Re: soekris boot console
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Gustavo, Gustavo Rios wrote: It sound very strange, i see no soekris output. I am using a female-male cable connector with a gender changer adapter on one cable end. hm... that doesn't sound like a NULL-Modem cable to me... Are you 100% sure that you're using a Null Modem cable to connect between your Laptop/PC and the Soekris? Welcome to the world of RS-232 ;-) (may be the hell of RS-232) Could it be the problem ? most likely... If you have 2 serial ports on your PC running OpenBSD, you could try to enable the console on port 1 and use tip on port 2 to connect to port... just make sure it's not the soekris box... (which I doubt it is). regards, Marian iD8DBQFFEPB9gAq87Uq5FMsRAlscAKDVPbGghtB4S1vzd84XwyHyGKJypwCfdqXP aYCRu1sDaoviNY5uuqegUh0= =2JZ9 -END PGP SIGNATURE-
Re: FTP-Proxy
* or a machine with dual nics - one inside and one outside the firewall. * *Rod Dorman wrote: *This is effectively getting rid of the PIX! * *If its got both an inside and outside interface it can be configured as *a gateway such that any inside host can get outside completely bypassing *the PIX. Are you sure your network admins are OK with that? Ok - never write tehnical mails after 14 hours on a plane - they make no sense!!! In a nutshell, I need to know if I can use ftp-proxy on a machine inside our current PIX firewall. If it will only run on a machine running PF acting as the main firewall/gateway then I'm out of luck. I will not be using it if the only way would be a nic inside and outside of the firewall. Sorry for the confusion (and thanks for the reply Rod) Alan
Re: FTP-Proxy
On 20. sep. 2006, at 10.22, Alan Smith wrote: * or a machine with dual nics - one inside and one outside the firewall. * *Rod Dorman wrote: *This is effectively getting rid of the PIX! * *If its got both an inside and outside interface it can be configured as *a gateway such that any inside host can get outside completely bypassing *the PIX. Are you sure your network admins are OK with that? Ok - never write tehnical mails after 14 hours on a plane - they make no sense!!! In a nutshell, I need to know if I can use ftp- proxy on a machine inside our current PIX firewall. If it will only run on a machine running PF acting as the main firewall/gateway then I'm out of luck. I will not be using it if the only way would be a nic inside and outside of the firewall. Sorry for the confusion (and thanks for the reply Rod) Alan Hi, A few thoughts for you to explore: 1. A good number of web browsers etc support authenticated ftp 'upload' via a proxy (e.g. squid), thus fixing your problem - googling direct you on this... 2. if you can put an openbsd box on the inside of the PIX, and make the client traffic go via it (e.g. their default gateway), then you can use the ftp-proxy. 3. recent PIXen support WCCP2 protocol, as does squid (i believe it's just a GRE tunnel basically), so maybe you could run squid on openbsd to direct traffic appropriately, once redirect from the PIX. food for thought anyway /Pete
Re: trying to build mod_python on OpenBSD
On Tue, Sep 19, 2006 at 04:49:07PM -0600, edgar mortiz wrote: trying to build mod_python on OpenBSD 3.7 with the following configuration. Python 2.4 (source build) --disabled-share Apache 2.0.59 --enable-so mod_python 3.2.10 --with-apxs I was able to get as far as the make part on mod_python but whenver i do make install mod_python breaks I've been looking at how the build goes and the only think that looks like it's not cooperating is this part *** Warning: linker path does not have real file for library -lpython2.4. *** I have the capability to make that library automatically link in when *** you link to this library. But I can only do this if you have a *** shared version of the library, which you do not appear to have *** because I did check the linker path looking for a file starting *** with libpython2.4 and none of the candidates passed a file format test *** using a regex pattern. Last file checked: /usr/local/lib/python2.4/config/libpython2.4.a *** Warning: libtool could not satisfy all declared inter-library *** dependencies of module mod_python. Therefore, libtool will create *** a static module, that should work as long as the dlopening *** application is linked with the -dlopen flag. looks like libtool doesn't like my python source brewed. any suggestions would be gladly appreciated. You disabled shared libraries in the Python build, and mod_python needs those. At least, that's what it looks like. It appears there is some support for FastCGI and Python (see http://www.fastcgi.com); you might want to give that a try. It could be accomplished without any custom stuff, even: Apache 1.3 from base, www/mod_fastcgi, lang/python and www/py-jonpy should suffice. (Disclaimer: I know very little about Python, and nothing about py-jonpy.) Joachim
Re: FTP-Proxy
On Wed, Sep 20, 2006 at 09:22:51AM +0100, Alan Smith wrote: * or a machine with dual nics - one inside and one outside the firewall. * *Rod Dorman wrote: *This is effectively getting rid of the PIX! * *If its got both an inside and outside interface it can be configured as *a gateway such that any inside host can get outside completely bypassing *the PIX. Are you sure your network admins are OK with that? Ok - never write tehnical mails after 14 hours on a plane - they make no sense!!! In a nutshell, I need to know if I can use ftp-proxy on a machine inside our current PIX firewall. If it will only run on a machine running PF acting as the main firewall/gateway then I'm out of luck. I will not be using it if the only way would be a nic inside and outside of the firewall. ftp-proxy interfaces with the OpenBSD pf(4) system to allow FTP through. However, FTP traffic should be largely the same on both sides of the gateway (replies will be sent to the firewall, and not to the internal box), so it will not help in bypassing a firewall other than on the machine that is running ftp-proxy. Various tunneling options are available, of course... Joachim
