Merry Christmas from AnthonysTshirts.com
Greetings! ~ Merry Christmas! Wishing you... and your family the Christmas season's joys and wonders. Enjoy the holiday. Sincerely, AnthonysTshirts.com ~ AnthonysTshirts.com 2269 S. University Drive - Suite 413 Davie, Florida 33328 [EMAIL PROTECTED] http://www.AnthonysTshirts.com Forward email http://ui.constantcontact.com/sa/fwtf.jsp?m=1101423766115ea=misc%40openbsd.orga=1101491426669 This email was sent to misc@openbsd.org, by [EMAIL PROTECTED] Update Profile/Email Address http://ui.constantcontact.com/d.jsp?p=oom=1101423766115ea=misc%40openbsd.orgse=925t=1101491426669lang=enreason=F Instant removal with SafeUnsubscribe(TM) http://ui.constantcontact.com/d.jsp?p=unm=1101423766115ea=misc%40openbsd.orgse=925t=1101491426669lang=enreason=F Privacy Policy: http://ui.constantcontact.com/roving/CCPrivacyPolicy.jsp Powered by Constant Contact(R) www.constantcontact.com AnthonysTshirts.com | 2269 S. University Drive | Suite 413 | Davie | FL | 33328
Re: Moving a 100GB directory tree with lots of hardlinks
On Thu, 21 Dec 2006, Matthias Bertschy wrote: Matthias Bertschy wrote: Otto Moerbeek wrote: Ok, I assume you no longer have the core file you generated early. If there's a bug i pax, I really like to fix it... I'll see if I can reproduce the problem on a file system with lots of links and while giving pax little memory. -Otto Unfortunately not :-( But even it the current move succeeds, I will make another run without increasing the memory in login.conf and provide you the core dump. Thanks for your support :-) Matthias pax has been running since Monday, given its current speed it won't be done until new year... Anyway, I keep you informed. Hmmm, I like would like a copy of your filesystem to diagnose this... But that's probably not feasible. Anyway, since previously you mentioned that dump(8) worked, but restore(8) ran out of memory, you could try to run restore(8) with the larger mem allocation you now have set up properly. -Otto
Re: revision control system for system administration
On Wed, Dec 20, 2006 at 08:53:41AM -0600, Will Maier wrote: On Wed, Dec 20, 2006 at 02:31:09PM +, Brian Candler wrote: That makes a lot of sense. But enforcing that policy might be difficult. This is important if you're relying on your gold server for disaster recovery purposes - if the target machines had some change made which nobody remembers and weren't reflected in the gold server, then any freshly-built machines will be non-functional. This is a cultural problem, but there's an adequate technical solution: aggressively sync the client machines. Admins quickly learn to make changes in the central when their changes get blown away every hour. That makes sense too. However if the file is a daemon config, say, then the central system reverting the change might not be noticed until some far time in the future when the daemon is restarted. So a super-smart config management system would know that daemon D depends on files F1..F3, and if the start time of D is earlier than the modification time of any of F1..F3 then it could report this. (Problem: there's no standard way to get the last HUP time of a daemon) The other thing which concerns me is that it's not easy to protect against the installation of new software packages, or Perl CPAN modules, or ad-hoc scripts, unless you 'rsync --delete' big chunks of the filesystem... Thanks, Brian.
Re: Disable IPv6 on OpenBSD 4.0 - forking discussion to icmp echo request blockage
On Monday 18 December 2006 19:29, Jon Radel wrote: I suppose it all comes down to such unresolvable matters such as is making it harder for outsiders to map your network merely security through obscurity, which is naturally below the dignity of any right thinking network engineer, or does it have value in today's Internet? Don't forget the hilarious ping o' death vuln in ancient versions of various operating systems. Some on-line block ping 'advice' probably dates from that happy era. Yeah, totally blocking ping was overkill back then too, but was the first reaction of many.
Re: Disable IPv6 on OpenBSD 4.0 - forking discussion to icmp echo request blockage
Hi Dag, I find myself pressed to rant a bit on the myths you spread because I come across such arguments all too often, and they are, umm, unfounded. On Sun, 17.12.2006 at 20:03:08 -0800, Dag Richards [EMAIL PROTECTED] wrote: Tools can be written to use icmp as a transport, obviously anything can be used as a transport which is why we only allow traffic inbound to servers with services running we want public. Yes, you can use anything as a transport, probably even pidgeon carriers, but you need a receiving end to effect anything. So, unless you fear that someone is able to install a trojan on your OpenBSD server by sending it ICMP packets encapsulating something in their payload that results in a program (so far already requiring a big remote-root hole in the kernel) and also have it run with root privileges, probably by expoiting some other unknown hole in OpenBSD, then switching off ICMP is a good precaution. In all other cases, I think that it's quite stupid. I trust OpenBSD to not have such holes... Why should I allow someone to ping my dns server? Marco explained it already. I can only agree. Switching off ICMP is a measure taken by rogue and/or stupid users who don't care if the 'Net works or not. At least, they really don't want any help they might otherwise be offered in case of a problem on their side. It is named Internet Control Message Protocol and not Internet Useless Junk Protocol for a reason. If you need to see if the server is up telnet to port 53, a traceroute will die at the hop above the firewall, If I get no response from your port 53, I still don't know if * your line is down, * your host is down, or * your name service is down. Similar arguments go for problems due to packet loss or routing (ping and tracepath give me those) which help me assessing a problem and maybe helping out with advice. I know which ip that is. I don't care/need others to do so. In case I should want to query your DNS service, I'll need to know the IP of your host, too, otherwise I can't query it. If you offer something useful (eg. DNS for a domain someone should want to send mail to), you can't make that IP a secret unless you don't want people using that domain. There's no security by obscurity, and hiding the IP from clueless users (everyone else gets it anyway) is no substitute for security-in-depth. So, please be a good netizen and switch ICMP back on, and secure your services. Thank you for listening! Best, --Toni++
Re: pf http reporting tool
Hi Edy, You could try using snort behind your firewall and then write a tool to analyze the snort logfile, presenting its result in html if that is what you want Haven't heard of such tool though. And most common services produce nice logfiles if you ask them to. Many forms of attacs that pass through pf - like DDOS against a public web server, is easily seen in the logs. Not difficult to present these logs or parts of them on the web - but that is nothing I would recommend unless you also implement some serious authentication on that web-server; many people other than you could be interested to find out what attack types pass through yer pf. Good Luck! /johan On 12/21/06, Edy [EMAIL PROTECTED] wrote: Hi, I am wondering if there is any tool which is able to show the attacks that has passed through PF and present it on a web based? Thank you Edy
Re: pf http reporting tool
On Thu, Dec 21, 2006 at 11:04:54PM +0800, Edy wrote: Hi, I am wondering if there is any tool which is able to show the attacks that has passed through PF and present it on a web based? Google for IDS or Intrusion Detection Systems -- the most popular free IDS is likely to be snort, which is available as a package or port. There are GUI tools for snort, such as BASE. I've used both snort and base in the past; BASE is not in the ports tree and must be manually configured and installed. Snort's website: http://snort.org BASE's website: http://base.secureideas.net
Re: OpenBSD and antispam - question
Hello, On Mon, 18.12.2006 at 12:07:34 +0100, =?UTF-8?Q? smonek ?= [EMAIL PROTECTED] wrote: I have lan ( 50 computers ) and router OpenBSD 4.0 / Pf I also have mail server ( external isp ) mailserver -internet-router-lan a need antispam gateway for my lan but i dont know who i can use with pf ( spamassisin / spamd pop3 proxy ? ) what kind of spam do you want to fight, incoming, outgoing, or both, and are you prepared to run your own mail server instead of using your ISP's mail server? Best, --Toni++
1) ami0: timeout ccb 18 ... and 2) memory problem on current amd64
