Re: Traffic analysis on a per service basis
...on Fri, Mar 03, 2006 at 03:33:53AM +0100, Martin Schr?der wrote: On 2006-03-02 19:01:13 -0600, eric wrote: Best you'll find for reliable traffic accounting (and the most flexible) is argus http://www.qosient.com/argus/. I'd recommend that route, then using Seems to be quiet since 2004-05 and has its own license :-( The argus mailinglist ist still quite active. Alex.
Re: Backup MX server
On Thursday 02 March 2006 09:03, you wrote: Really? So when the box goes down, just let the mail bounce? Mail will not start to bounce the moment your box goes down. SMTP was designed to be reliable. How would it break spamassassin (which is what I use)? It doesn't. --- Lars Hansson
help with source-routing
hi bsd-gurus ... we are currently trying to set up an openbsd host, and have a problem with source-routing mechanisms !? Setup is as following: (all IP4s examples) hme1 - 10.50.0.10 hme0 - 217.5.23.69 hme0_alias - 217.5.23.70 default-gw is 10.50.0.1 If you want to connect to e.g. 193.44.25.2, the machine has to go there with one of it4s official IPs 217... How can we solve that problem ? I read a lot about pf and other things, but nothing I tried is working ... Is that really only possible by using pf ? Were great, someone could gimme a hint, or better, post the line for pf, if there is really no other way to do that .. !? System is OpenBSD 3.8 (GENERIC) #607: Sat Sep 10 16:03:59 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC on a Sun 220R Thanks in advance ... ...olli
Re: help with source-routing
On Fri, Mar 03, 2006 at 01:08:43PM +0100, oliver simon wrote: hi bsd-gurus ... we are currently trying to set up an openbsd host, and have a problem with source-routing mechanisms !? Setup is as following: (all IP4s examples) hme1 - 10.50.0.10 hme0 - 217.5.23.69 hme0_alias - 217.5.23.70 default-gw is 10.50.0.1 If you want to connect to e.g. 193.44.25.2, the machine has to go there with one of it4s official IPs 217... How can we solve that problem ? I read a lot about pf and other things, but nothing I tried is working ... Is that really only possible by using pf ? Were great, someone could gimme a hint, or better, post the line for pf, if there is really no other way to do that .. !? System is OpenBSD 3.8 (GENERIC) #607: Sat Sep 10 16:03:59 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC on a Sun 220R Sounds like a routing table problem - please post the output of route -n show. In particular, do you have 'default' set to go through hme0? Joachim
Re: help with source-routing
On 2006/03/03 13:08, oliver simon wrote: we are currently trying to set up an openbsd host, and have a problem with source-routing mechanisms !? PF route-to/reply-to options will ensure the packets are sent out the correct interface, then you can either setup your software to bind to the right address (which I know works since I do exactly this myself), or maybe you could use NAT (not so sure about this, experiment if you don't hear another answer). If you get stuck, post back to misc@ with some tcpdump traces and more information about the setup (maybe ifconfig -a, netstat -rn, pf.conf and any details you can provide about the app you're trying to route packets from).
Re: RedHat and Linux emulation
Ted Unangst wrote: you can use whatever libraries you like. what's the point of a more free distro when the only use for emulation is to run non-free software? or non-portable software like OpenOffice reyk
Re: RedHat and Linux emulation
by the way,what is the status of the openoffice native port? On 3/3/06, Reyk Floeter [EMAIL PROTECTED] wrote: Ted Unangst wrote: you can use whatever libraries you like. what's the point of a more free distro when the only use for emulation is to run non-free software? or non-portable software like OpenOffice reyk
Re: help with source-routing
Hi, ...on Fri, Mar 03, 2006 at 01:08:43PM +0100, oliver simon wrote: hme1 - 10.50.0.10 hme0 - 217.5.23.69 hme0_alias - 217.5.23.70 default-gw is 10.50.0.1 If you want to connect to e.g. 193.44.25.2, the machine has to go there with one of it4s official IPs 217... Are you shure that's a sane setup? Why do you want to reach the outside world through an interface on a private segment when you have official addresses on another interface? And why is there no address translation elsewhere between your private segment and wherever it connects to the Internet? How can we solve that problem ? I read a lot about pf and other things, but nothing I tried is working ... You can NAT the traffic going out through hme1, but you will have a nice split routing situation, as the traffic flowing back to you will probably come in through hme0. Not that that's a problem, it just doesn't make any sense. Alex.
Re: help with source-routing
Hi Joachim, thanks for helping ... here4s the requested ... [EMAIL PROTECTED] ~ # route -n show Routing tables Internet: DestinationGatewayFlagsRefs UseMtu Interface default10.50.0.1 UGS 0 2796 - hme1 10.32.0/24 10.50.0.2 UGS 00 - hme1 10.50.0/24 link#2 UC 00 - hme1 10.50.0.1 00:11:0a:54:89:44 UHLc00 - hme1 10.50.0.3 00:11:0a:54:89:44 UHLc00 - hme1 10.50.0.20000:0f:20:79:0d:42 UHLc02 - hme1 10.75.0.0/25 10.8.0.211 UGS 00 - hme0 81.6.70.16/31 10.50.0.1 UGS 03 - hme1 127/8 127.0.0.1 UGRS00 33192 lo0 127.0.0.1 127.0.0.1 UH 03 33192 lo0 217.5.23.128/25link#1 UC 00 - hme0 217.5.23.70127.0.0.1 UGHS05 33192 lo0 224/4 127.0.0.1 URS 00 33192 lo0 Internet6: DestinationGatewayFlags Refs UseMtu Interface ::/104 ::1UGRS 00 - lo0 ::/96 ::1UGRS 00 - lo0 Joachim Schipper wrote: On Fri, Mar 03, 2006 at 01:08:43PM +0100, oliver simon wrote: hi bsd-gurus ... we are currently trying to set up an openbsd host, and have a problem with source-routing mechanisms !? Setup is as following: (all IP4s examples) hme1 - 10.50.0.10 hme0 - 217.5.23.69 hme0_alias - 217.5.23.70 default-gw is 10.50.0.1 If you want to connect to e.g. 193.44.25.2, the machine has to go there with one of it4s official IPs 217... How can we solve that problem ? I read a lot about pf and other things, but nothing I tried is working ... Is that really only possible by using pf ? Were great, someone could gimme a hint, or better, post the line for pf, if there is really no other way to do that .. !? System is OpenBSD 3.8 (GENERIC) #607: Sat Sep 10 16:03:59 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC on a Sun 220R Sounds like a routing table problem - please post the output of route -n show. In particular, do you have 'default' set to go through hme0? Joachim
Re: help with source-routing
Hi Alex, Alexander Bochmann wrote: Hi, ...on Fri, Mar 03, 2006 at 01:08:43PM +0100, oliver simon wrote: hme1 - 10.50.0.10 hme0 - 217.5.23.69 hme0_alias - 217.5.23.70 default-gw is 10.50.0.1 If you want to connect to e.g. 193.44.25.2, the machine has to go there with one of it4s official IPs 217... Are you shure that's a sane setup? Why do you want to reach the outside world through an interface on a private segment when you have official addresses on another interface? And why is there no address translation elsewhere between your private segment and wherever it connects to the Internet? It4s a server in a DMZ, so we have one host-ip (the private one), but the machine needs to be connected from the internet (apache) and put some requests through other .. private-ip-ed Servers/Firewalls to other apaches. Machine4s default gw is a private-ip-ed firewall, but otherwise we need to connect other servers in the internet. For being routed back to the machine from the target, the request to the outer world has to be done by an official ip. How can we solve that problem ? I read a lot about pf and other things, but nothing I tried is working ... You can NAT the traffic going out through hme1, but you will have a nice split routing situation, as the traffic flowing back to you will probably come in through hme0. Not that that's a problem, it just doesn't make any sense. That are my questions .. How can we solve that ? Currently, we are using linux (which shall be replaced through openbsd), and there is no problem to do that source-routing: /sbin/ip route add 194.78.111.123/32 via 10.50.0.1 src 217.5.130.99 ...olli Alex.
