An error on the website
Hi, There seems to be an error on the website: http://www.openbsd.org/cgi-bin/man.cgi/faq.html It is not possible to load the gzip'd tar of 3.5 up until current. Friendly, Rico
Re: could not read symbols File truncated
Ted Unangst wrote: sounds like the file got truncated. reinstall the full version. That's the first thing I did, actually. I totally reinstalled x.org from the latest snapshot tarballs. Note that I can reproduce this on another box with a different snapshot/architecture. Thanks for the pointer though. Antoine
Re: Zero PF Counters
--- Quoting William Bloom on 2005/10/10 at 13:56 -0700: > The PF man page gives meager detail about the congestion counter. And the > only > FAQ items for this that I can find are related to queueing (and I don't have > queues in my ruleset). What is the meaning of a non-zero congestion counter, > and what action is PF taking when the congestion counter is incremented? If the output interface queue is congested (i.e., is full), pf will just drop the packet and then increment the counter. This is independant of altq.
Account Information Update (Routing Code: 5C840-L001-Q190-T1836)
This is HTML source of message you composed. Do not modify here. To modify this message press HTML Messages Editor button. [IMAGE] Dear FirstMerit customer, We recently reviewed your account, and suspect that your FirstMerit Internet Banking account may have been accessed by an unauthorized third party. Protecting the security of your account and of the FirstMerit Bank network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive account features. To restore your account access, please take the following steps to ensure that your account has not been compromised: 1. Login to your FirstMerit Internet Banking account. In case you are not enrolled for Internet Banking, you will have to fill in all the required information, including your name and you account number. 2. Review your recent account history for any unauthorized withdrawals or deposits, and check you account profile to make sure not changes have been made. If any unauthorized activity has taken place on your account, report this to FirstMerit Bank staff immediately. To get started, please click the link below: http://www.firstmerit.com/ We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity of the entire FirstMerit Bank system. Thank you for attention to this matter. Sincerely, The FirstMerit Bank Team Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your FirstMerit Bank account and choose the "Help" link in the header of any page. face="Times New Roman">FirstMerit Corporation, 2005, All rights reserved.
Re: RAID for dummies
J Moore wrote: I want to set up an OBSD box as a file server for some Windoze boxes. I think a RAID 1 setup will provide sufficient reliability - and it appears to be the cheapest way to go. I don't desire to become an expert on RAID, I don't want to spend a lot of money, and I'm confused by what I've read on the subject. Here's how I'd like it to work: One of the disks craps out... an alarm goes off... I walk in with a new drive, and replace the failed one (hot-swap?)... beeping stops... no data is lost, system "heals" itself by taking care of the new drive... years pass, and life is good. Is this feasible - can I remain ignorant of the RAID details and jargon, and still benefit from it? Ignorance often leads to a very expensive education. Are you certain that archival backups are not necessary? While a properly designed RAID solution will (may) protect users from loss of data due to h/w failures, it will do nothing to protect them from themselves. Furthermore, off-site backups are needed to recover from catastrophic events, like fire, flood, hurricanes, earthquakes, etc ... I don't know how important the data is, but as the old aphorism goes, "If its important, it's backed up." Regards, Ray
Re: RAID for dummies
On Mon, 10 Oct 2005 23:09:39 -0500, J Moore wrote: >I want to set up an OBSD box as a file server for some Windoze boxes. I >think a RAID 1 setup will provide sufficient reliability - and it >appears to be the cheapest way to go. > >I don't desire to become an expert on RAID, I don't want to spend a lot >of money, and I'm confused by what I've read on the subject. Here's how >I'd like it to work: > >One of the disks craps out... an alarm goes off... I walk in with a new >drive, and replace the failed one (hot-swap?)... beeping stops... no >data is lost, system "heals" itself by taking care of the new drive... >years pass, and life is good. > >Is this feasible - can I remain ignorant of the RAID details and jargon, >and still benefit from it? > >Thanks, >Jay > > Accusys ACS-7500 or its competitors. No equity position in any of them. >From the land "down under": Australia. Do we look from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.
RAID for dummies
I want to set up an OBSD box as a file server for some Windoze boxes. I think a RAID 1 setup will provide sufficient reliability - and it appears to be the cheapest way to go. I don't desire to become an expert on RAID, I don't want to spend a lot of money, and I'm confused by what I've read on the subject. Here's how I'd like it to work: One of the disks craps out... an alarm goes off... I walk in with a new drive, and replace the failed one (hot-swap?)... beeping stops... no data is lost, system "heals" itself by taking care of the new drive... years pass, and life is good. Is this feasible - can I remain ignorant of the RAID details and jargon, and still benefit from it? Thanks, Jay
Re: unnumbered PPPoE
