Re: getting started with spamd/pf
#pass in log on $ext_if proto tcp from spamd-clear to port smtp rdr pass on $ext_if proto tcp from spamd to port smtp \ - 127.0.0.1 port spamd rdr pass on $ext_if proto tcp from !spamd-white to port smtp \ - 127.0.0.1 port spamd I wrote.. 'pass' is a filter rule; these are independent of address translation rules (nat/rdr). (in case it's not clear, I'm talking about the commented-out 'pass in log on $ext_if...' rule, not the 'rdr pass').
FreeBSD Announces Intel Approval for Redistribution of Wireless Firmware
FYI (sorry if this already been mentioned here): http://www.prweb.com/releases/2007/03/prweb509818.htm In order to use the firmware provided by Intel, FreeBSD users must first agree with the license. FreeBSD developers have added a simple mechanism to the operating system to agree to the license by defining an easy-to-use system variable. ;-) Regards Alex -- http://preferans.de
OBSD4.0 on IBM Thinkpad T60
Anyone running OBSD 4.0 or -current on Thinkpad T60? I'm getting one of these and trying to make sure OBSD will run without a fuss. A reply from anyone with T60 - OBSD4.0 experience would be much appreciated. Thanks.
Re: raid dmesg output and raidctl -sv output shows differrent status for raidframe mirror on OpenBSD 4.0 amd64
On 3/8/07, Greg Oster [EMAIL PROTECTED] wrote: Siju George writes: In my dmesg at one point it says == Kernelized RAIDframe activated dkcsum: wd0 matches BIOS drive 0x80 dkcsum: wd1 matches BIOS drive 0x81 root on wd0a So this gets printed from autoconf.c but it *shouldn't* since boothowto |= RB_DFLTROOT; in rf_openbsdkintf.c should cause the setroot() function to bail before printing the above So for some reason it's not calling the appropriate bits in rf_buildroothack() in rf_openbsdkintf.c But exactly why, I have no idea... [snip] Could you please shed any light on why my root device is not raid0 but wda0 still? No idea right now.. if you build a kernel with RAIDDEBUG defined and send the dmesg from that, I might be able to provide additional info... alright thankyou :-) here is it. hope it will help you see more into the issue :-) === OpenBSD 4.0 (GENERIC.RAID.DEBUG) #0: Thu Mar 8 16:37:40 IST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.RAID.DEBUG real mem = 1039593472 (1015228K) avail mem = 878206976 (857624K) using 22937 buffers containing 104165376 bytes (101724K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xfc650 (54 entries) bios0: Acer Aspire Series cpu0 at mainbus0: (uniprocessor) cpu0: AMD Athlon(tm) 64 Processor 3400+, 2193.90 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 ATI RS480 Host rev 0x10 ppb0 at pci0 dev 1 function 0 ATI RS480 PCIE rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 ATI Radeon XPRESS 200 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pciide0 at pci0 dev 17 function 0 ATI IXP400 SATA rev 0x80: DMA pciide0: using irq 11 for native-PCI interrupt pciide0: port 0: device present, speed: 1.5Gb/s wd0 at pciide0 channel 0 drive 0: ST3120827AS wd0: 16-sector PIO, LBA48, 114473MB, 234441648 sectors wd0(pciide0:0:0): using BIOS timings, Ultra-DMA mode 6 pciide0: port 1: device present, speed: 1.5Gb/s wd1 at pciide0 channel 1 drive 0: ST3120827AS wd1: 16-sector PIO, LBA48, 114473MB, 234441648 sectors wd1(pciide0:1:0): using BIOS timings, Ultra-DMA mode 6 pciide1 at pci0 dev 18 function 0 ATI IXP400 SATA rev 0x80: DMA pciide1: using irq 5 for native-PCI interrupt ohci0 at pci0 dev 19 function 0 ATI IXP400 USB rev 0x80: irq 4, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: ATI OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered ohci1 at pci0 dev 19 function 1 ATI IXP400 USB rev 0x80: irq 4, version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: ATI OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 4 ports with 4 removable, self powered ehci0 at pci0 dev 19 function 2 ATI IXP400 USB2 rev 0x80: irq 4 usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: ATI EHCI root hub, rev 2.00/1.00, addr 1 uhub2: 8 ports with 8 removable, self powered piixpm0 at pci0 dev 20 function 0 ATI IXP400 SMBus rev 0x81: SMI iic0 at piixpm0 unknown at iic0 addr 0x2f not configured pciide2 at pci0 dev 20 function 1 ATI IXP400 IDE rev 0x80: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility azalia0 at pci0 dev 20 function 2 ATI IXP450 HD Audio rev 0x01: irq 5 azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: Realtek ALC880 (rev. 8.0), HDA version 1.0 audio0 at azalia0 pcib0 at pci0 dev 20 function 3 ATI IXP400 ISA rev 0x80 ppb1 at pci0 dev 20 function 4 ATI IXP400 PCI rev 0x80 pci2 at ppb1 bus 2 re0 at pci2 dev 3 function 0 Realtek 8169 rev 0x10: irq 5, address 00:16:17:20:2a:a6 rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2 pchb1 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pchb2 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00 pchb3 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb4 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00 isa0 at pcib0 isadma0 at isa0 com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
Stanford SRP auth.
