3Ware Escalade 7506-8 IDE RAID controller support under OpenBSD 3.8

[Greg]

I have a 3Ware Escalade 7506-8 IDE RAID controller that is currently running
on Suse 9.3 in a RAID 5 array and I am trying to see if I can use it with
OpenBSD 3.8.  I know from the OpenBSD Hardware Compatibility web page that
the twe driver supports the following :  3ware Escalade 3W-5x00 and 3W-6x00
series (twe) .  However I was wondering if anyone has any experience using
this card under OpenBSD 3.8 .

>From Googling I saw a post from someone here
(http://screamingelectron.org/forum/showthread.php?mode=hybrid&t=1955) that
they got a similar card to work under OpenBSD 3.6.  However they only state
that "Tada! Just thought I'd post an info update. The 3Ware 7506-4 raid card
is supported in OpenBSD 3.6 using the aforementioned twe driver!". 

I am not sure what is meant by "supported" .  So. Is anyone using this card
under OpenBSD 3.8 and if so what support is available ?  i.e. Can you only
use the RAID array without any means of detecting a failure/rebuilding or
are there any management tools available to you ?  From what I have seen in
the recent posts all of the OpenBSD RAID work (pretty impressive !) is for
other cards/drivers.  Is this correct ?  I am not looking for anything
fancy, just the ability to detect a drive failure, the ability to know the
status of the hard drives, and to rebuild a degraded array.


TIA,

Greg

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.17/228 - Release Date: 1/12/2006

Re: CDROM not reporting read errors

[Nick Holland]

Austin Hook wrote:
> After buying a used Dell 2850 PowerEdge rack mount server I tried to
> install 3.8 but I found that the CDROM seemed to be giving me bad data.
> The tar/unzip process during install seemed to have trouble with larger
> data files, complaining something about having to search for header data
> after apparently getting some junk.  What was curious is that the read
> itself didnt seem to report any errors, only the tar extract process
> seemed to be complaining.

You sure someone didn't sell you defective CDs? ;)

(to those who have noted my ability to respond to someone without
realizing who it was I was responding to, no, not this time.  Hiya,
Austin! :)

> So I installed over my network by ftp, using the same CD #1 from the 3.8
> set.  All went well.
> 
> Afterwards I decided to do the following (typescript follows):
> 
> Script started on Fri Jan 13 10:30:15 2006
> # #  Previously I did a mkdir /cdrom
> # mount -t cd9660 -r /dev/cd0a /cdrom
> # cp /cdrom/3.8/i386/base38.tgz .
> # diff /cdrom/3.8/i386/base38.tgz base38.tgz
> Binary files /cdrom/3.8/i386/base38.tgz and base38.tgz differ
> # exit
> 
> Script done on Fri Jan 13 10:32:16 2006
> 
> In other words the file I got on hard drive after copying from the CDROM
> was not the same as the file on the CDROM, and yet no read errors were
> reported to me.

Thanks for digging up another happily repressed memory.  (grumble)

Yeah, I've seen this before.  Defective CDROM drive.  No idea how this
is possible, look at the descriptions, it seems there is all kinds of
error detection in a CDROM drive, but I've seen exactly what you
describe multiple times on multiple OSs with at least two different
CDROM drives.  Change drive (even with a non-defective same model,
somehow I managed to have identical copies of both drives that did that
to me), problem vanishes.  Be grateful for the error when uncompressing.
 Really nasty when it happens and the OS you are installing just relies
on reported read errors to verify the files it pulled from CDROM.

But yes, it is possible to have a CDROM drive malfunction so that it
will pull invalid data from the CD, and NEVER REPORT A PROBLEM TO THE
OS.  In addition to the two drives I had that did that to me personally,
I think I have diagnosed this problem on at least one other person's
system.  Curiously, when I've seen this, it REALLY shows itself big.  No
(or very few?) "one-time" events, so this probably indicates some kind
of malfunction in the error detection system on the drive.

> However, if I do this on another machine -- the one where I mounted the
> CDROM to do the across-net install, the two files do not differ.
> 
> In all cases, on any machine or CDROM, I get the same length of file for
> base38.tgz:  36790935.  However a md5 checksum done either directly on the
> Dell 2850 or on the copy I attempted to make, shows a different checksum,
> whereas on other machines the checksums are the same for originals
> directly computed off the cdrom or the copy I make to hard drive -- and
> the those good checksums are different from both the original and the copy
> I access on the Dell.  I presume copies to the Dell, over the net are
> fine.  So it's just the process of reading from the CDROM on the Dell that
> is happy to give bad data without saying so.
> 
> Am I missing something?

Yeah, the fun of that same kind of thing happening when reading and
writing to a hard disk.  That was horrible *shudder*.  Not an OpenBSD
story, though.

Nick.
(gonna have nightmares tonight)

Re: PCI-X not seen by 3.8 on HP DL-145 G2

[Bill Marquette]

On 1/13/06, Bill Marquette <[EMAIL PROTECTED]> wrote:
> I wanted to followup on the network connectivity issue I mentioned
> with the DL385.  I obviously didn't try hard enough.  After moving the
> machine to another location and using a crossover cable to connect it
> to another OpenBSD box instead of a switch, I'm seeing link activity
> and can get online with it.
>
> The PCI-X issues are still there, but for those that don't care about
> that, the machine does work with onboard disk and onboard network.

My definition of work btw is it works and I was able to get a cvs
update completed.  However a simple SCP to a machine direct connected
to it b0rks it - each panic is different (joy).  The latest from a cvs
update earlier this evening is:

# scp /bsd /bsd /bsd 192.168.177.2:/
The authenticity of host '192.168.177.2 (192.168.177.2)' can't be established.
RSA key fingerprint is cd:bd:f7:e9:c6:85:5c:e1:17:6f:a6:6c:3f:9b:ad:98.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.177.2' (RSA) to the list of known hosts.
[EMAIL PROTECTED]'s password:
bsd 0%0 0.0KB/s  
--:-- ETAkernel: machine check trap, code=0
Stopped at  microuptime+0x3f:   leave
ddb{0}> trace
microuptime() at microuptime+0x3f
mi_switch() at mi_switch+0xa2
preempt() at preempt+0xb2
trap() at trap+0x556
--- trap (number 3) ---
end of kernel
end trace frame: 0x4000, count: -4
0x41d5331a:
ddb{0}>

This is running amd64 GENERIC.MP with one (hopefully) minor change
setting CONADDR to 0x2f8 so I can use the Compaq iLO from remote to
have serial console access (via ssh, neat!) - as the iLO sits on BIOS
com2 (boot loader com1).  I can panic it with the same command w/a
generic kernel too, just can't get the backtrace :)

"show all procs" shows
ddb{0}> [All procs
   PID   PPID   PGRPUID  S   FLAGS  WAIT   COMMAND
  5263  28221  28221  0  2   0x2004086 ssh
*28221  25756  28221  0  2  0x4006 scp
 25756  1  25756  0  3   0x2004086  pause  ksh
 32639  1  1  0  3   0x2004084  ttyopn getty
 32710  1  32710  0  3   0x2004086  ttyin  getty
 22120  1  22120  0  3   0x2004086  ttyin  getty
  5890  1   5890  0  3   0x2004086  ttyin  getty
  1667  1   1667  0  3   0x2004086  ttyin  getty
 21591  1  21591  0  3   0x2004086  ttyin  getty
 20141  1  20141  0  3   0x284  select cron
 13916  1  13916  0  3   0x2040184  select sendmail
 17527  1  17527  0  3   0x284  select sshd
 27479  1  27479  0  3   0x2000184  select inetd
 29091  24809  24809 73  3   0x2000184  poll   syslogd
 24809  1  24809  0  3   0x284  netio  syslogd
11  0  0  0  3   0x2100204  crypto_wa  crypto
10  0  0  0  3   0x2100204  aiodoned   aiodoned
 9  0  0  0  3   0x2100204  syncer update
 8  0  0  0  3   0x2100204  cleanercleaner
 7  0  0  0  30x100204  reaper reaper
 6  0  0  0  3   0x2100204  pgdaemon   pagedaemon
 5  0  0  0  3   0x2100204  pftm   pfpurge
 4  0  0  0  3   0x2100204  usbevt usb1
 3  0  0  0  3   0x2100204  usbtsk usbtask
 2  0  0  0  3   0x2100204  usbevt usb0
 1  0  1  0  3   0x2004084  wait   init
 0 -1  0  0  3   0x2080204  scheduler  swapper


Until (and even after for some time) one of these shows up in a
developers hands (already volunteered), I can provide serial console
access and full lights out management access to this box (and to the
box that I'm scp'ing too).

dmesg from various kernels...
AMD64 SMP kernel from 1/7/06
http://www.pfsense.com/~billm/dmesg.amd64.mp.txt
AMD64 non-SMP kernel from 1/7/06
http://www.pfsense.com/~billm/dmesg.amd64.uni.txt
i386 non-SMP kernel from 1/7/06 (bsd.rd from snapshot cd)
http://www.pfsense.com/~billm/dmesg.i386.uni.txt
AMD64 SMP kernel w/ console set to com1 from 1/13/06
http://www.pfsense.com/~billm/dmesg.amd64.mp.com1.txt

--Bill

CDROM not reporting read errors

[Austin Hook]

After buying a used Dell 2850 PowerEdge rack mount server I tried to
install 3.8 but I found that the CDROM seemed to be giving me bad data.
The tar/unzip process during install seemed to have trouble with larger
data files, complaining something about having to search for header data
after apparently getting some junk.  What was curious is that the read
itself didnt seem to report any errors, only the tar extract process
seemed to be complaining.

