Re: Slightly OT, but chroot related: Security with mini_sendmail
Hi, dunno about your problem, but you shouldn't make your web pages or programs writtable by the www user. Make them belong to root.bin or root.daemon Regards Alex On 9/16/05, L. V. Lammert [EMAIL PROTECTED] wrote: I have perms on mini_sendmail set to www,www (same as Apache), .. it's
Re: Receiving mail
On 9/15/05, Barry, Christopher [EMAIL PROTECTED] wrote: We could, but you'd never get it... you don't know how to cc? here, let me show you
SpamAssassin
Hello folks. I'm trying to use SpamAssassin (not Spamd) on OpenBSD 3.7. I installed using the port mail/p5-Mail-SpamAssassin. Everything seemed to go OK, no errors of any kind. While SpamAssassin itself seems to be installed, what is apparently missing is the utility sa-learn which is needed to update the Bayesian database. It's not in the path, and I scoured the hard disk with locate - it's not there. No man page for sa-learn either. I did some googling on sa-learn openbsd, got many hits but nothing to indicate that there was a problem or a separate procedure for installing this utility. So I'm stumped. My experience with OpenBSD so far is that it's always better to use the ports rather than trying to download source and installing manually. So I haven't tried yet installing SpamAssassin manually through CPAN - if I can't get the port to work, that will be my next move. I'd be happy for any advice on this. best regards, Robert
wd0: soft error (corrected)
Hi I have two harddisks: wd0 at pciide0 channel 0 drive 0: Maxtor 91360U4 wd0: 16-sector PIO, LBA, 12982MB, 26588016 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 wd1 at pciide0 channel 1 drive 0: IC35L080AVVA07-0 wd1: 16-sector PIO, LBA, 78533MB, 160836480 sectors wd1(pciide0:1:0): using PIO mode 4, DMA mode 2 and as I copied some large files from wd0 to wd1 I get the following errors. Do I need a new harddrive? wd0(pciide0:0:0): timeout type: ata c_bcount: 65536 c_skip: 0 pciide0:0:0: bus-master DMA error: missing interrupt, status=0x20 wd0f: device timeout writing fsbn 7565664 of 7565664-7565791 (wd0 bn 12664128; c n 12563 tn 9 sn 57), retrying wd0: soft error (corrected) wi0: host encrypt not implemented for 802.3 wd0(pciide0:0:0): timeout type: ata c_bcount: 65536 c_skip: 0 pciide0:0:0: bus-master DMA error: missing interrupt, status=0x20 wd0f: device timeout writing fsbn 7619104 of 7619104-7619231 (wd0 bn 12717568; c n 12616 tn 10 sn 10), retrying wd0: soft error (corrected) wd0(pciide0:0:0): timeout type: ata c_bcount: 65536 c_skip: 0 pciide0:0:0: bus-master DMA error: missing interrupt, status=0x20 wd0f: device timeout writing fsbn 7693584 of 7693584-7693711 (wd0 bn 12792048; c n 12690 tn 8 sn 24), retrying wd0: soft error (corrected) wi0: host encrypt not implemented for 802.3 wd0(pciide0:0:0): timeout type: ata c_bcount: 65536 c_skip: 0 pciide0:0:0: bus-master DMA error: missing interrupt, status=0x20 wd0f: device timeout writing fsbn 7961472 of 7961472-7961599 (wd0 bn 13059936; c n 12956 tn 4 sn 36), retrying wd0: soft error (corrected) wd0(pciide0:0:0): timeout type: ata c_bcount: 65536 c_skip: 0 ...
Re: SpamAssassin
El vie, 16-09-2005 a las 14:14 +0800, Robert Storey escribis: [...] what is apparently missing is the utility sa-learn which is needed to update the Bayesian database. It's not in the path, and I scoured the hard disk with locate - it's not there. No man page for sa-learn either. [...] I'd be happy for any advice on this. Try with whereis sa-learn. When you're looking for a binary, whereis is a nice choice (it doesn't rely on databases that must be updates like locate does). regards, Juanjo -- Desarrollo y sistemas: http://www.usebox.net/ Pagina Personal: http://www.usebox.net/jjm/
Re: SpamAssassin
--On 16 September 2005 14:14 +0800, Robert Storey wrote: Hello folks. I'm trying to use SpamAssassin (not Spamd) on OpenBSD 3.7. I installed using the port mail/p5-Mail-SpamAssassin. Try the package, in case something went wrong with your port-building. It's not in the path, and I scoured the hard disk with locate - it's not there. No man page for sa-learn either. On mine: $ pkg_info -f p5-Mail-SpamAssassin-3.0.4|grep sa-learn bin/sa-learn @man man/man1/sa-learn.1 -- so it should go in /usr/local/bin/sa-learn.
problems with backup-tape under openBSD 3.6
Hi I am using a backup tape witch at the moment runs under suselinux 7.3. Now I am migrating to openbsd and try to read my data witch are written under linux from a tape that runs under openbsd 3.6. The problem is: there is only a small part of what I backuped, and during the read-process tar says: missing header for file XX -search for header I used the tape before under freeBSD 4.11 (driver: sa0) and never encountered that problem. I suspect that st only rekognises dds3 tapes. If so, what can I do? The tape hardware is hp surestore dat dds4 Configuration under openbsd: |-siop0 | \-scsibus1 | \-st0 (dmassage -t) mt status says: mt -f /dev/st0 status SCSI tape drive, residual=0 ds=3Mounted er=0 blocksize: 0 (0, 0, 0, 0) density: 38 (0, 0, 0, 0) thanks in advance, Erwin -- Lust, ein paar Euro nebenbei zu verdienen? Ohne Kosten, ohne Risiko! Satte Provisionen f|r GMX Partner: http://www.gmx.net/de/go/partner
Re: Another pf.conf(5) man bug?
On Fri, Sep 16, 2005 at 02:44:06AM +, Karl O. Pinc wrote: The pf.conf(5) grammer says: routehost = ( interface-name [ address [ / mask-bits ] ] ) I'm thinking it should be: routehost = ( interface-name [ address [ / mask-bits ] ] ) just fixed by daniel too... jmc
Re: problems with backup-tape under openBSD 3.6
On Fri, 16 Sep 2005, Erwin Zbinden wrote: Hi I am using a backup tape witch at the moment runs under suselinux 7.3. Now I am migrating to openbsd and try to read my data witch are written under linux from a tape that runs under openbsd 3.6. The problem is: there is only a small part of what I backuped, and during the read-process tar says: missing header for file XX -search for header I used the tape before under freeBSD 4.11 (driver: sa0) and never encountered that problem. I suspect that st only rekognises dds3 tapes. If so, what can I do? Dunno about st(4) and dds3 tapes, but I can think of two things to try: - Errata 001 for 3.6 fixes a scsi tape problem. - The archive was written using gnu tar. Try reading it back with gnu tar. If this succeeds, I'd really like to know what's in the archive, to see what is going wrong. -Otto
Re: Nmap -O... will it be fixed some day?
