Re: Blocking web content

[Siju George]

On 4/18/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:

I run an openbsd firewall.  I want to block certain sites either by IP
address or by domain name.  How do I get more information on how to set
this up?



I use Squid Cache proxy because you can Block by URLs URL regular
expression, users , computers etc. thesre are lots of Re-director
Programs that provide more functionality if you are looking for more
than blocking By IP or Domain name

http://www.squid-cache.org/related-software.html

Squid is available both in packages and ports :-)

kind Regards

Siju

Re: layer 2 pf question

[Siju George]

On 4/18/07, poncenby <[EMAIL PROTECTED]> wrote:

Dear list,

What do openbsd users do when they need to filter/redirect traffic based on 
layer
2 addresses?
I'm using 4.0 generic on a 386.



http://www.openbsd.org/faq/faq6.html#Bridge

for MAC address filtering using PF.

http://bio3d.colorado.edu/tor/sadocs/tcpip/bridge.html

Kind Regards

Siju

Re: OpenBSD/alpha Status

[Henning Brauer]

* Bryan Vyhmeister <[EMAIL PROTECTED]> [2007-04-17 19:55]:
> On Apr 17, 2007, at 10:19 AM, Henning Brauer wrote:
> 
> >* Bryan Vyhmeister <[EMAIL PROTECTED]> [2007-04-17 18:29]:
> >>This doesn't sound so promising. I guess the basic idea is that I
> >>need to hope that any CS20 machines I get are not affected by the  
> >>bug.
> >
> >they are, every alpha is. they seem to be affected least tho. it's  
> >been
> >a while that i saw The Alpha Bug on my DS20L
> 
> Do you use any Alpha machines in production?

not any more, and i would not quite recommend doing so, to be honest

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

Re: OpenBSD/alpha Status

[Bryan Vyhmeister]

On Apr 18, 2007, at 12:53 AM, Henning Brauer wrote:


* Bryan Vyhmeister <[EMAIL PROTECTED]> [2007-04-17 19:55]:

Do you use any Alpha machines in production?


not any more, and i would not quite recommend doing so, to be honest


Did you stop using them for performance and age reasons or more for  
stability and reliability especially as it is related to The Alpha Bug?


Bryan

Webservers with Terrabytes of Data in - recomended setups

[Siju George]

Hi,

How Do you handle when you have to Serve terrabytes of Data through
http/https/ftp etc?
Put it on Differrent machines and use some knid of
loadbalancer/intelligent program that directs to the right mahine?

use some kind of clustering Software?

Waht hardware do you use to make your System Scalable from a few
terrabytes of Data to a few hundred of them?

Does OpenBSD have any clustering Software available?

Is anyone running such setups?
Please let me know :-)

Thankyou so much

Kind Regards

Siju

Re: 8-Bit RISC Microcontroller Programming

[Alexandre Ratchov]

On Tue, Apr 17, 2007 at 04:20:22AM -0700, Clint Pachl wrote:
> What options are available for programming 8-bit microcontrollers? I 
> found gputils for Microchip and avr for Amtel in the ports. What is the 
> most supported option?
> 
> gputils in ports is a three year old version; does it work well? Is 
> anyone using Microchip's PICs; if so, what hardware programmers and 
> compilers are compatible with OpenBSD?
> 

IMHO most serial port programmers should work with PIC
microcontrollers. I'm using gputils and a simple home-made
programmer that can program a pic16f84a without removing it from
the application circuit. Here is the schematic and the software:

http://caoua.org/picprog/picprog.tar.gz

feel free to contact me if you have questions about the circuit or
if you have experiences to share.

cheers,

-- Alexandre

Re: Blocking web content

[Soner Tari]

On Tue, 2007-04-17 at 17:34 -0700, [EMAIL PROTECTED] wrote:
> I run an openbsd firewall.  I want to block certain sites either by IP
> address or by domain name.  How do I get more information on how to set
> this up?

DansGuardian: http://dansguardian.org/

Re: Blocking web content

[Reyk Floeter]

On Tue, Apr 17, 2007 at 05:34:48PM -0700, [EMAIL PROTECTED] wrote:
> I run an openbsd firewall.  I want to block certain sites either by IP
> address or by domain name.  How do I get more information on how to set
> this up?
> 
> Thanks in advance.
> 

you can also use the hoststated relay from -current to filter http
requests but it's not perfect yet.

reyk

Re: Webservers with Terrabytes of Data in - recomended setups

[Jacob Yocom-Piatt]

Siju George wrote:
> Hi,
>
> How Do you handle when you have to Serve terrabytes of Data through
> http/https/ftp etc?
> Put it on Differrent machines and use some knid of
> loadbalancer/intelligent program that directs to the right mahine?
>
> use some kind of clustering Software?
>
> Waht hardware do you use to make your System Scalable from a few
> terrabytes of Data to a few hundred of them?
>
> Does OpenBSD have any clustering Software available?
>
> Is anyone running such setups?
> Please let me know :-)
>

can't say with complete confidence b/c i've never done it but using NFS
or AFS would be a start.

AFS would likely be the best solution, albeit with a much sharper
learning curve, and it can be spread over several machines. NFS would
need some system for tracking where which chunk of storage was (a PITA,
AFAICT). if there is an elegant way to achieve this with NFS i would
like to hear about it.

cheers,
jake

> Thankyou so much
>
> Kind Regards
>
> Siju

Re: OpenBSD/alpha Status

[Henning Brauer]

* Bryan Vyhmeister <[EMAIL PROTECTED]> [2007-04-18 10:29]:
> On Apr 18, 2007, at 12:53 AM, Henning Brauer wrote:
> 
> >* Bryan Vyhmeister <[EMAIL PROTECTED]> [2007-04-17 19:55]:
> >>Do you use any Alpha machines in production?
> >
> >not any more, and i would not quite recommend doing so, to be honest
> 
> Did you stop using them for performance and age reasons or more for  
> stability and reliability especially as it is related to The Alpha Bug?

production use was an old AXPpci w/ 21064 (or was that a 21066?) at 166 
MHz as ftp server. it suddenly started to crash a lot while it was only 
doing so occasionally during nightly backups before. since it was so 
old, it might just got bitten by dead ram or the like, I didn't care to 
elaborate and used a spare netra to replace it

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

Re: Blocking web content

[Matt Bettinger]

On 4/18/07, Reyk Floeter <[EMAIL PROTECTED]> wrote:

On Tue, Apr 17, 2007 at 05:34:48PM -0700, [EMAIL PROTECTED] wrote:
> I run an openbsd firewall.  I want to block certain sites either by IP
> address or by domain name.  How do I get more information on how to set
> this up?
>
> Thanks in advance.
>



I second Dansguardian with transparent setup.  I am using this at home
to successfully block sites I do not want my children viewing
(myspace, aol, and other crap).

