Re: saslauthd issue?
On Mon, Aug 07, 2006 at 10:51:02PM -0700, the unit calling itself Kian Mohageri wrote: B14xVu: Undefined variable. where B14xVu is a fragment of the password. The full password was: V$B14xVu I tried this on other user/password combinations, and got reasonable results. But the $ char seems to cause a problem consistently. In all other cases, the result was either: Have you tried escaping the $ char to make sure the shell doesn't interpret it? V\$B14xVu Yes - sorry I failed to mention that... esc'ing the $ does get by, but I've just never ever heard of having to escape a password... does that seem logical? shouldn't it at least be documented? Thnx, J
problems compiling -current kernel
Hi, folks Today I update my src tree in -current, I have some problems compiling it. I'm using OpenBSD 3.9 -current in amd64 port. [EMAIL PROTECTED]:[/usr/src/sys/arch/amd64/compile/GENERIC]% sudo make depend Password: mkdir -p /usr/src/sys/arch/amd64/compile/GENERIC/lib/kern depending the kern library objects depending the compat library objects sh /usr/src/sys/arch/amd64/compile/GENERIC/../../../../kern/genassym.sh cc -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes -Wno-uninitialized -Wno-format -Wno-main -Wno-sign-compare -Wstack-larger-than-2047 -mcmodel=kernel -mno-red-zone -fno-strict-aliasing -mno-sse2 -mno-sse -mno-3dnow -mno-mmx -msoft-float -fno-builtin-printf -fno-builtin-log -fno-omit-frame-pointer -O2 -pipe -nostdinc -I. -I/usr/src/sys/arch/amd64/compile/GENERIC/../../../../arch -I/usr/src/sys/arch/amd64/compile/GENERIC/../../../.. -DDDB -DDIAGNOSTIC -DKTRACE -DACCOUNTING -DKMEMSTATS -DPTRACE -DCRYPTO -DSYSVMSG -DSYSVSEM -DSYSVSHM -DUVM_SWAP_ENCRYPT -DCOMPAT_35 -DCOMPAT_43 -DLKM -DFFS -DFFS_SOFTUPDATES -DUFS_DIRHASH -DQUOTA -DEXT2FS -DMFS -DXFS -DTCP_SACK -DTCP_ECN -DTCP_SIGNATURE -DNFSCLIENT -DNFSSERVER -DCD9660 -DUDF -DMSDOSFS -DFIFO -DPORTAL -DINET -DALTQ -DINET6 -DIPSEC -DPPP_BSDCOMP -DPPP_DEFLATE -DMROUTING -DBOOT_CONFIG -DUSER_PCICONF -DAPERTURE -DPCIVERBOSE -DUSBVERBOSE -DWSDISPLAY_COMPAT_USL -DWSDISPLAY_COMPAT_RAWKBD -DWSDISPLAY_DEFAULTSCREENS=6 -DWSDISPLAY_COMPAT_PCVT -D_KERNEL -Damd64 -Dx86_64 -DMAXUSERS=32 /usr/src/sys/arch/amd64/compile/GENERIC/../../../../arch/amd64/amd64/genassym.cf assym.h.tmp mv -f assym.h.tmp assym.h cc1: error: unrecognized option `-Wstack-larger-than-2047' *** Error code 1 Stop in /usr/src/sys/arch/amd64/compile/GENERIC (line 556 of Makefile). [EMAIL PROTECTED]:[/usr/src/sys/arch/amd64/compile/GENERIC]% the -current guide in OpenBSD FAQ, dodn't contain sufficient support for me at this moment. Best Regards. -- --- BSD - Unix simplicity. Francisco Valladolid Hdez. [EMAIL PROTECTED]
Re: saslauthd issue?
On 8/7/06, J Moore [EMAIL PROTECTED] wrote: On Mon, Aug 07, 2006 at 10:51:02PM -0700, the unit calling itself Kian Mohageri wrote: B14xVu: Undefined variable. where B14xVu is a fragment of the password. The full password was: V$B14xVu I tried this on other user/password combinations, and got reasonable results. But the $ char seems to cause a problem consistently. In all other cases, the result was either: Have you tried escaping the $ char to make sure the shell doesn't interpret it? V\$B14xVu Yes - sorry I failed to mention that... esc'ing the $ does get by, but I've just never ever heard of having to escape a password... does that seem logical? shouldn't it at least be documented? It isn't that unusual. The program you're testing with is run on the command line, so special characters are going to be interpreted by the shell. Might be worth a note in the man page example or something but it's pretty common knowledge (not saying you should've known that or anything) Kian
Re: problems compiling -current kernel
On Tue, Aug 08, 2006 at 01:18:02AM -0500, Francisco Valladolid wrote: the -current guide in OpenBSD FAQ, dodn't contain sufficient support for me at this moment. http://www.openbsd.org/faq/current.html#20060727
Re: saslauthd issue?
On 8/8/06, J Moore [EMAIL PROTECTED] wrote: On Mon, Aug 07, 2006 at 10:51:02PM -0700, the unit calling itself Kian Mohageri wrote: Have you tried escaping the $ char to make sure the shell doesn't interpret it? V\$B14xVu Yes - sorry I failed to mention that... esc'ing the $ does get by, but I've just never ever heard of having to escape a password... does that seem logical? shouldn't it at least be documented? It's perfectly logical, though it is a bit strange. I've never heard of a password with a $ in it though. To be sure, you can just always quote the password with single quotes. This will prevent the shell from interpreting the $ specially. -Nick
Re: problems compiling -current kernel
Yes, Thank you, I see this note, I'm compiling gcc ! Thank you very much. On 8/8/06, Matthias Kilian [EMAIL PROTECTED] wrote: On Tue, Aug 08, 2006 at 01:18:02AM -0500, Francisco Valladolid wrote: the -current guide in OpenBSD FAQ, dodn't contain sufficient support for me at this moment. http://www.openbsd.org/faq/current.html#20060727 -- --- BSD - Unix simplicity. Francisco Valladolid Hdez. [EMAIL PROTECTED]
broadcast IPs in a public /29 block
while mucking around with reverse DNS for a /29 public netblock i use, i noticed that my ISP, SBC, had only aliased 6 of the 8 IPs in the /29 block for use with rDNS. after seeing this, i did a bit of homework and found graham toal's explanation of the missing IPs ( http://www.gtoal.com/subnet.html ) which presents this issue quite clearly. this did leave me with some additional questions though. i have been hosting websites on these reserved boundary IPs in the /29 block with no trouble using binat. should i not be doing this since these are reserved IPs for broadcast? i have moved one domain from the boundary already since it needed rDNS setup. how regularly are these reserved broadcast addresses at the beginning and end of the netblock used and for what sorts of services? cheers, jake
Alternative superuser aside from root
Is it possible to replace root with another username as superuser? This could make the system very secure because when it comes to BSD/Unix/Linux, the root is the most coveted user account. That is, hackers would all be barking the wrong tree if the real superuser is actually another username. I installed and use OpenBSD 3.9 as Internet gateway in our company, installed it via floppy disk. If it's possible, can you pls give me pointers how to do it? Thank you very much!
