Re: Kernel interrupt timer?
Chris Kuethe wrote: On 5/29/07, Leon <[EMAIL PROTECTED]> wrote: Hi, I'm new to OpenBSD and I'm trying to setup a traffic shaping router using pf and altq. The question I want to ask is: Can the kernel interrupt timer be increased from 100 hz? and if so how do I do that? I though there would have been a sysctl tunable variable like kern.hz that could do this. I read somewhere that altq operates best when the clock interrupts are at 1000hz Where did you read that altq works better with a 1kHz clock - I have zero deployments of altq where I've found myself saying "gosh, I wish I had finer timers". 100Hz works plenty good enough. I've seen otherwise capable machines be crippled by people who thought that 1kHz or faster was a good idea... Also, this hackathon we've been making pf (and the network stack in general) go faster by having fewer interrupts. So, yes, the clock rate can be increased. It is left as an exercise to the reader to do so. It is further left as an exercise to prove that this is desirable. CK I worked on a commercial product based on altq on which a 1KHz clock was very useful. This used slow (400MHz) Pentium-class CPUs, and the increase in system overhead over a 100Hz clock was approximately 2%. Without the fast clock, accurately and consistently managing bandwidth down to 1% slices was difficult. I'm sure the systems you saw which were crippled by a fast clock had some hidden configuration problems which if fixed could have reduced the overhead significantly. I agree that reducing the number of interrupts is almost always a good thing. If that reduction increases latency significantly it almost always makes system throughput worse and increases demand for buffers, etc. Reducing the number of external (PCI, etc.) bus references in drivers can make an astonishing speedup, sometimes 10% of total interrupt processing time per reference.
Boot mystery
I am helping a friend by setting up dual boot HDDs to swap back and
forth between DOS (for a legacy data entry app) and OpenBSD (to push
the data to a backup box to burn CDs for short term archival use.)
It "just works" for every machine bar one. dmesg below.
The problem is that the drive boots to either OS and swaps on comand in
my LabRat but in its intended home it boots to DOS just fine and fails
totally when trying to boot to OpenBSD. Message on screen is "No
operating system"
The swapping is done by rewriting track 0 to suit. Every swap stores a
copy of the existing track 0 where the other OS uses it to rewrite for
switching back. There is no boot menu or grubby manager thingy. Just a
command of gobsd or godos as required from each of the running systems.
It has me stumped. Intel mobos have a nasty habit of rebooting instead
of powering down at halt -p commands but we do not have another that
won't boot this drive. We don't have an identical model to try either.
Dmesg (from 4.1 floppy):
OpenBSD 4.1 (RAMDISK) #260: Sat Mar 10 19:38:22 MST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK
cpu0: Intel(R) Celeron(R) D CPU 3.20GHz ("GenuineIntel" 686-class) 3.21
GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID
,CX16,xTPR
real mem = 257982464 (251936K)
avail mem = 231079936 (225664K)
using 3187 buffers containing 13053952 bytes (12748K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 04/14/06, SMBIOS rev. 2.3 @
0xe4d90 (29 entries)
bios0: Intel Corporation D945GTP
apm0 at bios0: Power Management spec V1.2
apm0: flags 30102 dobusy 0 doidle 1
pcibios at bios0 function 0x1a not configured
bios0: ROM list: 0xc/0xae00! 0xcb000/0x1800
acpi at mainbus0 not configured
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82945GP" rev 0x02
vga1 at pci0 dev 2 function 0 "Intel 82945G Video" rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
"Intel 82801GB HD Audio" rev 0x01 at pci0 dev 27 function 0 not
configured
ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x01
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x01
pci3 at ppb2 bus 3
"Intel 82801GB USB" rev 0x01 at pci0 dev 29 function 0 not configured
"Intel 82801GB USB" rev 0x01 at pci0 dev 29 function 1 not configured
"Intel 82801GB USB" rev 0x01 at pci0 dev 29 function 2 not configured
"Intel 82801GB USB" rev 0x01 at pci0 dev 29 function 3 not configured
"Intel 82801GB USB" rev 0x01 at pci0 dev 29 function 7 not configured
ppb3 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xe1
pci4 at ppb3 bus 4
fxp0 at pci4 dev 0 function 0 "Intel 8255x" rev 0x0c, i82550: irq 10,
address 00:02:b3:eb:e5:cd
fxp0: Disabling dynamic standby mode in EEPROM, New ID 0x50a0, cksum @
0x3f: 0x8404 -> 0x8406
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
ichpcib0 at pci0 dev 31 function 0 "Intel 82801GB LPC" rev 0x01: PM
disabled
pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x01: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0:
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 ignored (disabled)
pciide1 at pci0 dev 31 function 2 "Intel 82801GB SATA" rev 0x01: DMA,
channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide1: using irq 11 for native-PCI interrupt
"Intel 82801GB SMBus" rev 0x01 at pci0 dev 31 function 3 not configured
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask fbed netmask ffed ttymask ffef
rd0: fixed, 3800 blocks
dkcsum: wd0 matches BIOS drive 0x80
root on rd0a
rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02
Rod/
>From the land "down under": Australia.
Do we look from up over?
Re: Kernel interrupt timer?
On 5/29/07, Leon <[EMAIL PROTECTED]> wrote: Hi, I'm new to OpenBSD and I'm trying to setup a traffic shaping router using pf and altq. The question I want to ask is: Can the kernel interrupt timer be increased from 100 hz? and if so how do I do that? I though there would have been a sysctl tunable variable like kern.hz that could do this. I read somewhere that altq operates best when the clock interrupts are at 1000hz Where did you read that altq works better with a 1kHz clock - I have zero deployments of altq where I've found myself saying "gosh, I wish I had finer timers". 100Hz works plenty good enough. I've seen otherwise capable machines be crippled by people who thought that 1kHz or faster was a good idea... Also, this hackathon we've been making pf (and the network stack in general) go faster by having fewer interrupts. So, yes, the clock rate can be increased. It is left as an exercise to the reader to do so. It is further left as an exercise to prove that this is desirable. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: PFSYNC
On Sat, May 26, 2007 at 07:55:26AM +, Ryan McBride wrote: > On Sat, May 26, 2007 at 09:36:48AM +0200, Alberich de megres wrote: > > I know i repeat myself, but that's important for me: my pf isn't syncing > > tables i create. Can I solve this? > > Write a tool that synchronises your tables. You don't need to write this tool. It already exists in the ports tree. sysutils/tabled. Thank mbalmer@ for that. -- Mathieu Sauve-Frankel
Re: pf.conf settings
On 5/28/07, Woodchuck <[EMAIL PROTECTED]> wrote: I wonder if this setup will allow you to do dhcp. Probably during boot, (before it takes effect, when the rules in /etc/rc are active), but afterwards, not. Typically, dhclient(8) uses the bpf(4) devices and is not troubled by PF's ruleset. If I'm not mistaken, this behaviour is hinted at in the man page. This might be an issue. I dunno how dhcp communicates, don't use it myself. If you're interested, you may want to see RFC 2131 and RFC 2132. In short: DHCP uses UDP datagrams to/from ports 67 and 68. Typically, conversations start with a discovery (broadcast by the client). An active DHCP server may then provide a lease offer. Normally, the client requests the address listed in the offer. If all goes well, the server acknowledges the request. Cheers, Rogier -- If you don't know where you're going, any road will get you there.