The Stanford SRP Authentication Project The Secure Remote Password protocol is the core technology behind the Stanford SRP Authentication Project. The Project is an Open Source initiative that integrates secure password authentication into new and existing networked applications. more info at: http://srp.stanford.edu/ They claim to wrap telnet and FTP and provide authentication. Personally I see no reason to drop ssh and scp, though I thought I should share the URL. -- JPL
Re: OBSD4.0 on IBM Thinkpad T60
I seem to recall that the new T60's feature the ICH7 (or 6) chipset and thus the HDD connects via SATA interface. This may give you issues, though there is a compatibility mode switch in BIOS (F1) to make the hdd show up as wd instead of sd. The performance is a bit lower as from what i recall, but it works well. I tested this on one of the first T60's to hit the scandinavian markets, so much may have changed since then. APM should still work like a charm, though I can not comment on the wifi equipment, to my experiance, it is often intel or broadcom. The wired interface is usually em and they still use a hardware mixer for volume and mute, if I am not mistaken. Some of the newer models have a amber/orange LED in the notch of the screen, instead of the classic white/ice blue one. A new interesting development as well is the hardware slider, that you disable (hot-plug disconnect, USB?) the wifi and bluetooth adapters with, boy can you feel stupid =) The above is based on my observations of 10-15 different type-model varieties, your results may vary. FYI: As I understand, the X40+ family is quire popular among our praised developers. -- JPL On 3/8/07, atstake atstake [EMAIL PROTECTED] wrote: Anyone running OBSD 4.0 or -current on Thinkpad T60? I'm getting one of these and trying to make sure OBSD will run without a fuss. A reply from anyone with T60 - OBSD4.0 experience would be much appreciated. Thanks. -- -- JPL
amd howto
Hi I would appreciate if someone could point me to a good how to or directions for setting up amd on openbsd. I had hoped there was something like /etc/automount.master, but I see that openbsd uses amd to do basically the same thing. I want to try mounting nfs shares with amd using something like /etc/amd.conf. thank you.
Re: raid dmesg output and raidctl -sv output shows differrent status for raidframe mirror on OpenBSD 4.0 amd64
Siju George writes: On 3/8/07, Greg Oster [EMAIL PROTECTED] wrote: Siju George writes: In my dmesg at one point it says == Kernelized RAIDframe activated dkcsum: wd0 matches BIOS drive 0x80 dkcsum: wd1 matches BIOS drive 0x81 root on wd0a So this gets printed from autoconf.c but it *shouldn't* since boothowto |= RB_DFLTROOT; in rf_openbsdkintf.c should cause the setroot() function to bail before printing the above So for some reason it's not calling the appropriate bits in rf_buildroothack() in rf_openbsdkintf.c But exactly why, I have no idea... [snip] Could you please shed any light on why my root device is not raid0 but wda0 still? No idea right now.. if you build a kernel with RAIDDEBUG defined and send the dmesg from that, I might be able to provide additional info... alright thankyou :-) here is it. hope it will help you see more into the issue :-) [snip] Kernelized RAIDframe activated Searching for raid components... dkcsum: wd0 matches BIOS drive 0x80 dkcsum: wd1 matches BIOS drive 0x81 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 RAIDFRAME: protectedSectors is 64. raid0: Component /dev/wd0d being configured at row: 0 col: 0 Row: 0 Column: 0 Num Rows: 1 Num Columns: 2 Version: 2 Serial Number: 200612010 Mod Counter: 844 Clean: Yes Status: 0 raid0: Component /dev/wd1d being configured at row: 0 col: 1 Row: 0 Column: 1 Num Rows: 1 Num Columns: 2 Version: 2 Serial Number: 200612010 Mod Counter: 844 Clean: Yes Status: 0 RAIDFRAME(RAID Level 1): Using 6 floating recon bufs with no head sep limit. raid0 (root) # So this is still not the output I'd expect what does 'disklabel wd0' and 'disklabel wd1' say? Are wd0d and wd1d of type FS_RAID ?? You should be seeing a Component on wd0d and then the full component label, and that should be printed before the dkcsum bits... It's still almost as though RAID_AUTOCONFIG isn't defined... (but it is, since the Searching... line above is printed...) Later... Greg Oster
Re: OBSD4.0 on IBM Thinkpad T60
I was running OpenBSD on my new Thinkpad T60. Work requires me to run Windows, so it was dual boot. For the most part, things worked well, but several issues prevented me from retaining it. One is that my model was widescreen, and the console text was rather stretched. Not a huge issue, but it did make it annoying to use. Secondly, due to the same issue, I was not able to get a widescreen resolution on it, at least not the native resolution of 1680x1050. Lastly, when I exited X11, due to a bug the console font was HUGE, rendering the console unusable until I restarted, if I happened to exit X11. This is just my model, however, which is widescreen with an ATI Mobility Radeon x1400. I moved to FreeBSD for now, and ended up mainly using an OpenBSD image in VMware. Horrendously insecure, yes, performance poor, but it didn't have the display issues and nothing of any interest or importance is on the laptop anyways. Perhaps these issues can be cleared up when Xenocara is integrated? I would like to move back to a native OpenBSD. On 3/8/07, Johan P. Lindstrvm [EMAIL PROTECTED] wrote: I seem to recall that the new T60's feature the ICH7 (or 6) chipset and thus the HDD connects via SATA interface. This may give you issues, though there is a compatibility mode switch in BIOS (F1) to make the hdd show up as wd instead of sd. The performance is a bit lower as from what i recall, but it works well. I tested this on one of the first T60's to hit the scandinavian markets, so much may have changed since then. APM should still work like a charm, though I can not comment on the wifi equipment, to my experiance, it is often intel or broadcom. The wired interface is usually em and they still use a hardware mixer for volume and mute, if I am not mistaken. Some of the newer models have a amber/orange LED in the notch of the screen, instead of the classic white/ice blue one. A new interesting development as well is the hardware slider, that you disable (hot-plug disconnect, USB?) the wifi and bluetooth adapters with, boy can you feel stupid =) The above is based on my observations of 10-15 different type-model varieties, your results may vary. FYI: As I understand, the X40+ family is quire popular among our praised developers. -- JPL On 3/8/07, atstake atstake [EMAIL PROTECTED] wrote: Anyone running OBSD 4.0 or -current on Thinkpad T60? I'm getting one of these and trying to make sure OBSD will run without a fuss. A reply from anyone with T60 - OBSD4.0 experience would be much appreciated. Thanks. -- -- JPL