Rod.. Whitworth schrieb: On Fri, 16 Sep 2005 07:56:25 +0200, Sebastian .Rother wrote: Hello everybody, I just wanna know if the nmap-Issue with the -O option will be fixed on OpenBSD (some day..). Just a little scan against hackin9. # nmap -P0 -sV -p22,80,443 -T1 -vvv -O www.hakin9.org Initiating SYN Stealth Scan against host-ip84-243.crowley.pl (62.111.243.84) [3 ports] at 07:45 SYN Stealth Scan Timing: About 50.00% done; ETC: 07:46 (0:00:30 remaining) Discovered open port 22/tcp on 62.111.243.84 Discovered open port 80/tcp on 62.111.243.84 The SYN Stealth Scan took 45.74s to scan 3 total ports. Initiating service scan against 2 services on host-ip84-243.crowley.pl (62.111.243.84) at 07:45 The service scan took 7.25s to scan 2 services on 1 host. For OSScan assuming port 22 is open, 443 is closed, and neither are firewalled sendto in send_ip_packet: sendto(3, packet, 60, 0, 62.111.243.84, 16) = No route to host Sleeping 15 seconds then retrying [and some more Timeouts*wait wait*...] The same scan just without the -O option. # nmap -P0 -sV -p22,80,443 -T1 -vvv www.hakin9.org Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-09-16 07:49 CEST Initiating SYN Stealth Scan against host-ip84-243.crowley.pl (62.111.243.84) [3 ports] at 07:49 Discovered open port 80/tcp on 62.111.243.84 SYN Stealth Scan Timing: About 50.00% done; ETC: 07:50 (0:00:30 remaining) Discovered open port 22/tcp on 62.111.243.84 The SYN Stealth Scan took 45.23s to scan 3 total ports. Initiating service scan against 2 services on host-ip84-243.crowley.pl (62.111.243.84) at 07:50 The service scan took 5.76s to scan 2 services on 1 host. Host host-ip84-243.crowley.pl (62.111.243.84) appears to be up ... good. Interesting ports on host-ip84-243.crowley.pl (62.111.243.84): PORTSTATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99) 80/tcp open httpApache httpd 2.0.52 ((Aurox Linux)) 443/tcp closed https Nmap finished: 1 IP address (1 host up) scanned in 51.399 seconds Raw packets sent: 3 (120B) | Rcvd: 6 (260B) I notice this behavior just on OpenBSD and PF dosn't affected my scan. And as you can see it works absolutly fine without the -O option. I don't think it's a nmap-related problem but I wasn't able to figure out what's the problem on OpenBSD exactly. :-/ I would be happy if somebody (maybe with more experience) could explain me how and why the -O option leads to No Route To Host. Kind regards, Sebastian p.s. I used a normal x86 (Duron) with OpenBSD 3.8 (Stable). And here is my result: == # nmap -P0 -sV -p22,80,443 -T1 -vvv -O www.hakin9.org Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-09-16 17:29 EST Initiating SYN Stealth Scan against host-ip84-243.crowley.pl (62.111.243.84) [3 ports] at 17:29 Discovered open port 80/tcp on 62.111.243.84 SYN Stealth Scan Timing: About 50.00% done; ETC: 17:30 (0:00:30 remaining) Discovered open port 22/tcp on 62.111.243.84 The SYN Stealth Scan took 45.37s to scan 3 total ports. Initiating service scan against 2 services on host-ip84-243.crowley.pl (62.111.243.84) at 17:29 The service scan took 6.40s to scan 2 services on 1 host. For OSScan assuming port 22 is open, 443 is closed, and neither are firewalled Insufficient responses for TCP sequencing (5), OS detection may be less accurate Host host-ip84-243.crowley.pl (62.111.243.84) appears to be up ... good. Interesting ports on host-ip84-243.crowley.pl (62.111.243.84): PORTSTATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99) 80/tcp open httpApache httpd 2.0.52 ((Aurox Linux)) 443/tcp closed https Device type: general purpose Running: Linux 2.4.X OS details: Linux 2.4.19 - 2 Fingerprint: T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW) T2(Resp=N) T3(Resp=N) T4(Resp=N) T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=N) T7(Resp=N) PU(Resp=Y%DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DA T=E) Uptime 10.357 days (since Tue Sep 6 09:05:08 2005) TCP Sequence Prediction: Class=unknown class Difficulty=0 (Trivial joke) TCP ISN Seq. Numbers: 7E74D804 7F2BA65A 80EEB6C8 82A844B9 8556A140 IPID Sequence Generation: All zeros Nmap finished: 1 IP address (1 host up) scanned in 626.421 seconds Raw packets sent: 21 (1200B) | Rcvd: 12 (952B) [loki:root] # == Using 3.8beta. I don't know where you got 3.8-stable, AFAIK there is no such animal yet. Whatever you have something other than OpenBSD itself is broken. Unless you broke it? From the land down under: Australia. Do we look umop apisdn from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server. That suprises me... :-/ I installed 3.8-beta even on my router and I can't figure out why it isn't working. Btw: stable - Related to the CVS (-rOPENBSD_3_8). So it's more the upcomming stable of course. :-D Well but
Re: Nmap -O... will it be fixed some day?
I have seen this too, but that was a long time ago, I never actually run nmap anymore :-) Maybe it has something to do with some nics? Wijnand
Re: Nmap -O... will it be fixed some day?
On Fri, Sep 16, 2005 at 01:12:06PM +0200, Wijnand Wiersma wrote: I have seen this too, but that was a long time ago, I never actually run nmap anymore :-) Maybe it has something to do with some nics? doesn't think so; try to disable pf ;) Probably it's a matter of pf`s traffic normalization. -- Lukasz Sztachanski ...proud user of C8H10N4O2 :) http://szati.blogspot.com http://rudy.mif.pg.gda.pl/~szati/szati.asc
Re: wd0: soft error (corrected)
On Friday 16 September 2005 11:17, Jonathan Gray wrote: Include a full dmesg. OpenBSD 3.6 (GENERIC) #59: Fri Sep 17 12:32:57 MDT 2004 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD-K6tm w/ multimedia extensions (AuthenticAMD 586-class) 200 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX real mem = 66695168 (65132K) avail mem = 53338112 (52088K) using 839 buffers containing 3436544 bytes (3356K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(c6) BIOS, date 04/28/99, BIOS32 rev. 0 @ 0xf0400 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown pcibios0 at bios0: rev 2.1 @ 0xf/0xa22 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf09b0/112 (5 entries) pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x8000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82439HX rev 0x03 pcib0 at pci0 dev 7 function 0 Intel 82371SB ISA rev 0x01 pciide0 at pci0 dev 7 function 1 Intel 82371SB IDE rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: Maxtor 91360U4 wd0: 16-sector PIO, LBA, 12982MB, 26588016 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 wd1 at pciide0 channel 1 drive 0: IC35L080AVVA07-0 wd1: 16-sector PIO, LBA, 78533MB, 160836480 sectors wd1(pciide0:1:0): using PIO mode 4, DMA mode 2 ne3 at pci0 dev 9 function 0 Realtek 8029 rev 0x00: irq 12 ne3: address XX:XX:XX:XX:XX:XX vga1 at pci0 dev 10 function 0 ATI Mach64 GT rev 0x9a wsdisplay0 at vga1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) AVM Fritz ISDN rev 0x01 at pci0 dev 11 function 0 not configured wi0 at pci0 dev 12 function 0 Intersil PRISM2.5 rev 0x01: irq 11 wi0: PRISM2.5 ISL3874A(Mini-PCI), Firmware 1.1.1 (primary), 1.8.0 (station), address XX:XX:XX:XX:XX:XX isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 ne2 at isa0 port 0x280/32 irq 9 ne2: NE2000 (RTL8019) Ethernet ne2: address XX:XX:XX:XX:XX:XX pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker sysbeep0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec isapnp0 at isa0 port 0x279: read port 0x203 sb1 at isapnp0 Creative ViBRA16C PnP, CTL0001, , Audio port 0x220/16,0x330/2,0x388/4 irq 5 drq 1,5: dsp v4.13 midi1 at sb1: SB MPU-401 UART audio0 at sb1 opl0 at sb1: model OPL3 midi2 at opl0: SB Yamaha OPL3 joy0 at isapnp0 Creative ViBRA16C PnP, CTL7001, PNPB02F, Game port 0x200/8 biomask e545 netmask ff45 ttymask ffc7 pctr: user-level cycle counter enabled dkcsum: wd0 matched BIOS disk 80 wd1: no disk label dkcsum: wd1 matched BIOS disk 81 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302
