Re: routing question - why one way?

[Rod.. Whitworth]

On Thu, 1 Sep 2005 01:01:08 -0400, Bill wrote:

>OBSD 3.7 - new install
>
>I am building a router.  And I am having a routing problem.  I am not
>doing any packet filtering, NAT or anything... its all strictly private
>address space nets I also most definately have ip forwarding set in
>sysctl
>
>Right now I have the router installed with two active interfaces...
>
>Segment A (192.168.0.4) interface on the router 
>Segment B (10.3.0.1) interface on the router
>
>Now I have a machine on each segment also:
>
>192.168.0.2 (Segment A)
>10.3.50.1 (Segment B)
>
>Segment B has the default gateway set to 192.168.0.2
>(192.168.0.2 then passes out to the internet )
>
>From 10.3.50.1 my default gateway on is the 10.3.0.1 (router nic).  I
>can ping any of the other interface cards on the router (there are a
>few) including the 192.168.0.4 interface on the router.  But I cannot
>ping the 192.168.0.2 machine.
>
>* WAIT * I know what you are going to say... but I DO have the ip
>forwarding set
>
># sysctl -a | grep forward 
>net.inet.ip.forwarding=1
>
>I checked many times since.
>
>Now, if I go to the 192.168.0.2 machine, I added a route so it knows
>where the 10.3.0.0 network is, and I can ping the 10.3.50.1 machine no
>problem.  I can also ping all the other nic's on the router.  So the
>router is forwarding packets.  
>
>So if the pings can get from 192.168.0.2 to 10.3.50.1, the ping
>responses from 10.3.50.1 should be able to be returned from the
>192.168.0.2 box back no problem.
>
>I am not sure where the pings are being lost... if the machine on
>segment A knows how to reach segment B and can ping it... doesn't that
>mean the segment B machine essentially can get pings back if it sends
>them to Segment A?  Segment A is its default route.
>
>Confused...
>
>Any help would be greatly appreciated
>
>All the boxes are obsd 3.7 except for the 10.3.50.1 box which is linux
>
>
>
>
>
>
>-- 
>
>Bill Chmura
>Director of Internet Technology
>Explosivo ITG
>Wolcott, CT
>
>p: 860.621.8693
>e: [EMAIL PROTECTED]
>w. http://www.explosivo.com
>
>


I'm sure that you know what you mean but what you have stated about the
networks and host is ambiguous.

Let's see if I guess correctly in phrasing it a little differently. If
not you have a better chance to correct the impression.

There are 2 private networks:
192.168.0.0/24
10.3.0.0/8   <- maybe you use a /24 but /8 is the "natural" for a 10.
network

You have 3 hosts:
A router with 2 NICs, 192.168.0.4 and 10.3.0.1
One with a NIC = 192.168.0.2 (connected to the router on its
192.168.0.4 NIC) It also has another NIC that connects to the internet
(somehow)
One with a NIC = 10.3.50.1 (connected to the router NIC 10.3.0.1)

So far so good?

Well really you have 2 routers there. The one you called a router plus
the 192.168.0.2 host.
The latter will need to have forwarding on as well as the one you
called Router in your post.

Your first router will need to have its default gateway set to
192.168.0.2 for traffic from the 10. network to get to the 'net.

Looking at nststat -rnf inet on your Openbsd boxes might be
enlightening and should be posted as a part of your question.
 The Linux box only needs netstat -rn as it defaults to the inet
family.

Forget the term segments. It is confusing where you have no
segmentation.
Make sure ALL machines on your 10. network have a netmask of 255.0.0.0
for "purity" because you need at least 255.255.192.0 (math done in head
at end of day - please check!) to get that third octet (50) covered.

Let's see where that gets you.
>From the land "down under": Australia.
Do we look  from up over?

Do NOT CC me - I am subscribed to the list.
Replies to the sender address will fail except from the list-server.

Re: routing question - why one way?

[Bill]

Sorry for the confusion...

I will try to summarize...

I have a machine on each side of a router I am building (3.7).

One one side it is a firewall connected to the internet (192.168.0.2/24)
On the other side it is a linux notebook (10.4.50.1/16)

>From linux I can ping any interface on the router
But I cannot ping the firewall  (packets just lost)

>From the firewall, I can ping any interface on the router and also the
linux notebook.

I have IP forwarding enabled, and do NOT have PF running.

> > # sysctl -a | grep forward
> > net.inet.ip.forwarding=1

The whole shebangs default gateway's head out through the firewall.  I
added the route into the firewall so it could find the 10.4.0.0 network.

A traceroute from the firewall to the notebook shows
1  192.168.0.4 (192.168.0.4)  2.219 ms  0.320 ms  0.276 ms
2  10.4.50.1 (10.4.50.1)  0.429 ms  0.513 ms  0.376 ms

A traceroute from the notebook to the firewall shows
1  10.4.0.1 (10.4.0.1)  0.136 ms  0.070 ms  0.061 ms
2 * * *
3 * * *
4 * * *
etc, etc...

What baffles me is that it seems as though the packets are not finding
thier way back once they get to the router (10.4.0.1) but the machine I
am pinging is along the default route, and that machine can find its
way to the notebook.

I can also ping the 192.168.0.4 from the notebook, so it knows how to
get to that segment, it seems to be not forwarding though.

This is the routers table:
Internet:
DestinationGatewayFlagsRefs  UseMtu
Interface default192.168.0.2UGS 0
841  -   em0 10.2/16link#2 UC
00  -   em1 10.3/16link#3
UC  00  -   em2 10.4/16
link#4 UC  00  -   em3 10.4.50.1  
00:02:a5:6c:59:2f  UHLc06  -   em3
10.5/16link#5 UC  00  -
em4 10.6/16link#7 UC  00
-   em6 10.7/16link#8 UC  0
0  -   em7 loopback   localhost  UGRS
00  33224   lo0 localhost  localhost
UH  0  604  33224   lo0 192.168.0/24
link#1 UC  00  -   em0 192.168.0.2
00:60:97:5b:72:45  UHLc0  252  -   em0
192.168.0.500:01:e6:81:c7:05  UHLc02  -
em0 192.168.0.198  00:0b:cd:07:8f:45  UHLc0 1520
-   em0 BASE-ADDRESS.MCAST localhost  URS 00
33224   lo0



On Wed, 31 Aug 2005 22:50:26 -0700
Bryan Irvine <[EMAIL PROTECTED]> wrote:

> That was kind of hard to follow.
> 
> Can you post traceroutes?
> 
> 
> --Bryan
> 
> On 8/31/05, Bill <[EMAIL PROTECTED]> wrote:
> > OBSD 3.7 - new install
> > 
> > I am building a router.  And I am having a routing problem.  I am not
> > doing any packet filtering, NAT or anything... its all strictly private
> > address space nets I also most definately have ip forwarding set in
> > sysctl
> > 
> > Right now I have the router installed with two active interfaces...
> > 
> > Segment A (192.168.0.4) interface on the router
> > Segment B (10.3.0.1) interface on the router
> > 
> > Now I have a machine on each segment also:
> > 
> > 192.168.0.2 (Segment A)
> > 10.3.50.1 (Segment B)
> > 
> > Segment B has the default gateway set to 192.168.0.2
> > (192.168.0.2 then passes out to the internet )
> > 
> > From 10.3.50.1 my default gateway on is the 10.3.0.1 (router nic).  I
> > can ping any of the other interface cards on the router (there are a
> > few) including the 192.168.0.4 interface on the router.  But I cannot
> > ping the 192.168.0.2 machine.
> > 
> > * WAIT * I know what you are going to say... but I DO have the ip
> > forwarding set
> > 
> > # sysctl -a | grep forward
> > net.inet.ip.forwarding=1
> > 
> > I checked many times since.
> > 
> > Now, if I go to the 192.168.0.2 machine, I added a route so it knows
> > where the 10.3.0.0 network is, and I can ping the 10.3.50.1 machine no
> > problem.  I can also ping all the other nic's on the router.  So the
> > router is forwarding packets.
> > 
> > So if the pings can get from 192.168.0.2 to 10.3.50.1, the ping
> > responses from 10.3.50.1 should be able to be returned from the
> > 192.168.0.2 box back no problem.
> > 
> > I am not sure where the pings are being lost... if the machine on
> > segment A knows how to reach segment B and can ping it... doesn't that
> > mean the segment B machine essentially can get pings back if it sends
> > them to Segment A?  Segment A is its default route.
> > 
> > Confused...
> > 
> > Any help would be greatly appreciated
> > 
> > All the boxes are obsd 3.7 except for the 10.3.50.1 box which is linux
> > 
> > 
> > 
> > 
> > 
> > 
> > --
> > 
> > Bill Chmura
> > Director of Internet Technology
> > Explosivo ITG
> > Wolcott, CT
> > 
> > p: 860.621.8693
> > e: [EMAIL PROTECTED]
> > w. http://www.explosivo.com
> > 
> >


-- 

Bill Chmura
Director of Internet Technol

Re: routing question - why one way?

[Bryan Irvine]

That was kind of hard to follow.

Can you post traceroutes?


--Bryan

On 8/31/05, Bill <[EMAIL PROTECTED]> wrote:
> OBSD 3.7 - new install
> 
> I am building a router.  And I am having a routing problem.  I am not
> doing any packet filtering, NAT or anything... its all strictly private
> address space nets I also most definately have ip forwarding set in
> sysctl
> 
> Right now I have the router installed with two active interfaces...
> 
> Segment A (192.168.0.4) interface on the router
> Segment B (10.3.0.1) interface on the router
> 
> Now I have a machine on each segment also:
> 
> 192.168.0.2 (Segment A)
> 10.3.50.1 (Segment B)
> 
> Segment B has the default gateway set to 192.168.0.2
> (192.168.0.2 then passes out to the internet )
> 
> From 10.3.50.1 my default gateway on is the 10.3.0.1 (router nic).  I
> can ping any of the other interface cards on the router (there are a
> few) including the 192.168.0.4 interface on the router.  But I cannot
> ping the 192.168.0.2 machine.
> 
> * WAIT * I know what you are going to say... but I DO have the ip
> forwarding set
> 
> # sysctl -a | grep forward
> net.inet.ip.forwarding=1
> 
> I checked many times since.
> 
> Now, if I go to the 192.168.0.2 machine, I added a route so it knows
> where the 10.3.0.0 network is, and I can ping the 10.3.50.1 machine no
> problem.  I can also ping all the other nic's on the router.  So the
> router is forwarding packets.
> 
> So if the pings can get from 192.168.0.2 to 10.3.50.1, the ping
> responses from 10.3.50.1 should be able to be returned from the
> 192.168.0.2 box back no problem.
> 
> I am not sure where the pings are being lost... if the machine on
> segment A knows how to reach segment B and can ping it... doesn't that
> mean the segment B machine essentially can get pings back if it sends
> them to Segment A?  Segment A is its default route.
> 
> Confused...
> 
> Any help would be greatly appreciated
> 
> All the boxes are obsd 3.7 except for the 10.3.50.1 box which is linux
> 
> 
> 
> 
> 
> 
> --
> 
> Bill Chmura
> Director of Internet Technology
> Explosivo ITG
> Wolcott, CT
> 
> p: 860.621.8693
> e: [EMAIL PROTECTED]
> w. http://www.explosivo.com

routing question - why one way?