Re: amd howto
Thanks David. Two questions? Where is the ${key} refer to? Since I do not see it defined anywhere. And instead of /homes would it not be acceptable to use /net? I had begun setting up a /etc/amd.conf and a /etc/amd/amd.net file. Here are the contents as they are now. /etc/amd.conf [global] log_file = /var/log/amd debug_options = all,noreaddir [/net] map_type = file map_name = /etc/amd/amd.net mount_type = nfs And cat /etc/amd/amd.net * -opts:=rw,wsize=8192,rsize=8192,nfsvers=3,tcp,soft,intr type:=nfs;rhost:=rockstar.xnet.is -Original Message- From: David DELAVENNAT [mailto:[EMAIL PROTECTED] Sent: 8. mars 2007 15:00 To: Zlfar M. E. Johnson Subject: Re: amd howto Zlfar M. E. Johnson a icrit : Hi I would appreciate if someone could point me to a good how to or directions for setting up amd on openbsd. I had hoped there was something like /etc/automount.master, but I see that openbsd uses amd to do basically the same thing. I want to try mounting nfs shares with amd using something like /etc/amd.conf. thank you. hi ulfar, something like this? /etc/amd.conf [global] log_file = syslog log_options = info browsable_dirs = no [/homes] map_type = file map_name = /etc/amd.homes mount_type = nfs /etc/amd.homes /defaults type:=nfsl;opts:=rw,grpid,revsport,proto=tcp,vers=3,nosuid,nodev,noatime; * rhost:=filer;rfs:=/data/homes;sublink:=${key}; /etc/syslog.conf ... !amd *.* /var/log/amd.log ... Cordialement / Best regards /david
Re: Stanford SRP auth.
* Johan P. Lindstrvm [EMAIL PROTECTED] [2007-03-08 05:25]: The Stanford SRP Authentication Project The Secure Remote Password protocol is the core technology behind the Stanford SRP Authentication Project. The Project is an Open Source initiative that integrates secure password authentication into new and existing networked applications. more info at: http://srp.stanford.edu/ They claim to wrap telnet and FTP and provide authentication. Personally I see no reason to drop ssh and scp, though I thought I should share the URL. It also has an unacceptable license. - requires the software to spew out acknowledgements - this is not a BSD style license even if it starts off looking like one. /* * Copyright (c) 1997-2001 The Stanford SRP Authentication Project * All Rights Reserved. * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the * Software), to deal in the Software without restriction, including * without limitation the rights to use, copy, modify, merge, publish, * distribute, sublicense, and/or sell copies of the Software, and to * permit persons to whom the Software is furnished to do so, subject to * the following conditions: * * The above copyright notice and this permission notice shall be * included in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED AS-IS AND WITHOUT WARRANTY OF ANY KIND, * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. * * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * In addition, the following conditions apply: * * 1. Any software that incorporates the SRP authentication technology *is requested to display the following acknowlegment: *This product uses the 'Secure Remote Password' cryptographic * authentication system developed by Tom Wu ([EMAIL PROTECTED]). * * 2. Any software that incorporates all or part of the SRP distribution *itself must display the following acknowledgment: *This product includes software developed by Tom Wu and Eugene * Jhong for the SRP Distribution (http://srp.stanford.edu/). * * 3. Redistributions in source or binary form must retain an intact copy *of this copyright notice and list of conditions. */
Wireless PCI card recommendation needed
We are going to build a wireless network using OpenBSD. I have looked at http://www.openbsd.com/i386.html#hardware to see the supported wireless PCI cards. Could someone please recommend an 802.11g card that has a stronger transmit power? Or another card they have had good success with? Shane
Re: FreeBSD Announces Intel Approval for Redistribution of Wireless Firmware
On Mar 8, 2007, at 2:43 AM, Alexander Farber wrote: In order to use the firmware provided by Intel, FreeBSD users must first agree with the license. FreeBSD developers have added a simple mechanism to the operating system to agree to the license by defining an easy-to-use system variable. In line with this policy, the core development team is considering a name change for the system; options include 'Co-opted BSD' and 'Enserfled BSD'. -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: raid dmesg output and raidctl -sv output shows differrent status for raidframe mirror on OpenBSD 4.0 amd64
On 3/8/07, Greg Oster [EMAIL PROTECTED] wrote: [snip] Kernelized RAIDframe activated Searching for raid components... dkcsum: wd0 matches BIOS drive 0x80 dkcsum: wd1 matches BIOS drive 0x81 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 RAIDFRAME: protectedSectors is 64. raid0: Component /dev/wd0d being configured at row: 0 col: 0 Row: 0 Column: 0 Num Rows: 1 Num Columns: 2 Version: 2 Serial Number: 200612010 Mod Counter: 844 Clean: Yes Status: 0 raid0: Component /dev/wd1d being configured at row: 0 col: 1 Row: 0 Column: 1 Num Rows: 1 Num Columns: 2 Version: 2 Serial Number: 200612010 Mod Counter: 844 Clean: Yes Status: 0 RAIDFRAME(RAID Level 1): Using 6 floating recon bufs with no head sep limit. raid0 (root) # So this is still not the output I'd expect what does 'disklabel wd0' and 'disklabel wd1' say? Are wd0d and wd1d of type FS_RAID ?? nope :-( So that is the reason right? is there any hope of fixing it now? Will the raid be functioning right actually? Do you want me to recreate it with FS_RAID? == # disklabel wd0d # /dev/rwd0d: type: ESDI disk: ESDI/IDE disk label: ST3120827AS flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 16 sectors/cylinder: 1008 cylinders: 16383 total sectors: 234441648 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: # sizeoffset fstype [fsize bsize cpg] a: 314590563 4.2BSD 2048 16384 328 # Cyl 0*- 3120 b:204624 3145968swap # Cyl 3121 - 3323 c: 234441648 0 unused 0 0 # Cyl 0 -232580 d: 231085953 3350592 4.2BSD 2048 16384 328 # Cyl 3324 -232575* # disklabel wd1d # /dev/rwd1d: type: ESDI disk: ESDI/IDE disk label: ST3120827AS flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 16 sectors/cylinder: 1008 cylinders: 16383 total sectors: 234441648 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: # sizeoffset fstype [fsize bsize cpg] a: 314590563 4.2BSD 2048 16384 328 # Cyl 0*- 3120 b:204624 3145968swap # Cyl 3121 - 3323 c: 234441648 0 unused 0 0 # Cyl 0 -232580 d: 231085953 3350592 4.2BSD 2048 16384 328 # Cyl 3324 -232575* # disklabel raid0 # /dev/rraid0c: type: RAID disk: raid label: fictitious flags: bytes/sector: 512 sectors/track: 128 tracks/cylinder: 8 sectors/cylinder: 1024 cylinders: 225669 total sectors: 231085824 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: # sizeoffset fstype [fsize bsize cpg] a: 3145728 0 4.2BSD 2048 16384 323 # Cyl 0 - 3071 b: 4194304 3145728swap # Cyl 3072 - 7167 c: 231085824 0 unused 0 0 # Cyl 0 -225669* d: 2097152 7340032 4.2BSD 2048 16384 323 # Cyl 7168 - 9215 e: 4194304 9437184 4.2BSD 2048 16384 323 # Cyl 9216 - 13311 f: 12582912 13631488 4.2BSD 2048 16384 323 # Cyl 13312 - 25599 g: 125829120 26214400 4.2BSD 2048 16384 323 # Cyl 25600 -148479 h: 79042304 152043520 4.2BSD 2048 16384 323 # Cyl 148480 -225669* i: 2031616 2097152 unused 0 0 # Cyl 2048 - 4031 j: 2031616 2097152 unused 0 0 # Cyl 2048 - 4031 k: 2031616 2097152 unused 0 0 # Cyl 2048 - 4031 l: 2031616 2097152 unused 0 0 # Cyl 2048 - 4031 # = You should be seeing a Component on wd0d and then the full component label, and that should be printed before the dkcsum bits... It's still almost as though RAID_AUTOCONFIG isn't defined... (but it is, since the Searching... line above is printed...) RAID_AUTOCONFIG is defined but for that to work the FS type shoud be FS_RAID right? Do you think this setup is bad actually? Thankyou so much Kind Regards Siju
Re: failover default route with ospf (now working, some questions)
I now have the basics working (key was to kill /etc/mygate) but am looking for some refinement advice and have a few specific questions. More details about what I am trying to do are below in a previously quoted post, basically I have a pair of firewalls connecting to the internet and a DMZ and another pair of router/firewalls connected to a couple internal networks. All four of these machines are OpenBSD and have links to eachother. First question: Right now I include all links but the pair partner link (used for pfsync) in my ospf configs. This leads to each host showing two ospf neighbors rather than three. Is this ok? Should I add the pair links? The only reason they would be used is so paired routers would know about their pair through OSPF from a direct connection. I currently use link-local addresses (169.254.254.x) for the pfsync/pair links. Will this cause a problem? Second question: The links to the internet and internal networks should be advertised over ospf and that is working fine. However, no OSPF-specific traffic such as hellos or link state advertisements should be sent over those interfaces. What is the proper way to do this? I read about passive but am not sure if this is the correct approach. Question the third: It seems like there is more than one DR (designated router) from the output of ospfctl show neighbors. From my reading about OSPF I thought there was only one DR per area, but it seems like there is one DR per neighbor pair and a router can be a DR for one pair but BDR for another. What am I misunderstanding here? I think I just don't fully understand the output of ospfctl show neighbor. Question D: Is there a way to get ospfd to reread its config without totally killing and restarting? kill -HUP'ing the parent process did not seem to do anything and HUP'ing the engine process killed all three processes. My configs: For the pair touching the internet and dmz: inlink0if=bge0 inlink1if=bge1 pairif=em3 router-id 0.0.0.30 (other fw is .40) fib-update yes redistribute connected redistribute default area 0 { interface $inlink0if { auth-type none } interface $inlink1if { auth-type none metric 100 # to make this a backup } interface $pairif { auth-type none } interface carp0 { # internet IPs auth-type none } interface carp1 { # dmz auth-type none } } routers connected to our internal networks: uplink0if=bge0 uplink1if=bge1 pairif=em3 servif=carp0 desktopif=carp1 router-id 0.0.0.10 # other internal is .20 fib-update yes redistribute connected area 0 { interface $uplink0if { auth-type none } interface $uplink1if { auth-type none metric 100 # to deprioritize } interface $pairif { auth-type none } interface $servif { auth-type none } interface $desktopif { auth-type none } } I do plan on putting auth in place once I verify everything is working without it. In addition I hope to collapse all these separate auth-type directives into the global or area portions of the conf file. Any other suggestions? Thanks! Chris Chris Black wrote: I have four router/firewalls that are all interconnected (each one to every other with a direct crossover link). Two of these are external-facing and have interfaces connected to the internet and our DMZ. The other two are internal-facing and have connections to our internal networks. I am already using carp to handle failover to each of these networks. The remaining issue is handling failover routes between the internal routers and external routers. I posted to the list awhile ago with a few alternative approaches for this and am now experimenting with ospf. Unfortunately I am new to ospf and was unable to find any docs talking about this type of situation or even really explaining all the various options available in ospfd.conf. I have ospfd running on the machines and all the routers are talking to eachother and seeing eachother as evidenced by output of various ospfctl commands. My main problem is that ospf does not seem to be changing my default route for the internal routers.