So I installed over my network by ftp, using the same CD #1 from the 3.8
set.  All went well.

Afterwards I decided to do the following (typescript follows):

Script started on Fri Jan 13 10:30:15 2006
# #  Previously I did a mkdir /cdrom
# mount -t cd9660 -r /dev/cd0a /cdrom
# cp /cdrom/3.8/i386/base38.tgz .
# diff /cdrom/3.8/i386/base38.tgz base38.tgz
Binary files /cdrom/3.8/i386/base38.tgz and base38.tgz differ
# exit

Script done on Fri Jan 13 10:32:16 2006

In other words the file I got on hard drive after copying from the CDROM
was not the same as the file on the CDROM, and yet no read errors were
reported to me.

However, if I do this on another machine -- the one where I mounted the
CDROM to do the across-net install, the two files do not differ.

In all cases, on any machine or CDROM, I get the same length of file for
base38.tgz:  36790935.  However a md5 checksum done either directly on the
Dell 2850 or on the copy I attempted to make, shows a different checksum,
whereas on other machines the checksums are the same for originals
directly computed off the cdrom or the copy I make to hard drive -- and
the those good checksums are different from both the original and the copy
I access on the Dell.  I presume copies to the Dell, over the net are
fine.  So it's just the process of reading from the CDROM on the Dell that
is happy to give bad data without saying so.

Am I missing something?

Austin

DMESG of the Dell 2850 PowerEdge follows:

OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class) 596 MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,SER,MMX,FXSR,SSE
real mem  = 268013568 (261732K)
avail mem = 237670400 (232100K)
using 3297 buffers containing 13504512 bytes (13188K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 02/16/01, BIOS32 rev. 0 @ 0xffe90
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc2c0/144 (7 entries)
pcibios0: PCI Interrupt Router at 000:15:0 ("ServerWorks ROSB4 SouthBridge" rev 
0x00)
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x6000 0xce000/0x1000 0xec000/0x4000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "ServerWorks CNB20LE Host" rev 0x05
pchb1 at pci0 dev 0 function 1 "ServerWorks CNB20LE Host" rev 0x05
pci1 at pchb1 bus 1
ppb0 at pci1 dev 2 function 0 "Intel i960 RM PCI-PCI" rev 0x01
pci2 at ppb0 bus 2
ahc1 at pci2 dev 4 function 0 "Adaptec AIC-7899 U160" rev 0x01: irq 11
scsibus0 at ahc1: 16 targets
sd0 at scsibus0 targ 0 lun 0:  SCSI2 0/direct 
fixed
sd0: 8637MB, 4926 cyl, 27 head, 133 sec, 512 bytes/sec, 17689267 sec total
sd1 at scsibus0 targ 1 lun 0:  SCSI2 0/direct 
fixed
sd1: 8637MB, 4926 cyl, 27 head, 133 sec, 512 bytes/sec, 17689267 sec total
sd2 at scsibus0 targ 2 lun 0:  SCSI2 0/direct fixed
sd2: 8678MB, 5273 cyl, 20 head, 168 sec, 512 bytes/sec, 17773524 sec total
sd3 at scsibus0 targ 3 lun 0:  SCSI2 0/direct 
fixed
sd3: 8637MB, 4926 cyl, 27 head, 133 sec, 512 bytes/sec, 17689267 sec total
safte0 at scsibus0 targ 6 lun 0:  SCSI2 
3/processor fixed
ahc2 at pci2 dev 4 function 1 "Adaptec AIC-7899 U160" rev 0x01: irq 5
scsibus1 at ahc2: 16 targets
fxp0 at pci1 dev 8 function 0 "Intel 82557" rev 0x08, i82559: irq 5, address 
00:b0:d0:49:61:de
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
fxp1 at pci0 dev 2 function 0 "Intel 82557" rev 0x08, i82559: irq 11, address 
00:90:27:87:0c:81
inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4
vga1 at pci0 dev 14 function 0 "ATI Mach64 GY" rev 0x7a
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 15 function 0 "ServerWorks ROSB4 SouthBridge" rev 0x4f
pciide0 at pci0 dev 15 function 1 "ServerWorks OSB4 IDE" rev 0x00: DMA
atapiscsi0 at pciide0 channel 0 drive 0
scsibus2 at atapiscsi0: 2 targets
cd0 at scsibus2 targ 0 lun 0:  SCSI0 5/cdrom 
removable
cd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 2
ohci0 at pci0 dev 15 function 2 "ServerWorks OSB4/CSB5 USB" rev 0x04: irq 10, 
version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: ServerWorks OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 4 ports with 4 removable, self powered
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: consol

mssql.so

[Ricardo Lucas]

It's a stupid question but very useful for me, how can I install or find the
mssql.so extension, or if it not existe what can I do instead?
And if it not exist, why there is a line for that extension in the
php.iniin the package from the ports tree?
That is it!

--
Abragos
Ricardo Lucas

We have to stop been egoist and think more on ourselves.

Re: Reverse package process

[Daniel Ouellet]

Tobias Ulmer wrote:

Hi Daniel,
there is even an example in the pkg_create manpage ;)

Tobias


Men,

Thanks! How could I have overlook that one! I deserved to be called the 
moron of the day big time!


That was really easy too!

Shame on me for this one!

Thanks for the cue!

Daniel

Re: postfix w/ encrypted virtual mailboxes: delivery failure "file too large"

[dick]

what do you guys think about this response i got on the postfix-users list?

On Fri, Jan 13, 2006 at 01:28:53PM -0600, [EMAIL PROTECTED] wrote:

> $ ls -al protected
> -rw-r--r--  1 root  wheel  204800 Jan 13 11:26 protected
> 
> sudo vnconfig -ck -v /dev/svnd0c /home/protected
> sudo mount -o rw,nodev,nosuid /dev/svnd0c /var/vmail
> 
> Jan 13 11:23:51 served postfix/virtual[11909]: 823AF1432E: to=<[EMAIL 
> PROTECTED]>,
> relay=virtual, delay=1, status=bounced (maildir delivery failed: create 
> /var/vmail/jy-p/tmp/1137173030.P11909.served.mysite.com: File too large)

Looks like the "svnd" driver applies the per-process file size limit
not only to the files created, but also to the containing volume.
This means that "svnd" used over ordinary files is not suitable.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: PCI-X not seen by 3.8 on HP DL-145 G2

[Bill Marquette]

On 1/11/06, Bill Marquette <[EMAIL PROTECTED]> wrote:
> On 12/9/05, Srebrenko Sehic <[EMAIL PROTECTED]> wrote:
> The ciss driver works fine (no idea about speeds at this time, more on
> that in a second).
> The onboard broadcom nics do show up, but I can't seem to get link on them
> pci-x connected cards are mia even though the pci-x bus looks like
> it's configured (I believe on the uniprocessor kernel it didn't
> configure it, I can recheck that).
>
> With no network, it was kind of difficult to get anything on the
> system for IO tests on the disks, which wasn't a huge deal for me in
> the first place.

I wanted to followup on the network connectivity issue I mentioned
with the DL385.  I obviously didn't try hard enough.  After moving the
machine to another location and using a crossover cable to connect it
to another OpenBSD box instead of a switch, I'm seeing link activity
and can get online with it.

The PCI-X issues are still there, but for those that don't care about
that, the machine does work with onboard disk and onboard network.

--Bill

Re: Block MAC address

[daemon1]

On Jan 13, 2006, at 5:19 PM, Bc. Radek Krejca wrote:


Hello,

  I need to restrict some mac addresses or better allow set of
  addresses and block others.

  How can I do it? Is there any tool in OpenBSD?




yes.

man bridgename.if
man brconfig

look at tagging on the bridge if and filtering in pf, it works great  
for me.


-Jonathan

Re: Block MAC address

[David Coppa]

Bc. Radek Krejca wrote:

Hello,

  I need to restrict some mac addresses or better allow set of
  addresses and block others.

  How can I do it? Is there any tool in OpenBSD?



http://www.openbeer.it/codes/projects/macfiltering.tar.gz

It's for 3.7-stable, so needs to be adapted...

Regards,
David

Re: Block MAC address

[Jon Simola]

On 1/13/06, Adriaan Misc <[EMAIL PROTECTED]> wrote:

> >   I need to restrict some mac addresses or better allow set of
> >   addresses and block others.

> See man brconfig. It even has examples ;)

Jumping in with a somewhat obscure/undocumented feature (at least,
I've never found anything referring to it in this manner), layer 2
filtering on an OpenBSD machine that is not a traditional bridge
(multiple interfaces) appears to be do-able with a single port bridge,
ala:

bash-3.00# brconfig bridge0
bridge0: flags=41
Configuration:
priority 32768 hellotime 2 fwddelay 15 maxage 20
Interfaces:
em0 flags=3
port 1 ifpriority 128 ifcost 55
block in on em0 src 00:30:48:74:60:0e
Addresses (max cache: 100, timeout: 240):
00:00:5e:00:01:06 em0 1 flags=0<>
00:00:5e:00:01:07 em0 1 flags=0<>
00:30:48:74:60:0e em0 1 flags=0<>
bash-3.00# arp -an |grep 00:30:48:74:60:0e
? (10.188.3.4) at 00:30:48:74:60:0e on em0
bash-3.00# ping -c2 10.188.3.4
PING 10.188.3.4 (10.188.3.4): 56 data bytes
--- 10.188.3.4 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
bash-3.00# brconfig bridge0 flushrule em0
bash-3.00# ping -c2 10.188.3.4
PING 10.188.3.4 (10.188.3.4): 56 data bytes
64 bytes from 10.188.3.4: icmp_seq=0 ttl=255 time=0.255 ms
64 bytes from 10.188.3.4: icmp_seq=1 ttl=255 time=0.208 ms
--- 10.188.3.4 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.208/0.231/0.255/0.027 ms
bash-3.00#

Works here, not intended for small children and the elderly, no
implied usability, etc...

