OpenBSD on Xeon 64 bit

2007-02-09 Thread Alvaro

Hi,


I like to know if the OpenBSD for amd64 is working fine with intel Xeon 
processors (64 bit). I am reading here ( 
http://en.wikipedia.org/wiki/AMD64 ) and here ( 
http://en.wikipedia.org/wiki/Xeon#Xeon_.26_Xeon_MP_.2864-bit.29 ) that 
these processors are based on AMD64 instruction set. The openBSD faq for 
AMD64 said: " All versions of the AMD Athlon 64 processors and their 
clones are supported." I assume that "their clones" are the processors 
based on AMD64 instruction set...like this xeon. Am i wrong?


Right now they are working very well with the OpenBSD i386 release.


  Thanks,


 Alvaro



pcn in VMware, 5KB/s

2007-02-09 Thread Brad Brad

I'm running OpenBSD 4.0 in VMware workstation 5.5.3 build-34685 linux host.

Scp's between the guest and host only manage about 5KB/s so I tried going 
back to le which worked great.  I configured a new kernel with "disable 
pcn*" but on next boot I had no nics at all, so i tried again "disable pci*" 
also  since I think le is isa, but it still didn't work.


How can I get the cards to register as le again?


Thanks,
Brad.

_
From predictions to trailers, check out the MSN Entertainment Guide to the 
Academy Awards. 
http://movies.msn.com/movies/oscars2007/?icid=ncoscartagline1




Re: BGP With Private AS and IP Addresses Routing To An Internet Gateway

2007-02-09 Thread demuel
Anyone,


Router A
-

$ sudo bgpctl show rib
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete

flags destination gateway  lpref   med aspath origin
AI*>  10.0.0.1/32 0.0.0.0100 0 i
I*>   10.0.0.3/32 10.77.222.253  100 0 i
AI*>  10.77.222.0/24  0.0.0.0100 0 i
I*>   10.222.111.0/24 10.77.222.253  100 0 i
AI*>  10.254.254.0/24 0.0.0.0100 0 i
AI*>  172.16.111.0/24 0.0.0.0100 0 i
*>192.168.111.0/24172.16.111.254 100 0 65535 i
$


Router B
-


$ sudo bgpctl show rib
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete

flags destination gateway  lpref   med aspath origin
I*>   10.0.0.1/32 10.77.222.254  100 0 i
AI*>  10.0.0.3/32 0.0.0.0100 0 i
I*>   10.77.222.0/24  10.77.222.254  100 0 i
AI*   10.77.222.0/24  0.0.0.0100 0 i
AI*>  10.222.111.0/24 0.0.0.0100 0 i
I*>   10.254.254.0/24 10.77.222.254  100 0 i
AI*   10.254.254.0/24 0.0.0.0100 0 i
I*>   172.16.111.0/24 10.77.222.254  100 0 i
I*>   192.168.111.0/2410.77.222.254  100 0 65535 i
$

In both routers A and B, I used OSPF as my IGP. I even put multihop as well as
set nexthop self in the /etc/bgpd.conf, still I cannot ping the internet. The 
loopback
addressess for both Router A and Router A can ping each other though.

Tips?


Regards,
Demuel

> Have a look at bgpctl show rib. I guess all your routes on B and C are
> invalid because your using iBGP (same AS on all routers) and in that case
> the nexthops need to be redistributed via an IGP (or covered by static
> routes) or you could use "set nexthop self" to force your routers to
> announce their own address as nexthop.
>
> --
> :wq Claudio
>
>
> On Fri, Feb 09, 2007 at 09:45:35AM -, [EMAIL PROTECTED] wrote:
>> Anybody,
>>
>>
>> If I have two internal routers, say RouterB(ext: 172.16.111.253/32 and int: 
>> 10.77.222.254/32)
>> and
>> RouterC(ext: 10.77.222.253/32 and int: 10.222.77.254/32), and these two 
>> routers had already
>> established a BGP session. Now, let us say I will have Router B in BGP with 
>> RouterA(ext:
>> Internet
>> and 172.16.111.254/32). In all of the routers involved, I enable 
>> net.ip.forwarding=1 in
>> /etc/sysctl.conf. Also in routerA, I enabled pf with NAT support. From 
>> Router A, I could ping
>> the
>> Internet. But from routerB having a BGP session with RouterA, I cannot ping 
>> the internet. And so
>> does in RouterC.
>>
>> Any tips to sort this out?



Re: arptables: unable to enter address

2007-02-09 Thread J. Alfred Prufrock

Aleksandar Milosevic wrote:

J. Alfred Prufrock wrote:

Also, I just noticed in my cable-modem box's configuration page that
the WAN gateway is 24.145.134.65, which reverse dns shows to be
user-0c931i1.cable.mindspring.com.

Isn't it odd that my gateway is another user rather than the ISP?

Should I be worried about all this?



Yes, you should. Is it staticly configured or obtained from ISP's dhcp 


I called my ISP, and this is apparently one of their servers.  I don't 
know why it's called user-whatever.  So all is well on that front.