I statically assign the monitored boxes ip  with dhcp which I then
redirect with pf to a dansguardian server (using a dansguardian table
in pf).   Works like a charm for over two years now.

matt

Les meilleurs tarifs pour vos telecom ...

[Recevez vos devis]

Ce message est au format HTML. Si vous ne parvenez pas ` le lire, cliquez
ici.

[IMAGE]

GESTION D'ENTREPRISE

MARKETING ET COMMUNICATION

NOUVELLES TECHNOLOGIES

GESTION DU PERSONNEL

LOGISTIQUE ET EQUIPEMENT

VEHICULES ET UTILITAIRES

BOUTIQUE EN LIGNE

[IMAGE]



Pour recevoir vos devis gratuitement
Silectionnez parmi nos prestataires labellisis en cochant dans les
annonces ci-dessous



[IMAGE]

Sauvegardez en toute sicuriti

Protigez vos donnies grbce ` la sauvegarde en ligne. Simple, rapide et
efficace 

[IMAGE]

Dicouvrez les solutions IC CENTREX d\'IC TELECOM

Trouvez les meilleures solutions pour vos installations tiliphoniques.
Dicouvrez de nouvelles technologies avec IC CENTREX, votre tiliphonie par
voie IP.

[IMAGE]

La tili-assistance pour une meilleure gestion de votre parc informatique

Avec la multiplication des virus, des problhmes de messagerie, de Spam et
autres, vous jtes tous les jours confrontis ` divers problhmes
informatiques. La tili-assistance permet de prendre le contrtle de votre
parc informatique et de risoudre votre problhme en moins de 5 MN !

[IMAGE]

AMPTECH couvre l\'ensemble des services informatiques de votre
entreprise. Du dipannage rapide ` la prestation spicialisie.

AMPTECH couvre l"ensemble des besoins informatiques d'une entreprise. Les
spicialitis de ce prestataire sont tout d'abord le dipannage
informatique, l'assistance ` distance, les sauvegardes en lignes pour une
meilleure sicuriti, l'hibergement de site Internet. AMPTECH vous offre un
mois sur votre contrat d'assistance !

[IMAGE]

Notre mitier c\'est de rendre le votre le plus facile !

Notre prestataire THALIOS vous propose un service complet de prestations
informatiques selon vos besoins.

[IMAGE]

La tili-assistance pour une meilleure gestion de votre parc informatique

Avec la multiplication des virus, des problhmes de messagerie, de Spam et
autres, vous jtes tous les jours confrontis ` divers problhmes
informatiques. La tili-assistance permet de prendre le contrtle de votre
parc informatique et de risoudre votre problhme en moins de 5 MN !

[IMAGE]

Enrichissez votre site Internet: Giolocalisation, Giomarkiting, Gestion
de riseaux de vente.

Gilocalisez les internautes ` la recherche de vos points de vente,
Mesurez et cartographiez la demande potentielle

[IMAGE]

Optimisez la gestion de vos ventes, du marketing et du service avec une
solution CRM cli en mains !

Microsoft Dynamics CRM est une solution CRM 100 % compatible avec OFFICE.
Microsoft CRM vous permet de suivre, girer, relancer vos prospects et
clients, mais aussi de lancer des opirations marketing et de les suivre
en temps riel ...

[IMAGE]

ACPL France: Opirateur en tilicommunication et en infogirance

Confiez la gestion et le diveloppement de votre informatique ` des
spicialistes

[IMAGE]

Votre solution de Tiliphonie IPBX cli en main !

Vous changez votre Installation Tiliphonique ? Passez ` l'IPBX en toute
sicuriti



A DECOUVRIR CE MOIS-CI ...
Silectionnez parmi nos prestataires labellisis en cochant dans les
annonces ci-dessous



[IMAGE]

Gio-localiser pour mieux girer!

OCEAN, la mithode de giolocalisation la plus avancie du marchi!

[IMAGE]

BSI conseil 100% impression!

Dicouvrez toute la gamme RICOH de photocopieurs , tilicopieurs
professionnels: Le tout en un!

[IMAGE]

Notre mitier c\'est de rendre le votre le plus facile !

Notre prestataire THALIOS vous propose un service complet de prestations
informatiques selon vos besoins.

[IMAGE]

Trouvez des solutions pour financer votre parc informatique!

FIPARC: votre solution locative informatique et tilicom.



Afin d'obtenir un devis GRATUIT dans les 48 heures de la part de nos
prestataires labellisis.
Merci de remplir ce formulaire ou de contacter nos conseillers par
tiliphone au numiro Gratuit suivant : 0 805 16 26 26



Sociiti :  *

Civiliti : *

Nom :  *

Prinom : *

Tiliphone : *

Email : *

Je souhaite recevoir les offres des partenaires Guidedesprestataires.com

*Champs obligatoires

Le Guide Des Prestataires est une activiti de la sociiti Midia Tilecom
SAS - Rcs Criteil 482 024 825- Diclaration CNIL N0 119 789.





- Premihre visite - Acchs membres - Devenir Prestataire - Conditions
ginirales d'utilisation - Qui sommes nous - Plan du site - News-letters-
Partenaires

Cliquez ici pour vous disinscrire

Back again with funny network interfaces

[Manuel Ravasio]

Hello list.

Maybe you remember I'm trying to build a firewall/proxy/DNS server/DHCP
server/access point using an old Toshiba laptop and 3 network interfaces.

A friend of mine gave me a pcmcia card with no recognizable brand/model on
it.
I plugged it in and OpenBSD told me it's a Realtek 8139 card, and called it
"rl0".
I can use the card, but apparently it works at 10Mbps instead of 100.
I tried to force the card's speed and duplex adding suitable entries in
/etc/hostname.rl0:
inet 10.42.42.1 255.255.255.0 10.42.42.255 media 100baseTX mediaopt
full-duplex

ifconfig -a shows a 100Mbps link speed, but the card's and the switch's led
show 10Mbps.

I can live with a 10Mbps connection, because the link to the internet runs at
2Mbps max, I don't care about a very fast connection between wired and
wireless hosts and the laptop cannot be used as a repository anyway. However
I'd like to understand what's going on.