Re: RedHat and Linux emulation
On Thu, Mar 02, 2006 at 11:32:58AM +0100, Hannah Schroeter wrote: | Hello! | | On Thu, Mar 02, 2006 at 09:54:35AM +0100, Ramiro Aceves wrote: | Just for curiosity, yesterday I was thinking about Linux emulation and | redhat OpenBSD packages. I would like to know if it is planned to | switch to some more free Linux distribution like Debian instead of Red | Hat to be used as the base system for Linux emulation. | | In what exact way is Debian more free than Redhat with respect to the | portions OpenBSD takes for the emulation stuff? Using another distribution (freely downloadable etc) will make it easier to update the port in case of security issues after Red Hat stopped fixing bugs in their legacy RPM's. Not a very strong point, I agree, but a point nonetheless. Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/ [demime 1.01d removed an attachment of type application/pgp-signature]
Re: help with source-routing
On Fri, Mar 03, 2006 at 02:01:22PM +0100, oliver simon wrote: Hi Alex, Alexander Bochmann wrote: Hi, ...on Fri, Mar 03, 2006 at 01:08:43PM +0100, oliver simon wrote: hme1 - 10.50.0.10 hme0 - 217.5.23.69 hme0_alias - 217.5.23.70 default-gw is 10.50.0.1 If you want to connect to e.g. 193.44.25.2, the machine has to go there with one of it4s official IPs 217... Are you shure that's a sane setup? Why do you want to reach the outside world through an interface on a private segment when you have official addresses on another interface? And why is there no address translation elsewhere between your private segment and wherever it connects to the Internet? It4s a server in a DMZ, so we have one host-ip (the private one), but the machine needs to be connected from the internet (apache) and put some requests through other .. private-ip-ed Servers/Firewalls to other apaches. Machine4s default gw is a private-ip-ed firewall, but otherwise we need to connect other servers in the internet. For being routed back to the machine from the target, the request to the outer world has to be done by an official ip. Not a very good setup, if I might say so. OpenBSD can do it, but I'd strongly suggest placing the server in a DMZ (*not* on your internal network) and using a single connection to internet from there. Anyway, use pf route-to and reply-to to override the routing table for select flows. This is a much better idea than the split routing mentioned below. How can we solve that problem ? I read a lot about pf and other things, but nothing I tried is working ... You can NAT the traffic going out through hme1, but you will have a nice split routing situation, as the traffic flowing back to you will probably come in through hme0. Not that that's a problem, it just doesn't make any sense. That are my questions .. How can we solve that ? Currently, we are using linux (which shall be replaced through openbsd), and there is no problem to do that source-routing: /sbin/ip route add 194.78.111.123/32 via 10.50.0.1 src 217.5.130.99 Source routing is evil, don't do it. No sane firewall should accept it, either. The proper solution would not change any of the information posted above, but add something like the following to pf.conf: out_if=hme1 pass on $out_if from port { http https } reply-to $out_if A slightly more complex variant can be used to let internal network servers talk via a split route to the internet. So, it's quite possible. That does not make it a good idea, though. Joachim
Re: help with source-routing
Hi again .. ;-) Joachim Schipper wrote: On Fri, Mar 03, 2006 at 02:01:22PM +0100, oliver simon wrote: Hi Alex, Alexander Bochmann wrote: Hi, ...on Fri, Mar 03, 2006 at 01:08:43PM +0100, oliver simon wrote: hme1 - 10.50.0.10 hme0 - 217.5.23.69 hme0_alias - 217.5.23.70 default-gw is 10.50.0.1 If you want to connect to e.g. 193.44.25.2, the machine has to go there with one of it4s official IPs 217... Are you shure that's a sane setup? Why do you want to reach the outside world through an interface on a private segment when you have official addresses on another interface? And why is there no address translation elsewhere between your private segment and wherever it connects to the Internet? It4s a server in a DMZ, so we have one host-ip (the private one), but the machine needs to be connected from the internet (apache) and put some requests through other .. private-ip-ed Servers/Firewalls to other apaches. Machine4s default gw is a private-ip-ed firewall, but otherwise we need to connect other servers in the internet. For being routed back to the machine from the target, the request to the outer world has to be done by an official ip. Not a very good setup, if I might say so. OpenBSD can do it, but I'd strongly suggest placing the server in a DMZ (*not* on your internal network) and using a single connection to internet from there. Internal Network is another IP-Range ... DMZ has official IPs for the services and its private ip-range for the hosts themself. DMZ: 10.50.0.0/24 + Official IPs for services Internal(!)Lan: 10.23.0.0/24 DBNet (e.g.): 10.28.0.0/24 aso ... Anyway, use pf route-to and reply-to to override the routing table for select flows. This is a much better idea than the split routing mentioned below. How can we solve that problem ? I read a lot about pf and other things, but nothing I tried is working ... You can NAT the traffic going out through hme1, but you will have a nice split routing situation, as the traffic flowing back to you will probably come in through hme0. Not that that's a problem, it just doesn't make any sense. That are my questions .. How can we solve that ? Currently, we are using linux (which shall be replaced through openbsd), and there is no problem to do that source-routing: /sbin/ip route add 194.78.111.123/32 via 10.50.0.1 src 217.5.130.99 Source routing is evil, don't do it. No sane firewall should accept it, either. Why that ? The next hop just sees that there is any IP that wants to go to whereever !? The proper solution would not change any of the information posted above, but add something like the following to pf.conf: out_if=hme1 pass on $out_if from port { http https } reply-to $out_if Thats all ? If we want that not just for http/s, its just from any ? A slightly more complex variant can be used to let internal network servers talk via a split route to the internet. So, it's quite possible. That does not make it a good idea, though. Joachim ...olli
Re: help with source-routing
Does not work ... After putting your lines in pf.conf, it just puts out a syntax error !? oliver simon wrote: Hi again .. ;-) Joachim Schipper wrote: On Fri, Mar 03, 2006 at 02:01:22PM +0100, oliver simon wrote: Hi Alex, Alexander Bochmann wrote: Hi, ...on Fri, Mar 03, 2006 at 01:08:43PM +0100, oliver simon wrote: hme1 - 10.50.0.10 hme0 - 217.5.23.69 hme0_alias - 217.5.23.70 default-gw is 10.50.0.1 If you want to connect to e.g. 193.44.25.2, the machine has to go there with one of it4s official IPs 217... Are you shure that's a sane setup? Why do you want to reach the outside world through an interface on a private segment when you have official addresses on another interface? And why is there no address translation elsewhere between your private segment and wherever it connects to the Internet? It4s a server in a DMZ, so we have one host-ip (the private one), but the machine needs to be connected from the internet (apache) and put some requests through other .. private-ip-ed Servers/Firewalls to other apaches. Machine4s default gw is a private-ip-ed firewall, but otherwise we need to connect other servers in the internet. For being routed back to the machine from the target, the request to the outer world has to be done by an official ip. Not a very good setup, if I might say so. OpenBSD can do it, but I'd strongly suggest placing the server in a DMZ (*not* on your internal network) and using a single connection to internet from there. Internal Network is another IP-Range ... DMZ has official IPs for the services and its private ip-range for the hosts themself. DMZ: 10.50.0.0/24 + Official IPs for services Internal(!)Lan: 10.23.0.0/24 DBNet (e.g.): 10.28.0.0/24 aso ... Anyway, use pf route-to and reply-to to override the routing table for select flows. This is a much better idea than the split routing mentioned below. How can we solve that problem ? I read a lot about pf and other things, but nothing I tried is working ... You can NAT the traffic going out through hme1, but you will have a nice split routing situation, as the traffic flowing back to you will probably come in through hme0. Not that that's a problem, it just doesn't make any sense. That are my questions .. How can we solve that ? Currently, we are using linux (which shall be replaced through openbsd), and there is no problem to do that source-routing: /sbin/ip route add 194.78.111.123/32 via 10.50.0.1 src 217.5.130.99 Source routing is evil, don't do it. No sane firewall should accept it, either. Why that ? The next hop just sees that there is any IP that wants to go to whereever !? The proper solution would not change any of the information posted above, but add something like the following to pf.conf: out_if=hme1 pass on $out_if from port { http https } reply-to $out_if [EMAIL PROTECTED] ~ # pfctl -f /etc/pf.conf /etc/pf.conf:37: syntax error pfctl: Syntax error in config file: pf rules not loaded [EMAIL PROTECTED] ~ # out_if=hme1 pass on $out_if from port { http https } reply-to $out_if ??? Thats all ? If we want that not just for http/s, its just from any ? A slightly more complex variant can be used to let internal network servers talk via a split route to the internet. So, it's quite possible. That does not make it a good idea, though. Joachim ...olli
Re: Traffic analysis on a per service basis
Am Donnerstag, den 02.03.2006, 12:29 -0700 schrieb Spruell, Darren-Perot: Hi, You would be well served by Netflow graphs. You can get traffic breakdowns in a very granular fashion and the right frontend will allow you to drill down in a very granular fashion. There are a couple of utils that can give you netflow capabilities, including flowd and pfflowd in the ports tree. Well, tried these and flow-tools (also in the ports tree) in conjunction with FlowViewer/FlowGrapher but that didn't work out. pfflowd runs and there is definitely something going on due to collector.pl (test collector from pfflowd-package). But if I try to use flow-capture from flow-tools, it creates its directory structure with a initial file but doesn't fill it with values. On the other hand, 'flowd -d' breaks with chdir(/nonexistent): No such file or directory though the only configurable directory seems to be the one in /etc/flowd.conf which is correct. CU David -- David Elze Tel:(+49)(0)441 - 36116410 [EMAIL PROTECTED] Fax:(+49)(0)441 - 36116419 http://www.bytemine.net/ PGP/GPG: 5F83FEA2 bytemine - Entwicklungsmanufaktur fuer innovative Loesungen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Sun Ultra 1 and Ultra 5
Hey folks, i have an sun workstation in hand and had never had a previous experience with sun hardare before. I would like redirect console to serial port. These machine are very old, and hardware documentation has been lost. It has a serial port, doesn't it? I was trying to get X working, but no lucky. Does anybody have openbsd 3.8 running on such hardware? Could you send your xorg.conf file? thanks.