Regarding the original issue ("arptables: unable to enter address"): I 
unhooked the ISP's (misconfigured) Motorola modem and hooked up my own 
cable-modem, and haven't had any problems.  No more arptables errors.


Thanks for all your help, guys.

J



Re: 4.0 on Dell 2650

2007-02-09 Thread K K

On 2/9/07, Beavis <[EMAIL PROTECTED]> wrote:

   I have a PERC 3/Di on an old Dell 2650, dmesg doesn't show that much info
it's just that there's no disk and PERC 3/Di is not-configured seems like
dell still hasn't budge .. seems like it's an old issue old donkey-dell..


Yank out the RAID "KEY" and the PERC 3/Di will magically vanish and
the raw drives will be accessible via the normal on-board controller.

You lose hardware RAID, but you can the ability to boot OpenBSD 4.0
GENERIC kernel.


Kevin



Re: 4.0 on Dell 2650

2007-02-09 Thread Beavis
hi Steve,

   I have a PERC 3/Di on an old Dell 2650, dmesg doesn't show that much info
it's just that there's no disk and PERC 3/Di is not-configured seems like
dell still hasn't budge .. seems like it's an old issue old donkey-dell..


-Ed

On 2/9/07, Steve Williams <[EMAIL PROTECTED]> wrote:
>
> Beavis wrote:
> > Hi guys
> >
> >Just wanted to ask if any of you have experience putting openbsd 4.0to a
> > dell 2650? I tried to boot up using both cd40.iso and floppyB40.fs but
> it
> > always says no disks found. haven't seen any scsi drives loaded. I tried
> an
> > initial setup using RAID 5 hardware (configured) and see if 4.0 will see
> it
> > but with no luck I even tried it with mirror and just a regular stripe..
> > with still no avail, makes me wonder does this mean openbsd doesn't
> support
> > scsi controllers build into dell boxes?
> >
> > well any comments or suggestions will be very much appreciated.
> >
> >
> >
> > thanks,
> > -Ed
> >
> Hi,
>
> What controller do you have?  I'm just trying to install on a Poweredge
> 860 with a PERC 5IR.
>
> Do you have a dmesg?  If you can't get one off your system, at the #
> prompt, you can still configure your network (dhclient/ifconfig) & ftp
> is on the install CD if you have someplace to put it.  Worked for me.
>
> Cheers,
> Steve W.



Re: 4.0 on Dell 2650

2007-02-09 Thread Beavis
I'll try that jack thanks

-ed

On 2/9/07, Jack J. Woehr <[EMAIL PROTECTED]> wrote:
>
>
> On Feb 9, 2007, at 4:29 PM, Beavis wrote:
>
> yup jack... just saw it when i did the google specifically for PERC 3Di
>
>
> The one thing I remember from all my Dell Fu is that if you disable all
> the raid stuff in the BIOS
> OpenBSD loads. So I guess "it's broke w/r/t RAID" may be the answer. Or
> maybe I'm wrong!
>
> Take care!
>
> *-- *
> *Jack J. Woehr*
> *Director of Development*
> *Absolute Performance, Inc.*
> [EMAIL PROTECTED]
> *303-443-7000 ext. 527*
> *
> *



Re: 4.0 on Dell 2650

2007-02-09 Thread Johan M:son Lindman
On Saturday 10 February 2007 00:09, you wrote:
> Hi guys
>
>Just wanted to ask if any of you have experience putting openbsd 4.0 to
> a dell 2650? I tried to boot up using both cd40.iso and floppyB40.fs but it
> always says no disks found. haven't seen any scsi drives loaded. I tried an
> initial setup using RAID 5 hardware (configured) and see if 4.0 will see it
> but with no luck I even tried it with mirror and just a regular stripe..
> with still no avail, makes me wonder does this mean openbsd doesn't support
> scsi controllers build into dell boxes?
>
> well any comments or suggestions will be very much appreciated.


Since you didn't provide a dmesg (boo) I can only guess, but typically
Dell 2650s are equipped with aac(4) ROMB. aac(4) is not a supported driver
anymore as can be seen in the FAQ here (scroll down to 12.7.7);
http://www.openbsd.org/faq/faq12.html

Though it should be noted that as of revision 1.25 aac has improved
somewhat and is a bit less error prone as experienced by some of us using
this driver.

But still, using aac with OpenBSD should not be recommended to those faint
of heart.


Regards
Johan M:son



Re: 4.0 on Dell 2650

2007-02-09 Thread Steve Williams

Beavis wrote:

Hi guys

   Just wanted to ask if any of you have experience putting openbsd 4.0 to a
dell 2650? I tried to boot up using both cd40.iso and floppyB40.fs but it
always says no disks found. haven't seen any scsi drives loaded. I tried an
initial setup using RAID 5 hardware (configured) and see if 4.0 will see it
but with no luck I even tried it with mirror and just a regular stripe..
with still no avail, makes me wonder does this mean openbsd doesn't support
scsi controllers build into dell boxes?

well any comments or suggestions will be very much appreciated.



thanks,
-Ed
  

Hi,

What controller do you have?  I'm just trying to install on a Poweredge 
860 with a PERC 5IR.


