Re: CARP + MS NLB Multicast Traffic
Hello, I have quite the same problem on an OpenBSD (4.1) router connected to a pair of firewalls using MAC multicast address (but unicast IP addresses) for redundancy. As soon as I used a second OpenBSD router and CARP for openbsd redundancy, Ethernet traffic growed and I had perfomance problems. I watched at traffic with tcpdump and I saw a strange ethernet behaviour with openbsd : when OpenBSD receives an Ethernet frame on an device using CARP and Ethernet destination address of this frame is a MAC multicast address (01:xx:xx ...), OpenBSD does not drop it and re-generates new Ethernet frames : this behavious causes an Ethernet storm ! Did you try to tcpdump on the interface that support CARP interface too ? I chekout Ethernet layer source code and I saw that OpenBSD is correctly controlling that the MAC destination address is registred on the host. If not, frame is dropped ! My analyzis (not yet confirmed by openBSD gurus) is : When carp is enabled on an network device, it gets PROMISC and ALLMULTI properties. So, I guess any ingoing traffic on this interface is going from ETHERNET layer to IP layer. As IP forwarding is enabled on my openbsd routers, openbsd IP layer routes this traffic and push back to the ethernet layer and a new frame is sent. The dirty workaround I found is to filter with pf incoming traffic going to networks behind the firewalls on my both openbsd routers (this traffic should be received only by the firewall boxes). I thought about modify openbsd Ethernet layer to drop incoming packets with the firewall mac multicast as destination address but that is a really silly way to do. I would be interested in any clue to apply a proper fix to this problem. Fred On 23/12/2007, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I'm having an issue, maybe someone has seen before or can help me with. Scenario: I have 2 firewall boxes with carp on the outer and inner interfaces of our network and pfsync running between them. On the inner side of the firewalls they drop into 2 cisco 3750G switches that are stacked using stackwise. There is a cluster of web servers sitting behind the firewalls running Micosoft IIS and NLB in Multicast mode with IGMP. When packets come in destined for the web cluster they are broadcast across all ports on the switch due to the MAC being sent out multiple ports. The cisco's don't like this and spit out the packet on all ports and igmp snooping doesnt work due to the ms implementation. Cisco wont help us because they say that Microsoft isnt following the RFC correctly and Microsoft says there is a patch for this in the works but its been like this for years so I'm not holding my breath. I'm not too concerned with this. We know how to deal with it by mapping the multicast mac address to the static ports the webservers are on. Situation: The problem came into play when we needed to replace some of our cisco switches and had to delete the static mac addresses on the ciscos in order not to blackhole webservers during the transition. After we deleted the mac addresses on the cisco's all ports were once again flooded with inbound web traffic during the maintenance. This we expected. The Problem: However what we didn't expect was our carp devices to go haywire. They were flapping back and forth and we had intermittent connectivity issues until we unplugged one of the boxes and our connection was stable again. It didnt matter witch one we unplugged. As soon as we unplugged the opposite device the connection was stable again. At the time there may have been about 25mb of traffic to our webservers. The only thing that makes sense to me is some sort of race condition with the broadcast messages. Does this make sense to anyone? Currently we have an advbase of 1. Now I havent attempted to bump that up. Should I? I just wanted to get some opinions on this before I make any changes. Has anyone seen this behavior before? and know how to solve it correctly? Thanks.