Re: wd0: soft error (corrected)
Hi I have two harddisks: wd0 at pciide0 channel 0 drive 0: Maxtor 91360U4 wd0: 16-sector PIO, LBA, 12982MB, 26588016 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 wd1 at pciide0 channel 1 drive 0: IC35L080AVVA07-0 wd1: 16-sector PIO, LBA, 78533MB, 160836480 sectors wd1(pciide0:1:0): using PIO mode 4, DMA mode 2 and as I copied some large files from wd0 to wd1 I get the following errors. Do I need a new harddrive? wd0(pciide0:0:0): timeout type: ata c_bcount: 65536 c_skip: 0 pciide0:0:0: bus-master DMA error: missing interrupt, status=0x20 wd0f: device timeout writing fsbn 7565664 of 7565664-7565791 (wd0 bn 12664128; c n 12563 tn 9 sn 57), retrying wd0: soft error (corrected) wi0: host encrypt not implemented for 802.3 wd0(pciide0:0:0): timeout type: ata c_bcount: 65536 c_skip: 0 pciide0:0:0: bus-master DMA error: missing interrupt, status=0x20 wd0f: device timeout writing fsbn 7619104 of 7619104-7619231 (wd0 bn 12717568; c n 12616 tn 10 sn 10), retrying wd0: soft error (corrected) wd0(pciide0:0:0): timeout type: ata c_bcount: 65536 c_skip: 0 pciide0:0:0: bus-master DMA error: missing interrupt, status=0x20 wd0f: device timeout writing fsbn 7693584 of 7693584-7693711 (wd0 bn 12792048; c n 12690 tn 8 sn 24), retrying wd0: soft error (corrected) wi0: host encrypt not implemented for 802.3 wd0(pciide0:0:0): timeout type: ata c_bcount: 65536 c_skip: 0 pciide0:0:0: bus-master DMA error: missing interrupt, status=0x20 wd0f: device timeout writing fsbn 7961472 of 7961472-7961599 (wd0 bn 13059936; c n 12956 tn 4 sn 36), retrying wd0: soft error (corrected) wd0(pciide0:0:0): timeout type: ata c_bcount: 65536 c_skip: 0 ... i had this same problem with a SATA drive i have. i couldn't figure out what was going wrong for quite a bit, but swapping out the power supply fixed it in my case. i think the first PS i had installed was giving enough juice to the drive. cheers, jake
Re: wd0: soft error (corrected)
Not yet but if it continues to do that you should. On Sep 16, 2005, at 2:34 AM, Christoph Fritz wrote: Hi I have two harddisks: wd0 at pciide0 channel 0 drive 0: Maxtor 91360U4 wd0: 16-sector PIO, LBA, 12982MB, 26588016 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 wd1 at pciide0 channel 1 drive 0: IC35L080AVVA07-0 wd1: 16-sector PIO, LBA, 78533MB, 160836480 sectors wd1(pciide0:1:0): using PIO mode 4, DMA mode 2 and as I copied some large files from wd0 to wd1 I get the following errors. Do I need a new harddrive? wd0(pciide0:0:0): timeout type: ata c_bcount: 65536 c_skip: 0 pciide0:0:0: bus-master DMA error: missing interrupt, status=0x20 wd0f: device timeout writing fsbn 7565664 of 7565664-7565791 (wd0 bn 12664128; c n 12563 tn 9 sn 57), retrying wd0: soft error (corrected) wi0: host encrypt not implemented for 802.3 wd0(pciide0:0:0): timeout type: ata c_bcount: 65536 c_skip: 0 pciide0:0:0: bus-master DMA error: missing interrupt, status=0x20 wd0f: device timeout writing fsbn 7619104 of 7619104-7619231 (wd0 bn 12717568; c n 12616 tn 10 sn 10), retrying wd0: soft error (corrected) wd0(pciide0:0:0): timeout type: ata c_bcount: 65536 c_skip: 0 pciide0:0:0: bus-master DMA error: missing interrupt, status=0x20 wd0f: device timeout writing fsbn 7693584 of 7693584-7693711 (wd0 bn 12792048; c n 12690 tn 8 sn 24), retrying wd0: soft error (corrected) wi0: host encrypt not implemented for 802.3 wd0(pciide0:0:0): timeout type: ata c_bcount: 65536 c_skip: 0 pciide0:0:0: bus-master DMA error: missing interrupt, status=0x20 wd0f: device timeout writing fsbn 7961472 of 7961472-7961599 (wd0 bn 13059936; c n 12956 tn 4 sn 36), retrying wd0: soft error (corrected) wd0(pciide0:0:0): timeout type: ata c_bcount: 65536 c_skip: 0 ...
Re: Nmap -O... will it be fixed some day?
Lukasz Sztachanski wrote: [...] doesn't think so; try to disable pf ;) Probably it's a matter of pf`s traffic normalization. [...] Or use; pass in quick on $xxx all allow-opts on int used specific(!) for nmap, snort et al. /per [EMAIL PROTECTED]
3.7 GENERIC.MP and PowerEdge 1850 w/ dual Xeon
I have a Poweredge 1850, dual Xeon. When I boot a 3.7 GENERIC, everything is fine and the system boots correctly: OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 3.40GHz (GenuineIntel 686-class) 3.40 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,A CPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,PNI,MWAIT,EST,TM2,CNXT-ID cpu0: Enhanced SpeedStep disabled by BIOS But when I try to boot GENERIC.MP, the kernel boot process hangs, in some point (it seems when it's detecting a virtual disk) . The last lines that shows in the screen before hanging: pciide0: bus-master DMA support present pciide0: channel 0 wired to native-PCI mode pciide0: using irq 5 for native-PCI interrupt atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets sd1 at scsibus1 targ 0 lun 0: DELL, VSF, 0123 SCSI0 0/direct removable Any suggestion is appreciated. Thanks, Mariano. -- GMX DSL = Maximale Leistung zum minimalen Preis! 2000 MB nur 2,99, Flatrate ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl
Re: Slow Sparc Ultra 5
On 9/16/05, BadMagic [EMAIL PROTECTED] wrote: Hello, I installed OpenBSD 3.7 (Sparc64) on my Ultra 5 and it's performance is not what I'd expected. I'd recently had Solaris on there (using CDE) and it ran quite quickly but with OpenBSD, when I do an 'ls -la', it takes forever for the screen to scroll through the list and try it via ssh! Slow. I'm using it as a Web server and it's noticably slower at serving pages than the old x86 I had doing the job before was. Anyone know something about this? Regards, sl Here's it's dmesg (This took forEVER): /*8- console is keyboard/display Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2005 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 3.7 (RAMDISK) #344: Sun Mar 20 14:38:37 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/RAMDISK total memory = 134217728 avail memory = 112893952 using 819 buffers containing 6709248 bytes of memory bootpath: /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED],0/[EMAIL PROTECTED],0:f mainbus0 (root): Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 270MHz) cpu0 at mainbus0: SUNW,UltraSPARC-IIi @ 270 MHz, version 0 FPU cpu0: physical 32K instruction (32 b/l), 16K data (32 b/l), 256K external (64 b/l) psycho0 at mainbus0 addr 0xfffc4000 SUNW,sabre: impl 0, version 0: ign 7c0 bus range 0 to 2; PCI bus 0 DVMA map: c000 to e000 IOTDB: 10bb4000 to 10c34000 pci0 at psycho0 ppb0 at pci0 dev 1 function 1 vendor 0x108e product 0x5000 rev 0x11 pci1 at ppb0 bus 1 ebus0 at pci1 dev 1 function 0 vendor 0x108e product 0x1000 rev 0x01 auxio0 at ebus0 addr 726000-726003, 728000-728003, 72a000-72a003, 72c000-72c003, 72f000-72f003 power at ebus0 addr 724000-724003 ipl 37 not configured SUNW,pll at ebus0 addr 504000-504002 not configured sab0 at ebus0 addr 40-40007f ipl 43: rev 3.2 sabtty0 at sab0 port 0 sabtty1 at sab0 port 1 comkbd0 at ebus0 addr 3083f8-3083ff ipl 41: layout 34 wskbd0 at comkbd0: console keyboard com0 at ebus0 addr 3062f8-3062ff ipl 42, mouse: ns16550a, 16 byte fifo ecpp at ebus0 addr 3043bc-3043cb, 30015c-30015d, 70-7f ipl 34 not configured fdthree at ebus0 addr 3023f0-3023f7, 706000-70600f, 72-720003 ipl 39 not configured clock1 at ebus0 addr 0-1fff: mk48t59: hostid 809f8b30 flashprom at ebus0 addr 0-f not configured SUNW,CS4231 at ebus0 addr 20-2000ff, 702000-70200f, 704000-70400f, 722000-722003 ipl 35 ipl 36 not configured hme0 at pci1 dev 1 function 1 vendor 0x108e product 0x1001 rev 0x01: address 08:00:20:9f:8b:30 nsphy0 at hme0 phy 1: DP83840 10/100 PHY, rev. 1 hme0: using ivec 3021 for interrupt vgafb0 at pci1 dev 2 function 0 vendor 0x1002 product 0x4754 rev 0x9a wsdisplay0 at vgafb0: console (std, sun emulation), using wskbd0 pciide0 at pci1 dev 3 function 0 vendor 0x1095 product 0x0646 rev 0x03: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using ivec 1820 for native-PCI interrupt wd0 at pciide0 channel 0 drive 0: FUJITSU MPD3043AT wd0: 16-sector PIO, LBA, 4125MB, 8448300 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: GoldStar, CD-ROM CRD-8240B, 1.24 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 ppb1 at pci0 dev 1 function 0 vendor 0x108e product 0x5000 rev 0x11 pci2 at ppb1 bus 2 pcons at mainbus0 not configured No counter-timer -- using %tick at 270MHz as system clock. rd0: fixed, 6144 blocks root on rd0a rootdev=0x500 rrootdev=0x3d00 rawdev=0x3d02 8--*/ I have no problems at all with pretty much the same system. The system is running Xorg with fluxbox, and it works just fine. I have also tried Solaris but that ran a lot slower, in some cases i was waiting 10 minutes for a a window to show up. - Alexander Here is the dmesg with at the bottom the time it took for the command to execute. console is keyboard/display Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2005 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 3.7 (GENERIC) #431: Sun Mar 20 14:10:02 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC total memory = 134217728 avail memory = 110485504 using 819 buffers containing 6709248 bytes of memory bootpath: /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED],0/[EMAIL PROTECTED],0 mainbus0 (root): Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 270MHz) cpu0 at mainbus0: SUNW,UltraSPARC-IIi @ 270 MHz, version 0 FPU cpu0: physical 32K instruction (32 b/l), 16K data (32 b/l), 256K external (64 b/l) psycho0 at mainbus0 addr 0xfffc4000 SUNW,sabre: impl 0, version 0: ign 7c0 bus range 0 to 2;
Re: wd0: soft error (corrected)
* Christoph Fritz [EMAIL PROTECTED] [16 Sep 05, 09:34] writes: ... wd0(pciide0:0:0): timeout type: ata c_bcount: 65536 c_skip: 0 pciide0:0:0: bus-master DMA error: missing interrupt, status=0x20 wd0f: device timeout writing fsbn 7565664 of 7565664-7565791 (wd0 bn 12664128; c n 12563 tn 9 sn 57), retrying wd0: soft error (corrected) wi0: host encrypt not implemented for 802.3 ... Hi, I had similar problems. The DMA system of the drive was obviously damaged. If you want to use the drive anyway, read wd(4) and disable DMA, UltraDMA or PIO mode (I cannot remember the exact configuration), before the drive is used. How to do that, read boot(8) and boot_config(8) or rather config(8). Best regards, Lars
ipsec, ipsecctl configuration
Hi. I'm trying to use ipsecctl to manage my ipsec connection. Is there a more detailed description/howto or some more infos available? Whould be great. Regards Thanks. Karl-Heinz
Re: Slow Sparc Ultra 5
Maybe because you are using the RAMDISK kernel? Try switching to GENERIC, and see if that works better. --Bryan On 9/15/05, BadMagic [EMAIL PROTECTED] wrote: Hello, I installed OpenBSD 3.7 (Sparc64) on my Ultra 5 and it's performance is not what I'd expected. I'd recently had Solaris on there (using CDE) and it ran quite quickly but with OpenBSD, when I do an 'ls -la', it takes forever for the screen to scroll through the list and try it via ssh! Slow. I'm using it as a Web server and it's noticably slower at serving pages than the old x86 I had doing the job before was. Anyone know something about this? Regards, sl Here's it's dmesg (This took forEVER): /*8- console is keyboard/display Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2005 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 3.7 (RAMDISK) #344: Sun Mar 20 14:38:37 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/RAMDISK total memory = 134217728 avail memory = 112893952 using 819 buffers containing 6709248 bytes of memory bootpath: /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED],0/[EMAIL PROTECTED],0:f mainbus0 (root): Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 270MHz) cpu0 at mainbus0: SUNW,UltraSPARC-IIi @ 270 MHz, version 0 FPU cpu0: physical 32K instruction (32 b/l), 16K data (32 b/l), 256K external (64 b/l) psycho0 at mainbus0 addr 0xfffc4000 SUNW,sabre: impl 0, version 0: ign 7c0 bus range 0 to 2; PCI bus 0 DVMA map: c000 to e000 IOTDB: 10bb4000 to 10c34000 pci0 at psycho0 ppb0 at pci0 dev 1 function 1 vendor 0x108e product 0x5000 rev 0x11 pci1 at ppb0 bus 1 ebus0 at pci1 dev 1 function 0 vendor 0x108e product 0x1000 rev 0x01 auxio0 at ebus0 addr 726000-726003, 728000-728003, 72a000-72a003, 72c000-72c003, 72f000-72f003 power at ebus0 addr 724000-724003 ipl 37 not configured SUNW,pll at ebus0 addr 504000-504002 not configured sab0 at ebus0 addr 40-40007f ipl 43: rev 3.2 sabtty0 at sab0 port 0 sabtty1 at sab0 port 1 comkbd0 at ebus0 addr 3083f8-3083ff ipl 41: layout 34 wskbd0 at comkbd0: console keyboard com0 at ebus0 addr 3062f8-3062ff ipl 42, mouse: ns16550a, 16 byte fifo ecpp at ebus0 addr 3043bc-3043cb, 30015c-30015d, 70-7f ipl 34 not configured fdthree at ebus0 addr 3023f0-3023f7, 706000-70600f, 72-720003 ipl 39 not configured clock1 at ebus0 addr 0-1fff: mk48t59: hostid 809f8b30 flashprom at ebus0 addr 0-f not configured SUNW,CS4231 at ebus0 addr 20-2000ff, 702000-70200f, 704000-70400f, 722000-722003 ipl 35 ipl 36 not configured hme0 at pci1 dev 1 function 1 vendor 0x108e product 0x1001 rev 0x01: address 08:00:20:9f:8b:30 nsphy0 at hme0 phy 1: DP83840 10/100 PHY, rev. 1 hme0: using ivec 3021 for interrupt vgafb0 at pci1 dev 2 function 0 vendor 0x1002 product 0x4754 rev 0x9a wsdisplay0 at vgafb0: console (std, sun emulation), using wskbd0 pciide0 at pci1 dev 3 function 0 vendor 0x1095 product 0x0646 rev 0x03: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using ivec 1820 for native-PCI interrupt wd0 at pciide0 channel 0 drive 0: FUJITSU MPD3043AT wd0: 16-sector PIO, LBA, 4125MB, 8448300 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: GoldStar, CD-ROM CRD-8240B, 1.24 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 ppb1 at pci0 dev 1 function 0 vendor 0x108e product 0x5000 rev 0x11 pci2 at ppb1 bus 2 pcons at mainbus0 not configured No counter-timer -- using %tick at 270MHz as system clock. rd0: fixed, 6144 blocks root on rd0a rootdev=0x500 rrootdev=0x3d00 rawdev=0x3d02 8--*/
Re: ipsec, ipsecctl configuration
On Sep 16, 2005, at 2:49 PM, Karl-Heinz Wild wrote: Hi. I'm trying to use ipsecctl to manage my ipsec connection. Is there a more detailed description/howto or some more infos available? I haven't found anything besides the man pages. Here's a very basic example for getting a tunnel setup between two endpoints using ipsecctl, ipsec.conf and isakmpd. This is just a simplified version (thanks to ipsec.conf) version of the same method that has been documented for using ipsecadm + isakmpd for automatic key exchange. Each step will need to be performed on each endpoint, with values reversed. Don't forget your pf ruleset and sysctl settings. # ... setup keys ... # cd /etc/isakmpd # openssl genrsa -out private/local.key 1024 # chmod 600 private/local.key # openssl rsa -out pubkeys/`hostname`.pub -in private/local.key -pubout # ln pubkeys/`hostname`.pub pubkeys/ipv4/10.0.0.2 # scp pubkeys/ipv4/10.0.0.2 [EMAIL PROTECTED]:/etc/isakmpd/pubkeys/ipv4/ # ... setup flows ... # echo 'flow esp from 10.20.20.0/24 to 10.30.30.0/24 peer 10.0.0.3' /etc/ipsec.conf # ipsecctl -f /etc/ipsec.conf # echo 'Authorizer: POLICY' /etc/isakmpd/isakmpd.policy # chmod 600 /etc/isakmpd/isakmpd.policy # isakmpd -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
sendfile()
Hello - Are there plans to add sendfile()/zero-copy to OpenBSD to improve web server performance? Thanks David
nat problems when using address pool
OpenBSD 3.7
Some hosts will experience poor to seemingly no Internet access when
using NAT address pools - web sites time out, even pings to remote
addresses fail.