Re: Alternative superuser aside from root
On 8/8/06, Tito Mari Francis Escaqo [EMAIL PROTECTED] wrote: Is it possible to replace root with another username as superuser? Sure, just change its password entry. That said, I wouldn't recommend wasting your time on this. This could make the system very secure because when it comes to BSD/Unix/Linux, the root is the most coveted user account. No, it wouldn't make your system any more secure than it was before the change. I recommend you read the archives to see why your suggestion isn't too worthwhile. One reason why s/root/anything/ won't help you much is that its UID is still 0. In other words: you still have an almighty user on the system. The concept of usernames is primarily to make things easier for us humans. Under the hood, things work in terms of (numeric) UIDs/GIDs. As a hacker, you'd just go for UID 0. Cheers, Rogier -- If you don't know where you're going, any road will get you there.
Re: Alternative superuser aside from root
Hi, It is possible to rename your root account... You have to change it's name in /etc/passwd and maybe change its home directory. BUT: a) some programs may not work properly 'cause they depend on the name of the super-user account (I can't remember of any example right-now, but I'm sure some exist...) b) This is NOT a security enhancement... The superuser is not understood by the system by its name, but by it's user-id. The superuser is the account with user-id 0 (zero). When a hacker exploits a known buffer overflow, what the code does is (try to) change its user-id to 0. You won't achieve anything by renaming the account... The quest of a hacker is not towards 'root' account, but towards user-id zero. regards, stef
Re: PF development
On Tue, Aug 08, 2006 at 12:41:13AM +0200, Pierre-Yves Rofes wrote: Hi guys, I've got some skills in C language, and as a project for my studies, I'd like to develop a layer-7 filtering tool with PF, like this one which works with Linux/Netfilter: http://l7-filter.sourceforge.net/ So I'd like to know if there is some documentation, book or whatever explaining precisely the PF internals, and how to add some userspace features, because I guess it's a not a good idea to add some regexp code in kernelspace :). Look at /usr/src/usr.sbin/ftp-proxy, interacts with pf and runs in userspace. I googled a bit, and I've found the book Building Firewalls with OpenBSD and PF, 2nd ed. by Jacek Artymiak. I've read the online available chapters, it sure seems interesting for setting up a firewall with PF, but I don't think it deals with its internal mechanisms. It's for firewall builders, not kernel developers Naturally, I'm also looking at the pfctl sources included in src.tar.gz, but some help/advice would be greatly appreciated. Thanks for your time. P.S: I didn't know where to ask, but misc was the most appropriated I guess. -- Regards, Pierre-Yves Rofes Tobias
Re: Apache proxy settings not working
2006/8/7, Bruno S. Delbono [EMAIL PROTECTED]: I have a couple of apps (webmail) that sit behind the OpenBSD gateway running httpd. When I enable the proxy module and try to access the app behind it fails with this error: Are you trying a transparent proxy? I was unable to get this working with Apache too and ended up using squid instead. Best Martin
Upgrade from obsd 3.7 - 3.8 - 3.9: DMA issues
Dear all, I upgraded an OpenBSD 3.7 system, taking the steps mentioned in the upgrade guides from 3.7 - 3.8 and 3.8 - 3.9, using official OpenBSD CD media. While OpenBSD 3.7 and 3.8 used to connect my hard drive using UDMA 5, OpenBSD 3.9 only uses DMA 2: pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x06: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide1 channel 0 drive 0: WDC WD200BB-00DEA0 wd0: 16-sector PIO, LBA, 19092MB, 39102336 sectors wd0(pciide1:0:0): using PIO mode 4, DMA mode 2 OpenBSD 3.7 and 3.8 come up this way: pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide1 channel 0 drive 0: WDC WD200BB-00DEA0 wd0: 16-sector PIO, LBA, 19092MB, 39102336 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 A generic kernel was used to verify these symptoms. If I boot an old OpenBSD 3.8 kernel on my upgraded box, I get my UDMA back. Anyway, I doubt that this is a good setup... ;) I changed the wd* flag to wd* at pciide? flags 0x0dac and rebuilt the kernel, with no success - the controller itself only reports DMA capability, so the message stays the same. Any ideas or similar experiences? Kind regards, Jens
sshd question
hi i hope this list is the right one for my question . i look for an funktion to limit the login by name AND ip range. example. root login ALLOW from www.xxx.yyy.zzz deny from all myname login ALLOW from all deny from www.xxx.yyy.zzz if there exist an feature / funktion of sshd to do this or i need an additional software ? i diden4t wan4t to start an diskussion about security and why i have permit to login as root. holger
Re: OpenBSD and high availability
Dear all, * On Tuesday 08 August 2006 05:11, Nick Holland wrote: [rsync vs. nfs approach] Simplicity is your friend. rsync is simple, easy to understand, and easy to recover. [...] No, I can't prove it, but I much prefer the simple solution which has simple and understood problems, than the system which is never supposed to break...and will anyway, in ways you never imagined, and may not be able to figure out. Experience tends to suggest I'm right on that... First of all thanks for the ideas and thoughts I got from all you. As there's no simple thing like DRBD or something similar on a lower (kernel) level (I just was a bit curious about that), I agree with Nick here - rsync is pretty easy to handle, so I'll stay with rsync and friends for now. Kind regards, Jens
Re: sshd question
Hello, On 8/8/06, holger glaess [EMAIL PROTECTED] wrote: hi i hope this list is the right one for my question . i look for an funktion to limit the login by name AND ip range. example. root login ALLOW from www.xxx.yyy.zzz deny from all myname login ALLOW from all deny from www.xxx.yyy.zzz if there exist an feature / funktion of sshd to do this or i need an additional software ? sshd_config(5): AllowUsers This keyword can be followed by a list of user name patterns, separated by spaces. If specified, login is allowed only for us- er names that match one of the patterns. Only user names are valid; a numerical user ID is not recognized. By default, login is allowed for all users. If the pattern takes the form US- [EMAIL PROTECTED] then USER and HOST are separately checked, restricting logins to particular users from particular hosts. The allow/deny directives are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. See PATTERNS in ssh_config(5) for more information on patterns. For example, AllowUsers [EMAIL PROTECTED] [EMAIL PROTECTED] i diden4t wan4t to start an diskussion about security and why i have permit to login as root. holger -- Dmitri A. Alenitchev No place like $HOME
Smallest OpenBSD box
Hi, I would like to know that is the smallest box ( in terms of size ) that can be used to Install OpenBSD and used as a firewall. It should have a hard disk also, and atleast 2 NIC Interfaces. Thankyou so much Kind Regards Siju
Re: carp in PF interface context.