Re: raid dmesg output and raidctl -sv output shows differrent status for raidframe mirror on OpenBSD 4.0 amd64
Siju George writes: On 3/8/07, Greg Oster [EMAIL PROTECTED] wrote: [snip] Kernelized RAIDframe activated Searching for raid components... dkcsum: wd0 matches BIOS drive 0x80 dkcsum: wd1 matches BIOS drive 0x81 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 RAIDFRAME: protectedSectors is 64. raid0: Component /dev/wd0d being configured at row: 0 col: 0 Row: 0 Column: 0 Num Rows: 1 Num Columns: 2 Version: 2 Serial Number: 200612010 Mod Counter: 844 Clean: Yes Status: 0 raid0: Component /dev/wd1d being configured at row: 0 col: 1 Row: 0 Column: 1 Num Rows: 1 Num Columns: 2 Version: 2 Serial Number: 200612010 Mod Counter: 844 Clean: Yes Status: 0 RAIDFRAME(RAID Level 1): Using 6 floating recon bufs with no head sep lim it. raid0 (root) # So this is still not the output I'd expect what does 'disklabel wd0' and 'disklabel wd1' say? Are wd0d and wd1d of type FS_RAID ?? nope :-( So that is the reason right? Yes. is there any hope of fixing it now? It should just work to change 4.2BSD to RAID... as long as you're never actually mounting /dev/wd0d or /dev/wd1d anywhere it'll be fine... Will the raid be functioning right actually? Do you want me to recreate it with FS_RAID? You should only need to tweak the disklabel. If you boot single-user you should see root on /dev/raid0a .. at that point you can mount / read-write and fix /etc/fstab if necessary. You shouldn't need to rebuild the RAID set... == [snip] = You should be seeing a Component on wd0d and then the full component label, and that should be printed before the dkcsum bits... It's still almost as though RAID_AUTOCONFIG isn't defined... (but it is, since the Searching... line above is printed...) RAID_AUTOCONFIG is defined but for that to work the FS type shoud be FS_RAID right? Yes... if it's not FS_RAID, then for i386/amd64/(and others) it won't even consider the partition for autoconfig... Do you think this setup is bad actually? Nope... just needs a disklabel change and it should work... Later... Greg Oster
Nic bridge doesn't forward packets
Hi all, I have a extrange problem. Last week, I have installed a new OpenBSD server for our new datacenter. I had configured two nics to use as a bridge and I assigned an IP to one of this interfaces, like this: /etc/hostname.em2 up /etc/hostname.em3 inet 172.18.45.1 255.255.255.240 NONE /etc/hostname.bridge0 em2 em3 up With this configuration, bridge doesn't forward packets between two network segments (ip forwarding is enabled on sysctl.conf). Somebody knows what I do wrong??? Many thanks. -- CL Martinez carlopmart {at} gmail {d0t} com
Layout error in 4.0 CD set instruction booklet
ERRATA The instruction booklet with the OpenBSD 4.0 CD set contains a layout error that confuses the disklabel process. There are 12 (unnumbered) pages in the booklet, including the front and back covers. To avoid confusion, please put a note at the bottom of page 6, the one with the heading Installation Instructions, saying that the text on the next two pages is swapped. In other words, read the manual in the order, ...6,8,7,9
authpf - update user rules without kicking them out
Setup: OpenBSD 3.8 using authpf is control individual user access. Users authenticate by logging in with ssh and obtain access to praticular IP addresses. Problem: If we change the users rulesets while they're logged in, these changes won't be reflected until they log back in. Is there a way to update the rules without killing the users authpf instance and having them log back in? Example: # cat /etc/authpf/users/cyoub/authpf.rules external_if = bge0 internal_if = bge1 pass in quick on $external_if from $user_ip to 172.16.0.0/22 pass in quick on $external_if from $user_ip to 172.16.4.0/22 pass in quick on $external_if from $user_ip to 172.16.8.0/22 -- I add this after I authenticate. cyoub18023 0.0 0.1 488 800 p2 Ss+3:53PM0:00.04 -authpf: [EMAIL PROTECTED] (authpf) 1) I authenticate via ssh 2) I access my now available IP resources 3) My authpf.rules file gets newly updated while I'm logged in 4) I cannot access my newly updated IP resources 5) I kill -TERM 18023, or if I kill -HUP 18023 and kill my session 6) I re-authenticate via ssh 7) I access my now available IP resources AND my newly updated IP resources How can I skip #4-6? -- View this message in context: http://www.nabble.com/authpf---update-user-rules-without-kicking-them-out-tf3370107.html#a9377193 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Nic bridge doesn't forward packets
On Thu, Mar 08, 2007 at 06:58:00PM +0100, carlopmart wrote: /etc/hostname.bridge0 em2 em3 up # mv /etc/hostname.bridge0 /etc/bridgename.bridge0 -- Darrin Chandler | Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/darrin/ |
Apache and cgi
I have apache 1.3 setup to execute cgis (perl). But I'm having a problem getting the cgis to execute while apache is chrooted. If I disable chroot (httpd -d) the cgis exexute just fine, but they won't run while chrooted (500 internal server error). But, if I follow the openbsd faq to see what dependencies my cgi needs to run in the chrooted environment I get this: ldd hellowworld.cgi helloworld.cgi: ldd: helloworld: not an ELF executable What am I doing wrong? = Colorado Pulte Homes New Denver Co. Springs Homes Near Great Dining Entertainment. http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=fdaa97d9fb5cabb356d3a277a 34faab5
Re: failover default route with ospf (now working, some questions)
