode of hoarders :)



Nick.

  

On 5 February 2010 14:03, Daniel Malament  wrote:


Are there any developers (or anyone else) in the NY area who have a use for
old PC crap?  A 286, a 386, at least one 486 motherboard, some Pentiums,
some P2s, etc?  Before I cart it to the recycling center...

snort on openbsd with PF

[Paolo Supino]

Hi

  When snort on the external interface of an OpenBSD firewall, which 
scenario will be the one happening:
1. Snort captures all incoming traffic before it reaches PF (there's 
also NAT on the external interface).
2. Snort captures and analyzes only traffic that the firewall let 
through on the interface.











--
TIA
Paolo

firewall / ftp-proxy problem

[suomi]

Dear Listers

The installation here is

OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008

On this OpenBSD we essentially have a pf firewall and an ftp Proxy
running. The ftp Proxy transfers to an internal ftp server.

So far, everything worked OK. Then, a fortnight ago, we started to change
the backbone ISP, so we had to change IP addresses. That's were trouble
started:

ftp access from the Internet is limited to approx two  days after a system
reboot, e.g. I rebooted the system the day before yesterday, then
everything was fine, from the Internet we could open connections to the
ftp server at our wish. But from this morning, from the Internet, no ftp
connection to the ftp server is possible any more.

I usually do a traceroute on the pflog of the firewall to check to see,
whether the packet, which initiates the call to the ftp proxy, passes OK.
Yes, it does pass the firewall.
Behind that, I do a ktrace/kdump of the corresponding ftp proxy process,
and yes, the ftp proxy does NOT react on any incoming call.
I then connect to an outside host (which is in the same subnet like the
external interface of the firewall) via ssh, and, no problem, from there,
ftp connections to the ftp server via the firewall are possible.

The firewall configuration is as follows:

[r...@firewall ~]$ firewall.sh nat
no nat on rl0 inet from any to 192.168.97.0/24
nat on rl0 from ! (rl0) to any -> (rl0:0)
nat-anchor "ftp-proxy/*" all
rdr-anchor "ftp-proxy/*" all
rdr pass on vr0 inet proto tcp from any to any port = ftp -> 127.0.0.1
port 8022
rdr on rl0 inet proto tcp from !  to any port = ftp ->
127.0.0.1 port 8021
[r...@firewall ~]$

The last rdr rule does the  forwarding from the hosts we allow access from
the ftp port to port 8021 on the localhost, where the ftp proxy listens.

r...@firewall ~]$ firewall.sh rules
scrub in all fragment reassemble
block drop in log all
block drop in log quick on rl0 proto tcp from  to any
pass quick on vr0 all flags S/SA keep state
pass log quick on rl0 inet proto tcp from any to 127.0.0.1 port = 8021
flags S/SA keep state
pass log quick on rl0 inet proto udp from 192.168.97.0/24 to any port =
snmp keep state
pass quick on rl0 inet proto icmp all icmp-type echoreq keep state
pass in quick on rl0 inet proto tcp from 192.168.97.0/24 to any port =
8080 flags S/SA synproxy state
pass in quick on rl0 inet proto tcp from 192.168.97.0/24 to any port =
https flags S/SA synproxy state
pass in quick on rl0 inet proto tcp from 192.168.97.0/24 to any port = www
flags S/SA synproxy state
pass in quick on rl0 inet proto tcp from 192.168.97.0/24 to any port =
smtp flags S/SA synproxy state
pass out all flags S/SA keep state
anchor "ftp-proxy/*" all
block drop in quick on ! lo inet from 127.0.0.0/8 to any
block drop in quick on ! lo inet6 from ::1 to any
block drop in quick inet from 127.0.0.1 to any
block drop in quick on ! vr0 inet from 192.168.97.0/24 to any
block drop in quick inet from 192.168.97.2 to any
block drop in quick inet6 from ::1 to any
block drop in quick on lo0 inet6 from fe80::1 to any
block drop in quick on vr0 inet6 from fe80::216:17ff:fe6e:dc0e to any
[r...@firewall ~]$

the fifth line allows packages on port 8021 to pass through.


The first dump shows, that the connection from the host in the same subnet
as the external interface of the firewall, is possible:

[myu...@otherhost ~]$ ftp ftx.mydomain.com
Connected to ftx.mydomain.com (aaa.bbb.206.130).
220-- Welcome to Pure-FTPd [privsep] [TLS] --
220-You are user number 1 of 50 allowed.
220-Local time is now 12:08. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
Name (ftx.mydomain.com:myuser): joe
331 User joe OK. Password required
Password:
230-User joe has group access to:  webdesign
230 OK. Current directory is /
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quit
221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
221 Logout.
[myu...@otherhost ~]$


Now, I move a workstation down in the Internet doing a dial-up.