[Bill]

OBSD 3.7 - new install

I am building a router.  And I am having a routing problem.  I am not
doing any packet filtering, NAT or anything... its all strictly private
address space nets I also most definately have ip forwarding set in
sysctl

Right now I have the router installed with two active interfaces...

Segment A (192.168.0.4) interface on the router 
Segment B (10.3.0.1) interface on the router

Now I have a machine on each segment also:

192.168.0.2 (Segment A)
10.3.50.1 (Segment B)

Segment B has the default gateway set to 192.168.0.2
(192.168.0.2 then passes out to the internet )

>From 10.3.50.1 my default gateway on is the 10.3.0.1 (router nic).  I
can ping any of the other interface cards on the router (there are a
few) including the 192.168.0.4 interface on the router.  But I cannot
ping the 192.168.0.2 machine.

* WAIT * I know what you are going to say... but I DO have the ip
forwarding set

# sysctl -a | grep forward 
net.inet.ip.forwarding=1

I checked many times since.

Now, if I go to the 192.168.0.2 machine, I added a route so it knows
where the 10.3.0.0 network is, and I can ping the 10.3.50.1 machine no
problem.  I can also ping all the other nic's on the router.  So the
router is forwarding packets.  

So if the pings can get from 192.168.0.2 to 10.3.50.1, the ping
responses from 10.3.50.1 should be able to be returned from the
192.168.0.2 box back no problem.

I am not sure where the pings are being lost... if the machine on
segment A knows how to reach segment B and can ping it... doesn't that
mean the segment B machine essentially can get pings back if it sends
them to Segment A?  Segment A is its default route.

Confused...

Any help would be greatly appreciated

All the boxes are obsd 3.7 except for the 10.3.50.1 box which is linux






-- 

Bill Chmura
Director of Internet Technology
Explosivo ITG
Wolcott, CT

p: 860.621.8693
e: [EMAIL PROTECTED]
w. http://www.explosivo.com

Engaging the IT Channel

[echannellineusa]

  Having trouble viewing our HTML mailer? View it online here.

[IMAGE]

  You are receiving this email as a subscribed reader of eChannelLine
  Daily News.
  To modify your subscription, please visit here.

Re: [0dS] vulnerability in theo's asshole

[Arnaud Bergeron]

[snipped stupid message]

This should be reported to hushmail.  As it was not directed toward me
I did not do it.  However I took the time to find the right place to
do it.

Here is the link :
https://www.hushmail.com/contact/index.php?PHPSESSID=e784385b72dd436bb2affa3a4e020419

Try this one if the above doesn't work:
https://www.hushmail.com/contact/?area=Abuse%20and%20Spam

-- 
"They allowed us to set up a separate division almost, that is physically,
geographically, psychologically and spiritually different from what Bill 
himself calls the Borg"
 - Peter Moore, V.P. in charge of Xbox 360 marketing at Microsoft.

Openbsd 3.7 Dial In server

[Luke Fahey]

Hi Guys and Girls,

Im after some help in setting up an openbsd 3.7 dial in server.

Basically I have a home network that is running an Ipcop firewall server
on a 1.5mb connection and an openbsd mail / web server.

Im wanting to setup an openbsd dial in server so I can dial in to my
home network and connect to the internet and internal services such as
mail etc.

Does anyone have any guides etc on how to go about setting it up.

Any help would be greatly appreciated

Cheers

Luke

Re: MaxDB on 3.6? or just ndb_mgm[d ]?

[John Brahy]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Spruell, Darren-Perot
> Sent: Tuesday, August 30, 2005 1:11 PM
> To: misc@openbsd.org
> Subject: Re: MaxDB on 3.6? or just ndb_mgm[d ]?
> 
> From: John N. Brahy [mailto:[EMAIL PROTECTED]
> > I'm trying to build a OpenBSD mysql cluster and I haven't been able to 
> > fully compile the mysql build tools that are required to compile the 
> > MaxDB so I can get ndb_mgmd and ndb_mgm. Does anyone have a patch to 
> > make it work or a package with those two binaries?
> 
> John, the mysql cluster stuff is part of the stock mysql-4.1 source
distribution nowadays. At a previous company we used it with 4.1.7 and
higher. You shouldn't need to worry about MaxDB if you are after the cluster
stuff (don't know if you might need it for other reasons, but...)
> 
> To my knowledge you should just be able to compile mysql-4.1 with cluster
it like any other app - there should be a configure switch that controls it.
> 
> DS

Just for the archives I have three servers, one 3.5 and two 3.6 servers. I
tried to upgrade but 3.7 doesn't work with Dell PERC 3/Di raid arrays so I'm
stuck with older versions right now. 

I tried all the available binary versions of mysql and there were different
problems with each and the one for 3.5 was a beta version anyway. 
But, thanks to OpenBSD's linux emulation I was able to install the
/usr/ports/emul/redhat emulation port and then download statically linked
versions of linux mysql 4.1.14 max now everything is working fine.

Re: panic w/ 3.8-beta (duplicate free)

[Adam]

I just got this panic too, but I am running a July 2 snapshot on this
machine. I was running X when it happened, and the screen didn't update
to show me the debugger, it just showed my frozen desktop.  So all I
could do was a boot dump.

On reboot I got:
savecore: reboot after panic: free: duplicated free
savecore: writing core to /var/crash/bsd.0.core
savecore: writing kernel to /var/crash/bsd.0

But when I try to get a trace from the dump I end up with this:
(gdb) bt
#0  0xd03399b0 in dumpsys ()
#1  0xd0339696 in boot ()
#2  0xd01e6824 in db_boot_dump_cmd ()
#3  0xd01e6323 in db_command ()
#4  0xd01e667e in db_command_loop ()
#5  0xd01e94fe in db_trap ()
#6  0xd0335cf3 in kdb_trap ()
#7  0xd0341ad9 in trap ()
#8  0xd0100ec2 in alltraps ()
#9  0x in ?? ()
#10 0x0008 in ?? ()
#11 0xd0571884 in pool_allocator_nointr ()
#12 0x0001 in ?? ()
#13 0x0001 in ?? ()
#14 0x in ?? ()
#15 0xd0335ea4 in Debugger ()
Previous frame inner to this frame (corrupt stack?)

# ps -N /var/crash/bsd.0 -M /var/crash/bsd.0.core -ax -O paddr -O stat
  PID  PADDR TT   STAT  TIME COMMAND
1 d607 ??  Is  0:00.00  (init)
15127 d606866c ??  Is  0:00.00  (syslogd)
26361 d60687b4 ??  R/0 0:00.00  (syslogd)
20840 d6068cd4 ??  Is  0:00.00  (sendmail)
18329 d5fb9008 ??  Is  0:00.00  (apmd)
 9058 d5fb9150 ??  Is  0:00.00  (hotplugd)
 1512 d5fb93e0 ??  Is  0:00.00  (cron)
30891 d5fb9b90 ??  R/0 0:00.00  (Xorg)
12342 d5fb9298 ??  I   0:00.00  (Xorg)
26255 d5f1c7bc ??  Is  0:00.00  (xfce-mcs-manager)
31053 d6068a44 ??  IWs 0:18.00  (sshd)
 7270 d6068b8c ??  IWs 0:23.00  (inetd)
19213 d5f1c3e4 ??  IWs 0:00.00  (ssh-agent)
27162 d5fb9a48 p0  Is+ 0:01.00  (ksh)
28460 d5f1c00c C0  I   0:00.00  (xfce4-session)
 5637 d5f1c904 C0  I   0:00.00  (xfwm4)
 4579 d5f1cb94 C0  I   0:00.00  (xftaskbar4)
20756 d5f1ca4c C0  I   0:00.00  (xfdesktop)
 3357 d5f1c52c C0  R/0 0:00.00  (xfce4-panel)
 2155 d5f1c674 C0  I   0:00.00  (gaim)
12302 d5f1ccdc C0  I   0:00.00  (xfcalendar)
29215 d5e873f0 C0  I   0:00.00  (gconfd-2)
15288 d60688fc C0  I   0:00.00  (xterm)
16025 d6068524 C0  IWs 0:00.00  (ksh)
19612 d60683dc C0  IW+ 0:00.00  (sh)
 7211 d6068e1c C0  IW+ 0:00.00  (xinit)
13330 d5fb9e20 C0  IW  0:16.00  (sh)
17471 d5fb9cd8 C0  IW  0:00.00  (sh)
 5308 d5fb9528 C1  IWs+0:12.00  (getty)
31228 d5fb9670 C2  IWs+0:12.00  (getty)
26459 d5fb97b8 C3  IWs+0:12.00  (getty)
 8056 d5fb9900 C5  IWs+0:12.00  (getty)

# dmesg
OpenBSD 3.7-current (GENERIC) #217: Sat Jul  2 08:45:39 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Mobile Intel(R) Pentium(R) 4 - M CPU 2.00GHz ("GenuineIntel" 686-
class) 2 GHz cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-
ID real mem  = 267427840 (261160K) avail mem = 237178880 (231620K)
using 3290 buffers containing 13475840 bytes (13160K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(39) BIOS, date 05/15/03, BIOS32 rev. 0 @
0xfd7e0 apm0 at bios0: Power Management spec V1.2
apm0: battery life expectancy 100%
apm0: AC on, battery charge high
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xfd770/0x890
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdeb0/256 (14 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev
0x00) pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc/0x1 0xd/0x1000 0xd1000/0x1000
0xdc000/0x4000! 0xe/0x1 cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82845 Host" rev 0x04
ppb0 at pci0 dev 1 function 0 "Intel 82845 AGP" rev 0x04
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 vendor "ATI", unknown product 0x4c58 rev
0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
uhci0 at pci0 dev 29 function 0 "Intel 82801CA/CAM USB" rev 0x02: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801CA/CAM USB" rev 0x02: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801CA/CAM USB" rev 0x02: irq 11
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ppb1 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x42
pci2 at ppb1 bus 2
cbb0 at pci2 dev 0 function 0 "Ricoh 5C476 CardBus" rev 0xa8: irq 11
cbb1 at pci2 dev 0 function 1 "Ricoh 5C476 CardBus" rev 0xa8: irq 5
"Ricoh 5C552 Firewire" rev 0x00 at pci2 dev 0 function 2 not configured
fxp0 at pci2 dev 8 function 0 "Intel PRO/100 VE

xlock -mode stairs (was Re: 3.8 beta requests)

[Kevin]

On 8/31/05, Christopher Linn <[EMAIL PROTECTED]> wrote:
> On Wed, Aug 31, 2005 at 11:12:07AM -0600, Peter Valchev wrote:
> > > I've been testing 3.8 on a couple of i386 systems (soon sparc also),
> > > including installing more of the 3.8 beta packages than I would use
> > > normally.  So far I am impressed by UP/MP performance, and have
> > > only found a couple of X applications (xtacy, xlock) failing on signal 11.
>  ^
> , that's a biggie..

