Re: 3.8 bridge trouble

[Holger Glaess]

hi

i run here an similar setup with stable 3.8 on 2 dell 850 systems

i setup the bridge just with  stp on both interfaces  an decrease the 
priority of the bridge on the master system one less the the priority on 
the switch an 2 less at the slave.


i had since the first setup trouble but is gone if i diesable the 
balance feature from carp
( maybe this feature together with an bridge setup is no really 
functional or the is an bug. )


the link from the isp comes from an cisco catalyst switch with stp

please check your switch where you put the firewall together with the 
uplink from isp.


i think it is necessary that this switch speak stp.

holger


Pailloncy Jean-Gerard schrieb:


On Wed, 15 Feb 2006, Pailloncy Jean-Gerard wrote:

Second part of the test, I set up a bridgename.bridge0 file with  
the 2 nics up
with STP, and I restart the soekris. Few seconds after the end of  
the boot

(login prompt) immediate reboot of the soekris.
I stop it by, as soon as login prompt appears, to log in and put  
down the

bridge.

In fact sometimes when there is a big storm the soekris reboots too.



Is the watchdog timer (sysctl kern.watchdog) set?  I've seen Soekrises
reboot because of that when under high network load.


The reboot happens with kern.watchdog.auto=0 and with  
kern.watchdog.auto=1 !!!


Nest tr y: I setup the two nics to be in 10bt mode and not in 100bt.
The box freezes, all the segment go down.
Near nothing comes in or out, from any other serveres of the segment.
answer to ssh was with a lag of few minutes (for control-C)
I just unplug the box, and stop putting down my network.

Cordialement,
Jean-Girard Pailloncy

pthread with Linux emulation on OpenBSD/i386 3.8-release

[Bruno Carnazzi]

  Hi all,

I try to run the Linux IBM Tivoli Storage Manager v5.2.2 on
OpenBSD/i386 3.8-release, with linux emulation. I use a GENERIC
kernel. I got the same result with GENERIC.MP (it's an SMP system). No
hw pb.

The goal is not to use this system in production but to evaluate the
stability of the Linux emulation. At this time, the result is not very
usable : the client failed with core dump in a few second.

TSM logs says :
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:35:22 pthread_kill argument invalid: ESRCH
02/17/06   08:37:45 B/A Txn Consumer thread, fatal error, signal 11

I'd like to know if this is :
  * a kernel problem with linux pthread emulation
  * a redhat-base known bug
  * a dsmc (TSM client) bug (as it's closed-source, hard to determine...)

Thank you,

Bruno.

Re: Double 4-port NIC happiness

[Nick Holland]

Stefek Zaba wrote:
I've just brought 3.8-RELEASE up on an oldie-but-goody machine - ASUS 
P3B-F - into which a total of 10 NICs have been thrust. 4 are on an 
Adaptec AHA-62044, whose NICs get named sf0 .. sf3 (note that as per the 
i386 info at http://www.openbsd.org/i386.html, these are recognised by 
the GENERIC kernel but not by the one on the boot CD-ROM); 4 more are on 
a D-LINK DFE 570TX, whose NICs get named dc0 .. dc3. (That's a minor 
documentation bug in the i386 web page - it says the 570TX NICs will get 
driven by the de(4) driver, but it's the dc(4) which does the job in 
point of fact. The dc(4) and de(4) man pages get this right).


That's a whoops.  Once, that was true.  That was..uh..long ago.  Fixed.

No massive stress tests done yet, but basic ping and nc of 10MB in 
sensible barely-over-a-second time suggests basic functionality working 
well. (Actual performance for nc sending a 10MB testfile is about 0.98 
seconds on the dc ports of the 570TX, and more like 1.4 seconds on the 
sf ports on the Adaptec; both going through one otherwise unloaded 
switch to a Windows box.)


Hope that's encouraging/useful to anyone else setting up a multizone 
setup with an OpenBSD box as the spider / hydra / Fat Controller / 
piggy-in-the-middle / Network Policy Device / whatever you want to call 
it...


dmesg sent to openbsd.org's 'dmesg' address, not appended here; shout if 
you feel you must see it.


For a test, I once ... well, I'll just jump right to the punch line:


dc19 at pci7 dev 7 function 0 "DEC 21142/3" rev 0x41: irq 10, address 
00:60:f5:08:54:27
lxtphy11 at dc19 phy 1: LXT971 10/100 media interface, rev. 1


Hardest part was finding which port was which so I could install the OS 
on it. :)


Later, I found I had a six-PCI slot machine, but I never got around to 
repeating the test...   In case anyone is wondering, that was 3.6-beta, 
from Aug. 2004.


Nick.

Re: Atheros issues?

[Paulo Rodriguez]

That sounds exactly like it! Thanks, I'll have a look.

Bryan Brake schreef:

Damien Miller wrote:

I had a very similar problem... the 1 minute hang, prior to returning
results... except that my issue did work on the Internet... with a 60
second hang, before returning results.


This is almost always a DNS problem.
-d



Could this be the issue... I knew I remembered seeing it somewhere...

http://www.openbsd.org/faq/faq8.html#RevDNS

Re: Atheros issues?

[Bryan Brake]

Damien Miller wrote:

I had a very similar problem... the 1 minute hang, prior to returning
results... except that my issue did work on the Internet... with a 60
second hang, before returning results.


This is almost always a DNS problem. 


-d



Could this be the issue... I knew I remembered seeing it somewhere...

http://www.openbsd.org/faq/faq8.html#RevDNS

Re: connect2air gprs openbsd howto?

[Damien Miller]

On Thu, 16 Feb 2006, Didier Wiroth wrote:

> Hello,
> I recently got a fujitsu siemens compactflash (with pcmcia connector)
> connect2air gprs card.
>
> I've almost never used ppp and do not know how to setup it the
> ppp.conf to use the connect2air gprs card to dial a gprs connection.
>
> I would really appreciate if someone could send me his ppp.conf
> (and/or a link on how to setup gprs with openbsd) to get some base
> knowledge on how to set it up.

Typically these cards just show up as a tty device, the tricky details
lie in what settings your GPRS provider uses (AT commands and ppp 
configuration).

Try contacting your provider, or asking Google.

-d

Re: Atheros issues?

[Damien Miller]

> I had a very similar problem... the 1 minute hang, prior to returning
> results... except that my issue did work on the Internet... with a 60
> second hang, before returning results.

This is almost always a DNS problem. 

-d

Re: OpenBSD PF IP Fragment Remote Denial Of Service

[Christoph Fritz]

Am Mittwoch, 1. Februar 2006 11:33 schrieb Joachim Schipper:

> There are quite a few security lists which are likely to have
> this information.

What about a grep "OpenBSD" on these security lists and/or a grep -i 
"security" on the source-changes to filter out info?

Re: Problems with disklabel of ccd devices :: ccd1: error 22 on component 1

[eric]

On Thu, 2006-02-16 at 22:02:45 +, Stuart Henderson proclaimed...

> try having dd scribble /dev/zero over the start of the devices, or
> maybe 'g d' in disklabel -E will help somewhere.
> 

Good idea

# dd if=/dev/zero of=/dev/sd0g
# dd if=/dev/zero of=/dev/sd1g

Seems to have worked. Thanks.

Re: Sun 220R, cdrom problem

[Joshua Sandbrook]

Greetings Earthlings...

Ok I ended up putting another 220R in the rack and trying that out. Booted 
straight away, and has an earlier version of the firmware/openboot.

