Re: IKEv2/IPsec VPN
On Fri, 22 Sep 2017, at 19:21, Chuck Zmudzinski wrote: > On 9/22/2017 3:49 AM, Christos Zoulas wrote: > > On Sep 21, 9:18pm, frchu...@gmail.com (Chuck Zmudzinski) wrote: > > -- Subject: Re: IKEv2/IPsec VPN This has been fascinating so far. Sorry I haven't replied -- been tied up with hospital visits the past week. Keep at it Fr Zmudzinski -- many a breakthrough in human knowledge has been made by clerics! ;-)
IKEv2/IPsec VPN
Some years ago I successfully set up netbsd-6 OpenVPN endpoints, with 20-30 remote Windows clients connecting. I'd now like to set up a netbsd-8 VPN, based on IKEv2/IPsec. The documentation doesn't make it clear -- to me -- if such a setup is possible. Ideally it would be nice if strongSwan was supported on NetBSD but it seems this is not the case. So where to begin? Does racoon support IKEv2? At one stage there was a racoon2 fork but development seems to have stalled on that. If you run such a setup some ideas to kickstart my reading would be welcome. Thank you.
IKEv2/IPsec VPN
Some years ago I successfully set up netbsd-6 OpenVPN endpoints, with 20-30 remote Windows clients connecting. I'd now like to set up a netbsd-8 VPN, based on IKEv2/IPsec. The documentation doesn't make it clear -- to me -- if such a setup is possible. Ideally it would be nice if strongSwan was supported on NetBSD but it seems this is not the case. So where to begin? Does racoon support IKEv2? At one stage there was a racoon2 fork but development seems to have stalled on that. If you run such a setup some ideas to kickstart my reading would be welcome. Thank you.
Re: blacklistd and bpfjit
On Tue, 28 Mar 2017, at 02:20, co...@sdf.org wrote: > npf attempts to auto load bpfjit, if it receives an error (such as > 'permission denied because securelevel=1'), it will report that bpfjit > is not loaded and this is a performance problem, even if bpfjit is > already loaded. > > in -8 it will no longer do this. Thanks for the explanation. Yes, I'm using 7.1.
Re: blacklistd and bpfjit
On Mon, 27 Mar 2017, at 17:22, atomicules wrote: > >npfctl: error loading the bpfjit module; performance will be degraded: > >Operation not permitted > >npfctl: To disable this warning `set bpf.jit off' in /etc/npf.conf > > I think that's a XEN issue. I've been playing about with npf and > building kernels and I cannot get bpfjit to work on XEN even though > I've supposedly enabled it during the kernel build. > > And not to derail you too much, but I can't really get npf to work > properly on XEN at all. Been meaning to email you about that. Sure it > "works", but it doesn't seem to respect the rules like my desktop npf > does (it basically blocks EVERYTHING). I'm 99% sure it's a XEN problem > and not me. (For some reason this reply was buried - already read - in Gmail's All Mail folder. Not sure now if I've received other replies to my post.) I don't have Xen installed on the new server yet, although that's my next step. I did have problems with npf and Xen some time ago; as far as I remember that had to do with the dom0 kernel not loading modules. You seem to have covered that by compiling a new kernel. Sorry; can't help you much more on that just now.
blacklistd and bpfjit
I have been testing blacklistd today. It works nicely, but one thing I don't understand is whether or not the bpfjit module is needed. I have securelevel=1 in rc.conf. To load the module early, before securelevel gets raised, I added bpfjit to /etc/modules.conf, and then "set bpf.jit on;" in npf.conf. However, when I reload npf rules I get the following complaint: npfctl: error loading the bpfjit module; performance will be degraded: Operation not permitted npfctl: To disable this warning `set bpf.jit off' in /etc/npf.conf So I set bpf.jit off instead, and blacklistd continues to work fine. I presume bpf.jit is not really necessary for blacklistd to work properly?
Boot selector with GPT + BIOS
Some time ago I was able to set up a NetBSD + Slackware dual boot, with fdisk MBR partitioning and the NetBSD boot selector (fdisk -B). With 3TB disks I now need to use a GPT partition scheme. I presume fdisk -B no longer works in this situation. Is there another way of installing the NetBSD boot selector?
Re: linking issue - what am I doing wrong?
On Fri, 25 Mar 2016 15:50:36 -0600 (MDT) Swift Griggs wrote: > > Some folks, who have had similar issues, asked what I ended up doing and if > I'd post it. Here's the skinny: > > I was doing this: > > gcc -g -Wall -I/usr/pkg/include -I/usr/X11R7/include -lXm \ >-L/usr/pkg/lib -o hello hello.c > > I switched it to this: > > gcc -Wl,-rpath,/usr/pkg/lib -Wl,-rpath,/usr/X11R7/lib -g -Wall \ >-I/usr/pkg/include -I/usr/X11R7/include -lXm \ >-L/usr/pkg/lib -o hello hello.c > > I guess that bakes in the library search path to your resulting binary. Very > helpful, actually. I just never really knew this was an alternative to > something like always having to set LD_LIBRARY_PATH, but since I saw other > programs that managed to pull it off, I thought I'd ask. I'm glad I did. > There are so many smart folks on this list. Thanks Swift. (I hit Reply instead of Reply-All, so the list never saw my request. Sorry about that.) -- Gerard Lally
Re: GPT, wedges and RAID-1 on new server with NetBSD 7
On Tue, 08 Mar 2016 15:06:32 -0500 Greg Troxel wrote: > > Gerard Lally writes: > > > If I want separate / swap and /home, I presume I should delete raid1a > > and create raid1a, raid1b and raid1e instead (by clicking on its > > parent raid1 and selecting "Edit BSD partitions")? > > Separately from how to use sysinst for this (which I've never done), I > think it is sensible to have partitions within a raid. I typically > have wd0a/wd1a as type raid, being mostly the whole disk, and then > within raid0 have a/b/e/f. > > > I create these and proceed with installation as normal, selecting > > raid1 as the available disk on which I want to install NetBSD. But > > each time I do this I get the dreaded error "FATAL: No bootable medium > > found! System halted." > > > > Where am I going wrong? One thing I note is that I am not asked at any > > point to install bootcode to the disks as I would be with non-RAID > > setups. > > Probably you can boot to utility and run installboot manually on wd0a/wd1a. > > > If it's not possible to do this with sysinst is it at least possible > > to do it by dropping to a shell? > > When I want to set up a new raid system, I tend to get a bootable disk > with a minimal system and boot that and do the whole disk setup > including bootblocks by hand. But I suspect you are just missing > bootblocks. > > > Ideally I would like to use GPT with the RAID-1 setup as well, since I > > will be on 2 x 2TB disks and I anticipate this getting bigger, not > > smaller in years to come. I have successfully set up NetBSD with GPT > > by dropping to a shell but I don't know where to add RAID into that > > mix. > > As others commented it seems disklabel-in-raid-in-gpt works. So that > leads to having two raid sets. One is small enoguh to fit in 2T, and > would have root, swap, /var, /usr sorts of things. The other would be > just bare raid in gpt, and have a filesystem in raid0d. or maybe gpt > inside raid. The point is that the >2T raid doesn't have a disklabel > (because it's too big) and doesn't have root (because the bootblocks > can't yet find it). Well I successfully booted a RAID system in Virtualbox yesterday evening! I followed Tobias's instructions, and also found David Brownlee's wedgeraidbootsetup.sh script** very useful. It's a lot clearer to me now what has to be done. Here is an overview for anyone else having trouble understanding the steps: 1) create a small gpt partition on disk0 and disk1 for boot; 2) create another gpt partition on disk0 and disk1 for raid; 3) assemble the raid using the components created in 2; 4) use gpt again to partition this raid array into / swap and home partitions; 5) build filesystems on these partitions; 6) mount the filesystems and extract sets; 7) install boot on the wedges created in step 1; 8) configure the system (fstab, rc.conf, etc) I'm happy again now! I was afraid I might end up having to install "An Inferior Operating System" on my 36 euro per month server! ;-) Thank you one and all for helping me understand this. ** Posted to netbsd-users June 2015: https://mail-index.netbsd.org/netbsd-users/2015/06/16/msg016252.html -- Gerard Lally
GPT, wedges and RAID-1 on new server with NetBSD 7
Later this month I will be replacing a dedicated single-disk 120GB SSD server with a 2 x 2TB SATA server. I would really like to put NetBSD 7 on RAID-1 here; I've had it running very nicely on the single disk server for months (with thanks to Manuel Bouyer for the Dedibox instructions). The trouble is, I've been installing and re-installing NetBSD 7 on Virtualbox with two virtual disks of 8GB each to get at least the RAID part right before I make the move on real hardware but I've had no luck booting the system whatever. This is how I have been doing it so far: 1) Boot from amd64 CD 2) Select "Utility menu" 3) Select "Partition disk" 4) Format the already-existing wd0a as RAID; do the same for wd1a 5) Now select "Create software RAID", with wd0a and wd1a as disks, RAID level set to 1 and sectPerSU set to 128 6) Save changes, as instructed 7) Wait for parity re-write to finish Next step is where I get confused. I now have to create partitions for RAID. The parity re-write created raid1a with type 4.2BSD which takes up the whole 8GB. If I want separate / swap and /home, I presume I should delete raid1a and create raid1a, raid1b and raid1e instead (by clicking on its parent raid1 and selecting "Edit BSD partitions")? I create these and proceed with installation as normal, selecting raid1 as the available disk on which I want to install NetBSD. But each time I do this I get the dreaded error "FATAL: No bootable medium found! System halted." Where am I going wrong? One thing I note is that I am not asked at any point to install bootcode to the disks as I would be with non-RAID setups. If it's not possible to do this with sysinst is it at least possible to do it by dropping to a shell? Ideally I would like to use GPT with the RAID-1 setup as well, since I will be on 2 x 2TB disks and I anticipate this getting bigger, not smaller in years to come. I have successfully set up NetBSD with GPT by dropping to a shell but I don't know where to add RAID into that mix.