Re: Help with chroot
On Tue, Sep 19, 2006 at 09:59:38PM -0400, Kim Mackey wrote: OK, I finally have it working at about 99%. Maybe not quite that much depending on how you look at it. the final problem I am having is probably related to how I set up my network when I installed OpenBSD 3.9 In previous installations of OpenBSD I just accepted the defaults during the network card setup and everything worked out ok. this time I have been struggling with my host name and domain name. The problem for me right now is I don't have a domain name for this network and before my domain was just defaulted to my.domain. But now It seems to want to act like I am some how a DNS or something, I'm not sure. Anyway the symptom is that when I visit my wiki site I go there with the url 192.168.1.106/wiki/ but as it starts to load the page it changes my url to myhost.my.domain/wiki/index.php/Main_Page and then fails to load. but if I type the url as 192.168.1.106/wiki/index.php/ Man_Page it will load the page just fine. From there I can click on the links and every thing continues to work fine. (On some pages if I leave the page up for a little while it will automaticallyswithc the url to the myhostname.my.domain and fail to load. I just retype the url with my local IP and things load back up fine again, but I have to leave that page or it will fail again. I hope I can fix this problem without having to reinstall OpenBSD (and all) again. As suggested, using /etc/hosts is a good option. It's also not too hard to change your host- and domainname, but that is probably not what you want to do. For a more simplistic solution, look up ServerName in /var/www/conf/httpd.conf. Joachim
Re: BGP router now running desperately low on memory [epilogue]
Hi all, Just to make sure nobody's sitting and wondering what happened with this thread, then here's a final mail with a short description of what's cooking right now and what was boiling back then. Below you'll find: - case - situation - conclusion - physical connection - hardware - a few tips ## Case: # ## When I added another bgp peer to my router the overall network/routing performance on the server was brought to an almost staggering halt until I downed the bgp session again. ## Situation: # # At first I had warp-speed on the wire and all tests on the connection (*) seemed okay. Trivialities like speed-, duplex-, mtu settings etc. was agreed upon before the connections was established. The time elapsed from initiating the BGP session to severe performance degradation was 2 minutes and if I did not down the BGP session within the next minute (literally) then routing and network performance would drop like a piano out of the sky. In short I was using all mbuf (Kbytes allocated to network 97%). Raising kern.maxclusters stepwise gave me a short lived break until I reached a given point (see tips below). Above that I gained nothing and stopped raising it any further. The new carrier had a lot of alignment errors (CRC/FCS) and packet size problems (Jabbers/rxOversizedPkts) in their log / on their side. We both had heavy packelosses after these few minutes. 'tcpdump' did not reveal any significant signs of a sick connection on my side. A lot of testing has been done since. The connections however, is still not running but adjustments on the peers side and replacements on the connection itself has raised the panic-threshold from 2min. to around 18min. before disaster strikes. Conclusion: # ### I'll receive a fiber directly to my front door from the new peer shortly i.e. we'll bypass the copper-fiber-copper connection. I don't like not being able to pinpoint the problem before moving on, but I have no way of seeing what's going on on the other side. I have an idea that the Cisco box and the converters do not like each other, but again it's only a guess. What I do know is that an error-prone connection combined with a well connected BGP peer, can jeopardize an entire bgp routers performance. BGP can not see how well the connection is runing - it can only see link and link = traffic = congestion. I can not claim to have found the 'holy grale' in BGP troubleshooting but I can rightfully claim that I've eliminated my OpenBGPD as source of error (both as i386 and amd64) and I can also rightfully claim to have found a few settings that actually makes a difference. If the carrier find the problem and inform me, I will of course inform all of you as well. ## Physical connection: # ## We are terminating with this carrier in a FE port but due to the distance between them and us at the datacenter location, a FDDI connection was placed in between like: [our router][100baseTX][IMC**]//..fiber..//[IMC**][100baseTX][switch integrated in a Cisco 7200 iron][Cisco iron itself/router] * Attenuation on the FDDI part was 1.2db respectively 1.3db which is not brilliant, but okay. More importantly it's within the specifications of the IMC's. ** (IMC = MOXA Industrial Media Converter 101 a.k.a. IMC-101 for both Single- and Multi mode / SC connectors. We even replaced these with MOXA EDS-208-M-SC (larger model) as well). All Cat6 STP cables has been replaced more than once and the fiber once. ## Hardware: # ## My OpenBGPD setup is plain-vanilla with 4 BGP peers, one eBGP peer and two public networks on the inside (700+ servers). The BGP box I have (OpenBSD 3.9 -stable / amd64 / bsd.mp) is a serverworks based box with 2GB of ram per cpu, Intel PRO/1000MT dual and quard server nic's, U320 SCSI etc., etc. - i.e. this is not about exhaustion due to inferior or inadequate hardware. My network performance related sysctl settings: net.inet.ip.ifq.maxlen=250 kern.maxclusters=32768 (this has been tested stepwise (~6500 at a time) from the std. setting [6144] and up) Note_0: normally I run this on a i386 Xeon based box with 4GB of ram, but the box is down for upgrade/maintenance, hence the temporary amd64 arch. Note_1: the new boxes I'm building has a 64-bit Xeon cpu, 2GB of ram, Syskonnect nics and i386 as arch. ### A few tips: # ## The tips I've put below are all confirmed successes and a mixture of experience, what I've been told by Henning/Claudio and what I've seen on this list (some of the sysctl settings). The important thing is that they actually work. 0 - run busy BGP routers on i386 compared to amd64 1 - run busy BGP routers on [serverworks based] single cpu systems. 2 - run busy BGP routers on 2GB of memory at the most. On a healthy box going from 4 GB of ram to 2GB gives a drop on almost 20% in 'Kbytes