* Gustavo Rios [EMAIL PROTECTED] [2006-08-07 04:46]: I am playing with openbsd PF, and i read the text below: (http://www.countersiege.com/doc/pfsync-carp/) When writing the rest of the pf ruleset, it is important to keep in mind that from pf's perspective, all traffic comes from the physical interface, even if it is routed through the carp address. However, the address is of course associated with the carp interface. Therefore, in the interface context, such as pass in on $extif ..., $extif would be the physical interface, but in the context of from $foo or to $foo, the carp interface should be used, as it's being meant in the address context. Why the carp interface cannot be used in context of the interface? well, because it is that way. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: Smallest OpenBSD box
Hello, Hi, I would like to know that is the smallest box ( in terms of size ) that can be used to Install OpenBSD and used as a firewall. It should have a hard disk also, and atleast 2 NIC Interfaces. The smallest box I know is a WRAP system (www.pcengines.ch). It's 15x15cm, up to 3 nics, one or two mini-pci slots, and one serial port. Thankyou so much no problem... ;-) Kind Regards Siju Regards Hagen Volpers
Re: problems compiling -current kernel
* Francisco Valladolid [EMAIL PROTECTED] [2006-08-08 08:25]: Today I update my src tree in -current, I have some problems compiling it. the -current guide in OpenBSD FAQ, dodn't contain sufficient support for me at this moment. that's a very very very strong hint that you should just use snapshots then. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Systrace Logging Redirection
Hey all, I've been experimenting with systrace and several programs on OpenBSD 3.9-stable. I'm pleased with what the tool lets me do, and with its output, but can't find a way to get it to log to a different file for each systrace'd service. For example, I prepend the following to my otherwise-default syslog.conf !!systrace *.* /var/log/systrace/systrace !* Then I run thttpd and named under systrace. Both will log to /var/log/systrace/systrace, but is there a way to get them to each log to their own file, such as /var/log/systrace/thttpd and /var/log/systrace/named? If I understand correctly, even though thttpd and named might log under different facilities, there's no option in systrace to specify a facility name. Without this I think my answer is no, but was hoping some ingenious hacker might have a solution. Thanks, Seth
Tuning OpenBSD network throughput
I have three machines that I'm using for testing network performance: - 2.0GHz Pentium 4, 256MiB RAM, Ubuntu 6.06, e1000 - 266MHz Pentium II, 192MiB RAM, Debian Unstable, sk98lin - 600MHz Pentium M, 256MiB RAM, OpenBSD 4.0-current, em(4) All network settings are still at their respective defaults. First, I connected the two Linux boxes with an Ethernet cable and ran ``iperf -s'' on the 2.0GHz machine and ``iperf -c 192.168.10.1'' on the 266MHz machine, and iperf reported a bandwidth of about 224 Mbits/sec. Then, I substituted out the 266MHz machine and replaced it with the 600MHz machine (i.e., faster processor, more ram, and better software), but running ``iperf -c 192.168.10.1'' under OpenBSD reported a mere 3.8 Mbits/sec---nearly two orders of magnitude less! Can anyone explain the huge discrepancy here? Can I do anything to get OpenBSD to achieve at least 150 Mbits/sec? Thanks. (I've omitted the Linux dmesgs, but can provide them if they would be considered useful and not just line noise.) OpenBSD 4.0-beta (GENERIC) #1055: Thu Aug 3 11:39:24 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) M processor 1.10GHz (GenuineIntel 686-class) 599 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2 cpu0: Enhanced SpeedStep 600 MHz (812 mV): speeds: 1100, 1000, 900, 800, 600 MHz real mem = 258437120 (252380K) avail mem = 228171776 (222824K) using 3180 buffers containing 13025280 bytes (12720K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(77) BIOS, date 06/15/05, BIOS32 rev. 0 @ 0xfd740, SMBIOS rev. 2.33 @ 0xe0010 (56 entries) bios0: IBM 2371BMU apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 35% apm0: AC off, battery charge high, estimated 1:42 hours apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd6d0/0x930 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdeb0/256 (14 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0xc800! 0xcc800/0x1000 0xcd800/0x1000 0xdc000/0x4000! 0xe/0x1 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82852GM Hub-PCI rev 0x02 Intel 82852GM Memory rev 0x02 at pci0 dev 0 function 1 not configured Intel 82852GM Configuration rev 0x02 at pci0 dev 0 function 3 not configured vga1 at pci0 dev 2 function 0 Intel 82852GM AGP rev 0x02: aperture at 0xe000, size 0x800 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Intel 82852GM AGP rev 0x02 at pci0 dev 2 function 1 not configured uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x01: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x01: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x01: irq 11 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x01: irq 11 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 6 ports with 6 removable, self powered ppb0 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x81 pci1 at ppb0 bus 1 cbb0 at pci1 dev 0 function 0 Ricoh 5C476 CardBus rev 0x8d: irq 11 sdhc0 at pci1 dev 0 function 1 Ricoh 5C822 SD/MMC rev 0x13: irq 11 sdmmc0 at sdhc0 em0 at pci1 dev 1 function 0 Intel PRO/1000MT Mobile (82541GI) rev 0x00: irq 11, address 00:0a:e4:37:61:6a iwi0 at pci1 dev 2 function 0 Intel PRO/Wireless 2200BG rev 0x05: irq 11, address 00:13:ce:58:8f:14 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 2 device 0 cacheline 0x0, lattimer 0xb0 pcmcia0 at cardslot0 ichpcib0 at pci0 dev 31 function 0 Intel 82801DBM LPC rev 0x01 pciide0 at pci0 dev 31 function 1 Intel 82801DBM IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: HTC426030G7AT00 wd0: 16-sector PIO, LBA, 28615MB, 58605120 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: channel 1 disabled (no drives) ichiic0 at pci0 dev 31 function 3 Intel 82801DB SMBus rev 0x01: irq 11 iic0 at ichiic0 auich0 at pci0 dev 31 function 5 Intel 82801DB AC97 rev 0x01: irq 11, ICH4 AC97 ac97: codec id 0x41445374 (Analog Devices AD1981B) ac97: codec features headphone, 20 bit DAC, No 3D Stereo audio0 at auich0 Intel 82801DB Modem rev 0x01 at pci0 dev 31 function 6 not configured isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5
spamd and spamlogd syslog level
Does anyone know why spamd and spamlogd log to syslog at different log levels. It isn't too hard to change syslog.conf to include daemon.debug in order to capture output from spamlogd, but why the difference?
Re: Systrace Logging Redirection
Cituji Seth Hanford [EMAIL PROTECTED]: Hey all, I've been experimenting with systrace and several programs on OpenBSD 3.9-stable. I'm pleased with what the tool lets me do, and with its output, but can't find a way to get it to log to a different file for each systrace'd service. For example, I prepend the following to my otherwise-default syslog.conf !!systrace *.* /var/log/systrace/systrace !* Then I run thttpd and named under systrace. Both will log to /var/log/systrace/systrace, but is there a way to get them to each log to their own file, such as /var/log/systrace/thttpd and /var/log/systrace/named? If I understand correctly, even though thttpd and named might log under different facilities, there's no option in systrace to specify a facility name. Without this I think my answer is no, but was hoping some ingenious hacker might have a solution. hi, what about to sort loggin with syslog-ng, it has built-in regex... -- jirib
Re: Tyan v. Supermicro for Opteron?