--
Jon Simola
Systems Administrator
ABC Communications

Re: Reverse package process

[Tobias Ulmer]

On Fri, Jan 13, 2006 at 05:33:09PM -0500, Daniel Ouellet wrote:
> I have kind of a very stupid question, but I am also a but stuck.
> 
> I have a server that have a package install on it, but I do not have the 
> .tgz file anymore to redo the install of that same package.
> 
> I can't rebuilt that package now for many reason, but if I have to, it 
> could be done, but with pain.
> 
> So, my question is if there is a way somehow to have the .tgz rebuilt 
> from the install one?
> 
> I assume it should be possible as the DB for the packages is clean and 
> good, so all files would be properly remove with dependency, etc if remove.
> 
> Is this totally stupid to think that way, or is it possible.
> 
> Usually built package are done for the fake directory based on the FAQ. 
> Anyway to built it from a working system?
> 
> If that's stupid, just say so and I will drop the idea and see how I 
> could do it an other way. I guess I could always copy files by files and 
> make the changes to the packages DB, but it that also stupid?
> 
> Daniel
> 
>

Hi Daniel,
there is even an example in the pkg_create manpage ;)

Tobias

Re: OpenBSD logo in xlock(1) life mode should be updated

[Andrés Delfino]

This is the best I could do, hope you like it.

[demime 1.01d removed an attachment of type image/x-xpixmap which had a name of 
life-b.xpm]

Re: Block MAC address

[eric]

On Fri, 2006-01-13 at 23:19:01 +0100, Bc. Radek Krejca proclaimed...

>   I need to restrict some mac addresses or better allow set of
>   addresses and block others.
> 
>   How can I do it? Is there any tool in OpenBSD?

Just add the idiots to a file...

# cat /etc/arp.table
127.66.131.1 00:02:4d:b2:9b:48 permanent #idiot1
127.66.131.2 00:05:4d:3d:39:13 permanent #idiot2
127.66.131.3 00:08:6d:da:39:18 permanent #idiot3

then build static arp entries

# /usr/sbin/arp -f /etc/arp.table

Next, just block 127.66.0.0/16.

# grep '127.66' /etc/pf.conf
block in log quick from 127.66.0.0/16 to any label morons

It's quit, cheap, and lame. But it works.

Re: Reverse package process

[Joachim Schipper]

On Fri, Jan 13, 2006 at 05:33:09PM -0500, Daniel Ouellet wrote:
> I have kind of a very stupid question, but I am also a but stuck.
> 
> I have a server that have a package install on it, but I do not have the 
> .tgz file anymore to redo the install of that same package.
> 
> I can't rebuilt that package now for many reason, but if I have to, it 
> could be done, but with pain.
> 
> So, my question is if there is a way somehow to have the .tgz rebuilt 
> from the install one?
> 
> I assume it should be possible as the DB for the packages is clean and 
> good, so all files would be properly remove with dependency, etc if remove.
> 
> Is this totally stupid to think that way, or is it possible.
> 
> Usually built package are done for the fake directory based on the FAQ. 
> Anyway to built it from a working system?
> 
> If that's stupid, just say so and I will drop the idea and see how I 
> could do it an other way. I guess I could always copy files by files and 
> make the changes to the packages DB, but it that also stupid?

It will not quite make a package, but /var/db/pkg contains some useful
stuff. At the least, it can tell you what files to get.

If the port consisted of nothing more than ./configure; make; make
install, this might even be enough.

Joachim

Re: Block MAC address

[MK]

What about this idea? Setup your firewall configuration file to allow only 
IPs you want to provide access and then use arp permanent entries for them. 
I use it to restrict internet, only for trusted pair of ip/mac and it works 
great.


MK

- Original Message - 
From: "Bc. Radek Krejca" <[EMAIL PROTECTED]>

To: "OpenBSD general usage list" 
Sent: Friday, January 13, 2006 11:19 PM
Subject: Block MAC address



Hello,

 I need to restrict some mac addresses or better allow set of
 addresses and block others.

 How can I do it? Is there any tool in OpenBSD?

--
Regards,
Bc. Radek Krejca
[EMAIL PROTECTED]
http://www.ceskedomeny.cz
http://www.skdomeny.com
http://www.starnet.cz

Re: Annoying echoes in console DRAC III/XT on DELL Poweredge

[Xavier Milliès-Lacroix]

Thanks.

Do you have an floppy 'image' or link that I can send to The Drac III Card
to test the FreeBSD boot process ?

To check if the issue is not present with FreeBSD ?

-Message d'origine-
De : Brian A. Seklecki [mailto:[EMAIL PROTECTED] 
Envoyi : vendredi 13 janvier 2006 22:49
@ : Xavier Millihs-Lacroix
Cc : misc@openbsd.org
Objet : RE: Annoying echoes in console DRAC III/XT on DELL Poweredge

On Fri, 13 Jan 2006, Xavier Millihs-Lacroix wrote:

> Sorry for the delay.
>
> In the BIOS I have found, 'USB Controller' with 3 options :
>    Sets the USB controller to On with BIOS Support, On Without BIOS 
> Support, or Off. If you have a PS/2 keyboard attached, On Without BIOS 
> Support disables BIOS USB support. If you do not have a PS/2 keyboard 
> attached and select On Without BIOS Support, USB mouse and keyboard 
> devices function only during the boot process. When set to On With 
> BIOS Support, USB mouse and keyboard devices are controlled by the 
> BIOS until an operating system driver is loaded.
>
> But none are working.
>
> Any other ideas ?

Wscons may not be available during the initial install if that's what you're
trying to do; otherwise all new USB keyboards connected while the system is
running should get MUX'd in.

Compile a kernel w/o wscons or wskbd? I dunno.  I'd really have to play with
it.  All that I can personally attest to is: It works fine with
Drac/4 on FreeBSD 5.x =/

~BAS

>
> -Message d'origine-
> De : Brian A. Seklecki [mailto:[EMAIL PROTECTED]
> Envoyi : lundi 5 dicembre 2005 02:11
> @ : Xavier Millihs-Lacroix
> Cc : misc@openbsd.org
> Objet : Re: Annoying echoes in console DRAC III/XT on DELL Poweredge
>
> The thing emulates a USB keyboard.  Trying toggling legacy emulation 
> mode in the BIOS.
>
> ~BAS
>
> On Thu, 2005-12-01 at 03:55, Xavier Millihs-Lacroix wrote:
>> Hello,
>>
>> I 'm trying to install OBSD 3.8 on a Dell Poweredge 750 server using 
>> the Card DRAC III/XT (provides remote console/screen).
>> But each time a ket is pushed I have the letter repetead on the console.
>> I have put the last firmware for the DRAC Card.
>>
>> I have search by didn't find any answer 
>>
>> I can't install remotely OBSD !
>>
>> Do you have already met this issue ?
>>
>> Is it a java problem (the remote access is done via http and a java 
>> virtual
>> machine) ?
>>
>> Xavier.
>>
>
>
>
>

l8*
-lava

x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8

Re: OpenBSD and Windows IP Tunnel Question

[Joachim Schipper]

On Fri, Jan 13, 2006 at 11:48:12AM -0800, Valerio G. Romano wrote:
> Hello all,
> 
> I have a recent OpenbSD 3.8 install on a macppc.  I am trying to decide 
> what to use to have remote access to my network for which openbsd is the 
> gateway with various roaming clients.  All I really want to do is have a 
> network drive or two show up on remote computers while they are roaming 
> and reach my network via the internet cloud.  So if my boss is in a 
> hotel, she can reach the internet and then simply use her windows client 
> to be on my network. The windows client can not be expected to log on to 
> the openbsd box and renumber the remote network settings.
> So I need a simple ipsec or ssl (or other) solution that will allow 
> windows clients (hopefully any flavor of windows, but at least win2000+) 
> to log on and mount drives from the remote network.  I would love to 
> know the name of the openbsd package that is recommended and which free 
> windows client goes with it, and maybe a howto on how to make them work 
> together.
> I have read lots of documentation and it seems like lots of people are 
> doing lots of different solutions.  I am looking for a solution that 
> offers some security and doesn't expect much knowledge from the windows 
> client/user.
> 
> What should I use?

I've tried both IPSec and OpenVPN. The former has lots of knobs
(probably too much), and the Windows implementation leaves quite a bit
to be desired.
I've especially had quite a few problems with certificates, which caused
large packets (as Windows' version does not seem to have the
fragmentation extension - neither, BTW, does OpenBSD; this was on Linux,
racoon/KAME), which caused the cheap SOHO NAT router to drop the
packets.

The second is less efficient, which is a big minus in my book, but
offers a limited GUI for Windows and actually works with NAT. It's
available as the openvpn package.