Hello, I got my new pc today with a MegaRAID SATA 300-8X and an asus P5WDG2 WS Professional motherboard. 1) I'm not able to boot the bsd.mp kernel on amd64, when I try the current amd64 bsd.mp kernel. I get the following timeout messages: ami0: timeout ccb 18 ami0: timeout ccb 19 etc The standard amd64 kernel boots fine! Any clues what the problem is? 2) The PC has 4gb RAM but only 3,2GB is recognized?! Is this a known issue? Many thanks!!! Kind regards, didier Here the dmesg: OpenBSD 4.0-current (GENERIC) #787: Tue Dec 19 21:17:17 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 3220303872 (3144828K) avail mem = 2757578752 (2692948K) using 22937 buffers containing 322236416 bytes (314684K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf0690 (74 entries) bios0: stem manufacturer P5WDG2 WS PRO acpi at mainbus0 not configured cpu0 at mainbus0: (uniprocessor) cpu0: Intel(R) Core(TM)2 CPU 6700 @ 2.66GHz, 2667.09 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,LONG cpu0: 4MB 64b/line 16-way L2 cache pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 vendor Intel, unknown product 0x277c rev 0xc0 ppb0 at pci0 dev 1 function 0 vendor Intel, unknown product 0x277d rev 0xc0 pci1 at ppb0 bus 7 vga1 at pci1 dev 0 function 0 ATI Radeon X300 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ATI Radeon X300 Sec rev 0x00 at pci1 dev 0 function 1 not configured azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x01: irq 5 azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: 0x04x/0x11d4 (rev. 2.0), HDA version 1.0 audio0 at azalia0 ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01 pci2 at ppb1 bus 4 ppb2 at pci2 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci3 at ppb2 bus 5 ppb3 at pci3 dev 2 function 0 Intel IOP331 PCIX-PCIX rev 0x0a pci4 at ppb3 bus 6 ami0 at pci4 dev 14 function 0 Symbios Logic MegaRAID SATA 4x/8x rev 0x0a: irq 11 ami0: LSI 3008, 32b, FW 814D, BIOS vH431, 128MB RAM ami0: 1 channels, 0 FC loops, 3 logical drives scsibus0 at ami0: 40 targets sd0 at scsibus0 targ 0 lun 0: AMI, Host drive #00, SCSI2 0/direct fixed sd0: 10MB, 10 cyl, 64 head, 32 sec, 512 bytes/sec, 20480 sec total sd1 at scsibus0 targ 1 lun 0: AMI, Host drive #01, SCSI2 0/direct fixed sd1: 49998MB, 49998 cyl, 64 head, 32 sec, 512 bytes/sec, 102395904 sec total sd2 at scsibus0 targ 2 lun 0: AMI, Host drive #02, SCSI2 0/direct fixed sd2: 629606MB, 629606 cyl, 64 head, 32 sec, 512 bytes/sec, 1289433088 sec total scsibus1 at ami0: 16 targets ppb4 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01 pci5 at ppb4 bus 3 mskc0 at pci5 dev 0 function 0 Marvell Yukon 88E8052 rev 0x21, Marvell Yukon-2 EC rev. A3 (0x2): irq 11 msk0 at mskc0 port A, address 00:18:f3:29:a2:53 eephy0 at msk0 phy 0: Marvell 88E Gigabit PHY, rev. 2 ppb5 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01 pci6 at ppb5 bus 2 vendor Marvell, unknown product 0x6141 (class mass storage subclass SATA, rev 0x01) at pci6 dev 0 function 0 not configured uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x01: irq 3 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x01: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x01: irq 10 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x01: irq 5 usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x01: irq 3 usb4 at ehci0: USB revision 2.0 uhub4 at usb4 uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub4: 8 ports with 8 removable, self powered ppb6 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xe1 pci7 at ppb6 bus 1 TI TSB43AB22 FireWire rev 0x00 at pci7 dev 3 function 0 not configured skc0 at pci7 dev 5 function 0 Marvell Yukon 88E8001/8003/8010 rev 0x14, Marvell Yukon Lite (0x9): irq 5 sk0 at skc0 port A, address 00:18:f3:29:a2:54 eephy1 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5 pcib0 at pci0 dev 31 function 0 Intel 82801GB LPC rev 0x01 pciide0 at pci0 dev 31 function 1 Intel 82801GB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus2 at atapiscsi0: 2 targets cd0 at scsibus2 targ 0 lun 0: _NEC, DVD_RW ND-4571A, 1-01 SCSI0 5/cdrom removable atapiscsi1 at
Re: pf http reporting tool
On Dec 21, 2006, at 10:04 AM, Edy wrote: Hi, I am wondering if there is any tool which is able to show the attacks that has passed through PF and present it on a web based? You could try Hatchet. It sucks, but there aren't many alternatives. Beware though, the developer is lazy and prone to curse at himself. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: 1) ami0: timeout ccb 18 ... and 2) memory problem on current amd64
There seem to be interrupt routing issues on your box. Try booting with -c and enable acpi. You have to install a very recent snapshot for this to have a chance. Please report that dmesg to the list. On Thu, Dec 21, 2006 at 04:44:01PM +0100, Didier Wiroth wrote: Hello, I got my new pc today with a MegaRAID SATA 300-8X and an asus P5WDG2 WS Professional motherboard. 1) I'm not able to boot the bsd.mp kernel on amd64, when I try the current amd64 bsd.mp kernel. I get the following timeout messages: ami0: timeout ccb 18 ami0: timeout ccb 19 etc The standard amd64 kernel boots fine! Any clues what the problem is? 2) The PC has 4gb RAM but only 3,2GB is recognized?! Is this a known issue? Many thanks!!! Kind regards, didier Here the dmesg: OpenBSD 4.0-current (GENERIC) #787: Tue Dec 19 21:17:17 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 3220303872 (3144828K) avail mem = 2757578752 (2692948K) using 22937 buffers containing 322236416 bytes (314684K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf0690 (74 entries) bios0: stem manufacturer P5WDG2 WS PRO acpi at mainbus0 not configured cpu0 at mainbus0: (uniprocessor) cpu0: Intel(R) Core(TM)2 CPU 6700 @ 2.66GHz, 2667.09 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,LONG cpu0: 4MB 64b/line 16-way L2 cache pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 vendor Intel, unknown product 0x277c rev 0xc0 ppb0 at pci0 dev 1 function 0 vendor Intel, unknown product 0x277d rev 0xc0 pci1 at ppb0 bus 7 vga1 at pci1 dev 0 function 0 ATI Radeon X300 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ATI Radeon X300 Sec rev 0x00 at pci1 dev 0 function 1 not configured azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x01: irq 5 azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: 0x04x/0x11d4 (rev. 2.0), HDA version 1.0 audio0 at azalia0 ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01 pci2 at ppb1 bus 4 ppb2 at pci2 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci3 at ppb2 bus 5 ppb3 at pci3 dev 2 function 0 Intel IOP331 PCIX-PCIX rev 0x0a pci4 at ppb3 bus 6 ami0 at pci4 dev 14 function 0 Symbios Logic MegaRAID SATA 4x/8x rev 0x0a: irq 11 ami0: LSI 3008, 32b, FW 814D, BIOS vH431, 128MB RAM ami0: 1 channels, 0 FC loops, 3 logical drives scsibus0 at ami0: 40 targets sd0 at scsibus0 targ 0 lun 0: AMI, Host drive #00, SCSI2 0/direct fixed sd0: 10MB, 10 cyl, 64 head, 32 sec, 512 bytes/sec, 20480 sec total sd1 at scsibus0 targ 1 lun 0: AMI, Host drive #01, SCSI2 0/direct fixed sd1: 49998MB, 49998 cyl, 64 head, 32 sec, 512 bytes/sec, 102395904 sec total sd2 at scsibus0 targ 2 lun 0: AMI, Host drive #02, SCSI2 0/direct fixed sd2: 629606MB, 629606 cyl, 64 head, 32 sec, 512 bytes/sec, 1289433088 sec total scsibus1 at ami0: 16 targets ppb4 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01 pci5 at ppb4 bus 3 mskc0 at pci5 dev 0 function 0 Marvell Yukon 88E8052 rev 0x21, Marvell Yukon-2 EC rev. A3 (0x2): irq 11 msk0 at mskc0 port A, address 00:18:f3:29:a2:53 eephy0 at msk0 phy 0: Marvell 88E Gigabit PHY, rev. 2 ppb5 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01 pci6 at ppb5 bus 2 vendor Marvell, unknown product 0x6141 (class mass storage subclass SATA, rev 0x01) at pci6 dev 0 function 0 not configured uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x01: irq 3 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x01: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x01: irq 10 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x01: irq 5 usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x01: irq 3 usb4 at ehci0: USB revision 2.0 uhub4 at usb4 uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub4: 8 ports with 8 removable, self powered ppb6 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xe1 pci7 at ppb6 bus 1 TI TSB43AB22 FireWire rev 0x00 at pci7 dev 3 function 0 not configured skc0 at pci7 dev 5 function 0 Marvell Yukon 88E8001/8003/8010 rev 0x14, Marvell Yukon Lite (0x9): irq 5 sk0 at skc0 port A, address 00:18:f3:29:a2:54 eephy1 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5
Re: Squid 2.6 transparent proxy with pf
Dominik Zalewski [EMAIL PROTECTED] writes: I have OpenBSD 4.0 firewall and I would like to redirect all outgoing http requests to my squid web proxy. Daniel Hartmeier wrote about this a while back, his article can be found at http://www.benzedrine.cx/transquid.html -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ First, we kill all the spammers The Usenet Bard, Twice-forwarded tales 20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds
Squid 2.6 transparent proxy with pf
I have OpenBSD 4.0 firewall and I would like to redirect all outgoing http requests to my squid web proxy. INTERNET --- $ext_if - OpenBSD - $int_if --- Switch --- squid | | LAN -- from pf.conf --- ext_if = fxp0 int_if = fxp1 squid = 10.0.0.2 lan = 10.0.0.0/24 rdr pass on $int_if proto tcp from any to any port 80 - $squid port 8080 -- end --- Is this rule correct ? or redirected traffic can not come back on the same interface ? Long time ago pfctl parser gave me errors about this, now it doesnt Should I get another NIC and put in OpenBSD firewall and bridge it with squid for an example ? What is the best solution? Thank you in advance, Dominik
Re: Squid 2.6 transparent proxy with pf
On Thursday 21 December 2006 15:04, Peter N. M. Hansteen wrote: Dominik Zalewski [EMAIL PROTECTED] writes: I have OpenBSD 4.0 firewall and I would like to redirect all outgoing http requests to my squid web proxy. Daniel Hartmeier wrote about this a while back, his article can be found at http://www.benzedrine.cx/transquid.html In this article squid is running on the same machine as OpenBSD firewall. In my case I have squid running on different machine connected to LAN interface. My question is can redirect traffic on $int_if to another machine connected to the same interface? Does this rule is corrrect ? rdr pass on $int_if proto tcp from any to any port 80 - $squid port 8080 pfctl doesnt complain about nothing but its simply doesnt work. here is cut from my squid.conf: ### Main ### http_port 8080 transparent ... acl lan src 10.0.0.0/255.255.255.0 ... http_access allow lan When I setup proxy manually in my browser, its works.
Re: Squid 2.6 transparent proxy with pf
On 2006-12-21T15:29, Dominik Zalewski wrote: On Thursday 21 December 2006 15:04, Peter N. M. Hansteen wrote: Dominik Zalewski [EMAIL PROTECTED] writes: I have OpenBSD 4.0 firewall and I would like to redirect all outgoing http requests to my squid web proxy. Daniel Hartmeier wrote about this a while back, his article can be found at http://www.benzedrine.cx/transquid.html In this article squid is running on the same machine as OpenBSD firewall. In my case I have squid running on different machine connected to LAN interface. My question is can redirect traffic on $int_if to another machine connected to the same interface? Does this rule is corrrect ? rdr pass on $int_if proto tcp from any to any port 80 - $squid port 8080 hehe, you must exlude the squid! hth, Marcus.