Re: Wheel behavior
On Mon, 24 Aug 2015 08:04:40 + "Thomas Mueller" wrote: > > On 23 August 2015 at 03:39, Pongthep Kulkrisada wrote: > > > * Ottavio Caruso (ottavio2006-net...@yahoo.com) wrote: > > >> But Slackware doesn't have the concept of the wheel group (as long as > > >> I remember) and I myself don't like it very much. > > > Slackware has this concept. > > > http://alien.slackbook.org/dokuwiki/doku.php?id=linux:admin > > > Yes, it might be in the wiki, but I remember correctly it's not implemented. > > I am a former user of Slackware, through 13.0, and can say there was no wheel > group. # cat /etc/slackware-version Slackware 14.1 # grep wheel /etc/group wheel:x:10:root -- Gerard Lally
Re: Where to install user stuff
At date and time Thu, 16 Jul 2015 11:35:37 +, William A. Mahaffey III wrote: > > On various SGI, Linux & FreeBSD boxen, I have always installed > in-house software under /usr/local. I notice no such directory on my > NetBSD 6.1.5 box. I did notice that pkg_add installed sudo under > /usr/pkg. Is that the recommended/standard/canonical place to install > user software under NetBSD ? If you are doing ./configure, make and make install then /usr/local will be created automatically. If you are using pkgsrc then /usr/pkg will be the default location. You can also bootstrap pkgsrc so that it operates in unprivileged mode; this way pkgsrc installs to bin, sbin and so on in /home/william/pkg/ , no root user or sudo required. This is a very nice feature of pkgsrc which honours the principle of least privilege. Just extract the pkgsrc tarball to $HOME and cd to ~/pkgsrc/bootstrap. Then do ./bootstrap --unprivileged and the configuration file ~/pkg/etc/mk.conf will be adjusted accordingly so that software is installed to ~/pkg/bin and ~/pkg/sbin. -- Gerard Lally
Re: Minor setup issues
On Wed, 15 Jul 2015 11:18:48 + "William A. Mahaffey III" wrote: > > I have my shiny new NetBSD 6.1.5 server up & running, all RAID > devices working AOK, several reboots completed, swap configured, etc. > All is well except for a few pilot errors. Following recommendations > I now login to root by su, rather than directly at the console. When > I do, none of my aliases get set & filename completion using the tab > key doesn't work. This isn't huge, but is irritating. You're probably using sh. If so you will need the following options in .shrc: set -o emacs set -o tabcomplete NetBSD also has ksh which is, as far as I know, pdksh under the hood. A better korn shell clone is mksh, available in pkgsrc. > All is well logging in at the console, although the screen is limited > to 80 chars/line & 25 lines, which restricts what you can see in > crowded directories. I am ssh-ing in as my regular user, BTW, that > probably makes a difference. When fully operational, there will be no > kbd/mouse/monitor hooked up, so I do need to get this either fixed or > understood. I found the best way to deal with the console is to specify a vesa mode in /boot.cfg. When booting, choose 5 to drop to a prompt and type "vesa list". This will give you a list of vesa modes supported by your hardware. For example, 0x14b. You then type "vesa 0x14b" and then "boot". You can then add your chosen mode to /boot.cfg as follows: menu=Boot normally:rndseed /var/db/entropy-file;vesa 0x14b;boot netbsd -- Gerard Lally
Re: Printing to a network printer by IP address
At date and time Sun, 21 Jun 2015 09:18:39 -0700, jgw wrote: | Gerard Lally wrote: | | > (NetBSD 7 amd64) | > | > Is is possible to print to an ethernet-connected printer with just the | > standard NetBSD print commands, without going through CUPS? The printer | > is connected directly to the network switch and has a fixed IP address | > on the LAN; there is no print server. It is a business-class Ricoh | > Aficio MP C2800 Postscript and PCL printer. | > | > I have a hard time getting a conceptual overview of printing in BSD and | > Linux to be honest; it seems to be a bit of a minefield with postscript, | > CUPS, filters, ghostscript, foomatic, drivers, spooling, line printing | > and so on. | > | > At the moment I would like to print a copy of some of the text | > configuration files in /etc but it would be useful eventually to be | > able to print documents formatted with graphics as well. | | As others mentioned, you can just setup BSD lpd. You will likely need to | create a filter for it as well as a spool file. And probably install | ghostscript. I believe the FreeBSD Guide has some info on it. I've been | using it for years with an HPLJ and it works fine for occasional print | jobs. If you want my notes let me know off-list. That printing section in the FreeBSD Guide is very good! It gives a great overview of the various parts and how they fit together. The overview was what I was missing. Thanks for the reference. I'll study the method below as well when I get back to that network tomorrow. | A few years ago I came across an alternate technique using just netcat/ncat | which is actually very fast if you can avoid dealing with postscript; my | notes are below: | | -- | Printing w/o lpd(8) to a Network Printer: | | Using ncat(1) and an appropriate print filter you can print directly to | a network printer that understands "raw" input. | | For example, the HPLJ-2100 is a PCL-only printer (doesn't understand | Postscript) and listens on port 9100. The following makes use of the | current lpd(8) print filter to process plain text, Postscript and PCL | files: | | % cat cat_sitter.ps | /usr/local/lib/if\-hplj_2100 | ncat 192.168.1.12 9100 | | The filter uses gs(1) (Ghostscript), something like so: | | % gs -q -dSAFER -sDEVICE=lj5gray -sOutputFile=- - | | This requires a lot of CPU cycles and produces rather large PCL outputs. | It's better to produce PCL source files directly if possible: | | ex) | # create a PCL file created two ways: | % groff -ms -Tlj4 my_file.ms > cat_sitter.pcl | % groff -ms my_file.ms | gs -sDEVICE=lj4 -sOutputFile=cat_sitter.PCL - | | # compare the files | % ls -sh1 my_file.{pcl,PCL} | 1.2M my_file.PCL | 3.8K my_file.pcl => over 300x difference! -- Gerard Lally
Re: Printing to a network printer by IP address
At date and time Sun, 21 Jun 2015 15:49:47 +, Ron Swiernik wrote: | Allmost all my print queues are without filters. NetBSD makes is | s much easier with the lp=port@hostname. | | Sample printcap entry: | lp:\ | :sh:\ | :lp=9100@default:\ | :sd=/var/spool/output/default:\ | :lf=/var/log/lpd-errors:\ | :mx#0: | | For basic stuff the printer should be able to recongize the | input stream. I have done this to Ricoh station simular to that | class. It will only use the defaults that the printer is set to. | If you want to do anything else it is probably easier to use | some filtering thing like CUPS. This is very useful, and it clears up the concept of filters for me, to an extent. Thanks. -- Gerard Lally
Re: Printing to a network printer by IP address
At date and time Sun, 21 Jun 2015 16:11:56 +0100, Matthias Scheler wrote: | On Sun, Jun 21, 2015 at 02:46:19PM +0100, Gerard Lally wrote: | > Is is possible to print to an ethernet-connected printer with just the | > standard NetBSD print commands (LPD, LPR), without going through CUPS? | | Yes, at least if the printer supports HP Jetdirect which most printers | (even non-HP ones) do. Please check whether your printer accepts | TCP connections on port 9100. Thank you Matthias. I will be able to check that tomorrow. -- Gerard Lally
Printing to a network printer by IP address
(NetBSD 7 amd64) Is is possible to print to an ethernet-connected printer with just the standard NetBSD print commands, without going through CUPS? The printer is connected directly to the network switch and has a fixed IP address on the LAN; there is no print server. It is a business-class Ricoh Aficio MP C2800 Postscript and PCL printer. I have a hard time getting a conceptual overview of printing in BSD and Linux to be honest; it seems to be a bit of a minefield with postscript, CUPS, filters, ghostscript, foomatic, drivers, spooling, line printing and so on. At the moment I would like to print a copy of some of the text configuration files in /etc but it would be useful eventually to be able to print documents formatted with graphics as well. -- Gerard Lally
Printing to a network printer by IP address
(Apologies if this ends up double-posted.) (System: NetBSD 7 amd64) Is is possible to print to an ethernet-connected printer with just the standard NetBSD print commands (LPD, LPR), without going through CUPS? The printer is connected directly to the network switch and has a fixed IP address on the LAN; there is no print server. It is a business-class Ricoh Aficio MP C2800 Postscript and PCL printer. I have a hard time getting a conceptual overview of printing in BSD and Linux to be honest; it seems to be a bit of a minefield with postscript, ghostscript, CUPS, filters, foomatic, drivers, spooling, line printing and so on. At the moment I would like to print a copy of some of the text configuration files in /etc but it would be useful eventually to be able to print documents formatted with graphics as well. -- Gerard Lally
How to ensure pkgsrc groff is preferred over groff in base
Thanks to all who contributed to the recent groff thread. I now understand the pros and cons a bit better. I posted the following question here, to netbsd-users, instead of pkgsrc-users because it is connected to that thread. What is the correct way to ensure pkgsrc binaries and libraries are used instead of their equivalents in base? For example, after installing pkgsrc groff I now have groff, grn, grodvi, grog and more in both /usr/bin and /usr/pkg/bin. Do I create multiple aliases, or just change $PATH so that /usr/pkg/bin is before /usr/bin? For user, and/or root? Would changing $PATH create other problems elsewhere? I realise this is basic UNIX stuff I should understand better; it's just that I would like to know the standard or correct way of doing it. -- Gerard Lally
Re: How to enable quotas on /home