I think the problem was a busted/faulty scsi controller or something.. because 
booting either disk0 or cdrom never ever came up with any errors, it always 
hung. But on the other E220R, it just says 'The file just loaded does not 
appear to be executable' or some such.

So yep.

Anyhow, OpenBSD still does not boot up properly on it (stops somewhere after 
talking about rootdevices or some such ), but thats another story, and I will 
upgrade the firmware first.

Cheers, 
Josh.

Re: Problems with disklabel of ccd devices :: ccd1: error 22 on component 1

[Stuart Henderson]

On 2006/02/16 15:37, eric wrote:
> I have a problem on a Dell 2850 machine when trying to use ccd(4) devices.

try having dd scribble /dev/zero over the start of the devices, or
maybe 'g d' in disklabel -E will help somewhere.

Re: Feb 13 X snapshot

[Emilio Perea]

On Wed, Feb 15, 2006 at 03:38:32PM -0700, Peter Valchev wrote:
> The Feb 15 X snapshot should have this fixed.

The keyboard issue is fixed, but now mouse buttons don't work.

#dmesg
OpenBSD 3.9-beta (GENERIC) #602: Wed Feb 15 17:33:53 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 1500MHz ("GenuineIntel" 686-class) 1.50 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM
real mem  = 804397056 (785544K)
avail mem = 726593536 (709564K)
using 4278 buffers containing 40321024 bytes (39376K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 06/06/01, BIOS32 rev. 0 @ 0xffe90
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfbbb0/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801BA LPC" rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0xa800 0xca800/0x5800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82850 Host" rev 0x02
ppb0 at pci0 dev 1 function 0 "Intel 82850/82860 AGP" rev 0x02
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "NVIDIA Vanta" rev 0x15
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb1 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x04
pci2 at ppb1 bus 2
fxp0 at pci2 dev 8 function 0 "Intel 8255x" rev 0x05, i82558: irq 10, address 
00:90:27:86:21:9c
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 0
ahc0 at pci2 dev 10 function 0 "Adaptec AHA-2940U2 U2" rev 0x00: irq 11
scsibus0 at ahc0: 16 targets
sd0 at scsibus0 targ 0 lun 0:  SCSI2 0/direct fixed
sd0: 8683MB, 6962 cyl, 12 head, 212 sec, 512 bytes/sec, 17783240 sec total
sd1 at scsibus0 targ 2 lun 0:  SCSI3 0/direct fixed
sd1: 35003MB, 19036 cyl, 8 head, 470 sec, 512 bytes/sec, 71687370 sec total
cd0 at scsibus0 targ 4 lun 0:  SCSI2 5/cdrom removable
cd1 at scsibus0 targ 6 lun 0:  SCSI2 5/cdrom 
removable
ichpcib0 at pci0 dev 31 function 0 "Intel 82801BA LPC" rev 0x04
pciide0 at pci0 dev 31 function 1 "Intel 82801BA IDE" rev 0x04: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 38166MB, 78165360 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 ignored (disabled)
uhci0 at pci0 dev 31 function 2 "Intel 82801BA USB" rev 0x04: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
ichiic0 at pci0 dev 31 function 3 "Intel 82801BA SMBus" rev 0x04: irq 10
iic0 at ichiic0
uhci1 at pci0 dev 31 function 4 "Intel 82801BA USB" rev 0x04: irq 9
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
auich0 at pci0 dev 31 function 5 "Intel 82801BA AC97" rev 0x04: irq 10, ICH2 
AC97
ac97: codec id 0x41445360 (Analog Devices AD1885)
ac97: codec features headphone, Analog Devices Phat Stereo
audio0 at auich0
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask ef65 netmask ef65 ttymask ffe7
pctr: user-level cycle counter enabled
ahc0: target 0 using 16bit transfers
ahc0: target 0 synchronous at 20.0MHz, offset = 0xf
dkcsum: sd0 matches BIOS drive 0x80
ahc0: target 2 using 16bit transfers
ahc0: target 2 synchronous at 20.0MHz, offset = 0x3f
dkcsum: sd1 matches BIOS drive 0x82
wd0: no disk label
dkcsum: wd0 matches BIOS drive 0x81
root on sd0a
rootdev=0x400 rrootdev=0xd00 rawdev=0xd02

#/var.log/Xorg.0.log
(--) checkDevMem: using aperture driver /dev/xf86
(--) Using wscons driver in pcvt compatibility mode (version 3.32)
(WW) GARTInit: AGPIOC_INFO failed (Device not configured)

X Window System Version 6.9.0 (for OpenBSD)
Release Date: 21 December 2005
X Protocol Version 11, Revision 0, Release 6.9
Build Operating System: OpenBSD 3.9 i386 [ELF] 
Current Operating System: OpenBSD herakles.walkereng.net 3.9 GENERIC#602 i386
Build Date: 15 February 2006
Before reporting problems, check http://wiki.X.Org
to make sure that you have the latest version.
Module Loader present
Markers: (--) probed, (**) from config file, (==) default setting,
(

Re: web FAQ 15 correction?

[Moritz Grimm]

Will H. Backman wrote:

Possible correction?
http://openbsd.org/faq/faq15.html#Intro
"Invoking pkg_add(1) with the -u flag and no package name will just
examine all installed packages for updated versions. When a package has
dependencies, they are also examined for updates."

"pkg_add -u" now also does the upgrade, doesn't it?


The FAQ follows the latest release, which is still 3.8.


Moritz

Re: dhcpd and static arp

[yary]

On 2/16/06, yo2lux <[EMAIL PROTECTED]> wrote:
> I have a dhcp server with following configuration:
>
> /etc/dhcpd.conf
>
> shared-network LOCAL-NET {
>option  domain-name "my.domain";
>option  domain-name-servers 193.231.249.1;
>
>subnet 192.168.10.0 netmask 255.255.255.0 {
>option routers 192.168.10.1;
>
>range 192.168.10.32 192.168.10.127;
>}
> }
>
> host zoltan{
>  hardware ethernet 00:50:FC:9D:81:E7;
>  fixed-address 192.168.10.127;
>  option host-name "zoltan";
> }
>
> 192.168.10.127 is my desktop pc (Windows box with mac address:
> 00:50:fc:9d:81:e7). I get IP 192.168.10.127 using DHCP.

So that part is working fine. dhcpd is doing what you asked it to- it
is assigning 192.168.10.127 to a machine with mac address
00:50:fc:9d:81:e7

> The problem is, when i set a manual IP address on Windows box for
> example 192.168.10.126 the connection between gateway and Windows box work.

dhcpd only assigns addresses, it doesn't set up network filters.

> I want to allow only IP adrress 192.168.10.127 with mac address:
> 00:50:fc:9d:81:e7 to reach the gateway. I need to use a static ARP?

no, static ARP isn't for filtering either.

I'm not quite sure what you want to happen. Here's my guess:

You want to specify which MAC addresses get which IP addresses- that
much you have working.

You want only those MAC & IP addresses assigned by DHCP to work with
your gateway. If an authorized machine changes their IP address, you
want the gateway to ignore its traffic. That part, I don't know how to
do either.

If you look at pf.conf you'll see it's easy to only allow traffic for
IP addresses in a given range, but it doesn't filter by MAC address-
that's not level 3 (if I have the jargon correct) it can be filtered
on a bridge, but adding a bridge is artificial, and anyway, how would
you tell dhcpd to add/remove filters as it granted/expired licenses?
Write a program to poll dhcpd.leases every few seconds? Ugly!