Re: Traffic analysis on a per service basis
On Fri, Mar 03, 2006 at 04:28:53PM +0100, David Elze wrote: Am Donnerstag, den 02.03.2006, 12:29 -0700 schrieb Spruell, Darren-Perot: Hi, You would be well served by Netflow graphs. You can get traffic breakdowns in a very granular fashion and the right frontend will allow you to drill down in a very granular fashion. There are a couple of utils that can give you netflow capabilities, including flowd and pfflowd in the ports tree. Well, tried these and flow-tools (also in the ports tree) in conjunction with FlowViewer/FlowGrapher but that didn't work out. pfflowd runs and there is definitely something going on due to collector.pl (test collector from pfflowd-package). But if I try to use flow-capture from flow-tools, it creates its directory structure with a initial file but doesn't fill it with values. On the other hand, 'flowd -d' breaks with chdir(/nonexistent): No such file or directory though the only configurable directory seems to be the one in /etc/flowd.conf which is correct. I don't know about the rest, but a grep nonexistent /etc/passwd might prove enlightening. ;-) Joachim
Re: Traffic analysis on a per service basis
David Elze wrote: Am Donnerstag, den 02.03.2006, 12:29 -0700 schrieb Spruell, Darren-Perot: Hi, You would be well served by Netflow graphs. You can get traffic breakdowns in a very granular fashion and the right frontend will allow you to drill down in a very granular fashion. There are a couple of utils that can give you netflow capabilities, including flowd and pfflowd in the ports tree. Well, tried these and flow-tools (also in the ports tree) in conjunction with FlowViewer/FlowGrapher but that didn't work out. In case I am not misunderstanding you, you may have a look at these ones: http://www.andrew.cmu.edu/user/rdanyliw/snort/snortacid.html http://secureideas.sourceforge.net/ http://www.l0t3k.org/security/tools/ids/ It might look a bit like overkill, but perhaps these ones can be of help for you collecting services you want and to build graphs and more. Have a nice day Michael -- Michael Schmidt MIRRORS: DJGPP ftp://ftp.fh-koblenz.de/pub/DJGPP/ Ghostscript ftp://ftp.fh-koblenz.de/pub/Ghostscript/
Re: Traffic analysis on a per service basis
David Elze wrote: On the other hand, 'flowd -d' breaks with chdir(/nonexistent): No such file or directory though the only configurable directory seems to be the one in /etc/flowd.conf which is correct. looks like the home directory of the unprivileged flowd _user_. you should try 'usermod -d flowd-directory flowd-user' or even 'usermod -d /var/empty flowd-user'. i don't know the correct values for flowd, just try. reyk
Re: help with source-routing
On Fri, Mar 03, 2006 at 03:03:23PM +0100, oliver simon wrote: Hi again .. ;-) Joachim Schipper wrote: On Fri, Mar 03, 2006 at 02:01:22PM +0100, oliver simon wrote: Hi Alex, Alexander Bochmann wrote: Hi, ...on Fri, Mar 03, 2006 at 01:08:43PM +0100, oliver simon wrote: hme1 - 10.50.0.10 hme0 - 217.5.23.69 hme0_alias - 217.5.23.70 default-gw is 10.50.0.1 If you want to connect to e.g. 193.44.25.2, the machine has to go there with one of it4s official IPs 217... Are you shure that's a sane setup? Why do you want to reach the outside world through an interface on a private segment when you have official addresses on another interface? And why is there no address translation elsewhere between your private segment and wherever it connects to the Internet? It4s a server in a DMZ, so we have one host-ip (the private one), but the machine needs to be connected from the internet (apache) and put some requests through other .. private-ip-ed Servers/Firewalls to other apaches. Machine4s default gw is a private-ip-ed firewall, but otherwise we need to connect other servers in the internet. For being routed back to the machine from the target, the request to the outer world has to be done by an official ip. Not a very good setup, if I might say so. OpenBSD can do it, but I'd strongly suggest placing the server in a DMZ (*not* on your internal network) and using a single connection to internet from there. Internal Network is another IP-Range ... DMZ has official IPs for the services and its private ip-range for the hosts themself. DMZ: 10.50.0.0/24 + Official IPs for services Internal(!)Lan: 10.23.0.0/24 DBNet (e.g.): 10.28.0.0/24 Okay, that makes a little more sense. Still, it's better to let the gateway device(s) handle the weird networking stuff and let the servers just chunk out data, at least conceptually, but this at least makes some sense. Anyway, use pf route-to and reply-to to override the routing table for select flows. This is a much better idea than the split routing mentioned below. How can we solve that problem ? I read a lot about pf and other things, but nothing I tried is working ... You can NAT the traffic going out through hme1, but you will have a nice split routing situation, as the traffic flowing back to you will probably come in through hme0. Not that that's a problem, it just doesn't make any sense. That are my questions .. How can we solve that ? Currently, we are using linux (which shall be replaced through openbsd), and there is no problem to do that source-routing: /sbin/ip route add 194.78.111.123/32 via 10.50.0.1 src 217.5.130.99 Source routing is evil, don't do it. No sane firewall should accept it, Why that ? The next hop just sees that there is any IP that wants to go to whereever !? Well, it allows IP address spoofing. This is not too useful with TCP, as the handshake cannot be completed, but rather neat where UDP or ICMP is concerned, for example when (D)DoSing a machine. The proper solution would not change any of the information posted above, but add something like the following to pf.conf: out_if=hme1 pass on $out_if from port { http https } reply-to $out_if Thats all ? If we want that not just for http/s, its just from any ? Hmm, yes, but as you noted, you'll want to make that actually work. The proper rule, according to pfctl -n, on my system, is: pass out on $out_if reply-to $out_if:0 proto tcp from port { http https } Sorry, I was a bit too quick the first time round. Joachim
Re: Traffic analysis on a per service basis
On Fri, Mar 03, 2006 at 05:01:01PM +0100, Reyk Floeter wrote: David Elze wrote: On the other hand, 'flowd -d' breaks with chdir(/nonexistent): No such file or directory though the only configurable directory seems to be the one in /etc/flowd.conf which is correct. looks like the home directory of the unprivileged flowd _user_. you should try 'usermod -d flowd-directory flowd-user' or even 'usermod -d /var/empty flowd-user'. i don't know the correct values for flowd, just try. Or, probably better, force flowd to use another directory than the one from /etc/passwd. Joachim
Re: Sun Ultra 1 and Ultra 5
On 3/3/06, Gustavo Rios [EMAIL PROTECTED] wrote: Hey folks, i have an sun workstation in hand and had never had a previous experience with sun hardare before. I would like redirect console to serial port. These machine are very old, and hardware documentation has been lost. It has a serial port, doesn't it? I was trying to get X working, but no lucky. Does anybody have openbsd 3.8 running on such hardware? Could you send your xorg.conf file? I've run OpenBSD on both, however never with X so I can't help you there, sorry. But as far as getting serial console to work, all you have to do is make sure that a keyboard and monitor are NOT plugged into the back, and a null-modem cable plugged into the serial port A, and when you boot the box, it'll just work. The great thing about sun boxes is the serial support, it Just Works. Jason
Re: Traffic analysis on a per service basis
Am Freitag, den 03.03.2006, 16:58 +0100 schrieb Joachim Schipper: Hi, I don't know about the rest, but a grep nonexistent /etc/passwd might prove enlightening. ;-) Uuups, thanks a lot! CU David -- David Elze Tel:(+49)(0)441 - 36116410 [EMAIL PROTECTED] Fax:(+49)(0)441 - 36116419 http://www.bytemine.net/ PGP/GPG: 5F83FEA2 bytemine - Entwicklungsmanufaktur fuer innovative Loesungen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: RedHat and Linux emulation
On Fri, Mar 03, 2006 at 01:58:27PM +0100, Paul de Weerd wrote: Using another distribution (freely downloadable etc) will make it easier to update the port in case of security issues after Red Hat stopped fixing bugs in their legacy RPM's. Not a very strong point, I agree, but a point nonetheless. Yes, but do these more up to date userlands expect more exotic (politely phrased) kernel features that OpenBSD doesn't emulate?