At date and time Mon, 4 May 2015 19:46:14 +0200, Manuel Bouyer wrote: > On Sun, Apr 26, 2015 at 02:20:36PM +0100, Gerard Lally wrote: > > I'm trying to get quotas working on 7 beta. As far as I can tell the old > > way of implementing quotas in fstab has been superseded, and fstab(5) > > recommends "turn[ing] on the new, in-file system quota with tunefs(8) or > > at newfs(8) time, and to not use the 'userquota' or 'groupquota' > > options." > > > > /home is a GPT partition - /dev/dk3. The file system was created as > > follows: > > > > newfs -O2 -b 16384 -f 2048 /dev/dk3 > > > > "tunefs -q user -q group /home" returns "enabling user quotas, enabling > > group quotas", which appears to confirm user and group quotas have been > > successfully enabled. I then run fsck_ffs on /home, following the > > recommendation in tunefs(8). I follow the prompts to create user quota > > inodes and group quota inodes; one thing I notice is it repeatedly > > informs me of user and group quota mismatches for ID 0 and 1000. At this > > stage quotas seem to be enabled but edquota tells me no mounted > > filesystems have quota support. > > > > Forcing fsck_ffs at reboot with the -f flag in rc.conf makes no > > difference; as soon as I reboot "tunefs -N /home" tells me quotas are > > disabled again. > > > > Where am I going wrong? I've looked at all the quota-related man pages > > but it's quite hard to separate those relevant to the new quota > > subsystem from those relating to the older method. quotaon(8) and > > quotaoff(8), for example, don't seem relevant to the new method. > > You did run tunefs with /home unmounted, did you ? Well it appears not. Thank you once again Manuel; I'm now able to get edquota up and running for /home. Little by little I am getting there! -- Gerard Lally
How to enable quotas on /home
I'm trying to get quotas working on 7 beta. As far as I can tell the old way of implementing quotas in fstab has been superseded, and fstab(5) recommends "turn[ing] on the new, in-file system quota with tunefs(8) or at newfs(8) time, and to not use the 'userquota' or 'groupquota' options." /home is a GPT partition - /dev/dk3. The file system was created as follows: newfs -O2 -b 16384 -f 2048 /dev/dk3 "tunefs -q user -q group /home" returns "enabling user quotas, enabling group quotas", which appears to confirm user and group quotas have been successfully enabled. I then run fsck_ffs on /home, following the recommendation in tunefs(8). I follow the prompts to create user quota inodes and group quota inodes; one thing I notice is it repeatedly informs me of user and group quota mismatches for ID 0 and 1000. At this stage quotas seem to be enabled but edquota tells me no mounted filesystems have quota support. Forcing fsck_ffs at reboot with the -f flag in rc.conf makes no difference; as soon as I reboot "tunefs -N /home" tells me quotas are disabled again. Where am I going wrong? I've looked at all the quota-related man pages but it's quite hard to separate those relevant to the new quota subsystem from those relating to the older method. quotaon(8) and quotaoff(8), for example, don't seem relevant to the new method. -- Gerard Lally
Re: Request to reconsider removal of groff from base system
At date and time Tue, 31 Mar 2015 15:18:36 +0200, tlaronde wrote: > On Tue, Mar 31, 2015 at 12:24:51PM +0100, Gerard Lally wrote: > > > > As someone who uses groff as a lightweight alternative to TeX and > > friends** > > FWIW, I have developed a minimal TeX system: kerTeX > (http://www.kergis.com/kertex.html) (french; english at > http://www.kergis.com/en/kertex.html). > > A minimal install can be as small as 8MB. The default (with the AMS > fonts, e-TeX, dvips, MetaPost, bibtex and the Adobe standard PostScript > fonts metrics) is less than 40MB. > > The advantage of the TeX system is that it is self-sufficient : it > includes fonts and the mean to design them. Thank you for this reminder Thierry. I took note of your work a long time ago and will certainly keep it in mind should I abandon groff, but for now I have invested some time in learning groff. To Greg and Eric: thank you for your replies. I suppose the long and the short of it is that a powerful typesetting system - groff - is already there, in base. It's not really about the space used, but rather that a minimal NetBSD setup comes pre-loaded with industrial-strength document layout and typesetting software. To my mind that is quite amazing, and it speaks volumes about both NetBSD and groff. NetBSD packs a lot of punch into the base system and I feel it would be sad to sacrifice that power for what seems to me little or no gain. -- Gerard Lally
Request to reconsider removal of groff from base system
While reading the INSTALL notes for amd64 today, I learned that groff(1) is to be phased out in a future release, since man pages are handled with mandoc(1), and groff(1) can still be found in pkgsrc as textproc/groff. As someone who uses groff as a lightweight alternative to TeX and friends**, I wonder if it could be kept in the base system. One of my NetBSD systems is a small VPS server, where I don't have any need, or indeed much space, to use pkgsrc. I maintain a couple of other NetBSD systems as backup servers, and pkgsrc is not installed on them either, but I do use groff to format automated {daily,weekly,monthly} reports. I would be disappointed to see groff removed from the base system. It is a nice fit for NetBSD's minimalist philosophy, and I ask that the decision to remove it be reconsidered. Thank you. ** http://www.schaffter.ca/mom/mom-03.html -- Gerard Lally
Re: NPF syntax
At date and time Mon, 16 Mar 2015 09:52:07 -0400, D'Arcy J.M. Cain wrote: > I have decided to give up on pf after banging my head against the wall > (and the OBSD mailing list) and try npf but I can't figure out the > syntax. I followed the example at http://www.netbsd.org/~rmind/npf/ > but I keep getting errors when I validate. I reduced npf.conf to the > following two lines: > > table type tree file "/VEX/general/pf/friends.list" > table type tree file "/VEX/general/pf/enemies.list" > > This gives me this error: > > # npfctl validate > npfctl: table '0' is already defined > > If I remove one line I get this: > > # npfctl validate > table <0> type tree > > If I put the full file and comment out the table lines I get this: > > # npfctl validate > /etc/npf.conf:11:3: syntax error near 'alg' > > I am using the example config almost verbatim except for the table > names and file paths. > > What am I missing here? I had to move the tables to /etc ; I think the reason was that the /usr filesystem was not mounted early enough at boot. Perhaps something like that is your problem as well? Is VEX a NFS mount? -- Gerard Lally
Re: Making pf block DomU <-> DomU traffic
At date and time Sat, 07 Mar 2015 18:14:50 +0100, Torbjörn Granlund wrote: > Greg Troxel writes: > > Don't bridge; put each domU on it's own interface and nat them > individually. > > Thanks. > > Would that amount to manually defining a tapN/bridgeN pair for each > DomU? That's what I do. -- Gerard Lally
Re: NPF on domU - more clarity required
At date and time Sat, 27 Dec 2014 14:49:03 +1300, Chris Bannister wrote: > On Fri, Dec 26, 2014 at 11:32:26PM +0000, Gerard Lally wrote: > > > > Thank you Michael, and thank you to all the other senior NetBSD devs who > > stooped to help out this perpetual newbie, here and in private! > > It would be nice if people posted to the thread so as to help other > users in the future. Point taken, but on this occasion it was just to let me know my question had been posted elsewhere for increased exposure. -- Gerard Lally
Re: NPF on domU - more clarity required
At date and time Fri, 26 Dec 2014 22:38:05 + (UTC), Michael van Elst wrote: > lists+netbsd.us...@netmail.ie (Gerard Lally) writes: > > >compiling the kernel as a normal user instead of root? I've just noticed > >the owner and group on /usr/src/sys/arch/amd64/compile/custom-20141226/ > >are gerard:wsrc. Should that be root:wsrc instead? > > It doesn't matter who is the owner of the build directory, but did > you actually boot this kernel? Oh dear. Problem solved. I've made a very silly mistake. With prgmr I should have placed the custom kernel in /ext2fs/boot/ instead of / The domU was not using my custom /netbsd kernel at all. It was still using the domU kernel installed by sysinst. The kernel specified in /boot.cfg, which I mistakenly assumed was the booting kernel, is irrelevant. NetBSD as a prgmr domU uses a grub setup with the domU kernel in a small ext2 partition /ext2fs/boot/ and the boot configuration file /ext2/boot/grub/menu.lst Well I am happy this problem is now solved, and I apologise for my cantankerous first post! Mea culpa. Thank you Michael, and thank you to all the other senior NetBSD devs who stooped to help out this perpetual newbie, here and in private! As a sidenote, if there's a way of eliminating the grub cruft and using NetBSD's boot manager instead I'd be glad to hear it. -- Gerard Lally
Re: NPF on domU - more clarity required
At date and time Fri, 26 Dec 2014 20:10:35 + (UTC), Christos Zoulas wrote: > In article <20141226020448.ee93.280fc...@netmail.ie>, > Gerard Lally wrote: > >I have been struggling to get NPF up and running on a NetBSD VPS, > >specifically a Xen domU. I really think for security reasons NPF should > >be nearly ready to go, so that we don't have to spend hours researching > >and pulling our hair out trying to fix what should be a straightforward > >issue, which leaves a machine vulnerable when it probably needs > >protection most. It appears this problem came up some years ago, but > >Googling provides me with no fix. > > > >I understand that NetBSD as a Xen domU does not support kernel modules. > >So the recommendation in the NPF documentation to "modload" npf_ext_log > >does not apply here. Fine, I took a wild guess and compiled a new Xen > >domU kernel with the following two lines added to make sure NPF logging > >and normalisation functionality was compiled into the kernel instead: > > > >options NPF_EXT_LOG > >options NPF_EXT_NORMALISE > > > >Needless to say I also made sure pseudo-device npf was enabled as well. > > > >I also made sure /dev/npf existed, and I created /etc/ifconfig.npflog0 > >with just the word "create". > > > >I kept the contents of npf.conf to a minimum for troubleshooting, but > >NPF just refuses to load. This is the error I get at boot: > > > >npfctl: cannot open '/dev/npf': Device not configured > >npfctl: cannot open '/dev/npf': Device not configured > >/etc/rc.d/npf exited with code 1 > > See if the device driver for npf is registered with the kernel correctly: > > $ sysctl kern.drivers | tr , '\n' | grep npf > [198 -1 npf] Thank you Christos. [root]# sysctl kern.drivers | tr , '\n' | grep npf [198 -1 npf] > Make sure that the device numbers are correct: > > $ ls -l /dev/npf > crw--- 1 root wheel 198, 0 Oct 13 2013 /dev/npf [root]# ls -la /dev/npf crw--- 1 root wheel 198, 0 Dec 26 00:38 /dev/npf > Look at the ktrace output and see what operation fails: > > $ ktrace /sbin/npfctl start > $ kdump | less [root]# ktrace /sbin/npfctl start npfctl: cannot open '/dev/npf': Device not configured [root]# kdump | less kdump.txt attached. I should have added extra information in my last post as well. Better late than never: NetBSD xx.xen.prgmr.com 7.0_BETA NetBSD 7.0_BETA (XEN3_DOMU.201412251110Z) amd64 System installed using ftp, from nyftp.netbsd.org, with all sets. I used the following config to compile the kernel with npf built-in, using syssrc.tgz from NetBSD 7.0_BETA 201412251110Z: /usr/src/sys/arch/amd64/conf/XEN3_DOMU Perhaps I caused myself a problem by extracting syssrc.tgz and compiling the kernel as a normal user instead of root? I've just noticed the owner and group on /usr/src/sys/arch/amd64/compile/custom-20141226/ are gerard:wsrc. Should that be root:wsrc instead? (I am in the wsrc group.) I seem to remember reading it's permissible to compile a kernel as a normal user once you're in the wsrc group. -- Gerard Lally kdump.txt Description: Binary data