Re: Squid 2.6 transparent proxy with pf
On Thu, Dec 21, 2006 at 03:29:51PM +0200, Dominik Zalewski wrote: On Thursday 21 December 2006 15:04, Peter N. M. Hansteen wrote: Dominik Zalewski [EMAIL PROTECTED] writes: I have OpenBSD 4.0 firewall and I would like to redirect all outgoing http requests to my squid web proxy. Daniel Hartmeier wrote about this a while back, his article can be found at http://www.benzedrine.cx/transquid.html In this article squid is running on the same machine as OpenBSD firewall. In my case I have squid running on different machine connected to LAN interface. My question is can redirect traffic on $int_if to another machine connected to the same interface? Does this rule is corrrect ? rdr pass on $int_if proto tcp from any to any port 80 - $squid port 8080 pfctl doesnt complain about nothing but its simply doesnt work. This is reflecting a connection back to the same interface The squid proxy tries to reply to the sender, bypassing the firewall. The sender resets the connection since it did not send a packet to the proxy in the first place. This is all discussed in the pf guide: http://www.openbsd.org/faq/pf/rdr.html#reflect with different ways to solve it. Can
Re: Squid 2.6 transparent proxy with pf
On Thursday 21 December 2006 15:59, Marcus Popp wrote: On 2006-12-21T15:29, Dominik Zalewski wrote: On Thursday 21 December 2006 15:04, Peter N. M. Hansteen wrote: Dominik Zalewski [EMAIL PROTECTED] writes: I have OpenBSD 4.0 firewall and I would like to redirect all outgoing http requests to my squid web proxy. Daniel Hartmeier wrote about this a while back, his article can be found at http://www.benzedrine.cx/transquid.html In this article squid is running on the same machine as OpenBSD firewall. In my case I have squid running on different machine connected to LAN interface. My question is can redirect traffic on $int_if to another machine connected to the same interface? Does this rule is corrrect ? rdr pass on $int_if proto tcp from any to any port 80 - $squid port 8080 hehe, you must exlude the squid! hth, Marcus. exclude the squid ? squid is connected to $int_inf thru fast ethernet switch -- Dominik Zalewski | System Administrator OpenCraft t- +2 02 336 0003 w- http://www.open-craft.com
Re: Squid 2.6 transparent proxy with pf
Dominik Zalewski [EMAIL PROTECTED] writes: My question is can redirect traffic on $int_if to another machine connected to the same interface? Does this rule is corrrect ? You can redirect, but you need to let the packets from the proxy pass without redirection to the rest of the world. rdr pass on $int_if proto tcp from any to any port 80 - $squid port 8080 I would supplement this with a 'no rdr' rule for the proxy generated traffic. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ First, we kill all the spammers The Usenet Bard, Twice-forwarded tales 20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds
Re: Squid 2.6 transparent proxy with pf
Dominik, Internetext_if---BSD---int_if int_if = Gateway default for all Pcs and proxy ? If so, you have to redirect all the traffic to the proxy (you know that) and then, only allow nat on the BSD firewall from the proxy to any destination on port 80. an example from my pf.conf: proxy=170.157.20.3 nat on $ext_if inet from $proxy to any - $ext_if I hope that your squid is working as you need it. I hope this can help Jorge Valbuena Original-Nachricht Datum: Thu, 21 Dec 2006 13:40:10 +0200 Von: Dominik Zalewski [EMAIL PROTECTED] An: misc@openbsd.org, pf@benzedrine.cx Betreff: Squid 2.6 transparent proxy with pf I have OpenBSD 4.0 firewall and I would like to redirect all outgoing http requests to my squid web proxy. INTERNET --- $ext_if - OpenBSD - $int_if --- Switch --- squid | | LAN -- from pf.conf --- ext_if = fxp0 int_if = fxp1 squid = 10.0.0.2 lan = 10.0.0.0/24 rdr pass on $int_if proto tcp from any to any port 80 - $squid port 8080 -- end --- Is this rule correct ? or redirected traffic can not come back on the same interface ? Long time ago pfctl parser gave me errors about this, now it doesnt Should I get another NIC and put in OpenBSD firewall and bridge it with squid for an example ? What is the best solution? Thank you in advance, Dominik -- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal f|r Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
Re: Squid 2.6 transparent proxy with pf
On 2006/12/21 15:29, Dominik Zalewski wrote: In this article squid is running on the same machine as OpenBSD firewall. In my case I have squid running on different machine connected to LAN interface. My question is can redirect traffic on $int_if to another machine connected to the same interface? Does this rule is corrrect ? No, you can't redirect back out the interface the packet came from. Maybe vlans could help, if there are no spare physical interfaces. Or you could run a small transparent proxy (e.g. tinyproxy) on the firewall and have that use $squid as a parent. rdr pass on $int_if proto tcp from any to any port 80 - $squid port 8080 Even if you arrange $squid to be on an interface other than $int_if, I don't think this will work: iirc Squid needs to query /dev/pf for the untranslated addresses; in that case you need route-to on the firewall and fwd - 127.0.0.1 on the proxy.
Re: Squid 2.6 transparent proxy with pf
Dominik Zalewski [EMAIL PROTECTED] wrote: On Thursday 21 December 2006 15:04, Peter N. M. Hansteen wrote: Dominik Zalewski [EMAIL PROTECTED] writes: I have OpenBSD 4.0 firewall and I would like to redirect all outgoing http requests to my squid web proxy. Daniel Hartmeier wrote about this a while back, his article can be found at http://www.benzedrine.cx/transquid.html In this article squid is running on the same machine as OpenBSD firewall. In my case I have squid running on different machine connected to LAN interface. My question is can redirect traffic on $int_if to another machine connected to the same interface? Does this rule is corrrect ? rdr pass on $int_if proto tcp from any to any port 80 - $squid port 8080 pfctl doesnt complain about nothing but its simply doesnt work. I believe Squid's intercepting mode relies on PF's DIOCNATLOOK ioctl to get an idea what the real destination was. I don't know if this information can be pfsync'ed between different machines, but from the man page I would assume that it's currently not possible (I only checked on FreeBSD 6.2-PRERELEASE, my pfsync version might be a few steps behind the one on OpenBSD 4.0). If it's not possible you probably have to move Squid to the box where PF is running, or use a proxy that extracts the destination from the host header. Unless with DIOCNATLOOK, this doesn't work for HTTP/1.0 requests without host headers, but with recent clients this shouldn't be an issue. Privoxy 3.0.7 (unreleased, only available trough CVS) does this and you could still use Squid as caching proxy, but Privoxy's intercepting mode is rather new and you would probably be the second tester ... Fabian -- http://www.fabiankeil.de/
Re: Squid 2.6 transparent proxy with pf
On Thu, Dec 21, 2006 at 02:39:50PM +, Stuart Henderson wrote: On 2006/12/21 15:29, Dominik Zalewski wrote: In this article squid is running on the same machine as OpenBSD firewall. In my case I have squid running on different machine connected to LAN interface. My question is can redirect traffic on $int_if to another machine connected to the same interface? Does this rule is corrrect ? No, you can't redirect back out the interface the packet came from. Maybe vlans could help, if there are no spare physical interfaces. Or you could run a small transparent proxy (e.g. tinyproxy) on the firewall and have that use $squid as a parent. unless you nat the connection back, but it is an ugly solution see the pf guide. rdr pass on $int_if proto tcp from any to any port 80 - $squid port 8080 Even if you arrange $squid to be on an interface other than $int_if, I don't think this will work: iirc Squid needs to query /dev/pf for the untranslated addresses; in that case you need route-to on the firewall and fwd - 127.0.0.1 on the proxy. squid needs to query /dev/pf only for HTTP/1.0 connections with no Host: header. Otherwise, it will happily use the Host: header to connect to the remote server.
Re: Squid 2.6 transparent proxy with pf
i seem to remember someone saying that you could NOT redirect out the same interface but not 100% sure. cs -Original Message- From: [EMAIL PROTECTED] on behalf of Dominik Zalewski Sent: Thu 12/21/2006 8:29 AM To: Peter N. M. Hansteen Cc: misc@openbsd.org; pf@benzedrine.cx Subject:Re: Squid 2.6 transparent proxy with pf On Thursday 21 December 2006 15:04, Peter N. M. Hansteen wrote: Dominik Zalewski [EMAIL PROTECTED] writes: I have OpenBSD 4.0 firewall and I would like to redirect all outgoing http requests to my squid web proxy. Daniel Hartmeier wrote about this a while back, his article can be found at http://www.benzedrine.cx/transquid.html In this article squid is running on the same machine as OpenBSD firewall. In my case I have squid running on different machine connected to LAN interface. My question is can redirect traffic on $int_if to another machine connected to the same interface? Does this rule is corrrect ? rdr pass on $int_if proto tcp from any to any port 80 - $squid port 8080 pfctl doesnt complain about nothing but its simply doesnt work. here is cut from my squid.conf: ### Main ### http_port 8080 transparent .. acl lan src 10.0.0.0/255.255.255.0 .. http_access allow lan When I setup proxy manually in my browser, its works.
Re: Squid 2.6 transparent proxy with pf
-Original Message- From: Stuart Henderson [mailto:[EMAIL PROTECTED] Sent: Thursday, December 21, 2006 9:40 AM To: Dominik Zalewski Cc: Peter N. M. Hansteen; misc@openbsd.org; pf@benzedrine.cx Subject: Re: Squid 2.6 transparent proxy with pf On 2006/12/21 15:29, Dominik Zalewski wrote: In this article squid is running on the same machine as OpenBSD firewall. In my case I have squid running on different machine connected to LAN interface. My question is can redirect traffic on $int_if to another machine connected to the same interface? Does this rule is corrrect ? No, you can't redirect back out the interface the packet came from. Maybe vlans could help, if there are no spare physical interfaces. Or you could run a small transparent proxy (e.g. tinyproxy) on the firewall and have that use $squid as a parent. Sure you can, I do it all day long. You may need to NAT based on your network. Have your clients NATed to an address on your firewall and then redirect it over to your squid box, which will reply to the NATed address on your firewall which can then unNAT it and send it back to the client.