And you still have a problem- what if you have two authorized
machines, and the users switch their IP addresses...

If you really want this level of security (and I'm not sure that you
really do), what you want is the "user" option of pf.conf. I haven't
tried it, serch the pf list's archives for examples.

Re: Atheros issues?

[Robert C Wittig]

Hello Paulo,

Thursday, February 16, 2006, 7:47:02 AM, you wrote:


>> - Setup: 1 machine with an atheros PCMCIA card and a PCI-PCMCIA bridge 
>> as nat gateway on OBSD3.8.
>> Nat gateway machine has 2 internal interfaces (re0, re1) and 
>> one external (ath0)  1 lovely windows machine on WinXP for games
>>
>> - At random intervals, connectivity to the Internet is lost, but 
>> pinging the internal interfaces works. There are 2 such interfaces, 
>> re0 and re1. Both can be pinged. External addresses like google can't 
>> be pinged (it hangs as if it's waiting for DNS)
>>
>> - When one tries to ssh to the OpenBSD box, authentication is 
>> requested. After successful authentication, connection seemingly hangs 
>> for about a minute or so. Then access is granted.

I had a very similar problem... the 1 minute hang, prior to returning
results... except that my issue did work on the Internet... with a 60
second hang, before returning results.

I figured out that DSL modem/router was not returning the best
possible DNS info... like it was hanging for a minute, then going to
an alternate, successful DNS server.

I fixed the problem by adding to /etc/dhclient.conf ... at the bottom
of the file...

supersede domain-name-servers xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;

...with my actual domain nameserver, in place of the x's.



-wittig http://www.robertwittig.com/
.   http://robertwittig.net/

Re: OpenBGP on firewall

[Reto Burkhalter]

Hi

I tried something similar: 2x machines (FreeBSD) with OpenBGPD,
CARP (for fail-over of the internal default gateway), PF and pfsync.

I encountered problems especially with assymetric routed traffic.
E.g. traffic coming in via router 1, going to the client/server and
going out via router 2. pf/pfsync sets up the session and replicates
states to the other machine - the connection is established.. but
I have massive problems with really transferring data (which means,
POP3 login works, small mails are downloaded, but then it interrupts).

Maybe I have mistakes in the pf.conf (I use the keep state everywhere..).
I am also not sure, if this setup is a clever idea.. anyone?

Regards,
Reto


>   I started working for a company that its production site is 
> running 2 
> PIX firewalls with no VRRP (to save cost on licensing, duh). 
> I offered 
> and they approved to replace them with 2 OpenBSD and CARP. In 
> front of 
> the FW there is a Cisco 7200 router doing BGP. I offered to 
> remove the 
> router and use OpenBGP on the OpenBSD firewalls instead, thus 
> achieving 
> failover on BGP too. But I don't know whether this is a good idea or 
> should I add 2 more OpenBSD systems specifically for BPG?
> 
> 
> TIA
> Paolo
> 
> PS - The FWs will be single CPU Dell PowerEdge 1850 systems with 
> (probably) 1GB RAM.

Double 4-port NIC happiness

[Stefek Zaba]

I've just brought 3.8-RELEASE up on an oldie-but-goody machine - ASUS P3B-F 
- into which a total of 10 NICs have been thrust. 4 are on an Adaptec 
AHA-62044, whose NICs get named sf0 .. sf3 (note that as per the i386 info 
at http://www.openbsd.org/i386.html, these are recognised by the GENERIC 
kernel but not by the one on the boot CD-ROM); 4 more are on a D-LINK DFE 
570TX, whose NICs get named dc0 .. dc3. (That's a minor documentation bug in 
the i386 web page - it says the 570TX NICs will get driven by the de(4) 
driver, but it's the dc(4) which does the job in point of fact. The dc(4) 
and de(4) man pages get this right).


No massive stress tests done yet, but basic ping and nc of 10MB in sensible 
barely-over-a-second time suggests basic functionality working well. (Actual 
performance for nc sending a 10MB testfile is about 0.98 seconds on the dc 
ports of the 570TX, and more like 1.4 seconds on the sf ports on the 
Adaptec; both going through one otherwise unloaded switch to a Windows box.)


Hope that's encouraging/useful to anyone else setting up a multizone setup 
with an OpenBSD box as the spider / hydra / Fat Controller / 
piggy-in-the-middle / Network Policy Device / whatever you want to call it...


dmesg sent to openbsd.org's 'dmesg' address, not appended here; shout if you 
feel you must see it.


Cheers, Stefek

web FAQ 15 correction?

[Will H. Backman]

Possible correction?
http://openbsd.org/faq/faq15.html#Intro
"Invoking pkg_add(1) with the -u flag and no package name will just
examine all installed packages for updated versions. When a package has
dependencies, they are also examined for updates."

"pkg_add -u" now also does the upgrade, doesn't it?

Re: dhcpd and static arp

[Rogier Krieger]

On 2/16/06, yo2lux <[EMAIL PROTECTED]> wrote:
> arp -s 192.168.10.127 00:50:fc:9d:81:e7 permanent

With this command, you're only creating an ARP entry, not a filter of some sort.


> [...] but nothing happen, my network connection between gateway
> work with all internal IP.

This behaviour isn't surprising: in fact, that's what the system is
supposed to do. Apart from the static entry you created, it
dynamically learns other MAC/IP combinations.


> Any idea what need to do?

Although I admit you could devise an automated procedure to register
MAC addresses, you may want to look at authpf(8). With authpf, you can
dynamically limit access based upon credentials (a login over ssh)
that are less trivial to spoof (MAC addresses). For example, replacing
faulty NICs will save you another administrative step.

If you're relying on MAC addresses for security purposes, I recommend
you save yourself the trouble and go with another means of
authentication. MAC addresses are trivial to spoof (various Windows
drivers allow you to change the MAC address for a card).

Cheers,

Rogier

--
If you don't know where you're going, any road will get you there.

OpenBGP on firewall

[Paolo Supino]

Hi

 I started working for a company that its production site is running 2 
PIX firewalls with no VRRP (to save cost on licensing, duh). I offered 
and they approved to replace them with 2 OpenBSD and CARP. In front of 
the FW there is a Cisco 7200 router doing BGP. I offered to remove the 
router and use OpenBGP on the OpenBSD firewalls instead, thus achieving 
failover on BGP too. But I don't know whether this is a good idea or 
should I add 2 more OpenBSD systems specifically for BPG?



TIA
Paolo

PS - The FWs will be single CPU Dell PowerEdge 1850 systems with 
(probably) 1GB RAM.

Re: location of krb5.conf

[Bob Beck]

/etc/kerberosV/krb5.conf is correct - those other locations
are erroneous. I'll get them fixed. thanks.

-Bob


* Antoine Jacoutot <[EMAIL PROTECTED]> [2006-02-16 09:11]:
> Hi.
> 
> Under OpenBSD, the Kerberos documentation sometimes refer to the config file 
> as
> /etc/krb5.conf or /etc/kerberosV/krb5.conf. Are both locations ok or is it an
> error ?
> 
> For info, /etc/krb5.conf is mentioned in:
> krb5.conf(5)
> kinit(1)
> heimdal.info
> 
> I've always used /etc/kerberosV/krb5.conf, but I was curious why there was no
> "standard" location defined in the docs.
> 
> Thanks!
> 
> -- 
> Antoine
> 

-- 
| | | The ASCII Fork Campaign
 \|/   against gratuitous use of threads.
  |

Re: location of krb5.conf

[eric]

On Thu, 2006-02-16 at 17:01:03 +0100, Antoine Jacoutot proclaimed...

