Re: i386 binaries on amd64
Tony Lambiris wrote: In reading some mailing lists, I noticed some people pass in the -m32 flag when compiling to compile 32bit instead of 64bit... I added the flag to the Makefile and everything compiles except when I try to link all the objects into an executable, I get these errors: /usr/bin/ld: warning: i386 architecture of input file `some.o' is incompatible with i386:x86-64 output Is compiling this way possible at all? No.
Re: Default domain not working
Thanks Otto and Killi I get it now...
Re: Default domain not working
On Wed, 31 Aug 2005, Bill wrote: > On Wed, 31 Aug 2005 07:58:24 +0200 (CEST) > Otto Moerbeek <[EMAIL PROTECTED]> wrote: > > > > > On Wed, 31 Aug 2005, Bill wrote: > > > > > I have a problem, which will probably end up being a stupid mistake. > > > I have 3.7 running (fresh install) using the stock BIND and DHCP systems > > > > > > My problem is that I cannot get the default domain to work. > > > > > > So: > > > dig www > > > > > > does not work, while > > > dig www.domainname.com > > > > > > does work fine. > > > > How about reading the man page? > > > > +[no]search > > Use [do not use] the search list defined by the > > searchlist or domain directive in resolv.conf (if > > any). The search list is not used by default. > > > > > > -Otto > > Thanks Otto. But aside from convincing me I am just plain crazy... > that just confuses me a bit more. I did spend time with the man > page, But the man page also says, and this is what threw me... > > +domain=somename > Set the search list to contain the single domain > somename, as if specified in a domain directive in > /etc/resolv.conf, and enable search list processing > as if the +search option were given. > > "AS IF specified in the domain directive" which I have. So as I (mis) > understand it, the +search would be in addition to the domain > directive... I was thinking the search list was the search directive, > not the default domain name. Even sounds like that above... It > describes both and then says only one of them is not used by default. Read again, the search description uses "search list" (the complete list) and "searchlist" (the option in resolv.conf). The search list is consrtructed from the domain + searchlist directives, as described in resolv.conf(5). > My issue is I want to be able to use the default domain other places in > the system. My dhcpd.conf has a whole slew of > > fixed-address prn1; > > Which I'd like the default domain to be looked up. Since I cannot get > a ping to work on the default (or dig) I am pretty sure the problem is > before that. This must be doable, right? Other programs do use the domain search list. Try e.g. host(1). If that does not work, there's indeed something wrong with your config. -Otto
Re: isakmpd to cisco pix
A late follow-up, just in case this helps anyone else while searching the archives of this list etc., this turned out to be a pix configuration issue... Since we also have an easy vpn on the same pix (for Cisco's software VPN client), we had to add two extra attributes at the end of the line on which we defined the pre-shared key, as shown below: isakmp key address netmask 255.255.255.255 no-xauth no-config-mode Cheers Richard On Wed, 11 May 2005 11:59 am, you wrote: > NAT is not in use, the two peers are in direct contact > with each other. > > OS version: Cisco PIX Firewall Version 6.3(4)120 > PIX model: Hardware: PIX-515E > > Regards > Richard > > --- Petr Ruzicka <[EMAIL PROTECTED]> wrote: > > two more questions > > - pix version ? > > - is nat in use ? > > > > Petr R. > > > > --- Richard Green <[EMAIL PROTECTED]> wrote: > > > > Hi > > > > Thanks, for your replies. I have some additional > > information now - > > the cisco config (below) - though it still looks > > quite sensibly configured > > (to someone who doent know any cisco commands ;)), > > and > > the errors remain :( > > > > Regards, Richard > > > > --- Erik Carlseen <[EMAIL PROTECTED]> wrote: > > > It would be helpful if you could provide sanitized > > > configuration files > > > from both the OpenBSD box and the PIX (just search > > > > & > > > > > replace out > > > anything confidential, but pleasebe consistant). > > > > > > Also, I've found (at least for me) that a good > > > command line for debug > > > purposes is: > > > > > > isakmpd -f- -d -L -D0=79 -D1=70 -D2=90 -D3=80 > > > > -D4=99 > > > > > -D5=99 -D6=99 > > > -D7=99 -D8=99 -D9=99 > > > > > > For Phase 2 debugging, pay extra attention to the > > > 'SA' debug messages. > > > > > > Regards, > > > > > > Erik Carlseen > > > > and... > > > > --- Petr Ruzicka <[EMAIL PROTECTED]> wrote: > > > Hi, could you get configuration of PIX. Not all of > > > > it required, just isakmp and crypto map stuff. > > > > > Do they use xauth ? > > > > > > Petr R. > > > > > >> Cisco config (sanitized): > > > > access-list cryptomap_20 permit ip 10.3.3.8 > > 255.255.255.248 192.168.157.0 255.255.255.0 > > > > sysopt connection permit-ipsec > > > > crypto ipsec transform-set ESP-3DES-MD5 esp-3des > > esp-md5-hmac > > > > crypto map some_map 20 ipsec-isakmp > > crypto map some_map 20 match address cryptomap_20 > > crypto map some_map 20 set peer 10.1.1.17 > > crypto map some_map 20 set transform-set > > ESP-3DES-MD5 > > crypto map some_map 20 set security-association > > lifetime seconds 1800 kilobytes 4608000 > > crypto map some_map interface outside > > > > isakmp enable outside > > isakmp key shared-secret address 10.1.1.17 netmask > > 255.255.255.255 > > isakmp identity address > > > > isakmp policy 20 authentication pre-share > > isakmp policy 20 encryption 3des > > isakmp policy 20 hash md5 > > isakmp policy 20 group 2 > > isakmp policy 20 lifetime 86400 > > > > >> /etc/isakmpd/isakmpd.conf config (sanitized) > > > > [Phase 1] > > 10.0.0.81=peer-machine-WCpix > > > > [Phase 2] > > Connections=VPN-SZ-WCSQL > > > > [peer-machine-WCpix] > > Phase= 1 > > Transport= udp > > Address=10.0.0.81 > > Local-address= 10.1.1.17 > > Configuration= Default-main-mode > > Authentication= shared-secret > > > > [VPN-SZ-WCSQL] > > Phase= 2 > > ISAKMP-peer=peer-machine-WCpix > > Configuration= Default-quick-mode > > Local-ID= SZ-internal-network > > Remote-ID= WCSQL-subnet > > > > [SZ-internal-network] > > ID-type=IPV4_ADDR_SUBNET > > Network=192.168.157.0 > > Netmask=255.255.255.0 > > > > [WCSQL-subnet] > > ID-type=IPV4_ADDR_SUBNET > > Network=10.3.3.8 > > Netmask=255.255.255.248 > > > > [Default-main-mode] > > DIO=IPSEC > > EXCHANGE_TYPE= ID_PROT > > Transforms= 3DES-MD5 > > > > [Default-quick-mode] > > DOI=IPSEC > > EXCHANGE_TYPE= QUICK_MODE > > Suites= QM-ESP-3DES-MD5-SUITE > > > > [3DES-MD5] > > GROUP_DESCRIPTION= MODP_1024 > > > > [QM-ESP-3DES-MD5-PFS-SUITE] > > GROUP_DESCRIPTION= MODP_1024 > > > > # > > > > >> And some parts of the debug log at your suggested > > > > debug level, at points where errors seem to occur. > > . > > . > > 104124.523585 Exch 90 dpd_check_vendor_payload: bad > > size 8 != 16 > > . > > . > > 104124.582274 SA 60 sa_create: sa 0x3c067d00 phase > > 2 added to exchange 0x3c067a00 (VPN-SZ-WCSQL) > > 104124.582284 Mesg 90 message_alloc: allocated > > 0x3c06b700 > > 104124.582292 SA 80 sa_reference: SA 0x3c067900 > > now has 6 references 104124.582301 Cryp 60 hash_get: > > requested algorithm 0 > > 104124.582399 Misc 70 attribute_set_constant: no > > GROUP_DESCRIPTION in the QM-ESP-3DES-MD5-XF section > > 104124.58
Re: Default domain not working
On Wed, 31 Aug 2005 07:58:24 +0200 (CEST) Otto Moerbeek <[EMAIL PROTECTED]> wrote: > > On Wed, 31 Aug 2005, Bill wrote: > > > I have a problem, which will probably end up being a stupid mistake. > > I have 3.7 running (fresh install) using the stock BIND and DHCP systems > > > > My problem is that I cannot get the default domain to work. > > > > So: > > dig www > > > > does not work, while > > dig www.domainname.com > > > > does work fine. > > How about reading the man page? > > +[no]search > Use [do not use] the search list defined by the > searchlist or domain directive in resolv.conf (if > any). The search list is not used by default. > > > -Otto Thanks Otto. But aside from convincing me I am just plain crazy... that just confuses me a bit more. I did spend time with the man page, But the man page also says, and this is what threw me... +domain=somename Set the search list to contain the single domain somename, as if specified in a domain directive in /etc/resolv.conf, and enable search list processing as if the +search option were given. "AS IF specified in the domain directive" which I have. So as I (mis) understand it, the +search would be in addition to the domain directive... I was thinking the search list was the search directive, not the default domain name. Even sounds like that above... It describes both and then says only one of them is not used by default. My issue is I want to be able to use the default domain other places in the system. My dhcpd.conf has a whole slew of fixed-address prn1; Which I'd like the default domain to be looked up. Since I cannot get a ping to work on the default (or dig) I am pretty sure the problem is before that. This must be doable, right?