On 2007/03/08 10:12, Chris Black wrote: Right now I include all links but the pair partner link (used for pfsync) in my ospf configs. This leads to each host showing two ospf neighbors rather than three. Is this ok? yes that's ok. The links to the internet and internal networks should be advertised over ospf and that is working fine. However, no OSPF-specific traffic such as hellos or link state advertisements should be sent over those interfaces. What is the proper way to do this? I read about passive but am not sure if this is the correct approach. passive is correct. It seems like there is more than one DR (designated router) from the output of ospfctl show neighbors. From my reading about OSPF I thought there was only one DR per area, but it seems like there is one DR per neighbor pair and a router can be a DR for one pair but BDR for another. What am I misunderstanding here? I think I just don't fully understand the output of ospfctl show neighbor. DR/BDR are per-network (i.e. shared-media between a number of routers e.g. an ethernet segment), an area may contain more than one of these. Is there a way to get ospfd to reread its config without totally killing and restarting? kill -HUP'ing the parent process did not seem to do anything and HUP'ing the engine process killed all three processes. 4.1 will have added 'ospfctl reload' - this is way more complicated than you might first think (the diff is something like 1000 lines, it was done at the end of January). I tried it last time I added a vlan to production routers and it worked fine then. redistribute connected That will redistribute the interface you run pfsync over which you might like to avoid. (you already specifically list the interfaces you are interested in so you don't need it). auth-type none I do plan on putting auth in place once I verify everything is working without it. In addition I hope to collapse all these separate auth-type directives into the global or area portions of the conf file. imho it pays to do things like that from the start - otherwise you then have to disrupt a working setup to change configuration. in global: auth-type crypt auth-md 1 some.key.here auth-md-keyid 1
Re: Nic bridge doesn't forward packets
On Thursday, March 8, 2007 at 18:58:00 +0100, carlopmart wrote: Hi all, I have a extrange problem. Last week, I have installed a new OpenBSD server for our new datacenter. I had configured two nics to use as a bridge and I assigned an IP to one of this interfaces, like this: /etc/hostname.em2 up /etc/hostname.em3 inet 172.18.45.1 255.255.255.240 NONE /etc/hostname.bridge0 em2 em3 up With this configuration, bridge doesn't forward packets between two network segments (ip forwarding is enabled on sysctl.conf). Somebody knows what I do wrong??? mv /etc/hostname.bridge0 /etc/bridgename.bridge0 and change the contents to add em2 add em3 up HTH, Maurice
Re: Apache and cgi
On Fri, Mar 09, 2007 at 02:45:13AM +0800, First Last wrote: But, if I follow the openbsd faq to see what dependencies my cgi needs to run in the chrooted environment I get this: ldd hellowworld.cgi helloworld.cgi: ldd: helloworld: not an ELF executable You'll need perl and its dependancies inside chroot, plus any modules used in your cgi scripts, and you may also need other things like /bin/sh in chroot as well. -- Darrin Chandler | Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/darrin/ |
Re: Apache and cgi
At 02:45 AM 3/9/2007 +0800, First Last wrote: I have apache 1.3 setup to execute cgis (perl). But I'm having a problem getting the cgis to execute while apache is chrooted. If I disable chroot (httpd -d) the cgis exexute just fine, but they won't run while chrooted (500 internal server error). You need all your executables IN the chroot, .. But, if I follow the openbsd faq to see what dependencies my cgi needs to run in the chrooted environment I get this: ldd hellowworld.cgi helloworld.cgi: ldd: helloworld: not an ELF executable a cgi is not executable. If you look at the top of the file, you will see the executable, e.g. !#/usr/bin/perl You need to run ldd on the *executable*, not the cgi. Also, if you are running Perl, you will need to ensure that all modules are also in the chroot. Lee
Re: Wireless PCI card recommendation needed
Could someone please recommend an 802.11g card that as a stronger transmit power? Or another card they have had good success with? I use an orinoco card in my laptop..works wonderfully. Under linux the madwifi driver is used, wi0 in OpenBSD. I know you're looking for a pci card; I would look for cards based off of the same chip. Here is the relevant info from dmesg.. wi0 at pcmcia0 function 0 Lucent Technologies, WaveLAN/IEEE, Version 01.01 port 0xa000/64 wi0: Firmware 8.72 variant 1, address 00:02:2d:8a:d5:31 good luck, Jason -- IEEE Student Branch President Wentworth Institute of Technology 550 Huntington Ave. Boston, MA. 02115 401.837.8417 [EMAIL PROTECTED]
Re: Wireless PCI card recommendation needed
We are testing ralink RT2500 series chipset heavily here, see excellent http://ralink.rapla.net/ Even same chipset may perform different while on g-mode. Kevin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thomas Mullins Sent: Friday, March 09, 2007 12:23 AM To: misc@openbsd.org Subject: Wireless PCI card recommendation needed We are going to build a wireless network using OpenBSD. I have looked at http://www.openbsd.com/i386.html#hardware to see the supported wireless PCI cards. Could someone please recommend an 802.11g card that has a stronger transmit power? Or another card they have had good success with? Shane
OpenBSD wierdness
Hi everyone, I'm at my wits end here with this and I don't know who to ask.. For about a week now my OpenBSD router has been acting up in the strangest ways. Route's dissapear, ethernet speeds crawl to a halt and other wierdness.. I'm about to wipe this box clean and start from scratch but I would really like to try and figure out what's going on first.. I don't know if it helps if I describe some of the symptoms.. I'll try and draw a diagram first if I may... ISP1ISP2 | | | | | | dc1--- dc2 | obsd3.9 | | | |-sis0--dc0--| || ||-DMZ | -10.110.38/24 Interface dc0 is bridged with interfaces dc1dc2 Firstly, and perhaps most alarming When I run the iperf utitlity between the router and a system on the network I get about 3Mb/s throughput. When I run it between a system on the DMZ and the router - the same thing. I tried disabling pf and get the same results. Running iperf between the boxes on the LAN I get proper results - of course. My only ideas are 1) failing NIC 2) NIC Drivers?? 3) routing issues? The second symptom is that periodically my vpn will drop throughout the day - corresponding with this (I think) whenever I run a continual ping to somewhere(anywhere) on the internet it will work fine any number of times but then it'll stop - sit there and hang for 10 seconds perhaps and then start back up IF it is a failing NIC - could one bad NIC make the others act up (interrupts?) I'm not sure I made myself very clear on this - I'm having a very hard time tracking this down. Any ideas or suggestions on investigation this would be appreciated. Any beautifully simple solutions even more so :) I REALLY want to figure out what's going on instead of simply wiping the box clean. Think of all the knowledge value :| Thanks a lot... Steve Glaus