I noticed the xlock problem when I locked a terminal with the
command "xlock -mode random" and came back an hour later to
find the screensaver abended, the terminal unlocked.

The problem is easily reproduced:
 $ xlock -mode stairs
 Access control list restored.
 xlock: caught signal 11 while running stairs mode (uid 1000).
 $

Other GL modes come up as a blank screen, no error messages,
and glxgears works correctly.


> > the ports@ mailing list is the best as well as the maintainers at this
> > point.  please don't wait, but let us know of the details so this can be
> > fixed!!

I'll post about xtacy to [EMAIL PROTECTED]

Kevin Kadow

panic w/ 3.8-beta (duplicate free)

[Alexander Marx]

hi list,

.. i recently upgraded my dsl-gw-box to 3.8-beta (from 22th aug)
and today (after ~1week of uptime) it now paniced with a duplicate free.

ddb> show panic
free: duplicated free

ddb> show proc
PROC (squid) pid=8806 stat=onproc flags=4104
pri=53, usrpri=53, nice=20
forw=0xd05d1620, back=0x0, list=0xd3a94900,0xdac423ec
user=0xdad33000, vmspace=0xd3be2e9c
estcpu=3, cpticks=9, pctcpu=0.0, swtime=592473
user=28868, sys=23908, intr=3032

ddb> tr
Debugger(d057f804,dad34c38,dad34c10,d0cc4180,9) at Debugger+0x4
panic(d04f497d,d0cc4180,dad34c60,0,dad34d7c) at panic+0x63
free(d0cc4180,9,dad34c80,d0342b2d) at free+0x40
ifafree(d0cc4180,c2a03ac3,dad34ca0,d0285fe0) at ifafree+0x27
rtfree(d3a67b68,d3a95d84,dad34d80,d0288e4e) at rtfree+0x8d
ip_output(dac0fe00,0,d3a95dcc,0,0) at ip_output+0x1105
udp_output(dac0fe00,d3a95d84,dada0a00,0,0) at udp_output+0x1fb
sosend(d3a8ebfc,dada0a00,dad34e78,dac0fe00,0,0,10,3) at sosend+0x389
sendit(d3b31e1c,7,dad34ee8,0,dad34f58) at sendit+0x157
sys_sendto(d3b31e1c,dad34f68,dad34f58,8023f940,30fe) at sys_sendto+0x50
syscall() at syscall+0x2ee
--- syscall (number 133) ---
0xca078ed:


this is pretty odd, since i know of some other 3.8 boxes which are
running just fine; so just in case that matters ... imho the only
difference here is that my box is doing (kernel-)pppoe to an
upstream-isp and in turn often has to "redial" it's connection
(eg. its doing a lot of ifconfig up/down/destroys via some watchdog
cronscript in case it detects a dead uplink ... yes ugly and stuff,
but it usually just works(tm) :-)

so ..

any insights/ideas/advices? b0rked hardware? known bug?

thx,
alex.


ps and dmesg follows ...

ddb> show all procs
   PID   PPID   PGRPUID  S   FLAGS  WAIT   COMMAND
 14819  1  14819  0  30x84  poll   openvpn
  8924  30582  30582 83  3   0x184  poll   ntpd
 30582  1  30582  0  30x84  poll   ntpd
 10382  1  10382  0  30x84  select mountd
 14826  1  12134  0  30x84  nfsd   nfsd
 25964  1  12134  0  30x84  nfsd   nfsd
 15518  1  12134  0  30x84  nfsd   nfsd
 16586  1  12134  0  30x84  nfsd   nfsd
  3214  1  12134  0  30x84  nfsd   nfsd
 10202  1  10202 28  3   0x184  poll   portmap
 24379  21138  21138 68  3   0x184  select isakmpd
 21138  1  21138  0  30x80  netio  isakmpd
 11351   8806  11351515  3  0x4080  netio  perl
 22829   8806  22829515  3  0x4080  netio  perl
 16174   8806  16174515  3  0x4080  netio  perl
 20096   8806  20096515  3  0x4080  netio  perl
 17033   8806  17033515  2  0x4004 perl
 18071   8806  18071515  3  0x4080  piperd unlinkd
* 8806  22590  22590515  7  0x4104 squid
 22590  1  22590  0  30x80  wait   squid
 28623  1  28623 77  3   0x184  poll   dhclient
 20644  1  1  0  3  0x4080  ttyopn getty
  7509  1   7509  0  3  0x4080  ttyin  getty
  4942  1   4942  0  3  0x4082  ttyin  getty
  8245  1   8245  0  30x84  select cron
 13530  1  13530  0  3 0x40184  select sendmail
 20610  1  20610  0  30x84  select sshd
 23830  1  23830  0  3   0x180  select inetd
 32589  14706  14706 70  3   0x184  select named
 14706  1  14706  0  3   0x180  netio  named
 27538   6830   6830 74  3   0x184  bpfpflogd
  6830  1   6830  0  30x84  netio  pflogd
 27378   4386   4386 73  2   0x184 syslogd
  4386  1   4386  0  30x84  netio  syslogd
 9  0  0  0  30x100204  crypto_wa  crypto
 8  0  0  0  30x100204  aiodoned   aiodoned
 7  0  0  0  30x100204  syncer update
 6  0  0  0  30x100204  cleanercleaner
 5  0  0  0  30x100204  reaper reaper
 4  0  0  0  30x100204  pgdaemon   pagedaemon
 3  0  0  0  30x100204  pftm   pfpurge
 2  0  0  0  30x100204  kmallockmthread
 1  0  1  0  3  0x4084  wait   init
 0 -1  0  0  3 0x80204  scheduler  swapper

OpenBSD 3.8-beta (GENERIC) #115: Mon Aug 22 22:54:07 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium/MMX ("GenuineIntel" 586-class) 200 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX
cpu0: F00F bug workaround installed
real mem  = 133799936 (130664K)
avail mem = 115466240 (112760K)
using 1658 buffers containing 6791168 bytes (6632K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(66) BIOS, date 09/25/97, BIOS32 rev. 0 @ 0xfb040
apm0 at bios0: Power Management spec V1.2
apm0:

Generic.MP panics on boot using Tyan GX28/S2882 (was: Re: LSI SATA 150-4 on Tyan GX28 / S2882)

[Eci Souji]

Sorry about the recycle. I've cced the list and changed the topic to reflect
a new (worse) problem.

Just did a clean install using amd64 3.7. SP kernel is working just fine and
I'm able to boot and play around without a problem. Upon trying to switch to
the generic.mp  kernel I drop into a panic on boot.
Attached are my two dmesgs, one from SP kernel and one from the MP kernel
with the panic messages. I hope I've included enough information from the
panic, if not please let me know what else might be needed.

Anyone have any thoughts? :(

- S


On 8/31/05, Rogier Krieger <[EMAIL PROTECTED]> wrote:
>
> As I doubt this e-mail will solve the problem, I sent it off-list.
>
> On 8/31/05, Eci Souji <[EMAIL PROTECTED]> wrote:
> > On the subject of LSI cards tho I do have another question that I was
> hoping
> > I could get some help with.
>
> Please don't recycle one question's thread for use on another; it
> messes things up.
>
>
> > We've got some Tyan GX28's [...] here running 3.7 in single processor
> mode
> > using LSI Megaraid SATA 150-4 adapters. Everything works fine until we
> try
> > to run with multiple processors
>
> In such cases, please provide a dmesg at the same time you report it.
> Personally, I use pretty much the same board (the S2882-D) for amd64
> with GENERIC.MP  and the errata since 3.7-release. Both
> in UP and SMP
> modes, things work just fine.
>
> I did upgrade the card's firmware, though not out of any hardware
> problems. My happy user report is somewhere in the archives [1]. My
> current dmesg is available on-line [2] as well.
>
> If 3.7 or 3.7-stable fail, you may want to give 3.8 snapshots a spin
> to see if the problem persists.
>
> Cheers,
>
> Rogier
>
> References:
> 1. MARC: msg 'LSI MegaRAID 150-4 (a.k.a. LSI/Symbios 523)'
> http://marc.theaimsgroup.com/?l=openbsd-misc&m=111523292910926&w=2
> 2. Tyan S-2882D dmesg (amd64, GENERIC.MP )
>
>
http://iverdahl.net/bsd/files/OpenBSD37-amd64-GENERIC.MP-Tyan-S2882D.dmesg.tx
t
>
> --
> If you don't know where you're going, any road will get you there.
OpenBSD 3.7 (GENERIC) #31: Sun Mar 20 00:42:28 MST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 1073278976 (1048124K)
avail mem = 909357056 (888044K)
using 22937 buffers containing 107536384 bytes (105016K) of memory
mainbus0 (root)
cpu0 at mainbus0: (uniprocessor)
cpu0: AMD Opteron(tm) Processor 244, 1791.82 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 
16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
pci0 at mainbus0 bus 0: configuration mode 1
ppb0 at pci0 dev 6 function 0 "AMD 8111 PCI-PCI" rev 0x07
pci1 at ppb0 bus 3
ohci0 at pci1 dev 0 function 0 "AMD 8111 USB" rev 0x0b: irq 9, version 1.0, 
legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: AMD OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 3 ports with 3 removable, self powered
ohci1 at pci1 dev 0 function 1 "AMD 8111 USB" rev 0x0b: irq 9, version 1.0, 
legacy support
usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: AMD OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 3 ports with 3 removable, self powered
vga1 at pci1 dev 6 function 0 "ATI Rage XL" rev 0x27
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
fxp0 at pci1 dev 8 function 0 "Intel 82557" rev 0x10, i82550: irq 11, address 
00:e0:81:2e:a5:79
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
"AMD AMD8111 LPC" rev 0x05 at pci0 dev 7 function 0 not configured
pciide0 at pci0 dev 7 function 1 "AMD 8111 IDE" rev 0x03: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom 
removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
"AMD 8111 SMBus" rev 0x02 at pci0 dev 7 function 2 not configured
"AMD 8111 ACPI" rev 0x05 at pci0 dev 7 function 3 not configured
ppb1 at pci0 dev 10 function 0 "AMD 8131 PCIX" rev 0x12
pci2 at ppb1 bus 2
bge0 at pci2 dev 9 function 0 "Broadcom BCM5704C" rev 0x03, BCM5704 A3 
(0x2003): irq 10 address 00:e0:81:2e:a5:32
brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0
bge1 at pci2 dev 9 function 1 "Broadcom BCM5704C" rev 0x03, BCM5704 A3 
(0x2003): irq 15 address 00:e0:81:2e:a5:33
brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0
"AMD 8131 PCIX IOAPIC" rev 0x01 at pci0 dev 10 function 1 not configured
ppb2 at pci0 dev 11 function 0 "AMD 8131 PCIX" rev 0x12
pci3 at ppb2 bus 1
ami0 at pci3 dev 3 function 0 "Symbios Logic MegaRAID" rev 0x01: irq 10 LSI 
523/64b/lhc
ami0: FW 713N, BIOS v