Using:
nat on $ext_if from !$ext_if - $ext_if:0
works fine.
Using:
nat on $ext_if from !$ext_if - $ext_if
or
nat on $ext_if from !$ext_if - ext_net
does not.
Configuration:
T1-(cisco)-eth0 ---fxp0-(openBSD)-em0
|
em1
fxp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
address: 00:07:e9:93:2b:50
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 66.100.28.130 netmask 0xfff0 broadcast 66.100.28.143
inet6 fe80::207:e9ff:fe93:2b50%fxp0 prefixlen 64 scopeid 0x3
inet 66.100.28.131 netmask 0x broadcast 66.100.28.131
inet 66.100.28.132 netmask 0x broadcast 66.100.28.132
inet 66.100.28.133 netmask 0x broadcast 66.100.28.133
inet 66.100.28.134 netmask 0x broadcast 66.100.28.134
inet 66.100.28.135 netmask 0x broadcast 66.100.28.135
inet 66.100.28.136 netmask 0x broadcast 66.100.28.136
inet 66.100.28.137 netmask 0x broadcast 66.100.28.137
inet 66.100.28.138 netmask 0x broadcast 66.100.28.138
inet 66.100.28.139 netmask 0x broadcast 66.100.28.139
inet 66.100.28.140 netmask 0x broadcast 66.100.28.140
inet 66.100.28.141 netmask 0x broadcast 66.100.28.141
inet 66.100.28.142 netmask 0x broadcast 66.100.28.142
Alas I realized that the outbound mail server couldn't participate in
such a scheme as it needed to present the same addresses to the world
so that its dns name matched the helo name.
So I tried this:
nat on $ext_if from $server_1 - $ext_ad
nat on $ext_if from sp_net - $ext_ad_sp
nat on $ext_if from kw_net_minus - ext_net_minus
where sp_net is the address block on em1 and kw_net_minus is the
address block on em0 minus ext_ad (66.100.28.130).
Same problem, although mail service was solid again (no bounces from
those MTA's doing reverse lookups).
After examining http://openbsd.org/faq/pf/pools.html, I thought it might
be a round-robin vs. source-hash issue and tried this:
nat on $ext_if from $server_1 - $ext_ad
nat on $ext_if from sp_net - $ext_ad_sp
nat on $ext_if from kw_net_minus - 66.100.28.136/29 source-hash
as it appears, from the doc above that a CIDR block must be used when
specifying source-hash.
But again some clients experience very poor to what seems like no
Internet access.
The minute I revert back to:
nat on $ext_if from !$ext_if - $ext_if:0
or
nat on $ext_if from { kw_net, sp_net } - ext_net
everone works but my translations are limited to just the one address.
Pointers toward resolution? Thanks.
Chris
strange download speed
hi, i bought a 50Mbit/s metro ethernet internet connection and test it with two operating system. first windows XP SP2 with gigabit ethernet. I see 5MB/s download speed . second is an OpenBSD 3.7 with fxp0: Intel 82559 Pro/100 Ethernet and saw 2.2MB/s download speed. Do i need a kernel options to increase speed or anything?... ps: There is no firewall no other services on openbsd. it's pure openbsd , tested with wget and native ftp client. -- Huzeyfe VNAL --- First Turkish Qmail book is out! Go check it. Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti. http://www.acikakademi.com/catalog/qmail/
Re: nat problems when using address pool
Granted I'm running 3.6 but I have a setup very similar to you.
The external NATs of the servers are not in the natpool30 (1.2.3.0/30)
network.
In my experience, any protocols where the server will generate a
separate connection back to the client (like ftp) will not work with NAT
pools.
#Port NATs
rdr pass on $int_if inet proto tcp to port 21 - 127.0.0.1 port 8021
rdr pass on $ext_if inet proto tcp from trusted_users to $server1_nat
port 80 - $server1_int port 8080
#One 2 One Static NATs
binat on $ext_if inet from $server2_int to any - $server2_nat
#Outbound Hide NATs
nat on $ext_if inet from internal-subnets to any port $NATPoolPortsTCP
- $natpool30 source-hash
nat on $ext_if inet from internal-subnets to any - $ext_if
Ryan
On Fri, 2005-09-16 at 15:34 -0400, Chris Smith wrote:
OpenBSD 3.7
Some hosts will experience poor to seemingly no Internet access when
using NAT address pools - web sites time out, even pings to remote
addresses fail.
Using:
nat on $ext_if from !$ext_if - $ext_if:0
works fine.
Using:
nat on $ext_if from !$ext_if - $ext_if
or
nat on $ext_if from !$ext_if - ext_net
does not.
Configuration:
T1-(cisco)-eth0 ---fxp0-(openBSD)-em0
|
em1
fxp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
address: 00:07:e9:93:2b:50
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 66.100.28.130 netmask 0xfff0 broadcast 66.100.28.143
inet6 fe80::207:e9ff:fe93:2b50%fxp0 prefixlen 64 scopeid 0x3
inet 66.100.28.131 netmask 0x broadcast 66.100.28.131
inet 66.100.28.132 netmask 0x broadcast 66.100.28.132
inet 66.100.28.133 netmask 0x broadcast 66.100.28.133
inet 66.100.28.134 netmask 0x broadcast 66.100.28.134
inet 66.100.28.135 netmask 0x broadcast 66.100.28.135
inet 66.100.28.136 netmask 0x broadcast 66.100.28.136
inet 66.100.28.137 netmask 0x broadcast 66.100.28.137
inet 66.100.28.138 netmask 0x broadcast 66.100.28.138
inet 66.100.28.139 netmask 0x broadcast 66.100.28.139
inet 66.100.28.140 netmask 0x broadcast 66.100.28.140
inet 66.100.28.141 netmask 0x broadcast 66.100.28.141
inet 66.100.28.142 netmask 0x broadcast 66.100.28.142
Alas I realized that the outbound mail server couldn't participate in
such a scheme as it needed to present the same addresses to the world
so that its dns name matched the helo name.
So I tried this:
nat on $ext_if from $server_1 - $ext_ad
nat on $ext_if from sp_net - $ext_ad_sp
nat on $ext_if from kw_net_minus - ext_net_minus
where sp_net is the address block on em1 and kw_net_minus is the
address block on em0 minus ext_ad (66.100.28.130).
Same problem, although mail service was solid again (no bounces from
those MTA's doing reverse lookups).
After examining http://openbsd.org/faq/pf/pools.html, I thought it might
be a round-robin vs. source-hash issue and tried this:
nat on $ext_if from $server_1 - $ext_ad
nat on $ext_if from sp_net - $ext_ad_sp
nat on $ext_if from kw_net_minus - 66.100.28.136/29 source-hash
as it appears, from the doc above that a CIDR block must be used when
specifying source-hash.
But again some clients experience very poor to what seems like no
Internet access.
The minute I revert back to:
nat on $ext_if from !$ext_if - $ext_if:0
or
nat on $ext_if from { kw_net, sp_net } - ext_net
everone works but my translations are limited to just the one address.
Pointers toward resolution? Thanks.
Chris
Re: nat problems when using address pool
Chris Smith wrote:
OpenBSD 3.7
Some hosts will experience poor to seemingly no Internet access when
using NAT address pools - web sites time out, even pings to remote
addresses fail.
Using:
nat on $ext_if from !$ext_if - $ext_if:0
works fine.
Using:
nat on $ext_if from !$ext_if - $ext_if
or
nat on $ext_if from !$ext_if - ext_net
does not.