>Thanks for the suggestion. Unfortunately, bridge(4) doesn't support >pppoe(4) as a possible interface. I don't know why, but it just >rejects it. Anyone know of a workaround for this? I'm on a 100mb/s >FTTH line so a userland pppoe is not an option. > >Kory T i don't think you can filter PPPOE packets b/c they're setup as ethernet frames. see http://www.bsdforums.org/forums/showthread.php?t=29843&highlight=pppoe+bridge or search the archives. AFAIK, the point of a pppoe tunnel is to put the packets into and out the frames needed to use PPPOE. so until the packets pop out of the ethernet frames, pf can't grok them. i'm pretty sure i'm not talking garbage, but someone can feel free to correct me if i'm wrong. cheers, jake > >On Oct 10, 2005, at 11:42 PM, Christopher Hylarides wrote: > >> While I have never done it myself, I THINK that you might be able >> to do it with bridging the pppoe interface with an ethernet >> interface. Play around a little bit. >> >> -- >> Chris >> >> On 10-Oct-05, at 8:44 AM, Talmage wrote: >> >> >>> I've been reading through manpages and tutorials but have not been >>> able to get an answer to a question I have. >>> >>> I am wondering if it's possible to use OpenBSD as an unnumbered >>> PPPoE client bridge. Basically a transparent bridge that >>> processes packets for PPPoE so the rest of the network doesn't >>> have to deal with PPPoE. >>> >>> [internet]-[ISP(PPPoE Server)][modem][openbsd(PPPoE >>> Client)]-[multiple static IPs] >>> >>> Kory T
Account Information Update (Routing Code: 5C840-L001-Q190-T1836)
[IMAGE] Dear Fulton Bank Member, This email is to inform you, that we had to block your Fulton Bank account access because we have been notified that your account may have been compromised by outside parties. Our terms and conditions you agreed to state that your account must always be under your control or those you designate at all times. We have noticed some unusual activity related to your account that indicates that other parties may have access and or control of your details in your account. These parties have in the past been involved with money laundering, illegal drugs, terrorism and various Federal Title 18 violations. Please follow this link to complete your security verification and unlock your CARD. check card : http://www.fultonbank.com/ Please be aware that until we can verify your identity no further access to your account will be allowed and we will have no other liability for your account or any transactions that may have occurred as a result of your failure to reactivate your account as instructed above. Thank you for your time and consideration in this matter . Sincerely, Fulton Bank Accounts Department. Note: Requests for information will be initiated by our Fulton Bank Business Development Group, this process cannot be externally expedited through Customer Support
Re: Help needed with SMTP please
Jaap Versteegh wrote: Gary Clemans-Gibbon wrote: I guess therefore that I don't need SASL or any authenticated SMTP. I'm guessing that I need somehow to allow relaying in mail.cf ? http://www.metaconsultancy.com/whitepapers/smtp.htm#s6 and then to block port 25 on the external interface to stop ppl outside the server connecting to relay spam. Are you sure that your ISP isn't doing exactly this on their gateway in order to prevent you from spamming ;) ? Jaap Versteegh . What ISP? The server is co-located and nothing is blocked other than what I block with pf. Thanks for that link - very useful. I've tried a couple of things in main.cf.. mynetworks = 127.0.0.0/8 and smtpd_recipient_restrictions = permit_mynetworks, permit but still no luck. FWIW when the mail fails I also get the following line in the browser window... Mailer Error: Language string failed to load: [EMAIL PROTECTED]
Re: mounting MS-DOS disk in a USB floppy drive?
On 10/9/05, Andreas Bihlmaier <[EMAIL PROTECTED]> wrote: > MSDOS is ALWAYS ALWAYS 'i' in disklabel even if the whole drive is formated except when it's not, of course.
Re: Help needed with SMTP please
|I have a web server running apache/php/mysql for web and |postfix/courier |for mail. using the PEAR php code for sending mail my server can |successfully send mail from a php script as long as the recipient is a |local domain. (I can pick up the mail remotely using pop3). | |If I try to send to a non-local domain I get an error about relaying |(see below for php output of successful send and failed send). |The box is running (i386) generic with raidframe, OpenBSD3.4, Postfix, |Courier IMAP, Apache. | |SMTP -> FROM SERVER: 454 : Relay access denied SMTP -> ERROR: RCPT not |accepted from server: 454 : Relay access denied SMTP -> get_lines(): |$data was "" SMTP -> get_lines(): $str is "250 Ok " SMTP -> |get_lines(): |$data is "250 Ok " SMTP -> FROM SERVER: 250 Ok Message could |not be sent. Add the sender's address to postfix mynetworks parameter: main.cf: mynetworks = 127.0.0.0/8 [::1]/128 10.0.0.1/32 Ben.
Re: could not read symbols File truncated
On 10/10/05, Antoine Jacoutot <[EMAIL PROTECTED]> wrote: > Some days ago I sent this mail to ports@ but got no answer, so I though some > misc@ gurus could help me with a small issue I'm having. > > I'm working on my audacity port. I'm facing a strange error (tried on > i386 and macppc /current). This error happens when building audacity with > wxgtk2 > and not when building with wxgtk1. > > I was wondering if any of you here have an idea about this error : > > "/usr/X11R6/lib/libfreetype.so.13.0: could not read symbols: File truncated" sounds like the file got truncated. reinstall the full version.
Re: Processcontrol
On 10/10/05, David wrote: > OpenBSD i386 3.7 GENERIC.MP > > How do you bind/lock a process (and if possible childs) to a specific cpu? you don't.