Re: help with source-routing
...on Fri, Mar 03, 2006 at 03:03:23PM +0100, oliver simon wrote: Internal Network is another IP-Range ... DMZ has official IPs for the services and its private ip-range for the hosts themself. DMZ: 10.50.0.0/24 + Official IPs for services Internal(!)Lan: 10.23.0.0/24 DBNet (e.g.): 10.28.0.0/24 Usually, you would do proxying or NAT for the official service addresses on your outer gateway. Not much use having them on the DMZ network, it just adds unneccessary complexity. Alex. (Yes, I know that doesn't answer your question :) ...)
Re: Sun Ultra 1 and Ultra 5
On Fri, Mar 03, 2006 at 12:51:31PM -0300, Gustavo Rios wrote: Hey folks, i have an sun workstation in hand and had never had a previous experience with sun hardare before. I would like redirect console to serial port. These machine are very old, and hardware documentation has been lost. It has a serial port, doesn't it? already covered by someone else, though I'll put in a plug for http://www.openbsd.org/faq/faq7.html#SerCon I was trying to get X working, but no lucky. Does anybody have openbsd 3.8 running on such hardware? Could you send your xorg.conf file? Read /usr/X11R6/README on your installed system. Take the sample xorg.conf file as a starting point, BUT DON'T EXPECT IT TO WORK. Now, edit it as indicated by the rest of the README file for your particular system. You will be looking at your dmesg several times. It should be pretty straight forwardr, but you WILL NOT be able to just use the sample config. (well, I can't say that's true on everything, there may be some system where the sample config Just Works, but the U5 is not it. Not sure about the U1. Just treat the sample as a starting point, a framework where you hang your system's details). Nick.
Re: Sun Ultra 1 and Ultra 5
Try this: http://slashboot.org/openbsd/sparc64-openbsd38-xorg.conf I've had it working just fine. I now run it without X, as a server. Hope that helps, Craig Gustavo Rios wrote: Hey folks, i have an sun workstation in hand and had never had a previous experience with sun hardare before. I would like redirect console to serial port. These machine are very old, and hardware documentation has been lost. It has a serial port, doesn't it? I was trying to get X working, but no lucky. Does anybody have openbsd 3.8 running on such hardware? Could you send your xorg.conf file? thanks.
Re: help with source-routing
Still no success ... On the next firewall, tcpdump only shows the private IP-Address from the bsd-machine, trying to connect the outer world ... 17:51:38.109862 10.50.0.10.47888 83.146.78.121.ssh: S 3774377327:3774377327(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 3223610022 0 (DF) Thats, where we want to see one of the official IP-Adresses from the BSD-machine. Thats why we need that source-routing ... Maybe we have to stay with linux there, its getting much too expensive to put hours and hours of testing and trying in that project Is there no possibility to just tell that bsd-thing, to connect with a specific IP-Address, when connecting for example 193.2.4.2 ??? We just want to tell the bsd-machine, to use f.e. hme1_1 (hme1 217.3.3.3; hme1_1 217.3.3.4) when a user ON THE machine wants to ssh to 199.9.9.9, and use hme0 (10.50.0.10) for the normal traffic. We have to do that, because this machine is a stargate for us, where f.e. some developers and supporters hop to our customers networks, and the customers only wanted to open their firewalls for one specific IP. This IP(s) shall all move to that bsd-machine. We connect to the private IP on the bsd, and all other (gateway-IPs) in the dmz are private... Any help is appreciated ... Gereetings, ...olli Joachim Schipper wrote: On Fri, Mar 03, 2006 at 03:03:23PM +0100, oliver simon wrote: Hi again .. ;-) Joachim Schipper wrote: On Fri, Mar 03, 2006 at 02:01:22PM +0100, oliver simon wrote: Hi Alex, Alexander Bochmann wrote: Hi, ...on Fri, Mar 03, 2006 at 01:08:43PM +0100, oliver simon wrote: hme1 - 10.50.0.10 hme0 - 217.5.23.69 hme0_alias - 217.5.23.70 default-gw is 10.50.0.1 If you want to connect to e.g. 193.44.25.2, the machine has to go there with one of it4s official IPs 217... Are you shure that's a sane setup? Why do you want to reach the outside world through an interface on a private segment when you have official addresses on another interface? And why is there no address translation elsewhere between your private segment and wherever it connects to the Internet? It4s a server in a DMZ, so we have one host-ip (the private one), but the machine needs to be connected from the internet (apache) and put some requests through other .. private-ip-ed Servers/Firewalls to other apaches. Machine4s default gw is a private-ip-ed firewall, but otherwise we need to connect other servers in the internet. For being routed back to the machine from the target, the request to the outer world has to be done by an official ip. Not a very good setup, if I might say so. OpenBSD can do it, but I'd strongly suggest placing the server in a DMZ (*not* on your internal network) and using a single connection to internet from there. Internal Network is another IP-Range ... DMZ has official IPs for the services and its private ip-range for the hosts themself. DMZ: 10.50.0.0/24 + Official IPs for services Internal(!)Lan: 10.23.0.0/24 DBNet (e.g.): 10.28.0.0/24 Okay, that makes a little more sense. Still, it's better to let the gateway device(s) handle the weird networking stuff and let the servers just chunk out data, at least conceptually, but this at least makes some sense. Anyway, use pf route-to and reply-to to override the routing table for select flows. This is a much better idea than the split routing mentioned below. How can we solve that problem ? I read a lot about pf and other things, but nothing I tried is working ... You can NAT the traffic going out through hme1, but you will have a nice split routing situation, as the traffic flowing back to you will probably come in through hme0. Not that that's a problem, it just doesn't make any sense. That are my questions .. How can we solve that ? Currently, we are using linux (which shall be replaced through openbsd), and there is no problem to do that source-routing: /sbin/ip route add 194.78.111.123/32 via 10.50.0.1 src 217.5.130.99 Source routing is evil, don't do it. No sane firewall should accept it, Why that ? The next hop just sees that there is any IP that wants to go to whereever !? Well, it allows IP address spoofing. This is not too useful with TCP, as the handshake cannot be completed, but rather neat where UDP or ICMP is concerned, for example when (D)DoSing a machine. The proper solution would not change any of the information posted above, but add something like the following to pf.conf: out_if=hme1 pass on $out_if from port { http https } reply-to $out_if Thats all ? If we want that not just for http/s, its just from any ? Hmm, yes, but as you noted, you'll want to make that actually work. The proper rule, according to pfctl -n, on my system, is: pass out on $out_if reply-to $out_if:0 proto tcp from port { http https } Sorry, I was a bit too quick the first time round. Joachim
Re: Sun Ultra 1 and Ultra 5
Jason Crawford wrote: there, sorry. But as far as getting serial console to work, all you have to do is make sure that a keyboard and monitor are NOT plugged Actually, just the keyboard has to be unplugged. :-) -- Matthew Weigel hacker [EMAIL PROTECTED]
sun ultra 1 / ultra 5 disk layout
Here i am again with my new old sun ultra 1 boxes. When playing with i386 boxes, i used to let a initial 63 sectors for the boot procedure. So, i never used my whole disk. For sun, i don't know whether i have to let some space or may just go using from sector 0. /Thanks in advance.