I get the IP Address ccc.ddd.217.153, which is not in :
[r...@firewall ~]$ grep "ccc.ddd.217.153" /etc/unwanted_ftp
[r...@firewall ~]$

then I invoke ftp from the above address:

r...@rosetta ~]# ftp ftx.mydomain.com
ftp: connect: Connection timed out
ftp> quit
[r...@rosetta

Meanwhile, on the firewall I peep into the pflog:

tcpdump: listening on pflog0, link-type PFLOG
Feb 08 12:18:53.483352 rule 4/(match) [uid 0, pid 15736] pass in on rl0:
ccc.ddd.217.153.52580 > 127.0.0.1.8021: S [tcp sum ok] (src OS: Linux 2.6
.1-7, Linux 2.4) 710621706:710621706(0) win 5840  (DF) (ttl 55, id 20538, len
60, bad cksum 23dc! differs by b424)

NOTE that tcpdump records a bad checksum in the respective packet. But
this bad checksum is in the pflog and not on the interface as far as I
have been instructed when googling around.


and the ktrace/kdump combination shows

Re: AMD power reduction

[Schöberle Dániel]

> > From: Jean-Francois [mailto:jfsimon1...@gmail.com]
> > Le lundi 08 fivrier 2010 04:10:22, Nick Holland a icrit :
> > With all this talk about power reduction...I'm going to toss out one
> > small suggestion:
> >
> > Get a Wattmeter, and measure...  Don't waste your time speculating.
>
> Hello,
>
> I did. It's consuming some 90 Watts at idle.
> Actually, it's an Athlon but the latest Sempron has an even reduced TDP.
> My next server will be based on it.
> Actually even 70 Watts is a little bit high for my next server given the
> fact
> it will be in an autonomous environment (small wind/solar generators).
>
> Regards

Nick is right, numbers should speak.

Parameters at the time of measuring:
MB: GA-MA74GM-S2H rev1.x (no idea about TDP but according to [1] should be
low)
- unneeded MB components turned off, check my previous dmesg
- integrated GPU core slowed down from 400MHz to 200MHz
- Cool'n'quiet enabled in BIOS
CPU: AMD Sempron LE-1150 (TDP 45W)
- undervolted from 1.2V to 1.00V
- passive cooling
PSU: Enermax 400W Liberty (no data for this model but it's bigger brothers had
efficiency around 78% for 114W AC [2])
RAM: 1 stick of 1GB DDR2 800MHz
HDD: 3x 1TB, 2x 500G (4 Hitachi and 1 WD Green)
other: 1 low rpm 12cm system fan, no keyboard, no display

I measured my setup couple of times while setting it up. Numbers are from
memory, may not be accurate. Besides, I used a cheap powermeter, meaning the
absolute values are probably off but the deltas could be somewhat trusted:
1. On boot with everything on and no udervolting of CPU the AC wattage was
somewhere around 150W.
2. Undervolting the CPU to 1.00V and playing with the BIOS shaved off some
20-30W.
3. Setting the Hitachi drives to low power idle reduced the power draw for
another 20-30W, at the time the system was idling at 70-90W.
4. Putting the drives into sleep mode got the system under 70W. I'm not using
this atm, had some problems with long delays while waking up the drives.

All of that was without apm -C, basically the CPU was running at full speed.
For testing apm -C I was lazy and relied on temperatures.
1. Temperatures at idle with apm -C
hw.sensors.it0.temp0=28.00 degC
hw.sensors.it0.temp1=33.00 degC

2. Temperatures at idle with apm -H (from memory and different season)
hw.sensors.it0.temp0=34.00 degC
hw.sensors.it0.temp1=38.00 degC
Couple of degrees difference should mean at least couple of W difference.

Regards, Daniel.

Useful links:
47 watt 7 TB server (disks spun down) -
http://www.silentpcreview.com/forums/viewtopic.php?t=57476
TDP list for Intel chipsets -
http://www.silentpcreview.com/forums/viewtopic.php?t=35078


[1] http://www.silentpcreview.com/article859-page5.html
[2] http://www.silentpcreview.com/article279-page4.html

Re: Download rate and sysctl settings

[Sebastiano Pomata]

On Mon, 8 Feb 2010 11:37:11 +0100 (GMT+01:00)
Vincent Tamet  wrote:

> Hi, by the way strange mac-adresse, oui search show a cisco systems
> mac one...