Re: pf + wii
On 23/12/2007, scott [EMAIL PROTECTED] wrote: 1. use # tcpdump -eni pflog0 2. if that's not revealing then post its output AND the whole pf.conf file. 3. in the mean time, consider rdr PASS on $IF_RR proto udp from $REMOTE_IP to ($IF_RR) - $HOST_WII where PASS is in lower case inside the pf.conf (UCASE here for emphasis only) /S -Original Message- From: slug bait [EMAIL PROTECTED] To: misc@openbsd.org Subject: pf + wii Date: Sun, 23 Dec 2007 23:10:38 -0500 # tcpdump -ni sis1 udp i could be wrong but here is my 2 cents: ive seen something like this related to upnp, i would venture to guess your 2 friends have routers which support upnp and so far as i know openbsd does not support upnp. I would suggest either consulting the guitar hero manual or a tcpdump for the required ports for this game and try a static pat translation to your public ip. upnp allows the wii to request certain ports from the nat device be opened for it, in this case it sounds like you wii needs certain ports open to allow the server to connect to it, normally upnp would take care of it dynamically, but you dont have upnp, so you have to static assign the pat. Lawrence
openbsd router hardware
Hi, I'm looking for hardware to install an openbsd based dsl-router. I already searched the list archives and looked at WRAP and Soekris, but it seems that they do not match my requirements: - fanless - as small as possible - at least 2, better 3 ethernet ports - a wlan-card (as access point in hostap mode) - mainboard and other hardware should work with openbsd of course, would be nice to see output from hw.sensors* - storage should have at least 10GB, I think this leads to a real ide/sata-disk (maybe 2.5) - vga-output (because I have no other machine with a serial port to do the installation) - lcd-display (something that is supported by lcdproc, which seems to work fine on openbsd) Not a requirement, but nice-to-have: usb-2.0 port(s). Does anyone know a company or vendor which builds such an (openbsd-)ready system fulfilling the above requirements? Or did I need to start buying all pieces (maybe mini-itx based?) and assembly them on my own? Any hints? Regards, Joerg
Re: openbsd router hardware
- fanless - as small as possible - at least 2, better 3 ethernet ports - a wlan-card (as access point in hostap mode) - mainboard and other hardware should work with openbsd of course, would be nice to see output from hw.sensors* - storage should have at least 10GB, I think this leads to a real ide/sata-disk (maybe 2.5) - vga-output (because I have no other machine with a serial port to do the installation) - lcd-display (something that is supported by lcdproc, which seems to work fine on openbsd) Not a requirement, but nice-to-have: usb-2.0 port(s). Does anyone know a company or vendor which builds such an (openbsd-)ready system fulfilling the above requirements? Or did I need to start buying all pieces (maybe mini-itx based?) and assembly them on my own? Any hints? Regards, Joerg mini-itx looks to be your best option, though I'd say go on ebay get yourself a usbrs232 adapter get a soekris board. Sevan / Venture37 _ Fancy some celeb spotting? https://www.celebmashup.com
Re: openbsd router hardware
If small form factor, *LOWEST* power factor (i.e. fanless) and accelerated crypto are of any importance, consider http://www.logicsupply.com/ Specifically, the VIA C7 (or older C3) motherboard based boxes. (amd are worthy too, but at higher power factors and sans crypto acceleration.) Go http://www.via.com.tw/en/products/mainboards/ and download the pdf catalogue for available mb's and their features -- slots, lan ports, etc. -Original Message- From: Joerg Zinke [EMAIL PROTECTED] To: misc@openbsd.org Subject: openbsd router hardware Date: Mon, 24 Dec 2007 13:29:49 +0100 Mailer: Claws Mail 2.10.0 (GTK+ 2.10.13; i386-unknown-openbsd4.2) Delivered-To: [EMAIL PROTECTED] Hi, I'm looking for hardware to install an openbsd based dsl-router. I already searched the list archives and looked at WRAP and Soekris, but it seems that they do not match my requirements: - fanless - as small as possible - at least 2, better 3 ethernet ports - a wlan-card (as access point in hostap mode) - mainboard and other hardware should work with openbsd of course, would be nice to see output from hw.sensors* - storage should have at least 10GB, I think this leads to a real ide/sata-disk (maybe 2.5) - vga-output (because I have no other machine with a serial port to do the installation) - lcd-display (something that is supported by lcdproc, which seems to work fine on openbsd) Not a requirement, but nice-to-have: usb-2.0 port(s). Does anyone know a company or vendor which builds such an (openbsd-)ready system fulfilling the above requirements? Or did I need to start buying all pieces (maybe mini-itx based?) and assembly them on my own? Any hints? Regards, Joerg
Re: openbsd router hardware