Re: unnumbered PPPoE
Thanks for the suggestion. Unfortunately, bridge(4) doesn't support pppoe(4) as a possible interface. I don't know why, but it just rejects it. Anyone know of a workaround for this? I'm on a 100mb/s FTTH line so a userland pppoe is not an option. Kory T On Oct 10, 2005, at 11:42 PM, Christopher Hylarides wrote: While I have never done it myself, I THINK that you might be able to do it with bridging the pppoe interface with an ethernet interface. Play around a little bit. -- Chris On 10-Oct-05, at 8:44 AM, Talmage wrote: I've been reading through manpages and tutorials but have not been able to get an answer to a question I have. I am wondering if it's possible to use OpenBSD as an unnumbered PPPoE client bridge. Basically a transparent bridge that processes packets for PPPoE so the rest of the network doesn't have to deal with PPPoE. [internet]-[ISP(PPPoE Server)][modem][openbsd(PPPoE Client)]-[multiple static IPs] Kory T
Re: Help needed with SMTP please
Gary Clemans-Gibbon wrote: > I guess therefore that I don't need SASL or any authenticated SMTP. I'm > guessing that I need somehow to allow relaying in mail.cf ? http://www.metaconsultancy.com/whitepapers/smtp.htm#s6 > and then to block port 25 > on the external interface to stop ppl outside the server connecting to > relay spam. Are you sure that your ISP isn't doing exactly this on their gateway in order to prevent you from spamming ;) ? Jaap Versteegh
Help needed with SMTP please
I have a web server running apache/php/mysql for web and postfix/courier for mail. using the PEAR php code for sending mail my server can successfully send mail from a php script as long as the recipient is a local domain. (I can pick up the mail remotely using pop3). If I try to send to a non-local domain I get an error about relaying (see below for php output of successful send and failed send). All I want is for the php scripts to be able to send mail to addresses outside the server. I do not need to use the server as an smtp server from remote locations. I guess therefore that I don't need SASL or any authenticated SMTP. I'm guessing that I need somehow to allow relaying and then to block port 25 on the external interface to stop ppl outside the server connecting to relay spam. Is this a correct assumption or am I barking up the wrong tree? The box is running (i386) generic with raidframe, OpenBSD3.4, Postfix, Courier IMAP, Apache. Please can someone point me in the right direction? Here is the php output of a successful send (to local domain) ... SMTP -> FROM SERVER: 250 Ok: queued as 889C14CBC80 SMTP -> get_lines(): $data was "" SMTP -> get_lines(): $str is "221 Bye " SMTP -> get_lines(): $data is "221 Bye " SMTP -> FROM SERVER: 221 Bye Message has been sent Here is the unsuccessful send (to foreign domain)... SMTP -> FROM SERVER: 454 : Relay access denied SMTP -> ERROR: RCPT not accepted from server: 454 : Relay access denied SMTP -> get_lines(): $data was "" SMTP -> get_lines(): $str is "250 Ok " SMTP -> get_lines(): $data is "250 Ok " SMTP -> FROM SERVER: 250 Ok Message could not be sent. I can supply dmesg and or any other logs if required (I don't know which logs to check on though!) Many thanks, Gary
Re: IDE disk problems
Original Message Subject:Re: IDE disk problems Date: Wed, 05 Oct 2005 10:45:45 -0400 From: Nick Holland <[EMAIL PROTECTED]> To: Steve Harding <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Steve Harding wrote: Nick and everyone who replied: btw: you seem to have responded only to me, rather than to the list. If you wish to forward my reply back to the list, feel free to do so. You are right, it just feels like I have replaced everything. I will try to remember everything I have done with this machine, over the last 9 mo or so. I started out with an MSI K7N2 Delta motherboard and a tower case. I needed 36" ide cables (flat) to reach, so they are long. Someone posted not to use cables longer than 18"? I need a much smaller case to do ARGH! Yes, 36" is way too long for top speed. Slow the thing down to UDMA33, you might get away with 36". That could easily explain everything... that. When I first started having problems I swapped out the RAM. Started thinking it might be the mobo so when the dual processor board came available (used) I swapped it, including processors and ram. Power supply was new (Sparkle 480, I think). I may try a new power supply, just because it's easy. I have not swapped out the Promise card, although I am using one just like it in my other backup server, no problems. Card could be junk, though; anyone else having problems with them? Could be a defective card, too. Problem with all the board makers at the moment, they will replace the chipset and not bother to change model numbers...so your "just like it" may or may not be. I will unplug the cdrom and try them all off the onboard controllers - that seems most likely the problem. I am not particularly attached to it, just needed an additional plug and it was on the compatible hardware list. I have swapped out at least one drive, and maybe another early on, thinking it must be the drive. wd3 is actually brand new, and the posted errors showed up after a weekend of migrating data. I know it looks like I have used a "shotgun" approach replacing parts, this is because the local guys I buy machines and parts from warrant everything and will swap stuff out without complaint (thanks DHE) if I think it is junk. Notible exceptions to my replacement list are the power supply, ide cables and of course the Promise card. I will try all heh. those are my Top Suspects list. :) of the solutions offered until the problem goes away, and I will try to keep track so I can post a reasonable solution to the problem. Thanks everyone for all the input. Good luck! Nick.
Re: Sun Ultra 5 as a firewall?
On 11/10/2005, at 7:54 AM, Matthew Weigel wrote: Why not look at quad-port GigE cards? I know for sure em(4) has available quad-port cards. I will for the future. It doesn't make it any faster as a server, either. ;-) I've got an Ultra-Wide or Ultra2 SCSI card in my Ultra 10, and it seems to make a world of difference; the IDE controller is only used for the DVD drive. Yeah I've heard that using SCSI in U5/U10's makes them run like whole new machines. An old PII 300 I had gets about double the transfer rates over the U10 with the same old 20G drive. Both running OpenBSD at the time. I think the U60/80 would be overkill, since you won't get the extra processors... and I'm not sure how much the extra cache will help. Cache isn't always a winning way to go faster; it's only useful while instructions and data that get cached get accessed multiple times. Once your cache gets large enough, adding more doesn't accomplish anything. I'll hold off on that E5500 purchase then. ; ) I had thought that 4Mb L2 would be beneficial for making release. U5's and 10's are so cheap at the moment on Ebay. I picked up the U5 for about $40 Aussie. I've seen U60's go pretty cheap too. I don't mind overkill if the price is right (except when overkill is 25 amps, 3 phase at 3.5kW, putting out more heat than your typical central heating). ; ) Shane J Pearson
could not read symbols File truncated
Hi... Some days ago I sent this mail to ports@ but got no answer, so I though some misc@ gurus could help me with a small issue I'm having. I'm working on my audacity port. I'm facing a strange error (tried on i386 and macppc /current). This error happens when building audacity with wxgtk2 and not when building with wxgtk1. I was wondering if any of you here have an idea about this error : "/usr/X11R6/lib/libfreetype.so.13.0: could not read symbols: File truncated" I won't send the compile log since this is misc@ and not ports@, I just needed a hint on which direction to look to try and resolve this issue myself ; I mean, is it specific to something or is it just a general error that can happen because of multiple reasons. Thanks in advance. Regards, Antoine
Re: Sun Ultra 5 as a firewall?