On Sun, Aug 06, 2006 at 03:47:02PM -0700, Darrin Chandler wrote: Ok, I've got it narrowed down a bit. Anyone have experiences good or bad to report with Tyan versus Supermicro mobos? I find archives for people using one or the other, so they both seem workable. Anyone used both and prefer one for some reason? I'm looking at 2xCPU, and maybe dual-core in addition. Thanks to everyone who replied! Looks like Supermicro wins out, though Tyan ain't bad at all (with their quick support). I was leaning toward Supermicro anyway, and it's nice to have some confirmation. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: Tuning OpenBSD network throughput
On 8/8/06, Matthew R. Dempsky [EMAIL PROTECTED] wrote: First, I connected the two Linux boxes with an Ethernet cable and ran ``iperf -s'' on the 2.0GHz machine and ``iperf -c 192.168.10.1'' on the 266MHz machine, and iperf reported a bandwidth of about 224 Mbits/sec. Then, I substituted out the 266MHz machine and replaced it with the 600MHz machine (i.e., faster processor, more ram, and better software), but running ``iperf -c 192.168.10.1'' under OpenBSD reported a mere 3.8 Mbits/sec---nearly two orders of magnitude less! Can anyone explain the huge discrepancy here? Can I do anything to get OpenBSD to achieve at least 150 Mbits/sec? first look for duplex mismatch, bad cabling etc. then look for high interrupt load, change hardware etc. then read about iperf, and think whether it applies to your problem. then think about your goal. do you want 150 mbit with tiny 40 bytes packets or with jumbo frames (huge difference) and, in any case, search the archives about tuning openbsd. --knitti
Re: spamd and spamlogd syslog level
On Tue, Aug 08, 2006 at 11:39:22AM -0400, Will H. Backman wrote: Does anyone know why spamd and spamlogd log to syslog at different log levels. It isn't too hard to change syslog.conf to include daemon.debug in order to capture output from spamlogd, but why the difference? I would consider spamlogd logging to be noise during normal operation. If it's working properly then you know what it's doing from maillog. As opposed to spamd logging where lots of stuff may be going on that you'd never see anywhere else. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: spamd and spamlogd syslog level
On Tue, Aug 08, 2006 at 11:39:22AM -0400, Will H. Backman wrote: Does anyone know why spamd and spamlogd log to syslog at different log levels. It isn't too hard to change syslog.conf to include daemon.debug in order to capture output from spamlogd, but why the difference? Presumably, as long as spamlogd does its job, you can just look at the output from your MTA. Joachim
Re: Systrace Logging Redirection
On Tue, Aug 08, 2006 at 11:00:14AM -0400, Seth Hanford wrote: Hey all, I've been experimenting with systrace and several programs on OpenBSD 3.9-stable. I'm pleased with what the tool lets me do, and with its output, but can't find a way to get it to log to a different file for each systrace'd service. For example, I prepend the following to my otherwise-default syslog.conf !!systrace *.* /var/log/systrace/systrace !* Then I run thttpd and named under systrace. Both will log to /var/log/systrace/systrace, but is there a way to get them to each log to their own file, such as /var/log/systrace/thttpd and /var/log/systrace/named? If I understand correctly, even though thttpd and named might log under different facilities, there's no option in systrace to specify a facility name. Without this I think my answer is no, but was hoping some ingenious hacker might have a solution. What about systrace -e? It logs to stdout. Write a little program in your favourite language[1] to send it to syslog with the proper facility/priority. Joachim [1] I know how to do this in Perl and C, and inefficiently in the Bourne shell. It should be possible in any language with decent UNIX support.
Re: Apache proxy settings not working
o?= wrote: 2006/8/7, Bruno S. Delbono [EMAIL PROTECTED]: I have a couple of apps (webmail) that sit behind the OpenBSD gateway running httpd. When I enable the proxy module and try to access the app behind it fails with this error: Are you trying a transparent proxy? I was unable to get this working with Apache too and ended up using squid instead. No it's reverse. I want all incoming requests from the Internet to a certain virtual host (in this case webmail.sendmail.tv) to be redirected to an internal host running the webmail app server (on 10.10.33.3 port 81). For some reason, the proxy in OpenBSD's httpd doesn't take the 10.10.33.3 portion and replaces it with 0.0.0.0. So this request fails...I saw another poster post a similar bug (on the same arch - SPARC). Warm regards, -- Bruno Delbono | Systems Engineer | Open-Systems Group Websites: www.mail.ac www.sendmail.tv www.open-systems.org
Re: Systrace Logging Redirection
Hi! On Tue, Aug 08, 2006 at 06:05:22PM +0200, Joachim Schipper wrote: [...] What about systrace -e? It logs to stdout. Write a little program in your favourite language[1] to send it to syslog with the proper facility/priority. You mean something like logger(1)? Joachim Kind regards, Hannah.
Re: Apache proxy settings not working
Hello, No it's reverse. I want all incoming requests from the Internet to a certain virtual host (in this case webmail.sendmail.tv) to be redirected to an internal host running the webmail app server (on 10.10.33.3 port 81). For some reason, the proxy in OpenBSD's httpd doesn't take the 10.10.33.3 portion and replaces it with 0.0.0.0. So this request fails...I saw another poster post a similar bug (on the same arch - SPARC). Did you try it with a dns name? I'm using /var/www/etc/hosts (httpd is chrooted per default) for that. Warm regards, Regards Hagen Volpers
Re: XOrg upgrade problem
UNSUSCRIBE
Re: Smallest OpenBSD box
The wrap does not support HDD's, CF only. You'll be better off with a soekris: http://www.soekris.com/ Cheers z0mbix On 08/08/06, openbsd misc [EMAIL PROTECTED] wrote: Hello, Hi, I would like to know that is the smallest box ( in terms of size ) that can be used to Install OpenBSD and used as a firewall. It should have a hard disk also, and atleast 2 NIC Interfaces. The smallest box I know is a WRAP system (www.pcengines.ch). It's 15x15cm, up to 3 nics, one or two mini-pci slots, and one serial port. Thankyou so much no problem... ;-) Kind Regards Siju Regards Hagen Volpers
Re: Apache proxy settings not working
openbsd misc wrote: Did you try it with a dns name? I'm using /var/www/etc/hosts (httpd is chrooted per default) for that. Bingo! # mkdir /var/www/etc/ # cp /etc/hosts /var/www/etc/hosts # chown -R www:www /var/www/etc/hosts - Enabled mod_proxy - Changed the IP address of the app server to the hostname - Restarted Apache --- LoadModule proxy_module /usr/lib/apache/modules/libproxy.so IfModule mod_proxy.c ProxyRequests Off Directory proxy:http://webmail.sendmail.tv Order deny,allow Allow from all /Directory ProxyVia Off /IfModule VirtualHost 24.87.68.160:80 ServerName webmail.sendmail.tv ProxyPass / http://hub:81/ ProxyPassReverse / http://hub:81/ CustomLog logs/access_log.int1 combined Location / Order allow,deny Allow from all /Location /VirtualHost --- It works!! Thank you -- Bruno Delbono | Systems Engineer | Open-Systems Group Websites: www.mail.ac www.sendmail.tv www.open-systems.org
Re: Systrace Logging Redirection
Hannah Schroeter wrote: Hi! On Tue, Aug 08, 2006 at 06:05:22PM +0200, Joachim Schipper wrote: [...] What about systrace -e? It logs to stdout. Write a little program in your favourite language[1] to send it to syslog with the proper facility/priority. You mean something like logger(1)? Woo hoo! This is exactly what I needed (and just in time, as I was reading up on Sys::Syslog). I recall seeing this in the past, but hadn't come up with it this time around. Thanks to all, I should be able to make this work, Seth Joachim Kind regards, Hannah.