Re: Squid 2.6 transparent proxy with pf
Fabian Keil [EMAIL PROTECTED] wrote: Dominik Zalewski [EMAIL PROTECTED] wrote: On Thursday 21 December 2006 15:04, Peter N. M. Hansteen wrote: Dominik Zalewski [EMAIL PROTECTED] writes: I have OpenBSD 4.0 firewall and I would like to redirect all outgoing http requests to my squid web proxy. Daniel Hartmeier wrote about this a while back, his article can be found at http://www.benzedrine.cx/transquid.html In this article squid is running on the same machine as OpenBSD firewall. In my case I have squid running on different machine connected to LAN interface. My question is can redirect traffic on $int_if to another machine connected to the same interface? Does this rule is corrrect ? I believe Squid's intercepting mode relies on PF's DIOCNATLOOK ioctl to get an idea what the real destination was. You can safely ignore my posting. According to Daniel's article Squid can use the host header as well and even does it by default. Fabian -- http://www.fabiankeil.de/
Re: 1) ami0: timeout ccb 18 ... and 2) memory problem on current amd64
From Marco Peereboom [EMAIL PROTECTED] There seem to be interrupt routing issues on your box. Try booting with -c and enable acpi. You have to install a very recent snapshot for this to have a chance. Please report that dmesg to the list. Here it is ... I've experienced some severe data losses. I'm using a 2x raid5 and 1x raid0 drive (mounted as /home/sources), when booting with acpi the (raid0) drive is always busy and most of the data is always lost after the next reboot?!! Here is the dmesg with acpi and a bioctl output and the mount ouput: $ sudo mount -a mount_ffs: /dev/sd1e on /home/sources: Device busy $ sudo mount /dev/sd0a on / type ffs (local, softdep) /dev/sd1a on /tmp type ffs (local, nodev, nosuid, softdep) /dev/sd0e on /usr type ffs (local, nodev, softdep) /dev/sd1d on /usr/obj type ffs (local, nodev, nosuid, softdep) /dev/sd0d on /var type ffs (local, nodev, nosuid, softdep) /dev/sd1e on /home/sources type ffs (local, nodev, softdep) /dev/sd2d on /home type ffs (local, softdep) $ sudo bioctl ami0 Volume Status Size Device ami0 0 Online 10485760 sd0 RAID5 0 Online 400016015360 0:0.0 noencl ST3400833NS 3.AE 1 Online 400016015360 0:1.0 noencl ST3400833NS 3.AE 2 Online 400016015360 0:2.0 noencl ST3400833NS 3.AE ami0 1 Online52426702848 sd1 RAID0 0 Online 400016015360 0:0.0 noencl ST3400833NS 3.AE 1 Online 400016015360 0:1.0 noencl ST3400833NS 3.AE 2 Online 400016015360 0:2.0 noencl ST3400833NS 3.AE ami0 2 Online 660189741056 sd2 RAID5 0 Online 400016015360 0:0.0 noencl ST3400833NS 3.AE 1 Online 400016015360 0:1.0 noencl ST3400833NS 3.AE 2 Online 400016015360 0:2.0 noencl ST3400833NS 3.AE OpenBSD 4.0-current (GENERIC) #0: Thu Dec 21 19:40:07 CET 2006 [EMAIL PROTECTED]:/home/sources/src/sys/arch/amd64/compile/GENERIC real mem = 3220303872 (3144828K) avail mem = 2757574656 (2692944K) using 22937 buffers containing 322236416 bytes (314684K) of memory User Kernel Config UKC enable acpi 251 acpi0 enabled UKC quit Continuing... mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf0690 (74 entries) bios0: stem manufacturer P5WDG2 WS PRO acpi0 at mainbus0: rev 0 acpi0: tables DSDT FACP APIC OEMB HPET MCFG acpitimer at acpi0 not configured acpi device at acpi0 from table DSDT not configured acpi device at acpi0 from table FACP not configured acpi device at acpi0 from table APIC not configured acpi device at acpi0 from table OEMB not configured acpi device at acpi0 from table HPET not configured acpi device at acpi0 from table MCFG not configured acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 7 (P0P1) acpiprt2 at acpi0: bus 0 (P0P2) acpiprt3 at acpi0: bus 1 (P0P3) acpiprt4 at acpi0: bus 3 (P0P8) acpiprt5 at acpi0: bus 2 (P0P9) acpiprt6 at acpi0: bus 4 (P0P4) acpiprt7 at acpi0: bus 5 (PXHA) acpibtn at acpi0 not configured acpibtn at acpi0 not configured cpu0 at mainbus0: (uniprocessor) cpu0: Intel(R) Core(TM)2 CPU 6700 @ 2.66GHz, 2671.59 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,LONG cpu0: 4MB 64b/line 16-way L2 cache pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 vendor Intel, unknown product 0x277c rev 0xc0 ppb0 at pci0 dev 1 function 0 vendor Intel, unknown product 0x277d rev 0xc0 pci1 at ppb0 bus 7 vga1 at pci1 dev 0 function 0 ATI Radeon X300 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ATI Radeon X300 Sec rev 0x00 at pci1 dev 0 function 1 not configured azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x01: irq 5 azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: 0x04x/0x11d4 (rev. 2.0), HDA version 1.0 audio0 at azalia0 ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01 pci2 at ppb1 bus 4 ppb2 at pci2 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci3 at ppb2 bus 5 ppb3 at pci3 dev 2 function 0 Intel IOP331 PCIX-PCIX rev 0x0a pci4 at ppb3 bus 6 ami0 at pci4 dev 14 function 0 Symbios Logic MegaRAID SATA 4x/8x rev 0x0a: irq 11 ami0: LSI 3008, 32b, FW 814D, BIOS vH431, 128MB RAM ami0: 1 channels, 0 FC loops, 3 logical drives scsibus0 at ami0: 40 targets sd0 at scsibus0 targ 0 lun 0: AMI, Host drive #00, SCSI2 0/direct fixed sd0: 10MB, 10 cyl, 64 head, 32 sec, 512 bytes/sec, 20480 sec total sd1 at scsibus0 targ 1 lun 0: AMI, Host drive #01, SCSI2 0/direct fixed sd1: 49998MB, 49998 cyl, 64 head, 32 sec, 512 bytes/sec, 102395904 sec total sd2 at scsibus0 targ 2 lun 0: AMI, Host drive #02, SCSI2 0/direct fixed sd2: 629606MB, 629606 cyl, 64 head, 32 sec, 512 bytes/sec, 1289433088 sec total scsibus1 at ami0: 16 targets ppb4 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01 pci5
Re: Disable IPv6 on OpenBSD 4.0 - forking discussion to icmp echo request blockage
Yes, you can use anything as a transport, probably even pidgeon carriers, but you need a receiving end to effect anything. Indeed, see RFCs 1149 and 2549... two excellent april fools on avian carriers! So, unless you fear that someone is able to install a trojan on your OpenBSD server by sending it ICMP packets encapsulating something in their payload that results in a program (so far already requiring a big remote-root hole in the kernel) and also have it run with root privileges, probably by expoiting some other unknown hole in OpenBSD, then switching off ICMP is a good precaution. In all other cases, I think that it's quite stupid. Agreed, there are some services (like these ones offered by ICMP messages) that MUST remain enabled. Worst of all, when someone blocks application layer tools like ping(1) and traceroute(1) by means of these filters he is not only restricting his ability to trace network problems but sometimes the ability to trace problems from other networks too. People should understand what services are required and what services are superfluous. Not all people needs an SMTP listening on public addresses (sendmail listens by default to the loopback interface in OpenBSD and it is required for a lot of internal services that sometimes send email), telnet or RPC enabled by default, but time synchronization services (time, daytime), SMTP on non-public interfaces (for these services sending email to system users), the auth service (for fast SMTP responses), and submission (RFC 2476) are required. No one wins stopping these services, though. Just take a look at other operating systems (I am thinking on most Linux flavours and operating systems) to see what I want to say with superfluous services enabled by default. There is a difference between a machine running countless services by default and other strictly following recommended practices. In my humble opinion, NIST is wrong if they recommend blocking ping and traceroute. They should update that recommendation, as I feel that most problems we have here tracing network issues are a consequence of people blindly following these advices. Cheers, Igor.
Mouse not Responding
I just installed 4.0 release then compiled and installed 4-current including X on a brand new HP xw6400. I started X using the vesa driver, and it works (unlike the nv driver), but the mouse does not seem to work. The keyboard may also not be working. I see the following: pckbc: command timeout pmsi_enable: command error pckbc: command timeout pmsi_disable: command error pckbc: command timeout pmsi_enable: command error which I am assuming is the problem. Can someone suggest something I might do to identify and fix the problem. Below is my dmesg and uname output. Thanks, Randy uname -a OpenBSD pauhana.nsc.com 4.0 GENERIC.MP#0 amd64 OpenBSD 4.0-current (GENERIC.MP) #0: Thu Dec 21 01:48:57 PST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3220688896 (3145204K) avail mem = 2757783552 (2693148K) using 22937 buffers containing 322277376 bytes (314724K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xeca30 (74 entries) bios0: Hewlett-Packard HP xw6400 Workstation acpi at mainbus0 not configured mainbus0: Intel MP Specification (Version 1.4) cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU 5160 @ 3.00GHz, 2992.93 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,NXE,LONG cpu0: 4MB 64b/line 16-way L2 cache cpu0: apic clock running at 332MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Xeon(R) CPU 5160 @ 3.00GHz, 2992.50 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,NXE,LONG cpu1: 4MB 64b/line 16-way L2 cache mpbios: bus 0 is type PCI mpbios: bus 16 is type PCI mpbios: bus 96 is type PCI mpbios: bus 64 is type PCI mpbios: bus 128 is type PCI mpbios: bus 30 is type PCI mpbios: bus 32 is type PCI mpbios: bus 31 is type PCI mpbios: bus 1 is type PCI mpbios: bus 255 is type ISA ioapic0 at mainbus0 apid 1 pa 0xfec0, version 20, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 Intel 5000X Host rev 0x12 ppb0 at pci0 dev 2 function 0 Intel 5000 PCIE rev 0x12 pci1 at ppb0 bus 16 ppb1 at pci1 dev 0 function 0 Intel 6321ESB PCIE rev 0x01 pci2 at ppb1 bus 30 ppb2 at pci2 dev 0 function 0 Intel 6321ESB PCIE rev 0x01 pci3 at ppb2 bus 32 ppb3 at pci2 dev 1 function 0 Intel 6321ESB PCIE rev 0x01 pci4 at ppb3 bus 31 bge0 at pci4 dev 0 function 0 Broadcom BCM5752 rev 0x01, BCM5752 A1 (0x6001): apic 1 int 17 (irq 5), address 00:18:71:6b:ee:7c brgphy0 at bge0 phy 1: BCM5752 10/100/1000baseT PHY, rev. 0 ppb4 at pci1 dev 0 function 3 Intel 6321ESB PCIE-PCIX rev 0x01 pci5 at ppb4 bus 17 ppb5 at pci0 dev 3 function 0 Intel 5000 PCIE rev 0x12 pci6 at ppb5 bus 96 ppb6 at pci0 dev 4 function 0 vendor Intel, unknown product 0x25fa rev 0x12 pci7 at ppb6 bus 64 vga1 at pci7 dev 0 function 0 vendor NVIDIA, unknown product 0x039e rev 0xa1 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb7 at pci0 dev 5 function 0 Intel 5000 PCIE rev 0x12 pci8 at ppb7 bus 254 ppb8 at pci0 dev 6 function 0 vendor Intel, unknown product 0x25e6 rev 0x12 pci9 at ppb8 bus 253 ppb9 at pci0 dev 7 function 0 Intel 5000 PCIE rev 0x12 pci10 at ppb9 bus 252 pchb1 at pci0 dev 16 function 0 Intel 5000 Error Reporting rev 0x12 pchb2 at pci0 dev 16 function 1 Intel 5000 Error Reporting rev 0x12 pchb3 at pci0 dev 16 function 2 Intel 5000 Error Reporting rev 0x12 pchb4 at pci0 dev 17 function 0 Intel 5000 Reserved rev 0x12 pchb5 at pci0 dev 19 function 0 Intel 5000 Reserved rev 0x12 pchb6 at pci0 dev 21 function 0 Intel 5000 FBD rev 0x12 pchb7 at pci0 dev 22 function 0 Intel 5000 FBD rev 0x12 azalia0 at pci0 dev 27 function 0 Intel 6321ESB HD Audio rev 0x09: apic 1 int 21 (irq 3) azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: 0x04x/0x10ec (rev. 1.0), HDA version 1.0 audio0 at azalia0 ppb10 at pci0 dev 28 function 0 Intel 6321ESB PCIE rev 0x09 pci11 at ppb10 bus 128 uhci0 at pci0 dev 29 function 0 Intel 6321ESB USB rev 0x09: apic 1 int 16 (irq 3) usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 6321ESB USB rev 0x09: apic 1 int 19 (irq 5) usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 6321ESB USB rev 0x09: apic 1 int 18 (irq 10) usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 29 function 3 Intel 6321ESB USB rev 0x09: apic 1 int 23 (irq 11) usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 6321ESB USB
OT: TinyMCE security and track records
Hi All, Sorry for this off topic question, but I get more and more requests to have WYSIWYG editing on web management servers. I have been resisting this for many years so far as I hate this, but look likes more and more demands may force me to do it anyway. Any valid feedback on the security and stability of this one on OpenBSD, or any other prefer. I am looking more for security and stability oppose to bell and whistle and features. The archive point me only this one post of TinyMCE: http://marc.theaimsgroup.com/?l=openbsd-miscm=113468845728612w=2 Any feedback and/or suggestions would be greatly appreciated if any. Thanks Daniel
Re: uaudio trouble
On Tue, Dec 19, 2006 at 04:56:45PM -0500, Steve Shockley wrote: I've got a Xitel DG2, which is a USB sound card with optical output. I previously set up a nice music player using mpd, and it worked great. Unfortunately the drive died, so I'm building a new one. (The old install's dmesg is at http://marc.theaimsgroup.com/?m=115863499102215, the hardware is the same except for the hard drive.) Since the rebuild, the laptop's internal sound works, but the usb sound doesn't. I plugged the USB sound into a Windows machine and my stereo made sounds, so I think the adapter is okay. I did create /dev/{mixer,audioctl,audio,sound}1. All the outputs are unmuted. Doing cat /bsd /dev/audio1 (or sound1) does something, but makes no noise. Any ideas? does at least the following work? audioctl -f /dev/audioctl1 play.encoding=slinear_le play.precision=16 cat /bsd /dev/sound1 if not, does it work if you unplug and then plug again the device without changing the outputs.speaker control? -- Alexandre
Re: pf http reporting tool
* Edy [EMAIL PROTECTED] [2006-12-21 16:18]: I am wondering if there is any tool which is able to show the attacks that has passed through PF sure, tcpdump the attack0 interface -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
disable SpeedStep ?