Re: Throwing exceptions over shared library boundaries in C++
On Wed, Sep 20, 2006 at 05:10:22PM +0200, Ian Delahorne wrote: I've run into a problem with throwing (or rather, catching) exceptions over shared library boundaries in 3.9. When I try to catch an exception in my application that has been thrown inside a shared library, the exception isn't caught, but instead causes the program to exit with SIGABRT. If I link statically it works (not surprising), but this also works on OpenBSD 3.7 when linked dynamically. I wrote a simple application to test this, available at http://www.stacken.kth.se/~ian/exception_test.tar.gz. Am I missing something when compiling? Or has something radically changed in 3.9? Shared libraries are to be built using the C/C++ frontend, not ld directly. If your Makefile is changed from $(LD) -shared test.o $(LIBS) -o $(TARGET) -lstdc++ to $(CXX) -shared test.o $(LIBS) -o $(TARGET) -lstdc++ It appears to catch the exception just fine. Dale Rahn [EMAIL PROTECTED]
Re: Throwing exceptions over shared library boundaries in C++
On Wed, 2006-09-20 at 11:22 -0500, Dale Rahn wrote: On Wed, Sep 20, 2006 at 05:10:22PM +0200, Ian Delahorne wrote: I've run into a problem with throwing (or rather, catching) exceptions over shared library boundaries in 3.9. When I try to catch an exception in my application that has been thrown inside a shared library, the exception isn't caught, but instead causes the program to exit with SIGABRT. If I link statically it works (not surprising), but this also works on OpenBSD 3.7 when linked dynamically. I wrote a simple application to test this, available at http://www.stacken.kth.se/~ian/exception_test.tar.gz. Am I missing something when compiling? Or has something radically changed in 3.9? Shared libraries are to be built using the C/C++ frontend, not ld directly. If your Makefile is changed from $(LD) -shared test.o $(LIBS) -o $(TARGET) -lstdc++ to $(CXX) -shared test.o $(LIBS) -o $(TARGET) -lstdc++ It appears to catch the exception just fine. Ah, thanks for pointing that out. /Ian
Re: trying to build mod_python on OpenBSD
I'll try that dimitry and see if it's possible for me to build mod_python on apache 1.3.29 that comes with OpenBSD :) On 9/19/06, Dimitry Andric [EMAIL PROTECTED] wrote: edgar mortiz wrote: trying to build mod_python on OpenBSD 3.7 with the following configuration. Python 2.4 (source build) --disabled-share Apache 2.0.59 --enable-so mod_python 3.2.10 --with-apxs OpenBSD comes with Apache 1.3.29, so you should try mod_python 2.7.1 instead. A quick test here shows that at least compiles and installs without any problems, using the system Apache and the python 2.4 port. Whether it actually works in the chroot, I haven't tried yet... :)
Re: BGP router now running desperately low on memory [epilogue]
Stuart Henderson wrote: On 2006/09/20 17:05, Per Engelbrecht wrote: The BGP box I have (OpenBSD 3.9 -stable / amd64 / bsd.mp) is a serverworks based box with 2GB of ram per cpu, Intel PRO/1000MT dual and quard server nic's, U320 SCSI etc., etc. - i.e. this is not about exhaustion due to inferior or inadequate hardware. which serverworks? I'm not entirely happy with my ht1000 boards. and, any particular reason you chose to run amd64 on them rather than i386? *ServerWorks BCM5785 (Tyan Thunder / Opteron200) respectively *Intel 7500 chipsets (SuperMicro / Xeon) Using serverworks kinda ensures a steady/fast platform with excellent bus IO. * *No it's the other way around - I prefer i386 on network critical installations like my BGP routers. The current amd64 box was what I had at the moment when I made a switch two weeks ago. thanks for the update. Anytime. /per [EMAIL PROTECTED]
Setting Up A Wireless and Wired Network
I want to create a single network, 192.168.1.0/24. I want to be able to access it either from a wired connection on xl0 or a wireless connection on ral0. I am using dhcpd. What's the best way to set this up? I want one single network. My thoughts: xl0 - 192.168.1.1/255.255.255.0 ral0 - 192.168.1.2/255.255.255.0 dhcpd - listening on both xl0 and ral0 This would create a problem though, because the routing tables would be all screwed up. I would have to also create a bridge between the two, correct? So: bridgename.bridge0 - add xl0 add ral0 up. Is this the best way to do it. I essentially want one network available on both cards, so wired or wireless, to be transparent. TIA. -James Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Free, functional and sort of secure.
http://www.ruxcon.org.au/presentations.shtml#3 Exploiting OpenBSD - Ben Hawkes Free, functional and sort of secure. This presentation explores the cutting edge of exploit development on an OpenBSD system. Topics discussed will include the stack-smashing protector (SSP/ProPolice), Address Space Layout Randomization (ASLR), the custom OpenBSD malloc implementation, and various other points of interest. Both previously known and unknown attacks will be covered. Some prior exploit development knowledge is assumed.