Re: Smallest OpenBSD box
You didn't provide all your requirements for your firewall. How many PPS do you need to support? This will drive what kind of hardware you should get, not just physical size and number of interfaces. diana
Re: broadcast IPs in a public /29 block
Hello, while mucking around with reverse DNS for a /29 public netblock i use, i noticed that my ISP, SBC, had only aliased 6 of the 8 IPs in the /29 block for use with rDNS. after seeing this, i did a bit of homework and found graham toal's explanation of the missing IPs ( http://www.gtoal.com/subnet.html ) which presents this issue quite clearly. this did leave me with some additional questions though. it's very important to understand how ip subnetting and routing is working. Many people didn't understand (like dns). That's why even companies like microsoft have problems in there networks / dns. Read it carefully and think about. Having a deeper look into the RFCs is also a got idea. i have been hosting websites on these reserved boundary IPs in the /29 block with no trouble using binat. should i not be doing this since these are reserved IPs for broadcast? i have moved one domain from the boundary already since it needed rDNS setup. how regularly are these reserved broadcast addresses at the beginning and end of the netblock used and for what sorts of services? These reserved ip-addresses are needed so it's very regular. Using binat is a way to avoid loosing ip-addresses but it's unusual. There is no problem in using them (like you did) but it's also normal that you cannot set rdns entries for those. Normaly you route a net and do not binat them, therefore the two reversed ip-adresses are needed. Talk to you isp and ask him if he can set your rdns entries manually. cheers, jake Regards Hagen Volpers
sasyncd and ISAKMP SA
hi, I was recently looking for IPsec failover functionality and come across the sasyncd daemon. didn't have time to try it out, but maybe someone could give me a brief answer to the following question: does sasyncd enable the IPsec failover gateways to also share the ISAKMP SA (so that DPD exchanges can proceed despite failures)? the ISAKMP SA is not explicitly mentioned in the help page (and is actually distinct from the IPsec SAs). thank you in advance. cheers, John
Re: Alternative superuser aside from root
On Tue, Aug 08, 2006 at 03:54:45PM +0800, Tito Mari Francis Esca?o wrote: Is it possible to replace root with another username as superuser? This could make the system very secure because when it comes to BSD/Unix/Linux, the root is the most coveted user account. That is, hackers would all be barking the wrong tree if the real superuser is actually another username. I installed and use OpenBSD 3.9 as Internet gateway in our company, installed it via floppy disk. If it's possible, can you pls give me pointers how to do it? Thank you very much! yes, it is, but it's pointless. Name doesn't matter too much, unlike uid. In case of, i.e. sshd you can use PermitRootLogin directive. - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://entropy.pl http://entropy.pl/?blog
Server question
Hello BSD'S :) I want to rent a box in 1und1.de. I wanted to ask the following questions. It has software raid. Do you think I might have a compartability problem with that ? Also has anyone tried from misc to install via serial console an OpenBSD in this company ? This is my main concern ... I assume that the network card that the rack has inside will play without compartability problems... Right ? These questions might sound stupid but i am asking because the ral pickle is that if you buy a box in this company you need to spend an ammount of money and it has at least 1 year contract so I need to be most assured that at least even if the raid doesnt play and I use 2 hdds instead of raid that the OS will run fine. Thank you very much everyone for your time. Best Regards Alex
Re: Apache proxy settings not working
openbsd misc wrote: Did you try it with a dns name? I'm using /var/www/etc/hosts (httpd is chrooted per default) for that. Bingo! ;-) # mkdir /var/www/etc/ # cp /etc/hosts /var/www/etc/hosts # chown -R www:www /var/www/etc/hosts Your chown is not a good idea. Should be: chown root:wheel /var/www/etc/hosts chmod 644 /var/www/etc/hosts Never give write right to a webserver... ;-) It works!! Thank you No problem... ;-) Regards Hagen Volpers
Re: saslauthd issue?
J Moore wrote: As I was inching my way along, testing as I go, I noticed something odd. /usr/local/sbin/testsaslauthd -u user -p password This test worked on the first user id and pw I tried, so I assumed saslauthd was working correctly. Later, while troubleshooting a stubborn issue, I tried it with another userid and password, and got the following result: B14xVu: Undefined variable. where B14xVu is a fragment of the password. The full password was: V$B14xVu So, you entered: /usr/local/sbin/testsaslauthd -u username -p V$B14xVu , which was subject to parameter substitution. This is how most, if not all, shells work. I would guess you're using bash, so man bash would be a good idea. Look for parameter substitution. /Alexander
Re: Server question
On Tue, Aug 08, 2006 at 10:19:41PM +0300, Alex Stamatis wrote: Hello BSD'S :) I want to rent a box in 1und1.de. I wanted to ask the following questions. It has software raid. Do you think I might have a compartability problem with that ? In the sense that it's the Linux kernel doing this, and you won't be using a Linux kernel, I'd say you definitely are going to have problems. However, using software RAID via RAIDframe on OpenBSD works fine, once it's setup (it does tend to crash quite a bit before that time, though; be careful, and also take a good look at the altroot mechanism described in afterboot(8) - I have at least one box with altusr and such). However, if you know what to do or once you have found out through trial and error what the settings are supposed to be, RAIDframe works very well. It will require a custom kernel, though. See raid(4). Also has anyone tried from misc to install via serial console an OpenBSD in this company ? This is my main concern ... I assume that the network card that the rack has inside will play without compartability problems... Right ? See the thread ending (more or less) with http://marc.theaimsgroup.com/?l=openbsd-miscm=114739329602183w=2 for details. These questions might sound stupid but i am asking because the ral pickle is that if you buy a box in this company you need to spend an ammount of money and it has at least 1 year contract so I need to be most assured that at least even if the raid doesnt play and I use 2 hdds instead of raid that the OS will run fine. Apparently, it does. Even if it's not exactly supported. Joachim
Re: sshd question
holger glaess wrote:
hi
i hope this list is the right one for my question .
i look for an funktion to limit the login by name AND ip range.
example.
root login ALLOW from www.xxx.yyy.zzz
deny from all
myname login ALLOW from all
deny from www.xxx.yyy.zzz
if there exist an feature / funktion of sshd to do this or i need an additional
software ?
i diden4t wan4t to start an diskussion about security and why i have permit to
login as root.
holger
I think this request looks kinda silly
use pf
block quick log on $ext_if proto { tcp udp } from bad_people to any
to keep out those you don't want on that you know you don't want on.