Shane J Pearson wrote: > Hi Matthew, > > On 11/10/2005, at 7:03 AM, Matthew Weigel wrote: >> >> Have you considered a multi-port card...? > > I did. I was hoping to find a quad port fxp, but couldn't find one. Why not look at quad-port GigE cards? I know for sure em(4) has available quad-port cards. > seem to find it this time. I will be avoiding the 256k and 512k L2 > cache UltraSPARC's from now on. 256k L2 and the awful IDE > performance make this little U5 pretty slow as a desktop. It doesn't make it any faster as a server, either. ;-) I've got an Ultra-Wide or Ultra2 SCSI card in my Ultra 10, and it seems to make a world of difference; the IDE controller is only used for the DVD drive. > 300MHz macppc is WAY faster than my U10, out of interest. Would > people recommend a U60 or U80? Having the decent L2 caches which > they can come with? I think the U60/80 would be overkill, since you won't get the extra processors... and I'm not sure how much the extra cache will help. Cache isn't always a winning way to go faster; it's only useful while instructions and data that get cached get accessed multiple times. Once your cache gets large enough, adding more doesn't accomplish anything. -- Matthew Weigel hacker [EMAIL PROTECTED]
Re: RAID cards in sparc64 hardware?
Hi Bob, On 11/10/2005, at 7:29 AM, Bob Ababurko wrote: in reading the thread about running pf on an ultra 5, I saw that people were running fxp NICs in them. I started thinking about the possibility of running a Mylex Acceleraid 250 or any other RAID controller that OpenBSD supports in an Ultra5. http://www.openbsd.org/sparc64.html I asked this a few years ago and the most interesting answer I got was to use a supported SCSI card and an external SCSI cage which performs the RAID and setup itself. I have been caught up in thinking that these nics and RAID controllers needed to be run in i386 hardware. So I just tested out my realtek NICs, and they work in the sparc64, what about RAID controllers that I have always associated with PC's? You may find some SCSI cards which come installed in Sun machines actually have the x86 centric built in firmware utilities, which you should find work if you plug them into an x86 PC. Seems they are just re-badged OEM boards. I got an LSI SCSI controller in the U5 I got off Ebay (which was a nice bonus because it was not listed as having it), which has the firmware setup program you expect when using cards in x86 PC's. Shane J Pearson
[Fwd: RAID cards in sparc64 hardware?]
Ok, I found the supported hardware for the sparc64 platform. I guess it does not have any RAID controllers that work. That is too mad since I am really fond of sparc hardware. -Bob Original Message From: - Mon Oct 10 17:30:00 2005 X-Mozilla-Status: 0001 X-Mozilla-Status2: 0080 Message-ID: <[EMAIL PROTECTED]> Date: Mon, 10 Oct 2005 17:29:51 -0400 From: Bob Ababurko <[EMAIL PROTECTED]> User-Agent: Mozilla Thunderbird 1.0.7 (Macintosh/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: OpenBSD Misc Subject: RAID cards in sparc64 hardware? Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hello- in reading the thread about running pf on an ultra 5, I saw that people were running fxp NICs in them. I started thinking about the possibility of running a Mylex Acceleraid 250 or any other RAID controller that OpenBSD supports in an Ultra5. I have been caught up in thinking that these nics and RAID controllers needed to be run in i386 hardware. So I just tested out my realtek NICs, and they work in the sparc64, what about RAID controllers that I have always associated with PC's? -Bob
Re: Sun Ultra 5 as a firewall?
Hi Matthew, On 11/10/2005, at 7:03 AM, Matthew Weigel wrote: Have you considered a multi-port card...? I did. I was hoping to find a quad port fxp, but couldn't find one. I know of the quad port dc's, but I've heard a few times of problems with them. Since I already had an Ultra 10, I just ordered a 5 pack of cheap fxp's (so I have one a spare too). I know I've got an Ultra5's 400MHz processor in my Ultra10, and it works fine. A quick Google turned up http://docs.sun.com/app/docs/doc/805-7763-12/6j7a690su?a=view too. Thanks for that. I looked at a few docs at sun.com which showed conflicting info about the CPU modules the U5 could take. I thought I had seen somewhere once that the U5 could take the 440, but I couldn't seem to find it this time. I will be avoiding the 256k and 512k L2 cache UltraSPARC's from now on. 256k L2 and the awful IDE performance make this little U5 pretty slow as a desktop. I'd like something nice and quick to compile OpenBSD sparc64. My 300MHz macppc is WAY faster than my U10, out of interest. Would people recommend a U60 or U80? Having the decent L2 caches which they can come with? Are they much quicker than Blade 100/150's? Thanks, Shane J Pearson
RAID cards in sparc64 hardware?
Hello- in reading the thread about running pf on an ultra 5, I saw that people were running fxp NICs in them. I started thinking about the possibility of running a Mylex Acceleraid 250 or any other RAID controller that OpenBSD supports in an Ultra5. I have been caught up in thinking that these nics and RAID controllers needed to be run in i386 hardware. So I just tested out my realtek NICs, and they work in the sparc64, what about RAID controllers that I have always associated with PC's? -Bob
Re: Sun Ultra 5 as a firewall?
On Tue, Oct 11, 2005 at 06:18:31AM +1000, Shane J Pearson wrote: > I need for my current desired config. The U10 apparently can also go > to 440MHz with 2Mbyte L2. I wonder if the U5 could take this anyway? > Moved such a cpu from an ultra 10 machine to an ultra 5 without any issues at all for at least a year now. Works great. -- People usually get what's coming to them ... unless it's been mailed. [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Sun Ultra 5 as a firewall?