Do you have a dmesg?  If you can't get one off your system, at the # 
prompt, you can still configure your network (dhclient/ifconfig) & ftp 
is on the install CD if you have someplace to put it.  Worked for me.


Cheers,
Steve W.



Re: 4.0 on Dell 2650

2007-02-09 Thread Jack J. Woehr

On Feb 9, 2007, at 4:09 PM, Beavis wrote:


Hi guys

   Just wanted to ask if any of you have experience putting openbsd  
4.0 to a

dell 2650?


Sure. Me and the the thirty or so other people who have posted to  
this subject

in the past year or two, Beavis!

http://marc.theaimsgroup.com/?l=openbsd-misc&w=2&r=1&s=2650&q=b

--
Jack J. Woehr
Director of Development
Absolute Performance, Inc.
[EMAIL PROTECTED]
303-443-7000 ext. 527



Dell Poweredge 860 Perc 5IR - can't recognize raid device (sd0)

2007-02-09 Thread Steve Williams

Hi,

I have a brand new Dell Poweredge 850 with two 160 G SAS disks attached 
to a Perc 5IR controller card.


In the BIOS, I have configured them as an IM (Integrated Mirror) Logical 
Volume.  I have synchronized the mirror, and the array is activated.


I have played with various BIOS settings, Boot Support, etc, but don't 
seem to get any different results.


When I go to install, either OpenBSD 4.0 or current, I get the following:

newfs: /dev/rsd0a: Device not configured
mount_ffs: /dev/sd0a on /mnt: Device not configured

FATAL ERROR:Cannot mount filesystems. Double-check your configuration
   and restart the install.

At the shell, I can "dhclient bge0" and get network connectivity no 
problem. (how I got my dmesg off).


Ideas??

Thanks,
Steve Williams

dmesg:
OpenBSD 4.0-current (RAMDISK_CD) #200: Tue Feb  6 18:04:36 MST 2007
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0: Intel(R) Pentium(R) D CPU 2.80GHz ("GenuineIntel" 686-class) 2.81 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16

real mem  = 1073053696 (1047904K)
avail mem = 972259328 (949472K)
using 4256 buffers containing 53776384 bytes (52516K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 11/02/06, BIOS32 rev. 0 @ 0xffe90, 
SMBIOS rev. 2.4 @ 0xfa5b0 (48 entries)

bios0: Dell Computer Corporation PowerEdge 860
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfba60/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801GB LPC" rev 0x00)
pcibios0: PCI bus #7 is the last bus
bios0: ROM list: 0xc/0x9000 0xc9000/0x1000 0xca000/0x4e00 
0xcf000/0x1800 0xec000/0x4000!

acpi at mainbus0 not configured
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel E7230 MCH" rev 0x00
ppb0 at pci0 dev 1 function 0 "Intel E7230 PCIE" rev 0x00
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09
pci2 at ppb1 bus 2
mpi0 at pci2 dev 8 function 0 "Symbios Logic SAS1068" rev 0x01: irq 5
scsibus0 at mpi0: 63 targets
sd0 at scsibus0 targ 0 lun 0:  SCSI3 0/direct 
fixed
sd0: 151634MB, 151634 cyl, 16 head, 128 sec, 512 bytes/sec, 310546432 
sec total

"Intel IOxAPIC" rev 0x09 at pci1 dev 0 function 1 not configured
ppb2 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01
pci3 at ppb2 bus 3
ppb3 at pci3 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09
pci4 at ppb3 bus 4
ppb4 at pci0 dev 28 function 4 "Intel 82801G PCIE" rev 0x01
pci5 at ppb4 bus 5
bge0 at pci5 dev 0 function 0 "Broadcom BCM5721" rev 0x11, BCM5750 B1 
(0x4101): irq 5, address 00:15:c5:fc:79:5c

brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb5 at pci0 dev 28 function 5 "Intel 82801G PCIE" rev 0x01
pci6 at ppb5 bus 6
bge1 at pci6 dev 0 function 0 "Broadcom BCM5721" rev 0x11, BCM5750 B1 
(0x4101): irq 3, address 00:15:c5:fc:79:5d

brgphy1 at bge1 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: irq 10
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: irq 6
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: irq 11
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
ppb6 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xe1
pci7 at ppb6 bus 7
vga1 at pci7 dev 5 function 0 "ATI ES1000" rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
ichpcib0 at pci0 dev 31 function 0 "Intel 82801GB LPC" rev 0x01: PM disabled
pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x01: DMA, 
channel 0 configured to compatibility, channel 1 configured to compatibility

atapiscsi0 at pciide0 channel 0 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0:  SCSI0 
5/cdrom removable

cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
"Intel 82801GB SMBus" rev 0x01 at pci0 dev 31 function 3 not configured
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
biomask ffe5 netmask ffed ttymask ffef
rd0: fixed, 3800 blocks
uhub4 at uhub3 port 3
uhub4:

Re: Troubles using OpenBSD as a router (nat) for my lan

2007-02-09 Thread Per Christian Bechstrøm Viken

On 2/9/07, Jochen Fabricius <[EMAIL PROTECTED]> wrote:

> my current pf.conf:
>   ext_if="pppoe0"
>   int_if="dc0"
>   localnet=$int_if:network
>
>   nat on $ext_if from $localnet to any -> ($ext_if)
>   block all
>   pass from { lo0, $localnet } to any keep state
>

I think there must be another line:

pass out on $ext_if all

Because "nat" processes packets _before_ the filter rules, thus the
outgoing packets on $ext_if have the address of $ext_if. They will be
blocked, because your only "pass" rule is for packets with an internal
source address.