> Under OpenBSD, the Kerberos documentation sometimes refer to the config
> file as /etc/krb5.conf or /etc/kerberosV/krb5.conf. Are both locations ok
> or is it an error ?

/etc/kerberosV/krb5.conf

Re: ami0: timeout ccb 33

[Bob Beck]

Theirry, I have had this once on about 15 ami's. 

in my case it repeased itself on reboot, and I simply assumed the
card was bad - I pulled it, put another one in, and it worked like a
champ again - send the "dead" one back to dell with "It's busticated"
and they sent me a new one. 

-Bob


* Thierry Lacoste <[EMAIL PROTECTED]> [2006-02-15 12:53]:
> This week-end my web server running 3.8 on a Dell
> PowerEdge 1800 went belly up.
> 
> It was frozen but was responding to ping requests.
> I had only this message on the console:
> "ami0: timeout ccb 33"
> I had to restart it the hard way.
> Nothing in the logs.
> 
> The machine has 3 SCSI disks factory configured in RAID5.
> It is a generic install with safte disabled.
> Below is the beginning of my dmesg.
> 
> Any help to track down the problem would be appreciated.
> 
> Regards,
> Thierry.
> 
> OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005
> [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: Intel(R) Xeon(TM) CPU 3.00GHz ("GenuineIntel" 686-class) 3 GHz
> cpu0: 
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,CNXT-ID
> real mem  = 1073065984 (1047916K)
> avail mem = 972541952 (949748K)
> using 4278 buffers containing 53755904 bytes (52496K) of memory
> mainbus0 (root)
> bios0 at mainbus0: AT/286+(00) BIOS, date 09/21/05, BIOS32 rev. 0 @ 0xffe90
> pcibios0 at bios0: rev 2.1 @ 0xf/0x1
> pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfbb80/288 (16 entries)
> pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801EB/ER LPC" rev 0x00)
> pcibios0: PCI bus #6 is the last bus
> bios0: ROM list: 0xc/0xb000! 0xcb000/0x1000 0xcc000/0x800 0xcc800/0x1000 
> 0xcd800/0x2600 0xec000/0x4000!
> cpu0 at mainbus0
> pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
> pchb0 at pci0 dev 0 function 0 "Intel E7710 SMCH" rev 0x09
> ppb0 at pci0 dev 2 function 0 "Intel E7710 MCH PCIE" rev 0x09
> pci1 at ppb0 bus 1
> ppb1 at pci1 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09
> pci2 at ppb1 bus 2
> mpt0 at pci2 dev 4 function 0 "Symbios Logic 53c1030" rev 0x08: irq 5
> mpt0: sending FW Upload request to IOC (size: 36, img size: 40048)
> mpt0: IM support: 0
> scsibus0 at mpt0: 16 targets
> ami0 at pci2 dev 5 function 0 "Symbios Logic MegaRAID" rev 0x01: irq 11 Dell 
> 520/64b/lhc
> ami0: FW 351S, BIOS v1.10, 64MB RAM
> ami0: 1 channels, 0 FC loops, 1 logical drives
> scsibus1 at ami0: 40 targets
> sd0 at scsibus1 targ 0 lun 0:  SCSI2 0/direct fixed
> sd0: 139760MB, 17816 cyl, 255 head, 63 sec, 512 bytes/sec, 286228480 sec total
> scsibus2 at ami0: 16 targets
> 

-- 
| | | The ASCII Fork Campaign
 \|/   against gratuitous use of threads.
  |

Re: "iwlist scan" equivalent command under OpenBSD

[Ray Lai]

On Thu, Feb 16, 2006 at 05:17:30PM +0100, Ramiro Aceves wrote:
> Hi OpenBSD fans.
> 
> I have been googling around and have not been able to solve this
> question. ?How can one discover what wireless networks are available
> under OpenBSD?
> I am used to the "iwlist scan eth0" under Linux, and I hate to halt
> OpenBSD and boot Linux only to discover the networks, then come back
> and start OpenBSD again to continue the configuration. What is the
> OpenBSD equivalent to Linux "iwlist"?
> 
> Anyway, my Intel 2200 card is recogniced very well under OpenBSD with
> "iwi" driver.
> 
> Thank you very much in advance.

I usually use the kismet package, but I think you can do ``ifconfig -M''
as well.

-Ray-

Re: "iwlist scan" equivalent command under OpenBSD

[Nikolai N. Fetissov]

On Thu, February 16, 2006 11:17 am, Ramiro Aceves wrote:
> Hi OpenBSD fans.
>
> I have been googling around and have not been able to solve this
> question. ?How can one discover what wireless networks are available
> under OpenBSD?
> I am used to the "iwlist scan eth0" under Linux, and I hate to halt
> OpenBSD and boot Linux only to discover the networks, then come back
> and start OpenBSD again to continue the configuration. What is the
> OpenBSD equivalent to Linux "iwlist"?
>
> Anyway, my Intel 2200 card is recogniced very well under OpenBSD with
> "iwi" driver.
>
> Thank you very much in advance.
>
> Ramiro.
>
>
ifconfig -M

see ifconfig(8)
-- 
 nikolai

"iwlist scan" equivalent command under OpenBSD

[Ramiro Aceves]

Hi OpenBSD fans.

I have been googling around and have not been able to solve this
question. ?How can one discover what wireless networks are available
under OpenBSD?
I am used to the "iwlist scan eth0" under Linux, and I hate to halt
OpenBSD and boot Linux only to discover the networks, then come back
and start OpenBSD again to continue the configuration. What is the
OpenBSD equivalent to Linux "iwlist"?

Anyway, my Intel 2200 card is recogniced very well under OpenBSD with
"iwi" driver.

Thank you very much in advance.

Ramiro.

Re: network distributed storage with windows?

[Shane J Pearson]

On 2006.02.17, at 1:37 AM, Shane J Pearson wrote:


I use this marker in my sig and newline manually in Apple Mail because
I haven't found out how to make Apple Mail wrap at 72.


For any OSX Mail and OpenBSD users who I might have led astray here,  
forget I said this. Someone pointed out to me off list that OSX Mail  
supports x-flow and thus manually wrapping is not needed.



Shane

location of krb5.conf

[Antoine Jacoutot]

Hi.

Under OpenBSD, the Kerberos documentation sometimes refer to the config file as
/etc/krb5.conf or /etc/kerberosV/krb5.conf. Are both locations ok or is it an
error ?

For info, /etc/krb5.conf is mentioned in:
krb5.conf(5)
kinit(1)
heimdal.info

I've always used /etc/kerberosV/krb5.conf, but I was curious why there was no
"standard" location defined in the docs.

Thanks!

-- 
Antoine

Re: mergemaster

[Antoine Jacoutot]

Selon Christian Weisgerber <[EMAIL PROTECTED]>:
> I've shelved this for 3.9 since I haven't gotten around to evaluating
> mergeslave yet.

Great, thanks. I'm happy this was not a rejected idea :-)

-- 
Antoine

Re: mergemaster

[Christian Weisgerber]

Antoine Jacoutot <[EMAIL PROTECTED]> wrote:

> Any news about the possible inclusion of mergemaster/mergeslave into the base
> system ?