> > > Just logged through ssh on the server, ifconfig reports:
> > > 
> > > re0: flags=8843 mtu 1500
> > > lladdr 00:b0:c2:02:5e:a0
> > > priority: 0
> > > groups: egress
> > > media: Ethernet autoselect (100baseTX
> > > full-duplex,rxpause,txpause) status: active
> > > inet 192.167.132.99 netmask 0xff00 broadcast
> > > 192.167.132.255 inet6 fe80::2b0:c2ff:fe02:5ea0%re0 prefixlen 64
> > > scopeid 0x2

I think it's a chinese-made network card. You're right, vendor mac
address should be of Cisco, and obviously that buggy card is not
Cisco-branded. Don't worry, I already dumped it from the window.

Re: Download rate and sysctl settings

[Vincent Tamet]

Hi, by the way strange mac-adresse, oui search show a cisco systems mac
one...

- Mail Original -
De: "Sebastiano Pomata" 
C: misc@openbsd.org
EnvoyC): Lundi 8 FC)vrier 2010 11h17:31 GMT +01:00 Amsterdam / Berlin / Berne
/ Rome / Stockholm / Vienne
Objet: Re: Download rate and sysctl settings

On Sat, 6 Feb 2010 19:43:54 +0100
Claudio Jeker  wrote:

> > >> Thank you for the clear answer. Anyway, trying to act on
> > >> tcp.sendspace isn't affecting the upload capabilities of my
> > >> OpenBSD server. I tried downloading a file through httpd, via
> > >> ftp but results are still disappointing: 60-70 kbps between two
> > >> boxes on the same switch.
> > >>
> > >> The box is going to become a webserver, could you please give me
> > >> more hints about tuning network performance?
> > >>
> > >
> > > Check your links. This sounds like a full-duplex issue between
> > > switch and machines. On a LAN even with default tcp
> > > send/recvspace you should get easily get up to 200Mbps.
> > >
> >
> > Just logged through ssh on the server, ifconfig reports:
> >
> > re0: flags=8843 mtu 1500
> > lladdr 00:b0:c2:02:5e:a0
> > priority: 0
> > groups: egress
> > media: Ethernet autoselect (100baseTX
> > full-duplex,rxpause,txpause) status: active
> > inet 192.167.132.99 netmask 0xff00 broadcast
> > 192.167.132.255 inet6 fe80::2b0:c2ff:fe02:5ea0%re0 prefixlen 64
> > scopeid 0x2
> >
> > As from the name, nic is a common Realtek card (OpenBSD just got it
> > without need of doing anything). So I suppose nic is running in full
> > duplex.
> > Hints?
> >
>
> Check interface statistics on interface and switch, look for excessive
> errors or collisions. Both should not happen on a full-duplex link.
>
>

Back in the office, I made a simple test: using the integrated card
(bge) and not the realtek one (re), I now get almost full speed from
the server (8-9 MBps).
Are there some issues with that driver?
ifconfig even reported it was going 100Base TX.

Extract from dmesg:
re0 at pci5 dev 0 function 0 "Realtek 8169" rev 0x10: RTL8169/8110SB
(0x1000), a pic 4 int 21 (irq 11), address 00:b0:c2:02:5e:a0
rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 3


--
i l i m i t . . .
Vincent Tamet
vincent.ta...@ilimit.net

CREA XARXES i SISTEMES
0034 937 333 375
VOLTA 1, 5C(
08224 TERRASSA.BCN
La informaciC3 inclosa en aquest email C)s CONFIDENCIAL.En virtut d'allC2
establert a la Llei 15/1999 i la LSSICE 34/2002, l'informem que les seves
dades formen part d'un fitxer automatitzat titularitat dB4ILIMIT
COMUNICACIONS,S.L. La informaciC3 registrada s'utilitzarC  per informar-li,
per qualsevol mitjC  electrC2nic, de les nostres novetats comercials. VostC(
pot exercir els seus drets d'accC)s, rectificaciC3, cancelB7laciC3 i oposiciC3
a la segC

Re: loops on rstp and firewall bridging

[Miguel Araujo Pérez]

Hello again,

I am still having the same issues trying to figure out how to set this scenario
up. Could you please help me with RSTP bridging? what am I missing?