Using the two improved lines from Stuart, I managed to get it working.
The pf.conf I had, however, was taken directly from a guide, and with
some tweaking, it now works very well. At least for the time being.

my current pf.conf:
 ext_if = "pppoe0"
 int_if = "dc0"
 localnet = $int_if:network

 scrub out on $ext_if max-mss 1440

 nat on $ext_if from $localnet -> ($ext_if)

 block in on $ext_if
 pass quick on lo0
 pass quick on $int_if
 pass quick on $ext_if from $localnet to any flags S/SA keep state
 pass quick on $ext_if proto {tcp,udp} from any to any port domain
flags S/SA kee
p state
 pass in inet proto icmp all keep state

Thanks again for the help. It will be great to have a real machine
doing the routing again, instead of a SMC wireless access point. :)



4.0 on Dell 2650

2007-02-09 Thread Beavis
Hi guys

   Just wanted to ask if any of you have experience putting openbsd 4.0 to a
dell 2650? I tried to boot up using both cd40.iso and floppyB40.fs but it
always says no disks found. haven't seen any scsi drives loaded. I tried an
initial setup using RAID 5 hardware (configured) and see if 4.0 will see it
but with no luck I even tried it with mirror and just a regular stripe..
with still no avail, makes me wonder does this mean openbsd doesn't support
scsi controllers build into dell boxes?

well any comments or suggestions will be very much appreciated.



thanks,
-Ed



Re: Troubles using OpenBSD as a router (nat) for my lan

2007-02-09 Thread Jochen Fabricius
> my current pf.conf:
>   ext_if="pppoe0"
>   int_if="dc0"
>   localnet=$int_if:network
>
>   nat on $ext_if from $localnet to any -> ($ext_if)
>   block all
>   pass from { lo0, $localnet } to any keep state
>

I think there must be another line: 

pass out on $ext_if all

Because "nat" processes packets _before_ the filter rules, thus the 
outgoing packets on $ext_if have the address of $ext_if. They will be 
blocked, because your only "pass" rule is for packets with an internal 
source address. 

Jochen



Re: Troubles using OpenBSD as a router (nat) for my lan

2007-02-09 Thread Stuart Henderson
On 2007/02/09 22:10, Per Christian Bechstrxm Viken wrote:
> The problem is, that only about 50% of things work. Sites like
> slashdot.org and google.com works, while vg.no (norwegian newspaper),
> msn messenger and CS: Source (Steam) does not.
> 
> Obviously, this is not an acceptable situation, and then I turn to you.
> I'm connecting to the internet using PPPoE.

try with 'scrub out on pppoe0 max-mss 1440' - mentioned in pppoe(4)
(MTU/MSS Issues section)

>  pass from { lo0, $localnet } to any keep state

'flags S/SA keep state' will help in some situations, notably where
some recent linux and microsoft OS are involved (it is done by default
in -current).

thanks for the full set of information.



Troubles using OpenBSD as a router (nat) for my lan

2007-02-09 Thread Per Christian Bechstrøm Viken

I've been considering switching my Linux+iptables-based router with
one running OpenBSD and pf for a while now. And a recent hardware
failure gave me a good opportunity to do so.

After looking (http://www.bgnett.no/~peter/pf/en/ and
http://www.openbsd.org/faq/pf/ mostly), I've managed to get
connectivity for my lan.

I am not very experienced with such things, but I am interested in
learning. My previous firewall was a ready-made one, where I just made
modifications as I saw fit, and could easily revert it to a working
state.

The problem is, that only about 50% of things work. Sites like
slashdot.org and google.com works, while vg.no (norwegian newspaper),
msn messenger and CS: Source (Steam) does not.

Obviously, this is not an acceptable situation, and then I turn to you.
I'm connecting to the internet using PPPoE.

# cat /etc/hostname.dc0
inet 10.0.0.1 255.255.255.0 NONE

# cat /etc/hostname.ep1
up
# cat /etc/hostname.pppoe0
inet 0.0.0.0 255.255.255.255 NONE \
   pppoedev ep1 authproto pap \
   authname "secretusername" authkey "mysupersecretpassword" up
dest 0.0.0.1
!/sbin/route add default 0.0.0.1

my current pf.conf:
 ext_if="pppoe0"
 int_if="dc0"
 localnet=$int_if:network

 nat on $ext_if from $localnet to any -> ($ext_if)
 block all
 pass from { lo0, $localnet } to any keep state


The output of ifconfig and route show might not be entirely correct,
as the mahine is offline at the moment (need internet to post this
message :p). But it was connected right before I did an 'ifconfig
pppoe0 down'