Re: Sun Ultra 1 and Ultra 5
On 3/3/06, Matthew Weigel [EMAIL PROTECTED] wrote: Jason Crawford wrote: there, sorry. But as far as getting serial console to work, all you have to do is make sure that a keyboard and monitor are NOT plugged Actually, just the keyboard has to be unplugged. :-) Cool since I sold my U5 and I don't have a Sun monitor for my U1, I could never confirm whether the monitor had to be plugged in or not, but I figured better safe than sorry. Thanks for confirming. Jason
Re: Sun Ultra 1 and Ultra 5
Or, if you want to keep your keyboard plugged in: At the Sun PROM ok prompt: ok setenv input-device ttya ok setenv output-device ttya Will set your first com pport up for serial console work. Connect to that a NULL serial cable and from another machine: cu -l /dev/cua00 -s 9600 Should let you hook in. I think that's all correct, my Ultra 5 is powered down at the moment. Hope that helps, Craig Matthew Weigel wrote: Jason Crawford wrote: there, sorry. But as far as getting serial console to work, all you have to do is make sure that a keyboard and monitor are NOT plugged Actually, just the keyboard has to be unplugged. :-)
Cyrus SASL2 LDAPDB Plugin
Does anyone know if there are plans to create an individual port for the now cyrus-sasl2-ldapdb plugin, similar to the FreeBSD port; or should I redirect to @ports? thanks..
what is next? 3.10 or 4.0???
if the x.x.x versioning is followed 4.0 would mean there is a major upgrade to the OS, while 3.10 is minor updates. Just thinking about all the goodies that a 4.x OS would mean. Bryan
Re: what is next? 3.10 or 4.0???
Bryan Brake wrote: if the x.x.x versioning is followed 4.0 would mean there is a major upgrade to the OS, while 3.10 is minor updates. Just thinking about all the goodies that a 4.x OS would mean. Bryan What was it before. 2.9 to 3.0 or to 2.10??? Each release have major changes as far as I am concern.
ath and 802.11a
Hi Is anybody using 802.11a with ath? The manpage lists a/b/g as working, although g definitly doesn't work for me, only b does. Now I'm curious if anything besides b actually works before I buy an antenna for a. Or is it just my cards? If not, why isn't there a note about this in the manpage? Thanks. -- Fridtjof Busse If you want to stay dad you've got to polish your image. I think the image we need to create for you is repentant but learning. -- Calvin
Re: what is next? 3.10 or 4.0???
On Friday 03 March 2006 15:29, Bryan Brake wrote: if the x.x.x versioning is followed 4.0 would mean there is a major upgrade to the OS, while 3.10 is minor updates. Just thinking about all the goodies that a 4.x OS would mean. Bryan This was beaten to death five years ago. What happened after the 2.9 release? Using a little logic it shouldn't be too hard to figure it out... --STeve Andre'
Re: what is next? 3.10 or 4.0???
On Fri, 03 Mar 2006 12:29:46 -0800 Bryan Brake [EMAIL PROTECTED] wrote: if the x.x.x versioning is followed 4.0 would mean there is a major upgrade to the OS, while 3.10 is minor updates. Hmm, I wonder if this question was asked 5 years ago when 2.9 was the latest release... Just thinking about all the goodies that a 4.x OS would mean. Yep, the developers magically do more in the 6 months preceding 4.0 than the 6 months preceding any other release. That's definately how it works. Adam
This is an automatic e-mail
This is an automatic e-mail Hello from Barcelona, Thanks for sending your message (e-mail, accommodation form, etc.). This is to acknowledge we have received it. We'll be answering you very soon. We remind you that our office is open from monday to friday, from 9am to 7pm, and on saturdays from 9am to 2pm. We are closed on sundays and local holidays (1st and 6th of january, easter holidays, 12th June, 15th August, 11th and 24th September, 12th October, 1st November, 6 and 8th December, 25th and 26th December, 1st January). Best regards. Barcelona On Line - Esto es un email automatico de confirmacisn: Hola desde Barcelona, Gracias por vuestro mensaje (email, formulario de reserva, etc.). Les contestaremos lo antes posible. Os recordamos que nuestra oficina esta abierta de lunes a viernes de 9 a 19h y los sabados de 9 a 14h. Cerramos durante el domingo y los festivos oficiales (1 y 6 de enero, semana santa, 12 de junio, 15 de Agosto, 11 y 24 de Septiembre, 12 de Octubre, 1 de Noviembre, 6 y 8 de Diciembre, 25 y 26 de Diciembre, 1 de Enero). Saludos cordiales Barcelona On Line Servicio de Reservas / Booking Service http://www.barcelona-on-line.es/cas/reserves/index.htm Barcelona On Line, la Guia Interactiva de Barcelona http://www.barcelona-on-line.es Barcelona On Line, the city guide of Barcelona http://www.barcelona-on-line.es/eng/index.asp Barcelona On Line SL Gran V!a de les Corts Catalanes 662, 1er 1a - 08010 Barcelona - Spain Phone: 34 93 343 79 93 Fax: 34 93 317 11 55 E-mail. [EMAIL PROTECTED]
Re: ath and 802.11a
Is anybody using 802.11a with ath? The manpage lists a/b/g as working, although g definitly doesn't work for me, only b does. Now I'm curious if anything besides b actually works before I buy an antenna for a. Or is it just my cards? If not, why isn't there a note about this in the manpage? There are many different models of the ath hardware. Not everything works perfectly -- but much of it does work. I think it is a bad thing to make simplified statements like you did above. Without specific model information *taken right out of dmesg*, noone will be able to help you. And your mail joins the archive, feeding future pessimism, which it should not really do.
Re: ath and 802.11a
* Theo de Raadt [EMAIL PROTECTED]: Is anybody using 802.11a with ath? The manpage lists a/b/g as working, although g definitly doesn't work for me, only b does. Now I'm curious if anything besides b actually works before I buy an antenna for a. Or is it just my cards? If not, why isn't there a note about this in the manpage? There are many different models of the ath hardware. Not everything works perfectly -- but much of it does work. I think it is a bad thing to make simplified statements like you did above. Well, there was a thread some weeks ago that stated that 802.11g generally doesn't work with ath (in Hostap and 802.11g): no, only 11b with atheros. there is no implementation for 11g in openbsd. Or does g only not work in hostap? Without specific model information *taken right out of dmesg*, noone will be able to help you. ath0 at pci0 dev 13 function 0 Atheros AR5212 rev 0x01: irq 12 ath0: AR5212 5.9 phy 4.3 rf5112 3.6, FCC1A, address 00:0b:6b:36:00:dc That's a Wistron CM 9. Any chance of getting a working on this typ of card? -- Fridtjof Busse YAAH! DEATH TO OATMEAL! -- Calvin
Re: what is next? 3.10 or 4.0???