Require certs with passwords, no tunneled plaintext passwords.
You don't HAVE to allow root logins, make people login as themselves and
su, or better sudo.
Re: Smallest OpenBSD box
That's true. He didn't write his requirements. I'm handling everything on ramdisks (dnscache from djbdns, squid, log-files) and it's working fine (for a small environment). Soekris are more expensive, but they have advantages... :-) Openbrick could also be an option. I bought some machines here: http://www.visionsystems.de/ (Embedded Systems) It's a german company but I think they ship to other countries, too. Regard Hagen Volpers The wrap does not support HDD's, CF only. You'll be better off with a soekris: http://www.soekris.com/ Cheers z0mbix On 08/08/06, openbsd misc [EMAIL PROTECTED] wrote: Hello, Hi, I would like to know that is the smallest box ( in terms of size ) that can be used to Install OpenBSD and used as a firewall. It should have a hard disk also, and atleast 2 NIC Interfaces. The smallest box I know is a WRAP system (www.pcengines.ch). It's 15x15cm, up to 3 nics, one or two mini-pci slots, and one serial port. Thankyou so much no problem... ;-) Kind Regards Siju Regards Hagen Volpers
Re: Tuning OpenBSD network throughput
knitti wrote: On 8/8/06, Matthew R. Dempsky [EMAIL PROTECTED] wrote: First, I connected the two Linux boxes with an Ethernet cable and ran ``iperf -s'' on the 2.0GHz machine and ``iperf -c 192.168.10.1'' on the 266MHz machine, and iperf reported a bandwidth of about 224 Mbits/sec. Then, I substituted out the 266MHz machine and replaced it with the 600MHz machine (i.e., faster processor, more ram, and better software), but running ``iperf -c 192.168.10.1'' under OpenBSD reported a mere 3.8 Mbits/sec---nearly two orders of magnitude less! Can anyone explain the huge discrepancy here? Can I do anything to get OpenBSD to achieve at least 150 Mbits/sec? first look for duplex mismatch, bad cabling etc. then look for high interrupt load, change hardware etc. then read about iperf, and think whether it applies to your problem. then think about your goal. do you want 150 mbit with tiny 40 bytes packets or with jumbo frames (huge difference) and, in any case, search the archives about tuning openbsd. --knitti i think iperf doest like openbsd threads. iperf never reports more than 5mb/s if running on openbsd, but there is no problem on troughput of openbsd at all. Look at some other tool or use iperf to check bandwidth through openbsd (using two other machines) and not to openbsd. luiz
cpu1: unknown i686 model 1, can't get bus clock
I have just installed the 4.0-beta snapshot noticed a error message when booting GENERIC.MP cpu1: unknown i686 model 1, can't get bus clock the machine is a old IBM PC 365, dual p-pro. the machine was previously running 3.9-STABLE without any such errors. Regards Sevan / Venture37 OpenBSD 4.0-beta (GENERIC.MP) #870: Thu Aug 3 11:50:54 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel Pentium Pro (GenuineIntel 686-class, 256KB L2 cache) 200 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV real mem = 133787648 (130652K) avail mem = 114774016 (112084K) using 1658 buffers containing 6791168 bytes (6632K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 04/12/00, BIOS32 rev. 0 @ 0xfd891 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI BIOS has 5 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:01:0 (Intel 82371SB ISA rev 0x00) pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x8000 mainbus0: Intel MP Specification (Version 1.1) (IBM-PCCO CrossFire MP) cpu0 at mainbus0: apid 1 (boot processor) cpu0: unknown i686 model 1, can't get bus clock cpu0: apic clock running at 66 MHz cpu1 at mainbus0: apid 0 (application processor) cpu1: Intel Pentium Pro (GenuineIntel 686-class, 256KB L2 cache) 200 MHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV mainbus0: bus 0 is type PCI mainbus0: bus 1 is type ISA ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82441FX rev 0x02 pcib0 at pci0 dev 1 function 0 Intel 82371SB ISA rev 0x01 pciide0 at pci0 dev 1 function 1 Intel 82371SB IDE rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: FUJITSU MPA3035ATU wd0: 16-sector PIO, LBA, 3337MB, 6835952 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: E-IDE, CD-ROM 32X/AKU, U10I SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 uhci0 at pci0 dev 1 function 2 Intel 82371SB USB rev 0x01: apic 2 int 19 (irq 10) usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered vga1 at pci0 dev 6 function 0 Matrox MGA Millenium 2064W (Storm) rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ral0 at pci0 dev 7 function 0 Ralink RT2560 rev 0x01: apic 2 int 17 (irq 9), address 00:11:09:2a:59:f7 ral0: MAC/BBP RT2560 (rev 0x04), RF RT2525 sis0 at pci0 dev 11 function 0 NS DP83815 10/100 rev 0x00, DP83815D: apic 2 int 16 (irq 5), address 00:40:f4:3b:c7:0f nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt2 at isa0 port 0x3bc/4: polled npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask 0 netmask 0 ttymask 0 pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support apm0: disconnected dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 cpu1: unknown i686 model 1, can't get bus clock -- The truth, the half-truth, and nothing like the truth. - Mark Brandon Read
OT: Request for Help on 2.5 HardDisk (Don't open if you disklike OT)
I am trying to buy 24/7 rated 2.5 hard disks to use within soekris running openbsd for a firewall system. I am trying hard to find a reliable supplier of such devices. The problem i am facing i cannot find a reseller anywhere in the word that could deliver it to Brazil (where i am right now). If some here have means by which i could be supplied with such devices, it is a chance to make some money. I am seeking for HITACHI E7K100 and also E5K100 models. Other brands (seagate/etc) are welcome too provided their models are rated 24/7 operation. Thanks in advance. PS: once more i apologize for the incovenience, but i am really having a hard time to get such devices.
Re: Alternative superuser aside from root
Tito Mari Francis Escaqo wrote: Is it possible to replace root with another username as superuser? This could make the system very secure because when it comes to ^^^ No. ^^ No. BSD/Unix/Linux, the root is the most coveted user account. That is, hackers would all be barking the wrong tree if the real superuser is actually another username. Most exploits come from misbehaving programs running as the superuser (formerly known as root :-p ), so the user name is not involved. Use a good password (if any) for root and possibly disable root login via ssh, and you're fine. I installed and use OpenBSD 3.9 as Internet gateway in our company, installed it via floppy disk. If it's possible, can you pls give me pointers how to do it? Thank you very much! It is. See below. But don't. You'll screw things up. See below. /Alexander P.S. Now look what you made me do! -- $ sudo chpass root changing name to root1 $ sudo chpass root1 sudo: no passwd entry for root! $ sudo anything sudo: no passwd entry for root! $ su - su: unknown login root $ su root1 - Password: # chpass root chpass: unknown user: root # chpass root1 changing name back to root # exit $ sudo chpass root chpass: no changes made chpass: /etc/master.passwd: unchanged -- See? Don't do this! :-( D.S.