# ifconfig
lo0: flags=8049 mtu 33224
   groups: lo
   inet 127.0.0.1 netmask 0xff00
   inet6 ::1 prefixlen 128
   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
dc0: flags=8943 mtu 1500
   lladdr 00:04:e2:2e:80:0b
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
   inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255
   inet6 fe80::204:e2ff:fe2e:800b%dc0 prefixlen 64 scopeid 0x1
ep1: flags=8863 mtu 1500
   lladdr 00:20:af:4a:44:9b
   media: Ethernet 10baseT
   inet6 fe80::220:afff:fe4a:449b%ep1 prefixlen 64 scopeid 0x2
pflog0: flags=141 mtu 33224
pfsync0: flags=0<> mtu 1460
   groups: carp
enc0: flags=0<> mtu 1536
pppoe0: flags=8810 mtu 1492
   dev: ep1 state: initial
   sid: 0x0 PADI retries: 0 PADR retries: 0
   groups: pppoe egress
   inet6 fe80::204:e2ff:fe2e:800b%pppoe0 ->  prefixlen 64 scopeid 0x7
   inet 0.0.0.0 --> 0.0.0.1 netmask 0x

# route -n show
Routing tables

Internet:
DestinationGatewayFlagsRefs  UseMtu  Interface
default0.0.0.1UGS 114798  -   pppoe0
0.0.0.1defaultUH  10  -   pppoe0
10.0.0/24  link#1 UC  30  -   dc0
10.0.0.1   00:04:e2:2e:80:0b  UHLc1  112  -   lo0
10.0.0.51  00:0d:9d:8b:2a:99  UHLc212200  -   dc0
10.0.0.53  00:08:a1:ac:27:06  UHLc0   36  -   dc0
127/8  127.0.0.1  UGRS00  33224   lo0
127.0.0.1  127.0.0.1  UH  10  33224   lo0
224/4  127.0.0.1  URS 00  33224   lo0

Internet6:
DestinationGateway
FlagsRefs  UseMtu  Interface
::/104 ::1UGRS
  00  -   lo0
::/96  ::1UGRS
  00  -   lo0
::1::1UH
 120  33224   lo0
::127.0.0.0/104::1UGRS
  00  -   lo0
::224.0.0.0/100::1UGRS
  00  -   lo0
::255.0.0.0/104::1UGRS
  00  -   lo0
:::0.0.0.0/96  ::1UGRS
  00  -   lo0
2002::/24  ::1UGRS
  00  -   lo0
2002:7f00::/24 ::1UGRS
  00  -   lo0
2002:e000::/20 ::1UGRS
  00  -   lo0
2002:ff00::/24 ::1UGRS
  00  -   lo0
fe80::/10  ::1UGRS
  00  -   lo0
fe80::%dc0/64  link#1 UC
  00  -   dc0
fe80::204:e2ff:fe2e:800b%dc0   00:04:e2:2e:80:0b  UHL
  00  -   lo0
fe80::%ep1/64  link#2 UC
  00  -   ep1
fe80::220:afff:fe4a:449b%ep1   00:20:af:4a:44:9b  UHL
  00  -   lo0
fe80:

Re: Is Theo still hiking ????

2007-02-09 Thread Claudio Jeker
On Fri, Feb 09, 2007 at 09:14:27PM +0100, Tonnerre LOMBARD wrote:
> Salut,
> 
> On Mon, Jan 29, 2007 at 10:45:08AM +0100, Claudio Jeker wrote:
> > Note: the OpenBSD routing table does not do that.
> 
> It's hard to do hardware accelerated FIBs without the hardware, isn't it?
> 

Using a compiled FIB may be even useful in software. e.g. an LC trie needs
around 3-5MB for a full view instead of the 25+ MB of the patricia trie.
The smaller size results in less CPU cache trashing and higher speed.
Btw. Cisco CEF is nothing more than a compiled FIB everything is still
done in software.

> > While IPv6 has a static header size it uses header stacking and so every
> > router has to do the same stupid header parsing that needs tons of special
> > logic.
> 
> If you need to look at them at all, that is. For simple end-to-end routing,
> this is not required.
> 

If you don't look at the additional IPv6 headers then you should do the
same for IPv4 and we're back on square 1. It is in the standard and needs
to be implemented even if only 1ppm of the transported packets are using it.

-- 
:wq Claudio



Re: Is Theo still hiking ????

2007-02-09 Thread Jeroen Massar
Tonnerre LOMBARD wrote:
> Salut,
>
> On Mon, Jan 29, 2007 at 10:45:08AM +0100, Claudio Jeker wrote:
>> Note: the OpenBSD routing table does not do that.
>
> It's hard to do hardware accelerated FIBs without the hardware, isn't it?

Addon cards can always be done. I am pretty sure that one could devise a
way to plugin some hardware lookup table into OpenBSD. Use the source ;)
Of course letting the NIC's access it so they can figure out where to
send their packets too might be a better scheme.

Also some people consider things only to be hardware when it is a real
construct of and/or gates and the likes, for them FPGA's don't count...
your mileage/ideas/rationale/... may vary.

>> While IPv6 has a static header size it uses header stacking and so every
>> router has to do the same stupid header parsing that needs tons of special
>> logic.
>
> If you need to look at them at all, that is. For simple end-to-end routing,
> this is not required.