How can I disable the SpeedStep feature in OpenBSD 4.0 ? Is there something in UKC ? The machine hangs during cpu0 checks: -88-8- OpenBSD/i386 BOOT 2.12 boot booting hd0a:/bsd: 5572500+869372 [52+284400+264825]=0x6aaea4 entry point at 0x200120, [ using 549652 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of Copyright (c) 1995-2006 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 4.0-current (GENERIC) #1288: Tue Dec 19 20:56:54 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC RTC BIOS diagnostic error 80clock_battery cpu0: Intel(R) Core(TM)2 Duo CPU X6800 @ 2.93GHz (GenuineIntel 686-class) 2.94 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16 real mem = 2144796672 (2094528K) avail mem = 1948188672 (1902528K) using 4256 buffers containing 107425792 bytes (104908K) of memory RTC BIOS diagnostic error 80clock_battery mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 11/29/06, SMBIOS rev. 2.3 @ 0xe4cc0 (3 5 entries) bios0: Intel Corporation D975XBX apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown, estimated 0:00 hours apm0: flags 30102 dobusy 0 doidle 1 pcibios at bios0 function 0x1a not configured bios0: ROM list: 0xc/0x1 0xd/0x1000 0xd1000/0x1000 acpi at mainbus0 not configured cpu0 at mainbus0 cpu0: unknown Enhanced SpeedStep CPU, msr 0x0b280b2886000b28 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 2933 MHz (1340 mV)kernel: integer divide fault trap, co de=0 Stopped at est_init+0x1de: idivl %ecx,%eax ddb -88-8- I can get past this error if I lower the cpu frequency to 2.66GHz -88-8- Dec 21 11:45:59 drake038 /bsd: OpenBSD 4.0-current (GENERIC) #1288: Tue Dec 19 20:56:54 MST 2006 Dec 21 11:45:59 drake038 /bsd: [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC Dec 21 11:45:59 drake038 /bsd: RTC BIOS diagnostic error 80clock_battery Dec 21 11:45:59 drake038 /bsd: cpu0: Intel(R) Core(TM)2 Duo CPU X6800 @ 2.93GHz (GenuineIntel 686-class) 2.67 GHz Dec 21 11:45:59 drake038 /bsd: cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16 Dec 21 11:45:59 drake038 /bsd: real mem = 2128441344 (2078556K) Dec 21 11:45:59 drake038 /bsd: avail mem = 1933262848 (1887952K) Dec 21 11:45:59 drake038 /bsd: using 4256 buffers containing 106586112 bytes (104088K) of memory Dec 21 11:45:59 drake038 /bsd: RTC BIOS diagnostic error 80clock_battery Dec 21 11:45:59 drake038 /bsd: mainbus0 (root) Dec 21 11:45:59 drake038 /bsd: bios0 at mainbus0: AT/286+(00) BIOS, date 11/01/06, SMBIOS rev. 2.4 @ 0xe4390 (35 entries) Dec 21 11:45:59 drake038 /bsd: bios0: Intel Corporation DG965WH Dec 21 11:45:59 drake038 /bsd: apm0 at bios0: Power Management spec V1.2 Dec 21 11:45:59 drake038 /bsd: apm0: battery life expectancy 0% Dec 21 11:45:59 drake038 /bsd: apm0: AC off, battery charge unknown, estimated 0:00 hours Dec 21 11:45:59 drake038 /bsd: apm0: flags 30102 dobusy 0 doidle 1 Dec 21 11:45:59 drake038 /bsd: pcibios at bios0 function 0x1a not configured Dec 21 11:45:59 drake038 /bsd: bios0: ROM list: 0xc/0xee00! 0xcf000/0x1000 0xd/0x1000 Dec 21 11:45:59 drake038 /bsd: acpi at mainbus0 not configured Dec 21 11:45:59 drake038 /bsd: cpu0 at mainbus0 Dec 21 11:45:59 drake038 /bsd: cpu0: Enhanced SpeedStep disabled by BIOS Dec 21 11:45:59 drake038 /bsd: pci0 at mainbus0 bus 0: configuration mode 1 (no bios) Dec 21 11:45:59 drake038 /bsd: pchb0 at pci0 dev 0 function 0 Intel 82965 MCH rev 0x02 Dec 21 11:45:59 drake038 /bsd: ppb0 at pci0 dev 1 function 0 Intel 82965 PCIE rev 0x02 Dec 21 11:45:59 drake038 /bsd: pci1 at ppb0 bus 1 Dec 21 11:45:59 drake038 /bsd: vga1 at pci1 dev 0 function 0 NVIDIA GeForce 6600 rev 0xa2 Dec 21 11:45:59 drake038 /bsd: wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) Dec 21 11:45:59 drake038 /bsd: wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Dec 21 11:45:59 drake038 /bsd: Intel 82865 HECI rev 0x02 at pci0 dev 3 function 0 not configured Dec 21 11:45:59 drake038 /bsd: em0 at pci0 dev 25 function 0 Intel ICH8 IGP C rev 0x02: irq 9, address 00:16:76:a8:77:75 Dec 21 11:45:59 drake038 /bsd: uhci0 at pci0 dev 26 function 0 Intel 82801H USB rev 0x02: irq 11 Dec 21 11:45:59 drake038 /bsd: usb0 at uhci0: USB revision 1.0 Dec 21 11:45:59 drake038 /bsd: uhub0 at usb0 Dec 21 11:45:59 drake038 /bsd: uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 Dec 21 11:45:59 drake038 /bsd: uhub0: 2 ports with 2 removable, self powered Dec 21 11:45:59 drake038 /bsd: uhci1 at pci0 dev 26 function 1 Intel 82801H USB rev 0x02: irq 10 Dec 21 11:45:59 drake038 /bsd: usb1 at uhci1: USB revision 1.0 Dec 21 11:45:59 drake038 /bsd: uhub1 at usb1 Dec 21
Re: disable SpeedStep ?
Rich Dunkle wrote: How can I disable the SpeedStep feature in OpenBSD 4.0 ? You can't, yet. The machine hangs during cpu0 checks: ... cpu0: unknown Enhanced SpeedStep CPU, msr 0x0b280b2886000b28 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 2933 MHz (1340 mV)kernel: integer divide fault Your CPU reports strange information in its msr; it looks like the highest and lowest speed are exactly the same, which, as usual, shouldn't really happen. :) Please update to sys/arch/i386/i386/est.c rev 1.26 (may take some time to arrive on your nearest mirror), which contains a quick fix.