Re: Could non-used, but non-upgraded X install freeze a system?
On 5/29/07, Bill <[EMAIL PROTECTED]> wrote: Hey anyone, We've been having this issue with our router freezing up. Completely dead. No panic, no error, just phooey. Anyway, memory and disk tests did not show anything so we are going to replace the hardware. But in prepping for this I noticed that the original installation had X installed. Now I was unaware of this, and in subsequent upgrades did not install newer X packages. That being said, the problems started after I upgraded from 3.8 -> 3.9 -> 4.0 (In one sitting). I don't use X on there and even have the aperture disabled in sysconf. Is there any way this could cause my system to completely freeze? No. Definatly not. What is the best way to try to re-mediate from this? A full clean install? It's currently at 4.1 + patches. (X is still at 3.8 I imagine). Errors I could understand, but I don't see think it would lock a system up... but I am not that good, so I am asking here, before yanking the hardware out. I've no idea. You don't provide enough details. Does the box still answer pings? does the caps -lock led still toggle ? post a dmesg ?
Re: help needed with routed problem
[EMAIL PROTECTED] wrote: Would the the zebra package be a relatively safe alternative? Zebra should work but you'd be better off just following Claudio's advice and use routed. Of course, when your campus network is using RIPv1 in 2007 (seriously, wtf? Did the admin fall asleep 20 years ago?) you have way more pain coming your way then making routed work. --- Lars Hansson
Re: support for Sun Fire
On 5/29/07, Stuart Henderson <[EMAIL PROTECTED]> wrote: an amd64 box boot without it. and hooray: the bios *defaults* to using serial console, so you don't lose access if the CMOS battery dies. other vendors would do well to copy that idea. here, here.
Re: french characters on imap server
Le Mardi 29 Mai 2007 11:34, Joachim Schipper a icrit : > On Mon, May 28, 2007 at 08:37:42PM -0600, Philip Guenther wrote: > > On 5/28/07, Juan Miscaro <[EMAIL PROTECTED]> wrote: > > >I am serving up email via imap (courier-imap) on OpenBSD 4.0. > > > > > >My users (with Outlook) complain of french characters being garbled. > > >How can I fix this? > > > > The same way any problem is fixed: by determining which part isn't > > behaving correctly and fixing it. In this case, the possible guilty > > parties include > > A) the sending party: are the messages being marked with the correct > > charset in > >the Content-Type header field? > > B) the IMAP server: is it returning the message accurately and > > calculating the > >ENVELOPE and BODYSTRUCTURE FETCH items correctly? > > C) Outlook: is it presenting the messages accurately as it was received > > from the > >IMAP server? > > > > However, this is all off-topic to OpenBSD, as the IMAP server behavior > > should not dependend on the OS. I suggest you take your question to > > the comp.mail.imap newgroup after doing your best to answer the > > questions suggested above. > > > > Note that when you post there you should, at a *minimum*, clarify what > > is garbled (subjects, bodies, or both) and to what extent they are > > "garbled": is it just the non-ASCII characters (those with accents and > > cedilla and accents), all letters but not numbers or punctuation, or > > all characters? > > Nah, misc@ does handle more off-topic questions; that's not a reason to > tell someone off to a more specialized group, though it's true that the > people there might be more capable of answering such a question. > > I'd try the following: > > 0. Get one of the complainers to provide you with a full (headers+body) > e-mail and a copy that has been `fixed' (i.e., looks like it should). > 1. Verify that the fixed version is properly formatted > 2. Verify that Outlook can display it properly > 3. Send it as-is to your mail server (nc mail.localdomain smtp < > mail.fixed) > 4. Look in the logs. Did anything interesting happen? If not, just get > the message-id. > 5. Retrieve the file directly from the mail spool. Is this already > mangled? If so, good luck - that shouldn't happen. (And it's most likely > a spam filter, not your MTA proper, that mangled it, as MTAs, at most, > care for headers; try to disable the filter for a test account and run > the test again.) > 6. Retrieve the message via IMAP, using any known-good client. nc works > fine; mutt might work, too. Is this mangled? If yes, fix the IMAP > server, this shouldn't happen either. > 7. Retrieve the message using Outlook. Is it broken? If so, something > truly weird is going on, as the fixed version displated just fine in > step 1... > > Post back with the information required by Philip and me, plus log > files, and if at all possible complete copies of the messages. Thank you Joachim. It may take a while but I will report back. Juan Miscara
Re: Kernel interrupt timer?
On Tue, May 29, 2007 at 07:40:19PM -0500, Leon wrote: > Hi, > I'm new to OpenBSD and I'm trying to setup a traffic shaping router using pf > and altq. The question I want to ask is: Can the kernel interrupt timer be > increased from 100 hz? and if so how do I do that? I though there would have > been a sysctl tunable variable like kern.hz that could do this. I read > somewhere that altq operates best when the clock interrupts are at 1000hz > > -- > This is too troublesome > > I have to agree with your signature... SCNR, Tobias
Could non-used, but non-upgraded X install freeze a system?
Hey anyone, We've been having this issue with our router freezing up. Completely dead. No panic, no error, just phooey. Anyway, memory and disk tests did not show anything so we are going to replace the hardware. But in prepping for this I noticed that the original installation had X installed. Now I was unaware of this, and in subsequent upgrades did not install newer X packages. That being said, the problems started after I upgraded from 3.8 -> 3.9 -> 4.0 (In one sitting). I don't use X on there and even have the aperture disabled in sysconf. Is there any way this could cause my system to completely freeze? What is the best way to try to re-mediate from this? A full clean install? It's currently at 4.1 + patches. (X is still at 3.8 I imagine). Errors I could understand, but I don't see think it would lock a system up... but I am not that good, so I am asking here, before yanking the hardware out.
Kernel interrupt timer?