Joerg Zinke wrote: I'm looking for hardware to install an openbsd based dsl-router. I already searched the list archives and looked at WRAP and Soekris, ... I chose Soekris and have been playing with two net4801 (old model) units on and off lately. But looking at the specs for the (newer) net5501, it seems you could simply add what's missing: http://www.soekris.com/net5501.htm - fanless - as small as possible The 4801 is not too bad, with 5 ethernet ports and 1 external USB port, it is bit larger than the size of a VHS cassette. - at least 2, better 3 ethernet ports - a wlan-card (as access point in hostap mode) The base system has 3 ethernet ports. I chose one with an additional 2. There are two slots where you could add a WLAN device: # Mini-PCI type III socket. # PCI Slot, right angle 3.3V signaling only, dual PCI slot option - mainboard and other hardware should work with openbsd of course, would be nice to see output from hw.sensors* - storage should have at least 10GB, I think this leads to a real ide/sata-disk (maybe 2.5) You can plug in whatever will fit in the case: # UltraDMA-100 interface with 44 pins connector for 2.5 Hard Drive # Serial ATA 1.0 interface for Hard Drive, with +5V and +12V power header - vga-output (because I have no other machine with a serial port to do the installation) - lcd-display (something that is supported by lcdproc, which seems to work fine on openbsd) I have heard that there are serial-USB cables so that you do not need a serial port on your other machine. So if the vga and lcd requirements are the result of the serial port question, then maybe the new cable can solve the problem. Not a requirement, but nice-to-have: usb-2.0 port(s). Does anyone know a company or vendor which builds such an (openbsd-)ready system fulfilling the above requirements? A lot of openbsd-capable single board computers get mentioned at Linux Devices: http://linuxdevices.com/ Though it's often difficult to find the actual product spec sheet and you'll have to search a bit. Or did I need to start buying all pieces (maybe mini-itx based?) and assembly them on my own? ... It's also rather difficult to find non-x86-based boards. I was also reading about these ARM-based units, but haven't ordered samples: http://www.embeddedarm.com/epc/prod_SBC.htm -Lars
Re: openbsd router hardware
scott wrote: If small form factor, *LOWEST* power factor (i.e. fanless) and accelerated crypto are of any importance, consider http://www.logicsupply.com/ Those are interesting, but the prices approach those of a macmini. -Lars
Re: pf + wii
Check to make sure you are not scrubbing, scrub can cause some awful problems with multiplayer games. Thanks, Josh On Dec 24, 2007 3:34 AM, Lord Sporkton [EMAIL PROTECTED] wrote: On 23/12/2007, scott [EMAIL PROTECTED] wrote: 1. use # tcpdump -eni pflog0 2. if that's not revealing then post its output AND the whole pf.conf file. 3. in the mean time, consider rdr PASS on $IF_RR proto udp from $REMOTE_IP to ($IF_RR) - $HOST_WII where PASS is in lower case inside the pf.conf (UCASE here for emphasis only) /S -Original Message- From: slug bait [EMAIL PROTECTED] To: misc@openbsd.org Subject: pf + wii Date: Sun, 23 Dec 2007 23:10:38 -0500 # tcpdump -ni sis1 udp i could be wrong but here is my 2 cents: ive seen something like this related to upnp, i would venture to guess your 2 friends have routers which support upnp and so far as i know openbsd does not support upnp. I would suggest either consulting the guitar hero manual or a tcpdump for the required ports for this game and try a static pat translation to your public ip. upnp allows the wii to request certain ports from the nat device be opened for it, in this case it sounds like you wii needs certain ports open to allow the server to connect to it, normally upnp would take care of it dynamically, but you dont have upnp, so you have to static assign the pat. Lawrence
Re: openbsd router hardware
On Dec 24, 2007 8:45 AM, Lars Noodin [EMAIL PROTECTED] wrote: scott wrote: If small form factor, *LOWEST* power factor (i.e. fanless) and accelerated crypto are of any importance, consider http://www.logicsupply.com/ Those are interesting, but the prices approach those of a macmini. Don't know why via c7 boards are so expensive. But the recent walmart PC is quite cheap, only $60: http://www.engadget.com/2007/11/08/via-offers-a-cheapo-gpc-dev-kit-motherboar d/ -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Re: openbsd router hardware
I know You can source the mb's/cpu elsewhere. When I did my C7, I used the mb in a small but-otherwise-regular atx chassis and power supply. If the C7-based solutions appeal, then go google around for best way to buy. /S -Original Message- From: Lars NoodC)n [EMAIL PROTECTED] To: scott [EMAIL PROTECTED] Cc: Joerg Zinke [EMAIL PROTECTED], misc@openbsd.org Subject: Re: openbsd router hardware Date: Mon, 24 Dec 2007 15:45:09 +0200 Mailer: Thunderbird 2.0.0.9 (Macintosh/20071031) Delivered-To: [EMAIL PROTECTED] scott wrote: If small form factor, *LOWEST* power factor (i.e. fanless) and accelerated crypto are of any importance, consider http://www.logicsupply.com/ Those are interesting, but the prices approach those of a macmini. -Lars