I've shelved this for 3.9 since I haven't gotten around to evaluating
mergeslave yet.

-- 
Christian "naddy" Weisgerber  [EMAIL PROTECTED]

Re: network distributed storage with windows?

[Shane J Pearson]

Hi,

On 2006.02.16, at 6:58 PM, A Rossi wrote:


My apologies to those of you who use console-based mail clients. I'm
still trying to figure out how to get Thunderbird to wrap my text  
at 72

characters. Yes, I know about the setting under Tools > Options, but
that doesn't seem to be working correctly...


I use this marker in my sig and newline manually in Apple Mail because
I haven't found out how to make Apple Mail wrap at 72.

Shane J Pearsonshanejp netspace net au   ->|

Re: OpenBSD for a desktop environment ?

[Bruno Carnazzi]

 Hi community,

I reply to myself : wonderfull. I've setup a full KDE environment in
half-a-day. I remember some Gentoo days where I had to wait sometimes
for days for the same thing (that crashes because I was so aggressive
with gcc optimisation :)

I really enjoy to discover that OpenBSD is also excellent for desktop
in a full open-source environment. I'm now totally addicted ! :)

Also, I think OpenBSD is seen as a
hardcore-security-os-that-wont-run-anything-because-its-a-security-hole,
which is FALSE : YOU CAN *EASILY* USE OPENBSD FOR SOMETHING ELSE THAN
A ROUTER AND THAT MUST BE KNOWN :)

The pure-monolitic kernel is really wonderfull : no dumb module to
load that you forget to compile, auto-probing, no user-land craps
(pcmcia-cs)...

For me, OpenBSD is one of the best open-source spirit incarnation : if
something does really not work on OpenBSD, it's not the good way.

Thanks to the developpers to make it possible.

Best regards,

Bruno.

Note : Recently, NetBSD-current support wpa_supplicant. I try to use
it with OpenBSD... See
http://mail-index.netbsd.org/current-users/2005/10/01/0014.html

2006/2/14, Bruno Carnazzi <[EMAIL PROTECTED]>:
>   Hi all,
>
> I'd like to know if someone tried to build a desktop environment on
> OpenBSD/i386. I think to rich desktop like Gnome or KDE. Is it hard ?
> What's your feedback ?
>
> Best regards,
>
> Bruno.

Re: dhclient generate resolv.conf somewhere else ?

[Bernd Schoeller]

On Thu, Feb 16, 2006 at 10:49:39AM +, Alec Berryman wrote:
> Bernd Schoeller on 2006-02-16 10:22:00 +0100:
> 
> > If I use supersede (in dhclient.conf) or dhclient.conf.tail, this work
> > fine, but the information gathered by dhclient is lost.
> 
> You want 'prepend'.

Nope, also prepend messes with my existing resolv.conf file, instead
of storing the received DNS information in a new file.

Just for the logs, and as I have found no 'easy/predefined' way of
doing it, I have created a copy of /sbin/dhclient-script to
/sbin/dhclient-script.pdnsd and changed the following function:

--
add_new_resolv_conf() {
# XXX Old code did not create/update resolv.conf unless both
# $new_domain_name and $new_domain_name_servers were provided.  PR
# #3135 reported some ISPs only provide $new_domain_name_servers and
# thus broke the script. This code creates the resolv.conf if either
# are provided.

RESOLV_CONF_NAME=/etc/resolv.conf.wan

rm -f /etc/resolv.conf.std

if [ -n "$new_domain_name" ]; then
echo "search $new_domain_name" >>/etc/resolv.conf.std
fi

if [ -n "$new_domain_name_servers" ]; then
for nameserver in $new_domain_name_servers; do
echo "nameserver $nameserver" >>/etc/resolv.conf.std
done
fi

if [ -f /etc/resolv.conf.std ]; then
if [ -f /etc/resolv.conf.tail ]; then
cat /etc/resolv.conf.tail >>/etc/resolv.conf.std
fi

# In case (e.g. during OpenBSD installs) /etc/resolv.conf
# is a symbolic link, take care to preserve the link and write
# the new data in the correct location.

if [ -f $RESOLV_CONF_NAME ]; then
cat $RESOLV_CONF_NAME > /etc/resolv.conf.save
fi
cat /etc/resolv.conf.std > $RESOLV_CONF_NAME
rm -f /etc/resolv.conf.std

# Try to ensure correct ownership and permissions.
chown -RL root:wheel $RESOLV_CONF_NAME
chmod -RL 644 $RESOLV_CONF_NAME

return 0
fi

return 1
}
--

This will store the DNS resolv.conf configuration in
/etc/resolv.conf.wan and won't mess the preinstalled resolv.conf
file. 

In dhclient.conf, I have added the following entry:

script "/sbin/dhclient-script.pdnsd";

The server section in pdnsd.conf now looks like the following:

server {
label= "dialup";
file = "/etc/resolv.conf.wan"; 
proxy_only=on;
timeout=4;
uptest=if;
interface = sis0;
interval=10;
purge_cache=off;
preset=off;
}

Thanks for the hints,
Bernd

Re: Atheros issues?

[Paulo Rodriguez]

Some additional info. this line showed up under /var/log/daemon:

Feb 16 14:17:56 bauer dhclient[7009]: buf_read (connection closed): No 
such file or directory

Feb 16 14:17:56 bauer dhclient[7009]: exiting.

dhclient is indeed dead.

I would expect dhclient to stop working if the interface it's supposed 
to work on would be brought down, which it does. The error message is 
different though:


Feb 16 14:43:47 bauer dhclient[5194]: buf_read (connection closed): 
Undefined error: 0

Feb 16 14:43:47 bauer dhclient[5194]: exiting.

So I would assume that on the first example, something messed with the 
external interface, which shows in dhclient exiting.

Any ideas?

Thx,

P

Paulo Rodriguez schreef:

Good afternoon gentlemen.

Just curious if someone had the following issue:

- Setup: 1 machine with an atheros PCMCIA card and a PCI-PCMCIA bridge 
as nat gateway on OBSD3.8.
Nat gateway machine has 2 internal interfaces (re0, re1) and 
one external (ath0)  1 lovely windows machine on WinXP for games


- At random intervals, connectivity to the Internet is lost, but 
pinging the internal interfaces works. There are 2 such interfaces, 
re0 and re1. Both can be pinged. External addresses like google can't 
be pinged (it hangs as if it's waiting for DNS)


- When one tries to ssh to the OpenBSD box, authentication is 
requested. After successful authentication, connection seemingly hangs 
for about a minute or so. Then access is granted.


- Pinging google from the nat gateway does not work at this point in 
time, the behaviour described above takes place (long wait, followed 
by actitivy).


- Doing "ifconfig ath0 down" followed by "ifconfig ath0 up" fixes the 
issue, till the next time it happens (this is usually days or weeks).


Any ideas?

Thx,

P

Atheros issues?

[Paulo Rodriguez]

Good afternoon gentlemen.

Just curious if someone had the following issue:

- Setup: 1 machine with an atheros PCMCIA card and a PCI-PCMCIA bridge 
as nat gateway on OBSD3.8.
Nat gateway machine has 2 internal interfaces (re0, re1) and 
one external (ath0)  
1 lovely windows machine on WinXP for games


- At random intervals, connectivity to the Internet is lost, but pinging 
the internal interfaces works. There are 2 such interfaces, re0 and re1. 
Both can be pinged. External addresses like google can't be pinged (it 
hangs as if it's waiting for DNS)


- When one tries to ssh to the OpenBSD box, authentication is requested. 
After successful authentication, connection seemingly hangs for about a 
minute or so. Then access is granted.