Hi, I'm new to OpenBSD and I'm trying to setup a traffic shaping router using pf and altq. The question I want to ask is: Can the kernel interrupt timer be increased from 100 hz? and if so how do I do that? I though there would have been a sysctl tunable variable like kern.hz that could do this. I read somewhere that altq operates best when the clock interrupts are at 1000hz -- This is too troublesome
Re: Problem using flashboot (openBSD based), can't get it to boot
On Tue, May 29, 2007 at 11:52:46PM +0200, openbsd misc wrote: > Hello, > > I'm not a guru, but I'm working with openbsd and wrap systems for one > year ... ;-) > > >> The ";" at the end here means that the WRAP BIOS said it could not do > >> LBA reads, so biosboot fell back to CHS reads. > >> > >> > >>> No O/S > >>> > >> > >> And since you installed on a different machine, the geometry was > >> almost certainly different, so the operating system wouldnt be at > >> the same place (cylinder/head/sector), hence it's not found. > >> > >> No idea how you can fix it, though. > >> > >> Tom > >> > > > > Thanks anyway, it's a clue at least. > > Maybe some of the gurus here know it? > > You can set the bios to lba mode (press s during mem-test to access > bios). Btw, openbsd is the only OS having that problem ... LBA mode on > wrap systems means fix geometry (C/H/S x/32/63 - while the cylinder > count defines the size), so you can use fdisk with the geometry > parameters to configure your cf correctly. > > I have another problem with openbsd 4.1 and wrap systems. I create an > image using flashdist and the wrapper script (incl. some modification, > but that should make any difference). For openbsd 4.0 everything works > fine, but doesn't for openbsd 4.1. I think the problem is related to the > geometry problem descriped abouve. To create an image I defined C/H/S to > 118/32/63 (none of the systems I have has less than 128MB) for fdisk and > disklabel. First time I created an image file that worked fine until > vnconfig -u. After attaching the image again (vnconfig -c) I wasn't able > to mount the partitions. The geometry was completly different. So I > added the -i option to fdisk and the -r option disklabel. Afterwards I > was able to mount everything again after detaching /attaching the image > file. > After writing the image to a cf card everything works fine on openbsd > 4.1. > > Now here is the problem: The boot loader is not able to access the cf: > > disk: hd0* > >> OpenBSD/i386 BOOT 2.13 > open(hd0a:/etc/boot.conf): Invalid argument > boot> ls > stat(hd0a:/.): Invalid argument > boot> machine diskinfo > DiskBIOS# TypeCylsHeads SecsFlags Checksum > hd0 0x80label 126 32 63 0x0 0xd8c3c6b3 > > I think that fdisk is the problem. disklabel runs after fdisk, but > disklabel defines the geometry (geometry options are set for fdisk but > it looks like they are ignored?!) - remember the -r option - I don't > know what fdisk exactly does (perhaps telling the boot-loader something > about the geometry during setup?!). > > I hope someone has an answer or can give hints. The behavior shows a > different between openbsd 4.0-release and openbsd 4.1-stable, but I > wasn't able to find anything in changelog that could explain the > bahavior and more important how to fix it. > > I hope my english isn't too bad, please let me know if something isn't > clear ... > > Regards > Hagen Volpers > The fdisk/disklabel geometry confusion was fixed (?) in -current a while ago. If you are brave enough to try a snapshot generated during a hackathon I would suggest trying -current to see if the behaviour has become more rational. Or find that it hasn't and it can be fixed while all the developers are in a room in Calgary. Ken
Re: Problem using flashboot (openBSD based), can't get it to boot
Hello, I'm not a guru, but I'm working with openbsd and wrap systems for one year ... ;-) >> The ";" at the end here means that the WRAP BIOS said it could not do >> LBA reads, so biosboot fell back to CHS reads. >> >> >>> No O/S >>> >> >> And since you installed on a different machine, the geometry was >> almost certainly different, so the operating system wouldnt be at >> the same place (cylinder/head/sector), hence it's not found. >> >> No idea how you can fix it, though. >> >> Tom >> > > Thanks anyway, it's a clue at least. > Maybe some of the gurus here know it? You can set the bios to lba mode (press s during mem-test to access bios). Btw, openbsd is the only OS having that problem ... LBA mode on wrap systems means fix geometry (C/H/S x/32/63 - while the cylinder count defines the size), so you can use fdisk with the geometry parameters to configure your cf correctly. I have another problem with openbsd 4.1 and wrap systems. I create an image using flashdist and the wrapper script (incl. some modification, but that should make any difference). For openbsd 4.0 everything works fine, but doesn't for openbsd 4.1. I think the problem is related to the geometry problem descriped abouve. To create an image I defined C/H/S to 118/32/63 (none of the systems I have has less than 128MB) for fdisk and disklabel. First time I created an image file that worked fine until vnconfig -u. After attaching the image again (vnconfig -c) I wasn't able to mount the partitions. The geometry was completly different. So I added the -i option to fdisk and the -r option disklabel. Afterwards I was able to mount everything again after detaching /attaching the image file. After writing the image to a cf card everything works fine on openbsd 4.1. Now here is the problem: The boot loader is not able to access the cf: disk: hd0* >> OpenBSD/i386 BOOT 2.13 open(hd0a:/etc/boot.conf): Invalid argument boot> ls stat(hd0a:/.): Invalid argument boot> machine diskinfo DiskBIOS# TypeCylsHeads SecsFlags Checksum hd0 0x80label 126 32 63 0x0 0xd8c3c6b3 I think that fdisk is the problem. disklabel runs after fdisk, but disklabel defines the geometry (geometry options are set for fdisk but it looks like they are ignored?!) - remember the -r option - I don't know what fdisk exactly does (perhaps telling the boot-loader something about the geometry during setup?!). I hope someone has an answer or can give hints. The behavior shows a different between openbsd 4.0-release and openbsd 4.1-stable, but I wasn't able to find anything in changelog that could explain the bahavior and more important how to fix it. I hope my english isn't too bad, please let me know if something isn't clear ... Regards Hagen Volpers
Re: pf.conf settings
Thanks Joachim and Woodchuck for your replies. To be RFC compliant I will add icmp. I will also add logging to check the output, can indeed be very helpfull. I am not using ssh and dhcp, so I have blocked those ports About 'block inet6'; I thought that 'block all' did that job? I will also add 'set skip lo0'; good point! Scrub is removed now because of the notes from Joachim. I will add the ftp proxy too. Thanks again, will post the result later for a last check.
Re: Problem using flashboot (openBSD based), can't get it to boot
The ";" at the end here means that the WRAP BIOS said it could not do LBA reads, so biosboot fell back to CHS reads. No O/S And since you installed on a different machine, the geometry was almost certainly different, so the operating system wouldnt be at the same place (cylinder/head/sector), hence it's not found. No idea how you can fix it, though. Tom Thanks anyway, it's a clue at least. Maybe some of the gurus here know it?