Re: hotplugd umass kernel crash
Michael schrieb: Otto Moerbeek schrieb: On Wed, 20 Dec 2006, Michael wrote: Since it doesn't write anything to messages or any other file I wonder how I can get the kernel crash message + ddb trace + ddb ps into a file so I can post it here? attach a serial console, see http://www.openbsd.org/faq/faq7.html#SerCon -Otto Got no serial cable available right now so I made some photos... :D http://wp1050733.wp078.webpack.hosteurope.de/hotplug/dsci1679.jpg http://wp1050733.wp078.webpack.hosteurope.de/hotplug/dsci1680.jpg http://wp1050733.wp078.webpack.hosteurope.de/hotplug/dsci1681.jpg http://wp1050733.wp078.webpack.hosteurope.de/hotplug/dsci1682.jpg http://wp1050733.wp078.webpack.hosteurope.de/hotplug/dsci1683.jpg Would be nice if someone could look into that since I can't start hotplug right now... - Michael Noone got an idea what I can do about this? Currently the whole system crashes when starting hotplugd... please look at the images for error messages. - Michael
Re: OT: TinyMCE security and track records
On Thu, Dec 21, 2006 at 03:02:11PM -0500, Daniel Ouellet wrote: Sorry for this off topic question, but I get more and more requests to have WYSIWYG editing on web management servers. I have been resisting this for many years so far as I hate this, but look likes more and more demands may force me to do it anyway. Any valid feedback on the security and stability of this one on OpenBSD, or any other prefer. I am looking more for security and stability oppose to bell and whistle and features. The archive point me only this one post of TinyMCE: http://marc.theaimsgroup.com/?l=openbsd-miscm=113468845728612w=2 Any feedback and/or suggestions would be greatly appreciated if any. Don't know if konqueror or TinyMCE is deficient, but they don't play together... As far as WYSIWYG editing goes, the main problem with TinyMCE is a design issue: what you see is all that you get. When was the last time you had a website that was actual static html ? you're going to get lots of banner material, and a big part of the site is going to be generated with template stuff... or if you want a nice look, you're pretty much going to want your own classes and stuff like that. TinyMCE is cute, but it's pretty much designed to handle `old-style' HTML. If you use it to create big chunks of web sites, you're soon going to end up with some hand-coded mess. As far as grabbing and sanitizing the resulting html, there are tools out there that can do that. My perl background prompts you to recommend HTML::Tree, which creates a proper parsed tree from an HTML document, and allows you to clean it up. So my assessment is that this kind of tool is pretty much limited if you actually want good-looking sites... no actual security problem per se (not more than usual form-based editors, at least on the server side). I think that, to go further, you need actual development tools that you can customize to the level of your website code. I assume eclipse will have this kind of plugin. The kde webdev suite is definitely a nice candidate there, though I haven't tried to customize it to get WYSIWYG editing of my Mason/Catalyst code...
Re: Mouse not Responding
On Thu, Dec 21, 2006 at 11:01:15AM -0800, Randy Sato wrote: I just installed 4.0 release then compiled and installed 4-current including X on a brand new HP xw6400. I started X using the vesa driver, and it works (unlike the nv driver), but the mouse does not seem to work. The keyboard may also not be working. I see the following: pckbc: command timeout pmsi_enable: command error pckbc: command timeout pmsi_disable: command error pckbc: command timeout pmsi_enable: command error which I am assuming is the problem. Can someone suggest something I might do to identify and fix the problem. I am far from an X expert, but you'll likely want to take a look and/or post the X log file (/var/log/Xorg.0.log). Do you use any sort of 'interesting' keyboard? A quick look at hp.com suggests this is not the case, but it is always good to be sure... Joachim [the part below intentionally not trimmed to keep everything in one place on followups] uname -a OpenBSD pauhana.nsc.com 4.0 GENERIC.MP#0 amd64 OpenBSD 4.0-current (GENERIC.MP) #0: Thu Dec 21 01:48:57 PST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3220688896 (3145204K) avail mem = 2757783552 (2693148K) using 22937 buffers containing 322277376 bytes (314724K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xeca30 (74 entries) bios0: Hewlett-Packard HP xw6400 Workstation acpi at mainbus0 not configured mainbus0: Intel MP Specification (Version 1.4) cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU 5160 @ 3.00GHz, 2992.93 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,NXE,LONG cpu0: 4MB 64b/line 16-way L2 cache cpu0: apic clock running at 332MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Xeon(R) CPU 5160 @ 3.00GHz, 2992.50 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,NXE,LONG cpu1: 4MB 64b/line 16-way L2 cache mpbios: bus 0 is type PCI mpbios: bus 16 is type PCI mpbios: bus 96 is type PCI mpbios: bus 64 is type PCI mpbios: bus 128 is type PCI mpbios: bus 30 is type PCI mpbios: bus 32 is type PCI mpbios: bus 31 is type PCI mpbios: bus 1 is type PCI mpbios: bus 255 is type ISA ioapic0 at mainbus0 apid 1 pa 0xfec0, version 20, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 Intel 5000X Host rev 0x12 ppb0 at pci0 dev 2 function 0 Intel 5000 PCIE rev 0x12 pci1 at ppb0 bus 16 ppb1 at pci1 dev 0 function 0 Intel 6321ESB PCIE rev 0x01 pci2 at ppb1 bus 30 ppb2 at pci2 dev 0 function 0 Intel 6321ESB PCIE rev 0x01 pci3 at ppb2 bus 32 ppb3 at pci2 dev 1 function 0 Intel 6321ESB PCIE rev 0x01 pci4 at ppb3 bus 31 bge0 at pci4 dev 0 function 0 Broadcom BCM5752 rev 0x01, BCM5752 A1 (0x6001): apic 1 int 17 (irq 5), address 00:18:71:6b:ee:7c brgphy0 at bge0 phy 1: BCM5752 10/100/1000baseT PHY, rev. 0 ppb4 at pci1 dev 0 function 3 Intel 6321ESB PCIE-PCIX rev 0x01 pci5 at ppb4 bus 17 ppb5 at pci0 dev 3 function 0 Intel 5000 PCIE rev 0x12 pci6 at ppb5 bus 96 ppb6 at pci0 dev 4 function 0 vendor Intel, unknown product 0x25fa rev 0x12 pci7 at ppb6 bus 64 vga1 at pci7 dev 0 function 0 vendor NVIDIA, unknown product 0x039e rev 0xa1 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb7 at pci0 dev 5 function 0 Intel 5000 PCIE rev 0x12 pci8 at ppb7 bus 254 ppb8 at pci0 dev 6 function 0 vendor Intel, unknown product 0x25e6 rev 0x12 pci9 at ppb8 bus 253 ppb9 at pci0 dev 7 function 0 Intel 5000 PCIE rev 0x12 pci10 at ppb9 bus 252 pchb1 at pci0 dev 16 function 0 Intel 5000 Error Reporting rev 0x12 pchb2 at pci0 dev 16 function 1 Intel 5000 Error Reporting rev 0x12 pchb3 at pci0 dev 16 function 2 Intel 5000 Error Reporting rev 0x12 pchb4 at pci0 dev 17 function 0 Intel 5000 Reserved rev 0x12 pchb5 at pci0 dev 19 function 0 Intel 5000 Reserved rev 0x12 pchb6 at pci0 dev 21 function 0 Intel 5000 FBD rev 0x12 pchb7 at pci0 dev 22 function 0 Intel 5000 FBD rev 0x12 azalia0 at pci0 dev 27 function 0 Intel 6321ESB HD Audio rev 0x09: apic 1 int 21 (irq 3) azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: 0x04x/0x10ec (rev. 1.0), HDA version 1.0 audio0 at azalia0 ppb10 at pci0 dev 28 function 0 Intel 6321ESB PCIE rev 0x09 pci11 at ppb10 bus 128 uhci0 at pci0 dev 29 function 0 Intel 6321ESB USB rev 0x09: apic 1 int 16 (irq 3) usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 6321ESB USB rev 0x09: apic 1 int 19 (irq 5) usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0
Re: disable SpeedStep ?
On my laptop this is disabled via the BIOS. Regards, Mike Lockhart -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Dunkle Sent: Thursday, December 21, 2006 3:47 PM To: misc@openbsd.org Subject: disable SpeedStep ? How can I disable the SpeedStep feature in OpenBSD 4.0 ? Is there something in UKC ? The machine hangs during cpu0 checks: -88-8- OpenBSD/i386 BOOT 2.12 boot booting hd0a:/bsd: 5572500+869372 [52+284400+264825]=0x6aaea4 entry point at 0x200120, [ using 549652 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of Copyright (c) 1995-2006 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 4.0-current (GENERIC) #1288: Tue Dec 19 20:56:54 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC RTC BIOS diagnostic error 80clock_battery cpu0: Intel(R) Core(TM)2 Duo CPU X6800 @ 2.93GHz (GenuineIntel 686-class) 2.94 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,T M2,CX16 real mem = 2144796672 (2094528K) avail mem = 1948188672 (1902528K) using 4256 buffers containing 107425792 bytes (104908K) of memory RTC BIOS diagnostic error 80clock_battery mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 11/29/06, SMBIOS rev. 2.3 @ 0xe4cc0 (3 5 entries) bios0: Intel Corporation D975XBX apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown, estimated 0:00 hours apm0: flags 30102 dobusy 0 doidle 1 pcibios at bios0 function 0x1a not configured bios0: ROM list: 0xc/0x1 0xd/0x1000 0xd1000/0x1000 acpi at mainbus0 not configured cpu0 at mainbus0 cpu0: unknown Enhanced SpeedStep CPU, msr 0x0b280b2886000b28 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 2933 MHz (1340 mV)kernel: integer divide fault trap, co de=0 Stopped at est_init+0x1de: idivl %ecx,%eax ddb -88-8- I can get past this error if I lower the cpu frequency to 2.66GHz -88-8- Dec 21 11:45:59 drake038 /bsd: OpenBSD 4.0-current (GENERIC) #1288: Tue Dec 19 20:56:54 MST 2006 Dec 21 11:45:59 drake038 /bsd: [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC Dec 21 11:45:59 drake038 /bsd: RTC BIOS diagnostic error 80clock_battery Dec 21 11:45:59 drake038 /bsd: cpu0: Intel(R) Core(TM)2 Duo CPU X6800 @ 2.93GHz (GenuineIntel 686-class) 2.67 GHz Dec 21 11:45:59 drake038 /bsd: cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST ,TM2,CX16 Dec 21 11:45:59 drake038 /bsd: real mem = 2128441344 (2078556K) Dec 21 11:45:59 drake038 /bsd: avail mem = 1933262848 (1887952K) Dec 21 11:45:59 drake038 /bsd: using 4256 buffers containing 106586112 bytes (104088K) of memory Dec 21 11:45:59 drake038 /bsd: RTC BIOS diagnostic error 80clock_battery Dec 21 11:45:59 drake038 /bsd: mainbus0 (root) Dec 21 11:45:59 drake038 /bsd: bios0 at mainbus0: AT/286+(00) BIOS, date 11/01/06, SMBIOS rev. 2.4 @ 0xe4390 (35 entries) Dec 21 11:45:59 drake038 /bsd: bios0: Intel Corporation DG965WH Dec 21 11:45:59 drake038 /bsd: apm0 at bios0: Power Management spec V1.2 Dec 21 11:45:59 drake038 /bsd: apm0: battery life expectancy 0% Dec 21 11:45:59 drake038 /bsd: apm0: AC off, battery charge unknown, estimated 0:00 hours Dec 21 11:45:59 drake038 /bsd: apm0: flags 30102 dobusy 0 doidle 1 Dec 21 11:45:59 drake038 /bsd: pcibios at bios0 function 0x1a not configured Dec 21 11:45:59 drake038 /bsd: bios0: ROM list: 0xc/0xee00! 