Thanks, sincerely
Miguel Araujo

>Hello everyone,
>
>I have two machines with OBSD intalled on them. Both will be firewalls
>filtrating traffic from a DMZ. I need to avoid single points of failure, so
>the whole architecture is redundant. This is a simple diagram of
>my architecture:
>
>DMZ   DMZ
>|  |
>FW1    FW2 
>|  \  /|
>|   \/ |
>switch1--  ---switch2
>|  |   
>internal network
>
>Both OBSD machines will be used as firewalls running PF. I am creating a
>bridge in each firewall. Creating a /etc/bridgename.bridge0 that contains:
>
>add vr0
>add vr1
>add msk0
>stp vr0#I'm pretty sure this is done by default
>stp vr1
>stp msk0
>up
>
>Both firewalls are connected to both switches. These are Dell 2816 with
>RSTP activated on all ports. From time to time I get loops and traffic
>raises and collapses my testing network bandwith. This points that Spanning
>Tree is bad configured, but I don't know what I'm missing.
>
>I don't know what to look for. brconfig shows bridges are running on rstp
>and the interfaces are in learning mode. The rstp roles are automatically
>set and look correct. On the other side, my Dell switches have rstp
>activated.
>
>Packet Filter is not activated yet. Any way to find out what is going 
>wrong here? pointer to good up to date how-tos on bridge firewalling?
>
>Thanks, regards
>Miguel Araujo

Re: Download rate and sysctl settings

[Sebastiano Pomata]

On Sat, 6 Feb 2010 19:43:54 +0100
Claudio Jeker  wrote:

> > >> Thank you for the clear answer. Anyway, trying to act on
> > >> tcp.sendspace isn't affecting the upload capabilities of my
> > >> OpenBSD server. I tried downloading a file through httpd, via
> > >> ftp but results are still disappointing: 60-70 kbps between two
> > >> boxes on the same switch.
> > >>
> > >> The box is going to become a webserver, could you please give me
> > >> more hints about tuning network performance?
> > >>
> > > 
> > > Check your links. This sounds like a full-duplex issue between
> > > switch and machines. On a LAN even with default tcp
> > > send/recvspace you should get easily get up to 200Mbps.
> > > 
> > 
> > Just logged through ssh on the server, ifconfig reports:
> > 
> > re0: flags=8843 mtu 1500
> > lladdr 00:b0:c2:02:5e:a0
> > priority: 0
> > groups: egress
> > media: Ethernet autoselect (100baseTX
> > full-duplex,rxpause,txpause) status: active
> > inet 192.167.132.99 netmask 0xff00 broadcast
> > 192.167.132.255 inet6 fe80::2b0:c2ff:fe02:5ea0%re0 prefixlen 64
> > scopeid 0x2
> > 
> > As from the name, nic is a common Realtek card (OpenBSD just got it
> > without need of doing anything). So I suppose nic is running in full
> > duplex.
> > Hints?
> > 
> 
> Check interface statistics on interface and switch, look for excessive
> errors or collisions. Both should not happen on a full-duplex link.
> 
> 

Back in the office, I made a simple test: using the integrated card
(bge) and not the realtek one (re), I now get almost full speed from
the server (8-9 MBps).
Are there some issues with that driver?
ifconfig even reported it was going 100Base TX.

Extract from dmesg:
re0 at pci5 dev 0 function 0 "Realtek 8169" rev 0x10: RTL8169/8110SB
(0x1000), a pic 4 int 21 (irq 11), address 00:b0:c2:02:5e:a0
rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 3

prestamo con cheques

[prestamo . cheque . hoy]

A 
PRESTAMOS EN EL DIA  A EMPRESAS, PYMES, MONOTRIBUTISTAS Y PARTICULARES 
CON   CHEQUES DE SU CUENTA CORRIENTE (NO TERCEROS) EN MENOS DE UNA HORA.
  Plazo  30-60-90-120 dias. CONSULTE OTROS PLAZOS. OBTENGA EFECTIVO 
INMEDIATO SOLO  CON SUS CHEQUES. OPERACIONES EN NUESTRAS OFICINAS EN 
CAPITAL FEDERAL, BUENOS AIRES O EN SU  DOMICILIO. Consultenos 
telefonicamente. 
Consultas Financentro (011) 43041971(011) 1539026020 Lunes a Viernes
  de  9 a 17 hs. 



NOTA: si Ud.no desea recibir informacion nuestra en el futuro envie 
envie  la palabra REMOVER a stopenvio...@yahoo.com.ar .   

Re: AMD power reduction

[Jean-Francois]

Le lundi 08 fivrier 2010 04:10:22, Nick Holland a icrit :
> With all this talk about power reduction...I'm going to toss out one
> small suggestion:
>
> Get a Wattmeter, and measure...  Don't waste your time speculating.

Hello,

I did. It's consuming some 90 Watts at idle.
Actually, it's an Athlon but the latest Sempron has an even reduced TDP.
My next server will be based on it.
Actually even 70 Watts is a little bit high for my next server given the fact
it will be in an autonomous environment (small wind/solar generators).

Regards