Re: Problem using flashboot (openBSD based), can't get it to boot
I can tell you why it's not working, but not how to fix it. >>> Boudewijn Ector 29-May-07 20:41 >>> > > Hi there, > > > I've been trying for some time to get flashboot (openBSD based) to > work, but no success (even after having it posted to their mailing-list). > I'm trying to get it to boot on a PC-engines WRAP board (soekris-like > stuff0 , using a 6gb microdrive (CF interface) which is written by a > i386 openBSD machine. After booting the WRAP board, it says it can't > find an OS. > > > PC Engines WRAP.1C/1D/1E v1.08 > 640 KB Base Memory > 130048 KB Extended Memory > > 01F0 Master 848A HMS360606D5CF00 > Phys C/H/S 11905/16/63 Log C/H/S 747/255/63 LBA > Using drive 0, partition 3; The ";" at the end here means that the WRAP BIOS said it could not do LBA reads, so biosboot fell back to CHS reads. > No O/S And since you installed on a different machine, the geometry was almost certainly different, so the operating system wouldnt be at the same place (cylinder/head/sector), hence it's not found. No idea how you can fix it, though. Tom
serial terminal
Hi, I'm trying to use a VT420 serial terminal on an i386 box running 4.1-stable. Not as a system console, just as an extra screen to login. The output of the boot loader and kernel output should go to the monitor, as usual. The terminal is hooked up to the first serial port with a null modem cable. I changed the tty00 line of /etc/ttys to: tty00 "/usr/libexec/getty std.9600" vt220 on secure and sent -HUP to init. There's a getty process on tty00, but there's no login: prompt on the terminal. Everything I type on the terminal is echoed on the screen, so the cable is OK (local echo is off). The funny thing is, when I start 'tip tty00' on the machine (while logged in at the keyboard+monitor), the login: prompt appears on the terminal. When I quit tip, I can login at the terminal. When I logout from the terminal, the login: prompt doesn't appear (but everything I type is echoed to the terminal screen as before). I can start tip again, and then the login: prompt shows up again. I suspected a problem with the permissions of the tty00 device. After logout, they are set to crw--- 1 root wheel8, 0 May 29 21:44 tty00 When logged in it is set to crw--- 1 maurice tty8, 0 May 29 22:00 tty00 Not sure if this is what it should be, but it doesn't look strange to me. BTW: not sure if it is related, but when I login as normal user, the following warning is shown on the terminal: ksh: No controlling tty (open /dev/tty: Device busy) ksh: warning: won't have full job control When I login as root, I don't get this warning. Any ideas what's going wrong? Thanks, Maurice
Re: PFSYNC
Maybe it's a silly question but don't know where to start with tabled :S I only got it installed. please..any help? On 5/29/07, Alberich de megres <[EMAIL PROTECTED]> wrote: > > Which tool is? tabled? > How can i make it sync tables throught ethernet? I only see in man sockets > files :S > > On 5/26/07, Jason Dixon < [EMAIL PROTECTED]> wrote: > > > > On Sat, May 26, 2007 at 09:36:48AM +0200, Alberich de megres wrote: > > > Hi, > > > > > > I know i repeat myself, but that's important for me: my pf isn't > > syncing > > > tables i create. Can I solve this? > > > > sysutils/tabled in ports. I was just reminded of this by todd and > > mbalmer. > > > > -J.
Problem using flashboot (openBSD based), can't get it to boot
Hi there, I've been trying for some time to get flashboot (openBSD based) to work, but no success (even after having it posted to their mailing-list). I'm trying to get it to boot on a PC-engines WRAP board (soekris-like stuff0 , using a 6gb microdrive (CF interface) which is written by a i386 openBSD machine. After booting the WRAP board, it says it can't find an OS. PC Engines WRAP.1C/1D/1E v1.08 640 KB Base Memory 130048 KB Extended Memory 01F0 Master 848A HMS360606D5CF00 Phys C/H/S 11905/16/63 Log C/H/S 747/255/63 LBA Using drive 0, partition 3; No O/S Maybe someone over here might be able to help me, I've done this: [EMAIL PROTECTED] ~ # fdisk -i sd0 fdisk: sysctl(machdep.bios.diskinfo): Device not configured - -- ATTENTION - UPDATING MASTER BOOT RECORD -- - Do you wish to write new MBR and partition table? [n] y [EMAIL PROTECTED] ~ # fdisk sd0 fdisk: sysctl(machdep.bios.diskinfo): Device not configured Disk: sd0 geometry: 5859/64/32 [12000556 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: idC H S -C H S [ start: size ] 0: 000 0 0 -0 0 0 [ 0: 0 ] unused 1: 000 0 0 -0 0 0 [ 0: 0 ] unused 2: 000 0 0 -0 0 0 [ 0: 0 ] unused *3: A60 1 1 - 5858 63 32 [ 32:11999200 ] OpenBSD [EMAIL PROTECTED] ~ # disklabel sd0 # Inside MBR partition 3: type A6 start 32 size 11999200 # /dev/rsd0c: type: SCSI disk: SCSI disk label: Card Reader CF flags: bytes/sector: 512 sectors/track: 32 tracks/cylinder: 64 sectors/cylinder: 2048 cylinders: 5859 total sectors: 12000556 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: # sizeoffset fstype [fsize bsize cpg] a: 1199920032 unused 0 0 # Cyl 0*- 5858 c: 12000556 0 unused 0 0 # Cyl 0 - 5859* [EMAIL PROTECTED] ~ # disklabel -E sd0 # Inside MBR partition 3: type A6 start 32 size 11999200 disklabel: Can't get bios geometry: Device not configured Treating sectors 32-11999232 as the OpenBSD portion of the disk. You can use the 'b' command to change this. Initial label editor (enter '?' for help at any prompt) p device: /dev/rsd0c type: SCSI disk: SCSI disk label: Card Reader CF bytes/sector: 512 sectors/track: 32 tracks/cylinder: 64 sectors/cylinder: 2048 cylinders: 5859 total sectors: 12000556 free sectors: 11999200 rpm: 3600 16 partitions: # sizeoffset fstype [fsize bsize cpg] a: 1199920032 unused 0 0 # Cyl 0*- 5858 c: 12000556 0 unused 0 0 # Cyl 0 - 5859* d partition to delete: [] a p device: /dev/rsd0c type: SCSI disk: SCSI disk label: Card Reader CF bytes/sector: 512 sectors/track: 32 tracks/cylinder: 64 sectors/cylinder: 2048 cylinders: 5859 total sectors: 12000556 free sectors: 11999200 rpm: 3600 16 partitions: # sizeoffset fstype [fsize bsize cpg] c: 12000556 0 unused 0 0 # Cyl 0 - 5859* a partition: [a] offset: [32] size: [11999200] FS type: [4.2BSD] p device: /dev/rsd0c type: SCSI disk: SCSI disk label: Card Reader CF bytes/sector: 512 sectors/track: 32 tracks/cylinder: 64 sectors/cylinder: 2048 cylinders: 5859 total sectors: 12000556 free sectors: 0 rpm: 3600 16 partitions: # sizeoffset fstype [fsize bsize cpg] a: 1199920032 4.2BSD 2048 16384 16 # Cyl 0*- 5858 c: 12000556 0 unused 0 0 # Cyl 0 - 5859* w q No label changes. [EMAIL PROTECTED] ~ # newfs sd0a Warning: 32 sector(s) in last cylinder unallocated /dev/rsd0a: 11999200 sectors in 11718 cylinders of 32 tracks, 32 sectors 5859.0MB in 37 cyl groups (323 c/g, 161.50MB/g, 20608 i/g) super-block backups (for fsck -b #) at: 32, 330816, 661600, 992384, 1323168, 1653952, 1984736, 2315520, 2646304, 2977088, 3307872, 3638656, 3969440, 4300224, 4631008, 4961792, 5292576, 5623360, 5954144, 6284928, 6615712, 6946496, 7277280, 7608064, 7938848, 8269632, 8600416, 8931200, 9261984, 9592768, 9923552, 10254336, 10584096, 10914880, 11245664, 11576448, 11907232, [EMAIL PROTECTED] ~ # mount /dev/sd0a /mnt/ [EMAIL PROTECTED] ~ # cp /usr/mdec/boot /mnt/boot [EMAIL PROTECTED] ~ # mkdir /mnt/conf [EMAIL PROTECTED] ~ # /usr/mdec/installboot -v /mnt/boot /usr/mdec/biosboot sd0 boot: /mnt/boot proto: /usr/mdec/biosboot device: /dev/rsd0c /usr/mdec/biosboot: entry point 0 proto bootblock size 512 /mnt/boot is 3 blocks x 16384 bytes fs block shift 2; part o
Re: help needed with routed problem
>The main point here is that I most likely need RIPv1. It used to work >with OpenBSD 4.0. I still need to publish using RIPv1, otherwise I >(actually, the firewall) will not be understood. > >Would the the zebra package be a relatively safe alternative? Use whatever hardware router is common and supported at your (crazy) institution. If that is a 2500-series, decade-old Cisco, so be it. Use that and then toss the on-going maintenance issue back over the fence to the people who insist on running Mc-RIP-disculous-v1. Then put your OpenBSD box on the local area port on the edge router and run the firewall in bridging mode in between the router and your distribution switch so you don't have to play hack with your routing table. Why can't they just point a static route to your firewall? Or does their hybrid-retro Proteon/Kalpana/Ungermann-Bass backbone running over unsheilded twisted-barbwire not support that? (sorry, but Claudio's email made me laugh and I had to continue the mocking...) --J
Re: help needed with routed problem
The main point here is that I most likely need RIPv1. It used to work with OpenBSD 4.0. I still need to publish using RIPv1, otherwise I (actually, the firewall) will not be understood. Would the the zebra package be a relatively safe alternative? Regards, H This message was sent from 30Gigs.com. If you believe that this message is unsolicited [SPAM] in nature, please send the complete SMTP headers to [EMAIL PROTECTED] and we will take immediate action to rectify the problem.