Configuration:
T1-(cisco)-eth0 ---fxp0-(openBSD)-em0
|
em1
fxp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
address: 00:07:e9:93:2b:50
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 66.100.28.130 netmask 0xfff0 broadcast 66.100.28.143
inet6 fe80::207:e9ff:fe93:2b50%fxp0 prefixlen 64 scopeid 0x3
inet 66.100.28.131 netmask 0x broadcast 66.100.28.131
inet 66.100.28.132 netmask 0x broadcast 66.100.28.132
inet 66.100.28.133 netmask 0x broadcast 66.100.28.133
inet 66.100.28.134 netmask 0x broadcast 66.100.28.134
inet 66.100.28.135 netmask 0x broadcast 66.100.28.135
inet 66.100.28.136 netmask 0x broadcast 66.100.28.136
inet 66.100.28.137 netmask 0x broadcast 66.100.28.137
inet 66.100.28.138 netmask 0x broadcast 66.100.28.138
inet 66.100.28.139 netmask 0x broadcast 66.100.28.139
inet 66.100.28.140 netmask 0x broadcast 66.100.28.140
inet 66.100.28.141 netmask 0x broadcast 66.100.28.141
inet 66.100.28.142 netmask 0x broadcast 66.100.28.142
Alas I realized that the outbound mail server couldn't participate in
such a scheme as it needed to present the same addresses to the world
so that its dns name matched the helo name.
So I tried this:
nat on $ext_if from $server_1 - $ext_ad
nat on $ext_if from sp_net - $ext_ad_sp
nat on $ext_if from kw_net_minus - ext_net_minus
where sp_net is the address block on em1 and kw_net_minus is the
address block on em0 minus ext_ad (66.100.28.130).
Same problem, although mail service was solid again (no bounces from
those MTA's doing reverse lookups).
After examining http://openbsd.org/faq/pf/pools.html, I thought it might
be a round-robin vs. source-hash issue and tried this:
nat on $ext_if from $server_1 - $ext_ad
nat on $ext_if from sp_net - $ext_ad_sp
nat on $ext_if from kw_net_minus - 66.100.28.136/29 source-hash
as it appears, from the doc above that a CIDR block must be used when
specifying source-hash.
But again some clients experience very poor to what seems like no
Internet access.
The minute I revert back to:
nat on $ext_if from !$ext_if - $ext_if:0
or
nat on $ext_if from { kw_net, sp_net } - ext_net
everone works but my translations are limited to just the one address.
Pointers toward resolution? Thanks.
Chris,
First off, it's a bad idea to broadcast your real IP numbers
in a public place.
Secondly, here's what works for me.
nat_pool = { 169.1.2.64/29 }
nat on $ext_if from 10.10.10.0/25 to any - $nat_pool source-hash
At this site, I originally omitted source-hash. Users of
secure web-sites like ADP (a payroll processing company) and
the IRS would get dumped out of secure sessions because the
client was changing IP numbers.
Best,
Ray
Re: strange download speed
Huzeyfe Onal wrote: i bought a 50Mbit/s metro ethernet internet connection and test it with two operating system. first windows XP SP2 with gigabit ethernet. I see 5MB/s download speed . second is an OpenBSD 3.7 with fxp0: Intel 82559 Pro/100 Ethernet and saw 2.2MB/s download speed. Do i need a kernel options to increase speed or anything?... ps: There is no firewall no other services on openbsd. it's pure openbsd , tested with wget and native ftp client. While this might not be related, to saturate my DSL pipe at home, 7Mb/s, I had to increase net.inet.tcp.recvspace and net.inet.tcp.sendspace.
Odd problems after recompiling from CVS
Hi, I've recompiled OpenBSD from todays CVS( amd64 ). I'm using pppoe( userland ) and everything was working fine, till the update. Now i can't even set my default gateway: $ ping 213.63.13.1 PING 213.63.13.1 (213.63.13.1): 56 data bytes 64 bytes from 213.63.13.1: icmp_seq=0 ttl=126 time=19.305 ms 64 bytes from 213.63.13.1: icmp_seq=1 ttl=126 time=18.073 ms --- 213.63.13.1 ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 18.073/18.689/19.305/0.616 ms $ sudo route add default 213.63.13.1 Password: route: writing to routing socket: Network is unreachable add net default: gateway 213.63.13.1: Network is unreachable Using an old router, i've setup a new gateway, in 192.168.1.100: $ sudo route add default 192.168.1.100 add net default: gateway 192.168.1.100 $ netstat -rn Routing tables Internet: DestinationGatewayFlags Refs UseMtu Interface default192.168.1.100 UGS 2 17 - re0 (...) I can ping all hosts: $ ping www.openbsd.org PING www.openbsd.org (129.128.5.191): 56 data bytes 64 bytes from 129.128.5.191: icmp_seq=0 ttl=237 time=177.337 ms 64 bytes from 129.128.5.191: icmp_seq=1 ttl=237 time=174.459 ms --- www.openbsd.org ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 174.459/175.898/177.337/1.439 ms But... $ traceroute 129.128.5.191 traceroute to 129.128.5.191 (129.128.5.191), 64 hops max, 40 byte packets sendto: No route to host 1 traceroute: wrote 129.128.5.191 40 chars, ret=-1 *sendto: No route to host traceroute: wrote 129.128.5.191 40 chars, ret=-1 This happens with every host. Thanks for the time. Best Regards, Pedro Marcolino
Re: strange download speed
ok, i set the value max(sysctl net.inet.tcp.sendspace=65535 )and got the speed back. Thanks... 2005/9/16, Melameth, Daniel D. [EMAIL PROTECTED]: Huzeyfe Onal wrote: i bought a 50Mbit/s metro ethernet internet connection and test it with two operating system. first windows XP SP2 with gigabit ethernet. I see 5MB/s download speed . second is an OpenBSD 3.7 with fxp0: Intel 82559 Pro/100 Ethernet and saw 2.2MB/s download speed. Do i need a kernel options to increase speed or anything?... ps: There is no firewall no other services on openbsd. it's pure openbsd , tested with wget and native ftp client. While this might not be related, to saturate my DSL pipe at home, 7Mb/s, I had to increase net.inet.tcp.recvspace and net.inet.tcp.sendspace. -- Huzeyfe VNAL --- First Turkish Qmail book is out! Go check it. Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti. http://www.acikakademi.com/catalog/qmail/
Re: wd0: soft error (corrected)
On 9/16/05, Christoph Fritz [EMAIL PROTECTED] wrote: Hi I have two harddisks: wd0 at pciide0 channel 0 drive 0: Maxtor 91360U4 wd0: 16-sector PIO, LBA, 12982MB, 26588016 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 wd1 at pciide0 channel 1 drive 0: IC35L080AVVA07-0 wd1: 16-sector PIO, LBA, 78533MB, 160836480 sectors wd1(pciide0:1:0): using PIO mode 4, DMA mode 2 and as I copied some large files from wd0 to wd1 I get the following errors. Do I need a new harddrive? wd0(pciide0:0:0): timeout (snip) Since the errors are only appearing on wd0 and not wd1, which are both attached to the same controller (as per your full dmesg), I would strongly suspect the hard disk is at fault, rather than the controller or pciide drivers. Back up important data immediately, then run the manufacturer's diagnostics (usually these run from a DOS boot floppy, although they may require a Windows box to create this floppy) and see if the diagnostic software finds any errors. Every time I have seen this or similar kernel error messages it has been the drive at fault.
Re: firewire tape drive
On 9/16/05, Bryan Irvine [EMAIL PROTECTED] wrote: Anyone have any good recommendations on firewire tape drives? For OpenBSD? From April: Does *OpenBSD* support any USB 2.0 and/or *Firewire* external enclosures? USB yes. *Firewire* not at this time. Have you stopped doing basic research before posting questions? Greg
Re: nat problems when using address pool
On Friday 16 September 2005 04:20 pm, Raymond Lillard wrote:
First off, it's a bad idea to broadcast your real IP numbers
in a public place.
I had always thought that but then I read this article:
http://homepages.tesco.net/~J.deBoynePollard/FGA/dont-obscure-your-dns-data.html
It seems to make sense. After all, they are public IP addresses, and by
trying to obscure them I might either create or hide a typo that would
prevent proper assistance.
Maybe Jonathan is wrong but the argument seems logical on the surface.