Re: Default domain not working
On Wed, Aug 31, 2005 at 01:49:59AM -0400, Bill wrote: > My problem is that I cannot get the default domain to work. > > So: > dig www > > does not work, while > dig www.domainname.com > > does work fine. > > Things I have checked: > > resolv.conf This is used by the resolver, not by DNS lookup tools like dig(1) or host(1). Ciao, Kili
Re: Default domain not working
On Wed, 31 Aug 2005, Bill wrote: > I have a problem, which will probably end up being a stupid mistake. > I have 3.7 running (fresh install) using the stock BIND and DHCP systems > > My problem is that I cannot get the default domain to work. > > So: > dig www > > does not work, while > dig www.domainname.com > > does work fine. How about reading the man page? +[no]search Use [do not use] the search list defined by the searchlist or domain directive in resolv.conf (if any). The search list is not used by default. -Otto
Default domain not working
I have a problem, which will probably end up being a stupid mistake. I have 3.7 running (fresh install) using the stock BIND and DHCP systems My problem is that I cannot get the default domain to work. So: dig www does not work, while dig www.domainname.com does work fine. Things I have checked: resolv.conf Has the: domain domainname.com I also tried the search domainname.com entry also I read that dig gets its default from the hostname, so I checked my hostname setting: core.domainname.com (Set in /etc/myname) I have it running its own named server, without any connections to forward at this time, which resolves the full domain name fine. I've tried adding the /etc/defaultdomain file, which I did not think had anything to do with it, but to no avail. If I do dig www +domain=domainname.com it works fine (but I would expect that to) I tried googling but nothing good... or helpful. What am I missing? Everything I read says this should work... Thanks for any advice on this
Re: using restore command from files?
On 8/29/05, Matt Singerman <[EMAIL PROTECTED]> wrote: > > > On 8/29/05, scorch <[EMAIL PROTECTED]> wrote: > > > Matt Singerman said the following on 2005-08-29 22:32: > > > > > > >I did the restore, and it actually appears to have worked! however. > > > >And ugh, this is a however. The drive partitions that I created are > > > >slightly, er, off. I mapped /usr to /dev/wd0g, but the system is > > > >looking for it in /dev/wd0f. Obviously, this is not working. How can > > > >I fix this?! > > > > > > > > > > > looks like your /etc/fstab doesn't match your disklabel... or is there > > > some error message you need to send us? > > > > > > > > > cheers, scorch > > > > > > -- > > > out of the frying pan and into the fire > > Argh. So here is what is going on: > > The restore seems to have worked. The system boots, services start, > it's all hunky-dorey. However, there is no network. No. Network. I > run ifconfig -a, and device xl0 is started ok. However, dc0 isn't. I > don't know if it *should* be started, but the system seems to require > it - there are calls to it in pf.conf, and in snort's config files. there is no network because your present network card (xl0) is not configured. your previous system used a network card supported by the driver http://www.openbsd.org/cgi-bin/man.cgi?query=dc&sektion=4&apropos=0&manpath=O penBSD+Current&arch=i386 To find out how OpenBSD names Network cards and to set up Networking please read http://www.openbsd.org/faq/faq6.html#Setup Your present computer uses the Network card supported by the driver http://www.openbsd.org/cgi-bin/man.cgi?query=xl&apropos=0&sektion=0&manpath=O penBSD+Current&arch=i386&format=html You can enable network in your computer by following these steps. 1) Create a network configuration file for xl0 interface mv /etc/hostname.dc0 /etc/hostname.xl0 2) Restart your network. sh /etc/netstart The above script should be explictly run in "sh" shell. 3) Change the macro in your pf.conf for dc0 to point to xl0. If you did not use a macro then it is a bad practice please read http://www.openbsd.org/faq/pf/macros.html and make necessary changes to your pf.conf 4) Reload PF ruleset pfctl -f /etc/pf.conf This should get your network up and running on the new OpenBSD box :-) Don't know much about snort now but am in the process of learning! sorry :-( Kind regards Siju If I try and run "ifconfig dc0 up", I get an error about the decide > not being configured. This computer, I should mention, has only one > networking card. Just one. Always had. Any ideas what could be > causing this? > > Thanks, > > Matt
Re: OT: phone line 2 ethernet converters
On Tue, 30 Aug 2005 21:41:44 -0300, Gustavo Rios <[EMAIL PROTECTED]> wrote: >Dear friends, > >sorry for being off-topic, i am able to rent a pair of twist line (a >circuit) between my home and and friends one. I wonder if there exist >and ethernet extender device that could connect an ethernet cable to a >phone line. It would do no special work, just a raw connection between >2 types of layer, i.e, take "bits" from one end and put it into the >another and vice-versa. > >BTW: i am no engineer (CS Bachelor), so sorry if it sounds too stupid. > >Does that exists ? > >PS: yes, i am a user of OBSD and i am using this list cause i know no >other best suited for this message, if possible, point me one possible >"right" mailing list for such subject. Here in the US, a plain (uncoiled) circuit between two points is either called an "alarm circuit" or a "dry pair" if that's what you got, and you're within distance requirements (wire feet), you can do a number of different things; from all/most the various *DSL technologies, to using CSU/DSU endpoints. Though I don't think much of Cringely, you might find this interesting: http://www.pbs.org/cringely/pulpit/pulpit20010823.html Good luck, JCR
Re: DELL Latitude D400 without X
On Tue, 30 Aug 2005 11:44:56 -0500, Tony Lambiris wrote: > http://lysergik.com/~tony/openbsd.phtml No, boys, thank you for the effort, but both point me to the resolution problem that we had earlier; for earlier BIOSes. This one has been solved by the later BIOSes: (cited from http://www.chzsoft.com.ar/855patch.html) "Some of these computers don't allocate enough video memory so that XFree86 is only able to run at low resolutions and/or color depths (e.g. 640x480x16bit). [...] Some newer models with 855GM chipset (e.g. Dell Inspiron 510m and Dell Latitude D505) have an updated BIOS which is able to set the memory size by itself, thus making 855patch obsolete on these systems. Unfortunately the BIOS introduces a new bug causing XFree86 to freeze (with a green screen) when using the i810 driver." On the D400 with BIOS > A05 - like mine ! - we do not need the 855*patch*, but the 855*wrap* from said site. So I'm stuck without X on a notebook; not convincing ! Thanks anyway, Uwe
Re: New device sporting OpenBSD
On Tue, 30 Aug 2005 21:26:33 +0200 Alexander Farber <[EMAIL PROTECTED]> wrote: > Don't they use ZynOS? and ZynOS is an oem'd/rebranded/modified what? --- Lars Hansson
Re: OT: phone line 2 ethernet converters
On Wed, Aug 31, 2005 at 02:34:16AM +, Jason George wrote: > This is the whole point of this: http://accoom.kd85.com/ Wow, very neat. Thanks for enlightening me!
Re: OT: phone line 2 ethernet converters
>Dear friends, > >sorry for being off-topic, i am able to rent a pair of twist line (a >circuit) between my home and and friends one. I wonder if there exist >and ethernet extender device that could connect an ethernet cable to a >phone line. It would do no special work, just a raw connection between >2 types of layer, i.e, take "bits" from one end and put it into the >another and vice-versa. > >BTW: i am no engineer (CS Bachelor), so sorry if it sounds too stupid. > >Does that exists ? > >PS: yes, i am a user of OBSD and i am using this list cause i know no >other best suited for this message, if possible, point me one possible >"right" mailing list for such subject. > > This is the whole point of this: http://accoom.kd85.com/ Wim, Claudio or Andre Oppermann (FreeBSD dude) may be able to shed more light. Claudio committed a driver 2 weeks ago (musycc). Alternatively, you can take a pair of SDSL modems and run them back-to-back. This will hand off Ethernet at either end. The modems are relatively cheap on Ebay. There is a fair amount of info on the web about this type of setup if you google around. --Jason
Re: OT: phone line 2 ethernet converters
Depending on the distances and the electrical characteristics, you may want to consider some of the products that Cisco offers to provide wired high-speed in hotel rooms, dormitories and the like. They're specifically designed to run on lower-quality copper circuits with the corresponding drop in bandwidth, but if you can be happy with T1 speeds between you and your friend's house for the cost of a dry pair it might be just the thing for you. There's also things like HDSL adapters but then you need T1 CSUs or DSUs and routers, etc., oh my. Find out what kind of Nyquist frequencies the dry pair provider is willing to guarantee over what distances and then you can go from there. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gordon Grieder Sent: Tuesday, August 30, 2005 5:51 PM To: Gustavo Rios Cc: misc@openbsd.org Subject: Re: OT: phone line 2 ethernet converters On Tue, Aug 30, 2005 at 09:41:44PM -0300, Gustavo Rios wrote: > Dear friends, > > sorry for being off-topic, i am able to rent a pair of twist line (a > circuit) between my home and and friends one. I wonder if there exist > and ethernet extender device that could connect an ethernet cable to a > phone line. It would do no special work, just a raw connection between > 2 types of layer, i.e, take "bits" from one end and put it into the > another and vice-versa. .. > Does that exists ? I doubt it. Most voice line copper is Cat-3(?) We used to run Apple's LocalTalk across that type of twisted pair but only at speeds of 230 Kbps. Gord
Re: cheap mini-pci ral(4) cards
|The MSI MP54G4 (aka MSI MS-6833) seems to be readily available in |the US now. I just picked one up from www.thenerds.net but a cheaper |price can be found at newegg.com. It seems to work fine in my Sony |SRX77. | |The trick is to search for both the model name (MP54G4) and the |part number (MS-6833) since some stores list the card one way and |some the other. Just be careful which model you pick up. MSI, like many vendors has a habit of changing chipsets. For instance, the CB54G2 is a RT2500, but the CB54G is Broadcom. Regards, Ben.