Re: Setting Up A Wireless and Wired Network
On 9/20/06, stupidmail4me [EMAIL PROTECTED] wrote: I want to create a single network, 192.168.1.0/24. I want to be able to access it either from a wired connection on xl0 or a wireless connection on ral0. I am using dhcpd. What's the best way to set this up? I want one single network. My thoughts: xl0 - 192.168.1.1/255.255.255.0 ral0 - 192.168.1.2/255.255.255.0 dhcpd - listening on both xl0 and ral0 This would create a problem though, because the routing tables would be all screwed up. I would have to also create a bridge between the two, correct? So: bridgename.bridge0 - add xl0 add ral0 up. Is this the best way to do it. I essentially want one network available on both cards, so wired or wireless, to be transparent. TIA. -James Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com Check out trunk(4). I believe it gives an example pretty darn close to this.
optop on 3.9
hi, some time ago i configured poptop on openbsd 3.6 falowing this guide: http://articles.techrepublic.com.com/5100-1035-6031577.html it was working well now im trying to do same on openbsd 3.9 and it doesnt work :( i can connect to vpn fine, but cant connect any host to remote network maybe someone knows where is problem and how to fix that ? franky
OpenBSD 4.0 pre-orders are up
We have activated OpenBSD 4.0 pre-orders. The official release date is November 1. For more information on the release, please see http://www.openbsd.org/40.html (but note this page is still receiving sporatic updates, as developers update it to comtain more mentions of what they did over the last 6 months). As always, some people may receive their orders earlier, based on order submission timing! :) We are also seperately releasing a compilation audio CD of all the OpenBSD release songs we have made up to now. This CD contains 13 tracks. Those are the songs from 3.0 - 4.0, plus one accoustic version. And also an extra track by Ty Semaka about the artistic process involved in creating the OpenBSD artwork and music each release.. all this has been properly mixed, and I must admit I was quite stunned listening to this CD a few days ago... it is incredibly cohesive and enjoyable listening to the songs in sequence. Two additional factoids about the audio cd: The theme of the cover is that Ty Semaka has had puffy on his mind. And the thing on his head is a toy you can buy at the Calgary Airport..
IPSec routing problem when using UDP
Hello misc! We are experiencing what seems to be a routing problem when using ipsec flows and udp traffic. We are using OpenVPN for the employees to connect from the outside world to our network. It is configured to use UDP. At the same time, this box has an ipsec tunnel configured to talk between different offices in different countries. The problem seems to be that, at some point in time, all the udp packets coming from anywhere end up being routed through the enc0 interface, when some of them (the ones coming through the Internet and not from our other office) should be routed normally, without using any ipsec flow. This of course causes all OpenVPN connection attempts coming from the Internet to fail, as they will never receive an aswer from the server. This is not the first time we've encountered this behaviour. I've also seen this happening when using named together with ipsec tunnels. The very same thing would happen (ie, packets that should go to the Internet being routed via enc0). We have just realised that in both cases, OpenVPN and named, UDP might be in use. When the OpenVPN server begins to misbehave, I can still connect via ssh from the Internet (thus discarding TCP issues). To solve this we have to flush the ipsec tunnels. This seems to solve the issue. The pf rules seem to be alright, keeping state for udp connections. The only thing that we may be doing wrong is the ipsec flow configuration, but why would it work for some time, to show the detailed behaviour only after a couple of hours? I'll appreciate your input, Martmn.
Re: USB hard drives
I use OpenBSD 3.8 on a Powerbook G4, and when I connect my USB external hard drive, this is my output: Sep 20 12:10:41 Apocalypsis /bsd: umass0 at uhub0 port 1 configuration 1 interface 0 Sep 20 12:10:43 Apocalypsis /bsd: Sep 20 12:10:43 Apocalypsis /bsd: umass0: Prolific Technology Inc. Mass Storage Device, rev 2.00/1.00, addr 2 Sep 20 12:10:43 Apocalypsis /bsd: umass0: using SCSI over Bulk-Only Sep 20 12:10:43 Apocalypsis /bsd: scsibus1 at umass0: 2 targets But how can I mount it ??? Regards --- Default User [EMAIL PROTECTED] escribis: On 2006/09/16 23:49, Default User wrote: Does OpenBSD 3.9 RELEASE support usb external hard drives? On Sun, 2006-09-17 at 02:21 +0100, Stuart Henderson wrote: Generally yes, this type of drive is supported by umass(4). CONFIRMED. At least the Seagate 6Gb pocket USB external hard drive works fine under OpenBSD i386 RELEASE. It does indeed use the umass driver, which is already installed by default. It works on both a desktop workstation and a laptop. Thanks for the replies.