Yep, the developers magically do more in the 6 months preceding 4.0 than the 6 months preceding any other release. That's definately how it works. We've been holding back about 50% of our work for each of the previous 4 releases, and now we are going to throw all those very large things into what will become 4.0. It is going to be a fantastic catastrophy, exactly like what all of you .0 release people expect. Right... Get a grip.
basic routing in 192.168/16
I'm not sure which way to jump with this question which is a reflection of unskilled, inexperienced networking background. This may not even be the right way to do it. First: This is all something of a training exercise and not an important production setup. Summary: I'm attempting to add a second nic and address on a machine running current. I also run an authoratative nameserver on a separate machine not running bsd but running bind-9.3.2. So this problem may slop over into the named setup on a gentoo linux box. A simple diagram will convey more than a description: The prefix to all displayed IPs is 192.168, but be aware it is simplified ... there are more machines involved. INTERNET | (Dynamic IP) | NETGEAR (consumer grade router FVS-318) | 0.20 -- | 0.4| 0.3 | 0.5| 0.19 || || [ m1 ] [ m2 ] [ m3 ] [ m4 ] | 1.2| 1.1 | Unswitched hub | So the far right (m4) is the obsd machine and is sent copies of all connections that come to NETGEAR. All incoming on that intface is blocked and logged (0.19). Out on that int_fc is passed keeping state. In and out are passed with no restrictions on 1.1. This line in /etc/sysctl.conf is not uncommented nor is it set manually. # net.inet.ip.forwarding=1 # 1=Permit [...] I've tried to set this up all under one domain so my network would end up 192.168/16 all under `local.lan'. I'm not sure that is the best way to go but it seemed to be easier to setup bind on the other computer this way. Or I should say I lacked examples for doing it. While going net/16 is similar to the examples in `DNS and Bind 4th. ed'. /etc/hostname.* look like: /etc/hostname.rl0 /etc/hostname.xl0 192.168.0.19 255.255.0.0 192.168.1.1 255.255.0.0 /etc/mygate 192.168.0.20 So how do I keep stuff from happening like firing up `lynx www.google.com' and not being able to connect because 192.168.1.1 tries to handle it? I think I'm missing specific routing for 1.1.
Re: what is next? 3.10 or 4.0???
At 02:04 PM 3/3/2006 -0700, Theo de Raadt wrote: Yep, the developers magically do more in the 6 months preceding 4.0 than the 6 months preceding any other release. That's definately how it works. We've been holding back about 50% of our work for each of the previous 4 releases, and now we are going to throw all those very large things into what will become 4.0. It is going to be a fantastic catastrophy, exactly like what all of you .0 release people expect. Right... Get a grip. You're been saving Adaptec Promise raidctl, for 4.0, right? Lee
Re: ath and 802.11a
Seconded (as if I needed to with Theo responding :P) I have an old Atheros based cardbus adaptor that will supposedly do b+g but I know for a fact not a, check the specs of the device please and do as Theo asks... dmesg is useful. Having said that... Theo it may interest you that the man page says that 3 devices are supported and it states for each that 802.11a is supported.. (AR5210, AR5211 and AR5212).. this may just mean that the driver has moved beyond the man page but I believe OpenBSD man pages are the best and most accurate so maybe this needs some updates. -Andy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Theo de Raadt Sent: 03 March 2006 20:48 To: Fridtjof Busse Cc: misc@openbsd.org Subject: Re: ath and 802.11a Is anybody using 802.11a with ath? The manpage lists a/b/g as working, although g definitly doesn't work for me, only b does. Now I'm curious if anything besides b actually works before I buy an antenna for a. Or is it just my cards? If not, why isn't there a note about this in the manpage? There are many different models of the ath hardware. Not everything works perfectly -- but much of it does work. I think it is a bad thing to make simplified statements like you did above. Without specific model information *taken right out of dmesg*, noone will be able to help you. And your mail joins the archive, feeding future pessimism, which it should not really do.
Re: what is next? 3.10 or 4.0???
This was beaten to death five years ago. What happened after the 2.9 release? Using a little logic it shouldn't be too hard to figure it out... Plus it is in the OpenBSD efficiency model too! Typing 4.0 is shorter then typing 3.10. That's 33% more text to type. My finger would be tied each time I would have to type that. And I am not even talking about all the Linux new comer that can't see the difference between 3.7 to 3.8 for example. Now you would required them to read one more digit? That's asking to much... Plus think about all the art work, cd cover, t-shirt, etc. All would become unbalance now. Isn't it the moto is less code is better in OpenBSD. Think about what you are asking here. Put 33% more code in the next release for what And finally, all the passer for the dmesg for the 12K plus in archive would need to be rework to process one more digit. Where is the efficiency in that! Plus: OpenBSD 4.0 (GENERIC) #675: Thu Nov 1 00:00:00 MST 2006 Looks a lot better then OpenBSD 3.10 (GENERIC) #675: Thu Nov 1 00:00:00 MST 2006 Looks to much GNU to me! (: Daniel. PS: Just practicing my sarcasm a bit here.
Re: what is next? 3.10 or 4.0???
L. V. Lammert wrote: At 02:04 PM 3/3/2006 -0700, Theo de Raadt wrote: Yep, the developers magically do more in the 6 months preceding 4.0 than the 6 months preceding any other release. That's definately how it works. We've been holding back about 50% of our work for each of the previous 4 releases, and now we are going to throw all those very large things into what will become 4.0. It is going to be a fantastic catastrophy, exactly like what all of you .0 release people expect. Right... Get a grip. You're been saving Adaptec Promise raidctl, for 4.0, right? Lee Yes! along with sexd, a new daemon which will support a wide range of teledildonics devices.
Re: basic routing in 192.168/16
uh, what did you just say? I don't understand. What are you trying to do? why would you need a second name server on your local LAN? The netgear can only port forward for one. Are you trying to route between the 2 nics on the OBSD machine? Gmail b0rked your ASCII diagram. --Bryan On 3/3/06, Harry Putnam [EMAIL PROTECTED] wrote: I'm not sure which way to jump with this question which is a reflection of unskilled, inexperienced networking background. This may not even be the right way to do it. First: This is all something of a training exercise and not an important production setup. Summary: I'm attempting to add a second nic and address on a machine running current. I also run an authoratative nameserver on a separate machine not running bsd but running bind-9.3.2. So this problem may slop over into the named setup on a gentoo linux box. A simple diagram will convey more than a description: The prefix to all displayed IPs is 192.168, but be aware it is simplified ... there are more machines involved. INTERNET | (Dynamic IP) | NETGEAR (consumer grade router FVS-318) | 0.20 -- | 0.4| 0.3 | 0.5| 0.19 || || [ m1 ] [ m2 ] [ m3 ] [ m4 ] | 1.2| 1.1 | Unswitched hub | So the far right (m4) is the obsd machine and is sent copies of all connections that come to NETGEAR. All incoming on that intface is blocked and logged (0.19). Out on that int_fc is passed keeping state. In and out are passed with no restrictions on 1.1. This line in /etc/sysctl.conf is not uncommented nor is it set manually. # net.inet.ip.forwarding=1 # 1=Permit [...] I've tried to set this up all under one domain so my network would end up 192.168/16 all under `local.lan'. I'm not sure that is the best way to go but it seemed to be easier to setup bind on the other computer this way. Or I should say I lacked examples for doing it. While going net/16 is similar to the examples in `DNS and Bind 4th. ed'. /etc/hostname.* look like: /etc/hostname.rl0 /etc/hostname.xl0 192.168.0.19 255.255.0.0 192.168.1.1 255.255.0.0 /etc/mygate 192.168.0.20 So how do I keep stuff from happening like firing up `lynx www.google.com' and not being able to connect because 192.168.1.1 tries to handle it? I think I'm missing specific routing for 1.1.