- Pinging google from the nat gateway does not work at this point in 
time, the behaviour described above takes place (long wait, followed by 
actitivy).


- Doing "ifconfig ath0 down" followed by "ifconfig ath0 up" fixes the 
issue, till the next time it happens (this is usually days or weeks).


Any ideas?

Thx,

P

Re: error installing python 2.3 from OpenBSD 3.8 ports

[Siju George]

On 2/16/06, steven mestdagh <[EMAIL PROTECTED]> wrote:
> On Thu, Feb 16, 2006 at 12:43:15PM +0530, Siju George wrote:
> > Hi all,
> >
> > I was trying to install Python 2.3 from OpenBSD 3.8 ports for
> >
> > http://www.jackal-net.at/tiki-read_article.php?articleId=1
> >
> > The install did not succeed and I got an error message.
> > Could someone please help me troubleshoot it?
> >
> > The error messagr is shown below
> >
> >
> >
> > # cd ports/lang/python/2.3/
> > # make install
> > ===>  Checking files for python-2.3.5p2
> > >> Python-2.3.5.tgz doesn't seem to exist on this system.
> > >> Attempting to fetch /usr/ports/distfiles/Python-2.3.5.tgz from 
> > >> ftp://ftp.pyth
> > on.org/pub/python/2.3.5/.
> > ftp: connect: Connection refused
> > ftp: Can't connect or login to host `ftp.python.org'
> > >> Attempting to fetch /usr/ports/distfiles/Python-2.3.5.tgz from 
> > >> http://python.
> > mirrors.pair.com/ftp/python/2.3.5/.
> > ftp: Error retrieving file: 404 Not Found
> > >> Attempting to fetch /usr/ports/distfiles/Python-2.3.5.tgz from 
> > >> http://python.
> > mirrors.ilisys.com.au/ftp/python/2.3.5/.
> > 100% |**|  8335 KB02:31
> > >> Size matches for /usr/ports/distfiles/Python-2.3.5.tgz
> > >> Checksum OK for Python-2.3.5.tgz. (sha1)
> > ===>  python-2.3.5p2 depends on: db-4.2.52p2 - not found
> > ===>  Verifying install for db-4.2.52p2 in databases/db/v4
> > ===>  Checking files for db-4.2.52p2
> > >> db-4.2.52.tar.gz doesn't seem to exist on this system.
> > >> Attempting to fetch /usr/ports/distfiles/db-4.2.52.tar.gz from 
> > >> http://www.sle
> > epycat.com//update/snapshot/.
> > ftp: Error retrieving file: 404 Not Found
> > >> Attempting to fetch /usr/ports/distfiles/db-4.2.52.tar.gz from 
> > >> ftp://sleepyca
> > t1.inetu.net/releases/.
> > 100% |**|  3827 KB01:52
> > >> Size does not match for /usr/ports/distfiles/db-4.2.52.tar.gz
>

Thankyou so much Kenneth, Tobias, Turcu, Sizov and Steven for your inputs :-)

> unfortunately this distfile has been rerolled.
> it will be fixed in -current.
>

alright.
> is installing python from packages too easy...? see pkg_add(1).

Yes installed db and expat from packages and it is working now.

> in future please send this type of question to the ports mailing list.
>

Sure Setve, Thankyou so much for your help :-)

Kind Regards

Siju

Offres d'essai GRATUITES (duree limitee) : Tampons encreurs, cartes de visite et plus !

[Les Bonnes Affaires]

 Si vous ne visualisez pas ce message, cliquez ici

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

Cartes de visite

[IMAGE]

250 GRATUITES

[IMAGE]

Calendriers 2006 Aimantis

[IMAGE]

10 GRATUITS au lieu de 12,99€

[IMAGE]

Dipliants

[IMAGE]

25 GRATUITS au lieu de 39,99€

[IMAGE]

Itiquettes d’adresse

[IMAGE]

140 GRATUITES au lieu de 7,99€

[IMAGE]

Cartons d’invitations

[IMAGE]

10 GRATUITS au lieu de 7,99€

[IMAGE]

Vous avez dit GRATUlT ?

Nous voulons vous faire dicouvrir ce qui a dij` attiri plus de 6 millions
de personnes sur VistaPrint.Cette offre exceptionnelle vous permet de
tester nos produits. Passez commande dhs maintenant et payez les frais de
port uniquement.

Dipjchez-vous ! Ces offres expirent le 19 fivrier 2006.

[IMAGE]

Cette offre n'est valide que jusqu'au 19 fivrier 2006. Prix affichis HT.
Les frais de port et de traitement, les options de produits et photo/logo
tilichargis ne sont pas compris ` moins de n'jtre explicitement inclus
dans l'offre. L'offre de cartes de visite gratuites n'a pas de date
d'expiration pour l'instant. Offre non valide sur des commandes dij`
passies. Pour plus de ditails, consultez notre site web.



VistaPrint offre le meilleur rapport qualiti prix pour l'impression en
couleur.
VistaPrint est utilisi par plus de 6 millions de clients dans le monde.

Les produits et services dicrits dans ce message sont fournis par
VistaPrint Limited,
le leader mondial pour le graphisme et l'impression en ligne.

Conformiment ` la loi informatique et liberti du 06/01/1978 (art.27),
vous disposez d'un droit d'acchs et de rectification des donnies vous
concernant.
Si vous souhaitez modifier vos coordonnies ou si vous ne disirez plus
recevoir de messages ilectronique de la part de cet annonceur, cliquez
ici. [IMAGE]

connect2air gprs openbsd howto?

[Didier Wiroth]

Hello,
I recently got a fujitsu siemens compactflash (with pcmcia connector) 
connect2air gprs card.

I've almost never used ppp and do not know how to setup it the ppp.conf to use 
the connect2air gprs card to dial a gprs connection.

I would really appreciate if someone could send me his ppp.conf (and/or a link 
on how to setup gprs with openbsd) to get some base knowledge on how to set it 
up.

Many many thanks!
Regards
Didier

Re: dhclient generate resolv.conf somewhere else ?

[Alec Berryman]

Bernd Schoeller on 2006-02-16 10:22:00 +0100:

> If I use supersede (in dhclient.conf) or dhclient.conf.tail, this work
> fine, but the information gathered by dhclient is lost.

You want 'prepend'.

Re: dhclient generate resolv.conf somewhere else ?