Re: mbuf leak with rl
On Wed, Sep 20, 2006 at 10:29:10AM -0500, Karle, Chris wrote: That looks suspect to me; that seems like a lot for cable modem level traffic. I'd check if your mbufs number ever goes down. I've rechecked the output of netstat -m occasionally since then, and I haven't seen them go down at all--only steadily increase. As of typing this email, the output is: $ netstat -m 3616 mbufs in use: 3593 mbufs allocated to data 6 mbufs allocated to packet headers 17 mbufs allocated to socket names and addresses 855/870/6144 mbuf clusters in use (current/peak/max) 2656 Kbytes allocated to network (98% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines
Re: USB hard drives
On 9/20/06, Rafael Morales [EMAIL PROTECTED] wrote: I use OpenBSD 3.8 on a Powerbook G4, and when I connect my USB external hard drive, this is my output: Sep 20 12:10:41 Apocalypsis /bsd: umass0 at uhub0 port 1 configuration 1 interface 0 Sep 20 12:10:43 Apocalypsis /bsd: Sep 20 12:10:43 Apocalypsis /bsd: umass0: Prolific Technology Inc. Mass Storage Device, rev 2.00/1.00, addr 2 Sep 20 12:10:43 Apocalypsis /bsd: umass0: using SCSI over Bulk-Only Sep 20 12:10:43 Apocalypsis /bsd: scsibus1 at umass0: 2 targets But how can I mount it ??? http://www.openbsd.org/faq/faq14.html#flashmem
Re: USB hard drives
On Wed, Sep 20, 2006 at 12:26:48PM -0500, Rafael Morales wrote: I use OpenBSD 3.8 on a Powerbook G4, and when I connect my USB external hard drive, this is my output: Sep 20 12:10:41 Apocalypsis /bsd: umass0 at uhub0 port 1 configuration 1 interface 0 Sep 20 12:10:43 Apocalypsis /bsd: Sep 20 12:10:43 Apocalypsis /bsd: umass0: Prolific Technology Inc. Mass Storage Device, rev 2.00/1.00, addr 2 Sep 20 12:10:43 Apocalypsis /bsd: umass0: using SCSI over Bulk-Only Sep 20 12:10:43 Apocalypsis /bsd: scsibus1 at umass0: 2 targets On my (i386) box, a USB key: umass0 at uhub1 port 2 configuration 1 interface 0 umass0: Packard Portable Player, rev 1.10/10.01, addr 2 umass0: using SCSI over Bulk-Only scsibus1 at umass0: 2 targets sd0 at scsibus1 targ 1 lun 0: Packard, Portable Player, 0100 SCSI2 0/direct removable sd0: 489MB, 122 cyl, 64 head, 32 sec, 2048 bytes/sec, 250560 sec total As one could imagine, disklabel sd0 gives the information required... however, if you don't have a 'sd0' type message, you'd need someone who actually knows something about hardware. Joachim
Re: mbuf leak with rl
Looks like you're experiencing the same quirk that me and another gentlemen have. We all have rl interfaces on cable modems. I replaced my rl with a different interface and have had no problems since. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew R. Dempsky Sent: Wednesday, September 20, 2006 1:37 PM To: misc@openbsd.org Subject: Re: mbuf leak with rl On Wed, Sep 20, 2006 at 10:29:10AM -0500, Karle, Chris wrote: That looks suspect to me; that seems like a lot for cable modem level traffic. I'd check if your mbufs number ever goes down. I've rechecked the output of netstat -m occasionally since then, and I haven't seen them go down at all--only steadily increase. As of typing this email, the output is: $ netstat -m 3616 mbufs in use: 3593 mbufs allocated to data 6 mbufs allocated to packet headers 17 mbufs allocated to socket names and addresses 855/870/6144 mbuf clusters in use (current/peak/max) 2656 Kbytes allocated to network (98% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines
Re: Setting Up A Wireless and Wired Network
On 2006/09/20 09:30, stupidmail4me wrote: I want to create a single network, 192.168.1.0/24. I want to be able to access it either from a wired connection on xl0 or a wireless connection on ral0. I am using dhcpd. I take it you mean you're setting up an access-point? If so, and as you say you want a single broadcast domain rather than a routed network, bridge the two networks, put an IP address on one, for the other you just need to set it to up in hostname.if. dhcpd only wants to listen to the interface having the IP address.
Re: optop on 3.9
? I have found that supplying users of Poptop an ip used on the internal network segment does not work. I don't know if its something to do with the spoofing rules or not that may have changed how the poptop sessions are handled. What I do is add an alias to the internal network interface and designate that for the Poptop connections. So, if the servers are on 192.168.99.x, I add an alias to the internal network card of 192.168.100.x and have poptop pass that out.. I then add the 192.168.100.x to the trusted rules to allow it where I want it to go. In doing this, it works well but, yes, there is a noticiable change from bsd 3.5/3.6 and 3.9 for this. Likely a change in 3.7 or 3.8 as well. There might be other ways to handle this, but this is the only one that I used with success. Good luck James Mackinnon Devantec Solutions From: [EMAIL PROTECTED] on behalf of Jons Plunts Sent: Wed 9/20/2006 2:54 PM To: misc@openbsd.org Subject: optop on 3.9 hi, some time ago i configured poptop on openbsd 3.6 falowing this guide: http://articles.techrepublic.com.com/5100-1035-6031577.html it was working well now im trying to do same on openbsd 3.9 and it doesnt work :( i can connect to vpn fine, but cant connect any host to remote network maybe someone knows where is problem and how to fix that ? franky
OT Media-Converters, was Re: BGP router now running desp. low on mem.