It does have to look at them even for "simple end-to-end routing"
because some next-headers can be flagged as 'hop by hop' and that means
exactly that: every hop needs to look at them and also process them.

Normally though one doesn't add these options, but one certainly can and
it is expected that people will certainly use them.

This is also the fun for many 'firewalls', there are some out there
which only look at the first chained header. Some NetFlow
implementations also do this, and thus will report "HOP BY HOP" as the
protocol, while it actually is TCP or UDP in the end :)

Greets,
 Jeroen

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]



Re: Is Theo still hiking ????

2007-02-09 Thread Tonnerre LOMBARD
Salut,

On Mon, Jan 29, 2007 at 10:45:08AM +0100, Claudio Jeker wrote:
> Note: the OpenBSD routing table does not do that.

It's hard to do hardware accelerated FIBs without the hardware, isn't it?

> While IPv6 has a static header size it uses header stacking and so every
> router has to do the same stupid header parsing that needs tons of special
> logic.

If you need to look at them at all, that is. For simple end-to-end routing,
this is not required.

Tonnerre

[demime 1.01d removed an attachment of type application/pgp-signature]



pf rule question

2007-02-09 Thread Rafał Brodewicz
Hello.

While trying to configure pf to pass dhcp requests I've build a simple rule:

block log all
pass in log on $inf_if proto udp from { $int_if:network 0.0.0.0 } \
port 68 to 255.255.255.255 port 67

But it seems that above rule pass out udp to port 68 (like it was having
keep state added), but it shouldn't, right?
Why and how is that possible?

Thanks in advance.

-- 
raff



Re: pf multicast address: very simple question

2007-02-09 Thread Claudio Jeker
On Fri, Feb 09, 2007 at 04:27:26PM -0200, Gustavo Rios wrote:
> Dear list members,
> 
> i am setting up a firewall and would like to block any packet
> destinated to a multicast address with a protocol not equal to udp. Is
> this a sound rule? Is it possible?
> 

Sure it is possible if it is sound is up to you. e.g. OSPF does not use
UDP. Btw. unless you enable multicast forwarding and add some multicast
routes no multicast traffic will traverse your firewall.

-- 
:wq Claudio



pf multicast address: very simple question

2007-02-09 Thread Gustavo Rios

Dear list members,

i am setting up a firewall and would like to block any packet
destinated to a multicast address with a protocol not equal to udp. Is
this a sound rule? Is it possible?

Thanks.



Re: fd.o HAL support / OpenBSD alternative for NetworkManager

2007-02-09 Thread Bret Lambert
On Fri, 2007-02-09 at 17:39 +0200, Stefan Parviainen wrote:
> Is there any work going on to get support for the freedesktop.org HAL
> specification (http://wiki.freedesktop.org/wiki/Software_2fhal)? It seems that
> there are quite a few programs that would benefit from this. Is there a 
> technical reason why this hasn't been implemented yet, or is the reason 
> simply lack of developers? I realize that the port would probably be fairly 
> difficult to make.
> 
> The reason I'm asking is that on linux I can use this really wonderful 
> program 
> called NetworkManager which manages network connection (Who would have 
> guessed?). Unfortunately it requires fd.o HAL so using it under OpenBSD is 
> currently impossible. Is there any alternative for OpenBSD which supports 
> network roaming and such?
> 

Just a thought, but it may have something to do with this:


"HAL is licensed to you under your choice of the Academic Free
License version 2.1, or the GNU General Public License version 2.
Both licenses are included here. Some individual source code files 
and/or binaries may be under the GPL only or under the LGPG."

from COPYING, found at http://gitweb.freedesktop.org/?p=hal.git;a=tree,
with (my) emphasis strongly on that last sentence.

- Bret
> --
> Stefan Parviainen



Re: fd.o HAL support / OpenBSD alternative for NetworkManager

2007-02-09 Thread Marco Peereboom
There is no way in hell that this type of garbage will EVER make it in
OpenBSD.  Unlike Linux, OpenBSD *is* free.

On Fri, Feb 09, 2007 at 05:39:46PM +0200, Stefan Parviainen wrote:
> Is there any work going on to get support for the freedesktop.org HAL
> specification (http://wiki.freedesktop.org/wiki/Software_2fhal)? It seems that
> there are quite a few programs that would benefit from this. Is there a 
> technical reason why this hasn't been implemented yet, or is the reason 
> simply lack of developers? I realize that the port would probably be fairly 
> difficult to make.
> 
> The reason I'm asking is that on linux I can use this really wonderful 
> program 
> called NetworkManager which manages network connection (Who would have 
> guessed?). Unfortunately it requires fd.o HAL so using it under OpenBSD is 
> currently impossible. Is there any alternative for OpenBSD which supports 
> network roaming and such?
> 
> --
> Stefan Parviainen



Re: fd.o HAL support / OpenBSD alternative for NetworkManager

2007-02-09 Thread Darrin Chandler
On Fri, Feb 09, 2007 at 05:39:46PM +0200, Stefan Parviainen wrote:
> Is there any work going on to get support for the freedesktop.org HAL
> specification (http://wiki.freedesktop.org/wiki/Software_2fhal)? It seems that

Speaking only for myself, freedesktop.org HAL is a horrible, nasty
thing. They had good intentions, but made bad initial assumptions. Then
they went further and made bad implementation decisions. If I wanted an
OS that did everything for me by taking away my choices I'd just install
Windows and be done with it. After realizing that there was no simple
way that I could find to disable HAL, I nuked my only remaining Linux
installation.