[Kevin Foo]

On Thursday 16 February 2006 17:22, Bernd Schoeller wrote:
> Hello,
> 
> my Soekris receives its WAN configuration with dhclient and serves as
> a NAT router for my home LAN. 
> 
> I need to forward DNS queries from the LAN to the WAN. I use "pdnsd"
> for this and it works like a charm.
> 
> The problem that I have is: dhclient generates the DNS information
> that it receives and stores it into /etc/resolv.conf. But I would like
> to use pdnsd also for queries _on_ the router as well (nameserver
> 127.0.0.1 in resolv.conf). If I use supersede (in dhclient.conf) or
> dhclient.conf.tail, this work fine, but the information gathered by
> dhclient is lost.
> 
> Instead I would like to store the nameserver information somewhere
> else, thus change pdnsd.conf to use (for example)
> /etc/resolv.conf.wan.
> 

take a look at /etc/resolve.conf.tail

> Is there a possibility to instruct dhclient to use another file
> instead of resolv.conf? I have search in dhclient, dhclient.conf and
> the dhclient-script man page, and in the archives, but I have found no
> hint of what I should do. Is there any other way that I can get pdnsd
> working correctly with local queries redirected to pdnsd?
> 
> Thanks for any help,
> Bernd
> 
> 

-- 
Warm regards,
Kevin Foo

Key fingerprint : 4B23 FC1C E50B 9693 CCDD  2A7D A048 E909 8924 9BDD
Public key : 
http://keyserver.linux.it/pks/lookup?op=get&search=0xA048E90989249BDD
*Internet Email Confidentiality Footer 
* 

Legal Privilege & Confidentiality 
---

This email contains privileged and/or confidential information.  If you are not 
the intended recipient (or responsible for delivery of the message to such 
person) or if you have inadvertently received this email, you should destroy or 
delete this message and notify the sender by reply email accordingly. If you or 
your employer do not consent to using Internet email for messages of this kind 
please advise immediately by sending an email to the sender of this message .  
All opinions, conclusions and other information in this message that do not 
relate to the official business of Zaid Ibrahim & Co shall be understood as 
neither given nor endorsed by Zaid Ibrahim & Co. Our company accepts no 
liability for the content of this email, or for the consequences of any actions 
taken on the basis of the information provided, unless that information is 
subsequently confirmed in writing.  

Caveat 
-WARNING:
 Computer viruses can be transmitted via email, and you should check this email 
and any attachments for the presence of viruses. Zaid Ibrahim & Co accepts no 
liability for any damage caused by any virus transmitted by this email. Our 
employees are expressly required not to make defamatory statements nor infringe 
or authorise any infringement of copyright or any other legal right via any 
communications. Any such communication is contrary to our company policy and 
outside the scope of the employment of said individual. We will not be liable 
for such communication. 

Re: error installing python 2.3 from OpenBSD 3.8 ports

[steven mestdagh]

On Thu, Feb 16, 2006 at 12:43:15PM +0530, Siju George wrote:
> Hi all,
> 
> I was trying to install Python 2.3 from OpenBSD 3.8 ports for
> 
> http://www.jackal-net.at/tiki-read_article.php?articleId=1
> 
> The install did not succeed and I got an error message.
> Could someone please help me troubleshoot it?
> 
> The error messagr is shown below
> 
> 
> 
> # cd ports/lang/python/2.3/
> # make install
> ===>  Checking files for python-2.3.5p2
> >> Python-2.3.5.tgz doesn't seem to exist on this system.
> >> Attempting to fetch /usr/ports/distfiles/Python-2.3.5.tgz from 
> >> ftp://ftp.pyth
> on.org/pub/python/2.3.5/.
> ftp: connect: Connection refused
> ftp: Can't connect or login to host `ftp.python.org'
> >> Attempting to fetch /usr/ports/distfiles/Python-2.3.5.tgz from 
> >> http://python.
> mirrors.pair.com/ftp/python/2.3.5/.
> ftp: Error retrieving file: 404 Not Found
> >> Attempting to fetch /usr/ports/distfiles/Python-2.3.5.tgz from 
> >> http://python.
> mirrors.ilisys.com.au/ftp/python/2.3.5/.
> 100% |**|  8335 KB02:31
> >> Size matches for /usr/ports/distfiles/Python-2.3.5.tgz
> >> Checksum OK for Python-2.3.5.tgz. (sha1)
> ===>  python-2.3.5p2 depends on: db-4.2.52p2 - not found
> ===>  Verifying install for db-4.2.52p2 in databases/db/v4
> ===>  Checking files for db-4.2.52p2
> >> db-4.2.52.tar.gz doesn't seem to exist on this system.
> >> Attempting to fetch /usr/ports/distfiles/db-4.2.52.tar.gz from 
> >> http://www.sle
> epycat.com//update/snapshot/.
> ftp: Error retrieving file: 404 Not Found
> >> Attempting to fetch /usr/ports/distfiles/db-4.2.52.tar.gz from 
> >> ftp://sleepyca
> t1.inetu.net/releases/.
> 100% |**|  3827 KB01:52
> >> Size does not match for /usr/ports/distfiles/db-4.2.52.tar.gz

unfortunately this distfile has been rerolled.
it will be fixed in -current.

is installing python from packages too easy...? see pkg_add(1).
in future please send this type of question to the ports mailing list.

steven

Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm

Re: mergemaster

[Antoine Jacoutot]

> Christian Weisgerber wrote:
> > The questions is, what *do* people use for updating /etc?


Hi.

Any news about the possible inclusion of mergemaster/mergeslave into the base
system ?
Thanks!

-- 
Antoine

Re: ami0: timeout ccb 33

[Thierry Lacoste]

On Thursday 16 February 2006 00:41, Marco Peereboom wrote:
> It sounds like the firmware hung.  What were you doing at the time?
>
Nobody was there at the time the machine hung.
This is our production web server : it runs httpd and pure-ftpd
(pure-ftpd is only accessible locally so it's most certainly not
the culprit).

The last proof of activity comes from /var/www/logs/access_log
81.57.55.246 - - [11/Feb/2006:23:58:38 +0100] ...

AFAICS the box did not reach it's one o'clock cronjob which rsyncs
the content of /var/www to a backup server.
Well, at least it did not complete it for sure.

BTW the backup server runs 3.8 on the same hardware except
for the sizes of disks. It is in production for more than a month
and never had problems.

What can I do to prevent the problem form happening again ?
Is my hardware unsafe ?

Regards,
Thierry.

dhclient generate resolv.conf somewhere else ?

[Bernd Schoeller]

Hello,

my Soekris receives its WAN configuration with dhclient and serves as
a NAT router for my home LAN. 

I need to forward DNS queries from the LAN to the WAN. I use "pdnsd"
for this and it works like a charm.

The problem that I have is: dhclient generates the DNS information
that it receives and stores it into /etc/resolv.conf. But I would like
to use pdnsd also for queries _on_ the router as well (nameserver
127.0.0.1 in resolv.conf). If I use supersede (in dhclient.conf) or
dhclient.conf.tail, this work fine, but the information gathered by
dhclient is lost.

Instead I would like to store the nameserver information somewhere
else, thus change pdnsd.conf to use (for example)
/etc/resolv.conf.wan.

Is there a possibility to instruct dhclient to use another file
instead of resolv.conf? I have search in dhclient, dhclient.conf and
the dhclient-script man page, and in the archives, but I have found no
hint of what I should do. Is there any other way that I can get pdnsd
working correctly with local queries redirected to pdnsd?

Thanks for any help,
Bernd

Re: error installing python 2.3 from OpenBSD 3.8 ports

[Sizov Alexander]

Hi all,

> I was trying to install Python 2.3 from OpenBSD 3.8 ports for

> http://www.jackal-net.at/tiki-read_article.php?articleId=1

> The install did not succeed and I got an error message.
> Could someone please help me troubleshoot it?