NPF on domU - more clarity required
I have been struggling to get NPF up and running on a NetBSD VPS, specifically a Xen domU. I really think for security reasons NPF should be nearly ready to go, so that we don't have to spend hours researching and pulling our hair out trying to fix what should be a straightforward issue, which leaves a machine vulnerable when it probably needs protection most. It appears this problem came up some years ago, but Googling provides me with no fix. I understand that NetBSD as a Xen domU does not support kernel modules. So the recommendation in the NPF documentation to "modload" npf_ext_log does not apply here. Fine, I took a wild guess and compiled a new Xen domU kernel with the following two lines added to make sure NPF logging and normalisation functionality was compiled into the kernel instead: options NPF_EXT_LOG options NPF_EXT_NORMALISE Needless to say I also made sure pseudo-device npf was enabled as well. I also made sure /dev/npf existed, and I created /etc/ifconfig.npflog0 with just the word "create". I kept the contents of npf.conf to a minimum for troubleshooting, but NPF just refuses to load. This is the error I get at boot: npfctl: cannot open '/dev/npf': Device not configured npfctl: cannot open '/dev/npf': Device not configured /etc/rc.d/npf exited with code 1 I have /usr on a separate partition which might cause this error at boot but should not cause the error when I do /etc/rc.d/npf reload ; /etc/rc.d/npf start after the system is up and running. Here are the contents of npf.conf: === # /etc/npf.conf $wired_v4 = { inet4(xennet0) } procedure "log" { log: npflog0 } group "wired" on $wired_v4 { # disable 80 until we are sure this is running properly # pass in final family inet4 proto tcp to $wired_v4 port 80 pass in final family inet4 proto tcp to $wired_v4 port 22022 pass stateful out final family inet4 proto tcp flags S/SA \ from $wired_v4 pass out final family inet4 proto tcp from $wired_v4 pass stateful out final family inet4 from $wired_v4 } group default { pass final on lo0 all block all apply "log" } === I have faced this issue on several occasions now and it is most frustrating. I would like to be able to have a basic firewall up and running within five minutes of setting up a machine. I'd been looking forward to trying NPF but it feels as though I'm in the seven circles of Hell trying to get it to run. -- Gerard Lally
Re: Sun Fire X4140
At date and time Tue, 18 Nov 2014 21:30:18 +0300, Dima Veselov wrote: > Hello! > > > I was very, very impressed to see an oldish (mid-2013) NetBSD 6 install > > on this machine (I didn't have a more recent CD to hand), with hardware > > RAID, network adapters and video all working. > > I have bunch of this servers and yes, NetBSD support it almost fully. > You seem to be lucky getting X4140 with LSI SAS adapter, because some > of them has Adaptec, which is not supported. > > > I tried a recent Linux as > > well but it failed to set up the network adapters. > > X4140 has strange NVIDIA bridges and network enumerator devices, > which can cause problems. My configurations has many of them > including Debian 6/7 and NetBSD 6 working for years in production. > > > I plan to put NetBSD 7 on this over the next few days. > > Don't forget to update server firmware, because X4140 has nice but > weak service processor and it is most vulnerable part of this server. Thanks for the advice Dima. I did indeed go searching for firmware updates but it seems we would need a support contract with Oracle, which is out of the question for this business. I might be able to get the person who supplied the server to download the firmware. > Stock ILOM version can brick itself if it work for long time unattended. > Still don't know reasons, but I have 3 bricks for past 5 yrs. Maybe > they get offended without human attention? An expensive brick! > Also don't be surprised if serial port speed between server and ILOM > will change to default by itself - it's okay for any ILOM version :)) -- Gerard Lally
Sun Fire X4140
Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Build settings: Build date Mon May 13 02:23:15 UTC 2013 Built by bui...@b6.netbsd.org BSDOBJDIR = '/usr/obj' BSDSRCDIR = '/usr/src' BUILDID = '201305130021Z' DESTDIR = '/home/builds/ab/netbsd-6-1-RELEASE/amd64/201305130021Z-dest' EXTERNAL_TOOLCHAIN = (undefined) HAVE_GCC = '45' HAVE_GDB = '7' INSTALLWORLDDIR = (undefined) KERNARCHDIR = 'arch/amd64' KERNCONFDIR = '/home/builds/ab/netbsd-6-1-RELEASE/src/sys/arch/amd64/conf' KERNOBJDIR = '/home/builds/ab/netbsd-6-1-RELEASE/amd64/201305130021Z-obj/home/builds/ab/netbsd-6-1-RELEASE/src/sys/arch/amd64/compile' KERNSRCDIR = '/home/builds/ab/netbsd-6-1-RELEASE/src/sys' MACHINE = 'amd64' MACHINE_ARCH = 'x86_64' MAKE = '/home/builds/ab/netbsd-6-1-RELEASE/amd64/201305130021Z-tools/bin/nbmake' MAKECONF = '/home/builds/etc/make.conf' MAKEFLAGS = ' -d e -m /home/builds/ab/netbsd-6-1-RELEASE/src/share/mk -j 11 -J 15,16 -d e -m /home/builds/ab/netbsd-6-1-RELEASE/src/share/mk -j 11 -J 15,16 -j 1 HOST_OSTYPE=NetBSD-6.0.1-amd64 MKOBJDIRS=yes NOPOSTINSTALL=1 USETOOLS=yes _SRC_TOP_=/home/builds/ab/netbsd-6-1-RELEASE/src _SRC_TOP_OBJ_=/home/builds/ab/netbsd-6-1-RELEASE/amd64/201305130021Z-obj/home/builds/ab/netbsd-6-1-RELEASE/src _THISDIR_=etc/' MAKEOBJDIR = (undefined) MAKEOBJDIRPREFIX = '/home/builds/ab/netbsd-6-1-RELEASE/amd64/201305130021Z-obj' MAKEVERBOSE = '0' MKBFD = (undefined) MKBINUTILS = 'yes' MKCATPAGES = 'no' MKCRYPTO = 'yes' MKCRYPTO_RC5 = 'no' MKCVS = 'yes' MKDEBUG = 'no' MKDEBUGLIB = 'no' MKDOC = 'yes' MKDTRACE = 'no' MKDYNAMICROOT = 'yes' MKGCC = 'yes' MKGCCCMDS = 'yes' MKGDB = 'yes' MKHESIOD = 'yes' MKHTML = 'yes' MKIEEEFP = 'yes' MKINET6 = 'yes' MKINFO = 'yes' MKIPFILTER = 'yes' MKKERBEROS = 'yes' MKLDAP = 'yes' MKLINKLIB = 'yes' MKLINT = 'yes' MKMAN = 'yes' MKMANZ = 'no' MKMDNS = 'yes' MKNLS = 'yes' MKNPF = 'yes' MKOBJ = 'yes' MKOBJDIRS = 'yes' MKPAM = 'yes' MKPF = 'yes' MKPIC = 'yes' MKPICINSTALL = 'yes' MKPICLIB = 'yes' MKPOSTFIX = 'yes' MKPROFILE = 'yes' MKSHARE = 'yes' MKSKEY = 'yes' MKSOFTFLOAT = 'no' MKSTATICLIB = 'yes' MKUNPRIVED = 'yes' MKUPDATE = 'no' MKX11 = 'yes' MKYP = 'yes' NBUILDJOBS = (undefined) NETBSDSRCDIR = '/home/builds/ab/netbsd-6-1-RELEASE/src' NOCLEANDIR = (undefined) NODISTRIBDIRS = (undefined) NOINCLUDES = (undefined) OBJMACHINE = (undefined) RELEASEDIR = '/home/builds/ab/netbsd-6-1-RELEASE/amd64/201305130021Z-rlse' RELEASEMACHINEDIR = 'amd64' TOOLCHAIN_MISSING = 'no' TOOLDIR = '/home/builds/ab/netbsd-6-1-RELEASE/amd64/201305130021Z-tools' USE_HESIOD = 'yes' USE_INET6 = 'yes' USE_JEMALLOC = 'yes' USE_KERBEROS = 'yes' USE_LDAP = 'yes' USE_PAM = 'yes' USE_SKEY = 'no' USE_YP = 'yes' USETOOLS = 'yes' USR_OBJMACHINE = (undefined) X11SRCDIR = '/home/builds/ab/netbsd-6-1-RELEASE/xsrc' X11FLAVOUR = 'Xorg' -- Gerard Lally
Emacs without X - eww missing libxml2
Hi, I wanted to try out the new Emacs 24.4 so I compiled it from source yesterday on a NetBSD 7 system which does not have X installed. $ ./configure --prefix=/usr --without-gif --without-tiff $ make # make install Emacs works fine, with one exception: I cannot visit websites in the new integrated browser, eww. Visiting any website gives me the following error: "error in process filter: This function requires Emacs to be compiled with libxml2" I had earlier installed xmlcatmgr-2.2 and libxml2-2.9.2 libraries (to /usr/lib), but «ldd /usr/bin/emacs» shows no reference to libxml2. Should I expect eww to work in a NetBSD system without X? According to pkgsrc.se the only dependency libxml2 has is xmlcatmgr. -- Gerard Lally
Re: hp aio : netbsd won't boot ...
At date and time Thu, 25 Sep 2014 16:35:53 +0530, Mayuresh Kathe wrote: > On 2014-09-25 16:34, Gerard Lally wrote: > > At date and time Thu, 25 Sep 2014 01:42:47 +0530, Mayuresh Kathe wrote: > > >> okay, i finally got myself a low end machine at an affordable price. > >> http://hpshopping.in/HP_18-5019il_All-in-One_Desktop_PC > >> >> the problems started after unpacking the machine. > >> >> netbsd 6.1.4 (amd64) install cd just won't boot. > >> after fiddling around with the bios (which looks like uefi), it >> booted, > >> but refused to install, after some more coaxing moved till the >> "newfs" > >> execution phase and then barfed. > >> >> i tested with a bunch of other operating systems (ubuntu 14.04 and >> > >> >> omnios), which it install and boot up like a charm. > >> >> at the moment, have upgraded the memory to 4gb, and run netbsd 6.1.4 >> > >> >> via virtual box under ubuntu (desktop) 14.04, but the resource >> > >> >> consumption is crazy, i can't even fire up firefox while running >> > >> >> netbsd in that mode. > >> >> any ideas about how i could make netbsd work on bare metal? > >> or should i simply upgrade the memory to a total of 8gb (which is >> going > >> to be quite difficult a proposition at the moment)? > > > Have you disabled Secure Boot? > > no, should i? If it's an option in UEFI then yes, you should. It's at least worth a try. -- Gerard Lally
Re: hp aio : netbsd won't boot ...