Hi, ## Physical connection: # ## We are terminating with this carrier in a FE port but due to the distance between them and us at the datacenter location, a FDDI connection was placed in between like: [our router][100baseTX][IMC**]//..fiber..//[IMC**][100baseTX][switch integrated in a Cisco 7200 iron][Cisco iron itself/router] * Attenuation on the FDDI part was 1.2db respectively 1.3db which is not brilliant, but okay. More importantly it's within the specifications of the IMC's. ** (IMC = MOXA Industrial Media Converter 101 a.k.a. IMC-101 for both Single- and Multi mode / SC connectors. We even replaced these with MOXA EDS-208-M-SC (larger model) as well). I think here you have the Problems. I can't see any FDDI stuff in this drawing so I will assume for the moment that is just a FDDI type fiber you are connected to and everything else is Ethernet. The IMC-101 is just a plain media-converter without any Layer-2 capabilities according to http://www.moxa.com/product/IMC-101.htm but they are not completely dumb devices, so one has to be careful with them. In the connection above there is something very important to know: Autonegotiation activated in any part of the setup is a bit like playing russian roulette. Either the whole chain supports it perfectly or you are fd. Make sure that you have Autonegotiation off _everywhere_ and everything is set and bolted to Fullduplex otherwise you might get the strangest and hard to trace errors. I helped someone troubleshoot a similar setup at his decix connection a few years ago and they've been swapping media-converters back and forth till we just used a switch as media converter catching the FDX/HDX issue in the middle so the end's where happy and some people where wondering for a few weeks to who the new mac address (of the switch) belonged which suddenly appeared in the decix mesh till the link got switched over to fiber end to end. I am not of the opinion of the other poster, media-converters are not bad. But the are devices which need to be treated with respect, not everything can be transparently converted to other media. there normally aren't any flp-pulses on fiber since it is FDX by nature, so FDX/HDX negotiation is troublesome. some converters emulate it or catch the autoneg but wether the equipment you connect to the converter is capable of actually talking to it is also not for sure. -sm
usb connection to cable modem?
Hmmm, it appears that some cable modems have usb connections using usb bridge chips. Some usb bridge chips are supported by the cdce(4) device. Does anyone have experience connecting to a cable modem via usb? If so can you recommend a device that is supported by cdce(4)? thanks diana
Re: OT Media-Converters, was Re: BGP router now running desp. low on mem.
Just wanted to throw in my US$.02 worth on the media converter issue. At my place of employment a facility design decision was taken a few years ago mandating all fiber buildings. It was pretty obvious they were clueless about commodity h/w so now we have this huge installation of IMC media converters. We have seen the exact same issues related to auto negotiation with a lot of our hosts. diana
Re: mbuf leak with rl
On Wednesday 20 September 2006 20:36, Matthew R. Dempsky wrote: On Wed, Sep 20, 2006 at 10:29:10AM -0500, Karle, Chris wrote: That looks suspect to me; that seems like a lot for cable modem level traffic. I'd check if your mbufs number ever goes down. I've rechecked the output of netstat -m occasionally since then, and I haven't seen them go down at all--only steadily increase. As of typing this email, the output is: $ netstat -m 3616 mbufs in use: 3593 mbufs allocated to data 6 mbufs allocated to packet headers 17 mbufs allocated to socket names and addresses 855/870/6144 mbuf clusters in use (current/peak/max) 2656 Kbytes allocated to network (98% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines Same story, rl on cable modem, I do see it oscillating a bit, but the tendency is steadily up: 1834 mbufs in use: 1655 mbufs allocated to data 14 mbufs allocated to packet headers 165 mbufs allocated to socket names and addresses 428/658/6144 mbuf clusters in use (current/peak/max) 1812 Kbytes allocated to network (72% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines Compared to 1500 from a week ago. (no reboot in between) -- viq
Some recommendations on file locations sought
HI, I looked in the OpenBSD FAQ and documentation area, and cannot seem to find out the best place to keep my apache password files. According to the Apache docs (I couldn't find anything in the OpenBSD Site), they recommend I setup the path to the passwd file in /usr/local/apache/passwd They recommend I put the file in the bin directory or wherever I installed Apache. But I didn't install Apache, as it already came with my OpenBSD system. So using locate I determined the possible places I can put it. /usr/lib/apache Other directories are... /usr/sbin This also contains Apache binary stuff I'm at a loss on which directory to create my passwd directory... Would I create it in the /usr/lib or the /usr/local, or /usr/sbin, or does it matter? I'm also following the recommended permission settings as outlined in the Apache manual. Can someone please make a recommendation, or point me to any docs that might be in the OpenBSD Site... the only docs I could find is in the FAQ, and it only mentions operation of the server in chrooted mode, but nothing on setting it up. John