Is there any caveat about Realtek cards, more specifically about pcmcia ones?
Is there a way to check actual connection speed, e.g. generating some random
traffic from OpenBSD box to a faster PC? I'm positive the laptop's hard disk
cannot generate the approx 11MBps transfer rate needed to saturate a 100Mbps
link, so FTPing a large file is not an option.

Any other suggestions appreciated.

thank you all in advance,
byee,
Manuel
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: OpenBSD/alpha Status

[Bryan Vyhmeister]

On Apr 18, 2007, at 5:52 AM, Henning Brauer wrote:


* Bryan Vyhmeister <[EMAIL PROTECTED]> [2007-04-18 10:29]:

Did you stop using them for performance and age reasons or more for
stability and reliability especially as it is related to The Alpha  
Bug?


production use was an old AXPpci w/ 21064 (or was that a 21066?) at  
166
MHz as ftp server. it suddenly started to crash a lot while it was  
only

doing so occasionally during nightly backups before. since it was so
old, it might just got bitten by dead ram or the like, I didn't  
care to

elaborate and used a spare netra to replace it


Understood.

Bryan

Re: Static Ip's: Routing and Fowarding

[Bryan Vyhmeister]

On Apr 18, 2007, at 8:42 AM, Bray Mailloux wrote:


Bryan Vyhmeister wrote:

and post the output of both.

pfctl -sn  --->  nat on rl0 inet from 192.168.0.0/24 to any ->  
(rl0) round-robin


pfctl -sr  ---> scrub in all fragment reassemble
 pass out all keep state
 pass in all keep state



Do you have multiple IP addresses assigned to the rl0 interface? It  
looks like you need to go back to:


nat on $ext_if from $int_if:network -> ($ext_if:0)

You may have some other issue though. You said you enabled ip  
forwarding in sysctl.conf?


Bryan

Re: Blocking web content

[666a]

Nick Holland <[EMAIL PROTECTED]> wrote:

>I'm very fond of DNS blocking:
>  http://www.holland-consulting.net/tech/imblock.html
>simple effective, in spite of theoretical shortcomings...

I found this to be effective too, but...  I used it to block 
internet radio sites at my former company.  The users still found 
other internet radio sites.  So, instead, I used an old computer 
running nst linux and ran bandwidthd on the network.  Instead of 
wasting time on what sites to block, I just had a VP talk to the 
top 10 people who were using most of the bandwidth.  This seemed to 
be the most effective and least time wasting solution.

Re: Static Ip's: Routing and Fowarding

[Bryan Vyhmeister]

On Apr 18, 2007, at 10:01 AM, BradenM - Sonoma Computer wrote:

Yes, ip fowarding is enabled in the sysctl.conf file. I did have an  
alias on rl0 but removed it to try and simplify my nat process.  
I've heard the term binat thrown around, could that possibly aid my  
project?


No, binat is not what you need. You can read about all the NAT stuff at:

http://www.openbsd.org/faq/pf/nat.html

Can you ping the address of rl1 from workstations on the LAN? Also,  
did you correct the netmask in dhcpd.conf?


Bryan

Re: Back again with funny network interfaces

[Dustin Lundquist]

Manuel Ravasio wrote:

A friend of mine gave me a pcmcia card with no recognizable brand/model on
it.
I plugged it in and OpenBSD told me it's a Realtek 8139 card, and called it
"rl0".
I can use the card, but apparently it works at 10Mbps instead of 100.
I tried to force the card's speed and duplex adding suitable entries in
/etc/hostname.rl0:
inet 10.42.42.1 255.255.255.0 10.42.42.255 media 100baseTX mediaopt
full-duplex

ifconfig -a shows a 100Mbps link speed, but the card's and the switch's led
show 10Mbps.
If you hard set one side of an Ethernet link it disables the auto 
negotiation pulse so the other side defaults to 10baseT half duplex. I 
would suggest using media autoselect or media 10baseT unless you can 
configure the port on the switch. If you have another switch available, 
test the card on it and see what it negotiates to, also check that the 
dongle (if there is one) is fully connected.



Dustin Lundquist

Re: It is coming to a mailbox near you

[Alex Lee]

Sighting of BSD 4.1 in the U.S. 

+++
USPS tracking number 0305083131xx assigned to a shipment as follows:

BSD41.0015

Computer Shop/OpenBSD
Box 28
Sweet Grass, MT
59484



_
Interest Rates Fall Again! $430,000 Mortgage for $1,399/mo - Calculate new 
payment 
http://www.lowermybills.com/lre/index.jsp?sourceid=lmb-9632-18679&moid=7581

Re: Recommendation for a UPS

[Michael Scheliga]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Dave
> Sent: Tuesday, April 17, 2007 8:52 AM
> To: [EMAIL PROTECTED] Org
> Subject: Re: Recommendation for a UPS
>
> what is the nut list
> - Original Message -
> From: "bofh" <[EMAIL PROTECTED]>
> To: "[EMAIL PROTECTED] Org" 
> Sent: Monday, April 16, 2007 9:40 AM
> Subject: Re: Recommendation for a UPS
>
>
> > On 4/15/07, bofh <[EMAIL PROTECTED]> wrote:
> >>
> >> Or, find an old ups with a serial port, make sure it's on the nut
> >> list, then buy replacement batteries at batteriesplus for ~$25
each.
> >
> >
> > Oops, sent to Chris when I mean to send to misc :)

http://opensource.mgeups.com/ups.htm

Gestion de la paie, formation, recrutement, interim ...

[Recevez vos devis]

Ce message est au format HTML. Si vous ne parvenez pas ` le lire, cliquez
ici.

[IMAGE]

GESTION D'ENTREPRISE

MARKETING ET COMMUNICATION

NOUVELLES TECHNOLOGIES

GESTION DU PERSONNEL

LOGISTIQUE ET EQUIPEMENT

VEHICULES ET UTILITAIRES

BOUTIQUE EN LIGNE

[IMAGE]

[IMAGE]

Formation de votre iquipe commerciale
Gestion de la paie
Formation Manager
recrutement
Intirim
Stimulation

Nous vous aidons et vous conseillons tous les jours dans la gestion de
vos ressources humaines ` travailler avec le bon prestataire !

Travaillez-vous aujourd'hui avec le bon prestataire ?

Consultez la liste de prestataires que nous vous conseillons sur cet
e-mail.

Trouvez le bon prestataire en quelques clics !

Ne perdez plus de temps ` rechercher et comparer vos prestataires !

Sur chacune de nos fiches prestataires, vous verrez en temps riel la
notation du prestataire par les clients l'ayant dij` pratiqui et le
nombre de connexion sur sa page. Aprhs, il ne vous reste plus qu'` faire
une ou plusieurs demandes gratuites de devis et on s'occupe de vous !