At date and time Thu, 25 Sep 2014 01:42:47 +0530, Mayuresh Kathe wrote: > okay, i finally got myself a low end machine at an affordable price. > http://hpshopping.in/HP_18-5019il_All-in-One_Desktop_PC > > the problems started after unpacking the machine. > > netbsd 6.1.4 (amd64) install cd just won't boot. > after fiddling around with the bios (which looks like uefi), it booted, but > refused to install, after some more coaxing moved till the "newfs" execution > phase and then barfed. > > i tested with a bunch of other operating systems (ubuntu 14.04 and omnios), > which it install and boot up like a charm. > > at the moment, have upgraded the memory to 4gb, and run netbsd 6.1.4 via > virtual box under ubuntu (desktop) 14.04, but the resource consumption is > crazy, i can't even fire up firefox while running netbsd in that mode. > > any ideas about how i could make netbsd work on bare metal? > or should i simply upgrade the memory to a total of 8gb (which is going to be > quite difficult a proposition at the moment)? Have you disabled Secure Boot? -- Gerard Lally
Re: Can I use a native Linux installation as DomU?
At date and time Sun, 24 Aug 2014 18:39:05 +0530, Mayuresh wrote: > I am running NetBSD 6.1 i386, XEN3 DOM0, xentools 41. > > I have a Fedora 17 installation on a separate partition. Currently I can > dual boot into either of the OSes. > > I am trying to run Fedora 17 as DomU on NetBSD Dom0. > > Firstly, is it a terrible idea - particularly if I need to continue to use > the Fedora 17 installation natively as well? No, not a terrible idea at all. I did this some years ago with Slackware. Quite straightforward, even though I was new to Slackware and NetBSD at the time. When you are in bare-metal Fedora make sure disk mounts are specified with UUID rather than /dev, so that the mounts are correct for both bare-metal and domU. Just run blkid to get a mapping of UUID to /dev Then replace /dev/sdaXXX with the corresponding UUID in /etc/fstab. For example, replace this: /dev/sda1 / ext3 defaults 1 2 with this: UUID=41c22818-fbad-4da6-8196-c816df0b7aa8 / ext3 defaults 1 2 Perhaps Fedora already specifies mounts this way; Slackware doesn't. I also found it easier to set up if I used LVM. Another thing you should do while in bare-metal Fedora is set up SSH, VNC and/or XDMCP, so that you will be able to log into Fedora when it's running as a domU. -- Gerard Lally
Re: Recent video-related commits: summary wanted
At date and time Mon, 18 Aug 2014 08:39:22 -0600, Roy Bixler wrote: > On Sat, Aug 16, 2014 at 09:30:50PM +0100, Gerard Lally wrote: > > There have been many video-related commits to the source tree recently, > > which I am doing my best to understand. Radeon, nouveau, drm, kms, and > > the like. It would be nice if someone would summarise what is happening > > and what difference it makes, and whether NetBSD 7 will benefit. A > > question I have for starters: do these changes bring native X up to date > > in -7, and if so would there be any compelling reason to choose modular > > X instead? > > Whether NetBSD 7 benefits is on the eye of the beholder, but I believe > the basic purpose of these commits is to import code from the Linux > Direct Rendering Manager subsystem. This is the part of the kernel > that interfaces with the Graphics Processing Unit of the system. The > idea is to put the system into graphics mode at bootup, eliminating > the classic "text mode". In a sense, text mode still exists from what > I've seen of Linux systems, which generally use the DRM subsystem to > change fonts to different sizes. The X Server's operation becomes > more seamless. > > I don't think I've seen the full benefit of this code yet, since the > system I've installed NetBSD 7 on has an NVidia card and it doesn't > seem that Nouveau is active by default. I will be interested to see > how it works. If it's like my expreience in Linux, then it will work > fairly well and actually be more stable than the proprietary NVidia > driver. The disadvantage is that it doesn't support as many NVidia > cards or, for the cards it does support, it may not support all of the > features of those cards. I also found that suspend/resume worked > better with the NVidia driver than with the Nouveau driver. Thanks for the information Roy. I'm probably slow to understand this but is this DRM a supplement to the {nvidia,nouveau,radeon} driver or a replacement for it? It seems to me from what you say in the first paragraph its scope is quite narrow, affecting only bootup, but then in your second paragraph it seems to be a replacement for the driver - you hope it is "more stable than the proprietary NVidia driver". -- Gerard Lally
Recent video-related commits: summary wanted
There have been many video-related commits to the source tree recently, which I am doing my best to understand. Radeon, nouveau, drm, kms, and the like. It would be nice if someone would summarise what is happening and what difference it makes, and whether NetBSD 7 will benefit. A question I have for starters: do these changes bring native X up to date in -7, and if so would there be any compelling reason to choose modular X instead? -- Gerard Lally
Re: Reliable way to run emulated Linux under NetBSD
At date and time Thu, 14 Aug 2014 19:16:15 +0200, Kamil Rytarowski wrote: > Hello, > > So nobody actually uses qemu? > I will give a try to XEN. > > Thanks, I think Xen is a better choice myself. I tested it a couple of years ago and found it stable and fast. I had the following domUs running under a NetBSD dom0: NetBSD (x3) -- paravirtualised Slackware (x1) -- paravirtualised Windows 2008 (x1) -- HVM Windows XP (x1) -- HVM The Slackware domU was very interesting. I'll try to explain from memory, but it's been a while so I don't have all the details. I do have notes but they're not accessible to me right now. If you get stuck i'll dig them out and see if they help. What I did was to install NetBSD first, using just 5 or 10 GB of the disk, and then set up Xen. I then installed Slackware on the remainder of the disk, making sure to install Lilo to /boot, not MBR. I installed Slackware on Logical Volumes (LVM) - lvm-root, lvm-home, etc. I compiled a new kernel and initrd in Slackware with Xen support (leaving out all hardware and other options not relevant to a Xen domU), and I copied this kernel and the initrd to NetBSD's / . I did not delete the old kernel, but left it as the first option for Lilo. I aslo configured the NetBSD bootloader to boot into Slackware, using the fdisk -b option. I then made sure to configure /etc/fstab in Slackware with blkid references, to ensure Slackware would be able to boot as a domU and as a physical machine. Another thing I did was to set up Slackware with a VNC server and also XDMCP. I also set up NFS to share files between the dom0 and domU. After all this I was able to return to NetBSD and configure a domU for Slackware, running in paravirtualised mode (PV is lightning fast). To access the Slackware domU from the dom0 I used either VNC or XDMCP. Both of these were fast; the only thing I couldn't configure at the time was audio. But the icing on the cake for me was also being able to boot into the same Slackware as a physical machine, by using the first kernel. So I had a physical Linux setup dual-booting with NetBSD which also served as a domU inside NetBSD's Xen! To my mind this was incredible. I fully intend to replicate this setup as my day-to-day working setup when NetBSD 7 is released. I've learnt a lot about NetBSD since that I didn't know then. I recommend NetBSD Xen highly: you have all the benefits of NetBSD and with a paravirtualised Linux domU you also have the benefit of a very fast Linux setup. And if you do what I did, you can also dual-boot into this Linux setup whenver you want, if there is something you find you can't do while it is running under Xen as a domU. Hope this helps. -- Gerard Lally
Re: NPF not loading and starting at boot
At date and time Tue, 12 Aug 2014 15:14:05 -0500, J. Lewis Muir wrote: > On 8/10/14, 4:11 PM, J. Lewis Muir wrote: > > Hello. > > > > I'm running amd64 NetBSD 6.1.4 (GENERIC) in a Red Hat KVM (RHEL 6.4.0 > > PC) virtual machine. I have configured NPF to load and start at boot > > by adding "npf=YES" to /etc/rc.conf. However, after booting, NPF is > > not running: > > > > === > > # npfctl show > > Filtering: inactive > > Configuration: empty > > === > > > > Starting it by hand using the rc.d system works fine: > > > > === > > # /etc/rc.d/npf start > > Enabling NPF. > > === > > I investigated some more. I looked at /etc/rc and discovered that > /var/run/rc.log contains a log of the rc.d system start-up. I checked > it, and it contains: > > === > [running /etc/rc.d/npf] > Enabling NPF. > === > > So, it looks like it's starting NPF OK. To further check this, I added > the following to the end of /etc/rc.local: > > === > /sbin/npfctl show > /tmp/rc.local-npfctl-show.txt 2>&1 > === > > And after booting, that file in /tmp contains what I would expect as > if everything was OK at that point in the boot (which I understand is > fairly late in the start-up): > > === > # head -n 2 /tmp/rc.local-npfctl-show.txt > Filtering: active > Configuration: loaded > === > > But again, when I log into the machine via SSH after it boots and run > "npfctl show", somehow NPF is off and the configuration is empty: > > === > # npfctl show > Filtering: inactive > Configuration: empty > === > > So, NPF is ending up turned off with an empty configuration between when > /etc/rc.local ran and when the rc.d system start-up finished. > > Any ideas on what is causing this? > > Thanks! > > Lewis As a complete newcomer to npf I'm not sure if this is helpful, but here goes anyway: do you have logging turned on in your npf.conf, and if so, have you created the interface npflog0? -- Gerard Lally
Re: Veriexec - automatic notification of mismatch?
At date and time Mon, 7 Jul 2014 10:51:48 +0200, Martin Husemann wrote: > On Mon, Jul 07, 2014 at 05:25:59AM +0100, Gerard Lally wrote: > > Without checking /var/log/messages manually, how would I go about > > triggering an instant notification if a file or files monitored by > > veriexec had changed? > > I suppose you could set up a program specification in syslog.conf > and send mail or text yourself. A simple script reading one line and > echoing it to mail should do. Thank you Martin. I am studying syslog.conf now. -- Gerard Lally
Veriexec - automatic notification of mismatch?