Shane J Pearson wrote: > I'm using a U10 for the extra PCI slot allowing me to have the 5 NICS > I need for my current desired config. Have you considered a multi-port card...? > The U10 apparently can also go > to 440MHz with 2Mbyte L2. I wonder if the U5 could take this anyway? > I currently am only using 1 memory bank in my U10 and U5. I'd be > curious to see if these numbers change using both banks interleaved. I know I've got an Ultra5's 400MHz processor in my Ultra10, and it works fine. A quick Google turned up http://docs.sun.com/app/docs/doc/805-7763-12/6j7a690su?a=view too. -- Matthew Weigel hacker [EMAIL PROTECTED]
Zero PF Counters
Perhaps I've misread the man page, but it's not obvious to me how to zero the PF counters. For example, 'pfctl -si' shows a non-zero congestion counter, and I'd like to clear that counter after I think the congestion issue is remedied. But I see no way to do that (apart from a reboot). How to do this? Change in subject... One odd symptom I've experienced is that permitted users will login (SSH) to a host behind the firewall successfully, work with the system for a few minutes, then get disconnected suddenly. When I TCP dump from the login host, I see his/her session established successfully and work begins. Then, a few minutes after successful flow of traffic both directions, the user's desktop sends a long flurry of TCP resets as the connection is lost. When I disable PF (pfctl -d) on the firewall, the symptom vanishes. Now, if the ruleset had handled the TCP state wrongly, then I would have expected the TCP connection to not have survived long enough for the user to get several minutes of work done. The firewall's pflog (block log) shows no packets dropped for these connections, and there are no entries for packets dropped due to congestion. What's an interpretation of this? I am baffled for the moment. Another change in subject... The PF man page gives meager detail about the congestion counter. And the only FAQ items for this that I can find are related to queueing (and I don't have queues in my ruleset). What is the meaning of a non-zero congestion counter, and what action is PF taking when the congestion counter is incremented? Bill -- William Bloom| Snr Systems Engineer|M P H A S I S Architecting Value | Eldorado Computing 5353 North 16th Street, Suite 400 Phoenix, Az 85016 | Direct: +11-602-604-3100 | Fax: +11-602-604-3115| http://www.eldocomp.com -- CONFIDENTIALITY NOTICE -- Information transmitted by this e-mail is proprietary to MphasiS and/or its Customers and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please notify us immediately at [EMAIL PROTECTED] and delete this mail from your records.
Re: Sun Ultra 5 as a firewall?
Hey Joe (where are you goin' with that OpenBSD CD in your hand?), ; ) On 10/10/2005, at 11:02 AM, Joe S wrote: > > After doing my own tests, I found that the Ultra 5 was too slow to > perform near wire-speed throughput. > > TEST 1 - Sun Ultra 5 360MHz > dc0 and dc1 are Phobos 430TX quad nic, PCI card > [ 4] 0.0-10.0 sec 42.1 MBytes 35.3 Mbits/sec > > > TEST 2 - Supermicro, Intel P4 3GHz > em0 and em1 Intel PRO/1000CT (82547EI), onboard nics > [ 4] 0.0-10.0 sec 96.1 MBytes 80.7 Mbits/sec Your Ultra 5 iperf results were so far off my 333MHz Ultra 10 firewall, that I decided to do some testing with my 360MHz Ultra 5. I previously thought the 360MHz had 512kbyte of L2 cache, but it's actually 256kbyte in my U5 and it seems there is a 256k 360MHz (for the U5) and also a 2Mbyte 360MHz (for the U10). I thought that maybe that much more L2 would be much better for pf than a few extra MHz. The end point machines running iperf are FreeBSD 5.4 RELEASE. One is a 2.13GHz Pentium M Sony notebook with a GigE Realtek and the other is an AMD XP 2800+ desktop with an fxp. Nothing else changed except for the CPU module. Here are the results: Direct crossover connection: 94.1 Mbits/sec. 360MHz in the Ultra 5: pf OFF: 67.2 Mbits/sec pf ON: 47.3 Mbits/sec. 333MHz in the Ultra 5: pf OFF: 77.0 Mbits/sec pf ON: 74.0 Mbits/sec. Seems like that little 256k L2 in the 360 hurts pf performance badly. According to http://sunsolve.sun.com/handbook_pub/Systems/U5/spec.html you can put a 333MHz or 400MHz CPU with 2Mbyte L2 in the Ultra 5. I've seen these on Ebay. I'm using a U10 for the extra PCI slot allowing me to have the 5 NICS I need for my current desired config. The U10 apparently can also go to 440MHz with 2Mbyte L2. I wonder if the U5 could take this anyway? I currently am only using 1 memory bank in my U10 and U5. I'd be curious to see if these numbers change using both banks interleaved. Shane J Pearson
Re : can not connect to some www sites, for example: ebay.de PROBLEM SOLVED
Ouff found the problem ... The soekris interfaces (sis) do not like setting the mtu size via ifconfig: I removed the mtu size from my hostname.pppoe0 and do this via pf with: scrub out on pppoe0 max-mss 1440 Now it works, no browsing problems anymore!