> The error messagr is shown below



> # cd ports/lang/python/2.3/
> # make install
===>>  Checking files for python-2.3.5p2
>>> Python-2.3.5.tgz doesn't seem to exist on this system.
>>> Attempting to fetch /usr/ports/distfiles/Python-2.3.5.tgz from 
>>> ftp://ftp.pyth
> on.org/pub/python/2.3.5/.
> ftp: connect: Connection refused
> ftp: Can't connect or login to host `ftp.python.org'
>>> Attempting to fetch /usr/ports/distfiles/Python-2.3.5.tgz from 
>>> http://python.
> mirrors.pair.com/ftp/python/2.3.5/.
> ftp: Error retrieving file: 404 Not Found
>>> Attempting to fetch /usr/ports/distfiles/Python-2.3.5.tgz from 
>>> http://python.
> mirrors.ilisys.com.au/ftp/python/2.3.5/.
> 100% |**|  8335 KB  02:31
>>> Size matches for /usr/ports/distfiles/Python-2.3.5.tgz
>>> Checksum OK for Python-2.3.5.tgz. (sha1)
===>>  python-2.3.5p2 depends on: db-4.2.52p2 - not found
===>>  Verifying install for db-4.2.52p2 in databases/db/v4
===>>  Checking files for db-4.2.52p2
>>> db-4.2.52.tar.gz doesn't seem to exist on this system.
>>> Attempting to fetch /usr/ports/distfiles/db-4.2.52.tar.gz from 
>>> http://www.sle
> epycat.com//update/snapshot/.
> ftp: Error retrieving file: 404 Not Found
>>> Attempting to fetch /usr/ports/distfiles/db-4.2.52.tar.gz from 
>>> ftp://sleepyca
> t1.inetu.net/releases/.
> 100% |**|  3827 KB  01:52
>>> Size does not match for /usr/ports/distfiles/db-4.2.52.tar.gz
> *** Error code 1

> Stop in /usr/ports/databases/db/v4 (line 1990 of 
> /usr/ports/infrastructure/mk/bs
> d.port.mk).
> *** Error code 1

> Stop in /usr/ports/databases/db/v4 (line 1444 of 
> /usr/ports/infrastructure/mk/bs
> d.port.mk).
> *** Error code 1

> Stop in /usr/ports/databases/db/v4 (line 1633 of 
> /usr/ports/infrastructure/mk/bs
> d.port.mk).
> *** Error code 1

> Stop in /usr/ports/lang/python/2.3 (line 1334 of 
> /usr/ports/infrastructure/mk/bs
> d.port.mk).
> *** Error code 1

> Stop in /usr/ports/lang/python/2.3 (line 1633 of 
> /usr/ports/infrastructure/mk/bs
> d.port.mk).
> #

> Thankyou so much

> Kind Regards

> Siju


I have same problem with installation python from ports and source. DB
installed by hands.

-- 

 Sizov A.V mailto:[EMAIL PROTECTED]

Re: network distributed storage with windows?

[Eric Johnson]

On Wed, 15 Feb 2006 23:58:32 -0800
A Rossi <[EMAIL PROTECTED]> wrote:

> What a multitude of options I have! I'll probably end up not reporting
>  these solutions to my client, so that he'll use a more traditional 
> backup method.
> The OpenAFS solution would be nice, if I could find it in package 
> form for OpenBSD, or a port for FreeBSD, but I can find neither. Also,
>  if it weren't for some of the reasons below, it would be a decent 
> solution, except for hiding the process from the users.

Actually, AFS if real easy on OpenBSD.  It's already there on the recent
versions.  Just edit rc.conf to start it up.  You may have to create a
root level /afs directory as well.

> Having the machines auto-boot and load a hidden OS sounds like a 
> great idea... if I had the hardware to carry it out. I do not believe 
> that the motherboards support that feature. Shane also points out the 
> excellent fact that this is a little dangerous. Although, I didn't 
> mention it, I was secretly hoping for a solution that could implement
> a  sort of parity, similar to that of RAID5, where if one of the
> computers  died, the backup would still be useable. I also did not
> mention that  there was another backup solution in development, but
> these seemed  irrelevant at the time of posting.
> My client didn't really like the idea of just making a windows 
> partition and disallowing the users from accessing it with
> permissions,  because then they'd know about something... And some
> might complain  about it being "broken" - they have several "older"
> people on staff who  aren't as computer literate.

On the latest versions of windows, a partition does not have to have a
drive letter.  It can appear as a subdirectory instead.  So one could
hide a subdirectory where noone would look for it or think anything
about it.  How many people would think twice about a directory called
\windows\system32\drivers\etc\fs?  I bet that very few windows users
would ever wonder about that, much less try to see what was in the "fs"
directory and so they'd never discover they didn't have access.  And if
they didn't have access, they'd think it was like that out of the box.

> And, honestly, I did not know that windows even has daemons. I thought
>  that was a Unix concept.

On windows, they call it services with yet another programming interface
to use them.

Eric Johnson

Re: 3.8 bridge trouble

[Pailloncy Jean-Gerard]

So something like this?

 [ISP]
   |
 [SW1][SW2]
   ||
   | +--+
 [SKR]

Yes. I want something redundant, there is a loop somewhere.



I want to test the soekris as a bridge with 3 links: one to my  
provider, one to each switch.
I start the test by setting a bridge on 2 nics of the soekris  
connected to the 2 switchs. So now there is a loop between the  
switchs and the soekris.
And the first problem appears. If I ping from any computers on the  
segment to anything else I get a "storm" of thousand packet/ 
seconds until I unplug a cable from the loop.


That's because of the loop. Even if the switches cache ARP replies and
send further packets directly to their destinations, the initial  
broadcasted ARP request is going to go round and round.



So I test with/without STP, link0: no more luke.

I test with STP first, then without: same problem.
I try with link0
"Setting this flag stops all IP multicast packets from being  
forwarded by the bridge."

To prevent the initial broadcast to loop. Does not work...
It a broadcast and not a multicast, after all.

Maybe I need a rule to filter all packet from the oekris itself.

Cordialement,
Jean-Girard Pailloncy

Re: 3.8 bridge trouble

[Pailloncy Jean-Gerard]

On Wed, 15 Feb 2006, Pailloncy Jean-Gerard wrote:
Second part of the test, I set up a bridgename.bridge0 file with  
the 2 nics up
with STP, and I restart the soekris. Few seconds after the end of  
the boot

(login prompt) immediate reboot of the soekris.
I stop it by, as soon as login prompt appears, to log in and put  
down the

bridge.

In fact sometimes when there is a big storm the soekris reboots too.


Is the watchdog timer (sysctl kern.watchdog) set?  I've seen Soekrises
reboot because of that when under high network load.
The reboot happens with kern.watchdog.auto=0 and with  
kern.watchdog.auto=1 !!!


Nest tr y: I setup the two nics to be in 10bt mode and not in 100bt.
The box freezes, all the segment go down.
Near nothing comes in or out, from any other serveres of the segment.
answer to ssh was with a lag of few minutes (for control-C)
I just unplug the box, and stop putting down my network.

Cordialement,
Jean-Girard Pailloncy

Re: 3.8 bridge trouble

[Pailloncy Jean-Gerard]

Second part of the test, I set up a bridgename.bridge0 file with  
the 2 nics up
with STP, and I restart the soekris. Few seconds after the end of  
the boot

(login prompt) immediate reboot of the soekris.
I stop it by, as soon as login prompt appears, to log in and put  
down the

bridge.

In fact sometimes when there is a big storm the soekris reboots too.


Is the watchdog timer (sysctl kern.watchdog) set?  I've seen Soekrises
reboot because of that when under high network load.
The reboot happens with kern.watchdog.auto=0 and with  
kern.watchdog.auto=1 !!!


I try to disable the watchdog and ddb.panic=1 to fall back in ddb but  
the box reboot...


Cordialement,
Jean-Girard Pailloncy