Re: help needed with routed problem
On Tue, May 29, 2007 at 10:36:36AM -0700, [EMAIL PROTECTED] wrote: > Hi, > > Thanks for your message. > > Quoting Nick Davey <[EMAIL PROTECTED]>: > > >I'm scared. You need to use ripv1 as opposed to ripv2 and support > >network masks? > > Unfortunatelly, I think I have no options here. This a university > network, and this is the only way any department has to join the > backbone. Every router speaks RIPv1 (some of them, probably most of > them, only speak or listen to that) in order to publish their routes. > You need to be kidding. RIPv1 to connect you to a campus network. What are they running, IMPs? Oh wait, I forgot it's porbably the academics that like to see split horizon and count to infinity issues in real life. Maybe they even enabled source routing on all routers. Yuck!.. -- :wq Claudio
Re: help needed with routed problem
Hi, Thanks for your message. Quoting Nick Davey <[EMAIL PROTECTED]>: I'm scared. You need to use ripv1 as opposed to ripv2 and support network masks? Unfortunatelly, I think I have no options here. This a university network, and this is the only way any department has to join the backbone. Every router speaks RIPv1 (some of them, probably most of them, only speak or listen to that) in order to publish their routes. Regards, H This message was sent from 30Gigs.com. If you believe that this message is unsolicited [SPAM] in nature, please send the complete SMTP headers to [EMAIL PROTECTED] and we will take immediate action to rectify the problem.
Re: slurpr: do we have the technology?
Joachim Schipper wrote: The OpenBSD version comes with more, and more advanced, 'education' tools, too. Seriously though, just buy your own bandwidth. education is for pedigreed animals that run in circles at stadiums. i eat dogs for breakfast! i was sooo planning on hosting this new website from the cardboard box i live in. you got something against people who live in cardboard boxes or something?! :D
Re: help needed with routed problem
I'm scared. You need to use ripv1 as opposed to ripv2 and support network masks? On 5/29/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Hi, Thanks for your reply. Quoting Stuart Henderson <[EMAIL PROTECTED]>: > routed is an old RIP daemon. you almost certainly don't want it. Do you know of any other way to publish/learn RIPv1 advertisements ? I wish ripd would deal with this, but it seems that it doesn't. Regards, H This message was sent from 30Gigs.com. If you believe that this message is unsolicited [SPAM] in nature, please send the complete SMTP headers to [EMAIL PROTECTED] and we will take immediate action to rectify the problem.
Re: Linux Compat Query
HI, On 29/05/07, Hannah Schroeter <[EMAIL PROTECTED]> wrote: What about porting it yourself? It's not so difficult to create a port, you know, at least if the original code isn't in the "all the world is Linux" style. Maybe, but I'm a little tied down on the TeXLive port right now :P -- Best Regards Edd --- http://students.dec.bournemouth.ac.uk/ebarrett
Re: slurpr: do we have the technology?
On Tue, May 29, 2007 at 10:43:52AM -0500, Jacob Yocom-Piatt wrote: > can we build it using only openbsd? > > http://www.engadget.com/2007/05/29/the-slurpr-wifi-aggregator-promises-free-broadband-and-jail/ > > > likely uses some sort of route-to loadbalancing. more info appreciated. I see no real reason why that wouldn't work. Loadbalancing multiple lines is possible, if somewhat iffy, and the rest is just standard stuff. You might have trouble finding a box that size with that amount of NICs in it, though, and some custom scripting might be necessary to make it run at optimal speed automatically. The OpenBSD version comes with more, and more advanced, 'education' tools, too. Seriously though, just buy your own bandwidth. Joachim -- TFMotD: types (5) - system data types
Re: Upgrade question
On Mon, May 28, 2007 at 10:13:48PM -0500, Denny White wrote: > > I've been running a snapshot from several months back & got my > new 4.1 cds finally. Uname shows OpenBSD 4.1 Generic#0. I want > to keep my existing /home & /data partitions, delete all the > rest, recreate them & finish the install. After I reboot, I was > hoping I could copy over the old users from the old /etc/group > into the new one, copy the old passwd over & run pwd_mkdb. Just > want to know if I've reasoned it out correctly or not, if it is > right if there's anything else I need to run to synchronize > things, & so on. I've tried looking up that kind of scenario with > google, in the mail archives & so forth & just don't seem to come > up with what I need. The point of what I'm trying to accomplish > is not to have to copy so much from the 2 aforementioned partitions > to another drive & then copy it all back after recreating users. > Thanks for any help. Be careful: each release adds, and occasionally removes, new system users. It's far safer to either update or reinstall, and you'll want to look at www.openbsd.org/current.html for anything resembling an update. Joachim -- TFMotD: strip (1) - Discard symbols from object files.