Re: OT: phone line 2 ethernet converters

[L. V. Lammert]

At 07:39 PM 8/31/2005 +, you wrote:

Although I am in Calgary, I have a hard time believing you can't get an
unpowered, unloaded circuit from one of the American incumbents.  How is 
Chubb

supposed to monitor your business' alarm if this product is not available?


'Dry Circuits' went out of favor in the 80s in the states, .. nowdays 
critical alarm circuits are backed by RF links (as we do here via RF link, 
or via cell backup).



What I can see is the RBOCs trying to upsell you to one of their managed
services.  If the RBOCs didn't make dry copper available, you wouldn't have
many competitve DSL service providers state-side...not everyone is going to
wholesale the RBOCs' DSL and then off-load onto a data trunk.


Not a physical issue, really, rather it's one of tafiff's - the RBOCs got 
'dry pairs' removed from the tariffs as soon as practical - most when DSL 
services was introduced; in other cases, the cost ($100/month+) allowed the 
marketplace to do it for them.



The solution here is a pair of Efficient Networks/Flowpoint SDSL modems, back
to back.  These will do 1.5M to 2Mbit of bridged Ethernet at 5000 
cable-feet.

And a pair will cost you under US$100 with shipping on Ebay.  Heck, there's a
guy selling 10 of them with a Buy Now! of US$280.


Quite possible, but there are a lot of simpler (and probably less costly) 
solutions.


Lee

Re: OT: phone line 2 ethernet converters

[Jason George]

>> sorry for being off-topic, i am able to rent a pair of twist line (a
>> circuit) between my home and and friends one. I wonder if there exist
>> and ethernet extender device that could connect an ethernet cable to a
>> phone line. It would do no special work, just a raw connection between
>> 2 types of layer, i.e, take "bits" from one end and put it into the
>> another and vice-versa.
>>
>If you truly can get such a service (most RBOCs stopped selling 'dry pair'
>or 'alarm circuits' in the 80s), get TWO pair. There are a number of
>companies selling 'Ethernet over Twisted Pair' converters.
>
>One problem, however, is that the 100M distance limitation could make such
>a connectio pretty impractical, even IF the line conditioning permitted
>the connection.
>
>> Does that exists ?
>>
>If you're fairly close, however, WiFi with high gain antennas might be a
>much better solution.
>

Although I am in Calgary, I have a hard time believing you can't get an 
unpowered, unloaded circuit from one of the American incumbents.  How is Chubb 
supposed to monitor your business' alarm if this product is not available?

What I can see is the RBOCs trying to upsell you to one of their managed 
services.  If the RBOCs didn't make dry copper available, you wouldn't have 
many competitve DSL service providers state-side...not everyone is going to 
wholesale the RBOCs' DSL and then off-load onto a data trunk.

The solution here is a pair of Efficient Networks/Flowpoint SDSL modems, back 
to back.  These will do 1.5M to 2Mbit of bridged Ethernet at 5000 cable-feet.  
And a pair will cost you under US$100 with shipping on Ebay.  Heck, there's a 
guy selling 10 of them with a Buy Now! of US$280.

--J

[0dS] vulnerability in theo's asshole

[j3d1m4st4c0d4]

0d4y security advisory #1
vulnerability in theo's asshole

discovered by: openbsd team

introduction:
theo's asshole suffers from a buffer overflow problem, when an 
excess
of data is passed to his ring buffer it may leak packets.

local: definately
remote: yes

how to exploit:
blow your load in theo's ass.  note:  it may take several attempts
before overflow occurs, for details see next hackathon.



Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427

Re: ISC DHCPD Oddity

[Derek Buttineau]

Okay, I've uncovered "what" is causing the problem, just not sure "how" to
fix it (I've sent it off to the ISC dhcp list too, hopefully someone can
figure it out :) )

The source of the problem seems to be the # of IPs assigned to fxp0
(currently 65). I removed about 40 of those, just to see if it would make
any difference, and it did. After reducing the IPs, ISC dhcpd started
without issue:

Aug 31 13:37:36 smaug dhcpd: Internet Systems Consortium DHCP Server V3.0.2
Aug 31 13:37:36 smaug dhcpd: Copyright 2004 Internet Systems Consortium.
Aug 31 13:37:36 smaug dhcpd: All rights reserved.
Aug 31 13:37:36 smaug dhcpd: For info, please visit
http://www.isc.org/sw/dhcp/
Aug 31 13:37:36 smaug dhcpd: Wrote 0 deleted host decls to leases file.
Aug 31 13:37:36 smaug dhcpd: Wrote 0 new dynamic host decls to leases file.
Aug 31 13:37:36 smaug dhcpd: Wrote 0 leases to leases file.
Aug 31 13:37:36 smaug dhcpd: Listening on BPF/em0/00:02:a5:48:b4:ba/INTERNAL

Aug 31 13:37:36 smaug dhcpd: Sending on BPF/em0/00:02:a5:48:b4:ba/INTERNAL
Aug 31 13:37:36 smaug dhcpd: Listening on BPF/fxp1/00:50:8b:e0:7a:eb/DMZ
Aug 31 13:37:36 smaug dhcpd: Sending on BPF/fxp1/00:50:8b:e0:7a:eb/DMZ
Aug 31 13:37:36 smaug dhcpd: Sending on Socket/fallback/fallback-net

My "guess" is that the number of IPs is causing the interface detection in
ISC's DHCPD to break (though it doesn't spit out any errors to indicate
this). I'll do some further testing tomorrow morning to see if I can
determine at what threshold it breaks. In the meantime, I can work around
the problem by not assigning the IPs to fxp0 until dhcpd has started.

Derek

On 8/31/05, Derek Buttineau <[EMAIL PROTECTED]> wrote:
>
> Just swapped drives from one Compaq DL360 to another DL360 and now
> whenever I try to run the ISC DHCPD, which was working perfectly fine on
> the other box, it complains that it can't find the interface.  The only
>
> difference, network wise, between the two boxes is that the old one had
> interfaces fxp0, fxp1 and bge0 and the new one has fxp0, fxp1 and em0 (I
> have modified the configuration to reflect this)
>
> Everything else is working fine (PF, Networking, etc), except that I
>
> currently can't hand out dhcp leases.  :)
>
> I've bundled dmesg, ifconfig -A, dhcpd.conf dhcpd.interfaces,
> hostname.em0, hostname.fxp0, hostname,fxp1 and ktrace.out
>  here:
>
> http://users.csolve.net/~derek/stuff/dhcpdinfo.tar.gz

>
> Any help or suggestions would be greatly appreciated.  I'm assuming it's
>
> something simple I've missed.
>
> Thanks in advance.
>
> Derek

Re: 3.8 beta requests

[Christopher Linn]

On Wed, Aug 31, 2005 at 11:12:07AM -0600, Peter Valchev wrote:
> > I've been testing 3.8 on a couple of i386 systems (soon sparc also),
> > including installing more of the 3.8 beta packages than I would use
> > normally.  So far I am impressed by UP/MP performance, and have
> > only found a couple of X applications (xtacy, xlock) failing on signal 11.
  ^
, that's a biggie..

> the ports@ mailing list is the best as well as the maintainers at this
> point.  please don't wait, but let us know of the details so this can be
> fixed!!

chris

-- 
Christopher Linn   | By no means shall either the CEC
System Administrator II   | or MTU be held in any way liable
  Center for Experimental Computation | for any opinions or conjecture I
Michigan Technological University | hold to or imply to hold herein.

Re: window maker

[JAR]

ok, thanks Darrin.

--
Deoxy.- Solo para locos... No para Cualquiera
Mi Pagina http://spaces.msn.com/members/deoxy/

Re: Default domain not working

[Matthias Kilian]

On Wed, Aug 31, 2005 at 02:34:53AM -0400, Bill wrote:
> Thanks Otto and Killi

Ehmm... don't thank me, I wrote kind of bullshit ;-)

Ciao,
Kili

Re: window maker

[Darrin Chandler]

There are packages for windowmaker. Check 
http://www.openbsd.org/3.7_packages/, and read the man page for pkg_add(1)


JAR wrote:

> Hello.
>
> I am new in the world of OpenBSD, am of Chile and I do not speak
> ingles very well, I hope that it is understood to me.
>
> I need to obtain data of like installing Mindow Maker in my OpenBSD
> 3,6, have looked for in Internet and I have not found information.
> Single that in xterm I write startx and they rise a grafica interface,
> but not like forming it, they can give me a Link.
>
> Thanks.

window maker

[JAR]

Hello.

I am new in the world of OpenBSD, am of Chile and I do not speak
ingles very well, I hope that it is understood to me.

I need to obtain data of like installing Mindow Maker in my OpenBSD
3,6, have looked for in Internet and I have not found information.
Single that in xterm I write startx and they rise a grafica interface,
but not like forming it, they can give me a Link.