OT: Google-mini equivalent on OpenBSD suggestions needed
Hi, Sorry for the off topic and fell free to ignore please. But, I am at a lost as to find something that would run very nicely on OpenBSD that would be similar to a google mini search engine. There is so many choices that evaluating each one is just very time consuming. So, I thought to asked valuable feedback if possible. Any inside would be very much appreciated. I look into this a few years ago and couldn't end up with a decent working setup. - Needs customizable search - Have to have index of PDF capability. - Needs to be able to display prefer results on specific search on top of the list. - Capability to customize the display page as well to look like the site it would be run for. - And run on OpenBSD without emulation for specific Linus stuff, etc. I would very much appreciate any valuable inside you may be able or welling to share. Again sorry for the off topic subject and fell free to send in private as well if that's totally not appropriate for the list. It's not like the choices are missing, but witch one are good and works well in OpenBSD world, that's a different question. Thanks for your valuable time and excuse my intrusion. Best, Daniel
Re: OBSD4.0 on IBM Thinkpad T60
On Thu, Mar 08, 2007 at 01:35:46PM +0100, Johan P. Lindstr?m wrote: I seem to recall that the new T60's feature the ICH7 (or 6) chipset and thus the HDD connects via SATA interface. This may give you issues, though there is a compatibility mode switch in BIOS (F1) to make the hdd show up as wd instead of sd. The performance is a bit lower as from what i recall, but it works well. I tested this on one of the first T60's to hit the scandinavian markets, so much may have changed since then. There is no need to change anything here. APM should still work like a charm, though I can not comment on the The newer ThinkPads no longer emulate APM so it doesn't work like a charm. Most noteably this means suspend is not yet supported on T60. wifi equipment, to my experiance, it is often intel or broadcom. The Wifi is Intel PRO/Wireless 3945ABG wpi(4)
Apache with threads and OpenBSD
Hi all, I've seen this problem crop up before with other people, but can someone please explain to me why compiling apache with the mpm=worker directive (i.e threads) does not work as expected on OpenBSD ? (3.6, 3.9 4.0) Initital connections to the server seem to hang and get no response until something bumps the thread along so to speak. Any reasons for this ? Cheers. - Linden.
OpenBSD wierdness
Hi everyone, I'm at my wits end here with this and I don't know who to ask.. For about a week now my OpenBSD router has been acting up in the strangest ways. Route's dissapear, ethernet speeds crawl to a halt and other wierdness.. I'm about to wipe this box clean and start from scratch but I would really like to try and figure out what's going on first.. I don't know if it helps if I describe some of the symptoms.. I'll try and draw a diagram first if I may... ISP1ISP2 | | | | | | dc1--- dc2 | obsd3.9 | | | |-sis0--dc0--| || ||-DMZ | -10.110.38/24 Interface dc0 is bridged with interfaces dc1dc2 Firstly, and perhaps most alarming When I run the iperf utitlity between the router and a system on the network I get about 3Mb/s throughput. When I run it between a system on the DMZ and the router - the same thing. I tried disabling pf and get the same results. Running iperf between the boxes on the LAN I get proper results - of course. My only ideas are 1) failing NIC 2) NIC Drivers?? 3) routing issues? The second symptom is that periodically my vpn will drop throughout the day - corresponding with this (I think) whenever I run a continual ping to somewhere(anywhere) on the internet it will work fine any number of times but then it'll stop - sit there and hang for 10 seconds perhaps and then start back up IF it is a failing NIC - could one bad NIC make the others act up (interrupts?) I'm not sure I made myself very clear on this - I'm having a very hard time tracking this down. Any ideas or suggestions on investigation this would be appreciated. Any beautifully simple solutions even more so :) I REALLY want to figure out what's going on instead of simply wiping the box clean. Think of all the knowledge value :| Thanks a lot... Steve Glaus
Re: authpf - update user rules without kicking them out
# cat /etc/authpf/users/cyoub/authpf.rules external_if = bge0 internal_if = bge1 pass in quick on $external_if from $user_ip to 172.16.0.0/22 pass in quick on $external_if from $user_ip to 172.16.4.0/22 pass in quick on $external_if from $user_ip to 172.16.8.0/22 -- I add this after I authenticate. cyoub18023 0.0 0.1 488 800 p2 Ss+3:53PM0:00.04 -authpf: [EMAIL PROTECTED] (authpf) 1) I authenticate via ssh 2) I access my now available IP resources 3) My authpf.rules file gets newly updated while I'm logged in 4) I cannot access my newly updated IP resources 5) I kill -TERM 18023, or if I kill -HUP 18023 and kill my session 6) I re-authenticate via ssh 7) I access my now available IP resources AND my newly updated IP resources How can I skip #4-6? Use the authpf_users table instead of adding rules for this. in your main ruleset: table authpf_users persist. pass in quick on $external_if from authpf_users to 172.16.0.0/22 pass in quick on $external_if from authpf_users to 172.16.4.0/22 pass in quick on $external_if from authpf_users to 172.16.8.0/22 then pfctl -f /etc/pf.conf when you add a rule like that authpf maintains who is in that table -Bob
Re: OT: Google-mini equivalent on OpenBSD suggestions needed