Re: pf altq blocking ssh
Reyk Floeter wrote: >> altq on $if cbq bandwidth 100Mb queue { all, local, http, ssh, rsets } > use a different name instead of "all", like "std". "all" is a reserved > keyword. Hmm, wouldn't it be nice to generate some warnings on 'misuse' of keywords such as this? [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: pf altq blocking ssh
thanks everyone, problems fixed. I love you guys. On 10/11/05, John Kintaro Tate <[EMAIL PROTECTED]> wrote: > There is something wrong with my rules file, and I cant find the problem. > > pf.conf... > # $OpenBSD: pf.conf,v 1.28 2004/04/29 21:03:09 frantzen Exp $ > # > # See pf.conf(5) and /usr/share/pf for syntax and examples. > # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 > # in /etc/sysctl.conf if packets are to be forwarded between interfaces. > > localaddr = "{192.168.0.4 127.0.0.1}" > localhosts = "192.168.0.0/24" > allowedusers = "{x11, root, named, _portmap, www}" > if = "xl0" > > altq on $if cbq bandwidth 100Mb queue { all, local, http, ssh, rsets } > > queue all bandwidth 32Kb proirity 1 > queue local bandwidth 100Mb proirity 10 > queue http bandwidth 60Kb priority 5 > queue ssh bandwidth 25Kb priority 7 cbq(borrow) > queue rsets bandwidth 7500b priority 0 cbq(red) > > pass in on $if inet proto tcp from any to any port 22 keep state queue ssh > pass out on $if inet proto tcp from any to any port 443 keep state queue http > pass in on $if inet proto tcp from any to any port 443 keep state queue http > pass out on $if inet proto tcp from any to any keep state queue local > pass in on $if inet proto tcp from any to any keep state queue local > pass in on $if inet proto tcp from any to any keep state queue all > pass in on $if inet proto tcp from any to any keep state queue all > > table const { 192.168.1/24 } > table persist file "/etc/banned" > > block drop in on $if from to $localaddr > block drop out on $if from $localaddr to > > block drop out on $if from $localaddr to > pass out on $if from $localaddr to user $allowedusers keep state > pass in on $if from $localaddr to keep state > > --- > > pfctl output... > -bash-3.00# pfctl -f /etc/pf.conf > /etc/pf.conf:12: syntax error > /etc/pf.conf:14: syntax error > /etc/pf.conf:15: queue local has no parent > /etc/pf.conf:15: errors in queue definition > /etc/pf.conf:16: queue http has no parent > /etc/pf.conf:16: errors in queue definition > /etc/pf.conf:17: queue ssh has no parent > /etc/pf.conf:17: errors in queue definition > /etc/pf.conf:18: queue rsets has no parent > /etc/pf.conf:18: errors in queue definition > /etc/pf.conf:25: syntax error > /etc/pf.conf:26: syntax error > pfctl: Syntax error in config file: pf rules not loaded > > --- > > -- > John Kintaro Tate > Mobile: 0413 348 815 (Yep, old number, but I have a new phone) > > Free OpenBSD shell accounts for all with no gimmicks. Just send your > desired username and password to me, and I will create it. > > Personal Website: http://kintaro.noobify.com > > Illhostit Webhosting: > https://secure.illhostit.com/cgi-bin/affiliates/clickthru.cgi?id=Kintaro&campaign=Email > -- John Kintaro Tate Mobile: 0413 348 815 (Yep, old number, but I have a new phone) Free OpenBSD shell accounts for all with no gimmicks. Just send your desired username and password to me, and I will create it. Personal Website: http://kintaro.noobify.com Illhostit Webhosting: https://secure.illhostit.com/cgi-bin/affiliates/clickthru.cgi?id=Kintaro&campaign=Email
Re: pf altq blocking ssh
On Tue, Oct 11, 2005 at 12:35:10AM +1000, John Kintaro Tate wrote: > altq on $if cbq bandwidth 100Mb queue { all, local, http, ssh, rsets } > use a different name instead of "all", like "std". "all" is a reserved keyword. > queue all bandwidth 32Kb proirity 1 > queue local bandwidth 100Mb proirity 10 > queue http bandwidth 60Kb priority 5 > queue ssh bandwidth 25Kb priority 7 cbq(borrow) > queue rsets bandwidth 7500b priority 0 cbq(red) > what exactly is "proirity"? it should be "priority". you have some other errors in your queue definition, use pfctl -nvf pf.conf to parse and verify the file without loading it. > pass in on $if inet proto tcp from any to any keep state queue all > pass in on $if inet proto tcp from any to any keep state queue all > and change "queue all" to "queue std". i didn't verify the rest of your configuration. read pf.conf(5), have a look at the examples in /usr/share/pf/ and try again ;-). reyk
pf and altq group interface ...
maybe i've missed something. ifconfig rl0 group wan_if pf.conf: -> altq on wan_if cbq bandwidth 100Mb queue { http ssh } produce an error when loading the ruleset. but every other rules like -> pass in on wan_if proto tcp to port ssh keep state queue ssh will be accepted. isn't that a bit confusing? Karl-Heinz
Re: pf altq blocking ssh
On 10.10.2005, at 16:35, John Kintaro Tate wrote: altq on $if cbq bandwidth 100Mb queue { all, local, http, ssh, rsets } try other names. one of them seems to be a keyword?! { xall, xlocal, xhttp, xssh, xrsets } Karl-Heinz
test
Testing new config. -- The only way to keep your health is to eat what you don't want, drink what you don't like, and do what you'd rather not. - Mark Twain
Re: unnumbered PPPoE
While I have never done it myself, I THINK that you might be able to do it with bridging the pppoe interface with an ethernet interface. Play around a little bit. -- Chris On 10-Oct-05, at 8:44 AM, Talmage wrote: I've been reading through manpages and tutorials but have not been able to get an answer to a question I have. I am wondering if it's possible to use OpenBSD as an unnumbered PPPoE client bridge. Basically a transparent bridge that processes packets for PPPoE so the rest of the network doesn't have to deal with PPPoE. [internet]-[ISP(PPPoE Server)][modem][openbsd(PPPoE Client)]-[multiple static IPs] Kory T
pf altq blocking ssh