Thanks.

--
Deoxy.- Solo para locos... No para Cualquiera
Mi Pagina http://spaces.msn.com/members/deoxy/

Re: 3.8 beta requests

[Peter Valchev]

> I've been testing 3.8 on a couple of i386 systems (soon sparc also),
> including installing more of the 3.8 beta packages than I would use
> normally.  So far I am impressed by UP/MP performance, and have
> only found a couple of X applications (xtacy, xlock) failing on signal 11.

the ports@ mailing list is the best as well as the maintainers at this
point.  please don't wait, but let us know of the details so this can be
fixed!!

Re: OT: phone line 2 ethernet converters

[Dave Feustel]

On Wednesday 31 August 2005 10:43, L. V. Lammert wrote:
> One problem, however, is that the 100M distance limitation could make such
> a connectio pretty impractical, even IF the line conditioning permitted
> the connection.

How about a wireless connection using at both ends Yagi antennas 
with the requisite gain for the distance to be covered?

Dave Feustel
-- 
Tired of having to defend against Malware?
(You know: trojans, viruses, SPYWARE, ADWARE, 
KEYLOGGERS, rootkits, worms and popups) 
Then Switch to OpenBSD with a KDE desktop!!!

Re: SBE wanPMC-xT3E3 support

[Aaron Glenn]

On 8/31/05, Toni Mueller <[EMAIL PROTECTED]> wrote:
> I have exactly the same problem, but think about using media converters
> instead, speaking E3-something on the WAN side, and Ethernet on the LAN
> side.
> 
> When I tried to talk to SBEI, they were not very helpful.

Allied Telesyn makes a DS3 to Ethernet "converter" box that's about
US$800 each. They work as advertised, but management wise are pretty
clunky.

aaron.glenn

Re: OT: phone line 2 ethernet converters

[Jeremy]

On Wed, Aug 31, 2005 at 08:44:08AM -0500, Gordon Grieder wrote:
> On Tue, Aug 30, 2005 at 09:16:13PM -0700, J.C. Roberts wrote:
> > 
> > Here in the US, a plain (uncoiled) circuit between two points is
> > either called an "alarm circuit" or a "dry pair" if that's what you
> > got, and you're within distance requirements (wire feet), you can do a
> > number of different things; from all/most the various *DSL
> > technologies, to using CSU/DSU endpoints.
> 
> Heh, I was thinking he wanted to run linespeed ethernet over a
> pair of voice grade copper. Duh..
> [blush]
> 

Anyone remember HP's 100VG? They had switches that would do 100 Mb/s
ethernet over voice-grade copper (Cat 3). It doesn't sound like that's
quite what's wanted here, though IIRC 100VG was a failure and presumably
the switches could be found for cheap.

-j

Re: OT: phone line 2 ethernet converters

[L. V. Lammert]

On Tue, 30 Aug 2005, Gustavo Rios wrote:

> Dear friends,
>
> sorry for being off-topic, i am able to rent a pair of twist line (a
> circuit) between my home and and friends one. I wonder if there exist
> and ethernet extender device that could connect an ethernet cable to a
> phone line. It would do no special work, just a raw connection between
> 2 types of layer, i.e, take "bits" from one end and put it into the
> another and vice-versa.
>
If you truly can get such a service (most RBOCs stopped selling 'dry pair'
or 'alarm circuits' in the 80s), get TWO pair. There are a number of
companies selling 'Ethernet over Twisted Pair' converters.

One problem, however, is that the 100M distance limitation could make such
a connectio pretty impractical, even IF the line conditioning permitted
the connection.

> Does that exists ?
>
If you're fairly close, however, WiFi with high gain antennas might be a
much better solution.

Lee


  Leland V. Lammert[EMAIL PROTECTED]
Chief Scientist Omnitec Corporation
 Network/Internet Consultants   www.omnitec.net

Re: sysctl tuning for maximum network performance

[eric]

On Wed, 2005-08-31 at 12:05:48 -0300, Diego Augusto Dalmolin proclaimed...

> Ok but... don4t you the default values like kern.somaxconn=128
> are too small for an OBSD router/nat with 2 x Gig lans + 2 x 4Mbps
> internet conections

Maybe, but don't expect support.

That said, here's what we use on an Internet tap for a site with 1200Mbps
aggregate connectivity.

net.inet.tcp.recvspace=65535
net.inet.tcp.sendspace=65535
net.inet.ip.maxqueue=2048
kern.somaxconn=2048
net.bpf.bufsize=2097152
net.bpf.maxbufsize=4194304

Note that we've tuned net/bpf.h after testing for the past couple years.
However, when/if we would ever need support, we would immediately revert
back to GENERIC without the above sysctl's tuned so high.

People need to understand that GENERIC doesn't work for everyone, but this
isn't Linux. If you're asking how to tune it, the chances are that you do
not know enough to tune it. Let GENERIC work for you (it worked fine for us
just until quite recently when we added some more bpf hogging applications
that were ultra-paranoid about packet loss, etc).

Re: -current: problem with PPP (partially solved)

[Toni Mueller]

Hello,

On Wed, 31.08.2005 at 11:50:34 +0200, Toni Mueller <[EMAIL PROTECTED]> wrote:
> problem: On PPPoE, apparently no keep-alives (LCP echo requests +
> answers) get send or received. Therefore, the connection gets reset by

digging the man page and upping the logging noise revealed that LCP
echo is now "disabled", so even accepting it if the peer wants them
requires manual configuration. It would be nice to know the rationale
behind this change.

Thank you!


Best,
--Toni++

Re: Compiling code with GLU and GLUT

[Markus Hennecke]

On Wed, 31 Aug 2005, Sacha Ligthert wrote:


I took for a test SDLgears from the SDL website and tried to configure
and compile it.
Configure halted with:
checking for OpenGL support... no
configure: error: Unable to find OpenGL headers and libraries


You have to tell the configure script where to look for the headers and 
libs. I can't tell you what to do in this special case, but a good 
starting point is to run 'configure --help' and look for options that 
could be set. Then look at the log configure creates to see where it 
fails.




Compiling the suplied gears.c, the first error was:
$ gcc gears.c
gears.c:39:21: GL/glut.h: No such file or directory

I've tried adding -gl,-glu,-glut,-I/usr/local/include/GL/glut.h in
several combinations (some capped) without result.


An application using glut had the following options for the compiler:
-I/usr/local/include/ -I/usr/X11R6/include  -L/usr/local/lib 
-L/usr/X11R6/lib -lGL -lglut -lm -lGLU -lX11 -lXext -lXmu -lXi


You really have to set the path to the include directory with -I. Not the 
path including the filename. And the libs are case sensitive too, I think 
the example above should give you a good start.


Greetings
  Markus

Re: Win XP VPN

[Petr Ruzicka]

Oh I see, I previous message was meant as answer to original message
from Steve Murdoch.

XP with SP2 firewall on needs rules at all. If you have any other
firewall you basically need to allow esp protocol and udp port 500
(isakmp) to your IPSec GW and vice versa.
Regards

Petr R.

On 8/31/05, Nino Margetic <[EMAIL PROTECTED]> wrote:
> > so I introduced fw in front of XP workstation. Topology as follows:
> >
> > XP <--> BSD_FW1 <--> BSD_FW2 <--> BSD_Server
> >
> > - XP (ipsec client) connects through BSD_FW2 (ipsec GW) to BSD_Server just 
> > fine.
> > - XP and BSD_FW2 are setup according to my document mentioned earlier
> > - XP's IP address is nated on BSD_FW1 to external interface IP address
> 
> *** Perhaps there was a misunderstanding. When I asked:
> 
> > > Just one question: how do you firewall your WinXP machine? Or is it
> > > just fully open (i.e. no firewall at at all)??
> 
> I ment if you had any kind of firewall active _within_ your WinXP
> installation - not an extra box in front. Namely, I was thinking in terms
> of roaming WinXP clients (where carrying an extra OpenBSD box as a
> firewall is not an option).
> 
> In other words, my primary interest was in obtaining the rules that permit
> IPsec traffic for either the native WinXP firewall or some other
> (software) firewall product that runs on WinXP.
> 
> --Nino

Re: sysctl tuning for maximum network performance

[Diego Augusto Dalmolin]

Ok but... don4t you the default values like kern.somaxconn=128
are too small for an OBSD router/nat with 2 x Gig lans + 2 x 4Mbps
internet conections

2005/8/31, Diego Augusto Dalmolin <[EMAIL PROTECTED]>:
> Where I could find a material for studding how to improve OBSD network
> performance to maximum, using sysctl, kernel compilation, etc...
> 
> 
> --
> Diego Augusto Dalmolin
> (41) 9648-0882
> 


-- 
Diego Augusto Dalmolin
(41) 9648-0882

Re: OpenBSD 3.7 on Soekris rebooting at random

[Olivier Mehani]

On Tue, 23 Aug 2005 19:49:46 +0200
[EMAIL PROTECTED] wrote:

> I haven't time in the next 10 days to play with it, but maybe Olivier
> can give some feedback in case he tries the latest snapshot?

I've just finished upgrading my router to 3.8-beta (GENERIC#119).
I'm going to stress the machine a little now ;)   

I keep you informed.

-- 
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1

Re: Win XP VPN

[Nino Margetic]

so I introduced fw in front of XP workstation. Topology as follows:

XP <--> BSD_FW1 <--> BSD_FW2 <--> BSD_Server

- XP (ipsec client) connects through BSD_FW2 (ipsec GW) to BSD_Server just fine.
- XP and BSD_FW2 are setup according to my document mentioned earlier
- XP's IP address is nated on BSD_FW1 to external interface IP address


*** Perhaps there was a misunderstanding. When I asked:


> Just one question: how do you firewall your WinXP machine? Or is it
> just fully open (i.e. no firewall at at all)??


I ment if you had any kind of firewall active _within_ your WinXP 
installation - not an extra box in front. Namely, I was thinking in terms 
of roaming WinXP clients (where carrying an extra OpenBSD box as a 
firewall is not an option).


In other words, my primary interest was in obtaining the rules that permit 
IPsec traffic for either the native WinXP firewall or some other 
(software) firewall product that runs on WinXP.