Re: french characters on imap server
On Mon, May 28, 2007 at 08:37:42PM -0600, Philip Guenther wrote: > On 5/28/07, Juan Miscaro <[EMAIL PROTECTED]> wrote: > >I am serving up email via imap (courier-imap) on OpenBSD 4.0. > > > >My users (with Outlook) complain of french characters being garbled. > >How can I fix this? > > The same way any problem is fixed: by determining which part isn't > behaving correctly and fixing it. In this case, the possible guilty > parties include > A) the sending party: are the messages being marked with the correct > charset in >the Content-Type header field? > B) the IMAP server: is it returning the message accurately and calculating > the >ENVELOPE and BODYSTRUCTURE FETCH items correctly? > C) Outlook: is it presenting the messages accurately as it was received > from the >IMAP server? > > However, this is all off-topic to OpenBSD, as the IMAP server behavior > should not dependend on the OS. I suggest you take your question to > the comp.mail.imap newgroup after doing your best to answer the > questions suggested above. > > Note that when you post there you should, at a *minimum*, clarify what > is garbled (subjects, bodies, or both) and to what extent they are > "garbled": is it just the non-ASCII characters (those with accents and > cedilla and accents), all letters but not numbers or punctuation, or > all characters? Nah, misc@ does handle more off-topic questions; that's not a reason to tell someone off to a more specialized group, though it's true that the people there might be more capable of answering such a question. I'd try the following: 0. Get one of the complainers to provide you with a full (headers+body) e-mail and a copy that has been `fixed' (i.e., looks like it should). 1. Verify that the fixed version is properly formatted 2. Verify that Outlook can display it properly 3. Send it as-is to your mail server (nc mail.localdomain smtp < mail.fixed) 4. Look in the logs. Did anything interesting happen? If not, just get the message-id. 5. Retrieve the file directly from the mail spool. Is this already mangled? If so, good luck - that shouldn't happen. (And it's most likely a spam filter, not your MTA proper, that mangled it, as MTAs, at most, care for headers; try to disable the filter for a test account and run the test again.) 6. Retrieve the message via IMAP, using any known-good client. nc works fine; mutt might work, too. Is this mangled? If yes, fix the IMAP server, this shouldn't happen either. 7. Retrieve the message using Outlook. Is it broken? If so, something truly weird is going on, as the fixed version displated just fine in step 1... Post back with the information required by Philip and me, plus log files, and if at all possible complete copies of the messages. Joachim -- TFMotD: tftp-proxy (8) - Internet Trivial File Transfer Protocol proxy
Re: support for Sun Fire
my problem was only setting the mtu > 9000 btw. as I said not a biggie ;-) On 29/05/07, mark reardon <[EMAIL PROTECTED]> wrote: > > I just got a x2100 M2 from Sun yesterday on a 60 day trial and am having > trouble setting the MTU on one of the bge NICs. Just some initial findings. > Not a big problem for me really. > > > On 29/05/07, mufurcz <[EMAIL PROTECTED]> wrote: > > > > Greetings, > > > > Are the Sun Fire X2100 (1 x AMD Opteron, Model 175, dual core 2.26 MHz > > CPU) > > servers fully supported? I am interested in booth - good and bad > > experiences > > with this boxes. If you don't want to generate noise on this group, > > please > > e-mail to me personally. > > > > Thanks, > > > > mufurcz
Re: Linux Compat Query
Hello! On Tue, May 29, 2007 at 03:49:07PM +0100, Edd Barrett wrote: >On 29/05/07, Hannah Schroeter <[EMAIL PROTECTED]> wrote: >>$ cd /usr/ports/ >>$ make search key=xerc >>Port: xerces-2.4.0p3 >>Path: textproc/xerces >>Info: xml parser for Java >>Maint: Kevin Lo <[EMAIL PROTECTED]> >>Index: textproc >>L-deps: >>B-deps: gtar-*:archivers/gtar >>R-deps: jdk-1.3.1* >>Archs: jre-1.3.1* >Thats a java implementation yes. >We are using a xerces-c with g++. What about porting it yourself? It's not so difficult to create a port, you know, at least if the original code isn't in the "all the world is Linux" style. Kind regards, Hannah.
slurpr: do we have the technology?
can we build it using only openbsd? http://www.engadget.com/2007/05/29/the-slurpr-wifi-aggregator-promises-free-broadband-and-jail/ likely uses some sort of route-to loadbalancing. more info appreciated. cheers, jake
Re: Linux Compat Query
On 5/29/07, Edd Barrett <[EMAIL PROTECTED]> wrote: We are using a xerces-c with g++ OpenBSD has a port/package of Sablotron, a XML parser in C. Or you may have better luck with the FreeBSD or NetBSD port/package of xerces-c. =Adriaan=
Re: pf.conf settings
On Mon, May 28, 2007 at 11:27:46PM +0200, Lontronics Mailinglist account wrote:
> Okay, this should be it, any commends are appreciated.
> The >1023 is used for ftp;
That is not the proper solution; use ftp-proxy, as documented in the
FAQ.
> ###
>
> # $OpenBSD: PF firewall rules $
>
> tcp_pass = "{ 21 22 25 53 80 110 123 >1023}"
> udp_pass = "{ 53 110 }"
I'd recommend symbolic names for legibility:
tcp_pass = { ftp ssh smtp domain http pop3 }
udp_pass = { domain ntp }
I'm pretty certain you mean the above, by the way; NTP over TCP is about
as useful as POP3 over UDP...
> # scrub
> scrub in all
'scrub' is useful when using an OpenBSD machine as a firewall, as it
makes it far harder for attackers to get weird packets to machines with
badly-written TCP/IP stacks. However, the OpenBSD network stuff is
usually very good, and enabling scrub enables an attacker to attack far
more code (notably, the PF code as well). Plus it consumes some cycles.
Just skip it.
> # setup a default deny policy
> block in all
> block out all
'block all'
> antispoof for { bce0, wpi0 } inet
>
> pass out on { bce0, wpi0 } proto tcp to any port $tcp_pass
> pass out on { bce0, wpi0 } proto udp to any port $udp_pass
As noted, you should add icmp.
Also, if you are sure that you will never use IPv6, 'block inet6'.
You didn't post it, but you will want to add 'set skip lo0' at least.
Strange things happen when pf blocks everything on the loopback
interface...