I've set up veriexec to monitor a data directory (>20GB) containing documents, pictures, music, and other personal files. I've tested veriexec at Strict level 1 and it is working as expected. The reason I'm doing this is to see whether or not veriexec can be used to monitor a data directory for silent bitrot or file corruption. Without checking /var/log/messages manually, how would I go about triggering an instant notification if a file or files monitored by veriexec had changed? A cron job doesn't seem the right way to do this. Is there some other blindingly obvious way of doing this which has sailed right over my head? ;) -- Gerard Lally
Re: GPT questions - gpt reliability, wedge naming, and filesystem scaling.
At date and time Thu, 19 Jun 2014 21:51:12 -0400, Greg Troxel wrote: > > Gerard Lally writes: > > > 1) Is it safe to use GPT on NetBSD? The warnings on the gpt man page > > leave me less than 100% confident. > > On NetBSD 6, I would say yes. Even on 5, I think so. I am not really > clear on booting from GPT, but for other than the boot/root fs it should > be fine. I have multiple systems with gpt disks and no issues. > > > 2) As I understand it the NetBSD FFS filesystem is capable of growing > > to 8 zettabytes, but MBR partitioning combined with traditional > > disklabels meant we were restricted to 2 (or 4) TB partitions in > > practice. Am I right in saying that GPT and wedges remove this > > restriction, and we can now create partitions and filesystems greater > > than 4TB? > > I think disklabels are limited to 2TB; I'm not sure if it's the whole > disk or per partition. (Maybe that's 4TB.) That is correct - GPT does > not have a 2TB limit. That's great. It will be a while before I get >2TB disks for my data but I'm glad the restrictions won't be there when I do. > > 3) Using "NAME=dk0" in /etc/fstab didn't work for me; I had to specify > > /dev/dk0, /dev/dk1, etc. > > > > This is not a big deal but it leaves me wondering how NAME=xxx in fstab > > is supposed to work. Does it work with GPT labels instead? > > My impression is that NAME matched the gpt label, so you could mount a > disk with label foo on /volumes/foo repeatedly. > > > 4) To get the sector offsets and sizes right I first created a > > traditional MBR + disklabel setup, sizing partitions in MB and taking > > note of the sector offsets and sector sizes this produced. I started at > > 2048. After destroying the MBR + disklabel setup I then used this > > information to create GPT partitions. I assume this is a safe way to do > > it? I am not really familiar with partition alignment, and even less so > > since the new disks came out. > > In the modern world, disks don't really have consistent geometries. So > the big alignment issue is to make sure that you line up on physical > blocks, which are often 4K (on disks 2T and greater, or maybe 1T or > greater). And, there is some threat of larger physical sizes later. > > So, two recommendations are: > > start the first partition at some multiple of 64 (because it's a > multiple of any sane near-term size). > > start the first partition at 1 MB (2048 * 512 sectors), which is an > even rounder number, and is still a negligible space waste. (This > really surprised me when I did the math; I remember using 2.5 MB > disks.) > > Whatever you do - don't start things at sector 34, which is the start of > available space. Here's "gpt show" from a 1T disk I have in use. Note > that I didn't worry about the exact size being round. > >startsize index contents >0 1 PMBR >1 1 Pri GPT header >2 32 Pri GPT table > 34 30 > 64 1953525071 1 GPT part - NetBSD FFSv1/FFSv2 > 1953525135 32 Sec GPT table > 1953525167 1 Sec GPT header > > > So I really don't see why you are making disklabels and then > transferring numbers. Just make all the start and size values a > multiple of 2048 sectors, for some size that's round in binary, or close > to what you want. Or live on the edge at 64 like I did (I'm kidding; I > don't think there's anything wrong with 64). Well I did it that way because I hadn't really looked into sizing partitions by sector before, but when you mentioned it I went off and learned how to do it, using basic maths. Very straightforward actually. Thanks! > If you find the man pages saying things that are wrong, feel free to > send a patch fixing it. Yes I would like to start contributing back to NetBSD, but it will be mostly documentation (English and Philosophy were my subjects). -- Gerard Lally
Re: GPT questions - gpt reliability, wedge naming, and filesystem scaling.
At date and time Fri, 20 Jun 2014 12:10:18 +0700, Robert Elz wrote: > Date:Fri, 20 Jun 2014 01:20:03 +0100 > From: Gerard Lally > Message-ID: <20140620012000.2c49.280fc...@netmail.ie> > | > | 1) Is it safe to use GPT on NetBSD? > > Yes, though it is a little tricky to get boot from gpt to work properly > (you might have fluked onto the technique for that, unless it has been > recently fixed, you need to first make a bootable MBR, then convert to > to GPT, and not try to simply do the GPT boot process on a virgin disk). > (No need for the MBR partitions and GPT ones to be related at all, it is > the MBR init, which becomes PMBR init, that is important here). Luckily enough I came upon the instructions below, and booting worked for me without issue: http://wiki.netbsd.org/users/jakllsch/gptboot/ > | 3) Using "NAME=dk0" in /etc/fstab didn't work for me; I had to specify > | /dev/dk0, /dev/dk1, etc. > | dk names also do not persist across reboots. For example, if I create a > | wedge as follows the dk_swap name reverts to dk1 after rebooting. > > That stuff really doesn't work in NetBSD 6, you need a -current > kernel (or something from the past 6-9 months on the current stream) > to get this functioning the way it should. It would be nice for all > the wedge labeling, and auto-discovery, to get pulled up... Yes, that seems to be the consensus here. It's no big deal, although it will be useful to have in 7. > | dkctl wd0 addwedge dk_swap 64 2097152 swap > | > | This is not a big deal but it leaves me wondering how NAME=xxx in fstab > | is supposed to work. Does it work with GPT labels instead? > > Yes, the GPT label is the name value. But the label in addwedge is the > same thing, but I think only applied n ram, not written back to the filesys > (not sure about that, but it certainly gave me some weirdness when I > started). > > | 4) To get the sector offsets and sizes right I first created a > | traditional MBR + disklabel setup, sizing partitions in MB and taking > | note of the sector offsets and sector sizes this produced. I started at > | 2048. > > Sounds OK. > > | After destroying the MBR + disklabel setup I then used this > | information to create GPT partitions. I assume this is a safe way to do > | it? > > Safe, if a little over cautious. > > | I am not really familiar with partition alignment, and even less so > | since the new disks came out. > > As Greg said, just avoid splitting things so that one write requires > a read/modify/write on the drive (so your writes should be whole drive > sectors). For some big drives that's 2K or 4K, so everything (even > perhaps filesys fragment size) should be multiples of that. > > Most important is to forget that the magic number "63" (or anything like > it) ever existed... > > I'll append a script I use to make GPT partitions and do most of the > rest of the work (it uses NAME=... entries in data it adds to fstab if > fstab already contains any of those, otherwise not - so if they're to > work, you need to add one NAME= entry manually.) A useful script to have. Many thanks. (Aside: are you the same Robert Elz who was involved from the outset in FFS? Just by coincidence I was reading an article from the 80s the other day which mentioned the name in connection with FFS. Very interesting to have all these venerable hackers around if so!) -- Gerard Lally
Re: GPT questions - gpt reliability, wedge naming, and filesystem scaling.
At date and time Fri, 20 Jun 2014 18:54:03 +0930, Brett Lymn wrote: > On Fri, Jun 20, 2014 at 01:20:03AM +0100, Gerard Lally wrote: > > > > 1) Is it safe to use GPT on NetBSD? The warnings on the gpt man page > > leave me less than 100% confident. > > Yes. I am using GPT on my laptop in a multiboot netbsd/linux/win8 set > up. It takes some care to set up but works fine. I do intend to write > up what I have done when I have some time. Please do, and let us know when you do. -- Gerard Lally
Re: GPT questions - gpt reliability, wedge naming, and filesystem scaling.
At date and time Fri, 20 Jun 2014 09:22:14 -0700, Jeff Rizzo wrote: > On 6/19/14, 5:20 PM, Gerard Lally wrote: > > > > 3) Using "NAME=dk0" in /etc/fstab didn't work for me; I had to specify > > /dev/dk0, /dev/dk1, etc. > > dk names also do not persist across reboots. For example, if I create a > > wedge as follows the dk_swap name reverts to dk1 after rebooting. > > > > dkctl wd0 addwedge dk_swap 64 2097152 swap > > > > This is not a big deal but it leaves me wondering how NAME=xxx in fstab > > is supposed to work. Does it work with GPT labels instead? > > The NAME= stuff is in NetBSD-current but not -6, so it will first appear in > NetBSD 7.0. Thanks for the info. -- Gerard Lally
GPT questions - gpt reliability, wedge naming, and filesystem scaling.
As an experiment I installed NetBSD 6 in a virtual machine to try and figure out GPT partitions and wedges. The experiment went well, and I learned for the first time how to install NetBSD by dropping to a shell from sysinst and running setup from the shell. As always Pierre-Philipp Braun was a great help. I have some questions. Answers to one or more of these questions are most welcome. 1) Is it safe to use GPT on NetBSD? The warnings on the gpt man page leave me less than 100% confident. 2) As I understand it the NetBSD FFS filesystem is capable of growing to 8 zettabytes, but MBR partitioning combined with traditional disklabels meant we were restricted to 2 (or 4) TB partitions in practice. Am I right in saying that GPT and wedges remove this restriction, and we can now create partitions and filesystems greater than 4TB? 3) Using "NAME=dk0" in /etc/fstab didn't work for me; I had to specify /dev/dk0, /dev/dk1, etc. dk names also do not persist across reboots. For example, if I create a wedge as follows the dk_swap name reverts to dk1 after rebooting. dkctl wd0 addwedge dk_swap 64 2097152 swap This is not a big deal but it leaves me wondering how NAME=xxx in fstab is supposed to work. Does it work with GPT labels instead? 4) To get the sector offsets and sizes right I first created a traditional MBR + disklabel setup, sizing partitions in MB and taking note of the sector offsets and sector sizes this produced. I started at 2048. After destroying the MBR + disklabel setup I then used this information to create GPT partitions. I assume this is a safe way to do it? I am not really familiar with partition alignment, and even less so since the new disks came out. -- Gerard Lally
Re: openbsd -> netbsd : same yet feels different ...