--Nino

Router-firewall seems to have trouble when there is a lot of connections

[Pierre Francoeur]

Hi,
   I've been using my little OpenBSD box as a router since 3.2 and
never had any trouble. I use it to share the net within our 5
appartments building. Recently I found that my internet was having
trouble, long delay opening web pages, lots of lost connectoin,
horrible ping times and such. After investigating, I discovered that
one of "my" user started to use P2P application. Looks like my router
really doesn't like it, it gives me a lot of "sendto: Buffer space not
available", but only when that user has mldonkey running. I've been
trying many things: upgraded from 3.4 to 3.7-current and now to 3.8
(from snapshots), tried multiple NICs combination: 3c905c+3c905b, 2x
3c905b, 3c905b+Intel 82558, 2x Intel 82558. The 3c905b+Intel82558 had
the same trouble, but after 3 days it seemed to "stabilize", after
rebooting, 3 days where it has trouble before it seems to stabilize
again. Anyway, if anyone has any hint, i'll be glad to try.

Here is some info on the system:

--- DMESG ---
OpenBSD 3.8 (GENERIC) #131: Mon Aug 29 23:36:59 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium Pro ("GenuineIntel" 686-class, 256KB L2 cache) 199 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV
real mem  = 133799936 (130664K)
avail mem = 115474432 (112768K)
using 1658 buffers containing 6791168 bytes (6632K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(54) BIOS, date 02/12/97, BIOS32 rev. 0 @ 0xf7aa0
pcibios0 at bios0: rev 2.1 @ 0xf/0x67c
pcibios0: PCI BIOS has 5 Interrupt Routing table entries
pcibios0: PCI Interrupt Router at 000:01:0 ("Intel 82371SB ISA" rev 0x00)
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x800 0xcc000/0x800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x01
pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 2445MB, 5008752 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 ignored (disabled)
fxp0 at pci0 dev 10 function 0 "Intel 82557" rev 0x05, i82558: irq 10,
address 00:04:ac:58:ce:0d
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 0
vga1 at pci0 dev 12 function 0 "Cirrus Logic CL-GD5434-8" rev 0x26
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
fxp1 at pci0 dev 13 function 0 "Intel 82557" rev 0x05, i82558: irq 12,
address 00:04:ac:d8:d7:7f
inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 0
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask ebfd netmask fffd ttymask 
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
--- DMESG ---

There is almost nothing running on it except ppp, ssh and pf for
packet filtering.

Here is my pf.conf (i've changed the IP addresses and there is no NAT
since i have a /28 subnet):

# pf.conf
# OpenBSD Packet Filter configuration
#

### MACROS

# Interface
EXTIF="tun0"
INTIF="fxp1"

# IP addresses
ROUTER="1.2.3.145/32"
APP1="1.2.3.146/32"
APP2="1.2.3.147/32"
APP3="1.2.3.148/32"
APP4="1.2.3.149/32"
ME="1.2.3.150/32"

# Network
INTNET="1.2.3.144/28"

# Services
METCP="{ 113, 61536, 1000><1050, 3389 }"
MEUDP="{ 61536 }"
APP3TCP="{ 8662 }"
APP3UDP="{ 8666 }"

### TABLES

table  const { 10/8, 172.16/12, 192.168/16, 127/8 }
table  const { }


### OPTIONS

set loginterface $EXTIF
set optimization normal
set block-policy drop
set require-order yes
set fingerprints "/etc/pf.os"


### TRAFFIC NORMALIZATION

scrub in on $EXTIF all fragment reassemble
scrub out on $EXTIF all random-id


### QUEUING

altq on $EXTIF priq bandwidth 650Kb queue { q_pri, q_def }
queue q_pri priority 7
queue q_def priority 1 priq(default)


### PACKET FILTERING

# General
block in log all
pass out all modulate state

pass in on lo0 from 127.0.0.1/32 to 127.0.0.1/32
pass out on lo0 from 127.0.0.1/32 to 127.0.0.1/32

block in log quick on $EXTIF proto tcp all flags FUP/FUP

# EXTIF
pass in quick on $EXTIF proto tcp from any to $ME port $METCP flags
S/SA modulate state
pass in quick on $EXTIF proto udp from any to $ME port $MEUDP keep state
pass in quick on $EXTIF proto tcp from any to $APP3 port $APP3TCP
flags S/SA modulate state
pass in quick on $EXTIF proto udp from any to $A

Re: sysctl tuning for maximum network performance

[jimmy]

Quoting Diego Augusto Dalmolin <[EMAIL PROTECTED]>:

> Where I could find a material for studding how to improve OBSD network
> performance to maximum, using sysctl, kernel compilation, etc...
>
>
> --
> Diego Augusto Dalmolin
> (41) 9648-0882
>
>

Search the archives, this has been discussed not so long ago ...
To keep it short: use the defaults, this isn't Linux.

Kind regards,
Jimmy Scott


This message has been sent through ihosting.be
To report spamming or other unaccepted behavior
by a iHosting customer, please send a message 
to [EMAIL PROTECTED]

Re: Win XP VPN

[Petr Ruzicka]

Hi,
so I introduced fw in front of XP workstation. Topology as follows:

XP <--> BSD_FW1 <--> BSD_FW2 <--> BSD_Server

- XP (ipsec client) connects through BSD_FW2 (ipsec GW) to BSD_Server just fine.
- XP and BSD_FW2 are setup according to my document mentioned earlier
- XP's IP address is nated on BSD_FW1 to external interface IP address

BSD_FW1 policies
set skip on { lo0, enc0, $int_if }
nat on $ext_if inet from 10.0.0.0/24 to any -> $ext_if
block drop all
pass out on $ext_if all keep state

BSD_FW2 policies
set skip on { lo0, enc0, $int_if }
block drop all
pass in on $ext_if proto esp from any to $ext_if keep state
pass in on $ext_if proto udp from any to $ext_if port = isakmp keep state

Please note that all BSD's are 3.8-current,  XP is without SP2, so
your situation could be different.
Summary : to my suprise everything work as expected :o)
Best regards

Petr Ruzicka

Re: 2 Masters despite advskew

[jorgen . boberg]

> Has anyone got *any* ideas why internally there's only one
> master, yet
> externally there are two?

I had the same problem. Turned out to be a copy and paste error. I forgot
to change the pasword when I copied hostname.carp1 to hostname.carp2 on
one of the servers. Make sure that all passwords are correct on both
hosts.

// Jorgen



** Jorgen Boberg  **
** Managing Director & Senior Consultant  **
** Intellibit Consulting SIA  **
** Krisjana Barona Iela 37/30 **
** LV-1011, Riga  **
** Latvia **

** Tel: +371 83 80 803**
** Email: [EMAIL PROTECTED]**

Re: sysctl tuning for maximum network performance

[J. Lievisse Adriaanse]

On Wed, 31 Aug 2005 10:47:54 -0300
Diego Augusto Dalmolin <[EMAIL PROTECTED]> wrote:

> Where I could find a material for studding how to improve OBSD network
> performance to maximum, using sysctl, 
man sysctl

> kernel compilation, etc...
Well, simple, DON'T compile your own kernel. Because those few KB's won't slow
your system that much that's it's worth all the hassle you can get from
compiling your own kernel.

Jasper


> 
> 
> -- 
> Diego Augusto Dalmolin
> (41) 9648-0882
> 


-- 
"Security is decided by quality" -- Theo de Raadt

Re: OT: phone line 2 ethernet converters

[Gordon Grieder]

On Tue, Aug 30, 2005 at 09:16:13PM -0700, J.C. Roberts wrote:
> 
> Here in the US, a plain (uncoiled) circuit between two points is
> either called an "alarm circuit" or a "dry pair" if that's what you
> got, and you're within distance requirements (wire feet), you can do a
> number of different things; from all/most the various *DSL
> technologies, to using CSU/DSU endpoints.

Heh, I was thinking he wanted to run linespeed ethernet over a
pair of voice grade copper. Duh..
[blush]

sysctl tuning for maximum network performance

[Diego Augusto Dalmolin]

Where I could find a material for studding how to improve OBSD network
performance to maximum, using sysctl, kernel compilation, etc...


-- 
Diego Augusto Dalmolin
(41) 9648-0882

Re: CARP/PFSYNC

[jorgen . boberg]

Sorry my bad... A bit to quick in posting should have RTFM properly. The
thing is I had enabled it but then rebooted and had forgotten to put it in
sysctl.conf, so it was disabled :(... That what you get when sitting up 26
hours straight and configuring stuff, sleep serves a purpose, don't even
want to think of how sloppy my code is from that night :)... Thanks for
the help even though I didn't deserve it...

// Jorgen



** Jorgen Boberg  **
** Managing Director & Senior Consultant  **
** Intellibit Consulting SIA  **
** Krisjana Barona Iela 37/30 **
** LV-1011, Riga  **
** Latvia **

** Tel: +371 83 80 803**
** Email: [EMAIL PROTECTED]**

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Christian Gut
Sent: den 31 augusti 2005 14:47
To: [EMAIL PROTECTED]
Cc: misc@openbsd.org
Subject: Re: CARP/PFSYNC

[EMAIL PROTECTED] wrote:
 > If the
> machine fails all is well [ ;) ] and the traffic is routed over the
> other machine, however if only one interface fails, CARP notices this
> and the interface is moved to the otehr machien, however this still
> means that either ext_if or int_if is still leftt on the machine with
> one failked card. This of course mucks up the routing! So my question
> is, how do I best handle this?

CARP does this. From the manpage:

net.inet.carp.preempt:
Allow virtual hosts to preempt each other. It is also used to failover
carp interfaces as a group.  When the option is enabled and one of the
carp enabled physical interfaces goes down, advskew is changed to 240 on
all carp interfaces.  See also the first example. Disabled by default.

> My solution is that I have now started coding a small daemon that will
> down the other interface automatically should one fail.

That would be ifstated in the tree (not built by default)

ISC DHCPD Oddity

[Derek Buttineau]

Just swapped drives from one Compaq DL360 to another DL360 and now
whenever I try to run the ISC DHCPD, which was working perfectly fine on
the other box, it complains that it can't find the interface.  The only
difference, network wise, between the two boxes is that the old one had
interfaces fxp0, fxp1 and bge0 and the new one has fxp0, fxp1 and em0 (I
have modified the configuration to reflect this)

Everything else is working fine (PF, Networking, etc), except that I
currently can't hand out dhcp leases.  :)

I've bundled dmesg, ifconfig -A, dhcpd.conf dhcpd.interfaces,
hostname.em0, hostname.fxp0, hostname,fxp1 and ktrace.out here:

http://users.csolve.net/~derek/stuff/dhcpdinfo.tar.gz


Any help or suggestions would be greatly appreciated.  I'm assuming it's
something simple I've missed.

Thanks in advance.