Daniel Ouellet wrote: Hi, Sorry for the off topic and fell free to ignore please. But, I am at a lost as to find something that would run very nicely on OpenBSD that would be similar to a google mini search engine. There is so many choices that evaluating each one is just very time consuming. So, I thought to asked valuable feedback if possible. Any inside would be very much appreciated. I look into this a few years ago and couldn't end up with a decent working setup. - Needs customizable search - Have to have index of PDF capability. - Needs to be able to display prefer results on specific search on top of the list. - Capability to customize the display page as well to look like the site it would be run for. - And run on OpenBSD without emulation for specific Linus stuff, etc. I would very much appreciate any valuable inside you may be able or welling to share. Again sorry for the off topic subject and fell free to send in private as well if that's totally not appropriate for the list. It's not like the choices are missing, but witch one are good and works well in OpenBSD world, that's a different question. Thanks for your valuable time and excuse my intrusion. If you are not afraid to mess a bit around with java, then nutch may be for you (http://lucene.apache.org/nutch/about.html), it builds on lucene which i believe is one of the best free text search engines around. /jtm
Re: Almost success: OpenBSD on Xen
2007/3/7, Luca Corti [EMAIL PROTECTED]: On Wed, 2007-03-07 at 17:40 +0100, Christoph Peus wrote: BTW: Though XenEnterprise is a commercial product, there's a free version with limited features available too. HVM is not good for non-Windows guests. Without accelerated guest drivers disk and network I/O is very limited. Xen Enterprise ships with optimized guest drivers for Windows. Then it is a useless feature in my opinion. Paravirtualization is probably the way to go for OpenBSD, but I found no info on the status of the Dom0/DomU ports to Xen. That is indeed high on my wish list, I hope there will be big news soon. Wijnand
Re: OT: Google-mini equivalent on OpenBSD suggestions needed
On 3/8/07, Daniel Ouellet [EMAIL PROTECTED] wrote: But, I am at a lost as to find something that would run very nicely on OpenBSD that would be similar to a google mini search engine. If you are interested in indexing both web sites remotely and local files (e.g. the contents of /var/www/htdocs), check out Swish-e, which can (with help from some additional ports) index the contents of PDFs, etc. It does take a little work to configure. Swish-e, while not available as an OpenBSD port, is actively developed and community supported, see http://swish-e.org/index.html
Re: OT: Google-mini equivalent on OpenBSD suggestions needed
On Thu, Mar 08, 2007 at 04:35:50PM -0500, Daniel Ouellet wrote: But, I am at a lost as to find something that would run very nicely on OpenBSD that would be similar to a google mini search engine. - Needs customizable search - Have to have index of PDF capability. - Needs to be able to display prefer results on specific search on top of the list. - Capability to customize the display page as well to look like the site it would be run for. - And run on OpenBSD without emulation for specific Linus stuff, etc. I've never tried anything of this sort, but ht://Dig is supposed to be useful (as seen on undeadly.org...). Not really a recommendation, I am afraid, other than that it obviously works. Joachim
Re: a few questions on spamdb
I'm currently going in to test some new stuff that will fix this problem. so as theo said. wait a few days.. damn... you guys rock! Will it be something in the lines of pfsync? Cheers
Re: Wireless PCI card recommendation needed
Thomas Mullins wrote: We are going to build a wireless network using OpenBSD. I have looked at http://www.openbsd.com/i386.html#hardware to see the supported wireless PCI cards. Could someone please recommend an 802.11g card that has a stronger transmit power? Or another card they have had good success with? If you can't find a card with the transmit power you want, you may be able to get the range you're looking for from antenna gain and type.
Re: a few questions on spamdb
* Tom Bombadil [EMAIL PROTECTED] [2007-03-08 19:39]: I'm currently going in to test some new stuff that will fix this problem. so as theo said. wait a few days.. damn... you guys rock! Will it be something in the lines of pfsync? Yes. go read undeadly. -Bob
procfs and OpenBSD 4.0
I've re-compiled the kernel with option procfs and I still get the error mount_procfs: /proc: Filesystem not supported by kernel when mounting. What else could I be missing ? Cheers, Linden.
Re: Wireless PCI card recommendation needed
Steve is right that it would produce stable TX/RS by using higher gain antenna. Usually a reliable/stable range for TX of 11g would be 1 miles or few kilo, or it could be up / down. A higher power prism 802.11b would be more reliable than 11g if further than such range. Prism 2.5 chipset with 200mW/370mW is doable for hostap but it would show 100mW maximum internally, codes would need to be adjusted for more than 100mW. Otherwise an external high power AP (400mW 11b / 200mW 11g) board would be more productive. Kevin If you can't find a card with the transmit power you want, you may be able to get the range you're looking for from antenna gain and type.
pkg_add with a) dubious packages and b) multiple packages
On my 4.0 STABLE box I am trying to use pkg_add to install multiple packages with one command: pkg_add -vi cabextract \ colortail \ db \ expiretable \ gnupg \ gtar \ ncftp \ p0f \ unzip \ wget \ zap but I have found that if a package is dubiously named (such as db) then it hangs with: Ambiguous: db could be db-3.1.17p6 db-4.2.52p8 If I go: pkg_add -vi db then I get: Ambiguous: db could be db-3.1.17p6 db-4.2.52p8 Choose one package 0: None 1: db-3.1.17p6 2: db-4.2.52p8 Your choice: Any ideas? Pedro