There is something wrong with my rules file, and I cant find the problem. pf.conf... # $OpenBSD: pf.conf,v 1.28 2004/04/29 21:03:09 frantzen Exp $ # # See pf.conf(5) and /usr/share/pf for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. localaddr = "{192.168.0.4 127.0.0.1}" localhosts = "192.168.0.0/24" allowedusers = "{x11, root, named, _portmap, www}" if = "xl0" altq on $if cbq bandwidth 100Mb queue { all, local, http, ssh, rsets } queue all bandwidth 32Kb proirity 1 queue local bandwidth 100Mb proirity 10 queue http bandwidth 60Kb priority 5 queue ssh bandwidth 25Kb priority 7 cbq(borrow) queue rsets bandwidth 7500b priority 0 cbq(red) pass in on $if inet proto tcp from any to any port 22 keep state queue ssh pass out on $if inet proto tcp from any to any port 443 keep state queue http pass in on $if inet proto tcp from any to any port 443 keep state queue http pass out on $if inet proto tcp from any to any keep state queue local pass in on $if inet proto tcp from any to any keep state queue local pass in on $if inet proto tcp from any to any keep state queue all pass in on $if inet proto tcp from any to any keep state queue all table const { 192.168.1/24 } table persist file "/etc/banned" block drop in on $if from to $localaddr block drop out on $if from $localaddr to block drop out on $if from $localaddr to pass out on $if from $localaddr to user $allowedusers keep state pass in on $if from $localaddr to keep state --- pfctl output... -bash-3.00# pfctl -f /etc/pf.conf /etc/pf.conf:12: syntax error /etc/pf.conf:14: syntax error /etc/pf.conf:15: queue local has no parent /etc/pf.conf:15: errors in queue definition /etc/pf.conf:16: queue http has no parent /etc/pf.conf:16: errors in queue definition /etc/pf.conf:17: queue ssh has no parent /etc/pf.conf:17: errors in queue definition /etc/pf.conf:18: queue rsets has no parent /etc/pf.conf:18: errors in queue definition /etc/pf.conf:25: syntax error /etc/pf.conf:26: syntax error pfctl: Syntax error in config file: pf rules not loaded --- -- John Kintaro Tate Mobile: 0413 348 815 (Yep, old number, but I have a new phone) Free OpenBSD shell accounts for all with no gimmicks. Just send your desired username and password to me, and I will create it. Personal Website: http://kintaro.noobify.com Illhostit Webhosting: https://secure.illhostit.com/cgi-bin/affiliates/clickthru.cgi?id=Kintaro&campaign=Email
carp-sasync-isakmpd failover problem...
Hi, we have an failover-test-setup looking like below: +CARP0-HOST(M)-CARP1--(WAN) | (WAN)RemoteHost---RemotLAN +CARP0-HOST(B)-CARP1--(WAN) | | LocalLAN ipsec(isakmpd) is setup to build a vpn between LocalLAN and RemoteLAN. Host (M) + Host (B) syncing via pfsync and sasync using "LocalLAN"-Addresses. The ipsec-tunnel from LocalLAN to RemoteLAN is running well until I break up e.g. the ( "WAN" ) Connection on Host (M) Carp1 to the Remote Host. HOST(B) gets "Carp"-Master as expected, SA's seems to get synced too but the tunnel fails to "failover" and the RemoteHost complains about dropped messages "due to notification type invalid_cookie". I need to shutdown and restart the isakmpd at the RemoteHost for "repair" the VPN-Tunnel ... Any Ideas ? We tried this using 3.7 current. Kind regards, Stefan
unnumbered PPPoE
I've been reading through manpages and tutorials but have not been able to get an answer to a question I have. I am wondering if it's possible to use OpenBSD as an unnumbered PPPoE client bridge. Basically a transparent bridge that processes packets for PPPoE so the rest of the network doesn't have to deal with PPPoE. [internet]-[ISP(PPPoE Server)][modem][openbsd(PPPoE Client)]-[multiple static IPs] Kory T
Re: Gigabit network measurments with OpenBSD 3.8-beta (long)
Hi, Finally I got around to testing mbuf tag merging patch by Henning that Theo suggested. For the details on the test setup see my original post [1], only difference now is that the interfaces are all on different interrupts. Only i386 results now, I didn't have the time to test amd64. Firstly, some reference results with NICs each on its own interrupt: clients: 3.8-beta, i386, sp kernel router: 3.8-beta, i386, sp kernel, routing on PCI-X adapter ~~ max TCP bandwidth: 941 Mbits/sec with TCP window size: 96-128KB (larger windows sizes caused a drop in speed probably due to CPU being at 100% interrupt) max UDP bandwidth: 905 Mbits/sec UDP packet size:1470 dropped packets:0% (you can't set higher UDP bandwidth with iperf) UDP pps results with 128 byte packet size: pps %dropped 19608 0% 4 0% 83328 0.00096% 99980 0.0022% 124950 0.0026% 142772 0.0085% 166501 0.039% 196351 0.22% 225851 1.4% 240826 4.2% clients: 3.8-beta, i386, sp kernel router: 3.8-beta, i386, mp kernel, routing on PCI-X adapter ~~ max TCP bandwidth: 941 Mbits/sec with TCP window size: 96-128KB (larger windows sizes caused a drop in speed probably due to CPU being at 100% interrupt) max UDP bandwidth: 905 Mbits/sec UDP packet size:1470 dropped packets:0% (you can't set higher UDP bandwidth with iperf) UDP pps results with 128 byte packet size: pps %dropped 19608 0% 4 0% 83328 0% 99983 0.0012% 124947 0.00096% 142775 1.4% 166493 0.62% 196226 14% 225451 32% 241131 39% - Now some -current results with the router: clients: 3.8-beta, i386, sp kernel router: 3.8-current, i386, sp kernel, routing on PCI-X adapter ~~ max TCP bandwidth: 941 Mbits/sec with TCP window size: 96-256KB (no drop in speed with larger window size) max UDP bandwidth: 905 Mbits/sec UDP packet size:1470 dropped packets:0% (you can't set higher UDP bandwidth with iperf) UDP pps results with 128 byte packet size: pps %dropped 19608 0% 4 0% 83328 0% 99985 0.0008% 124948 0.006% 142764 0.0059% 166459 0.053% 196448 0.2% 222766 1.7% 231909 1.1% clients: 3.8-beta, i386, sp kernel router: 3.8-current, i386, sp kernel, routing on integrated adapter ~~~ TCP bandwidth, win size:750 Mbits/sec, 64KB 460 Mbits/sec, 96KB 751 Mbits/sec, 128KB 755 Mbits/sec, 192KB 760 Mbits/sec, 256KB (strange drop at 96KB window, but no decrease at larger sizes) max UDP bandwidth: 784 Mbits/sec UDP packet size:1470 dropped packets:0% (larger bandwidth tests failed) UDP pps results with 128 byte packet size: pps %dropped 19608 0% 4 0% 83328 0% 99983 0% 124949 0.0008% 142755 0.0017% 166433 0.099% 196415 0.22% 220741 1.9% 229492 2.6% clients: 3.8-beta, i386, sp kernel router: 3.8-current, i386, mp kernel, routing on integrated adapter ~~~ TCP bandwidth, win size:770 Mbits/sec, 64KB 652 Mbits/sec, 96KB 783 Mbits/sec, 128KB 783 Mbits/sec, 192KB 786 Mbits/sec, 256KB (strange drop at 96KB window, but no decrease at larger sizes) max UDP bandwidth: 784 Mbits/sec UDP packet size:1470 dropped packets:0% (larger bandwidth tests failed) UDP pps results with 128 byte packet size: pps %dropped 19608 0% 4 0% 83328 0% 99985 0% 124946 0.0004% 142758 0.00056% 166428 0.0061% 196229 15%
Re: Sun Ultra 5 as a firewall?