Both seem to be well-designed as far as security goes, though OpenBSD's
track record is (of course ;-) ) better.

Joachim

Club Med et Marionnaud : des dizaines de milliers d'E uros en bons d'achat gratuits à gagner .

[phillipe]

 Si ce message ne s'affiche pas correctement, cliquer ici
.

  

 *TIRAGE AU SORT*
Sous contrôle d'huissier. 

Tout le monde gagne, sans engagement. 

 1er prix : 5.000 € 

 2ème prix : 3.000 € 

 3ème prix : 3.000 € 

 Et des centaines d'autres bons d'achat de 50 € à 30
€
Club-Med et Marionnaud
et des abonnements gratuits pour tous. 

Participez au tirage au sort immédiatement.

 

  

 

Ce mail n'est pas un Spam. Nous avons acquis des fichiers qualifiis Opt.in
aupris d'entreprises spicialisies qui nous ont garanti avoir obtenu ` un
moment donni votre accord pour l'envoi de mails.
Vous pouvez nianmoins vous disinscrire par notre intermidiaire
difinitivement.

Conformiment ` la loi informatique et liberti du 06/01/1978 (art.27),  vous
disposez d'un droit d'acchs et de rectification des donnies vous 
concernant.
Si vous souhaitez modifier vos coordonnies
http://ml.cyber-market.org/lists/?p=preferences&uid=d03491030bbdcecec91edef66bbdba63.
Si vous ne disirez plus  recevoir de messages ilectroniques de la part de
cet annonceur,
http://ml.cyber-market.org/lists/?p=unsubscribe&uid=d03491030bbdcecec91edef66bbdba63

Vous avez une riclamation ` iffectuer : [EMAIL PROTECTED]

Re: Block MAC address

[Adriaan Misc]

On 1/13/06, Bc. Radek Krejca <[EMAIL PROTECTED]> wrote:
> Hello,
>
>   I need to restrict some mac addresses or better allow set of
>   addresses and block others.
>
>   How can I do it? Is there any tool in OpenBSD?
>
{SNIP}
>
See man brconfig. It even has examples ;)

Reverse package process

[Daniel Ouellet]

I have kind of a very stupid question, but I am also a but stuck.

I have a server that have a package install on it, but I do not have the 
.tgz file anymore to redo the install of that same package.


I can't rebuilt that package now for many reason, but if I have to, it 
could be done, but with pain.


So, my question is if there is a way somehow to have the .tgz rebuilt 
from the install one?


I assume it should be possible as the DB for the packages is clean and 
good, so all files would be properly remove with dependency, etc if remove.


Is this totally stupid to think that way, or is it possible.

Usually built package are done for the fake directory based on the FAQ. 
Anyway to built it from a working system?


If that's stupid, just say so and I will drop the idea and see how I 
could do it an other way. I guess I could always copy files by files and 
make the changes to the packages DB, but it that also stupid?


Daniel

Re: Linksys WMP55AG (ath0) Not Finding Wireless Network

[Ray Lai]

On Thu, Jan 12, 2006 at 10:55:35PM -0700, Theo de Raadt wrote:
> > Some AR5212 chips seem to have problems, even though they are
> > detected by OpenBSD.  I read something about newer firmwares?
> 
> The atheros chips do not use firmware.

Please ignore my ignorance, I meant PHY:

http://www.monkey.org/openbsd/archive2/misc/200507/msg00564.html

-Ray-

Block MAC address

[Bc. Radek Krejca]

Hello,

  I need to restrict some mac addresses or better allow set of
  addresses and block others.

  How can I do it? Is there any tool in OpenBSD?

-- 
Regards,
 Bc. Radek Krejca
 [EMAIL PROTECTED]
 http://www.ceskedomeny.cz
 http://www.skdomeny.com
 http://www.starnet.cz

Re: for those following -current

[David Hill]

On Fri, Jan 13, 2006 at 02:43:21PM -0500, Michael Steinfeld wrote:
> On 1/13/06, Todd C. Miller <[EMAIL PROTECTED]> wrote:
> > Due to some just-committed types changes you will have to build &
> > install gcc before a "make build" will succeed.
> >
> > New snapshots will be available in the next few days.
> 
> Thanks for the heads up, Can you tell me the time of these commits?
> 
> I updated my tree aprox. 2 hours ago.
> 
> my build world has been going smooth for about an hour+ on a 1.5ghz
> mac mini 512ram 5400rpm drive
>

If you're following -current, you should also be following source
changes.

David

Re: Annoying echoes in console DRAC III/XT on DELL Poweredge

[Brian A. Seklecki]

On Fri, 13 Jan 2006, Xavier Millihs-Lacroix wrote:

> Sorry for the delay.
>
> In the BIOS I have found, 'USB Controller' with 3 options :
>    Sets the USB controller to On with BIOS Support, On Without BIOS
> Support, or Off. If you have a PS/2 keyboard attached, On Without BIOS
> Support disables BIOS USB support. If you do not have a PS/2 keyboard
> attached and select On Without BIOS Support, USB mouse and keyboard devices
> function only during the boot process. When set to On With BIOS Support, USB
> mouse and keyboard devices are controlled by the BIOS until an operating
> system driver is loaded.
>
> But none are working.
>
> Any other ideas ?

Wscons may not be available during the initial install if that's what 
you're trying to do; otherwise all new USB keyboards connected while
the system is running should get MUX'd in.

Compile a kernel w/o wscons or wskbd? I dunno.  I'd really have to play 
with it.  All that I can personally attest to is: It works fine with 
Drac/4 on FreeBSD 5.x =/

~BAS

>
> -Message d'origine-
> De : Brian A. Seklecki [mailto:[EMAIL PROTECTED]
> Envoyi : lundi 5 dicembre 2005 02:11
> @ : Xavier Millihs-Lacroix
> Cc : misc@openbsd.org
> Objet : Re: Annoying echoes in console DRAC III/XT on DELL Poweredge
>
> The thing emulates a USB keyboard.  Trying toggling legacy emulation mode in
> the BIOS.
>
> ~BAS
>
> On Thu, 2005-12-01 at 03:55, Xavier Millihs-Lacroix wrote:
>> Hello,
>>
>> I 'm trying to install OBSD 3.8 on a Dell Poweredge 750 server using
>> the Card DRAC III/XT (provides remote console/screen).
>> But each time a ket is pushed I have the letter repetead on the console.
>> I have put the last firmware for the DRAC Card.
>>
>> I have search by didn't find any answer 
>>
>> I can't install remotely OBSD !
>>
>> Do you have already met this issue ?
>>
>> Is it a java problem (the remote access is done via http and a java
>> virtual
>> machine) ?
>>
>> Xavier.
>>
>
>
>
>

l8*
-lava

x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8

Re: Annoying echoes in console DRAC III/XT on DELL Poweredge

[Xavier Milliès-Lacroix]

Sorry for the delay.

In the BIOS I have found, 'USB Controller' with 3 options :
 Sets the USB controller to On with BIOS Support, On Without BIOS
Support, or Off. If you have a PS/2 keyboard attached, On Without BIOS
Support disables BIOS USB support. If you do not have a PS/2 keyboard
attached and select On Without BIOS Support, USB mouse and keyboard devices
function only during the boot process. When set to On With BIOS Support, USB
mouse and keyboard devices are controlled by the BIOS until an operating
system driver is loaded. 

But none are working.

Any other ideas ?

-Message d'origine-
De : Brian A. Seklecki [mailto:[EMAIL PROTECTED] 
Envoyi : lundi 5 dicembre 2005 02:11
@ : Xavier Millihs-Lacroix
Cc : misc@openbsd.org
Objet : Re: Annoying echoes in console DRAC III/XT on DELL Poweredge

The thing emulates a USB keyboard.  Trying toggling legacy emulation mode in
the BIOS.

~BAS

On Thu, 2005-12-01 at 03:55, Xavier Millihs-Lacroix wrote:
> Hello,
> 
> I 'm trying to install OBSD 3.8 on a Dell Poweredge 750 server using 
> the Card DRAC III/XT (provides remote console/screen).
> But each time a ket is pushed I have the letter repetead on the console.
> I have put the last firmware for the DRAC Card.
> 
> I have search by didn't find any answer 
> 
> I can't install remotely OBSD !
> 
> Do you have already met this issue ?
> 
> Is it a java problem (the remote access is done via http and a java 
> virtual
> machine) ?
> 
> Xavier.

Re: for those following -current

[Matthias Kilian]

On Fri, Jan 13, 2006 at 02:43:21PM -0500, Michael Steinfeld wrote:
> Thanks for the heads up, Can you tell me the time of these commits?
> 
> I updated my tree aprox. 2 hours ago.

Watch out for an updated www/faq/current.html. Todd had documented
the necessary change there.

Ciao,
Kili

Re: CARP on firewalls connected to ISP and OpenBGPd

[Kevin]

> i'm building network as it is drawn on pic http://devnet.pl/~pck/network.jpg
> .
>
> with isp1 and isp2 i have to set up BGP (i've got public AS) and i'm
> thinking to use openbgpd for this.
>
> to connect to ISP1 i have 1.1.1.4/30.   .4/30 is IP for my router, .3/30 is
> for ISP1 router.
> to connect to ISP2 i have 2.2.2.4/30.   .4/30 is IP for my router, .3/30 is
> for ISP2 router.
>
> for DMZ i've got public IPs /24, for example: 3.3.3.0/24.
>
> FW3 and FW4 are exactly the same machines, they've got 4 ethernets, for
> example:
> e0: 1.1.1.4/30 (ISP1)
> e1: 2.2.2.4/30 (ISP2)
> e2: 3.3.3.1/24 (ISP3)
> e3: for pfsync between FW3 and FW4
>
> i want to set CARP on ISPs and DMZ side. is it possible? I have only one IP
> for connecting to ISP, so can i set 192.168.0.1/24 and 192.168.0.2/24 on e0
> and then make hostname.carp0 with ip address 1.1.1.4/30?  and something like
> this on ISP2 side.