Nos conseillers sont ` votre disposition toute la semaine de 09h00 `
18h00 pour vous renseigner et vous guider dans le choix de vos
prestataires
PLUS DE 200 PRESTATAIRES SUR 55 SERVICES 24H/24 - 7J/7

www.guidedesprestataires.com



Silectionnez parmi nos prestataires labellisis en cochant dans les
annonces ci-dessous



[IMAGE]

MDM CONSEIL: LE CONSEIL DE VOTRE ENTREPRISE

Vous cherchez ` optimiser le potentiel de votre entreprise, vous
souhaitez binificier d'un accompagnement pour votre management ou votre
diveloppement, MDM Conseil est ` votre icoute.

[IMAGE]

Difiscalisez et payez moins d\'imptts avec un investissement immobilier

FONCIERE RESIDENCE vous propose de choisir les meilleurs investissements
immobiliers afin de riduire votre imptt.

[IMAGE]

Une iquipe soudie, en parfait accord!

Dicouvrez toutes les formations nicessaires ` la gestion de votre
personnel. Que vous soyez dirigeant, cadre ou manager trouvez la solution
grbce aux formations sur mesure de KEY CONCEPT.

[IMAGE]

Vos vendeurs sont-ils des loups ou des agneaux?

Dicouvrez les formations de notre prestataire CERTITUDE afin d'obtenir
les meilleurs risultats de vos iquipes commerciales!

[IMAGE]

Assurance: Payez-vous le meilleur prix ?

AUDIT CHORUS CONSEIL est un bureau d'itude spicialisi en audit des
risques des assurances. Que vous soyez ` la recherche de Mutuelle, d'une
assurance privoyance ou simplement pour l'assurance des bris de machines,
AUDIT CHORUS est le prestataire qu'il vous faut.

[IMAGE]

CONTACT EMPLOI, votre site d\'emploi et de recrutement.

Dicouvrez toutes les offres d'emplois de professionnels qualifiis pour de
courtes ou de longues piriodes voire mjme des CDI. CONTACT EMPLOI vous
garantit une confidentialiti et une efficaciti sur l'ensemble des CV
transmis.

[IMAGE]

ET3000 les solutions pour recruter malin!

Vous recherchez des emplois intirimaires, ET3000 vous propose des emplois
temporaires et des emplois pri embauche.

[IMAGE]

Vos bulletins de paies ` prix imbattables!

Faites confiance ` AGISS pour vos tbches administratives salariales



A DECOUVRIR CE MOIS-CI ...
Silectionnez parmi nos prestataires labellisis en cochant dans les
annonces ci-dessous



CAPGEFI: Votre conseiller financier

Grbce ` notre prestataire CAPGEFI, plus besoin d'avoir un conseiller
financier au sein de votre entreprise. CAPGEFI vous propose
d'externaliser le ptle financier de votre entreprise.

Vous disirez accider aux donnies de votre entreprise de n\'importe oy?
C\'est possible avec nos solutions NOMADE !

Etes-vous contraint de rester au bureau pour accider aux donnies de votre
entreprise? Pas du tout ! Que vous soyez en diplacement, chez vous ou en
dimonstration chez un client vous pouvez accider aux donnies de
l'entreprise 24 h/24 et 7j/7 en toute sicuriti.

Protigez votre entreprise du soleil et des regards extirieurs avec des
stores sur mesures !

Stores vinitiens, stores ` bandes, stores bateau, stores de cloison. Pour
embellir et pour protiger vos locaux, vos magasins, vos commerces du
soleil n'hisitez pas ` faire appel ` notre prestataire TRIDECO.

Tiliphonie mobile pour professionnels. Dicouvrez les illimitis de
Bouygues Tilicom

Des forfaits illimitis en tiliphonie mobile, adaptis ` toutes les
entreprises de la plus petite ` la plus grande.Profitez des offres et
tiliphonie mobile ` partir de 59  ht par mois.Avec ALTER TELCOM
dicouvrez la mobiliti sur PDA(ordinateur de poche)avec des forfait ` 19
ht / mois !

Votre partenaire pour l\'externalisation de vos tbches administratives et
juridiques !

AMY CONLUTING accompagne les TPE/ PME dans l'externalisation de
l'ensemble de vos tbches d'administration, communi

Re: Loading a Second Kernel

[Rodrigo V. Raimundo]

use grub and make a script to edit its "default N" config line
you can mount your ext2 partition from gentoo on openbsd and edit 
/boot/grub/menu.lst

this way you can make an script to reboot into openbsd or reboot into gentoo
it can be useful for systems controlled through ssh

Jon Steel wrote:

Hi

Im trying to find a way to do a sort of very soft reboot. For example I
want to boot up the computer into a kernel on one drive, and then after
saying reboot, the computer loads up a kernel from a second drive.

I have gotten this to work with the use of a file to pass information
between boots, but that is not an ideal solution. What I really want is
either a way to pass a parameter to the BIOS so that it can pass it to
boot upon restarting, or a way to reload the boot loader into memory and
then execute it.

It would even be fine to use another operating system on the first boot.
So it boots up into say Gentoo, and then when Im done with that, I want
to load OpenBSD.

Does anybody have an idea how I can approach this?

Thanks

Jonathan Steel

Re: Blocking web content

[Nick Ryan]

I second using PF and transparent squid. It works extremely well and  
is pretty much foolproof.

This is what I use at work and it's blocking sites by domain name,  
regex matching, flash videos,  mp3 sites and also limiting filetype  
downloads.