At date and time Wed, 18 Jun 2014 07:39:59 +0300, Terho Uotila wrote: > On Wed, 18 Jun 2014 00:06:12 +0100 > Gerard Lally wrote: > > > guide. Indeed I am still not 100% clear about it. It's also difficult > > to get mk.conf working so that GNU and Perl and Sourceforge software > > is pulled from a local mirror. No matter what I try to get it pulled > > from HEAnet in Dublin most of it still seems to come from Vienna! > > > > Have you tried setting MASTER_SORT in /etc/mk.conf? > (see /usr/pkgsrc/mk/defaults/mk.conf) > > Sites seem to be listed in /usr/pkgsrc/mk/fetch/sites.mk, and most do > not have irish mirror listed, maybe you also need to add > MASTER_SITE_XXX+= ftp://your.nearest.mirror to /etc/mk.conf > > (I haven't tried these, but they don't seem unreasonable ideas to try.) Yes I tried it with .ie first in MASTER_SORT but it didn't seem to make any difference. I then disabled MASTER_RANDOM_SORT and then added the following at the bottom of mk.conf: MASTER_SITE_GNU=ftp://ftp.heanet.ie/pub/gnu/ MASTER_SITE_SOURCEFORGE=ftp://ftp.heanet.ie/mirrors/sourceforge/ This seems to have fixed it for me so far. I'll now try Irish mirrors for Perl. Many thanks! -- Gerard Lally
naviserver on NetBSD: is Linux emulation possible?
Hi, naviserver is a fork of AOLserver, which is a high-performing web server based on Tcl. http://en.wikipedia.org/wiki/NaviServer I am interested in naviserver because I am learning Tcl, and I would like to see how far I can go developing web applications in Tcl without using the standard Apache-MySQL-PHP stack. However, I have been unable to install naviserver from source on NetBSD 6 or current. I do not have the errors at hand but as far as I remember they related to pthreads. There is no pkgsrc entry available. Could naviserver perhaps run under Linux emulation in NetBSD? I have never tried Linux emulation. I can build naviserver on Slackware. I don't think there would be too many libraries to carry over. I'd like to know if it's possible and relatively straightforward before I invest too much time in it. -- Gerard Lally
Re: openbsd -> netbsd : same yet feels different ...
At date and time Tue, 17 Jun 2014 13:43:05 +, Mayuresh Kathe wrote: > hello, > > it's been 3 days since i took advice from "aaron b" and migrated > to netbsd from openbsd. > > i won't go overboard and say that i'm an instant fan-boy, but > frankly, the system feels the same, yet quite different. > > for one, the responsiveness while using the operating system is > much better than under openbsd (or even freebsd). > secondly, the community (mailing list) isn't grumpy. :) > > i migrated primarily because of the upcoming support for "lua" > throughout the operating system, hope it materializes. > > what else could someone who's not so much into system setup and > administration, nor into systems programming do with netbsd? > ah yes, i am not much of a 'gui' user, so will be working at the > console, primarily, but would be nice to know if there's anyone > here using or carrying over 'cwm' from openbsd, it's kinda nice. I too moved from OpenBSD to NetBSD. (For 20+ years before that I was an illiterate product of the Irish education system, knowing and caring for nothing other than Microsoft Windows.) I liked and still like OpenBSD: their pf packet filter with queueing integrated; their work on OpenSSH; and their commitment to security. But a couple of things nagged me. One was the recommendation not to install from source. The other was the outright refusal to countenance OpenBSD as a host for virtual machines. When I discovered NetBSD it was like a breath of fresh air. The whole system has a feel to it that is just right. And NetBSD has Xen! pkgsrc has "just-in-time" su! NetBSD has veriexec! LVM and npf have arrived! NetBSD 7 will have ipfilter 5, which can block based on domain names! Honestly, to my mind NetBSD feels like a beautifully engineered system, much more than any other system I have tried. I am not a programmer or a professional sysadmin. I understand every system has its flaws, and I certainly have encountered them along the way in NetBSD. Things I'd love to see in NetBSD: Dragonfly BSD's Hammer; a more complete wiki, which supersedes all the conflicting and out-of-date documentation out there. I would also like to see a *step-by-step* guide to pkgsrc on NetBSD. The pkgsrc guide falls short of giving this. For example, it makes the assumption we know where mk.conf is, and where it should go, and what adjustments we need to make to the file before we start using pkgsrc. It took me a long time to understand the difference between "just-in-time" su and compiling an unprivileged build: this will seem ridiculously obvious to those in the know but to absolute beginners it is thoroughly confusing and there is no clear explanation in the guide. Indeed I am still not 100% clear about it. It's also difficult to get mk.conf working so that GNU and Perl and Sourceforge software is pulled from a local mirror. No matter what I try to get it pulled from HEAnet in Dublin most of it still seems to come from Vienna! These criticisms aside, NetBSD remains for me the gold standard in operating system design and behaviour. The NetBSD developers and users here are patient and friendly. They don't tolerate anything less than excellence, and they are patient. Too patient sometimes! I am dying to see 7 branched! But at least their conservatism means we will never see any of the brain-dead rubbish that has infested Linux make its way into NetBSD. -- Gerard Lally
Re: Good supported wireless card for laptop
At date and time Sun, 08 Jun 2014 22:20:15 -0500, Jimmie Houchin wrote: > What are some well supported wireless 802.11n or ac cards for laptops? > I have not been able to get NetBSD to successfully use my wireless card Intel > 1030N. Hi, if you are happy with a USB-connected wireless-G adapter the D-Link DWL-G122 is a stable performer on NetBSD. As far as I remember revisions B1 and C1 had different chipsets but they both worked well for me on NetBSD 6. http://tinyurl.com/l2deg2e -- Gerard Lally
Re: How to install rxvt-unicode-256color termcap entry on machine without X
At date and time Sat, 31 May 2014 15:53:46 +0100, Gerard Lally wrote: > At date and time Sat, 31 May 2014 11:40:14 +0930, Brett Lymn wrote: > > > On Fri, May 30, 2014 at 10:42:04PM +0100, atomicules wrote: > > > On 30-May-2014 14:31:11, Gerard Lally wrote: > > > >I copied this terminfo source file to my home directory in NetBSD and > > > >ran tic on it: > > > > > > > >tic -s rxvt-unicode-256color.terminfo. > > > > > > > >This created a .terminfo directory in HOME, and a subdirectory r with a > > > >single file in r called rxvt-unicode-256color. No cdb extension in other > > > >words. > > > > > > I'm stumped and confused. I don't understand how NetBSD could do that > > > (not create a database file; a file with the .cdb extension). > > > According to the man page for tic: > > > > > > >DESCRIPTION > > > >The tic utility compiles terminfo(5) source into a database for use > > > > by > > > >other programs. The created database path name is the same as the > > > >source > > > >but with .cdb appended. > > > > > > The .terminfo directory and subdirecotry you describe is what I see on > > > Arch > > > Linux, but not NetBSD. > > > > Make sure you run the right tic - if you have ncurses installed due to > > some package dependency you may be accidentally running the ncurses tic > > which will produce the wrong results, try using /usr/bin/tic and see > > what happens. This catches me out from time to time. > > Well I finally found a way around it, although it feels like a kludge, > but it's working now. There is only one tic by the way, in /usr/bin/tic. > > I'll give a summary in case someone else stumbles over this issue. > > Three machines: > > remote= remote NetBSD without X11 (and therefore without rxvt-unicode) > local = local X11 client with rxvt-unicode terminal installed > (Slackware) > vm= temporary local NetBSD virtual machine with X11 and rxvt-unicode > installed > > I installed NetBSD 6.1.4 with X11 on $vm, and installed rxvt-unicode on > that machine. Running "make install" created three files in the > doc/etc/ subdirectory of the working source directory. These three files > were: > > rxvt-unicode.terminfo > rxvt-unicode.termcap > rxvt-unicode.terminfo.cdb. > > I copied these files to $HOME on $remote, and logged in to $remote from > $local. Once again I ran tic on $remote: > > $ tic -s rxvt-unicode.terminfo > > But once again this failed to create a file with extension .cdb, > although it did report successfully adding 2 entries to the database, > creating ~/.terminfo and ~/.terminfo/r/, together with the two files > rxvt-unicode and rxvt-unicode-256color in ~/.terminfo/r/. > > Once again "top" reported an error: "no termcap entry for > rxvt-unicode-256color." > > Now this is where I returned to the tic(1) and terminfo(5) man pages on > $remote, but to my mind they are not clear here. terminfo(5) specifies > the file $HOME/.terminfo.cdb as the database which contains terminal > descriptions for personal use, but tic(1) doesn't seem to care, just > saying that "the created database path name is the same as the source > but with .cdb appended." I take that to mean "tic -s rxvt-unicode.terminfo" > should produce a file named rxvt-unicode.terminfo.cdb in $HOME. Needless > to say it doesn't. > > At this point I took terminfo(5) literally and created $HOME/.terminfo.cdb > by renaming the rxvt-unicode.terminfo.cdb file I had copied from $vm. > Lo and behold that solved the problem straight away! "top" was happy, > although "tput" complained about an unknown terminal but I solved this > by logging in as root and running "tic -s /home/gerard/rxvt-unicode.terminfo", > which created these two files: > > /usr/share/terminfo/r/rxvt-unicode.terminfo > /usr/share/terminfo/r/rxvt-unicode.terminfo-256color > Correction: it created two files as follows: > /usr/share/terminfo/r/rxvt-unicode > /usr/share/terminfo/r/rxvt-unicode-256color -- Gerard Lally
Re: How to install rxvt-unicode-256color termcap entry on machine without X