Derek

Re: CARP/PFSYNC

[Christian Gut]

[EMAIL PROTECTED] wrote:
> If the

machine fails all is well [ ;) ] and the traffic is routed over the
other machine, however if only one interface fails, CARP notices this
and the interface is moved to the otehr machien, however this still
means that either ext_if or int_if is still leftt on the machine with
one failked card. This of course mucks up the routing! So my question
is, how do I best handle this?


CARP does this. From the manpage:

net.inet.carp.preempt:
Allow virtual hosts to preempt each other. It is also used to failover 
carp interfaces as a group.  When the option is enabled and one of the 
carp enabled physical interfaces goes down, advskew is changed to 240 on 
all carp interfaces.  See also the first example. Disabled by default.



My solution is that I have now started
coding a small daemon that will down the other interface
automatically should one fail.


That would be ifstated in the tree (not built by default)

Re: Newbie Problem: Can't ping carp device [SOLVED]

[Stephan A. Rickauer]

Turned out the problem is related to VMware's GSX server on which I 
experimented using virtual machines (which I didn't mention). Setting up 
CARP on 'real' hardware went fine without glitches.


Stephan A. Rickauer schrieb:

Don't think so:

-bash-3.00# pfctl -s rules
-bash-3.00#

Jason Dixon schrieb:


Do you have PF enabled?





--

 Stephan A. Rickauer

 
 Institut f|r Neuroinformatik
 Universitdt / ETH Z|rich
 Winterthurerstriasse 190
 CH-8057 Z|rich

 Tel: +41 44 635 30 50
 Sek: +41 44 635 30 52
 Fax: +41 44 635 30 53

 http://www.ini.ethz.ch
 

Re: CARP/PFSYNC

[Stephan A. Rickauer]

[EMAIL PROTECTED] schrieb:

automatically should one fail but is there a better way? Can I
somehow link the two CARP groups so that they are aware of each other
adn should one group fail teh other downs as well? I have probably
missed something very simple. Thanks for any tips.


Shouldn't 'sysctl -w net.inet.carp.preempt=1' do the trick?

--

 Stephan A. Rickauer

 
 Institut f|r Neuroinformatik
 Universitdt / ETH Z|rich
 Winterthurerstriasse 190
 CH-8057 Z|rich

 Tel: +41 44 635 30 50
 Sek: +41 44 635 30 52
 Fax: +41 44 635 30 53

 http://www.ini.ethz.ch
 

Compiling code with GLU and GLUT

[Sacha Ligthert]

Hello misc@,

First my appoligy for this intrusion, for I am a former member of this list.
Second I am not sure if this has to go to ports@ or [EMAIL PROTECTED]

I have installed 3.7 recently on my laptop allong with most SDL 
packages, GLU and GLUT from ports. The system further itself is pretty 
basic. Generic kernel. No further modifications
While ports depending on glu and glut compile and install fine. I am not 
able to compile custom code or example code with glu or glut.

I took for a test SDLgears from the SDL website and tried to configure 
and compile it.
Configure halted with:
checking for OpenGL support... no
configure: error: Unable to find OpenGL headers and libraries

Compiling the suplied gears.c, the first error was:
$ gcc gears.c
gears.c:39:21: GL/glut.h: No such file or directory

I've tried adding -gl,-glu,-glut,-I/usr/local/include/GL/glut.h in 
several combinations (some capped) without result.

Can somebody help me, give pointers and rants into the right direction 
into fixing this library problem?

Thanks in advance and greetings,

Sacha Ligthert

PS: Compiling PyOpenGL results in the same batch of errors.

Re: Win XP VPN

[Nino Margetic]

NAT-T should work out of the box as long as you have WinXP SP2 instaled 
(more details on the MS KB site - e.g. 
http://support.microsoft.com/default.aspx?scid=kb;en-us;818043 ).


--Nino


On Wed, 31 Aug 2005, Petr Ruzicka wrote:


Fully open now. But I will add a firewall+NAT and let you know.

Petr R.

On 8/31/05, Nino Margetic <[EMAIL PROTECTED]> wrote:

Petr,

Just one question: how do you firewall your WinXP machine? Or is it just
fully open (i.e. no firewall at at all)??

--Nino

On Mon, 29 Aug 2005, Petr Ruzicka wrote:


Just to let you know, I spend better part of night configuring my old
setup in VMWare machines and everything work as expected.
I will try add NATing if I found time.
Best regards

Petr R.

Openbsd 3.7 Dial In server

[Luke]

Hi Guys and Girls,



Im after some help in setting up an openbsd 3.7 dial in server.



Basically I have a home network that is running an Ipcop firewall server on a
1.5mb connection and an openbsd mail / web server.



Im wanting to setup an openbsd dial in server so I can dial in to my home
network and connect to the internet and internal services such as mail etc.



Does anyone have any guides etc on how to go about setting it up.



Any help would be greatly appreciated



Cheers



Luke

CARP/PFSYNC

[jorgen . boberg]

Hello,
 I have a question reagarding CARP on OpeNSBD. I have setup a lab
environment consisting of two machines with three interfaces each
(ext_if, int_if, pfsync_if). Now I ahve two CARP groups; on for
failover of ext_if and one for int_if. The problem is this. If the
machine fails all is well [ ;) ] and the traffic is routed over the
other machine, however if only one interface fails, CARP notices this
and the interface is moved to the otehr machien, however this still
means that either ext_if or int_if is still leftt on the machine with
one failked card. This of course mucks up the routing! So my question
is, how do I best handle this? My solution is that I have now started
coding a small daemon that will down the other interface
automatically should one fail but is there a better way? Can I
somehow link the two CARP groups so that they are aware of each other
adn should one group fail teh other downs as well? I have probably
missed something very simple. Thanks for any tips.

// Jorgen



** Jorgen Boberg  **
** Managing Director & Senior Consultant  **
** Intellibit Consulting SIA  **
** Krisjana Barona Iela 37/30 **
** LV-1011, Riga  **
** Latvia **

** Tel: +371 83 80 803**
** Email: [EMAIL PROTECTED]**

Re: Smart Array 6i RAID controller (ciss)

[Greg Petras]

> I have installed -current on several systems with 5i, 53xx and 6xxx
> controllers.  I have not installed on a system with a 6i controller.  I
> have not had any problems other than seeing 'ciss0: cmd_stat 2 scsi_stat
> 0x0' errors somewhat regularly.  I have been running it on both x86 and
> amd64.  I have not done any performance testing of the driver, but
> casual observation shows the driver performing well.

Mark - 

Thanks for the info. I'll give this a try with the 6i. If anyone's
interested in the results, let me know.

> Thanks to mickey@ for writing the driver.  It allows me to run on many
> more systems...

Ditto. I've got a handful of new DL 360s that I'd like to get this
running on. Thanks Mickey.

Greg

Re: Win XP VPN

[Petr Ruzicka]

Fully open now. But I will add a firewall+NAT and let you know.

Petr R.

On 8/31/05, Nino Margetic <[EMAIL PROTECTED]> wrote:
> Petr,
> 
> Just one question: how do you firewall your WinXP machine? Or is it just
> fully open (i.e. no firewall at at all)??
> 
> --Nino
> 
> On Mon, 29 Aug 2005, Petr Ruzicka wrote:
> 
> > Just to let you know, I spend better part of night configuring my old
> > setup in VMWare machines and everything work as expected.
> > I will try add NATing if I found time.
> > Best regards
> >
> > Petr R.

Re: Newbie Problem: Can't ping carp device

[Stephan A. Rickauer]

Don't think so:

-bash-3.00# pfctl -s rules
-bash-3.00#

Jason Dixon schrieb:

Do you have PF enabled?


--

 Stephan A. Rickauer

 
 Institut f|r Neuroinformatik
 Universitdt / ETH Z|rich
 Winterthurerstriasse 190
 CH-8057 Z|rich

 Tel: +41 44 635 30 50
 Sek: +41 44 635 30 52
 Fax: +41 44 635 30 53

 http://www.ini.ethz.ch
 

Re: Win XP VPN

[Nino Margetic]

Petr,

Just one question: how do you firewall your WinXP machine? Or is it just 
fully open (i.e. no firewall at at all)??


--Nino

On Mon, 29 Aug 2005, Petr Ruzicka wrote:


Just to let you know, I spend better part of night configuring my old
setup in VMWare machines and everything work as expected.
I will try add NATing if I found time.
Best regards

Petr R.

Re: BSD PPPoA Hardware

[Nathan Gould]

Just for interest, I've set this up successfully using a Zoom X4 (about #45)

using half bridge but originally ran into problems getting the OBSD box to

collect the address via DHCP on the external interface when in this mode (no 
such

problems without half-bridge).



Eventually, narrowed it down to the default route being allocated.  A slighltly

modified dhclient-script later, specified in dhclient.conf, and all works 
perfectly.



<

81c80

<   route add default -iface $new_ip_address >/dev/null 2>&1

---

>   route add default $router >/dev/null 2>&1

85d83

<



 Msg sent via @Mail - http://www.advance-internet.com

Re: Newbie Problem: Can't ping carp device

[Jason Dixon]

On Aug 31, 2005, at 5:13 AM, Stephan A. Rickauer wrote:



Local ping on 172.16.3.223 does work. Remote ping on 172.16.3.220  
does work. Remote ping on 172.16.3.223 does not work. Given that  
this is such a basic setup there must be something I am missing  
here. Shouldn't I be able to ping the CARP device remotely?


Do you have PF enabled?

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Re: cheap mini-pci ral(4) cards

[tony sarendal]

On 31/08/05, Ben Hooper <[EMAIL PROTECTED]> wrote:
> |The MSI MP54G4 (aka MSI MS-6833) seems to be readily available in
> |the US now.  I just picked one up from www.thenerds.net but a cheaper
> |price can be found at newegg.com.  It seems to work fine in my Sony
> |SRX77.
> |
> |The trick is to search for both the model name (MP54G4) and the
> |part number (MS-6833) since some stores list the card one way and
> |some the other.
> 
> Just be careful which model you pick up. MSI, like many vendors has a habit
> of changing chipsets. For instance, the CB54G2 is a RT2500, but the CB54G is
> Broadcom.
> 

Is there any vendor that doesn't do that ?

-- 
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   "I couldn't help it, it's my nature" =-

-current: problem with PPP

[Toni Mueller]

Hello,

I have a box running -current as of 27.8. and experience the following
problem: On PPPoE, apparently no keep-alives (LCP echo requests +
answers) get send or received. Therefore, the connection gets reset by
the (Cisco) peer. While it is possible to deactivate PPP keepalives on
the Cisco, it is undesirable as well because tunnels on L2 tend to hang
after a while, with keepalives ensuring a timely restart.