I had the exact problem in a client network recently including wanting
to do load balancing of the protected web servers. After trying a
variety of different configs (and wanting to keep things simple by
avoiding doing any added routing), I finally ended up having the ISP
hand me the network as a /24 (instead of as a /24 via a segmented /30)
with my .1 of the /24 being held on *their* router as my gateway.
Easy.

I imagine there is some way to do this, and while perhaps the way we
ended up doing things wasn't as pretty, it ultimately led us to
accomplish the goal: getting the network running with failover.

> and second question is how can i resolve problem like this:
> i've got two machines in dmz (on public ip) which do the same (ie.: web
> servers):
> 3.3.3.40
> 3.3.3.41
>
> and one of them dies, so redirect all traffic two the second machine. should
> i do it with rdr rule? like:
> rdr on $ext_e0 proto tcp from any to 3.3.3.40 port 80 -> 3.3.3.41 port 80
> rdr on $ext_e1 proto tcp from any to 3.3.3.40 port 80 -> 3.3.3.41 port 80
>
> or something else?
We use carp in master/slave mode and round-robin to accomplish this as such:

tablepersist file "/etc/tables/rr_ext"
tablepersist file "/etc/tables/rr_int"

rdr on $ext_if inet proto tcp from any to port 80 -> \
 round-robin

...we then setup one external CARP group for the public www IPs and a
second internal CARP group for the private www server IPs.

Works like a charm.


Best,
Kevin




--
http://www.ebiinc.com: Background Screening from EBI
Leaders in background checks for employers worldwide.

OpenBSD and Windows IP Tunnel Question

[Valerio G. Romano]

Hello all,

I have a recent OpenbSD 3.8 install on a macppc.  I am trying to decide 
what to use to have remote access to my network for which openbsd is the 
gateway with various roaming clients.  All I really want to do is have a 
network drive or two show up on remote computers while they are roaming 
and reach my network via the internet cloud.  So if my boss is in a 
hotel, she can reach the internet and then simply use her windows client 
to be on my network. The windows client can not be expected to log on to 
the openbsd box and renumber the remote network settings.
So I need a simple ipsec or ssl (or other) solution that will allow 
windows clients (hopefully any flavor of windows, but at least win2000+) 
to log on and mount drives from the remote network.  I would love to 
know the name of the openbsd package that is recommended and which free 
windows client goes with it, and maybe a howto on how to make them work 
together.
I have read lots of documentation and it seems like lots of people are 
doing lots of different solutions.  I am looking for a solution that 
offers some security and doesn't expect much knowledge from the windows 
client/user.


What should I use?


Thanks very much for the help,


-Valerio

Re: for those following -current

[Michael Steinfeld]

On 1/13/06, Todd C. Miller <[EMAIL PROTECTED]> wrote:
> Due to some just-committed types changes you will have to build &
> install gcc before a "make build" will succeed.
>
> New snapshots will be available in the next few days.

Thanks for the heads up, Can you tell me the time of these commits?

I updated my tree aprox. 2 hours ago.

my build world has been going smooth for about an hour+ on a 1.5ghz
mac mini 512ram 5400rpm drive

Re: Effecient window manager layout

[Matthias Kilian]

On Fri, Jan 13, 2006 at 11:18:42PM +1100, Donald Bruce Stewart wrote:
> All the good hackers I know use ion.

Bloatware! Use ratpoison ;-)

Ciao,
Kili

Re: error on ifconfig, bssid

[Lucas Reddinger]

> When you set the bssid, are you setting telling the card to connect to
> the AP with that bssid, or are you telling the card to use that bssid
> for itself when it's acting like an access point?

i wanted to connect to the access point that has the specified bssid.
i am using bss mode. i am not trying to do _anything_ with hostap.
this card is a client.

lucas reddinger

postfix w/ encrypted virtual mailboxes: delivery failure "file too large"

[dick]

heya,

i've got the postfix-2.2.5p0-sasl2 port on an openbsd 3.7-stable machine. the
setup has been working great thus far, but now that i'm trying to encrypt my
virtual mailbox directory (using vnconfig) i'm encountering problems that i
can't resolve myself.

i have everything working fine without encrypted mailboxes: virtual mailboxes
setup such that all the email is delivered to subdirectories of /var/vmail,
where vmail is the virtual mailbox user account, and users can relay mail and
use IMAPS for access. on a few other openbsd machines i've successfully setup
encrypted disk images using vnconfig from whence i host FTP and samba shares.
there is no problem using these images that are mounted via vnconfig: the FTP
and samba servers access the mounted svnd devices without event. however, when i
attempt to mount an encrypted image on /var/vmail and use that image to store my
mailboxes, i get errors from postfix when it attempts delivery to one of the
virtual mailboxes. in terms of commands, i issue and see the following (this
includes some config file contents too):

$ cat /etc/fstab

/dev/wd0a / ffs rw 1 1
/dev/wd0h /home ffs rw,nodev,nosuid 1 2
/dev/wd0d /tmp ffs rw,nodev,nosuid 1 2
/dev/wd0g /usr ffs rw,nodev 1 2
/dev/wd0e /var ffs rw,nodev,nosuid 1 2

# this is the encrypted image: it's ~2GB
$ pwd
/home
$ ls -al protected 
 
-rw-r--r--  1 root  wheel  204800 Jan 13 11:26 protected

# so i do the following
sudo postfix stop
sudo /usr/local/libexec/imapd-ssl.rc stop
sudo mv /var/vmail /var/vmail.bak
sudo vnconfig -ck -v /dev/svnd0c /home/protected
sudo mount -o rw,nodev,nosuid /dev/svnd0c /var/vmail
# i have tried mounting without any options and that doesn't work either
sudo cp -pR /var/vmail.bak/* /var/vmail/

$ df -h
Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/wd0a  147M   37.1M103M27%/
/dev/wd0h 28.6G6.6G   20.6G24%/home
/dev/wd0d  295M8.0K280M 0%/tmp
/dev/wd0g  5.9G3.5G2.1G62%/usr
/dev/wd0e 1006M137M819M14%/var
/dev/svnd0c1.9G   70.0M1.7G 4%/var/vmail

sudo /usr/local/libexec/imapd-ssl.rc start
sudo postfix start

# from /var/log/maillog
Jan 13 11:23:50 served postfix/cleanup[3157]: 823AF1432E:
message-id=<[EMAIL PROTECTED]>
Jan 13 11:23:50 served postfix/smtpd[5521]: disconnect from
served.mysite.com[10.0.0.2]
Jan 13 11:23:50 served postfix/qmgr[20136]: 823AF1432E: from=<[EMAIL 
PROTECTED]>,
size=928, nrcpt=1 (queue active)
Jan 13 11:23:51 served postfix/virtual[11909]: 823AF1432E: to=<[EMAIL 
PROTECTED]>,
relay=virtual, delay=1, status=bounced (maildir delivery failed: create
 /var/vmail/jy-p/tmp/1137173030.P11909.served.mysite.com: File too large)
Jan 13 11:23:51 served postfix/cleanup[3157]: 34D9714330:
message-id=<[EMAIL PROTECTED]>
Jan 13 11:23:51 served postfix/qmgr[20136]: 34D9714330: from=<>, size=2752,
nrcpt=1 (queue active)
Jan 13 11:23:51 served postfix/qmgr[20136]: 823AF1432E: removed
Jan 13 11:23:51 served postfix/virtual[11909]: 34D9714330: to=<[EMAIL 
PROTECTED]>,
relay=virtual, delay=0, status=bounced (maildir delivery failed: create
 /var/vmail/jy-p/tmp/1137173031.P11909.served.mysite.com: File too large)
Jan 13 11:23:51 served postfix/qmgr[20136]: 34D9714330: removed

i've tried adding the following to my /etc/postfix/main.cf to no avail:

message_size_limit = 52428800
virtual_mailbox_limit = 52428800

this happens with all message deliveries that are attempted. this particular
test email is more or less empty (< 2 KB).

one thought is that i can't mount something on a /var subdirectory that's larger
than the amount of free space on the /var partition itself. i haven't tested
this yet, but i don't suspect that this is the case. if it is, please apply the
cluestick. if there is anything i've left out in terms of information that would
be useful to help fix the problem, please let me know.

if this mail doesn't bounce from the postfix-users list, please make sure to CC
me on any reply since i'm not subscribed.

any suggestions welcome. thx for reading.

kind regards,
jake

for those following -current

[Todd C. Miller]

Due to some just-committed types changes you will have to build &
install gcc before a "make build" will succeed.

New snapshots will be available in the next few days.