0xcf000/0x1000 0xd/0x1000 Dec 21 11:45:59 drake038 /bsd: acpi at mainbus0 not configured Dec 21 11:45:59 drake038 /bsd: cpu0 at mainbus0 Dec 21 11:45:59 drake038 /bsd: cpu0: Enhanced SpeedStep disabled by BIOS Dec 21 11:45:59 drake038 /bsd: pci0 at mainbus0 bus 0: configuration mode 1 (no bios) Dec 21 11:45:59 drake038 /bsd: pchb0 at pci0 dev 0 function 0 Intel 82965 MCH rev 0x02 Dec 21 11:45:59 drake038 /bsd: ppb0 at pci0 dev 1 function 0 Intel 82965 PCIE rev 0x02 Dec 21 11:45:59 drake038 /bsd: pci1 at ppb0 bus 1 Dec 21 11:45:59 drake038 /bsd: vga1 at pci1 dev 0 function 0 NVIDIA GeForce 6600 rev 0xa2 Dec 21 11:45:59 drake038 /bsd: wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) Dec 21 11:45:59 drake038 /bsd: wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Dec 21 11:45:59 drake038 /bsd: Intel 82865 HECI rev 0x02 at pci0 dev 3 function 0 not configured Dec 21 11:45:59 drake038 /bsd: em0 at pci0 dev 25 function 0 Intel ICH8 IGP C rev 0x02: irq 9, address 00:16:76:a8:77:75 Dec 21 11:45:59 drake038 /bsd: uhci0 at pci0 dev 26 function 0 Intel 82801H USB rev 0x02: irq 11 Dec 21 11:45:59 drake038 /bsd: usb0 at uhci0: USB revision 1.0 Dec 21 11:45:59 drake038 /bsd: uhub0 at usb0 Dec 21 11:45:59 drake038 /bsd: uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 Dec 21 11:45:59 drake038
Re: Mouse not Responding
The non-mp kernel with and without ACPI seemed to work. The mp with ACPI kernel would only boot after I changed my BIOS SATA emulation setting to combined IDE controller. Previously I had it set to separate IDE controller and the kernel only booted part way before I got timeout errors probing the disk. So far using combined IDE controller, with a MP and ACPI enabled kernel seems to be working fine. Not related, FYI, with the SATA emulation mode set to RAID+AHCI, the openbsd installer does not see my disk (neither does the netbsd installer). Thanks for all the help. Randy On 12/21/06, Tom Cosgrove [EMAIL PROTECTED] wrote: You could try enabling ACPI (because you might have a problem with interrupt routing, and ACPI provides a different source of interrupt routing information to the kernel). Thanks Tom Randy Sato 21-Dec-06 19:01 I just installed 4.0 release then compiled and installed 4-current including X on a brand new HP xw6400. I started X using the vesa driver, and it works (unlike the nv driver), but the mouse does not seem to work. The keyboard may also not be working. I see the following: pckbc: command timeout pmsi_enable: command error pckbc: command timeout pmsi_disable: command error pckbc: command timeout pmsi_enable: command error which I am assuming is the problem. Can someone suggest something I might do to identify and fix the problem. Below is my dmesg and uname output. Thanks, Randy uname -a OpenBSD pauhana.nsc.com 4.0 GENERIC.MP#0 amd64 OpenBSD 4.0-current (GENERIC.MP) #0: Thu Dec 21 01:48:57 PST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3220688896 (3145204K) avail mem = 2757783552 (2693148K) using 22937 buffers containing 322277376 bytes (314724K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xeca30 (74 entries) bios0: Hewlett-Packard HP xw6400 Workstation acpi at mainbus0 not configured mainbus0: Intel MP Specification (Version 1.4) cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU 5160 @ 3.00GHz, 2992.93 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,NXE,LONG cpu0: 4MB 64b/line 16-way L2 cache cpu0: apic clock running at 332MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Xeon(R) CPU 5160 @ 3.00GHz, 2992.50 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,NXE,LONG cpu1: 4MB 64b/line 16-way L2 cache mpbios: bus 0 is type PCI mpbios: bus 16 is type PCI mpbios: bus 96 is type PCI mpbios: bus 64 is type PCI mpbios: bus 128 is type PCI mpbios: bus 30 is type PCI mpbios: bus 32 is type PCI mpbios: bus 31 is type PCI mpbios: bus 1 is type PCI mpbios: bus 255 is type ISA ioapic0 at mainbus0 apid 1 pa 0xfec0, version 20, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 Intel 5000X Host rev 0x12 ppb0 at pci0 dev 2 function 0 Intel 5000 PCIE rev 0x12 pci1 at ppb0 bus 16 ppb1 at pci1 dev 0 function 0 Intel 6321ESB PCIE rev 0x01 pci2 at ppb1 bus 30 ppb2 at pci2 dev 0 function 0 Intel 6321ESB PCIE rev 0x01 pci3 at ppb2 bus 32 ppb3 at pci2 dev 1 function 0 Intel 6321ESB PCIE rev 0x01 pci4 at ppb3 bus 31 bge0 at pci4 dev 0 function 0 Broadcom BCM5752 rev 0x01, BCM5752 A1 (0x6001): apic 1 int 17 (irq 5), address 00:18:71:6b:ee:7c brgphy0 at bge0 phy 1: BCM5752 10/100/1000baseT PHY, rev. 0 ppb4 at pci1 dev 0 function 3 Intel 6321ESB PCIE-PCIX rev 0x01 pci5 at ppb4 bus 17 ppb5 at pci0 dev 3 function 0 Intel 5000 PCIE rev 0x12 pci6 at ppb5 bus 96 ppb6 at pci0 dev 4 function 0 vendor Intel, unknown product 0x25fa rev 0x12 pci7 at ppb6 bus 64 vga1 at pci7 dev 0 function 0 vendor NVIDIA, unknown product 0x039e rev 0xa1 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb7 at pci0 dev 5 function 0 Intel 5000 PCIE rev 0x12 pci8 at ppb7 bus 254 ppb8 at pci0 dev 6 function 0 vendor Intel, unknown product 0x25e6 rev 0x12 pci9 at ppb8 bus 253 ppb9 at pci0 dev 7 function 0 Intel 5000 PCIE rev 0x12 pci10 at ppb9 bus 252 pchb1 at pci0 dev 16 function 0 Intel 5000 Error Reporting rev 0x12 pchb2 at pci0 dev 16 function 1 Intel 5000 Error Reporting rev 0x12 pchb3 at pci0 dev 16 function 2 Intel 5000 Error Reporting rev 0x12 pchb4 at pci0 dev 17 function 0 Intel 5000 Reserved rev 0x12 pchb5 at pci0 dev 19 function 0 Intel 5000 Reserved rev 0x12 pchb6 at pci0 dev 21 function 0 Intel 5000 FBD rev 0x12 pchb7 at pci0 dev 22 function 0 Intel 5000 FBD rev 0x12 azalia0 at pci0 dev 27 function 0 Intel 6321ESB HD Audio rev 0x09: apic 1 int 21 (irq 3) azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: 0x04x/0x10ec (rev. 1.0), HDA
Re: Mouse not Responding
Spoke too soon. I lost my network. I can ping localhost, but that is about it. Randy On 12/21/06, Randy Sato [EMAIL PROTECTED] wrote: The non-mp kernel with and without ACPI seemed to work. The mp with ACPI kernel would only boot after I changed my BIOS SATA emulation setting to combined IDE controller. Previously I had it set to separate IDE controller and the kernel only booted part way before I got timeout errors probing the disk. So far using combined IDE controller, with a MP and ACPI enabled kernel seems to be working fine. Not related, FYI, with the SATA emulation mode set to RAID+AHCI, the openbsd installer does not see my disk (neither does the netbsd installer). Thanks for all the help. Randy On 12/21/06, Tom Cosgrove [EMAIL PROTECTED] wrote: You could try enabling ACPI (because you might have a problem with interrupt routing, and ACPI provides a different source of interrupt routing information to the kernel). Thanks Tom Randy Sato 21-Dec-06 19:01 I just installed 4.0 release then compiled and installed 4-current including X on a brand new HP xw6400. I started X using the vesa driver, and it works (unlike the nv driver), but the mouse does not seem to work. The keyboard may also not be working. I see the following: pckbc: command timeout pmsi_enable: command error pckbc: command timeout pmsi_disable: command error pckbc: command timeout pmsi_enable: command error which I am assuming is the problem. Can someone suggest something I might do to identify and fix the problem. Below is my dmesg and uname output. Thanks, Randy uname -a OpenBSD pauhana.nsc.com 4.0 GENERIC.MP#0 amd64 OpenBSD 4.0-current (GENERIC.MP) #0: Thu Dec 21 01:48:57 PST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3220688896 (3145204K) avail mem = 2757783552 (2693148K) using 22937 buffers containing 322277376 bytes (314724K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xeca30 (74 entries) bios0: Hewlett-Packard HP xw6400 Workstation acpi at mainbus0 not configured mainbus0: Intel MP Specification (Version 1.4) cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU 5160 @ 3.00GHz, 2992.93 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,NXE,LONG cpu0: 4MB 64b/line 16-way L2 cache cpu0: apic clock running at 332MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Xeon(R) CPU 5160 @ 3.00GHz, 2992.50 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,NXE,LONG cpu1: 4MB 64b/line 16-way L2 cache mpbios: bus 0 is type PCI mpbios: bus 16 is type PCI mpbios: bus 96 is type PCI mpbios: bus 64 is type PCI mpbios: bus 128 is type PCI mpbios: bus 30 is type PCI mpbios: bus 32 is type PCI mpbios: bus 31 is type PCI mpbios: bus 1 is type PCI mpbios: bus 255 is type ISA ioapic0 at mainbus0 apid 1 pa 0xfec0, version 20, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 Intel 5000X Host rev 0x12 ppb0 at pci0 dev 2 function 0 Intel 5000 PCIE rev 0x12 pci1 at ppb0 bus 16 ppb1 at pci1 dev 0 function 0 Intel 6321ESB PCIE rev 0x01 pci2 at ppb1 bus 30 ppb2 at pci2 dev 0 function 0 Intel 6321ESB PCIE rev 0x01 pci3 at ppb2 bus 32 ppb3 at pci2 dev 1 function 0 Intel 6321ESB PCIE rev 0x01 pci4 at ppb3 bus 31 bge0 at pci4 dev 0 function 0 Broadcom BCM5752 rev 0x01, BCM5752 A1 (0x6001): apic 1 int 17 (irq 5), address 00:18:71:6b:ee:7c brgphy0 at bge0 phy 1: BCM5752 10/100/1000baseT PHY, rev. 0 ppb4 at pci1 dev 0 function 3 Intel 6321ESB PCIE-PCIX rev 0x01 pci5 at ppb4 bus 17 ppb5 at pci0 dev 3 function 0 Intel 5000 PCIE rev 0x12 pci6 at ppb5 bus 96 ppb6 at pci0 dev 4 function 0 vendor Intel, unknown product 0x25fa rev 0x12 pci7 at ppb6 bus 64 vga1 at pci7 dev 0 function 0 vendor NVIDIA, unknown product 0x039e rev 0xa1 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb7 at pci0 dev 5 function 0 Intel 5000 PCIE rev 0x12 pci8 at ppb7 bus 254 ppb8 at pci0 dev 6 function 0 vendor Intel, unknown product 0x25e6 rev 0x12 pci9 at ppb8 bus 253 ppb9 at pci0 dev 7 function 0 Intel 5000 PCIE rev 0x12 pci10 at ppb9 bus 252 pchb1 at pci0 dev 16 function 0 Intel 5000 Error Reporting rev 0x12 pchb2 at pci0 dev 16 function 1 Intel 5000 Error Reporting rev 0x12 pchb3 at pci0 dev 16 function 2 Intel 5000 Error Reporting rev 0x12 pchb4 at pci0 dev 17 function 0 Intel 5000 Reserved rev 0x12 pchb5 at pci0 dev 19 function 0 Intel 5000 Reserved rev 0x12 pchb6 at pci0 dev 21 function 0 Intel