Re: Some recommendations on file locations sought
On Sep 20, 2006, at 3:11 PM, John Draper wrote: According to the Apache docs (I couldn't find anything in the OpenBSD Site), they recommend I setup the path to the passwd file in /usr/local/apache/passwd Since we're chrooted, how about: /var/www/usr/local/apache/passwd Basic rule of the chrooted server: /var/www == / -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: Some recommendations on file locations sought
John Draper [EMAIL PROTECTED] wrote: I looked in the OpenBSD FAQ and documentation area, and cannot seem to find out the best place to keep my apache password files. Somewhere in the chroot dir (/var/www) but not in the actual document root. Stick them in /var/www/conf or make a /var/www/passwd dir if you want, it doesn't matter. Adam
Re: Some recommendations on file locations sought
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] I looked in the OpenBSD FAQ and documentation area, and cannot seem to find out the best place to keep my apache password files. According to the Apache docs (I couldn't find anything in the OpenBSD Site), they recommend I setup the path to the passwd file in [snip] I'm at a loss on which directory to create my passwd directory... Would I create it in the /usr/lib or the /usr/local, or /usr/sbin, or does it matter? You'll find nothing because there is no such hard requirement. You can configure the path yourself in your .conf file, so they can be in an arbitrary location. That said, if you are using the chroot configuration (recommended) you'll probably need them under /var/www/. So since /var/www/conf/ is where the rest of the apache configuration lives, you could do a subdirectory under there and use that. Something like /var/www/conf/auth/ or whatever you like. DS
Re: Some recommendations on file locations sought
John Draper wrote: Can someone please make a recommendation, or point me to any docs that might be in the OpenBSD Site... the only docs I could find is in the FAQ, and it only mentions operation of the server in chrooted mode, but nothing on setting it up. All is ready and the server does already run in chrooted mode. If you need to put password for your server use by .htaccess for example, you need to make sure you put it in the space accessible by apache in chrooted mode. So, the default is to be inside /var/www, so you can put your password file(s) there, or you can even add a directory for your own use like /var/www/password and put your password file there in .htpasswd for example. Just make sure it is accessible by apache, but NOT is the web space of your site(s), meaning if your sites are configure to use /var/www/mysite, then DON'T put your password in that directory or any part of sub of it! Users accessible web space is not the same as server accessible space. Then your .htaccess setup would point to that file to check your users or password. If you have a lots of users, you can also use the dbm feature as well already there too. Best, Daniel
Re: OpenBSD 4.0 pre-orders are up
After looking at the page, the logo is real cool but I just wanted to make sure you read about this: http://mobilix.org/ or drag your attention to it. The owners of Asterix and Obelix aren't as friendly as their cartoons :-) Our releases are thematic parodies, specifically permitted by law.
Re: OpenBSD 4.0 pre-orders are up
Theo de Raadt wrote: We have activated OpenBSD 4.0 pre-orders. The official release date is November 1. For more information on the release, please see http://www.openbsd.org/40.html (but note this page is still receiving sporatic updates, as developers update it to comtain more mentions of what they did over the last 6 months). Hi, After looking at the page, the logo is real cool but I just wanted to make sure you read about this: http://mobilix.org/ or drag your attention to it. The owners of Asterix and Obelix aren't as friendly as their cartoons :-)
Re: OpenBSD 4.0 pre-orders are up
Theo de Raadt wrote: After looking at the page, the logo is real cool but I just wanted to make sure you read about this: http://mobilix.org/ or drag your attention to it. The owners of Asterix and Obelix aren't as friendly as their cartoons :-) Our releases are thematic parodies, specifically permitted by law. Ok just wanted to make sure :-)
Re: Some recommendations on file locations sought
On Wed, 20 Sep 2006, Daniel Ouellet wrote: John Draper wrote: Can someone please make a recommendation, or point me to any docs that might be in the OpenBSD Site... the only docs I could find is in the FAQ, and it only mentions operation of the server in chrooted mode, but nothing on setting it up. Assuming you run more than one virtual site, a good convention is: chroot: /var/www Site Home: /var/www/MySite1 HTML Docs: /var/www/MySite1/html Logs (if separate) /var/www/MySite1/logs Password file: /var/www/MySite1/password Note that the file 'pasword' is visible to Apache (inside the chroot), but is **NOT** visible to the home directory for that virtual host. (man htpasswd to manipulate password file) Lee Leland V. Lammert[EMAIL PROTECTED] Chief Scientist Omnitec Corporation Network/Internet Consultants www.omnitec.net
kernel rebuild - and rebuild userland?
This is in regards to a 3.9 system that I installed and am patching. After rebuilding the kernel (patches 007 and 009), is it , unnecessary, necessary, advised, or imperative to rebuild userland (FAQ 5.3.5)? Thanks, John
Re: kernel rebuild - and rebuild userland?