Re: what is next? 3.10 or 4.0???
On Fri, Mar 03, 2006 at 12:29:46PM -0800, Bryan Brake wrote: Just thinking about all the goodies that a 4.x OS would mean. a) 4 is the first non-prime, at least according to factor(6). b) you need three bits for the number 4, so the 4.x release will bust the current two bit major version number limit. As a consequence, the whole universe will disappear in november 2006. So don't hesitate to order 3.9 CDs -- it may be your last chance. (SCNR) Ciao, Kili
Zero Risk Invitation for Realtors and Mtg People
Hi Realtors, Here is the invitation -- you cannot lose. I am giving you 50,000 FSBO leads ... OK, 50,000 leads from the whole country. Larger states have more leads, smaller states have fewer leads - logical. Here's the deal ... Order the March CD. Use the leads. Review the Monthly Marketing Tip. If you don't like it or cannot use it - whatever the reason, send it back for a full refund of the purchase price. And still keep thousands of leads. I'll even include a return label. The only risk you have is 87 cents for return postage versus a slew of leads you can use to generate business for you. It can't get much better than that. But, first, get the details at ... 5 Leads George P. Mr. Real Estate P.S. I don't believe there is a better deal available. P.P.S. No risk to you. All the risk is on me. Don't let this pass you by ... 5 Leads [IMAGE] [IMAGE] BHP Inc 7 8983 Okeechobee Blvd 7 West Palm Beach, FL 33411
Re: what is next? 3.10 or 4.0???
snip b) you need three bits for the number 4, so the 4.x release will bust the current two bit major version number limit. snip this is the best response so far. LOL! --Bryan
Re: what is next? 3.10 or 4.0???
* Bryan Brake [EMAIL PROTECTED] [2006-03-03 13:39]: if the x.x.x versioning is followed 4.0 would mean there is a major upgrade to the OS, while 3.10 is minor updates. Why would 4.0 mean that? where does it say that. Unmitigated horseshit - and OpenBSD release is an openbsd release. Just thinking about all the goodies that a 4.x OS would mean. 3.A -Bob
Re: what is next? 3.10 or 4.0???
--- Jean-So?=bastien Bour [EMAIL PROTECTED] wrote: Matthias Kilian a icrit : a) 4 is the first non-prime, at least according to factor(6). No, it is 1 :) Explanation : a prime number can only be divided by two different numbers : 1 and itself. 1 can only be divided by one number, therefore it is not prime. Wrong. You got the definition of what a prime number is wrong. A prime number is defined as a positive integer greater than one which has positive divisors 1 and itself, only. Please note that using your definition 7 is not prime because -7, -1, 1 and 7 all divide 7. I suggest at least looking into elementary number theory before making such statements again. Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: basic routing in 192.168/16
On Friday 03 March 2006 16:46, Bryan Irvine wrote: Gmail b0rked your ASCII diagram. Looks fine here when viewed with a fixed font, at least I think it does, but I'm not sure what the question is either. I also fail to see the logic in sending copies of connections to the netgear to the obsd box when instead the obsd box could replace the netgear and itself receive the connections; which was already covered in another thread. Chris
Re: what is next? 3.10 or 4.0???
Reid Nichol a icrit : --- Jean-So?=bastien Bour [EMAIL PROTECTED] wrote: Matthias Kilian a icrit : a) 4 is the first non-prime, at least according to factor(6). No, it is 1 :) Explanation : a prime number can only be divided by two different numbers : 1 and itself. 1 can only be divided by one number, therefore it is not prime. Wrong. You got the definition of what a prime number is wrong. A prime number is defined as a positive integer greater than one which has positive divisors 1 and itself, only. Please note that using your definition 7 is not prime because -7, -1, 1 and 7 all divide 7. I suggest at least looking into elementary number theory before making such statements again. Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com No no not wrong, indeed I didn't talk about being positive. But being prime is being positive (should have said it I agree) and have EXACTLY TWO different divisors. And if 1 were prime you wouldn't have only one unique decomposition in prime numbers ;) (for exemple, is 45 = 3x3x5 or 1x3x3x5 or 1x1x1x3x3x5 or... ?) It would crush many things down about arithmetics. Luckily I have learnt some things during my two year special scientific studies (heard about Classes priparatoires in France ?) and this is one of those.
Re: what is next? 3.10 or 4.0???
L. V. Lammert wrote: You're been saving Adaptec Promise raidctl, for 4.0, right? That, and NdisWrapper support.
Re: what is next? 3.10 or 4.0???
No no not wrong, indeed I didn't talk about being positive. But being prime is being positive (should have said it I agree) and have EXACTLY TWO different divisors. And if 1 were prime you wouldn't have only one unique decomposition in prime numbers ;) (for exemple, is 45 = 3x3x5 or 1x3x3x5 or 1x1x1x3x3x5 or... ?) It would crush many things down about arithmetics. Luckily I have learnt some things during my two year special scientific studies (heard about Classes priparatoires in France ?) and this is one of those. Damn you are so elite. Now what does this have to do with OpenBSD?
Re: what is next? 3.10 or 4.0???
--- Jean-SC)bastien Bour [EMAIL PROTECTED] wrote: Reid Nichol a icrit : --- Jean-So?=bastien Bour [EMAIL PROTECTED] wrote: Matthias Kilian a icrit : a) 4 is the first non-prime, at least according to factor(6). No, it is 1 :) Explanation : a prime number can only be divided by two different numbers : 1 and itself. 1 can only be divided by one number, therefore it is not prime. Wrong. You got the definition of what a prime number is wrong. A prime number is defined as a positive integer greater than one which has positive divisors 1 and itself, only. Please note that using your definition 7 is not prime because -7, -1, 1 and 7 all divide 7. I suggest at least looking into elementary number theory before making such statements again. No no not wrong, indeed I didn't talk about being positive. But being prime is being positive (should have said it I agree) and have EXACTLY TWO different divisors. And if 1 were prime you wouldn't have only one unique decomposition in prime numbers ;) (for exemple, is 45 = 3x3x5 or 1x3x3x5 or 1x1x1x3x3x5 or... ?) It would crush many things down about arithmetics. Luckily I have learnt some things during my two year special scientific studies (heard about Classes priparatoires in France ?) and this is one of those. Point of fact, your definition did /not/ state that a prime number had to be positive. Point of fact, your definition did /not/ state that the divisors must be positive as well. Perhaps you should've spent more time listening in class. Or even just listening to me. Or look it up at mathworld, or wikipedia. They all prove that your definition is *wrong*. Perhaps those classes that you supposedly took should teach something about mathematics aside from just using them. best regards, Reid Nichol We're in a giant car heading into a brick wall at 100 miles/hr and everybody's arguing about where they want to sit. -David Suzuki Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
os detection of NMAP not working
Pf's os detection of NMAP isn't working with NMAP 4.01. Pf detects NMAP 3.81 fine but not version 4.01. I don't have any other versions so I don't know exactly which or at which version it stops working. This is with openBSD 3.8, but the NMAP specific signatures in the cvs pf.os seem identical. Where can updated signatures be found or how can they be generated? Thanks. Chris
Re: what is next? 3.10 or 4.0???