The interesting bit of squid.conf is here:


acl adclick  
dstdomain .doubleclick.net .valueclick.net .falkag.net .doubleclick.com  
.mediaplex.com .adbrite.com .linksynergy.com .adengage.com .yieldmanager 
.com .falkag.de  
pagead2.googlesyndication.com .adlog.com .tribalfusion.com .intellitxt.c 
om .fastclick.net .burstnet.com .casalemedia.com .atwola.com .serving- 
sys.com .atdmt.com .msads.net .blogads.com .overture.com .advertising.co 
m .chitika.net . 
247realmedia.com .veoh.com .fmpub.net .adinterax.com .snap.com

http_access deny adclick

acl adminpc1 src 172.29.100.100/255.255.255.255
acl adminpc2 src 172.29.100.146/255.255.255.255
acl adminwsus src 172.29.100.30/255.255.255.255
acl blockfiles urlpath_regex \.flv(\?.*)?$ \.mp3(\?.*)?$ \.wmv(\?.*)? 
$ \.avi(\?.*)?$ \.mov(\?.*)?$ \.zip(\?.*)?$ \.exe(\?.*)?$ \.cab(\?.*)? 
$ \.vbs(\?.*)?$
http_access deny blockfiles !adminpc1 !adminpc2 !adminwsus

acl adregex dstdom_regex -i (^)ads\. (^)ad1. (^)ad2. (^)adserver. (^) 
ad\.  (^)ads1\. (^)ads2\.
http_access deny adregex

acl afterwork time MTWHF 18:00-22:10
acl streaming rep_mime_type -i ^video/x-ms-asf ^video/x-ms-sf ^audio/ 
mpeg ^audio/x-mpeg ^application/x-mms-framed ^application/vnd.ms.wms- 
hdr.asfv1 ^video/x-flv ^video/flv ^video/mpeg ^video/x-ms-wvx ^video/ 
x-ms-wmv ^video/vnd.divx ^video/quicktime

http_reply_access deny streaming !afterwork !adminpc1  !adminpc2



It pretty much stops all streaming video. The only hole that there is  
is due to the transparent proxy and the fact that it has to let  
through https unfiltered. Luckily I've not found any sites that use  
https yet that I want to block... It doesn't block all ads either but  
it does get most of the ones from the sites I look at ;)

These rules have changed my bandwidth usage from nearly 100%  
saturation to a much more reasonable 25-40%.

Hope this might be of interest to someone.


Oh yeah, one last thing. To stop IE6/IE7 from throwing a strop and  
putting stupid errors in pages, replace the file: /usr/local/share/ 
squid/errors/English/ERR_ACCESS_DENIED

with:

http://www.w3.org/TR/html4/loose.dtd";>






















I think I might have gone a bit overboard with this reply ah  
well. To answer the original email you could also just us a standard  
pf block command.


Cheers - Nick



On 18 Apr 2007, at 08:13, Siju George wrote:

> On 4/18/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>> I run an openbsd firewall.  I want to block certain sites either  
>> by IP
>> address or by domain name.  How do I get more information on how  
>> to set
>> this up?
>>
>
> I use Squid Cache proxy because you can Block by URLs URL regular
> expression, users , computers etc. thesre are lots of Re-director
> Programs that provide more functionality if you are looking for more
> than blocking By IP or Domain name
>
> http://www.squid-cache.org/related-software.html
>
> Squid is available both in packages and ports :-)
>
> kind Regards
>
> Siju

Re: Blocking web content

[Siju George]

On 4/19/07, Nick Ryan <[EMAIL PROTECTED]> wrote:

acl blockfiles urlpath_regex \.flv(\?.*)?$ \.mp3(\?.*)?$ \.wmv(\?.*)?
$ \.avi(\?.*)?$ \.mov(\?.*)?$ \.zip(\?.*)?$ \.exe(\?.*)?$ \.cab(\?.*)?
$ \.vbs(\?.*)?$
http_access deny blockfiles !adminpc1 !adminpc2 !adminwsus

acl adregex dstdom_regex -i (^)ads\. (^)ad1. (^)ad2. (^)adserver. (^)
ad\.  (^)ads1\. (^)ads2\.
http_access deny adregex

acl afterwork time MTWHF 18:00-22:10
acl streaming rep_mime_type -i ^video/x-ms-asf ^video/x-ms-sf ^audio/
mpeg ^audio/x-mpeg ^application/x-mms-framed ^application/vnd.ms.wms-
hdr.asfv1 ^video/x-flv ^video/flv ^video/mpeg ^video/x-ms-wvx ^video/
x-ms-wmv ^video/vnd.divx ^video/quicktime

http_reply_access deny streaming !afterwork !adminpc1  !adminpc2



Thanks a million :-)

This was a very useful Info

Kind Regards

Siju

Re: Blocking web content

[Steve Shockley]

[EMAIL PROTECTED] wrote:

I run an openbsd firewall.  I want to block certain sites either by IP
address or by domain name.  How do I get more information on how to set
this up?


The article is old (I think it was written for 3.1 or 3.2) but I did the 
same thing using Squid:


http://shockley.net/openbsd/squid.asp

Re: Recommendation for a UPS

[Daniel A. Ramaley]

NUT = Network UPS Tools
http://www.networkupstools.org/
Check the compatibility list. Even better, check the compatibility list 
for the version that is available in an OpenBSD package. The list will 
be in /usr/local/share/ups/driver.list after the package is installed.

On Tuesday 17 April 2007 10:52, you wrote:
>what is the nut list
>> On 4/15/07, bofh <[EMAIL PROTECTED]> wrote:
>> Or, find an old ups with a serial port, make sure it's on the nut
>> list, then buy replacement batteries at batteriesplus for ~$25
>> each.


Dan RamaleyDial Center 118, Drake University
Network Programmer/Analyst 2407 Carpenter Ave
+1 515 271-4540Des Moines IA 50311 USA

Re: Blocking web content

[Tom Hayko]

Matt Bettinger wrote:

On 4/18/07, Reyk Floeter <[EMAIL PROTECTED]> wrote:

On Tue, Apr 17, 2007 at 05:34:48PM -0700, [EMAIL PROTECTED] wrote:
> I run an openbsd firewall.  I want to block certain sites either by IP
> address or by domain name.  How do I get more information on how to 
set

> this up?
>
> Thanks in advance.
>



I second Dansguardian with transparent setup.  I am using this at home
to successfully block sites I do not want my children viewing
(myspace, aol, and other crap).

I statically assign the monitored boxes ip  with dhcp which I then
redirect with pf to a dansguardian server (using a dansguardian table
in pf).   Works like a charm for over two years now.

matt



I'll third Dansguardian.  I haven't gone to lengths that Matt has because
my kids haven't let on that they know where the proxy settings in IE are 
yet.

I'm sure I will have to in the next couple of months though.