Secondly, here's what works for me.
nat_pool = { 169.1.2.64/29 }
nat on $ext_if from 10.10.10.0/25 to any - $nat_pool source-hash
Unfortunately I don't see where this is effectively different from:
nat on $ext_if from kw_net_minus - 66.100.28.136/29 source-hash
Except I'm using a table and the to any isn't specified, but it isn't
necessary when the form is:
nat on $ext_if from !$ext_if - $ext_if:0
But I do like using the macro for the nat pool.
But I'll certainly try to change things around, just in case.
Thanks.
Chris
Re: packages
On 9/16/05, Bryan Irvine [EMAIL PROTECTED] wrote: How do I isntall every package in a directory? I've built one server (ldap/postfix/etc... yadda yadda) and I now want to create 2 exact duplicate configurations with the existing packages (that were orginially compiled from ports). I copied all the pacakges over to the new systesm and tried varying forms of pkg_add *, pkg_add $(ls), blah blah blah and inevitably it will get to a package that depends on another package (which is in that directory as well) and the install will bomb. Is there an way to set install order? man pkg_add: see PKG_PATH
Re: packages
On Fri, Sep 16, 2005 at 03:03:35PM -0700, Bryan Irvine wrote: How do I isntall every package in a directory? I've built one server (ldap/postfix/etc... yadda yadda) and I now want to create 2 exact duplicate configurations with the existing packages (that were orginially compiled from ports). I copied all the pacakges over to the new systesm and tried varying forms of pkg_add *, pkg_add $(ls), blah blah blah and inevitably it will get to a package that depends on another package (which is in that directory as well) and the install will bomb. Are you sure that's the reason it bombs ? Usually you can't install every package in a directory because there are conflicts between packages that you can't install at the same time on the same machine. Inter-dependencies work just fine however... pkg_add correctly sorts packages so that you are describing does NOT happen. Look again.
Re: nat problems when using address pool
On Friday 16 September 2005 04:13 pm, Ryan Puckett wrote: In my experience, any protocols where the server will generate a separate connection back to the client (like ftp) will not work with NAT pools. Even passive ftp? nat on $ext_if inet from internal-subnets to any port $NATPoolPortsTCP - $natpool30 source-hash Hmm...you may have something there. I didn't have the inet keyword, which according to Jacek's book is required if the target address expands to more than one address family. As posted earlier: --- fxp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 address: 00:07:e9:93:2b:50 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 66.100.28.130 netmask 0xfff0 broadcast 66.100.28.143 inet6 fe80::207:e9ff:fe93:2b50%fxp0 prefixlen 64 scopeid 0x3 inet 66.100.28.131 netmask 0x broadcast 66.100.28.131 inet 66.100.28.132 netmask 0x broadcast 66.100.28.132 inet 66.100.28.132 netmask 0x broadcast 66.100.28.133 ... inet 66.100.28.132 netmask 0x broadcast 66.100.28.142 --- Does the inet6 component, seemingly only tied to the primary address, apply to the aliases (the upper half of the aliases form the pool) as well? Also what happens to the other component? IOW if the nat rule contains inet does ipv6 get dropped or just not natted? Or vice versa (if the nat rule contains inet6)? Thanks. Chris
PPP through console of Soekris 4801
I have a need to access a remote Soekris in two ways. First a console login for admin purposes and secondly for a DBA to use RDP to access SQLserver on a win 2k3 behind the firewall. On the face of it I could log in as Rod and have shell access, even reboot viewing. Good! Love that. Then DBA could log in as ppp with pppd (suitably configured) as his shell. The pppd man pages gives an example. My question is: Will this be a relaible set-up for both purposes? Usually we have the console port running 9600 no handshakes. I'll bet RDP looks very sad on that setting. The 4801 docs say that we should use a terminal set at 19200N81 with no flow control. I know we can change the speed - I always set it to 9600 just to match the OpenBSD default. What the docs don't say is whether handshaking works in initial console access or after boot or both. I can graft away and do lots of research (and may have to) but wise explorers seem to ask if anyone else has been along this ridge before, so I'm trying to be wise. I'd rather be told that I'm a twit who missed something in my googling/archive searching before, rather than after, doing a lot of grunt that leads nowhere. Thank you, Rod. In the beginning was The Word and The Word was Content-type: text/plain The Word of Rod. Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.
Re: packages
Actually I see the problem now, I had several conflicting packages, ie postfix, and postfix-ldap, openldap and openldap-sasl-bdb. Sorry. --Bryan On 9/16/05, Marc Espie [EMAIL PROTECTED] wrote: On Fri, Sep 16, 2005 at 03:03:35PM -0700, Bryan Irvine wrote: How do I isntall every package in a directory? I've built one server (ldap/postfix/etc... yadda yadda) and I now want to create 2 exact duplicate configurations with the existing packages (that were orginially compiled from ports). I copied all the pacakges over to the new systesm and tried varying forms of pkg_add *, pkg_add $(ls), blah blah blah and inevitably it will get to a package that depends on another package (which is in that directory as well) and the install will bomb. Are you sure that's the reason it bombs ? Usually you can't install every package in a directory because there are conflicts between packages that you can't install at the same time on the same machine. Inter-dependencies work just fine however... pkg_add correctly sorts packages so that you are describing does NOT happen. Look again.
Re: firewire tape drive
I *did* google but the only thing I found was from the archive in 2002, which ,of course, said the same thing. :-) I thought because it showed up in the dmesg that it might work now. --Bryan On 9/16/05, Greg Thomas [EMAIL PROTECTED] wrote: On 9/16/05, Bryan Irvine [EMAIL PROTECTED] wrote: Anyone have any good recommendations on firewire tape drives? For OpenBSD? From April: Does *OpenBSD* support any USB 2.0 and/or *Firewire* external enclosures? USB yes. *Firewire* not at this time. Have you stopped doing basic research before posting questions? Greg
Re: firewire tape drive
On Fri, 16 Sep 2005, Bryan Irvine wrote: I *did* google but the only thing I found was from the archive in 2002, which ,of course, said the same thing. :-) I thought because it showed up in the dmesg that it might work now. What exactly are you seeing that makes you think it works? It looks to me like it has been removed: http://marc.theaimsgroup.com/?l=openbsd-cvsm=111006724728554w=2 and http://www.openbsd.org/cgi-bin/cvsweb/src/sys/arch/i386/conf/GENERIC.diff?r1=1.403r2=1.404f=h I don't see firewire in at least i386/GENERIC http://www.openbsd.org/cgi-bin/cvsweb/src/sys/arch/i386/conf/GENERIC?rev=1.431 What do you see that says it is now enabled? -f http://www.blackant.net/
Re: BIOS/CMOS Plug and Play OS
My personal translation: setting PNP OS = yes allows your operating system to override interrupts (and other values) that the bios assigns to your hardware. Example: when you put a network card into your PC and reboot, the motherboard's bios might tell the new hardware to use IRQ 5. If, when your PC goes thru it's OS boot, the OS decides for whatever reason that IRQ 5 is not a good idea, it can do a software change on that value to something else. Personal experience (I'm not a guru, nor do I play one on TV). Flame retardant suit on. I remember when PNP was supposed to be the godsend to rescue us mortals from the horror of having to manually configure interrupts on a piece of hardware. It was probably one of the first user friendly ideas for computers; make them so that you didn't have to know anything technical, but just be able to buy some off the shelf hardware and shove it into a free ISA or PCI slot (my age is showing). IMHO, the idea sucked ass at the time, and continues to suck ass even now. I've always thought that setting PNP OS = yes in the bios is just an old leftover hack from ye bad olde days when when PC's were stuffed full of hardware that was either misconfigured with poorly written device drivers or conflicting IRQ's and buggy interrupt mappings that needed to be dynamically re-mapped by the OS just to get the damn computer to boot. I remember tons of people who went from perfectly stable Win3.x systems to a totally bug-ridden Win95 just due to the Oh my god, I need to go from Windows 3.11 to Windows 95...I need a printer that will 'plug and play' syndrome. My personal opinion? No, you don't need an OS-mapped plug 'n play system, you need to purchase hardware that is properly configured. Otherwise, (usually at the most inopportune time), it will eventually crash. I've set PNP OS = no on every PC machine I've touched in the last 5 or so years (every flavor of OS, to include Windows, Linux and *BSDs). I suspect most everyone else does too. Most hardware today does what it's supposed to (and if it doesn't, reconfiguring it is fairly simple), so the need to have your OS remap low-level functions in software during the boot of your OS is simply a kludge. If you remember the old days when the slogan Plug n' Pray was common, you probably know to what I'm referring. On 9/16/05, J.C. Roberts [EMAIL PROTECTED] wrote: Hi List, I realize the BIOS/CMOS setting Plug and Play OS on x86 has something to do with boot time configuration of hardware (usually resource allocation on PCI cards and such) but I'm really not certain how this setting interacts with OpenBSD? Could someone drop-kick me in the right direction for reading materials so I can figure out if/when it should be used with OpenBSD? Thanks, JCR