ProLiant with RILOE keyboard freezes after boot sometimes
Hello, has anyone else noticed that after booting, the keyboard on a ProLiant (DL380-G2) with the RILOE (Remote Insight Lights-Out Edition) card often freezes? If I take the RILOE card out, the kb is always ok. Rob Urban Here's my dmesg: OpenBSD 3.9 (GENERIC) #617: Thu Mar 2 02:26:48 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) III CPU family 1266MHz (GenuineIntel 686-class) 1.27 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,M MX,FXSR,SSE real mem = 1073307648 (1048152K) avail mem = 972660736 (949864K) using 4278 buffers containing 53768192 bytes (52508K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf pcibios0 at bios0: rev 2.1 @ 0xf/0x2000 pcibios0: PCI BIOS has 9 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:15:0 (ServerWorks OSB4 rev 0x00) pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x4000 0xee000/0x2000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 ServerWorks CNB20HE Host rev 0x23 pci1 at pchb0 bus 1 ppb0 at pci1 dev 3 function 0 Intel i960 RP PCI-PCI rev 0x05 pci2 at ppb0 bus 2 vga1 at pci2 dev 0 function 0 ATI Mach64 GV rev 0x7a wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Intel 80960RP ATU rev 0x05 at pci1 dev 3 function 1 not configured pchb1 at pci0 dev 0 function 1 ServerWorks CNB20HE Host rev 0x01 pchb2 at pci0 dev 0 function 2 ServerWorks CNB20HE Host rev 0x01 pchb3 at pci0 dev 0 function 3 ServerWorks CNB20HE Host rev 0x01 pci3 at pchb3 bus 7 Compaq PCI Hotplug rev 0x12 at pci3 dev 7 function 0 not configured ciss0 at pci0 dev 1 function 0 Compaq Smart Array 5i/532 rev.2 rev 0x01: irq 3 ciss0: 1 LD, HW rev 1, FW 2.62/2.62 scsibus0 at ciss0: 1 targets sd0 at scsibus0 targ 0 lun 0: COMPAQ, LOGICAL VOLUME, 2.62 SCSI0 0/direct fixed sd0: 17359MB, 17359 cyl, 64 head, 32 sec, 512 bytes/sec, 35553120 sec total fxp0 at pci0 dev 2 function 0 Intel 8255x rev 0x08, i82559: irq 5, address 00:08:02:8a:4b:fc inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 fxp1 at pci0 dev 4 function 0 Intel 8255x rev 0x08, i82559: irq 7, address 00:08:02:8a:4b:fb inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4 Compaq Netelligent ASMC rev 0x00 at pci0 dev 6 function 0 not configured piixpm0 at pci0 dev 15 function 0 ServerWorks OSB4 rev 0x51: SMBus disabled pciide0 at pci0 dev 15 function 1 ServerWorks OSB4 IDE rev 0x00: DMA atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: COMPAQ, CD-ROM SN-124, N102 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 1 ohci0 at pci0 dev 15 function 2 ServerWorks OSB4/CSB5 USB rev 0x04: irq 11, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: ServerWorks OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered isa0 at mainbus0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask ef4d netmask efed ttymask ffef pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: sd0 matches BIOS drive 0x80 root on sd0a rootdev=0x400 rrootdev=0xd00 rawdev=0xd02
Re: cpu1: unknown i686 model 1, can't get bus clock
Sevan / Venture37 wrote: I have just installed the 4.0-beta snapshot noticed a error message when booting GENERIC.MP cpu1: unknown i686 model 1, can't get bus clock the machine is a old IBM PC 365, dual p-pro. the machine was previously running 3.9-STABLE without any such errors. Can you please try the following patch? Note that this error isn't harmful at all, I just never saw this code tested by someone with a Pentium Pro CPU. :) Index: sys/arch/i386/i386/machdep.c === RCS file: /cvs/src/sys/arch/i386/i386/machdep.c,v retrieving revision 1.362 diff -u -d -p -r1.362 machdep.c --- sys/arch/i386/i386/machdep.c10 Jul 2006 19:45:22 - 1.362 +++ sys/arch/i386/i386/machdep.c9 Aug 2006 00:07:30 - @@ -2095,6 +2095,7 @@ p3_get_bus_clock(struct cpu_info *ci) break; } break; + case 0x1: /* Pentium Pro, model 1 */ case 0x3: /* Pentium II, model 3 */ case 0x5: /* Pentium II, II Xeon, Celeron, model 5 */ case 0x6: /* Celeron, model 6 */
Re: ProLiant with RILOE keyboard freezes after boot sometimes
Hello! When you turn on RILOE, local keyboard is turned of by RILOE. You may use remote keyboard. Correct me if I wrong, but how on ProLiant DL380-G2 installed Pentium III - 1266 Mhz? They have Xion*2 on a board. Artem V. Vydrin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Urban Sent: Wednesday, August 09, 2006 3:10 AM To: misc@openbsd.org Subject: ProLiant with RILOE keyboard freezes after boot sometimes Hello, has anyone else noticed that after booting, the keyboard on a ProLiant (DL380-G2) with the RILOE (Remote Insight Lights-Out Edition) card often freezes? If I take the RILOE card out, the kb is always ok. Rob Urban Here's my dmesg: OpenBSD 3.9 (GENERIC) #617: Thu Mar 2 02:26:48 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) III CPU family 1266MHz (GenuineIntel 686-class) 1.27 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, M MX,FXSR,SSE real mem = 1073307648 (1048152K) avail mem = 972660736 (949864K) using 4278 buffers containing 53768192 bytes (52508K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf pcibios0 at bios0: rev 2.1 @ 0xf/0x2000 pcibios0: PCI BIOS has 9 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:15:0 (ServerWorks OSB4 rev 0x00) pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x4000 0xee000/0x2000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 ServerWorks CNB20HE Host rev 0x23 pci1 at pchb0 bus 1 ppb0 at pci1 dev 3 function 0 Intel i960 RP PCI-PCI rev 0x05 pci2 at ppb0 bus 2 vga1 at pci2 dev 0 function 0 ATI Mach64 GV rev 0x7a wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Intel 80960RP ATU rev 0x05 at pci1 dev 3 function 1 not configured pchb1 at pci0 dev 0 function 1 ServerWorks CNB20HE Host rev 0x01 pchb2 at pci0 dev 0 function 2 ServerWorks CNB20HE Host rev 0x01 pchb3 at pci0 dev 0 function 3 ServerWorks CNB20HE Host rev 0x01 pci3 at pchb3 bus 7 Compaq PCI Hotplug rev 0x12 at pci3 dev 7 function 0 not configured ciss0 at pci0 dev 1 function 0 Compaq Smart Array 5i/532 rev.2 rev 0x01: irq 3 ciss0: 1 LD, HW rev 1, FW 2.62/2.62 scsibus0 at ciss0: 1 targets sd0 at scsibus0 targ 0 lun 0: COMPAQ, LOGICAL VOLUME, 2.62 SCSI0 0/direct fixed sd0: 17359MB, 17359 cyl, 64 head, 32 sec, 512 bytes/sec, 35553120 sec total fxp0 at pci0 dev 2 function 0 Intel 8255x rev 0x08, i82559: irq 5, address 00:08:02:8a:4b:fc inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 fxp1 at pci0 dev 4 function 0 Intel 8255x rev 0x08, i82559: irq 7, address 00:08:02:8a:4b:fb inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4 Compaq Netelligent ASMC rev 0x00 at pci0 dev 6 function 0 not configured piixpm0 at pci0 dev 15 function 0 ServerWorks OSB4 rev 0x51: SMBus disabled pciide0 at pci0 dev 15 function 1 ServerWorks OSB4 IDE rev 0x00: DMA atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: COMPAQ, CD-ROM SN-124, N102 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 1 ohci0 at pci0 dev 15 function 2 ServerWorks OSB4/CSB5 USB rev 0x04: irq 11, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: ServerWorks OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered isa0 at mainbus0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask ef4d netmask efed ttymask ffef pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: sd0 matches BIOS drive 0x80 root on sd0a rootdev=0x400 rrootdev=0xd00 rawdev=0xd02