At date and time Sat, 31 May 2014 11:40:14 +0930, Brett Lymn wrote: > On Fri, May 30, 2014 at 10:42:04PM +0100, atomicules wrote: > > On 30-May-2014 14:31:11, Gerard Lally wrote: > > >I copied this terminfo source file to my home directory in NetBSD and > > >ran tic on it: > > > > > >tic -s rxvt-unicode-256color.terminfo. > > > > > >This created a .terminfo directory in HOME, and a subdirectory r with a > > >single file in r called rxvt-unicode-256color. No cdb extension in other > > >words. > > > > I'm stumped and confused. I don't understand how NetBSD could do that > > (not create a database file; a file with the .cdb extension). > > According to the man page for tic: > > > > >DESCRIPTION > > >The tic utility compiles terminfo(5) source into a database for use by > > >other programs. The created database path name is the same as the > > >source > > >but with .cdb appended. > > > > The .terminfo directory and subdirecotry you describe is what I see on Arch > > Linux, but not NetBSD. > > Make sure you run the right tic - if you have ncurses installed due to > some package dependency you may be accidentally running the ncurses tic > which will produce the wrong results, try using /usr/bin/tic and see > what happens. This catches me out from time to time. Well I finally found a way around it, although it feels like a kludge, but it's working now. There is only one tic by the way, in /usr/bin/tic. I'll give a summary in case someone else stumbles over this issue. Three machines: remote = remote NetBSD without X11 (and therefore without rxvt-unicode) local = local X11 client with rxvt-unicode terminal installed (Slackware) vm = temporary local NetBSD virtual machine with X11 and rxvt-unicode installed I installed NetBSD 6.1.4 with X11 on $vm, and installed rxvt-unicode on that machine. Running "make install" created three files in the doc/etc/ subdirectory of the working source directory. These three files were: rxvt-unicode.terminfo rxvt-unicode.termcap rxvt-unicode.terminfo.cdb. I copied these files to $HOME on $remote, and logged in to $remote from $local. Once again I ran tic on $remote: $ tic -s rxvt-unicode.terminfo But once again this failed to create a file with extension .cdb, although it did report successfully adding 2 entries to the database, creating ~/.terminfo and ~/.terminfo/r/, together with the two files rxvt-unicode and rxvt-unicode-256color in ~/.terminfo/r/. Once again "top" reported an error: "no termcap entry for rxvt-unicode-256color." Now this is where I returned to the tic(1) and terminfo(5) man pages on $remote, but to my mind they are not clear here. terminfo(5) specifies the file $HOME/.terminfo.cdb as the database which contains terminal descriptions for personal use, but tic(1) doesn't seem to care, just saying that "the created database path name is the same as the source but with .cdb appended." I take that to mean "tic -s rxvt-unicode.terminfo" should produce a file named rxvt-unicode.terminfo.cdb in $HOME. Needless to say it doesn't. At this point I took terminfo(5) literally and created $HOME/.terminfo.cdb by renaming the rxvt-unicode.terminfo.cdb file I had copied from $vm. Lo and behold that solved the problem straight away! "top" was happy, although "tput" complained about an unknown terminal but I solved this by logging in as root and running "tic -s /home/gerard/rxvt-unicode.terminfo", which created these two files: /usr/share/terminfo/r/rxvt-unicode.terminfo /usr/share/terminfo/r/rxvt-unicode.terminfo-256color Now tput was happy as well. Problem solved, in a most convoluted way! I'm sure there must be an easier and less stressful way to solve this but I don't have the knowledge or time to go into it too deeply. All I want is a good terminal that works! Thanks to you and atomicule for the help. -- Gerard Lally
Re[2]: How to install rxvt-unicode-256color termcap entry on machine without X
Date:Thu, 29 May 2014 23:48:03 +0100 From:atomicules |> Hi Gerard, |> |> On 29-May-2014 15:17:31, Gerard Lally wrote: |> >Is there a way of installing |> >the terminfo or termcap entry for this terminal in the database? |> |> Not that I know of. I.e. I couldn't figure out a way to append to |> the database: |> http://atomicules.co.uk/2014/03/26/NetBSD-Terminfo.html |> |> But... you can create a ~/.terminfo.cdb file that contains the |> necessary info for the user of interest. |> |> >I tried the command below, as recommended on the urxvt website, but I |> >still get an error: |> > |> >REMOTE=myremoteserver.domain |> >infocmp rxvt-unicode | ssh $REMOTE "mkdir -p .terminfo && cat >/tmp/ti |> >&& tic /tmp/ti" |> |> I imagine this wants to be something like: |> |> infocmp rxvt-unicode | ssh $REMOTE "cat >~/.terminfo && tic |> ~/.terminfo" |> |> (Must be someway to get rid of cat from there?) Hi again, and thanks for your help. I spent some time trying this and got no further. Pulling my hair out at this stage. First of all I created a terminfo source file on the Slackware machine with rxvt-unicode-256color installed: infocmp -I rxvt-unicode-256color > rxvt-unicode-256color.terminfo I copied this terminfo source file to my home directory in NetBSD and ran tic on it: tic -s rxvt-unicode-256color.terminfo. This created a .terminfo directory in HOME, and a subdirectory r with a single file in r called rxvt-unicode-256color. No cdb extension in other words. But running tic on the source file seems to succeed: it reports that it added 1 entry to the database. When I connect to NetBSD using rxvt-unicode-256color (whose TERM variable is rxvt-unicode-256color) I still get an error running top to the effect that there is no termcap entry for rxvt-unicode-256color. Very frustrating. -- Gerard Lally
How to install rxvt-unicode-256color termcap entry on machine without X
Hi, I am trying to access a NetBSD 6.1.4 amd64 machine from a Slackware machine, using the rxvt-unicode terminal, compiled with 256-color support. I do not have X installed on the NetBSD machine, and I would prefer to do without it if at all possible. Is there a way of installing the terminfo or termcap entry for this terminal in the database? I tried the command below, as recommended on the urxvt website, but I still get an error: REMOTE=myremoteserver.domain infocmp rxvt-unicode | ssh $REMOTE "mkdir -p .terminfo && cat >/tmp/ti && tic /tmp/ti" When running top I get the following error: "top: no termcap entry for a `rxvt-unicode-256color' terminal" -- Gerard Lally
Re: spurious reboot
On Thu, 28 Nov 2013 21:06:36 +0100 m...@netbsd.org (Emmanuel Dreyfus) wrote: > Manuel Bouyer wrote: > > > Yes, but depending on the hardware and BIOS, I can immagine that only 2GB > > can > > be below the 2^32 limit, and the remaming above (eventually well above). > > Splitting at 3Gb is more annoying, hardware-wise, than at 2Gb. > > I wondered if it could be related with the i386 kernel being unstable on > that machine. Is the BIOS up-to-date?
Re: net/aget : project contacts not reachable?
On Tue, 4 Jun 2013 22:26:03 +0530 Mayuresh wrote: > On Tue, Jun 04, 2013 at 06:42:12PM +0200, Alistair Crooks wrote: > > I don't see any updates to the package (beyond ones dealing with > > pkgsrc infrastructure) since its import: > > > > so maybe things have just moved on for them? > > Looks like ... thanks for the findings. > > Anyway, the tool is really nice and I hope it remains in pkgsrc. > > Do not know how this thought sounds, but is it possible to use download > accelerators (like aget) for distfile downloads in pkgsrc (of course not > by default.) Since I got to know about aget, I break my pkgsrc builds when > it is downloading and manually download from the same URL using aget. > Often it speeds up the things. > > (Of course it won't benefit cases where distfile download already consumes > your internet connection's bandwidth fully.) You could also consider the following alternatives, which are maintained: aria2; curl; wget. -- Gerard Lally
Re: pf question
On Sat, 18 May 2013 13:42:47 +0200 Konrad Neuwirth wrote: > Hello, > > we are currently struggling with a pf configuration that we can't > seem to get working. > > Basically, the challenge is that we have a NetBSD system acting as a > router for a largish network. Said system has two upstream nodes > ('default routes') that apply, depending on the ip address that we > use. Basically, we have one broadband connection that should be used > for most every (outgoing) traffic. The exception is that the second > upstream handles a subnet that we have here, and all traffic to and > from those addresses should, of course, be going over that second > link. > > What we've done is added the broadband as the default route, and then > had a pf rule to the effect of: > > pass out route-to ($ext_if_dsl $dsl_gw) proto tcp \ > from $fixed_ip to any > > But this does not work -- the packets just do not go out over the > appropriate interface. Connecting to something on one of those IP > numbers just … has a connection that times out. > > What am I missing? What do we need to do? I haven't tried this yet with NetBSD but this is how I did something similar when I used OpenBSD. The OpenBSD version I used was 5.0. Bear in mind that there were substantial changes to PF syntax around OpenBSD version 4.7, and as far as I know the NetBSD pf syntax corresponds with the older versions. The "route-to" option is certainly different, but perhaps you will still find this reply helpful. My situation differs from yours in that I had just one internal subnet and two WAN providers, and all I needed to do on the second WAN link was to connect from a single LAN host to a single remote host for a scheduled FTP download. First of all I defined the default gateway in OpenBSD's /etc/mygate as usual. Then I added the second gateway to /etc/rc.local # 123.123.456.xxx is remote FTP server which can be accessed only # through second upstream provider # 123.456.789.xxx is second WAN gw # route add -host 123.123.456.xxx 123.456.789.xxx In pf.conf I had the following (irrelevant parts snipped): # network interfaces if_wan1 = "fxp0" if_wan2 = "xl0" if_lan = "xl1" if_lo = "lo0" # gateways gw_wan1 = "xxx.xxx.xxx.113" gw_wan2 = "123.456.789.xxx" # networks net_lan = "192.168.1.0/24" # hosts remote_ftp_host = "123.123.456.xxx" ... # scrubbing match on $if_wan1 scrub (random-id reassemble tcp max-mss 1440) match on $if_wan2 scrub (random-id reassemble tcp max-mss 1440) # nat match out on $if_wan1 from $net_lan to any \ nat-to ($if_wan1) port 1024:65535 match out on $if_wan2 from $net_lan to any \ nat-to ($if_wan2) port 1024:65535 ... # filtering pass out pass in on $if_lan pass in on $if_lan inet proto tcp from any to $remote_ftp_host \ port ftp route-to ($if_wan2 $gw_wan2) -- Gerard Lally
Re: Status of nyftp.netbsd.org
On Tue, 23 Apr 2013 17:15:47 + (UTC) chris...@astron.com (Christos Zoulas) wrote: > In article <20130423132208.faab.26074...@netmail.ie>, > Gerard Lally wrote: > >This server has been down for quite a long time. Perhaps advance notice > >was given and I missed it? > > Bad memory configuration. Should be replaced tomorrow. Thank you. -- Gerard Lally
Status of nyftp.netbsd.org
This server has been down for quite a long time. Perhaps advance notice was given and I missed it? -- Gerard Lally