Re: i386 branch on amd64
On Tue, 30 Aug 2005, Tony Lambiris wrote: > I know this will run fine, but will the dual-core and such be detected and > setup correctly, or is this an amd64 specific thing? it should, but it's hard to tell until somebody tests it. -- And that's why I won't have sex with you.
Re: OT: phone line 2 ethernet converters
On Tue, Aug 30, 2005 at 09:41:44PM -0300, Gustavo Rios wrote: > Dear friends, > > sorry for being off-topic, i am able to rent a pair of twist line (a > circuit) between my home and and friends one. I wonder if there exist > and ethernet extender device that could connect an ethernet cable to a > phone line. It would do no special work, just a raw connection between > 2 types of layer, i.e, take "bits" from one end and put it into the > another and vice-versa. .. > Does that exists ? I doubt it. Most voice line copper is Cat-3(?) We used to run Apple's LocalTalk across that type of twisted pair but only at speeds of 230 Kbps. Gord
Re: Smart Array 6i RAID controller (ciss)
Greg Petras wrote: I've read a few recent posts in the archive about this controller. I'm wondering what the status of this driver is? I noticed on the supported hardware list that it is supported, but the manpage for ciss looks like it's saying it won't be supported until 3.8. Is anyone actively using the driver in -current? Does it work? Does anyone have tips for getting it working on a DL 360? Thanks, Greg I have installed -current on several systems with 5i, 53xx and 6xxx controllers. I have not installed on a system with a 6i controller. I have not had any problems other than seeing 'ciss0: cmd_stat 2 scsi_stat 0x0' errors somewhat regularly. I have been running it on both x86 and amd64. I have not done any performance testing of the driver, but casual observation shows the driver performing well. I have been booting from the cd38.iso and installing without any issues. Thanks to mickey@ for writing the driver. It allows me to run on many more systems... mark
OT: phone line 2 ethernet converters
Dear friends, sorry for being off-topic, i am able to rent a pair of twist line (a circuit) between my home and and friends one. I wonder if there exist and ethernet extender device that could connect an ethernet cable to a phone line. It would do no special work, just a raw connection between 2 types of layer, i.e, take "bits" from one end and put it into the another and vice-versa. BTW: i am no engineer (CS Bachelor), so sorry if it sounds too stupid. Does that exists ? PS: yes, i am a user of OBSD and i am using this list cause i know no other best suited for this message, if possible, point me one possible "right" mailing list for such subject.
Re: Shouldn't OpenBSD X11 come out with "-nolisten tcp" as default?
I think one major reason other OSes have done '-nolisten tcp' by default is to encourage people to use X11 forwarding via ssh instead of xhost/etc, as the xhost way transmits in cleartext. Of course it can be argued that the user should be left to decide that themselves, so there's two sides to every issue Personally, if it's a workstation behind a pf firewall, I don't care. If not (as in my box at work where I don't control the network), then yes, I'll do the little things that may or may not help but do not hurt (assuming my usage doesn't require them), like this, turning off daemons I don't use (which if I have to use RedHat, are legion), and "PermitRootLogin No" in sshd_config. And if this *is* the pf box I'm talking about, I won't be running xdm. :-) -A
Re: exit serial console on F4
Matt, thanks for the tip, I mean cu : ) I went to the F4 terminal and typed at the login prompt login: ~^D [EOT] # Then I was able to successfully serial console in the term on fvwm X. Best regards, rogern John 3:16 From: Matt Provost <[EMAIL PROTECTED]> To: Roger Neth Jr <[EMAIL PROTECTED]> CC: misc@openbsd.org Subject: Re: exit serial console on F4 Date: Tue, 30 Aug 2005 11:16:29 -0700 On Aug 30 11:07 AM, Roger Neth Jr wrote: > Hello List, I am experimenting with serial consoles and had tty00 open on > fvwm X windows term. Closed the term and went to ctl-alt-F4 and logged in > root to cu -l tty00 and connected successfully. > I tried ^C and ^D to disconnect from the serial console without success. > What I am trying to do is open tty00 back on the fvwm X windows term but > ports are busy because tty00 is running on F4. > I did a quick FAQ and Google but did not find anything. > To disconnect from cu type enter then ~. Watch out because ssh also uses that sequence to disconnect - if you're going through ssh use ~~. so cu gets the disconnect and not ssh. Matt _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
chroot apache and timezone
hi there, considering that httpd is chrooted by default, would it be a bad idea to have etcXX.tgz contain /var/www/etc/localtime ? the install script could also create this file based on the timezone answer... or perhaps at least afterboot(8) could mention this... -f -- excuse me if i sound bitter... i taste that way too...
i386 branch on amd64
I know this will run fine, but will the dual-core and such be detected and setup correctly, or is this an amd64 specific thing? TIA. -- Tony Lambiris [ [EMAIL PROTECTED] ] "so if it is really hard for you then perhaps you are just retarded and need treatment w/ electricity and if that does not help then perhaps should not use computers..."
Re: MaxDB on 3.6? or just ndb_mgm[d ]?
From: John N. Brahy [mailto:[EMAIL PROTECTED] > I'm trying to build a OpenBSD mysql cluster and I haven't been able to > fully compile the mysql build tools that are required to compile the > MaxDB so I can get ndb_mgmd and ndb_mgm. Does anyone have a patch to > make it work or a package with those two binaries? John, the mysql cluster stuff is part of the stock mysql-4.1 source distribution nowadays. At a previous company we used it with 4.1.7 and higher. You shouldn't need to worry about MaxDB if you are after the cluster stuff (don't know if you might need it for other reasons, but...) To my knowledge you should just be able to compile mysql-4.1 with cluster it like any other app - there should be a configure switch that controls it. DS
MaxDB on 3.6? or just ndb_mgm[d ]?
I'm trying to build a OpenBSD mysql cluster and I haven't been able to fully compile the mysql build tools that are required to compile the MaxDB so I can get ndb_mgmd and ndb_mgm. Does anyone have a patch to make it work or a package with those two binaries? Thanks, John
Re: New device sporting OpenBSD
Don't they use ZynOS? 2005/8/30, Johan P. Lindstrvm <[EMAIL PROTECTED]>: > While making friends with my ZyXEL ZyWALL P1 adapters, using tcpdump > -novelf (pf.os as of 3.7-release), I noticed that they are identified > as running OpenBSD.
cheap mini-pci ral(4) cards
The MSI MP54G4 (aka MSI MS-6833) seems to be readily available in the US now. I just picked one up from www.thenerds.net but a cheaper price can be found at newegg.com. It seems to work fine in my Sony SRX77. The trick is to search for both the model name (MP54G4) and the part number (MS-6833) since some stores list the card one way and some the other. - todd
Re: web server pf problem
On Tuesday, August 30, 2005, [EMAIL PROTECTED] wrote: > So my problem is that i can't access any of my web server via internet but it works in local Locate these pf.conf rules: > block all > pass in on $ext_if proto tcp from any to $web_srv port 80 flags S/SA synproxy state > pass in on $ext_if proto tcp from any to $web1_srv port 81 flags S/SA synproxy state Change to: block log all pass in on $ext_if proto tcp from any to { $ext_if $web_srv } port 80 flags S/SA synproxy state pass in on $ext_if proto tcp from any to { $ext_if $web1_srv } port 80 flags S/SA synproxy state use tcpdump -i pflog0 -qntte for additional troubleshooting This should do it. -T --- Todd M. Boyer, CISSP President AutumnTECH, LLC [EMAIL PROTECTED] http://www.AutumnTECH.com AutumnTECH Manufactures Entire Network Protection Appliances that Identify Spam and Sanitize Dangerous E-mail Content ---
Re: frequency of ports-security mailing list updates?