 - todd

CARP on firewalls connected to ISP and OpenBGPd

[peceka]

Hi,

i need some suggestions from you. The problem I have is decribed below:

i'm building network as it is drawn on pic http://devnet.pl/~pck/network.jpg
.

with isp1 and isp2 i have to set up BGP (i've got public AS) and i'm
thinking to use openbgpd for this.

to connect to ISP1 i have 1.1.1.4/30.   .4/30 is IP for my router, .3/30 is
for ISP1 router.
to connect to ISP2 i have 2.2.2.4/30.   .4/30 is IP for my router, .3/30 is
for ISP2 router.

for DMZ i've got public IPs /24, for example: 3.3.3.0/24.

FW3 and FW4 are exactly the same machines, they've got 4 ethernets, for
example:
e0: 1.1.1.4/30 (ISP1)
e1: 2.2.2.4/30 (ISP2)
e2: 3.3.3.1/24 (ISP3)
e3: for pfsync between FW3 and FW4

i want to set CARP on ISPs and DMZ side. is it possible? I have only one IP
for connecting to ISP, so can i set 192.168.0.1/24 and 192.168.0.2/24 on e0
and then make hostname.carp0 with ip address 1.1.1.4/30?  and something like
this on ISP2 side.

and how to compile this with openbgpd? will openbgpd work in master-slave
technology?

and second question is how can i resolve problem like this:
i've got two machines in dmz (on public ip) which do the same (ie.: web
servers):
3.3.3.40
3.3.3.41

and one of them dies, so redirect all traffic two the second machine. should
i do it with rdr rule? like:
rdr on $ext_e0 proto tcp from any to 3.3.3.40 port 80 -> 3.3.3.41 port 80
rdr on $ext_e1 proto tcp from any to 3.3.3.40 port 80 -> 3.3.3.41 port 80

or something else?

thanks for any advice,
p.

Re: OpenBSD & Realtek NICs

[Gordon Ross]

>>> On 13 January 2006 at 15:20:46, in message
<[EMAIL PROTECTED]>, Nick Holland
<[EMAIL PROTECTED]> wrote:
[big snip]
>> Should I look to dump my mobos with Realtek NICs and switch to other
>> NICs (would Intel NICs be OK ?)
> 
> I think your problem has nothing to do with the brand of the NIC.
> Sounds like some other problem...  File a proper problem report.

Full dmesg, you mean ?

> A lot of other things change when you turn off a NIC, for example, the
> PCI configuration changes.  Might want to try feeding PCIBIOS some
> different values through ukc>...

I tried flags settings of 0x10, and the output appeared (to me) to be OK. Lots 
of OKs, and no obvious error messages.

I also tried 0x34, but nothing obvious appeared. If feel I should, I can post 
the full output from these boots.

Problems with unsupported hardware

[Abel Talaverón Estevez]

Hi all,

I'd like to know if someone knows about a not standard driver for the ethernet 
cards: Marvell Yukon 8053. 

I'm running OpenBSD 3.7 and my dmesg shows:

skc0 at pci1 dev 0 function 0 "Marvell Yukon 8053" rev 0x19: irq 12
skc0: bad VPD resource id: expected 82 got 0
skc0: unknown media type: 0x31
skc1: ... (similar lines) 

Many thanks!

-- 
Abel Talaversn Estevez
Ingeniero Superior de Telecomunicaciones
Analista de Proyectos

OpenWired
Caballero 87 - Bajos
08029 - Barcelona
Tel. 93 495 0990
Fax. 93 419 4591

Openwired
Alejandro Villegas,29
28043 - MADRID - ESPAQA
Telifono: 91 300 51 09
Fax:  91 300 28 13
http://www.openwired.com

Re: OpenBSD & Realtek NICs

[Nico Meijer]

Hi Gordon,

> Should I look to dump my mobos with Realtek NICs and switch to other
> NICs (would Intel NICs be OK ?)

Look in the archives, Nick's advice seems as current as in 2001. The same
seems to hold true for RT's gigabit NICs, but I haven't used those myself.

I've been replacing both my RealTek and 3com (3c90x, yuck) NICs with
either Linksys EG1032 (new versions seem to be unsupported; older ones
are sk-based) and lately ZyXEL GN760-T (vge; pvalchev added support last
year) on all my systems, not only those running OpenBSD. The ZyXEL is a
cheap bastard.

I run i386 and amd64 exclusively, btw.

I have one onboard Intel adaptor on an Intel Xeon serverboard. It hasn't
been in operation long enough for me to say anything useful yet. Hasn't
crashed. ;-)

(em0 at pci7 dev 4 function 0 "Intel PRO/1000MT (82541EI)" rev 0x05: irq
10, address: 00:04:23:b8:c5:02)

HTH and good luck... Nico

Re: errata 001_perl.patch

[z0mbix]

On 1/13/06, Marc Espie <[EMAIL PROTECTED]> wrote:
>
> On Fri, Jan 13, 2006 at 12:47:51AM +0059, Han Boetes wrote:
> > Clint M. Sand wrote:
> > > On Thu, Jan 12, 2006 at 09:38:07PM +0100, Han Boetes wrote:
> > > > I doubt you need perl at all on a box like that. You can also
> > > > consider to simply remove all the perl on that system.
> > >
> > > The pkg_* tools are perl. Even though its a firewall he may need
> > > to install/remove/maintain pkg's of some sort.
> >
> > Ever seen the contents of a package? You don't need perl for
> > maintaining that. Just a simple script can do the removing and
> > adding of packages.
> >
>
> Oh sure, and 200K of perl code say otherwise.
>
> I don't think you have a real idea what these tools do these days.
> There have been lots of small additions and changes.
>
> The devil is in the details as they say.
>
> Good luck writing correct tools without perl.
>
>
As mentioned above, you can use binpatch:

http://openbsdbinpatch.sourceforge.net/

I've had a wrap for a few months and this is the first time I've needed to
patch it, so I used binpatch on my main server to create a patch and
installed it very easily on the wrap. I also did the same with the 002_fd
patch.

Cheers z0mbix

Re: OpenBSD & Realtek NICs

[Nick Holland]

Gordon Ross wrote:
> I've recently posted a couple of questions about problems I've had
> booting OpenBSD, and so far, I haven't been able to resolve this
> problem.
> 
> After some head scratching, I think I've discovered the problem. The
> boards I'm using, LEX CV860A (
> http://www.lex.com.tw:8080/product/CV860A.htm ),  has three Realtek
> 8139 NICs on board. When only one NIC is enabled, booting is pretty
> reliable. When more than one NIC is enabled, the machine stops
> booting when probing for npx0.
> 
> After a some googling, I came across
> http://www.holland-consulting.net/tech/ocep/ which says "Realtek 8139
> based cards are hated by programmers, and loved by users" Is this
> advice still current (The page has a date of 6/7/2001)
> 

I can only answer for myself... (and I wrote the original...and the date
on it is slightly newer than that. :)

IF I have an easy alternative, I'll use it.  But I don't run from the
8139 based cards.  For low load uses on modern (i.e., five year old or
newer) HW (i.e., probably about 90% of the users in the world), they run
Pretty Good.  Before 82557 cards hit the surplus piles big-time at local
computer shows, I kept a stack of them in my van.  They solved a LOT of
problems on all OSs, because they Just Worked...whereas a lot of
big-name brands were busy trying to make sure you didn't use their
drivers on other brand cards (and screwed the driver in the process).

On OpenBSD, they work.  If you are looking for a screamer card, wrong
place.  But then, there's nothing "screamer" about the MoBo you are
looking at, either.

I think developers are starting to appreciate something about Realtek:
They are alternative OS friendly.  Go to their website, you can download
technical details, sample designs, driver code, etc.  (or at least a
couple years ago, you could).  EVERYTHING you needed to build a network
adapter and attach it to your home-brew OS.

They are low-grade adapters, sure.  HOWEVER, the drivers work Pretty
Darned Well, because the warts are all documented by the company.  Given
a choice, would I rather have a bad card with a good driver or a good
card with a "we think this is how it works, but we really aren't sure"
driver?  I'll take the good driver, thanks...  Case in point: I'd rather
have a 8139-based card in a machine than a 3c905 chip in a machine
(though I use a lot of 3c905 machines, and really, I have few problems
with them lately).

It makes me cringe a bit when I saw some of the rather unpleasant
comments about this adapter in the source code...  I can't believe that
kind of thing encourages other HW manufacturers to "open" their design.
 Realtek seems to have at least a sense of humor about it...when they
came out with their gigabit stuff, they had a sample FreeBSD driver,
which was based on the 8139 FreeBSD driver...and they left all the
unpleasant comments about the 8139 chip.

> Should I look to dump my mobos with Realtek NICs and switch to other
> NICs (would Intel NICs be OK ?)

I think your problem has nothing to do with the brand of the NIC.
Sounds like some other problem...  File a proper problem report.

A lot of other things change when you turn off a NIC, for example, the
PCI configuration changes.  Might want to try feeding PCIBIOS some
different values through ukc>...

Nick.

Re: Effecient window manager layout

[matthew . garman]

Oleg Petrov ([EMAIL PROTECTED]) dixit:
> configuring it. So my question goes to all OpenBSD hackers who
> uses some simple WM instead of huge DE-s.. Can you give me basic
> points of building simple and effective desktop layout? All
> fvwmrc-s, screenshots of your boring (or may be fancy :-)) desktop
> configurations are very welcome.