Joachim
--
TFMotD: fingerd (8) - remote user information server
Re: Linux Compat Query
HI, On 29/05/07, Hannah Schroeter <[EMAIL PROTECTED]> wrote: $ cd /usr/ports/ $ make search key=xerc Port: xerces-2.4.0p3 Path: textproc/xerces Info: xml parser for Java Maint: Kevin Lo <[EMAIL PROTECTED]> Index: textproc L-deps: B-deps: gtar-*:archivers/gtar R-deps: jdk-1.3.1* Archs: jre-1.3.1* Thats a java implementation yes. We are using a xerces-c with g++. -- Best Regards Edd --- http://students.dec.bournemouth.ac.uk/ebarrett
Re: help needed with routed problem
On Tue, May 29, 2007 at 05:16:31AM -0700, [EMAIL PROTECTED] wrote: > Hi, > > Thanks for your reply. > > Quoting Stuart Henderson <[EMAIL PROTECTED]>: > > >routed is an old RIP daemon. you almost certainly don't want it. > > Do you know of any other way to publish/learn RIPv1 advertisements ? > I wish ripd would deal with this, but it seems that it doesn't. > Who is sending you RIPv1 packets? RIPv1 does not even support CIDR addressing so you should better switch to RIPv2. Btw. when you use routed you need to either remove the 224/4 blackhole route or better add a host route to 224.0.0.9 like route add 224.0.0.9 127.0.0.1 ripd does this for you but routed most probably not. -- :wq Claudio
Re: PF+VLAN+CARP+PFSYNC
On Tue, 29 May 2007 13:07:12 +0100, [EMAIL PROTECTED] wrote: > Good Morning, > > I'm currently in the process of configuring a new firewall for my company > and would like to know the following: > > 1. Is it possible to configure OpenBSD firewall interface as follows: > > carp10 - int/ext virtual eth dev (ip of CVI - shared between fw's) > | > vlan10 - int/ext virtual eth dev (ip of NDI - not shared) > | > pcn0 - int/ext eth device (no ip) > > Basically, I'd like to use vlan's on top of physical interfaces, with carp > devices on top of vlan logical interfaces. I'm not sure why you're using index 10 for your carp and vlan interfaces. Regardless, you can layer them as described (carp -> vlan -> physical (no IP)). WTF are CVI and NDI? ZOMG. > 2. I'm guessing that when the firewall is configured as above, I'll refer > to vlan interface with carp specific IP address (rather than physical > int)? You'll refer to the vlan interface anytime you wish to refer to the underlying interface "device" (e.g., "block in on vlan10 from any to (carp10:network)"). Whenever you wish to the network layer, you refer to the carp interface (i.e., for macro expansion). > 3. Do I need to add virtual IP addresses to the firewall to answer for > each public IP address, or can I simply configure the router to > route all traffic for subnet through IP address of external carp device of > firewall? Please read the PF FAQ. Thanks, -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: PF+VLAN+CARP+PFSYNC
[EMAIL PROTECTED] wrote: Good Morning, I'm currently in the process of configuring a new firewall for my company and would like to know the following: 1. Is it possible to configure OpenBSD firewall interface as follows: carp10 - int/ext virtual eth dev (ip of CVI - shared between fw's) | vlan10 - int/ext virtual eth dev (ip of NDI - not shared) | pcn0 - int/ext eth device (no ip) Basically, I'd like to use vlan's on top of physical interfaces, with carp devices on top of vlan logical interfaces. i have something similar setup here at work, albeit with actual IPs assigned to the physical (in your case pcn0) interface on each machine. from what i've read on here it shouldn't be an issue to have IP-less physical interfaces, especially if only vlan-tagged traffic is coming through them. the only "gotcha" i encountered with a configuration like this is that if you have you're running named (DNS) on the machines, are using carp arpbalance and have the /etc/resolv.conf of each machine set to resolve to the carp IP address, things don't work right. this is likely b/c each machine thinks it's the master. 2. I'm guessing that when the firewall is configured as above, I'll refer to vlan interface with carp specific IP address (rather than physical int)? unless the inbound traffic to the public IPs is tagged, you don't want to use a vlan interface. might want to take a look at the carpdev keyword in the ifconfig manpage. 3. Do I need to add virtual IP addresses to the firewall to answer for each public IP address, or can I simply configure the router to route all traffic for subnet through IP address of external carp device of firewall? see pf.conf manpage and binat. cheers, jake Regards, Garron
Re: Linux Compat Query
Hello! On Tue, May 29, 2007 at 12:10:46AM +0100, Edd Barrett wrote: >On 29/05/07, Ted Unangst <[EMAIL PROTECTED]> wrote: >>On 5/28/07, Edd Barrett <[EMAIL PROTECTED]> wrote: >>> The program was built like so: >>> g++ -static -m32 -Wall bsdtest.cpp >>wouldn't it be a lot easier to copy bsdtest.cpp to the openbsd machine >>and compile it there? >Yes, this time. >It was just a proof of concept test at this stage, but the binary we >are really interested in will need xerces which is not ported to >OpenBSD. Hence this whole thread. $ cd /usr/ports/ $ make search key=xerc Port: xerces-2.4.0p3 Path: textproc/xerces Info: xml parser for Java Maint: Kevin Lo <[EMAIL PROTECTED]> Index: textproc L-deps: B-deps: gtar-*:archivers/gtar R-deps: jdk-1.3.1* Archs: jre-1.3.1* $ Kind regards, Hannah.
Journal des cadeaux d'entreprise : Editorial Juin
Bonjour, Suite ` la parution du Journal des Cadeaux d'Entreprise de juin 2007, didii exclusivement aux nouveautis du cadeau d'entreprise, dicouvrez en avant-premihre et en vidio les collections textiles biologiques et cadeaux de saison pour votre communication d'entreprise. Dans l'attente de vore visite, veuillez agrier l'expression de nos sinchres salutations. Michelle Walter Ridaction du Journal des Cadeaux d'Entreprise www.journal-cadeaux-entreprise.com Offre riservie exclusivement aux entreprises. Conformiment ` la Loi Informatique et Libertis parue au Journal Officiel du 6 janvier 1978, vous disposez d'un droit d'acchs, de rectification, et d'opposition aux donnies personnelles vous concernant. Pour ne plus recevoir d'informations de notre part, Cliq uez ici
Re: support for Sun Fire
I just got a x2100 M2 from Sun yesterday on a 60 day trial and am having trouble setting the MTU on one of the bge NICs. Just some initial findings. Not a big problem for me really. On 29/05/07, mufurcz <[EMAIL PROTECTED]> wrote: > > Greetings, > > Are the Sun Fire X2100 (1 x AMD Opteron, Model 175, dual core 2.26 MHz > CPU) > servers fully supported? I am interested in booth - good and bad > experiences > with this boxes. If you don't want to generate noise on this group, > please > e-mail to me personally. > > Thanks, > > mufurcz
Re: help needed with routed problem
On 2007/05/29 05:16, [EMAIL PROTECTED] wrote: >> routed is an old RIP daemon. you almost certainly don't want it. > > Do you know of any other way to publish/learn RIPv1 advertisements ? > I wish ripd would deal with this, but it seems that it doesn't. good job I said 'almost', then (-: I am under the impression some people see the name 'routed' and think they need it in order to route packets, but if you know you need it, that's different. >>> I told PF to log all blocked packets and I did not see anything related >>> to routed. for a test, can you try disabling PF? if it helps, maybe try something like 'pass quick proto udp to port 520 no state' fairly early.
Re: No text cursor on OpenBSD/i386 4.1
On 5/28/07, Chris S <[EMAIL PROTECTED]> wrote: However, I should perhaps mention that I'm chainloading it via GRUB, and I do have a cursor in GRUB. Is it perhaps GRUB's problem? I'm sure I'm not the only one chainloading OpenBSD with GRUB on i386... I chainload OpenBSD with GRUB also and don't have any problems with cursor...