Tom


--
Tom Hayko
tjhayko at rogers dot com

PF, CARP, PFsync and multiple default routes

[Gilles Chehade]

Hi misc@,

I am trying to setup a set of "carp"-ed firewalls as follow:



ISP 1   ISP 2
  |   |
   \  /
_ SWITCH # 1 _
 /  ||  \
/   ||   \
   bge0  bge1bge0bge1
   |/|   /
FW #1FW #2
   |\|   \
em0  em1  em0 em1
\ \|  \
 \ |\ SWITCH #3
  \|
   \ SWITCH #2


Each ISP has a modem plugged to SWITCH #1.
FW#1 and FW#2 have bge0 set up for ISP 1 and bge1 set up for ISP 2 (one carp 
per ISP).
FW#1 and FW#2 have em0 set up for switch #2 and em1 set up for switch #3 (one 
carp per switch).
pfsync between FW#1 and FW#2 uses an inet alias on em0 (until IPSec is setup).
FW#1 has sysctl net.inet.carp.preempt set to 1, everything was working as 
expected and I was having a ball plugging, unplugging, rebooting and 
`ifconfig`-ing interfaces ;-)

Then ... I had to configure the firewall to have all hosts connected to SWITCH 
#2 use ISP 1, and all hosts connected to SWITCH #3 use ISP 2.
At first, I read `man route` and after figuring out that it was not possible to 
setup a default gateway for each source subnet, I decided to try pf's 
``route-to''.
I was told that I should avoid using pf to "fix" routing issues.

What do you suggest ?

If it is PF, what would be the pf rules to have the route-to working and are 
they ok to use with carp ?

I tried:

pass in quick on em0 route-to ( bge0 $isp1_gw ) from any to !192.168.0.0/16 
keep state
pass in quick on em1 route-to ( bge1 $isp2_gw ) from any to !192.168.0.0/16 
keep state

(bge0 (carp2) and bge1 (carp3) setup each one with a different default route 
and the -mpath option)

but while it "seemed" to work, carp doesn't seem to like it for some reason 
(unplugging some interfaces on current master causes a flood of CARP 
advertisements).


Thanks for any hint !

Re: Static Ip's: Routing and Fowarding

[Bryan Vyhmeister]

On Apr 18, 2007, at 12:59 PM, BradenM - Sonoma Computer wrote:

I just read an article on dhcp-dns which updates the tinydns data  
file each time a new computer comes online using dynamic host  
control. I do plan on having my own in house DNS server but it  
currently is not implemented. Could this be why I'm having so much  
trouble?


No, I don't think that is it. You have DNS servers listed in your  
dhcpd.conf file but I just looked back at your routing table. You  
have no default route set. Is that still the case? You need to add  
the gateway address to /etc/mygate and then reboot or alternately add  
it using route(8).


Bryan

Re: PF, CARP, PFsync and multiple default routes

[Joel Knight]

--- Quoting Gilles Chehade on 2007/04/18 at 22:23 +0200:

> Hi misc@,
> 
> I am trying to setup a set of "carp"-ed firewalls as follow:
> 
> 
> 
> ISP 1   ISP 2
>   |   |
>\  /
> _ SWITCH # 1 _
>  /  ||  \
> /   ||   \
>bge0  bge1bge0bge1
>|/|   /
> FW #1FW #2
>|\|   \
> em0  em1  em0 em1
> \ \|  \
>  \ |\ SWITCH #3
>   \|
>\ SWITCH #2
> 
> 
> Each ISP has a modem plugged to SWITCH #1.
> FW#1 and FW#2 have bge0 set up for ISP 1 and bge1 set up for ISP 2 (one carp 
> per ISP).
> FW#1 and FW#2 have em0 set up for switch #2 and em1 set up for switch #3 (one 
> carp per switch).
> pfsync between FW#1 and FW#2 uses an inet alias on em0 (until IPSec is setup).
> FW#1 has sysctl net.inet.carp.preempt set to 1, everything was working as 
> expected and I was having a ball plugging, unplugging, rebooting and 
> `ifconfig`-ing interfaces ;-)
> 
> Then ... I had to configure the firewall to have all hosts connected to 
> SWITCH #2 use ISP 1, and all hosts connected to SWITCH #3 use ISP 2.
> At first, I read `man route` and after figuring out that it was not possible 
> to setup a default gateway for each source subnet, I decided to try pf's 
> ``route-to''.
> I was told that I should avoid using pf to "fix" routing issues.
> 
> What do you suggest ?

Have you looked at the multiple routing table features in 4.1? Look at
route(8) and pf.conf(5). Search for the -T option and the 'rtable'
keyword, respectively.




.joel

ahci & intel sata

[giovanni]

hello,

sorry for the question but I would like to understand a bit more

I've added PCI_PRODUCT_INTEL_82801GBM_SATA (product code 0x27c4)
to the ahci_devices list because I've (wrongly?) read somewhere that
Intel 82801GBM
was ahci compliant. Indeed at boot I've:

ahci0 at pci0 dev 31 function 2 "Intel 82801GBM SATA" rev 0x02 GHC
0x0; AHCI 1.1: apic...
ahci0: capabilities: 0xdf12ff03
ports:4 ncmds:32 gen: 1 (1.5Gbps)
ahci0: ports implemented: 0x

have I to deduce that ahci is not available because Port Implemented
register is 0?
if so why is it reported a Number of port of 4? What is the sense of
this "discrepancy"?

thanks,

--
giovanni

Routing all traffic to PPTP VPN tunnel

[Loïc Séguin-Charbonneau]

Hi,

I am fairly new to OpenBSD and I am struggling to be able to connect to
my university's network. I need to establish a VPN connection using the
PPTP protocol. I installed the pptp package, rebuilt my kernel without
gre support (as indicated in the pptp man page), and wrote a
configuration file for ppp that appears to be working. I can connect to
the VPN and I see a new tun0 interface coming up with ifconfig. However,
it seems like no traffic is going through that route.

What I want is really simple, I just want all internet traffic to go
through the VPN (so that my computer appears to belong to the internal
network of the university when I visit sites such as MathSciNet). I
tried to do a
  route change default vpn.cc.umontreal.ca
but it didn't work at all (it closed all connections...). I must admit
that I am fairly mixed up with all this routing thing.

My computer is connected to internet through a router whose internal
address is 192.168.1.1.