I'm not too FVWM savvy, but there are so many window managers out
there.  A good place to get a good overview of the more popular
window managers is here:

http://xwinman.org/

FVWM is great because it's fast and lightweight, but also infinitely
customizable.  The downside is that it's infinitely customizable :)

You might enjoy looking at other folks' desktop screenshots to get
an idea of what you want or what is possible.  Of the many sites
that have screenshots, this one seems to have a lot of "pretty"
ones:

http://www.lynucs.org/

You might also be interested in Fvwm-Crystal, which is basically a
complete Desktop Environment using FVWM and some other components:

http://fvwm-crystal.berlios.de/

There's tons of information out there... have fun!
Matt

-- 
Matt Garman
email at: http://raw-sewage.net/index.php?file=email

Fantastics Discounts Continue at Grutman Carpets / Descuentos Fantasticos Siguen en Grutman Alfombras

[Promotions Grutman]

Hello Friend!

You have just received a html email from Grutman Carpet promotions. This
letter contains our latest news, offerings, photographs of fantastic carpets,
and wonderful carpet care taking tips.

Please open this email in an html email compatible program to see all this
great information or click on this link to be taken to our latest promotion .
. .

http://www.grutman.com/promos/promo10202005.htm

Have a wonderful day!

Grutman Carpet Promotions


!Hola Amigo!

Usted acaba de recibir un promocisn correo electrsnico que esta visto en HTML
desde promociones de Alfombra de Grutman. Esta carta contiene nuestras zltimas
noticias, las ofretas, las fotografmas de alfombras fantasticas, y informacisn
sobre el cuidado maravilloso de alfombras.

Abra por favor este correo electrsnico en un programa compatible para ver todo
esta gran informacisn o clic en esta enlace para ver a nuestra zltima
promocisn. . .

http://www.grutman.com/promos/promo10202005esp.htm

!Tenga un dma maravilloso!

Promociones de Alfombra de Grutman

Forward email
http://ui.constantcontact.com/sa/fwtf.jsp?m=1101104663943&ea=misc%40openbsd.o
rg&a=1101182394431





This email was sent to misc@openbsd.org,
by [EMAIL PROTECTED]

Update Profile/Email Address
http://ui.constantcontact.com/d.jsp?p=oo&m=1101104663943&ea=misc%40openbsd.or
g&t=1101182394431&lang=en&reason=F

Instant removal with SafeUnsubscribe(TM)
http://ui.constantcontact.com/d.jsp?p=un&m=1101104663943&ea=misc%40openbsd.or
g&t=1101182394431&lang=en&reason=F

Privacy Policy:
http://ui.constantcontact.com/roving/CCPrivacyPolicy.jsp




Powered by
Constant Contact(R)
www.constantcontact.com




Grutman Carpets | Carretera de Mijas Km 4, | Mijas Costa | Malaga | 29650 |
Spain

Re: error on ifconfig, bssid

[Joe Snikeris]

On 1/10/06, Lucas Reddinger <[EMAIL PROTECTED]> wrote:
> hi misc,
>
> the man page for ifconfig is very concise for bssid. why isn't this correct?
>
> $ sudo ifconfig wi0 bssid "00:13:10:e8:9f:44"
> ifconfig: SIOCS80211BSSID: Invalid argument
> $
>
> thanks for your help. (more info follows)
>
> lucas

Hi Lucas,

When you set the bssid, are you setting telling the card to connect to
the AP with that bssid, or are you telling the card to use that bssid
for itself when it's acting like an access point?

I think its the former; however, I'm not sure the man pages make this clear.




>
> --
>
> $ uname -a
> OpenBSD release.wingedleopard.net 3.8 GENERIC#138 i386
> $ ifconfig wi0
> wi0: flags=8843 mtu 1500
> lladdr 00:80:c6:e3:1c:ff
> description: wifi uplink
> groups: egress
> media: IEEE802.11 autoselect (DS11)
> status: active
> ieee80211: nwid linksys 2dBm (auto)
> inet6 fe80::280:c6ff:fee3:1cff%wi0 prefixlen 64 scopeid 0x2
> inet 192.168.1.75 netmask 0xff00 broadcast 255.255.255.0
> $ dmesg
> OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005
> [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: Intel Pentium/MMX ("GenuineIntel" 586-class) 234 MHz
> cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX
> cpu0: F00F bug workaround installed
> real mem  = 100245504 (97896K)
> avail mem = 84328448 (82352K)
> using 1249 buffers containing 5115904 bytes (4996K) of memory
> mainbus0 (root)
> bios0 at mainbus0: AT/286+(63) BIOS, date 01/26/98, BIOS32 rev. 0 @ 0xfd850
> apm0 at bios0: Power Management spec V1.2
> apm0: AC on, battery charge unknown
> apm0: flags 30102 dobusy 0 doidle 1
> pcibios0 at bios0: rev 2.1 @ 0xfd6a0/0x960
> pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf60/128 (6 entries)
> pcibios0: no compatible PCI ICU found: ICU vendor 0x product 0x
> pcibios0: Warning, unable to fix up PCI interrupt routing
> pcibios0: PCI bus #0 is the last bus
> bios0: ROM list: 0xc/0x8000
> cpu0 at mainbus0
> pci0 at mainbus0 bus 0: configuration mode 1 (bios)
> pchb0 at pci0 dev 0 function 0 "SIS 5597/5598 Host" rev 0x02
> pcib0 at pci0 dev 1 function 0 "SIS 85C503 System" rev 0x01
> pciide0 at pci0 dev 1 function 1 "SIS 5513 EIDE" rev 0xd0: 5597/5598:
> DMA, channel 0 configured to compatibility, channel 1 configured to
> compatibility
> wd0 at pciide0 channel 0 drive 0: 
> wd0: 16-sector PIO, LBA, 2014MB, 4124736 sectors
> wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
> atapiscsi0 at pciide0 channel 1 drive 0
> scsibus0 at atapiscsi0: 2 targets
> cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom 
> removable
> cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
> ohci0 at pci0 dev 1 function 2 "SIS 5597/5598 USB" rev 0x10: irq 3,
> version 1.0, legacy support
> usb0 at ohci0: USB revision 1.0
> uhub0 at usb0
> uhub0: SIS OHCI root hub, rev 1.00/1.00, addr 1
> uhub0: 2 ports with 2 removable, self powered
> dc0 at pci0 dev 6 function 0 "ADMtek AN983" rev 0x11: irq 12, address
> 00:04:5a:70:cd:18
> acphy0 at dc0 phy 1: AC_UNKNOWN 10/100 PHY, rev. 0
> wi0 at pci0 dev 10 function 0 "National Datacomm NCP130 Rev A2" rev 0x01: irq 
> 9
> wi0: PRISM2 HWB3163 rev.B (0x8003), Firmware 0.3.0 (primary), 1.4.9
> (station), address 00:80:c6:e3:1c:ff
> vga1 at pci0 dev 13 function 0 "S3 Trio64V2/DX" rev 0x16
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> isa0 at pcib0
> isadma0 at isa0
> pckbc0 at isa0 port 0x60/5
> pckbd0 at pckbc0 (kbd slot)
> pckbc0: using irq 1 for kbd slot
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> pcppi0 at isa0 port 0x61
> midi0 at pcppi0: 
> spkr0 at pcppi0
> sysbeep0 at pcppi0
> lpt0 at isa0 port 0x378/4 irq 7
> npx0 at isa0 port 0xf0/16: using exception 16
> pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
> fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
> biomask ed6d netmask ff6d ttymask ffef
> pctr: 586-class performance counters and user-level cycle counter enabled
> dkcsum: wd0 matches BIOS drive 0x80
> root on wd0a
> rootdev=0x0 rrootdev=0x300 rawdev=0x302
> $

Re: Effecient window manager layout

[Florin Iamandi]

Oleg Petrov ([EMAIL PROTECTED]) dixit:
> But I can't use some good DE, like KDE or GNOME (i have too slow PC
> for it), so i decided to use fvwm  that shiped with OpenBSD by
> default. I tried to read its manual page and was impressed with
> features that fvwm provides. But I don't want to spend much time
> configuring it. So my question goes to all OpenBSD hackers who uses
> some simple WM instead of huge DE-s.. Can you give me basic points of
> building simple and effective desktop layout? All fvwmrc-s,
> screenshots of your boring (or may be fancy :-)) desktop
> configurations are very welcome.

I would start from here if I were you:
http://www.dotfiles.com/index.php3?cat_id=8

-- 
.--.
| Florin (Slippery) Iamandi|
| Reason is the first victim of emotion. -- Scytale, Dune Messiah  |

Re: rc.conf.local question

[Dave Feustel]

On Friday 13 January 2006 07:15, Hannah Schroeter wrote:
> Hello!
> 
> On Thu, Jan 12, 2006 at 09:36:14PM -0500, Dave Feustel wrote:
> >[...]
> 
> >I also am using dhcp to get an ip address from verizon when I boot up.
> 
> As long as you serve your own dhcp on different interfaces than the
> one you use dhclient on, it should be not much of a problem.

Dhcpd works now when I boot. Thanks to the emailers for the pointers.
 
> I've got a hairy setup running, though, with dhclient and dhcpd on
> the *same* interface. But I wouldn't recommend it to thin-skinned
> people. Usually, a second NIC is cheaper than the loss of time and
> perhaps even health, unless you're a warped hacker ;-)

Using sis0 for internet and sis[1-3] for local nets was my original plan.
But I think I now know how to make my pci expansion chassis work with 
OpenBSD, so unless I need a *lot* of slots, I will use separate NICs for 
internet and local nets.

BTW, I noticed last week that the 7-slot Magma pci expansion chassis 
was selling for ~$70 on EBay. It cost over $1000 new when I bought 
mine years ago.