Da Man wrote: > I've been subscribed to the ports-security mailing lists since mid > June 2005. Today I received a notice for a security update for > pcre-4.5p0. Out of habit I double checked against the 3.7 packages > errata page and noticed that there were a number of other updates > applicable to my system(tiff-3.6.1p6, netpbm-9.24p2) that I had not > received a notice for via ports-security. It looks like these updates > were uploaded to ftp.openbsd.org on 8/19 so it seems I should have > received a mail alert by now if in fact one was issued and barring any > delivery problems to my mailbox. > > As a matter of clarification, will an email alert be sent via the > ports-security mailing lists for all package errata? If not, what is > the recommended method being alerted to relevant changes? Do I need > to subscribe to ports-changes? > Don't know if you've considered this but you could run both cvsup and /usr/ports/infrastructure/build/out-of-date as a cronjob and mail yourself the results. You can usually surmise from the mailed output whether anything has changed since the last run. This is what I've been doing. Hope that helps. G
Re: Moving from 3.7-release to -stable: make build fails (i386)
Is there any particular reason why you do all these steps: > # export DESTDIR=/ > # export CFLAGS='-O3 -mcpu=athlon-xp -march=athlon-xp -mmmx > -msse -m3dnow > -mfpmath=sse' > # export CXXFLAGS=$CFLAGS > # cd etc > # make distrib-dirs > ... > # cd .. When the only thing you should need to do is: > # make build ???
web server pf problem
Hi I have a problem with openbsd with pf I try to do [(fxp0) - 100.0.100.10] -> [web server 1 (100.0.100.1)] | [openbsd (xl0)] <---> Internet | [(sis0) - 100.0.200.10] -> [web server 2 (100.0.200.1)] i hope it's enough clear... So my problem is that i can't access any of my web server via internet but it works in local What am i doing wrong ? did i forget something somewhere ? Im new to openbsd and pf sosorry Thanks for your help ** here is my pf.conf ** int_if = "fxp0" ext_if = "xl0" int1_if = "sis0" tcp_services = "{ 22, 113 }" icmp_types = "echoreq" priv_nets = "{ 127.0.0.0/8, 100.0.100.0/16, 100.0.200.0/16, 10.0.0.0/8 }" web_srv = "100.0.200.1" web1_srv = "100.0.100.1" set block-policy return set loginterface $ext_if scrub in all nat on $ext_if from $int_if:network to any -> ($ext_if) nat on $ext_if from $int1_if:network to any -> ($ext_if) rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021 rdr on $int1_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021 rdr on $ext_if proto tcp from any to any port 80 -> $web_srv port 80 rdr on $ext_if proto tcp from any to any port 81 -> $web1_srv port 81 block all pass quick on lo0 all block drop in quick on $ext_if from $priv_nets to any block drop out quick on $ext_if from any to $priv_nets pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services flags S/SA keep state pass in on $ext_if proto tcp from any to $web_srv port 80 flags S/SA synproxy state pass in on $ext_if proto tcp from any to $web1_srv port 81 flags S/SA synproxy state pass in on $ext_if inet proto tcp from port 20 to ($ext_if) user proxy flags S/SA keep state pass in inet proto icmp all icmp-type $icmp_types keep state pass in on $int_if from $int_if:network to any keep state pass in on $int1_if from $int1_if:network to any keep state pass out on $int_if from any to $int_if:network keep state pass out on $int1_if from any to $int1_if:network keep state pass out on $ext_if proto tcp all modulate state flags S/SA pass out on $ext_if proto { udp, icmp } all keep state - NetCourrier, votre bureau virtuel sur Internet : Mail, Agenda, Clubs, Toolbar... Web/Wap : www.netcourrier.com Tiliphone/Fax : 08 92 69 00 21 (0,34 TTC/min) Minitel: 3615 NETCOURRIER (0,16 TTC/min)
Re: exit serial console on F4
On Aug 30 11:07 AM, Roger Neth Jr wrote: > Hello List, I am experimenting with serial consoles and had tty00 open on > fvwm X windows term. Closed the term and went to ctl-alt-F4 and logged in > root to cu -l tty00 and connected successfully. > I tried ^C and ^D to disconnect from the serial console without success. > What I am trying to do is open tty00 back on the fvwm X windows term but > ports are busy because tty00 is running on F4. > I did a quick FAQ and Google but did not find anything. > To disconnect from cu type enter then ~. Watch out because ssh also uses that sequence to disconnect - if you're going through ssh use ~~. so cu gets the disconnect and not ssh. Matt
exit serial console on F4
Hello List, I am experimenting with serial consoles and had tty00 open on fvwm X windows term. Closed the term and went to ctl-alt-F4 and logged in root to cu -l tty00 and connected successfully. I tried ^C and ^D to disconnect from the serial console without success. What I am trying to do is open tty00 back on the fvwm X windows term but ports are busy because tty00 is running on F4. I did a quick FAQ and Google but did not find anything. Thank you, rogern http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Re: 3.8 beta requests
On 8/22/05, Theo de Raadt <[EMAIL PROTECTED]> wrote: > > >We are heading towards making the real 3.8 release soonish. I would > > >like to ask the community to do lots of testing over the next week if > > >they can. > > > > What is the best way to test? Should we be downloading snapshots daily? > > Install snapshots. Install snapshot packages. Try using it as if it > is the real 3.8. Tell us if things fail. By "tell us", should we be contacting the port maintainer directly, using "sendbug" or both? I've been testing 3.8 on a couple of i386 systems (soon sparc also), including installing more of the 3.8 beta packages than I would use normally. So far I am impressed by UP/MP performance, and have only found a couple of X applications (xtacy, xlock) failing on signal 11. Kevin Kadow
Message ("Your message dated Tue, 30 Aug 2005 12:24:28...")
Your message dated Tue, 30 Aug 2005 12:24:28 -0500 with subject "Returned mail: Data format error" has been submitted to the moderator of the HPC-NEWS list: [EMAIL PROTECTED]
Moving from 3.7-release to -stable: make build fails (i386)
My salutations to all, I'm a new user of OpenBSD, so I made sure to strictly stick to official instructions. I installed 3.7-release on my Athlon box (dmesg attached below - pretty typical gear), fetched the -stable branch # cd /usr # export [EMAIL PROTECTED]:/cvs # cvs -d$CVSROOT checkout -rOPENBSD_3_7 -P src rebuilt the GENERIC kernel (accordingly to the instructions found in FAQ5) and rebooted the machine. Then I decided to rebuild the userland: # cd /usr/src # rm -rf ../obj/* # make obj ... # export DESTDIR=/ # export CFLAGS='-O3 -mcpu=athlon-xp -march=athlon-xp -mmmx -msse -m3dnow -mfpmath=sse' # export CXXFLAGS=$CFLAGS # cd etc # make distrib-dirs ... # cd .. # make build ...(all seems to go well until...) ===> libcurses++ c++ -O3 -mcpu=athlon-xp -march=athlon-xp -mmmx -msse -m3dnow -mfpmath=sse -idirafter //usr/include/g++ -nostdinc -idirafter //usr/include -c /usr/src/lib/libcurses++/cursesapp.cc -o cursesapp.o c++ -O3 -mcpu=athlon-xp -march=athlon-xp -mmmx -msse -m3dnow -mfpmath=sse -idirafter //usr/include/g++ -nostdinc -idirafter //usr/include -c /usr/src/lib/libcurses++/cursesf.cc -o cursesf.o In file included from /usr/src/lib/libcurses++/cursesf.h:39, from /usr/src/lib/libcurses++/cursesf.cc:34: //usr/include/g++/cursesp.h:182: error: template with C linkage *** Error code 1 Stop in /usr/src/lib/libcurses++. *** Error code 1 Stop in /usr/src/lib. *** Error code 1 Stop in /usr/src (line 72 of Makefile). After some unsuccessful attempts to tweak the 'extern "C" {' blocks all around the filesystem I decided to skip building libcurses++ by removing the alike-named item from /usr/src/lib/Makefile. Wiped /usr/obj clean, 'make build' again. Runs much longer now, but eventually fails with another error elsewhere. I figure I need to get past libcurses++ in a regular way. Could you please give me a pointer as to how shall I accomplish that or what do I keep doing wrong? (Removing the CFLAGS and CXXFLAGS environment variables makes no difference.) My thanks and best regards - Roman Zilka --- # pkg_info ImageMagick-6.0.0-2p4 image processing tools ORBit2-2.12.0 high-performance CORBA Object Request Broker Xaw3d-1.5 3D Athena Widget set that looks like Motif atk-1.8.0 accessibility toolkit used by gtk+ aumix-2.8 full-screen ncurses or GTK-based audio mixer bash-3.0.16p0 GNU Bourne Again Shell bzip2-1.0.2 block-sorting file