-- 
Darrin Chandler   |  Phoenix BSD Users Group
[EMAIL PROTECTED]  |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/darrin/  |



fd.o HAL support / OpenBSD alternative for NetworkManager

2007-02-09 Thread Stefan Parviainen
Is there any work going on to get support for the freedesktop.org HAL
specification (http://wiki.freedesktop.org/wiki/Software_2fhal)? It seems that
there are quite a few programs that would benefit from this. Is there a 
technical reason why this hasn't been implemented yet, or is the reason 
simply lack of developers? I realize that the port would probably be fairly 
difficult to make.

The reason I'm asking is that on linux I can use this really wonderful program 
called NetworkManager which manages network connection (Who would have 
guessed?). Unfortunately it requires fd.o HAL so using it under OpenBSD is 
currently impossible. Is there any alternative for OpenBSD which supports 
network roaming and such?

--
Stefan Parviainen



Collection 2007

2007-02-09 Thread Isabelle
Bonjour, Afin de stimuler votre force de vente et fidiliser vos clients,
Promocadeaux leader du cadeau d'entreprise en Europe, vous propose ses
dernihres nouveautis : GPS, cli USB, textile publicitaire.23.000
rifirences en ligne sur www.promocadeaux.com. Dans l'attente de votre
visite, Veuillez agrier, nos sinchres salutations. L'iquipe Promocadeaux92
agences en Europewww.promocadeaux.com

Offre riservie exclusivement aux entreprises.

Conformiment ` la Loi Informatique et Libertis parue au Journal Officiel
du 6 janvier 1978, vous disposez d'un droit d'acchs, de rectification, et
d'opposition aux donnies personnelles vous concernant. Pour ne plus
recevoir d'informations de notre part, Cliquez ici



BRL-CAD now compiles on OpenBSD :-)

2007-02-09 Thread Siju George

http://marc.theaimsgroup.com/?l=openbsd-misc&m=117087499332720&w=2

--Siju



Re: CARP send failed due to mbuf memory error

2007-02-09 Thread Matt Hamilton
Further info on the problem below.  The past two nights the failover  
has happened at between 12:03am and 12:05am both nights.  Looking at  
traffic graphs, I don't see any spikes or anomolies at all.  The  
first time we had 4 mbuf errors, and checking today, the total is 8,  
so in both cases there were 4 mbuf errors and then the carp failed over.


I'm still none the wiser as to why this is happening though.  I'm  
going to setup tcpdump to run tonight at 11:55pm and see if I can  
capture the traffic to see if I can see any particular packet(s)  
causing the problem.


-Matt


On 8 Feb 2007, at 11:14, Matt Hamilton wrote:


Hi all,
  Just been trying to track down why CARP keeps unexpectedly  
failing over to the backup (a pair of firewalls) and I noticed  
(OpenBSD/i386 3.9) that there have been some mbuf errors:


# netstat -s -p carp
carp:
98 packets received (IPv4)
0 packets received (IPv6)
0 packets discarded for bad interface
0 packets discarded for wrong TTL
0 packets shorter than header
0 discarded for bad checksums
0 discarded packets with a bad version
0 discarded because packet too short
0 discarded for bad authentication
0 discarded for bad vhid
0 discarded because of a bad address list
144221 packets sent (IPv4)
0 packets sent (IPv6)
4 send failed due to mbuf memory error

I have 8192 mbufs (set by sysctl):

# netstat -m
550 mbufs in use:
546 mbufs allocated to data
1 mbuf allocated to packet headers
3 mbufs allocated to socket names and addresses
546/702/8192 mbuf clusters in use (current/peak/max)
1576 Kbytes allocated to network (78% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines

Any ideas?  Someone suggested that the mbuf memory error counter  
might be incremented when pf drops a packet from a queue, however  
all our carp stuff has its own queue:


snippets from pf.conf:
# Allow CARP from other firewall
pass in quick on $ext_if proto carp from $fw_ext_ips to 224.0.0.18  
keep state queue fw
pass in quick on $int_if proto carp from $fw_int_ips to 224.0.0.18  
keep state queue fw
pass out quick on $ext_if proto carp from $fw_ext_ips to 224.0.0.18  
keep state queue fw
pass out quick on $int_if proto carp from $fw_ext_ips to 224.0.0.18  
keep state queue fw


queue fw   bandwidth 64Kb priority 5 cbq(borrow,red)

and the output from pfctl -s queue -v:

queue   fw bandwidth 64Kb priority 5 cbq( red borrow )
  [ pkts: 154556  bytes:   11546909  dropped pkts:  0  
bytes:  0 ]

  [ qlength:   0/ 50  borrows:  0  suspends:  0 ]

So no dropped packets there.