On Wed, 20 Sep 2006, John Costello wrote: This is in regards to a 3.9 system that I installed and am patching. After rebuilding the kernel (patches 007 and 009), is it , unnecessary, necessary, advised, or imperative to rebuild userland (FAQ 5.3.5)? Thanks, Imperative. Your programs might work, but they might not, or they might work unpredictably. The kernel, userland (and ports for that matter) are all intended to be kept in sync, not half -stable and half -release, so if you have a -stable kernel, you should have a -stable userland as well. i.e. yes, rebuild your userland. Hope this helps, Patsy
Re: kernel rebuild - and rebuild userland?
On 9/20/06, John Costello [EMAIL PROTECTED] wrote: After rebuilding the kernel (patches 007 and 009), is it , unnecessary, necessary, advised, or imperative to rebuild userland (FAQ 5.3.5)? Thanks, Not at all. If you keep with the patches (instead of the patch branch), you shouldn't need to rebuild world. Exceptions are patches to xorg, for which you'll need to build a new release for xorg.
Re: kernel rebuild - and rebuild userland?
On 9/20/06, Patsy [EMAIL PROTECTED] wrote: On Wed, 20 Sep 2006, John Costello wrote: This is in regards to a 3.9 system that I installed and am patching. After rebuilding the kernel (patches 007 and 009), is it , unnecessary, necessary, advised, or imperative to rebuild userland (FAQ 5.3.5)? Thanks, Imperative. Your programs might work, but they might not, or they might work unpredictably. The kernel, userland (and ports for that matter) are all intended to be kept in sync, not half -stable and half -release, so if you have a -stable kernel, you should have a -stable userland as well. i.e. yes, rebuild your userland. Even if he is just patching, not using -stable? Greg
Re: optop on 3.9
Jons Plunts wrote: hi, some time ago i configured poptop on openbsd 3.6 falowing this guide: http://articles.techrepublic.com.com/5100-1035-6031577.html it was working well now im trying to do same on openbsd 3.9 and it doesnt work :( i can connect to vpn fine, but cant connect any host to remote network maybe someone knows where is problem and how to fix that ? franky I use poptop on 3.9 and it works well. Do you want to post your configs ?
Re: kernel rebuild - and rebuild userland?
On 9/20/06, Patsy [EMAIL PROTECTED] wrote: On Wed, 20 Sep 2006, John Costello wrote: This is in regards to a 3.9 system that I installed and am patching. After rebuilding the kernel (patches 007 and 009), is it , unnecessary, necessary, advised, or imperative to rebuild userland (FAQ 5.3.5)? Thanks, Imperative. Your programs might work, but they might not, or they might work unpredictably. The kernel, userland (and ports for that matter) are all intended to be kept in sync, not half -stable and half -release, so if you have a -stable kernel, you should have a -stable userland as well. i.e. yes, rebuild your userland. the definition of stable would hopefully imply that little details like the kernel-userland API wouldn't change.
Re: kernel rebuild - and rebuild userland?
On Wed, 20 Sep 2006, Greg Thomas wrote: On 9/20/06, Patsy [EMAIL PROTECTED] wrote: On Wed, 20 Sep 2006, John Costello wrote: This is in regards to a 3.9 system that I installed and am patching. After rebuilding the kernel (patches 007 and 009), is it , unnecessary, necessary, advised, or imperative to rebuild userland (FAQ 5.3.5)? Thanks, Imperative. Your programs might work, but they might not, or they might work unpredictably. The kernel, userland (and ports for that matter) are all intended to be kept in sync, not half -stable and half -release, so if you have a -stable kernel, you should have a -stable userland as well. i.e. yes, rebuild your userland. Even if he is just patching, not using -stable? Greg I thought you did but after a brief search I can't find anything to suggest that you need to. Please ignore my last email. Sorry for the noise. Patsy
Re: kernel rebuild - and rebuild userland?
On Sep 20, 2006, at 8:10 PM, Patsy wrote: On Wed, 20 Sep 2006, John Costello wrote: This is in regards to a 3.9 system that I installed and am patching. After rebuilding the kernel (patches 007 and 009), is it , unnecessary, necessary, advised, or imperative to rebuild userland (FAQ 5.3.5)? Thanks, Imperative. Your programs might work, but they might not, or they might work unpredictably. The kernel, userland (and ports for that matter) are all intended to be kept in sync, not half -stable and half -release, so if you have a -stable kernel, you should have a -stable userland as well. i.e. yes, rebuild your userland. The OP is referring to the patch branch, not -stable. The only time rebuilding userland is necessary after a kernel errata is when the errata claims it is necessary. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
obsd installation on a live file system
Hi folks, i am preparing a boot server running openbsd for openbsd diskless clients. I am in doubt on how to fake a installation procedure on a directory tree, for instance: /export/client-[0-a]. I would like to install openbsd on each of the diskless client root directory. I tryied untar the tarballs, but the directory installation and its roofs where not the same a real installation. How can it be done? thanks in advance.
3 Jours Gratuits
Si vous disirez visualiser ce mail au format html, recopiez l'adresse suivante dans votre navigateur: http://www.eml-srv.net/view.html?id=2295ref=40669\n\n\n\nSi vous disirez vous disinscrire, il suffit de cliquer sur le lien privu ou de recopier l'adresse suivante dans votre navigateur: http://www.eml-srv.net/desabo.html?ope=2295[EMAIL PROTECTED]