compressor, unencumbered cdparanoia-3.a9.8 CDDA reading utility with extra data verification features cdrtools-2.01 ISO 9660 filesystem and CD creation tools curl-7.11.2p0 get files from FTP, Gopher, HTTP or HTTPS servers dvd+rw-tools-5.21.4.10.8 mastering tools for DVD+RW/+R/-R/-RW esound-0.2.34 sound library for Enlightenment gconf2-2.8.1p0 configuration database system for GNOME gettext-0.10.40p2 GNU gettext ghostscript-7.05p5 GNU PostScript interpreter ghostscript-fonts-6.0 35 standard PostScript fonts with Adobe name aliases glib-1.2.10 useful routines for C programming glib2-2.4.8 general-purpose utility library gnome-mime-data-2.4.2 MIME and Application database for GNOME gnome-vfs2-2.8.3p0 GNOME Virtual File System gqview-1.4.5Gtk-based graphic file viewer gtk+-1.2.10p1 General Toolkit for X11 GUI gtk+2-2.4.14multi-platform graphical toolkit gv-3.5.8p4 PostScript and PDF previewer hicolor-icon-theme-0.5 high-color icon theme shell for GNOME and KDE jasper-1.701.0 reference implementation of JPEG-2000 jbigkit-1.5 lossless image compression library joe-2.9.8pre1p1 joe's own editor jpeg-6b IJG's JPEG compression utilities lame-3.96.1 lame ain't an MP3 encoder lcms-1.12p0 color management library libIDL-0.8.4IDL parsing library libaudiofile-0.2.6 SGI audiofile library clone libbonobo-2.8.0 GNOME component and compound document system libiconv-1.9.2 character set conversion library libogg-1.1.2Ogg bitstream library libungif-4.1.0b1tools and library routines for working with GIF images libvorbis-1.1.0p0 audio compression codec library libxml-2.6.16p0 XML parsing library links+-2.1pre16 graphics and text browser with javascript support lsof-4.69p0 list information about open files mc-4.6.1pre1p0 free Norton Commander clone with many useful features micq-0.5.0.1p0 text-based ICQ implementation mozilla-1.7.5-gtk2 open source version of the Netscape browser mplayer-1.0pre6ap0 Movie player supporting MPEG, DivX, AVI, ASF, MOV & more mutt-1.5.8i tty-based e-mail client, development version netpbm-9.24p1 toolkit for converting images between different formats openmotif-2.1.30.5 Motif toolkit pango-1.6.0 library for layout and rendering of text png-1.2.7p1 library for manipulating PNG images popt-1.7getopt(3)-like library with a number of enhancements shared-mime-info-0.1
Re: Hard Disk Password Security Info - Fujitsu-Siemens writeup
Fujitsu-Siemens writeup on disk password handling: http://vilpublic.fujitsu-siemens.com/vil/pc/vil/fast_facts/mainboards/pf_hddpassword_e.pdf
Re: DELL Latitude D400 without X
I actually hacked an existing util for NetBSD to run flawlessly on OpenBSD (I have a Dell inspiron 700m). You can get it here: http://lysergik.com/~tony/openbsd.phtml Baldur Sigurpsson wrote: hi use this thing: http://damien.bergamini.free.fr/i855vidctl/ just remember to put the command in /etc/rc.securelevel because on openbsd you cannot access some devices you need to, in contrast to linux. works on my dell inspiron 500m with the 855GM crap:) Regards, Baldur Uwe Dippel wrote: ... a continuation of around a year ago ('Warning: Possible Bug in BIOS DELL Latitude D400_A06 !') It is still valid for 3.7. In the meantime, the problem has turned out to be really a problem of crappy DELL BIOSes; now at A08 it still does the same: Any activation of X freezes the machine completely with a yellowish screen. 855wrap on http://www.chzsoft.com.ar/855patch.html solves this. On Linux. There you compile a binary and run it before starting X. On any machine. Now I tried to do the same on OpenBSD with the expected result:'Abort trap'. Not quite so expected was, that the source didn't want to compile on OpenBSD 3.7: make: don't know how to make %.c. Stop in .. I bet quite a few newer DELL notebooks are affected; and I appreciate any suggestion how to make it work on OpenBSD. I read the archives here and googled. No result. Uwe -- Tony Lambiris [ [EMAIL PROTECTED] ] "so if it is really hard for you then perhaps you are just retarded and need treatment w/ electricity and if that does not help then perhaps should not use computers..."
Re: i386 binaries on amd64
In reading some mailing lists, I noticed some people pass in the -m32 flag when compiling to compile 32bit instead of 64bit... I added the flag to the Makefile and everything compiles except when I try to link all the objects into an executable, I get these errors: /usr/bin/ld: warning: i386 architecture of input file `some.o' is incompatible with i386:x86-64 output Is compiling this way possible at all? Ted Unangst wrote: On Mon, 29 Aug 2005, Stuart Henderson wrote: --On 29 August 2005 16:34 -0500, Tony Lambiris wrote: Is there a way to compile something on i386 OpenBSD box to run on amd64? or is there a sysctl option I am missing? Cross-compiling between architectures is not supported, see list archives for reasons why. that's not the question he was asking, but the answer is no anyway. -- Tony Lambiris [ [EMAIL PROTECTED] ] "so if it is really hard for you then perhaps you are just retarded and need treatment w/ electricity and if that does not help then perhaps should not use computers..."
New device sporting OpenBSD
While making friends with my ZyXEL ZyWALL P1 adapters, using tcpdump -novelf (pf.os as of 3.7-release), I noticed that they are identified as running OpenBSD. This gave me that warm fuzzy feeling and I felt a need to share this, there we are... Have a nice evening! // Johan
Re: netstat - how to show PID
From: Miroslav Kubik [mailto:[EMAIL PROTECTED] > Is there a way how to show PID which belongs to the socket by netstat > command? I searched man pages but I haven't found any useful > switch for my > need. I searched in Linux man pages for netstat as well and > it seems that > Linux can do it by "p" switch. You can also use lsof from ports. > sudo lsof -i:514 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME syslogd 30119 _syslogd3u IPv4 0xd69d8000 0t0 UDP *:syslog DS
SOLVED: RE: isakmpd: section has no "ID-type" tag
It turns out that I did some copy&paste action when I was creating the [peer-ID] section. And even if there were no extra blank characters anywhere (I was careful to check that multiple times), somehow something was still messing with the parser. Brackets or =, something must have looked fine on screen yet the character code or something was wrong. I didn't follow through on that. The solution? Delete the whole section and retype it again exactly the way it was - by hand. Grrr, wasted 5 hours on this. Thanks for all suggestions off-list. Regards, Mitja > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Mitja Mu>enih > Sent: Tuesday, August 30, 2005 11:41 AM > To: misc@openbsd.org > Subject: Re: isakmpd: section has no "ID-type" tag > > I don't want to be annoying but I have people breathing down my back. > > Does anyone at all have a working [peer-ID] section in isakmpd.conf? > > I mean something similar to: > > [ABCD-peer] > Phase=1 > Transport=udp > Address=aaa.bbb.ccc.ddd > Configuration=ABCD-main-mode > ID=ABCD-ID > Authentication= > > [ABCD-ID] > ID-type=USER_FQDN > Name=yy > > No matter what I put in ID-type tag, I get > > 001543.959050 Default ipsec_id_size: section ABCD-ID has no > "ID-type" tag > > No spaces or other additional characters anywhere. Is this a > bug in parser? > > > i386, on 3.6-stable and -current.
Plant a Tree Today
Plant a Tree Today[IMAGE] Called ashvattha in Sanskrit, the peepal (Ficus religious) is a very large tree. Its bark is light grey, smooth and peels in patches. Its heart-shaped leaves have long, tapering tips. The slightest breeze makes them rustle. The fruit is purple when ripe. The peepal is the first-known depicted tree in India: a seal discovered at Mohenjodaro, one of the cities of the Indus Valley Civilisation (c. 3000 BC - 1700 BC), shows the peepal being worshipped. During the Vedic period, its wood was used to make fire by friction. The peepal is used extensively in Ayurveda. Its bark yields the tannin used in treating leather. Its leaves, when heated in ghee, are applied to cure wounds. To know more about this tree, click here.
Re: RAID Configuration
Jaisimharao Besadi wrote: Hi, I request you to provide me the material to configure RAID on windows 2003 server and also linux OS , I'm trying to get the hardware & software requirements for configuring RAID ( all levels ) Regards, Jaisimha Besadi & we require you to provide documentation for the SATA & RAID cards used in the IBM systems!
Re: Routing and firewall performance on older machines?