Re: BIOS/CMOS Plug and Play OS
On Fri, 16 Sep 2005 22:27:45 -0500, Paul Connally [EMAIL PROTECTED] wrote: I've set PNP OS = no on every PC machine I've touched in the last 5 or so years (every flavor of OS, to include Windows, Linux and *BSDs). I suspect most everyone else does too. Most hardware today does what it's supposed to (and if it doesn't, reconfiguring it is fairly simple), so the need to have your OS remap low-level functions in software during the boot of your OS is simply a kludge. If you remember the old days when the slogan Plug n' Pray was common, you probably know to what I'm referring. The main reason why I know nothing about the PNPOS bit is that I've never actually used it and never bothered to read up about it. I've always just written it off as a nightmare waiting to happen and configured things manually. I was setting up a new box tonight, got curious and started wondering if my uninformed/underinformed opinion was still valid? -Or more importantly if anything useful could actually be done with it? The only definitive docs I know of are from MS. http://download.microsoft.com/download/e/b/a/eba1050f-a31d-436b-9281-92cdfeae4b45/SBF21.doc http://download.microsoft.com/download/1/6/1/161ba512-40e2-4cc9-843a-923143f3456c/PNPBIOS.rtf But I somehow doubt MS is willing to tolerate debate on the usefulness of this stuff. ;-) JCR
Re: BIOS/CMOS Plug and Play OS
Read at least the mindshare books on ISA and PCI. Let me warn you that the mindshare books are very complementary and for one to be able to fully grasp their content you really should buy and read them all. This will set you back a few hundred $$$ but it is the de-facto standard on PC architecture. FWIW, PnP is dead and no longer relevant. It made sense in the old ISA + PCI days but now it really is redundant. If you read some books that I'll link you to and read the PnP spec you might actually get what its all about. Examples: http://www.amazon.com/exec/obidos/tg/detail/-/0201309742/qid=1126929191/sr=8-8/ref=sr_8_xs_ap_i1_xgl14/102-5807367-4514550?v=glances=booksn=507846 http://www.amazon.com/exec/obidos/tg/detail/-/0201409968/qid=1126929191/sr=8-14/ref=sr_8_xs_ap_i7_xgl14/102-5807367-4514550?v=glances=booksn=507846 Some other very valuable reading: http://www.amazon.com/exec/obidos/tg/detail/-/0201479508/qid=1126929494/sr=2-1/ref=pd_bbs_b_2_1/102-5807367-4514550?v=glances=books http://www.amazon.com/exec/obidos/tg/detail/-/0201398583/ref=pd_bxgy_img_2/102-5807367-4514550?v=glances=books http://www.amazon.com/exec/obidos/tg/detail/-/0201596164/qid=1126929659/sr=1-1/ref=sr_1_1/102-5807367-4514550?v=glances=books /marco On Fri, Sep 16, 2005 at 08:31:49PM -0700, J.C. Roberts wrote: On Fri, 16 Sep 2005 23:03:32 -0400 (EDT), Ted Unangst [EMAIL PROTECTED] wrote: On Fri, 16 Sep 2005, J.C. Roberts wrote: I realize the BIOS/CMOS setting Plug and Play OS on x86 has something to do with boot time configuration of hardware (usually resource allocation on PCI cards and such) but I'm really not certain how this setting interacts with OpenBSD? set it to no. Thanks Ted. That's what I've always done with OBSD but it seems I wasn't very clear; I'm mainly looking to learn about how the PnP BIOS setting works (i.e. just curious and wondering why it's only used by microsoft OS's). I've glanced through the Plug and Play BOIS Specification v1.0a and the Simple Boot Flag Specification v2.1 provided by Microsoft but I'm yet to figure out what exactly is gained by configuring devices with the OS versus configuring devices with the BIOS firmware? Any chance you could point me towards any half decent docs or debate? Thanks, JCR
Re: BIOS/CMOS Plug and Play OS
On Fri, 16 Sep 2005 23:02:23 -0500, Marco Peereboom [EMAIL PROTECTED] wrote: Read at least the mindshare books on ISA and PCI. Let me warn you that the mindshare books are very complementary and for one to be able to fully grasp their content you really should buy and read them all. This will set you back a few hundred $$$ but it is the de-facto standard on PC architecture. FWIW, PnP is dead and no longer relevant. It made sense in the old ISA + PCI days but now it really is redundant. If you read some books that I'll link you to and read the PnP spec you might actually get what its all about. Examples: http://www.amazon.com/exec/obidos/tg/detail/-/0201309742/qid=1126929191/sr=8-8/ref=sr_8_xs_ap_i1_xgl14/102-5807367-4514550?v=glances=booksn=507846 http://www.amazon.com/exec/obidos/tg/detail/-/0201409968/qid=1126929191/sr=8-14/ref=sr_8_xs_ap_i7_xgl14/102-5807367-4514550?v=glances=booksn=507846 Some other very valuable reading: http://www.amazon.com/exec/obidos/tg/detail/-/0201479508/qid=1126929494/sr=2-1/ref=pd_bbs_b_2_1/102-5807367-4514550?v=glances=books http://www.amazon.com/exec/obidos/tg/detail/-/0201398583/ref=pd_bxgy_img_2/102-5807367-4514550?v=glances=books http://www.amazon.com/exec/obidos/tg/detail/-/0201596164/qid=1126929659/sr=1-1/ref=sr_1_1/102-5807367-4514550?v=glances=books /marco Thanks Marco. The whole MindShare PC Architecture Series looks like a good read. They even have one on particularly on PnP: http://www.amazon.com/exec/obidos/tg/detail/-/0201410133/qid=1126933452/sr=1-14/ref=sr_1_14/102-8201060-2382550?v=glances=books JCR
unable to get into internal webserver from outside
Hello List,
I have been trying to connect an internal web server to the internet without
successs.
The firewall is an Alpha 3.8 recent snapshot and using the following pf.conf
from Openbsd.org
http://www.openbsd.org/faq/pf/example1.html
The Complete Ruleset
# macros
int_if = fxp0
ext_if = ep0
tcp_services = { 22, 113 }
icmp_types = echoreq
priv_nets = { 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }
comp3 = 192.168.0.3
# options
set block-policy return
set loginterface $ext_if
# scrub
scrub in all
# nat/rdr
nat on $ext_if from $int_if:network to any - ($ext_if)
rdr on $int_if proto tcp from any to any port 21 - 127.0.0.1 \
port 8021
rdr on $ext_if proto tcp from any to any port 80 - $comp3
# filter rules
block all
pass quick on lo0 all
block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets
pass in on $ext_if inet proto tcp from any to ($ext_if) \
port $tcp_services flags S/SA keep state
pass in on $ext_if proto tcp from any to $comp3 port 80 \
flags S/SA synproxy state
pass in on $ext_if inet proto tcp from port 20 to ($ext_if) \
user proxy flags S/SA keep state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in on $int_if from $int_if:network to any keep state
pass out on $int_if from any to $int_if:network keep state
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
The webserver is a Sun Spark64 3.8-beta
with rc.conf.local httpd_flags=
I am able to open the default It Works web page from http://192.168.1.5
internally, which is the web server inet address on hme0.
I have ipcheck running on DynDns to keep the host name with the dynamic ip
on tun0
When I try to connect to the DynDns hostname I get The connection was
refused when attempting to contact baypos.homeunix.com
When I do an xnmap on the host ip public address I get the following as the
only service.
Port state service
22/tcp open ssh
I don't know what else to check to get Port 80 open.
If someone assisting on this needs more info. e.g. apache error_log,
ppp.conf, httpd.conf etc. I will be happy to supply.
Thank you,
rogern
John 3:16
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