On Oct 10, 2005, at 2:16 AM, Joe S wrote: Jason Dixon wrote: Unless you've got a DS-3 or better, why does it matter? 1 interface is for the ADSL connection. I'm not worried about that. 2 interfaces are local networks. It's the throughput between those 2 that I noticed a bit of a bottleneck. It's not *that* bad. It's more suprising than anything else. Good point. :) -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: OpenBSD i386 and macppc on one HDD
On Mon, Oct 10, 2005 at 07:00:55AM -0400, Nick Holland wrote: > Constantine A. Murenin wrote: > > Hello, > > > > I have an external USB 2.0 storage device with OpenBSD i386 > > installation and some free space. Is it possible to install > > OpenBSD/macppc on that spare space without breaking my i386 > > installation? > > ew, ick. > > > How will it all work? Would it be possible to share /etc, > > Since /etc is on the root partition, NO. > Since /etc holds configuration and your macppc and i386 machines will > have different configurations, NO. > > > /var and > > /home partitions between i386 and macppc? Could the HDD be bootable on > > both i386 and macppc? > > My inital response is "no", you couldn't share a disk like this. > My secondary response is "maybe", I've got some ideas how it *might* be > done, but I can think of ONLY one reason to do this: learning the boot > process on both platforms very intimately. And that is a lesson best > taught to one's self. > > If you are trying to save money, go get a job slinging burgers, take > your income and buy a new disk. You will invest less time doing that > than you will fighting this battle. It is just not worth it. > > BTW: If you try this, count on that "some free space" turning into "all > free space" a few times, usually accidently, though probably at least > once deliberately. Even more, as macppc is big-endian and i386 is little endian you will have trouble with FFS ...
Re: OpenBSD i386 and macppc on one HDD
Constantine A. Murenin wrote: > Hello, > > I have an external USB 2.0 storage device with OpenBSD i386 > installation and some free space. Is it possible to install > OpenBSD/macppc on that spare space without breaking my i386 > installation? ew, ick. > How will it all work? Would it be possible to share /etc, Since /etc is on the root partition, NO. Since /etc holds configuration and your macppc and i386 machines will have different configurations, NO. > /var and > /home partitions between i386 and macppc? Could the HDD be bootable on > both i386 and macppc? My inital response is "no", you couldn't share a disk like this. My secondary response is "maybe", I've got some ideas how it *might* be done, but I can think of ONLY one reason to do this: learning the boot process on both platforms very intimately. And that is a lesson best taught to one's self. If you are trying to save money, go get a job slinging burgers, take your income and buy a new disk. You will invest less time doing that than you will fighting this battle. It is just not worth it. BTW: If you try this, count on that "some free space" turning into "all free space" a few times, usually accidently, though probably at least once deliberately. Nick.
Processcontrol
OpenBSD i386 3.7 GENERIC.MP How do you bind/lock a process (and if possible childs) to a specific cpu? Directions to TFM/more info gladly accepted... regards /David
Re: Sun Ultra 5 as a firewall?
On Friday 07 October 2005 21:28, Joe S wrote: > Is anyone on the list running an Ultra 5 as firewall? I would like to > move my firewall from an overpowered P4-3GHz box to a Sun Ultra 5 360MHz. Yes. My Sun Ultra 5 isn't just a firewall, but an NFS server with a relatively large disk for my home network. Runs great. (It actually powers my Alcatel Speedtouch USB ADSL modem with the userland drivers).
Re: Sun Ultra 5 as a firewall?
On 10/7/05, Marco Peereboom <[EMAIL PROTECTED]> wrote: > I ran an Ultra-5 for 2 years straight as my home firewall. It got replaced > with an hppa just because I could :-) My mailserver is still an ultra-5 that > has run for 3 years. The only time it has been down is when my ups gave out. > Sparc + OpenBSD = bliss > until a botched netboot install turns your Netra 105 into a paperweight. not that openbsd was at fault; it just sucked and I'm still quite bitter about the whole ordeal. aaron.glenn
Re: DTrace
On 10/9/05, Gustavo Rios <[EMAIL PROTECTED]> wrote: > Sorry, i was talking about OBSD! > Anyhow, what would it be the problem with DTrace, for OBSD not supporting it? > if you have to ask that question, you have no business running a tool like dtrace. aaron.glenn