Ray Percival wrote: On Mon, Aug 29, 2005 at 05:22:13PM -0400, Peter Landry wrote: Hi, We're going to be doing some network restructuring, splitting our internal network into 2 separate IP networks (192.168.1.0 and 192.168.2.0). We currently have a Microsoft ISA firewall for our whole network (since it's just 1 ip network right now, 192.168.0.0). I've suggested replacing the ISA firewall with an OpenBSD machine with 3 NICs, to handle both routing between the two internet networks, and firewall out to the internet. It will just be a static route between the two internal networks, in addition to whatever routing is necessary for firewall/NAT (I'm not sure on this?). As far as the firewall is concerned, I don't think it will be a problem as far as performance goes (our internet connect is 2mbit, which shouldn't be hard to saturate). For the internal routing though, what kind of hardware would we need to keep the 2 gigabit networks connected at a decent speed? Amazing what happens when you bother to read and search just a bit. Almost has if you aren't the only person in the world asking this question. http://www.openbsd.org/faq/pf/perf.html :) We're looking at a p4 with a gig of ram - does that sound like it'll be a bottleneck? I figured that OpenBSD would lower the requirements for our firewall machine (less bloat) as well as increase security. Sorry if this is too general or vague a question - I did some searching on the archives and could only find references to performance of IPSec implementations, which we won't be using Thanks, I appreciate any responses/links/feedback, Peter L. Umm, although I have no actual experience with them, many of the people on this mailing list who do recommend SK network cards as they are more effficient than alot of other models. If you are shifting alot of traffic through your internal network this should stop your bus from being saturated as easily.(i think) From reading the faq that was post3ed previously 1g of ram and a p4 is overkill depending on how comple your ruleset it. having said that the p4 probably has a better bus architecture than an old p3. -2ds
Re: DELL Latitude D400 without X
hi use this thing: http://damien.bergamini.free.fr/i855vidctl/ just remember to put the command in /etc/rc.securelevel because on openbsd you cannot access some devices you need to, in contrast to linux. works on my dell inspiron 500m with the 855GM crap:) Regards, Baldur Uwe Dippel wrote: ... a continuation of around a year ago ('Warning: Possible Bug in BIOS DELL Latitude D400_A06 !') It is still valid for 3.7. In the meantime, the problem has turned out to be really a problem of crappy DELL BIOSes; now at A08 it still does the same: Any activation of X freezes the machine completely with a yellowish screen. 855wrap on http://www.chzsoft.com.ar/855patch.html solves this. On Linux. There you compile a binary and run it before starting X. On any machine. Now I tried to do the same on OpenBSD with the expected result:'Abort trap'. Not quite so expected was, that the source didn't want to compile on OpenBSD 3.7: make: don't know how to make %.c. Stop in .. I bet quite a few newer DELL notebooks are affected; and I appreciate any suggestion how to make it work on OpenBSD. I read the archives here and googled. No result. Uwe
Re: isakmpd: section has no "ID-type" tag
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mitja Mu>enih wrote: > I don't want to be annoying but I have people breathing down my back. Sorry to hear that. > > Does anyone at all have a working [peer-ID] section in isakmpd.conf? > Well, what I have looks like [...] [Phase 1] a.b.c.d=peer-remote [Phase 2] Passive-connections=vpn-remote-internal [peer-remote] Phase= 1 Transport= udp Address=a.b.c.d Local-Address= w.x.y.z Configuration= Default-main-mode Authentication= ohsosecret [vpn-remote-internal] Phase= 2 ISAKMP-peer=peer-remote Configuration= Default-quick-mode Local-ID= myself Remote-ID= remote [myself] ID-type=IPV4_ADDR_SUBNET Network=e.f.g.0 Netmask=255.255.255.0 [Phase2-ID] ID-type=FQDN Name= my.fq.dn [remote] ID-type=IPV4_ADDR_SUBNET Network=a.b.c.d Netmask=255.255.255.255 > I mean something similar to: > > [ABCD-peer] > Phase=1 > Transport=udp > Address=aaa.bbb.ccc.ddd > Configuration=ABCD-main-mode > ID=ABCD-ID > Authentication= > > [ABCD-ID] > ID-type=USER_FQDN > Name=yy > > No matter what I put in ID-type tag, I get > > 001543.959050 Default ipsec_id_size: section ABCD-ID has no "ID-type" tag > > No spaces or other additional characters anywhere. Is this a bug in parser? > > > i386, on 3.6-stable and -current. > > >>-Original Message- >>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >>On Behalf Of Mitja Mu>enih >>Sent: Tuesday, August 30, 2005 12:31 AM >>To: misc@openbsd.org >>Subject: isakmpd: section has no "ID-type" tag >> >>I've been working on this for hours after an already long >>day, so I'm tired. >>What am I missing here? >> >>001543.953108 Misc 95 conf_get_str: [ABCD-peer]:ID->ABCD-ID >>001543.956103 Misc 95 conf_get_str: configuration value not found >>[ABCD-ID]:ID-type >>001543.959050 Default ipsec_id_size: section ABCD-ID has no >>"ID-type" tag >>001543.962081 Default exchange_run: doi->initiator (0x8abf3400) failed >> >># cat isakmpd.conf >>[Phase 1] >>aaa.bbb.ccc.ddd=ABCD-peer >> >>[Phase 2] >>Connections=ABCD-conn >> >>[ABCD-peer] >>Phase=1 >>Transport=udp >>Address=aaa.bbb.ccc.ddd >>Configuration=ABCD-main-mode >>ID=ABCD-ID >>Authentication= >> >>[ABCD-ID] >>ID-type=USER_FQDN >>Name=yy >> >>[ABCD-conn] >>Phase=2 >>Configuration=ABCD-quick-mode >>ISAKMP-peer=ABCD-peer >>Local-ID=default-route >>Remote-ID=ABCD-net >> >>[default-route] >>ID-type=IPV4_ADDR_SUBNET >>Network=192.168.123.0 >>Netmask=255.255.255.0 >> >>[KLNR-net] >>ID-type=IPV4_ADDR_SUBNET >>Network=aaa.bbb.eee.0 >>Netmask=255.255.255.0 >> >>[ABCD-main-mode] >>DOI=IPSEC >>EXCHANGE_TYPE= AGGRESSIVE >>Transforms= 3DES-SHA >> >>[ABCD-quick-mode] >>DOI=IPSEC >>EXCHANGE_TYPE= QUICK_MODE >>Suites= QM-ESP-3DES-SHA-SUITE >> >> >>Sorry for the obfuscation, had to. No additional characters >>at the end of >>the lines in [ABCD-ID] section. >> >>Tried on 3.6-stable and latest snapshot, i386. >> >> >>Regards, Mitja > > - -- Markus Wernig UNIX/Network Security Engineer - -> GPG: markus.wernig.net/pubkey - CA558BF7 - -> Linux User Group Bern: lugbe.ch - -> Freie Software f. die Schweiz: wilhelmtux.ch *** The only thing necessary for the triumph of evil, is for good men to do nothing. - Edmund Burke *** iD8DBQFDFGIJ8BX/d8pVi/cRArLpAKCKz0o1LHo2C79iLlTTLiwrfqTt4ACg3jin YJLoH1detWYURWKDIfFBXh4= =YxQN -END PGP SIGNATURE-
Re: netstat - how to show PID
On Tue, Aug 30, 2005 at 03:30:01PM +0200, Miroslav Kubik wrote: > Is there a way how to show PID which belongs to the socket by netstat > command? I searched man pages but I haven't found any useful switch for my > need. I searched in Linux man pages for netstat as well and it seems that > Linux can do it by "p" switch. > > "-p, --program > Show the PID and name of the program to which each socket belongs." > > But what about OpenBSD? man fstat Regards, Simon P.S.: Missing Xref in netstat?