Here is some interesting stuff after the vpn as been brought up:

ifconfig tun0
tun0: flags=8011 mtu 1500
groups: tun
inet 132.204.232.32 --> 132.204.2.20 netmask 0x


route show
Routing tables

Internet:
DestinationGateway   FlagsRefs  UseMtu Interface
default192.168.1.1UGS  2  468  -   fxp0
10.5.9/24  vpn.CC.UMontreal.C UGS  00   1500   tun0
loopback   localhost  UGRS 00  33224   lo0
localhost  localhost  UH   28  33224   lo0
vpn.CC.UMontreal.C vpn232-32.CC.UMont UH  1 0   1500   tun0
192.168.1/24   link#1 UC   10  -   fxp0
192.168.1.100:10:a7:26:fb:e5  UHLc 1   46  -   fxp0
192.168.1.5localhost UGHS  00  33224   lo0
BASE-ADDRESS.MCAST localhost  URS  00  33224   lo0


Any help would be really appreciated,
Thanks,

Looc

Re: Routing all traffic to PPTP VPN tunnel

[Adam Hawes]

> My computer is connected to internet through a router whose internal
> address is 192.168.1.1.
>
> Here is some interesting stuff after the vpn as been brought up:
>
> ifconfig tun0
> tun0: flags=8011 mtu 1500
> groups: tun
> inet 132.204.232.32 --> 132.204.2.20 netmask 0x

> Internet:
> DestinationGateway   FlagsRefs  UseMtu Interface
> default192.168.1.1UGS  2  468  -   fxp0
> 10.5.9/24  vpn.CC.UMontreal.C UGS  00   1500   tun0

Your default route still goes out your local router.  That's really
probably what you want in most cases - access to university resources
and raw Internet access through the local connection with lower
latency and probably faster speed.

You need to add a host route to the VPN server that goes via your local
router.  If you just change the default then the machine can't know
how to get encrypted data to the VPN server and so then it can't do
anything at all.

A

Automatic boot of i386 occassionally fails; manually boots OK

[Damon McMahon]

Greetings,

This is quite strange: very occassionally (perhaps a rate of 1 in 25
occasions or so?) automatic booting 3.9/i386 fails, but manually
booting via the console works. Below is the console output and other
potentially relevant information - is this faulty hardware (I suspect
it is given the problem's sporadic nature), or something else?

booting hd0a:: open hd0a:: No such file or directory
failed(2). will try /obsd
boot> trace
boot> ps
boot> boot
booting hd0a:/obsd: 4966248+867848 [52+255872+237161]=0x608d04
entry point at 0x100120

[ using 493460 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
   The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2006 OpenBSD. All rights reserved.  http://www.OpenBSD.org

OpenBSD 3.9 (GENERIC) #1: Wed Mar 14 00:36:26 CST 2007
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class, 512KB L2 cache) 549 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,SER,MMX
,FXSR,SSE
cpu0: disabling processor serial number
real mem  = 133734400 (130600K)
avail mem = 115302400 (112600K)
using 1658 buffers containing 6791168 bytes (6632K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(ff) BIOS, date 03/03/00, BIOS32 rev. 0 @ 0xf0210
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf0200/0xb00
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf9e00/128 (6 entries)
pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371AB PIIX4 ISA" rev
0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xa000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "S3 Savage 4" rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x02
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0
wi
red to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 9770MB, 20010816 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom
removabl
e
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
uhci0 at pci0 dev 7 function 2 "Intel 82371AB USB" rev 0x01: irq 5
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x02: polling
iic0 at piixpm0
eso0 at pci0 dev 11 function 0 "ESS SOLO-1 AudioDrive" rev 0x01: ES1946, irq
10
eso0: mapping Audio 1 DMA using VC I/O space at 0x8cc0
audio0 at eso0
opl0 at eso0: model OPL3
midi0 at opl0: 
"Conexant 56k Winmodem" rev 0x08 at pci0 dev 13 function 0 not configured
sis0 at pci0 dev 14 function 0 "NS DP83815 10/100" rev 0x00, DP83815C: irq 10,
a
ddress 00:a0:cc:74:48:46
nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1
rl0 at pci0 dev 16 function 0 "Accton MPX 5030/5038" rev 0x10: irq 9, address
00
:10:b5:08:5c:32
rlphy0 at rl0 phy 0: RTL internal PHY
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi1 at pcppi0: 
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask f965 netmask ff65 ttymask ffe7
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
Automatic boot in progress: starting file system checks.
/dev/rwd0a: file system is clean; not checking
/dev/rwd0g: file system is clean; not checking
/dev/rwd0d: file system is clean; not checking
/dev/rwd0f: file system is clean; not checking
/dev/rwd0e: file system is clean; not checking
setting tty flags
pf enabled
net.inet.ip.forwarding: 0 -> 1
starting network
starting system logger
starting named
starting initial daemons: ntpd.
savecore: no core dump
checking quotas: done.
building ps databases: kvm dev.
clearing /tmp
starting pre-securelevel daemons:.
setting kernel security level: kern.securelevel: 0 -> 1
creating runtime link editor directory cache.
preserving editor files
starting network daemons: rwhod sendmail ftp-proxy inetd sshd.
starting local daemons:.
standard daemons: cro

Re: Distributed File System

[Almir Karic]

considered nfs over kerberos?

On 4/17/07, Pete Vickers <[EMAIL PROTECTED]> wrote:

try web DAV  - works a treat for me on OpenBSD with linux, Mac &
windows clients...

/pete


On 17 Apr 2007, at 2:28 AM, Rico Secada wrote:

> Hi all.
>
> At work I am experiencing with setting up some distributed file
> system, at the current moment working with NFS. The problem is that
> it is being setup at work and people, from their homes, need to be
> able to mount the system.
>
> I have no prior experience in this, except for setting up and using
> NFS across a LAN.
>
> I would greatly appreciate any recommendations regarding security,
> effectiveness and other advices!
>
> I have been thinking about tunneling NFS over SSH2, and possibly
> using some kind of cache, but I do not know if this is actually the
> best approach. I have also been thinking about using AFS as posted
> before.
>
> Also perhaps, but not necessary, support for Windows could be
> needed in the long run.
>
> What are you guys using and how is it setup?
>
> Best and kind regards!
>
> Rico.





--
almir

Re: Automatic boot of i386 occassionally fails; manually boots OK

[Nick Holland]

Damon McMahon wrote:
> Greetings,
> 
> This is quite strange: very occassionally (perhaps a rate of 1 in 25
> occasions or so?) automatic booting 3.9/i386 fails, but manually
> booting via the console works. Below is the console output and other
> potentially relevant information - is this faulty hardware (I suspect
> it is given the problem's sporadic nature), or something else?
>
> booting hd0a:: open hd0a:: No such file or directory
>  failed(2). will try /obsd

That appears to be your problem, something is sticking random
characters in when the system is expecting a kernel name to boot from.
As a result, the system is trying to boot from a non-existent file
rather than hd0a:/bsd

Because of the info you are providing, I'm guessing you have a
serial console on the system.  Could the serial console device be
sending random characters on boot-up?  Maybe the failure is when power
is interrupted, and reapplied to both systems at the same time, the
OpenBSD machine is just getting to the boot> prompt as the serial
console machine is initializing the serial ports (or sending other
garbage over them for unknown reasons)...a normal reboot of just
the OpenBSD box (or just the serial console box) wouldn't cause
the problem, as the random chars come long before or long after the
boot> prompt.