> Or you want to have it run *now* without sacrificing the time to
> buy a second NIC... ;-)
> 
> >-- 
> >Lose, v., experience a loss, get rid of, "lose the weight"
> >Loose, adj., not tight, let go, free, "loose clothing"
> 
> I appreciate language education. Another one: "its" = "of it", "it's" =
> "it is". ;-)

If only .sig files didn't have to be so short! 
Dangling participial phrases are extremely frequent.

OpenBSD & Realtek NICs

[Gordon Ross]

I've recently posted a couple of questions about problems I've had booting 
OpenBSD, and so far, I haven't been able to resolve this problem.

After some head scratching, I think I've discovered the problem. The boards I'm 
using, LEX CV860A ( http://www.lex.com.tw:8080/product/CV860A.htm ),  has three 
Realtek 8139 NICs on board. When only one NIC is enabled, booting is pretty 
reliable. When more than one NIC is enabled, the machine stops booting when 
probing for npx0.

After a some googling, I came across 
http://www.holland-consulting.net/tech/ocep/ which says "Realtek 8139 based 
cards are hated by programmers, and loved by users" Is this advice still 
current (The page has a date of 6/7/2001)

Should I look to dump my mobos with Realtek NICs and switch to other NICs 
(would Intel NICs be OK ?)

Thanks,

GTG
-- 

Gordon Ross,
Network Manager/Rheolwr Rhydwaith
Countryside Council for Wales/Cyngor Cefn Gwlad Cymru

Re: Effecient window manager layout

[Donald Bruce Stewart]

dsacode:
> Hello, OpenBSD people!
> 
> Recently I switched to OpenBSD as my primary OS where I do all my
> hacking. (I'm absolutely amazed with development tools that comes 
> with it: gcc, gdb, emacs (from ports)). But I can't use some good
> DE, like KDE or GNOME (i have too slow PC for it), so i decided
> to use fvwm  that shiped with OpenBSD by default. I tried to
> read its manual page and was impressed with features that
> fvwm provides. But I don't want to spend much time configuring
> it. So my question goes to all OpenBSD hackers who uses some 
> simple WM instead of huge DE-s.. Can you give me basic points 
> of building simple and effective desktop layout? All fvwmrc-s, 
> screenshots of your boring (or may be fancy :-)) desktop 
> configurations are very welcome.
> 
> Thank you!
> 
> P.S.: I hadn't subscribed to this list, so please CC me.

All the good hackers I know use ion.

-- Don

Re: rc.conf.local question

[Hannah Schroeter]

Hello!

On Thu, Jan 12, 2006 at 09:36:14PM -0500, Dave Feustel wrote:
>[...]

>I also am using dhcp to get an ip address from verizon when I boot up.

As long as you serve your own dhcp on different interfaces than the
one you use dhclient on, it should be not much of a problem.

I've got a hairy setup running, though, with dhclient and dhcpd on
the *same* interface. But I wouldn't recommend it to thin-skinned
people. Usually, a second NIC is cheaper than the loss of time and
perhaps even health, unless you're a warped hacker ;-)

Or you want to have it run *now* without sacrificing the time to
buy a second NIC... ;-)

>-- 
>Lose, v., experience a loss, get rid of, "lose the weight"
>Loose, adj., not tight, let go, free, "loose clothing"

I appreciate language education. Another one: "its" = "of it", "it's" =
"it is". ;-)

Kind regards,

Hannah.

Effecient window manager layout

[Oleg Petrov]

Hello, OpenBSD people!

Recently I switched to OpenBSD as my primary OS where I do all my
hacking. (I'm absolutely amazed with development tools that comes 
with it: gcc, gdb, emacs (from ports)). But I can't use some good
DE, like KDE or GNOME (i have too slow PC for it), so i decided
to use fvwm  that shiped with OpenBSD by default. I tried to
read its manual page and was impressed with features that
fvwm provides. But I don't want to spend much time configuring
it. So my question goes to all OpenBSD hackers who uses some 
simple WM instead of huge DE-s.. Can you give me basic points 
of building simple and effective desktop layout? All fvwmrc-s, 
screenshots of your boring (or may be fancy :-)) desktop 
configurations are very welcome.

Thank you!

P.S.: I hadn't subscribed to this list, so please CC me.

Re: errata 001_perl.patch

[Marc Espie]

On Fri, Jan 13, 2006 at 12:47:51AM +0059, Han Boetes wrote:
> Clint M. Sand wrote:
> > On Thu, Jan 12, 2006 at 09:38:07PM +0100, Han Boetes wrote:
> > > I doubt you need perl at all on a box like that. You can also
> > > consider to simply remove all the perl on that system.
> >
> > The pkg_* tools are perl. Even though its a firewall he may need
> > to install/remove/maintain pkg's of some sort.
> 
> Ever seen the contents of a package? You don't need perl for
> maintaining that. Just a simple script can do the removing and
> adding of packages.
> 

Oh sure, and 200K of perl code say otherwise.

I don't think you have a real idea what these tools do these days.
There have been lots of small additions and changes.

The devil is in the details as they say.

Good luck writing correct tools without perl.

Re: ipsec.conf, win xp

[raff]

Chris Cappuccio napisaE(a):
> has anyone used ipsecctl with a win xp client yet?
> 
> if so, can you share what options worked on the openbsd and win xp side?
> 

yes, i'm using it with win xp home client and shared passwords with no
problems as described in http://openbsd.cz/~pruzicka/vpn.html

--
raff

Re: pf and 1-1 static nat

[Johan L]

John R. Shannon wrote:

On Monday 09 January 2006 03:53, you wrote:


Hi,

I'm pretty new to pf and OpenBSD which maybe explains why I'm still not
sure after reading the man pages and docs how to solve this;
I'm trying to figure out how do use rdr in combination with outgoing nat.
External interface is 213.115.246.36/29 net with a 213.115.161.0/25
alias net.
Dmz is 192.168.78.0/25 with several different www, smtp and ftp servers.
I want a smtp request to one of the ip-aliases on the ext if to be
redirected to the corresponding ip on the dmz, 213.115.161.1 port 25 ->
192.168.78.1 port 25, ok this is rdr.
At the same time I want the 192.168.78.1 smtp server to be nated to
213.115.161.1 when doing outgoing smtp connections. Eg. all servers on
the dmz should be nated to the correspoding public ip alias on the
external interface when doing outgoing connections.
Is binat the key here, or any other suggestions on how to best solve this?

Thanks

Johan Linner



You can do it either with binat or a combination of nat and rdr. Although:

tcpInit="S/SAFR"
MAIL="192.168.78.1"
MAIL_NET0="213.115.161.1"
...
binat on $NET0_IF inet from $MAIL to any -> $MAIL_NET0
...
pass in quick on $NET0_IF inet proto tcp from any to $MAIL port smtp flags 
$tcpInit keep state


is probably what you want.



Someone out there having an example of how to use nat/rdr instead of binat?
Is one method better than the other (binat vs nat/rdr) concerning
performance, number of rules you have to put in pf.conf etc?

Thanks,

Johan

Re: Disklabel on Sun V100 comes back weird after reboot

[Daniel Ouellet]

Miod Vallat wrote:

On sparc and sparc64 systems, the BSD disklabel can not describe a disk
geometry larger than 8GB, while individual disklabel entries can be
larger.

Everytime you run disklabel(8), it performs some sanity checks of the
disklabel entries against what it think is the correct drive geometry,
and since it sees a truncated geometry, it warns and will not let you
edit entries outside this 8GB area unless you tell it to use the real
drive geometry, as you did.

Fixing this has been on my list for a while, but I am not satisfied with
my attempts so far. First, we would still need to keep compatibility with
existing disklabels, if only because not everyone has a 8+GB drive in his
sun and do not need a new format disklabel; second, I still have to check
how Solaris labels 8+GB drives, to try and be compatible with it so that
it would still be possible to share a disk between Solaris and BSD.

Miod

PS: Nick, I think this is worth putting in the FAQ for the time being.


Many thanks Miod for taking the time to clarify this for me!

I am glad to finally understand why that is and more over to know that I 
have nothing to worry about.


It's been in my mind for a very long time without an answer to it and 
now I know why, but even more importantly for me, I finally understand 
the why too! (;>


Thank you!!!

Daniel

Re: Disklabel on Sun V100 comes back weird after reboot

[Miod Vallat]

On sparc and sparc64 systems, the BSD disklabel can not describe a disk
geometry larger than 8GB, while individual disklabel entries can be
larger.

Everytime you run disklabel(8), it performs some sanity checks of the
disklabel entries against what it think is the correct drive geometry,
and since it sees a truncated geometry, it warns and will not let you
edit entries outside this 8GB area unless you tell it to use the real
drive geometry, as you did.

Fixing this has been on my list for a while, but I am not satisfied with
my attempts so far. First, we would still need to keep compatibility with
existing disklabels, if only because not everyone has a 8+GB drive in his
sun and do not need a new format disklabel; second, I still have to check
how Solaris labels 8+GB drives, to try and be compatible with it so that
it would still be possible to share a disk between Solaris and BSD.

Miod

PS: Nick, I think this is worth putting in the FAQ for the time being.

RAID/SATA controller

[Gustavo Rios]

Dear gentleman,

I was wondering how stable is the ami driver for PERC 4/SC and CERC
SATA Raid controller and the performance levels those devices deliver
with OpenBSD OS.

Thanks for your time and cooperation.