netstat - how to show PID
Hello Is there a way how to show PID which belongs to the socket by netstat command? I searched man pages but I haven't found any useful switch for my need. I searched in Linux man pages for netstat as well and it seems that Linux can do it by "p" switch. "-p, --program Show the PID and name of the program to which each socket belongs." But what about OpenBSD? Thank you Miroslav Kubik
Smart Array 6i RAID controller (ciss)
I've read a few recent posts in the archive about this controller. I'm wondering what the status of this driver is? I noticed on the supported hardware list that it is supported, but the manpage for ciss looks like it's saying it won't be supported until 3.8. Is anyone actively using the driver in -current? Does it work? Does anyone have tips for getting it working on a DL 360? Thanks, Greg
Re: problem with table directive in pf.conf
I resolv this. To view tables if no traffic, need to put option "persist": tables persist file "/etc/list_addresses"
Automatic response to your mail
This email has been disabled temporarily. Please insert a "3" between the sales and the @ sign and try again, as sales3 at plbm dot com. Thank you! Kurt Dekker PLBM Games
Re: firewall
On 8/29/05, azizan saad <[EMAIL PROTECTED]> wrote: > hello i`m z from malaysia.in my office my computer used internet explorer > 6.so i`m try to used netscape before and everything ok., but now we cannot > used the netscape coz block by firewall.so can u help me how to settle this > problem.before that i just change the proxy no. and can used.but now > cannot.then we are used administrator password to change another program or > install something.ok that all tq http://www.openbsd.org/faq/pf/index.html
trying for days now ... please help, don't know what's wrong with my mail server config
Hi, I'm trying to setup my own mail server with openbsd 3.7, sendmail and cyrus-sasl-2.1.20p3. I would like to use this server to send and receive mail with a pocketpc phone edition (connected via gprs). I can read mail without problems via pop3s (I'm using dovecot-0.99.14p0). BUT I'm not able to send mail. I tried two different sendmail configurations (config A + B, see below): Common Parameters of config A and B: define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl CONFIG A: define(`confAUTH_MECHANISMS',`CRAM-MD5 DIGEST-MD5')dnl TRUST_AUTH_MECH(`CRAM-MD5 DIGEST-MD5')dnl define(`confAUTH_OPTIONS', `p,y')dnl CONFIG B: define(`confAUTH_MECHANISMS',`PLAIN LOGIN CRAM-MD5 DIGEST-MD5')dnl TRUST_AUTH_MECH(`PLAIN LOGIN CRAM-MD5 DIGEST-MD5')dnl When I try to send mail via pocketpc, sendmail give the following output: Aug 30 13:51:18 djerba sm-mta[5618]: STARTTLS=server, error: accept failed=-1, SSL_error=1, timedout=0, errno=0 Aug 30 13:51:18 djerba sm-mta[5618]: STARTTLS=server: 5618:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:/usr/src/lib/libssl/src/ssl/s3_pkt.c:297: Aug 30 13:51:18 djerba sm-mta[5618]: j7UBo8vd005618: [213.13.53.38] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Here is part of the tcpflow output between server and gprs client: server to gprs client: START OUTPUT--- mytrial.net1^X0^V^F^CU^D^C^S^Omail.mytrial.net1$0"^F *<86>H<86>w^M^A [EMAIL PROTECTED]<82>^A70<82>^A+^F^G* <86>HN8^D^A0<82>^A^^^B<81><81>[EMAIL PROTECTED]|E]5|[l"gR<8E>LhlIPzcX]H4^O^U"GON!_r^ \<98><80>^N'<8E>S3^O<9A><88>@JM#:-8^X`y>nY&'j+,b <9E>,D6wOVEv<8A>^B^T4<^^4-q4U+-r<98>~*}<9F>*&^FN^V^C^A^@;[EMAIL PROTECTED]@7^@@ZX<^V Y<85>"<89>Pd/uoLJ<92>]Ke38^D{^Om<94>o<9C><8A>D^C mWFPSi<99>[)Wv'k"ST^Rb^Xt]^LvX^@>|[EMAIL PROTECTED]@@^<95>v GNP6s^Gj3*<8C>+L^A ^@<96>^_Cbw\^U38zfBE<95>z$Q!}<9A>%)#`y#^A^S^Vs^P V_<97>^?)\0S1P^D(M<93>[EMAIL PROTECTED],^B^Tlg Wd*<8B>|{RplK^E^DP^!xB^B^T^C<87>[EMAIL PROTECTED]><92>[EMAIL PROTECTED]@[EMAIL PROTECTED] D^C^D^A^B^@& [EMAIL PROTECTED]<81>!1^K0 ^F^CU^D^F^S^BLU1^S0^Q^F^CU^^S Test1^S0^Q^F^CU^D^G^S Test1^S0^Q^F^CU^D --- END OUTPUT After 1 minute: gprs client to server: START OUTPUT--- EHLO eten-m500a STARTTLS <80>[EMAIL PROTECTED]@[EMAIL PROTECTED]@^P^A^@<80>^C^@<80>^E^@<80>^G^@@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED] @ [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@4^ @^@:^ZUa<9A>QYe?^C<9E>J^T^? IpQUIT --- END OUPUT That's it, tcpflow did not capture more traffic, mail session is now terminated and mail was not send. I really don't understand what's wrong or what I should try. I have been searching and googling around for days now. I would really appreciate some help. Many thanks Didier
Re: OpenBox in OpenBSD
On 8/30/05, Alari Kask <[EMAIL PROTECTED]> wrote: > I put together some tips, to get openbox up and running quickly in > openbsd, maybe someone find it helpful :-) > > http://php.khk.tartu.ee/~alari/ > > That desktop looks very nice, thanks for the hints! // Johan
DELL Latitude D400 without X
... a continuation of around a year ago ('Warning: Possible Bug in BIOS DELL Latitude D400_A06 !') It is still valid for 3.7. In the meantime, the problem has turned out to be really a problem of crappy DELL BIOSes; now at A08 it still does the same: Any activation of X freezes the machine completely with a yellowish screen. 855wrap on http://www.chzsoft.com.ar/855patch.html solves this. On Linux. There you compile a binary and run it before starting X. On any machine. Now I tried to do the same on OpenBSD with the expected result:'Abort trap'. Not quite so expected was, that the source didn't want to compile on OpenBSD 3.7: make: don't know how to make %.c. Stop in .. I bet quite a few newer DELL notebooks are affected; and I appreciate any suggestion how to make it work on OpenBSD. I read the archives here and googled. No result. Uwe
Re: problem with table directive in pf.conf
I use FreeBSD 5.4, not OpenBSD. But i dont think that this is the problem! pf.conf have same format.
Re: Complete disk disaster
> I hope you are not storing any valuable data on a 10 year old hdd... > Yes, of course. I have a ddefinitive answer now. After some days of use, the disk failed again. I changed the drive to another computer, and after compiling some ports, some disk read failures came again, causing segfaults. I was paranoid, and just to confirm , I tried to install debian linux on it. I could not even fisnish the install cause some disk read failures lead to segmentation faults. The disk is now disassembled on my desk. The encloruse is removed. I am looking at the spinning disk, the heads, the control system. If is indeed an incredible beautiful machine that the man created. Just to destroy it, I plug the cables with the enclosure opened. I created a ffs file system on it, I mounted it, I copyied some files on it, some were copyied, some not, the errors were frecuent. I has been an amazing experience seeing how heads move to find the data on the disk. The disk is on the trash now. 2 weeks of free time wasted, but many things learned! Thank you very much. Tomorrow I will buy a new HD only for OpenBSD. Ramiro.
Re: setting mtu on sis
it will work in 3.8 and later. On Tue, Aug 30, 2005 at 12:14:32AM +0200, [EMAIL PROTECTED] wrote: > Hello! > >Can you please confirm if it is possible to set the mtu on cards > using the sis driver (I have a Netgear FA311, based on the DP 83816 > chip)? > >I am trying to change the mtu with: > > # ifconfig sis1 192.168.0.3 netmask 255.255.255.0 mtu 1444 > > but keep getting a > > SIOCSIFMTU: Invalid argument > > error. Thanks in advance for your replies. > > --- > Rob > > > > > Libero Flat, sempre a 4 Mega a 19,95 euro al mese! > Abbonati subito su http://www.libero.it
Re: problem with table directive in pf.conf
vladone wrote: Hi! I want to use table directive in pf.conf, but not work My pf.conf is: My pf.conf is: (and with attachament) ext_if="rl0"# replace with actual external interface name i.e., dc0 int_if="fxp0" # replace with actual internal interface name i.e., dc1 table { 192.0.2.0/24 } I try to load pf.conf: #pfctl -e -f /etc/pf.conf pf enabled #pfctl -T show -t list1 pfctl: Table does not exist. If i use pfctl to add entry in table, work. #pfctl -t list1 -T add 192.168.2.0/24 1 table created. 1/1 addresses added. #pfctl -T show -t list1 192.168.2.0/24 Another observation: If i make an intentional mistake in pf.conf and then try to load file, i receive an error. So file is loaded. Where is the problem? Which OpenBSD version you use?
OpenBox in OpenBSD
I put together some tips, to get openbox up and running quickly in openbsd, maybe someone find it helpful :-) http://php.khk.tartu.ee/~alari/
IBM Thinkpad X41 report?