> boot> trace
> boot> ps

those don't work until the kernel (and thus, ddb) is loaded. :)

> boot> boot
> booting hd0a:/obsd: 4966248+867848 [52+255872+237161]=0x608d04
> entry point at 0x100120

And since this works, I'm kinda inclined to believe that the HW is
basically sound.

IF I'm right (no promises!), a few options I can think of:
1) mess with the serial console machine's boot timing (stick an
old SCSI card in it, that will add 30+ seconds to the boot time!),
2) Do something similar for the OpenBSD box (obviously, do 1 or 2,
not both!)
3) use boot.conf to cause OpenBSD to IMMEDIATELY "just boot off bsd"
rather than presenting you with a boot> prompt (I don't really like
doing that, but it should work, assuming you never have to boot
single user or bsd.rd when the system is very content to boot /bsd).
4) If the system always gets the same random char stuffed in it,
hard-link the kernel to that file name (oh, that is such a lame
solution!)

obviously, "serial console HW that doesn't send garbage on boot"
would be the best option, but it might be difficult.

All this is mostly wrong if you tell me you aren't using a serial
console, but looking back, I see you DID use a serial console on
a similar/same machine some time back..so I suspect I might be on
to something. :)

Nick.

Re: Automatic boot of i386 occassionally fails; manually boots OK

[Damon McMahon]

On 19/04/07, Nick Holland <[EMAIL PROTECTED]> wrote:

Damon McMahon wrote:
> Greetings,
>
> This is quite strange: very occassionally (perhaps a rate of 1 in 25
> occasions or so?) automatic booting 3.9/i386 fails, but manually
> booting via the console works. Below is the console output and other
> potentially relevant information - is this faulty hardware (I suspect
> it is given the problem's sporadic nature), or something else?
>
> booting hd0a:: open hd0a:: No such file or directory
>  failed(2). will try /obsd

That appears to be your problem, something is sticking random
characters in when the system is expecting a kernel name to boot from.
As a result, the system is trying to boot from a non-existent file
rather than hd0a:/bsd

Because of the info you are providing, I'm guessing you have a
serial console on the system.  Could the serial console device be
sending random characters on boot-up?  Maybe the failure is when power
is interrupted, and reapplied to both systems at the same time, the
OpenBSD machine is just getting to the boot> prompt as the serial
console machine is initializing the serial ports (or sending other
garbage over them for unknown reasons)...a normal reboot of just
the OpenBSD box (or just the serial console box) wouldn't cause
the problem, as the random chars come long before or long after the
boot> prompt.


Nick - you seem to have a psychic connection with my serial consoles
(or perhaps just a lot of experience with them!)

This all makes sense now, and you are indeed correct.  The garbage
input is being sent from my console device to the OpenBSD machine when
the console device boots (booting Windows 2K in this case). The reason
for the 1 in 25 or so frequency is because this event only occurs when
both boxes are booting at the same time.


IF I'm right (no promises!), a few options I can think of:


[snip]

You missed the easiest solution (for my circumstances, anyway) - just
disconnect the null modem cable connecting the two until console
access is needed! Obviously not ideal if remote management via serial
console is required, but fine for me.

Many thanks,
Damon

X Window System crash

[Karel Kulhavy]

Looks like X Windows have some race condition or maybe it's in the kernel?

I've been running spamassassin learning which loaded the system. Then I
started X Windows System with "startx". During normal startup, a screen of
garbage flashes and is replaced with black screen and then with X background.

But this time, the garbage stayed. The learning was still running as I could
see by disk activity. I let it overnight and in the morning, there was still
garbage.

I know Linux has a problem like this - the console switching there is designed
in a flawed way, the simple signal mechanism contains a race condition, which
triggers typically during overloaded system. But that OpenBSD would have a
similar problem? Or is it a bug of the X Window System?

dmesg follows:

OpenBSD 4.0-stable (GENERIC) #0: Sat Mar 17 00:07:37 CET 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 1.50GHz ("GenuineIntel" 686-class) 1.50 
GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2
cpu0: Enhanced SpeedStep 1500 MHz (1340 mV): speeds: 1500, 1200, 1000, 800, 600 
MHz
real mem  = 53504 (522500K)
avail mem = 480100352 (468848K)
using 4256 buffers containing 26853376 bytes (26224K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 01/28/05, BIOS32 rev. 0 @ 0xffe90, 
SMBIOS rev. 2.3 @ 0xf8d00 (61 entries)
bios0: Dell Inc. Inspiron 510m
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc590/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371 ISA and IDE" rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0xd800! 0xcd800/0x800 0xce000/0x800 0xce800/0x800 
0xcf000/0x800 0xcf800/0x800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82852GM Hub-PCI" rev 0x02
"Intel 82852GM Memory" rev 0x02 at pci0 dev 0 function 1 not configured
"Intel 82852GM Configuration" rev 0x02 at pci0 dev 0 function 3 not configured
vga1 at pci0 dev 2 function 0 "Intel 82852GM AGP" rev 0x02: aperture at 
0xf000, size 0x800
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"Intel 82852GM AGP" rev 0x02 at pci0 dev 2 function 1 not configured
uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x01: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x01: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x01: irq 11
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x01: irq 11
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
ppb0 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x81
pci1 at ppb0 bus 1
cbb0 at pci1 dev 1 function 0 "TI PCI4510 CardBus" rev 0x02: irq 11
"TI PCI4510 FireWire" rev 0x00 at pci1 dev 1 function 1 not configured
ipw0 at pci1 dev 3 function 0 "Intel PRO/Wireless 2100" rev 0x04: irq 11, 
address 00:0c:f1:61:60:36
fxp0 at pci1 dev 8 function 0 "Intel PRO/100 VE" rev 0x81, i82562: irq 11, 
address 00:11:43:52:46:e7
inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 2 device 0 cacheline 0x8, lattimer 0x20
pcmcia0 at cardslot0
ichpcib0 at pci0 dev 31 function 0 "Intel 82801DBM LPC" rev 0x01
pciide0 at pci0 dev 31 function 1 "Intel 82801DBM IDE" rev 0x01: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom 
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
auich0 at pci0 dev 31 function 5 "Intel 82801DB AC97" rev 0x01: irq 11, ICH4 
AC97
ac97: codec id 0x83847650 (SigmaTel STAC9750/51)
ac97: codec features headphone, 20 bit DAC, 20 bit ADC, SigmaTel 3D
audio0 at auich0
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a,