I find it interesting that you didn't send this entirely condisending superior reply to the list. Now why is that? --- Matthew Weigel [EMAIL PROTECTED] wrote: Reid Nichol wrote: I suggest at least looking into elementary number theory before making such statements again. You might want to look into same, especially if you think you've already looked into number theory enough to discuss the subject. #1: he didn't say what a number was. We are talking about mathematics, NOT philosophy. In elementary number theory, numbers are usually the set of positive integers, including or not including 0 depending on circumstance. And you even use the usually. Perhaps you should check out the definition of divisibility and what a divisor is before you make such a comment. Even sticking to the positive integers if a divides b (written a|b) if and only if there is an integer d such that ad=b. Notice the work integer in there. Notice the word positive is NOT in there. So, -7 is a divisor of 7 because (-7)(-1)=7. We /must/ restrict the divisors to positive numbers. Which is what the original poster didn't do. Or didn't you notice that? And what does 0 (another special case) have to do with this conversation? #2: these definitions are fluid - by some definitions, '1' *is* prime, and by others it isn't. The question really depends on a particular mathematical writer's view, because it really has no impact on the interesting results of elementary number theory. Really. Point to a reference. Because the wikipedia and mathworld agree with my definition. Not to mention all my professors and every text that I've come across. #3: you are a lot more condescending than your demonstrated knowledge warrants. Deja vu. -- Matthew Weigel hacker [EMAIL PROTECTED] Someone who puts hacker into there signature to describe themselves really shouldn't be making such comments. best regards, Reid Nichol We're in a giant car heading into a brick wall at 100 miles/hr and everybody's arguing about where they want to sit. -David Suzuki Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Relaydb question
I'm using relaydb to scan through my mailbox (maildir format) to whitelist and blacklist. I do something like this in my Inbox: for message in $MAILBASE/cur/* do cat $message | /usr/local/bin/relaydb -vwf /var/spamd/relaydb done The problem with this is that I keep messages in my Inbox; so, every time relaydb runs, it increments the white counter for all the messages, not just the ones it hasn't seen. Is there any way to make relaydb only work on those files/messages that it hasn't previously seen?
Re: what is next? 3.10 or 4.0???
Come on. Hasn't the OpenBSD marketing department caught on yet. OpenBSD XP or OpenBSD Vista is the obvious choice. Like Windows Vista, there could be 5 versions of OpenBSD Vista. http://www.microsoft.com/windowsvista/versions/default.mspx OpenBSD Vista - Home Basic. (aka. Vista Home, Dave Fuestel) Same as Home - Premium, but has all the man pages deleted to save valuable space. OpenBSD Vista - Home Premium Has some of the advances networking features turned off, but don't worry, you don't need them anyway. OpenBSD Vista - Business Same as the current standard OpenBSD OpenBSD Vista - Ultimate Same as Business, but comes with a few multimedia packages included in the base install OpenBSD Vista - Enterprise. Comes in a 15 CD Set. Each CD is only a third full, but it looks impressive and costs 10 times as much.
Re: what is next? 3.10 or 4.0???
OpenBSD Vista - Home Basic. (aka. Vista Home, Dave Fuestel) Same as Home - Premium, but has all the man pages deleted to save valuable space. LOL! there could be a special mailing list for Vista users: [EMAIL PROTECTED]
Re: what is next? 3.10 or 4.0???
Original message Date: Sat, 04 Mar 2006 00:19:33 +0100 From: Jean-Sibastien Bour [EMAIL PROTECTED] Subject: Re: what is next? 3.10 or 4.0??? To: misc@openbsd.org Reid Nichol a icrit : --- Jean-So?=bastien Bour [EMAIL PROTECTED] wrote: Matthias Kilian a icrit : a) 4 is the first non-prime, at least according to factor(6). No, it is 1 :) Explanation : a prime number can only be divided by two different numbers : 1 and itself. 1 can only be divided by one number, therefore it is not prime. Wrong. You got the definition of what a prime number is wrong. A prime number is defined as a positive integer greater than one which has positive divisors 1 and itself, only. Please note that using your definition 7 is not prime because -7, -1, 1 and 7 all divide 7. I suggest at least looking into elementary number theory before making such statements again. Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com No no not wrong, indeed I didn't talk about being positive. But being prime is being positive (should have said it I agree) and have EXACTLY TWO different divisors. And if 1 were prime you wouldn't have only one unique decomposition in prime numbers ;) (for exemple, is 45 = 3x3x5 or 1x3x3x5 or 1x1x1x3x3x5 or... ?) It would crush many things down about arithmetics. nobody here is arguing that 1 IS prime. more transparently, the ideal generated by (1) is NOT a prime ideal (it's the whole ring). also, a factorization in a UFD is only unique up to multiplication by a unit. i think 1 is a unit, i'm not sure... :P Luckily I have learnt some things during my two year special scientific studies (heard about Classes priparatoires in France ?) and this is one of those. i assume you also learned about throwing out irrelevant egomaniacal chaff whenever you're feeling insecure about your mathematical inabilities in your advanced courses. how french, how academic!
Re: Squid QOS
On 3/3/06, Joachim Schipper [EMAIL PROTECTED] wrote: On Wed, Mar 01, 2006 at 09:47:35PM +0700, Cahyo wrote: I wish someone make this http://www.docum.org/docum.org/faq/cache/65.html for obsd pf n altq, because very useful for SOHO user for bandwidth efficiency, maybe have another ideas for that goal It's a dirty hack, really. You could try to get something similar with filtering outbound bandwidth only - tags can be used to filter on the combination of incoming/outgoing. Joachim if you filter $ext_interface incoming, srs are from local squid not real src client from $int_net work. if try filter outbound in $int_interface it's not solution, you can test download some file directly not on squidbox, outbound almost done -- Regards' -- Cahyo
Re: ath and 802.11a
* Andrew Smith [EMAIL PROTECTED]: Seconded (as if I needed to with Theo responding :P) I have an old Atheros based cardbus adaptor that will supposedly do b +g but I know for a fact not a, check the specs of the device please and do as Theo asks... dmesg is useful. Well, I'll not try a with an unsupported piece of hardware. According to the manpage my Wistron CM 9 does a/b/g. But it doesn't do g and that's why I'm not sure if it will do a as well. Interesting thing is that according to CVS only b was reported working, but a/b/g was added to the manpage. It doesn't really help me if the manpages lists the modes the card supports instead of the mode that OpenBSD supports... -- Fridtjof Busse This game lends itself to certain abuses. --- Calvin
Re: what is next? 3.10 or 4.0???
Original message Date: Fri, 3 Mar 2006 19:04:32 -0800 (PST) From: Reid Nichol [EMAIL PROTECTED] Subject: Re: what is next? 3.10 or 4.0??? To: Matthew Weigel [EMAIL PROTECTED] Cc: misc@openbsd.org I find it interesting that you didn't send this entirely condisending superior reply to the list. Now why is that? --- Matthew Weigel [EMAIL PROTECTED] wrote: Reid Nichol wrote: In elementary number theory, numbers are usually the set of positive integers, including or not including 0 depending on circumstance. And you even use the usually. Perhaps you should check out the definition of divisibility and what a divisor is before you make such a comment. Even sticking to the positive integers if a divides b (written a|b) if and only if there is an integer d such that ad=b. Notice the work integer in there. Notice the word positive is NOT in there. So, -7 is a divisor of 7 because (-7)(-1)=7. We /must/ restrict the divisors to positive numbers. Which is what the original poster didn't do. Or didn't you notice that? And what does 0 (another special case) have to do with this conversation? using the usual definition of prime does require the restriction of potential divisors to the positive integers. this is because, historically, the postive integers were the ring over which number theorists worked, so one needn't consider negative integer divisors. if you'd like to do away with the confusion of such a definition, it's much easier to use the ideal-based definition of prime: http://en.wikipedia.org/wiki/Prime_ideal . note that i'm assuming commutative rings here. #2: these definitions are fluid - by some definitions, '1' *is* prime, and by others it isn't. The question really depends on a particular mathematical writer's view, because it really has no impact on the interesting results of elementary number theory. Really. Point to a reference. Because the wikipedia and mathworld agree with my definition. Not to mention all my professors and every text that I've come across. right on, reid! under no circumstances should 1 be considered a prime number: the ideal generated by 1, (1), is obviously not a prime ideal. #3: you are a lot more condescending than your demonstrated knowledge warrants. reid is totally in the right. i didn't sense much condescension, just dropping definitions and such, like any respectable student of mathematics would and should do. cheers, jake
Re: what is next? 3.10 or 4.0???
On Fri, 3 Mar 2006, Reid Nichol wrote: I find it interesting that you didn't send this entirely condisending superior reply to the list. Now why is that? because it is off topic. Please stop this thread, which has nothing to do with OpenBSD anymore.