Re: support for Sun Fire
On 2007/05/29 22:10, mufurcz wrote: > Are the Sun Fire X2100 (1 x AMD Opteron, Model 175, dual core 2.26 MHz CPU) > servers fully supported? I am interested in booth - good and bad > experiences > with this boxes. If you don't want to generate noise on this group, please > e-mail to me personally. works ok, one nic is nfe(4) which works but isn't the world's greatest. if you want decent remote management get an x4xxx (non-M2), you lose use of the better nic on the x2100 if you plug in the ipmi card, and the remote management on these isn't really good enough to be worth that. the (optional) rack mounting kit is well thought through (and so it should be at that price!) if you have a recent bios that lets you set the low-temp fan duty cycle to 0% to quieten things down while you do the initial install, make sure the 'power off if cpu fan fails' option is turned off or you'll have an aggravating 'enter the bios at just the right time' session. if anyone has a working PXE bios-flash setup for these and wouldn't mind sharing how, please drop me a line, when I try the system hangs after memdisk loads the bios-flash image. latest bios on sun's ftp site fixes erratum 89, first time I've seen an amd64 box boot without it. and hooray: the bios *defaults* to using serial console, so you don't lose access if the CMOS battery dies. other vendors would do well to copy that idea.
Updating a port
I recently updated the png port to png-1.2.14p1. Now when I run the out-of-date script I get this: print/teTeX/base,-main # png-1.2.14p0 -> png-1.2.14p1 I've rebuild and installed the teTeX port using the updated png port but I still get the same out-of-date script output of: print/teTeX/base,-main # png-1.2.14p0 -> png-1.2.14p1 Any help on how to rebuild "base, -main" would be appreciated. = Lake Tahoe Luxury Vacation Homes One stop shop - Let us offer you the experience of unforgettable luxury in our homes - hot tubs, steam rooms, saunas, billiard tables, theater rooms, and indoor swimming pools. http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=7b1c1eca32b0410bbf0a294fb 461b762 -- ___ Search for products and services at: http://search.mail.com
Re: help needed with routed problem
Hi, Thanks for your reply. Quoting Stuart Henderson <[EMAIL PROTECTED]>: routed is an old RIP daemon. you almost certainly don't want it. Do you know of any other way to publish/learn RIPv1 advertisements ? I wish ripd would deal with this, but it seems that it doesn't. Regards, H This message was sent from 30Gigs.com. If you believe that this message is unsolicited [SPAM] in nature, please send the complete SMTP headers to [EMAIL PROTECTED] and we will take immediate action to rectify the problem.
support for Sun Fire
Greetings, Are the Sun Fire X2100 (1 x AMD Opteron, Model 175, dual core 2.26 MHz CPU) servers fully supported? I am interested in booth - good and bad experiences with this boxes. If you don't want to generate noise on this group, please e-mail to me personally. Thanks, mufurcz
PF+VLAN+CARP+PFSYNC
Good Morning, I'm currently in the process of configuring a new firewall for my company and would like to know the following: 1. Is it possible to configure OpenBSD firewall interface as follows: carp10 - int/ext virtual eth dev (ip of CVI - shared between fw's) | vlan10 - int/ext virtual eth dev (ip of NDI - not shared) | pcn0 - int/ext eth device (no ip) Basically, I'd like to use vlan's on top of physical interfaces, with carp devices on top of vlan logical interfaces. 2. I'm guessing that when the firewall is configured as above, I'll refer to vlan interface with carp specific IP address (rather than physical int)? 3. Do I need to add virtual IP addresses to the firewall to answer for each public IP address, or can I simply configure the router to route all traffic for subnet through IP address of external carp device of firewall? Regards, Garron -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: No text cursor on OpenBSD/i386 4.1
On 5/29/07, Nick Holland <[EMAIL PROTECTED]> wrote: If there is no cursor at the "boot>" prompt, it isn't an OpenBSD problem. You were right. But let me start at the beginning. I wanted to give OpenBSD a whirl as a desktop OS, so I gave it a partition of its own on my main desktop box, which is primarily running Kubuntu 7.04, and using GRUB 0.97 that ships with it. When I created a boot floppy, that just has the GRUB prompt and no menu, and chainloaded OpenBSD from there, I *had* a cursor. When I removed /boot/grub/menu.lst on Kubuntu (so GRUB wouldn't show a menu), and tried it again, once again I *had* a cursor. My 'workaround' in this case was simply adding OpenBSD as a menu entry in GRUB. I usually hold off adding an entry until the OS in question is working, and not having a cursor qualified it as "not working" in this case. I can't say whether this is GRUB's fault in general, or Ubuntu's version of GRUB (which I hear is modified to some extent). Thank you all for your time. Greetings, Chris
Re: What is this: DIOCADDRULE: Device or resource busy? (problem is with multipath)
carlopmart wrote:
Hi all,
I have installed new openbsd 4.1 server with pf rules and latest
patches. When I try to load my pf.conf rules, returns me this error:
DIOCADDRULE: Device or resource busy. What does it means???
Many thanks.
Hi all,
I think that problem is related when I use multipath routing. I use two dsl
lines. On my external hostname.if i put entries to use multipath like this:
!route add -mpath default "gw.1" and !route add -mpath default "gw.2". Using
this config like on openbsd faq explains, pfctl doesn't load pf rules. But if I
assign routing id tables all works ... Somebody knows why ???
--
CL Martinez
carlopmart {at} gmail {d0t} com
IBM ServeRAID 4Lx
Dear All, I'm going to install OpenBSD 4.1 on IBM xSeries 206. It has raid controller IBM ServerRAID 4Lx. I see that ips driver is supported http://www.openbsd.org/cgi-bin/man.cgi?query=ips&apropos=0&sektion=4&manpath=OpenBSD+4.1&arch=i386&format=html Anyways, does anybody had problems with it? What about bioctl? Thanks in advance, Dominik
Re: Specifying > 1 encryption algorithm in ipsec.conf(5) versus isakmpd.conf(5)
On Mon, May 28, 2007 at 07:02:39PM +0930, Damon McMahon wrote:
> Greetings,
>
> How would I specify that blowfish, AES and 3DES should be accepted -
> in that order - in ipsec.conf(5) to configure isakmpd(8)?
this is not supported by ipsec.conf(5).
>
> In the deprecated isakmpd.conf(5) for Main Mode I did this:
>
> Transforms = BLF-SHA,AES-SHA,3DES-SHA
>
> and for Quick Mode I did this:
>
> Suites = QM-ESP-BLF-SHA-PFS-SUITE,QM-ESP-AES-SHA-PFS-SUITE,QM-
> ESP-3DES-SHA-PFS-SUITE
>
> However, in ipsec.conf(5) the following results in a Syntax Error
> message for lines 2 and 3:
>
> ike from $ipsec_from to $ipsec_to \
> main enc { blowfish, aes, 3des } \
> quick enc { blowfish, aes, 3des }
>
> Any advice will be appreciated.
>
> Kind regards,
> Damon
Re: PFSYNC
Which tool is? tabled? How can i make it sync tables throught ethernet? I only see in man sockets files :S On 5/26/07, Jason Dixon <[EMAIL PROTECTED]> wrote: > > On Sat, May 26, 2007 at 09:36:48AM +0200, Alberich de megres wrote: > > Hi, > > > > I know i repeat myself, but that's important for me: my pf isn't syncing > > tables i create. Can I solve this? > > sysutils/tabled in ports. I was just reminded of this by todd and > mbalmer. > > -J.