Re: hotplugd umass kernel crash
On 12/21/06, Michael [EMAIL PROTECTED] wrote: Got no serial cable available right now so I made some photos... :D http://wp1050733.wp078.webpack.hosteurope.de/hotplug/dsci1679.jpg http://wp1050733.wp078.webpack.hosteurope.de/hotplug/dsci1680.jpg http://wp1050733.wp078.webpack.hosteurope.de/hotplug/dsci1681.jpg http://wp1050733.wp078.webpack.hosteurope.de/hotplug/dsci1682.jpg http://wp1050733.wp078.webpack.hosteurope.de/hotplug/dsci1683.jpg Noone got an idea what I can do about this? Currently the whole system crashes when starting hotplugd... please look at the images for error messages. Try to help yourself by helping the developers. The pics are nice, but they are 2304x1728 and 1.7MB each (and out of focus, your camera doesn't like taking pics of a CRT). I got bored waiting for them to load on the fibre connection at work. What are you plugging in and where? Have you tried a different USB port? Have you removed all other USB devices? Have you tried plugging in the device without hotplugd running? Plugging in the device before turning the computer on? What do your hotplugd scripts look like? Can you manually do what you're trying to do without hotplugd? My wild guess based on what little information you've provided is that you're trying to plug some kind of memory card into a broken card reader. Please provide more details, including descriptions of the hardware and a step by step process that can reproduce the problem. -- Jon
Re: OT: TinyMCE security and track records
On 21 Dec 2006, at 20:02, Daniel Ouellet wrote: Any valid feedback on the security and stability of this one on OpenBSD, or any other prefer. I am looking more for security and stability oppose to bell and whistle and features. I was under the impression that TinyMCE, and other htmlarea based WYSIWYG editors are all a huge mass of client side javascript, and therefore don't really pose a security issue to the server that hosts them. It essentially just replaces a textarea, and the value returned by the form may contain some HTML as a result. Just make sure that you sanitise and validate the data posted by the form (remove JavaScript, unwanted HTML tags, etc, the usual stuff). Gaby -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/sudoku/ http://weblog.vanhegan.net/
spamd deny users from using the SMTP
Hi, Spamd is running fine now but when an user trying to send out email using the SMTP he is getting Server temporary failure please try again later error message. They have to retry many times before the IP address is whitelisted. Any workaround to that? We would not be able to add the IP address into the whitelist before hand because users could be connected from anywhere. Thanks, Edy
VPN solutions for OpenBSD to Windows
Hi gang, I'm looking for peoples' experiences and advice for setting up a VPN between OpenBSD (I will be using 4.0) and Windows XP/2000 systems. I have tested the Greenbow client and it seems ok. What of the built-in VPN client for the Windows OS? I am mostly interested in ease of configuration and reliability of the tunnel. I am ok on IPSEC theory. Thanks in advance for any comments, Peter
Re: spamd deny users from using the SMTP
Configure your MTA to listen on port 587 (submission) with smtp-auth, and have your users send mail using that. That also solves the 'random network blocks port 25 traffic' problem. On 2006 Dec 22 (Fri) at 12:38:07 +0800 (+0800), Edy wrote: :Hi, : :Spamd is running fine now but when an user trying to send out email :using the SMTP he is getting Server temporary failure please try again :later error message. :They have to retry many times before the IP address is whitelisted. :Any workaround to that? : :We would not be able to add the IP address into the whitelist before :hand because users could be connected from anywhere. : :Thanks, :Edy : -- Spelling is a lossed art.
Re: VPN solutions for OpenBSD to Windows
Hi Peter, Have you look at OpenVPN? Please check out this document http://blog.innerewut.de/articles/2005/07/04/openvpn-2-0-on-openbsd Cheers, Edy [EMAIL PROTECTED] wrote: Hi gang, I'm looking for peoples' experiences and advice for setting up a VPN between OpenBSD (I will be using 4.0) and Windows XP/2000 systems. I have tested the Greenbow client and it seems ok. What of the built-in VPN client for the Windows OS? I am mostly interested in ease of configuration and reliability of the tunnel. I am ok on IPSEC theory. Thanks in advance for any comments, Peter
Re: spamd deny users from using the SMTP
Edy wrote: Spamd is running fine now but when an user trying to send out email using the SMTP he is getting Server temporary failure please try again later error message. They have to retry many times before the IP address is whitelisted. Any workaround to that? Making many, many assumptions here. You're running sendmail. MSA is enabled (port 587). Make sure you're not filtering port 587 in pf. Tell your users to submit to port 587 instead of 25. We would not be able to add the IP address into the whitelist before hand because users could be connected from anywhere. Thanks, Edy -ME
Re: VPN solutions for OpenBSD to Windows
On Friday 22 December 2006 13:03, [EMAIL PROTECTED] wrote: What of the built-in VPN client for the Windows OS? While it works it suffers mainly from two things; being confusing to configure and lacking strong ciphers (you only get DES and 3DES). --- Lars Hansson
Re: spamd deny users from using the SMTP
Hi Mike, MTA is Qmail and it is running on a separate server ... Thanks, Edy Mike Erdely wrote: Edy wrote: Spamd is running fine now but when an user trying to send out email using the SMTP he is getting Server temporary failure please try again later error message. They have to retry many times before the IP address is whitelisted. Any workaround to that? Making many, many assumptions here. You're running sendmail. MSA is enabled (port 587). Make sure you're not filtering port 587 in pf. Tell your users to submit to port 587 instead of 25. We would not be able to add the IP address into the whitelist before hand because users could be connected from anywhere. Thanks, Edy -ME
Re: VPN solutions for OpenBSD to Windows
- Original Message -From: Edy [EMAIL PROTECTED]Date: Friday, December 22, 2006 12:17 amSubject: Re: VPN solutions for OpenBSD to WindowsTo: [EMAIL PROTECTED]: misc@openbsd.org Hi Peter, Have you look at OpenVPN? Please check out this document http://blog.innerewut.de/articles/2005/07/04/openvpn-2-0-on-openbsd Cheers, Edy [EMAIL PROTECTED] wrote: Hi gang, I'm looking for peoples' experiences and advice for setting up a VPN between OpenBSD (I will be using 4.0) and Windows XP/2000 systems. I have tested the Greenbow client and it seems ok. What of the built-in VPN client for the Windows OS? I am mostly interested in ease of configuration and reliability of the tunnel. I am ok on IPSEC theory. Thanks in advance for any comments,Sorry, I should have specified that I would like to use OpenBSD's native VPN implementation. Of course, if that is not feasable then I will definitely take a look at OpenVPN.Peter
Re: VPN solutions for OpenBSD to Windows
On 12/22/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi gang, I'm looking for peoples' experiences and advice for setting up a VPN between OpenBSD (I will be using 4.0) and Windows XP/2000 systems. I have tested the Greenbow client and it seems ok. What of the built-in VPN client for the Windows OS? I am mostly interested in ease of configuration and reliability of the tunnel. I am ok on IPSEC theory. Thanks in advance for any comments, Peter The greenbow client is definitely easier to use than the built-in MS IPSec client, and offers a lot more in terms of capabilities. There are some limitations on the MS client as far as what types of encryption you can use with the Phase1/2 negotiations. With the Windows client, there are two approaches I've used to establish IPSec tunnels: (1) the IPSec MMC Snap-in and (2) the command line method (via the windows support tools). In either case, there is no clear way to see that a tunnel is established or to close the tunnel. It's clear to the savvy user on how to close a tunnel, but if you are looking to deploy it to a regular user-base, it probably won't be so clear. With the MMC snap-in, you can export the settings, then another user can import those settings, at which point only minor changes are required to make it work (configure the ip for your end of the tunnel). The same applies to the command line approach. Axton Grams
Re: spamd deny users from using the SMTP
Good Day, port 587 (submission) has been working great and it is enabled on Qmail :) Thank you. Edy Mike Erdely wrote: Edy wrote: Spamd is running fine now but when an user trying to send out email using the SMTP he is getting Server temporary failure please try again later error message. They have to retry many times before the IP address is whitelisted. Any workaround to that? Making many, many assumptions here. You're running sendmail. MSA is enabled (port 587). Make sure you're not filtering port 587 in pf. Tell your users to submit to port 587 instead of 25. We would not be able to add the IP address into the whitelist before hand because users could be connected from anywhere. Thanks, Edy -ME
Re: hotplugd umass kernel crash
* Michael wrote: Noone got an idea what I can do about this? Currently the whole system crashes when starting hotplugd... please look at the images for error messages. I assume you have an /etc/hotplugd/attach script, can you post that?