Can anyone please tell me what's going on there, and how/where to fix?

Thank you!


Best,
--Toni++

Newbie Problem: Can't ping carp device

[Stephan A. Rickauer]

Hi list,

I am experimenting with CARP on 3.7-STABLE. Unfortunately, I have 
problems with even setting it up. Maybe you have some ideas.


Here's my _very simple_ config:

-bash-3.00# ifconfig
le1: 
flags=8b63 
mtu 1500

address: 00:0c:29:4e:14:d8
inet6 fe80::20c:29ff:fe4e:14d8%le1 prefixlen 64 scopeid 0x1
inet 172.16.3.220 netmask 0xfe00 broadcast 172.16.3.255
pflog0: flags=0<> mtu 33224
pfsync0: flags=0<> mtu 2020
enc0: flags=0<> mtu 1536

-bash-3.00# ifconfig carp0 vhid 100 172.16.3.223 broadcast 172.16.3.255 
netmask 255.255.254.0

-bash-3.00# ifconfig carp0
carp0: flags=8843 mtu 1500
carp: MASTER carpdev le1 vhid 100 advbase 1 advskew 0
inet 172.16.3.223 netmask 0xfe00 broadcast 172.16.3.255
-bash-3.00#


Local ping on 172.16.3.223 does work. Remote ping on 172.16.3.220 does 
work. Remote ping on 172.16.3.223 does not work. Given that this is such 
a basic setup there must be something I am missing here. Shouldn't I be 
able to ping the CARP device remotely?


Any help is appreciated!
Thanks,

--

 Stephan A. Rickauer

 
 Institut f|r Neuroinformatik
 Universitdt / ETH Z|rich
 Winterthurerstriasse 190
 CH-8057 Z|rich

 Tel: +41 44 635 30 50
 Sek: +41 44 635 30 52
 Fax: +41 44 635 30 53

 http://www.ini.ethz.ch
 

Re: LSI Logic Ultra320 Scsi Raid Card

[Eci Souji]

Apologies for my delay as things here have been a bit crazy. Unfortunatly we
had to abandon OpenBSD for the boxen running the LSI 320-2E cards for other
reasons, but I'll try to test out your diff to see if I get a successfull
detection.

On the subject of LSI cards tho I do have another question that I was hoping
I could get some help with. We've got some Tyan GX28's (
http://www.tyan.com/products/html/gx28b2882.html) here running 3.7 in single
processor mode using LSI Megaraid SATA 150-4 adapters. Everything works fine
until we try to run with multiple processors, at which point we can't even
boot due to ami0 timeout errors. I'm not on site right now but I'll try to
get a dmesg etc up tomorrow.

Thanks again to everyone on the list.


- S

On 8/24/05, Marco Peereboom <[EMAIL PROTECTED]> wrote:
>
> If you guys care about this diff making 3.8 I suggest that someone sends
> me
> some feedback.
>
> /marco
>
> On Tue, Aug 23, 2005 at 12:19:11PM -0500, Marco Peereboom wrote:
> > Note that pcidevs_data.h and pcidevs.h are part of the diff. I did this
> for
> > easy patching and testing.
> >
> > Give it a go and let me know if it works.
> >
> > /marco
> >
> > Index: ami_pci.c
> > ===
> > RCS file: /cvs/src/sys/dev/pci/ami_pci.c,v
> > retrieving revision 1.29
> > diff -u -r1.29 ami_pci.c
> > --- ami_pci.c 15 Aug 2005 23:22:46 - 1.29
> > +++ ami_pci.c 23 Aug 2005 17:15:36 -
> > @@ -87,6 +87,7 @@
> > AMI_CHECK_SIGN | AMI_BROKEN },
> > { PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_MEGARAID, 0 },
> > { PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_MEGARAID_320, 0 },
> > + { PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_MEGARAID_3202E, 0 },
> > { PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_SATA8, 0 },
> > { 0 }
> > };
> > Index: pcidevs
> > ===
> > RCS file: /cvs/src/sys/dev/pci/pcidevs,v
> > retrieving revision 1.908
> > diff -u -r1.908 pcidevs
> > --- pcidevs 23 Aug 2005 03:31:34 - 1.908
> > +++ pcidevs 23 Aug 2005 17:15:39 -
> > @@ -2054,6 +2054,7 @@
> > product SYMBIOS FC919_1 0x0625 FC919
> > product SYMBIOS MEGARAID 0x1960 MegaRAID
> > product SYMBIOS MEGARAID_320 0x0407 MegaRAID 320
> > +product SYMBIOS MEGARAID_3202E 0x0408 MegaRAID 320-2E
> > product SYMBIOS SATA8 0x0409 MegaRAID SATA 8x
> >
> > /* Packet Engines products */
> > Index: pcidevs.h
> > ===
> > RCS file: /cvs/src/sys/dev/pci/pcidevs.h,v
> > retrieving revision 1.909
> > diff -u -r1.909 pcidevs.h
> > --- pcidevs.h 23 Aug 2005 03:31:53 - 1.909
> > +++ pcidevs.h 23 Aug 2005 17:15:44 -
> > @@ -2059,6 +2059,7 @@
> > #define PCI_PRODUCT_SYMBIOS_FC919_1 0x0625 /* FC919 */
> > #define PCI_PRODUCT_SYMBIOS_MEGARAID 0x1960 /* MegaRAID */
> > #define PCI_PRODUCT_SYMBIOS_MEGARAID_320 0x0407 /* MegaRAID 320 */
> > +#define PCI_PRODUCT_SYMBIOS_MEGARAID_3202E 0x0408 /* MegaRAID 320-2E */
> > #define PCI_PRODUCT_SYMBIOS_SATA8 0x0409 /* MegaRAID SATA 8x */
> >
> > /* Packet Engines products */
> > Index: pcidevs_data.h
> > ===
> > RCS file: /cvs/src/sys/dev/pci/pcidevs_data.h,v
> > retrieving revision 1.908
> > diff -u -r1.908 pcidevs_data.h
> > --- pcidevs_data.h 23 Aug 2005 03:31:53 - 1.908
> > +++ pcidevs_data.h 23 Aug 2005 17:15:49 -
> > @@ -5923,6 +5923,10 @@
> > "MegaRAID 320",
> > },
> > {
> > + PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_MEGARAID_3202E,
> > + "MegaRAID 320-2E",
> > + },
> > + {
> > PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_SATA8,
> > "MegaRAID SATA 8x",
> > },

Re: SBE wanPMC-xT3E3 support

[Toni Mueller]

Hi,

On Mon, 22.08.2005 at 12:16:19 -0700, andrew fresh <[EMAIL PROTECTED]> wrote:
> Is there another T3 card that is supported by OpenBSD?

I have exactly the same problem, but think about using media converters
instead, speaking E3-something on the WAN side, and Ethernet on the LAN
side.

When I tried to talk to SBEI, they were not very helpful.


Best,
--Toni++

Re: Moving from 3.7-release to -stable: make build fails (i386)

[Roman Zilka]

> > > > # export CFLAGS='-O3 -mcpu=athlon-xp -march=athlon-xp -mmmx 
> > > > -msse -m3dnow
> > > > -mfpmath=sse'

> So please tell us, where in FAQ it says to use those CFLAGS? Or any compiler
> flags at all?

I tried turning these off completely, of course. To no avail, however.

(Actually, I only added the *FLAGS stuff because my most recent 'make build' 
attempt before posting my question in here included them and thus the flags 
appeared in the output I cut&pasted. So, I also metioned the 'export 
*FLAGS=...'s to make it perfectly clear, why is cc called with such strange 
stuff about (when I'm about to be verbose and complete, I'm verbose and 
complete:).

Re: Moving from 3.7-release to -stable: make build fails (i386)

[Mitja Muženič]

> > > # export CFLAGS='-O3 -mcpu=athlon-xp -march=athlon-xp -mmmx 
> > > -msse -m3dnow
> > > -mfpmath=sse'
[...]
> I could do just 'make obj build' or something like that, but 
> I wanted to make clear that I'm not skipping any steps which 
> are required at the first rebuild, as it could be definitely 
> expected from a newbie in the field. I even wrote all those 
> 'cd ...'s to filter out notes like "do you really stick to 
> the intructions in the FAQ?" and similar BFU-typical errors 
> (which are generally assumed vey well possible in someone who 
> stamps themselves as a "new user").
> 
> In reality I just wipe obj, then make obj build, sure.

So please tell us, where in FAQ it says to use those CFLAGS? Or any compiler
flags at all?


Regards, Mitja

Re: Moving from 3.7-release to -stable: make build fails (i386)

[Stuart Henderson]

--On 31 August 2005 09:29 +0200, Roman Zilka wrote:


> # export CFLAGS='-O3 -mcpu=athlon-xp -march=athlon-xp -mmmx
> -msse -m3dnow -mfpmath=sse'


Don't do this with OpenBSD, it's not recommended or supported.

Re: Moving from 3.7-release to -stable: make build fails (i386)

[Roman Zilka]

> >> > # export CFLAGS='-O3 -mcpu=athlon-xp -march=athlon-xp -mmmx
> >> > -msse -m3dnow -mfpmath=sse'
> 
> Don't do this with OpenBSD, it's not recommended or supported.

OK, I'll try to keep my hands off it, thanks for the hint.
(It doesn't solve my 'make build' problem in this case however.)

Re: Moving from 3.7-release to -stable: make build fails (i386)

[Roman Zilka]

> Is there any particular reason why you do all these steps:
> 
> > # export DESTDIR=/
> > # export CFLAGS='-O3 -mcpu=athlon-xp -march=athlon-xp -mmmx 
> > -msse -m3dnow
> > -mfpmath=sse'
> > # export CXXFLAGS=$CFLAGS
> > # cd etc
> > # make distrib-dirs
> > ...
> > # cd ..
> 
> When the only thing you should need to do is:
> > # make build
> 
> ???

I could do just 'make obj build' or something like that, but I wanted to make 
clear that I'm not skipping any steps which are required at the first rebuild, 
as it could be definitely expected from a newbie in the field. I even wrote all 
those 'cd ...'s to filter out notes like "do you really stick to the 
intructions in the FAQ?" and similar BFU-typical errors (which are generally 
assumed vey well possible in someone who stamps themselves as a "new user").

In reality I just wipe obj, then make obj build, sure.