Any ideas?

-Matt

--
Matt Hamilton
[EMAIL PROTECTED]
Netsight Internet Solutions, Ltd.Business Vision on the  
Internet
http://www.netsight.co.uk +44 (0)117  
9090901
Web Design | Zope/Plone Development & Consulting | Co-location |  
Hosting




--
Matt Hamilton   [EMAIL PROTECTED]
Netsight Internet Solutions, Ltd.Business Vision on the Internet
http://www.netsight.co.uk +44 (0)117 9090901
Web Design | Zope/Plone Development & Consulting | Co-location | Hosting



Re: BGP With Private AS and IP Addresses Routing To An Internet Gateway

2007-02-09 Thread Claudio Jeker
On Fri, Feb 09, 2007 at 09:45:35AM -, [EMAIL PROTECTED] wrote:
> Anybody,
> 
> 
> If I have two internal routers, say RouterB(ext: 172.16.111.253/32 and int: 
> 10.77.222.254/32) and
> RouterC(ext: 10.77.222.253/32 and int: 10.222.77.254/32), and these two 
> routers had already
> established a BGP session. Now, let us say I will have Router B in BGP with 
> RouterA(ext: Internet
> and 172.16.111.254/32). In all of the routers involved, I enable 
> net.ip.forwarding=1 in
> /etc/sysctl.conf. Also in routerA, I enabled pf with NAT support. From Router 
> A, I could ping the
> Internet. But from routerB having a BGP session with RouterA, I cannot ping 
> the internet. And so
> does in RouterC.
> 
> Any tips to sort this out?
> 

Have a look at bgpctl show rib. I guess all your routes on B and C are
invalid because your using iBGP (same AS on all routers) and in that case
the nexthops need to be redistributed via an IGP (or covered by static
routes) or you could use "set nexthop self" to force your routers to
announce their own address as nexthop.

-- 
:wq Claudio



BGP With Private AS and IP Addresses Routing To An Internet Gateway

2007-02-09 Thread demuel
Anybody,


If I have two internal routers, say RouterB(ext: 172.16.111.253/32 and int: 
10.77.222.254/32) and
RouterC(ext: 10.77.222.253/32 and int: 10.222.77.254/32), and these two routers 
had already
established a BGP session. Now, let us say I will have Router B in BGP with 
RouterA(ext: Internet
and 172.16.111.254/32). In all of the routers involved, I enable 
net.ip.forwarding=1 in
/etc/sysctl.conf. Also in routerA, I enabled pf with NAT support. From Router 
A, I could ping the
Internet. But from routerB having a BGP session with RouterA, I cannot ping the 
internet. And so
does in RouterC.

Any tips to sort this out?


Regards,
Demuel



Re: NFS with pf on OpenBSD

2007-02-09 Thread Clint Pachl

Rodney Hopkins wrote:
I want to run a NFS server on OpenBSD with pf enabled 
and configured only allow the required inbound ports 
needed to allow NFS mounts to work.


The thing is, the only way I've successfully been 
able to do this is to exclude ports <1024 from being 
blocked inbound by pf.  This is due to the fact that 
mountd changes the port(s) it is bound to on every 
reboot or restart of mountd and it always seems to 
bind to ports <1024.


Am I missing something here?  Is there a better/more 
restrictive way to do this?  Can I force mountd to 
bind to specific predictable port(s) so that I can 
write pf rules to only open the ports needed to allow 
inbound NFS request/mounts? 

I've googled, checked the FAQs and searched the archives. 
I haven't found anything regarding this.
  


I discussed this with the group mid last year. Search the archives for 
"**How to pass mount protocol traffic (mountd/NFS) using pf* 
".


*-pachl



Re: external usb disk freezing machine

2007-02-09 Thread frantisek holop
is there a way i can get more usb diagnostics?
it seems that USBVERBOSE is on by default in the kernels.
i would like to get some insight into what's happening
when the disk (seemingly without reasons) detaches.

some more tests yesterday: i used the disk without
problems for more than 3 hours in win xp, so the
bios and cable seem to be ok.

i also installed a feb 2 snapshot, and while at first
it worked flawlessly, i fsck-d a 200G ext2 partition
on it, later it started doing the same as the 4.0 kernel.
i could basically disable one usb port after another
just by plugging the disk in.

another minor info, by the time a port gets disabled,
even if no usb device is plugged in, this is what
usbdevs shows:

amaaq> usbdevs
addr 1: UHCI root hub, Intel
addr 1: UHCI root hub, Intel
addr 1: UHCI root hub, Intel
addr 1: EHCI root hub, Intel
 addr 2: product 0x0900, vendor 0x1058
 

could a usb guru help me with this please?

-f
-- 
from the land "down under": do we look  from up over?



Re: BRL-CAD now compiles on OpenBSD :-)

2007-02-09 Thread Siju George

sorry again :-( this was supposed to goto BSD-India.
on pills and drowsy

--Siju

On 2/9/07, Siju George <[EMAIL PROTECTED]> wrote:

http://marc.theaimsgroup.com/?l=openbsd-misc&m=117087499332720&w=2

--Siju