Re: sshd question
On Tue, Aug 08, 2006 at 10:04:03AM +0200, holger glaess wrote: i hope this list is the right one for my question . i look for an funktion to limit the login by name AND ip range. example. root login ALLOW from www.xxx.yyy.zzz deny from all myname login ALLOW from all deny from www.xxx.yyy.zzz The OpenBSD sshd is compiled with libwrap support. Please see: man 5 hosts.allow man 5 hosts.deny Have a great day! -jeff
Re: problems compiling -current kernel
Today, I compile OpenBSD 4.0 beta, sucessfully, both Kernel and Userland without problems. the dmesg is here: http://bsdguy.net/data/dmesg-4.txt Thank you for the support. On 8/8/06, Henning Brauer [EMAIL PROTECTED] wrote: * Francisco Valladolid [EMAIL PROTECTED] [2006-08-08 08:25]: Today I update my src tree in -current, I have some problems compiling it. the -current guide in OpenBSD FAQ, dodn't contain sufficient support for me at this moment. that's a very very very strong hint that you should just use snapshots then. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) -- --- BSD - Unix simplicity. Francisco Valladolid Hdez. [EMAIL PROTECTED]
Re: ProLiant with RILOE keyboard freezes after boot sometimes
Robert Urban wrote: Hello, has anyone else noticed that after booting, the keyboard on a ProLiant (DL380-G2) with the RILOE (Remote Insight Lights-Out Edition) card often freezes? If I take the RILOE card out, the kb is always ok. WARNING: Complete and total speculation (or Wild-A**ed-Guess) ahead!! Rob Urban Here's my dmesg: OpenBSD 3.9 (GENERIC) #617: Thu Mar 2 02:26:48 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC ... wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 fact OpenBSD tends to get really unhappy if you switch the mouse. http://www.openbsd.org/faq/faq12.html#i386smouse The symptom is often a complete lock of the keyboard. /fact WAG I'm wondering if the RILOE card (I've never used one, see disclaimer above) acts as a KVM switch between the physical devices and the RILOE board. If so..it might cause the symptoms you describe. IF there is a physical cable that can be unpluged to keep the thing from providing a PS/2 mouse, do so. I suspect we won't get that lucky. If there isn't a physical cable, it might be interesting to use ukc to disable pms and see if that avoids the problem. I have no idea if that does solve the problem with switching an unused mouse, never thought to try it before...I'll have to play with that. :) /WAG Nick.
Re: Smallest OpenBSD box
On 8/8/06, Diana Eichert [EMAIL PROTECTED] wrote: You didn't provide all your requirements for your firewall. How many PPS do you need to support? This will drive what kind of hardware you should get, not just physical size and number of interfaces. diana Thankyou so much Andreas and Zoombix :-) Yes Diana, Sorry for that :-( I am unable to say the exact PPS but the following things are supposed to happen behind the firewall. 1) Website browsing from approximately 30-50 sers 2) Checking email for approximately 30-50 users 3) Using Skype 5-7 Users 4) SSH connections to Seervers on the Internet - approx 10 connections at a time 5) FTP uploads to 2-5 Servers at the same time. It is something like a SOHO setup. Thankyou so much :-) Kind Regards Siju
Re: Tuning OpenBSD network throughput
On Tue, 8 Aug 2006, Matthew R. Dempsky wrote: but running ``iperf -c 192.168.10.1'' under OpenBSD reported a mere 3.8 Mbits/sec---nearly two orders of magnitude less! The version of iperf in ports is broken for at least i386. It needs a patch to run correctly. I wrote one but someone replied it doesn't work on other architecture (amd64 iirc) after that. I didn't bother to look into it as I have only i386 machines. Use version 1.x or write a patch for 2.x and submit it :-) -- Antti Harri
Re: carp in PF interface context.
On Tue, Aug 08, 2006 at 12:33:23PM +0200, Henning Brauer wrote: Why the carp interface cannot be used in context of the interface? well, because it is that way. Because of the way that the routing currently works, if both the carpdev 'physical' interface and the carp interfaces have addresses on the same subnet, incoming traffic to the carp address will appear on the carp interface, while outgoing traffic will appear on the physical interface. This causes some confusion for PF in the case of interface-bound states, and perhaps some other situations. If there is no address on the same segment on the physical interface, both directions of traffic traverse the carp interface. Rather than try to explain that you need some kind of hacked up workaround in case A (which gets easier with interface groups, but probably would need some code changes to be really useable), and a different approach for case B, we decided to make all traffic appear on the physical interface. It's a single case to remember, and the behaviour is consistent. We may have the opportunity to fix this behaviour in the future, as changes are made to the routing code, and changes are being contemplated for CARP routing behaviour. But for now, henning is correct. Because it is that way.
Re: Tuning OpenBSD network throughput
Matthew R. Dempsky wrote: I have three machines that I'm using for testing network performance: - 2.0GHz Pentium 4, 256MiB RAM, Ubuntu 6.06, e1000 - 266MHz Pentium II, 192MiB RAM, Debian Unstable, sk98lin - 600MHz Pentium M, 256MiB RAM, OpenBSD 4.0-current, em(4) [cut] Can anyone explain the huge discrepancy here? Can I do anything to get OpenBSD to achieve at least 150 Mbits/sec? Thanks. Besides certain compex cards (wb driver, 3.8, with queuing under PF), I haven't had any strange problems with bandwidth either (testing plenty of fxp, xl, rl, vr cards). Well, there were some, but that's different subject regarding cbq/hfsc and non-borrowing queues, at certain speeds. You can try few other methods to measure bandwidth. For example: - 2 nc, one reading from /dev/zero, the other writing to /dev/null - out of box openbsd's httpd, wget writing to /dev/null - some ftp transfer or even scp from dd's premade file (disk shouldn't really be a bottleneck at fast ethernet speeds, neither should be encryption with not hopelessy old cpu) Pair these with some simple PF setting using queues, and watch the bandwidth with pftop, systat, ifstat or pfctl -vvsq to name a few. Time command can be helpful too. Also, remember that queuing works only in outgoing direction, if you decide to use it.