Dear crowd, just resumed my work on i386-laptop.html after vacation, and I noticed we don't have any reports on the IBM/Lenovo Thinkpad X41. Does anyone out there have this machine running under OpenBSD? Please report. Best, -- Alexander "grunk" von Gernler PGP key 0xEBC27515 http://www.de.openbsd.org/ -- Free, functional, secure
Re: isakmpd: section has no "ID-type" tag
I don't want to be annoying but I have people breathing down my back. Does anyone at all have a working [peer-ID] section in isakmpd.conf? I mean something similar to: [ABCD-peer] Phase=1 Transport=udp Address=aaa.bbb.ccc.ddd Configuration=ABCD-main-mode ID=ABCD-ID Authentication= [ABCD-ID] ID-type=USER_FQDN Name=yy No matter what I put in ID-type tag, I get 001543.959050 Default ipsec_id_size: section ABCD-ID has no "ID-type" tag No spaces or other additional characters anywhere. Is this a bug in parser? i386, on 3.6-stable and -current. > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Mitja Mu>enih > Sent: Tuesday, August 30, 2005 12:31 AM > To: misc@openbsd.org > Subject: isakmpd: section has no "ID-type" tag > > I've been working on this for hours after an already long > day, so I'm tired. > What am I missing here? > > 001543.953108 Misc 95 conf_get_str: [ABCD-peer]:ID->ABCD-ID > 001543.956103 Misc 95 conf_get_str: configuration value not found > [ABCD-ID]:ID-type > 001543.959050 Default ipsec_id_size: section ABCD-ID has no > "ID-type" tag > 001543.962081 Default exchange_run: doi->initiator (0x8abf3400) failed > > # cat isakmpd.conf > [Phase 1] > aaa.bbb.ccc.ddd=ABCD-peer > > [Phase 2] > Connections=ABCD-conn > > [ABCD-peer] > Phase=1 > Transport=udp > Address=aaa.bbb.ccc.ddd > Configuration=ABCD-main-mode > ID=ABCD-ID > Authentication= > > [ABCD-ID] > ID-type=USER_FQDN > Name=yy > > [ABCD-conn] > Phase=2 > Configuration=ABCD-quick-mode > ISAKMP-peer=ABCD-peer > Local-ID=default-route > Remote-ID=ABCD-net > > [default-route] > ID-type=IPV4_ADDR_SUBNET > Network=192.168.123.0 > Netmask=255.255.255.0 > > [KLNR-net] > ID-type=IPV4_ADDR_SUBNET > Network=aaa.bbb.eee.0 > Netmask=255.255.255.0 > > [ABCD-main-mode] > DOI=IPSEC > EXCHANGE_TYPE= AGGRESSIVE > Transforms= 3DES-SHA > > [ABCD-quick-mode] > DOI=IPSEC > EXCHANGE_TYPE= QUICK_MODE > Suites= QM-ESP-3DES-SHA-SUITE > > > Sorry for the obfuscation, had to. No additional characters > at the end of > the lines in [ABCD-ID] section. > > Tried on 3.6-stable and latest snapshot, i386. > > > Regards, Mitja
problem with table directive in pf.conf
Hi! I want to use table directive in pf.conf, but not work My pf.conf is: My pf.conf is: (and with attachament) ext_if="rl0"# replace with actual external interface name i.e., dc0 int_if="fxp0" # replace with actual internal interface name i.e., dc1 table { 192.0.2.0/24 } I try to load pf.conf: #pfctl -e -f /etc/pf.conf pf enabled #pfctl -T show -t list1 pfctl: Table does not exist. If i use pfctl to add entry in table, work. #pfctl -t list1 -T add 192.168.2.0/24 1 table created. 1/1 addresses added. #pfctl -T show -t list1 192.168.2.0/24 Another observation: If i make an intentional mistake in pf.conf and then try to load file, i receive an error. So file is loaded. Where is the problem?
Re: BSD PPPoA Hardware
On Saturday 27 August 2005 16:36, Simon Morgan wrote: > On 8/27/05, poncenby <[EMAIL PROTECTED]> wrote: > > i've been using an Alcatel Speedtouch usb modem with openbsd 3.7 with no > > problems. take a look...http://www.speedtouchdsl.com/prod330.htm > > How stable has it been? I use the same modem on a Sun Ultra 5 (sparc64) running OpenBSD 3.6 - it is very stable, currently my ADSL line's uptime is 160 days without interruption.
Re: bgpd bug with announcing /24 networks.
Hi Claudio, > > It looks like the output is not from the same box. > bgpctl will always include a netmask but other tools try to be smart and > leave them away if it is obvious. So please try to find out what kind of > netmask the other bgp router added to his fib. Btw on my box this seems to be ok. But on peer router (Foundry...) seems to have not the right netmask... > Btw it works for me: >> bgpctl network add 10.218.105.0/24 > request sent. I will try that > >> bgpctl show rib 10/8 all > flags: * = Valid, > = Selected, I = via IBGP, A = Announced > origin: i = IGP, e = EGP, ? = Incomplete > > flags destination gateway lpref med aspath origin > ... > *>10.218.105.0/24 194.42.48.2100 0 65001 i rib seems to be ok... since I get the right values... :/ I keep investigating that... /Xavier
Re: problems using usb keyboard on sunblade 100
Hi, I followed all the suggested solutions to mend the not responding keyboard on my sunblade 100 but unfortunately I didn't succeed. Here a quick overview: - OpenBoot version is 4.17.1. ( I've applied sun patch 79 as recommended in the install notes, hence I think the OpenBoot is running the newest firmware version.) - the keyboard works in OpenBoot mode and stops, except for the CapsLock and NumLock keys where I can see the LED blink when the keys are pressed, working after OpenBSD is booted. - I corrected the keyboard encoding using wsconsctl keyboard.enconding=sv (also made it permanent in /etc/wsconsctl.conf - wsconscfg -k issued on tty /dev/ttyp0 gives the following error message "wsconscfg: WSMUX_ADD_DEVICE: Device not configured" - unfortunately I've no usb keyboard with English layout to test with. Thanks for all your help mark dmesg: OpenBSD 3.8-beta (GENERIC) #596: Wed Aug 24 07:36:33 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC total memory = 1073741824 avail memory = 968990720 using 6553 buffers containing 53682176 bytes of memory bootpath: /[EMAIL PROTECTED],0/[EMAIL PROTECTED],0/[EMAIL PROTECTED],0 mainbus0 (root): Sun Blade 100 (UltraSPARC-IIe) cpu0 at mainbus0: SUNW,UltraSPARC-IIe @ 502 MHz, version 0 FPU cpu0: physical 32K instruction (32 b/l), 16K data (32 b/l), 1024K external (64 b/l) psycho0 at mainbus0 pci108e,a001: impl 0, version 0: ign 7c0 bus range 0 to 1; PCI bus 0 DVMA map: c000 to e000 IOTDB: 4d0a000 to 4d8a000 pci0 at psycho0 ebus0 at pci0 dev 12 function 0 "Sun PCIO Ebus2 (US III)" rev 0x01 flashprom at ebus0 addr 0-f not configured clock1 at ebus0 addr 0-1fff: mk48t59: hostid 83087c13 ebus_attach: idprom: incomplete gem0 at pci0 dev 12 function 1 "Sun ERI Ether" rev 0x01: ivec 3006, address 00:0 3:ba:08:7c:13 ukphy0 at gem0 phy 1: Generic IEEE 802.3u media interface ukphy0: OUI 0x0010dd, model 0x0002, rev. 1 "Sun FireWire" rev 0x01 at pci0 dev 12 function 2 not configured ohci0 at pci0 dev 12 function 3 "Sun USB" rev 0x01: ivec 24, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: Sun OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered ebus1 at pci0 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00 dma at ebus1 addr 0- ipl 42 not configured power at ebus1 addr 800-82f ipl 32 not configured com0 at ebus1 addr 3f8-3ff ipl 43: ns16550a, 16 byte fifo com1 at ebus1 addr 2e8-2ef ipl 43: ns16550a, 16 byte fifo "Acer Labs M7101 Power" rev 0x00 at pci0 dev 3 function 0 not configured autri0 at pci0 dev 8 function 0 "Acer Labs M5451 Audio" rev 0x01: ivec 23 ac97: codec id 0x41445348 (Analog Devices AD1881A) ac97: codec features headphone, Analog Devices Phat Stereo audio0 at autri0 midi0 at autri0: <4DWAVE MIDI UART> pciide0 at pci0 dev 13 function 0 "Acer Labs M5229 UDMA IDE" rev 0xc3: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using ivec 180c for native-PCI interrupt wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA, 21557MB, 44150400 sectors atapiscsi0 at pciide0 channel 0 drive 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 cd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) ppb0 at pci0 dev 5 function 0 "DEC 21152 PCI-PCI" rev 0x03 pci1 at ppb0 bus 1 vgafb0 at pci1 dev 1 function 0 "Intergraph Expert3D" rev 0x00 vgafb0: failed to find all ports vgafb1 at pci0 dev 19 function 0 "ATI Rage XL" rev 0x27 wsdisplay0 at vgafb1 wsdisplay0: screen 0 added (std, sun emulation) pcons0 at mainbus0 No counter-timer -- using %tick at 502MHz as system clock. uhidev0 at uhub0 port 1 configuration 1 interface 0 uhidev0: Sun Microsystems Type 6 Keyboard, rev 1.00/1.02, addr 2, iclass 3/1 ukbd0 at uhidev0: 8 modifier keys, 6 key codes wskbd0 at ukbd0: console keyboard uhidev1 at uhub0 port 2 configuration 1 interface 0 uhidev1: Sun Microsystems Type 6 Mouse, rev 1.00/1.02, addr 3, iclass 3/1 ums0 at uhidev1: 3 buttons wsmouse0 at ums0 root on wd0a rootdev=0xc00 rrootdev=0x1a00 rawdev=0x1a02