Re: openbsd router hardware
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/24/07 5:55 AM, bofh wrote: On Dec 24, 2007 8:45 AM, Lars Noodin [EMAIL PROTECTED] wrote: scott wrote: If small form factor, *LOWEST* power factor (i.e. fanless) and accelerated crypto are of any importance, consider http://www.logicsupply.com/ Those are interesting, but the prices approach those of a macmini. Don't know why via c7 boards are so expensive. But the recent walmart PC is quite cheap, only $60: http://www.engadget.com/2007/11/08/via-offers-a-cheapo-gpc-dev-kit-motherboar d/ Is anyone aware of a beast that has (a) at least three, preferably 4 x 1000Base-T and (b) a smallish (Nexcom/Soekris) form factor? I've been looking, and it seems like most mobos/embedded systems in this area have 1-3 100Base-T interfaces, probably for cost-of-goods reasons. thanks dn iD8DBQFHb9ByyPxGVjntI4IRAjL8AJ9OgvJ8oqVNB5muAICpJsf1EKRgigCeKoSK nrh4uDnjZSzTgMVr03+EIPM= =M/ht -END PGP SIGNATURE-
Re: openbsd router hardware
On 2007/12/24 07:29, David Newman wrote: Is anyone aware of a beast that has (a) at least three, preferably 4 x 1000Base-T and (b) a smallish (Nexcom/Soekris) form factor? I've been looking, and it seems like most mobos/embedded systems in this area have 1-3 100Base-T interfaces, probably for cost-of-goods reasons. Wim has some liantec boxes like that, liantec.kd85.com Routerboard make a cheap quad gigabit PCI card that should work in a 5501. Or look through linitx.com, ipc2u.com and other places where you should find other options.
Re: Using the C programming language
And now if the userspace people in linux would also adopt it the world would be a better place. Can anyone say glibc? On Mon, Dec 24, 2007 at 04:40:27AM +0100, Rico Secada wrote: On Sun, 23 Dec 2007 09:11:55 -0600 Marco Peereboom [EMAIL PROTECTED] wrote: Here is a constant: your code is a bad as the developer. I agree :-), and here is another constant: #define strlcpy Theo de Raadt From lwn.net in 2003: Years of buffer overflow problems have made it clear that the classic C string functions - strcpy() and friends - are unsafe. Functions like strncpy(), which take a length argument, have been presented as the safe alternatives. But strncpy() has always been poorly suited to the task; it wastes time by zero-filling the destination string, and, if the string to be copied must be truncated, the result is no longer NULL-terminated. A non-terminated string can lead to overflows and bugs in its own right. So Linus finally got fed up and put together a new copy_string() function which does what most strncpy() users really wanted in the first place. As is often the case with this sort of security-related improvement, OpenBSD got there first. In fact, back in 1996, the OpenBSD team came up with a new string API which avoids the problems of both strcpy() and strncpy(). The resulting functions, with names like strlcpy(), have been spreading beyond OpenBSD. The basic function is simple: size_t strlcpy(char *dest, const char *src, size_t size); The source string is copied to the destination and properly terminated; the return value is the length of the source. If that length is greater than the destination string, the caller knows that the string has been truncated. Linus agreed that following OpenBSD's lead was the right way forward, and strlcpy() is in his BitKeeper repository, waiting for 2.5.71. There has also been a flurry of activity to convert kernel code over to the new function. By the time 2.6.0 comes out, strncpy() may no longer have a place in the Linux kernel.
Using Mail(1)
After some years of experience with Mutt I want to try Mail (/usr/bin/mail):-) I'm very curious about how many people are using Mail nowadays (on this list). And what about Heirloom mailx? In my eyes, Mail has a few notable things. When I want to send mail, I type mail [EMAIL PROTECTED] Enter the subject and than I get a kind of very minimalistic text editor with tilde-escape-functions. This is a bit strange to me as 'UNIX's philosophy' is to make small applications that do just one thing, and do it well. When I'm composing a mailmessage in Mutt, I use a editor for it. Why is Mail designed to not use a editor (vi/emacs) by default? There must be a reason. When I reply a message with mail, I can put the original message in my mail to quote it. Mail is 'quoting' the original message with a Tab before all the lines. (Just how RMS seems to quote in a well known threat on this list) I almost never see this kind of quoting. Most people quote by putting '' before each line. Since the netiquette says you should break each line after 70/72 characters, this tab before each line looks prety strange to me. Especially because Mail was probably used on low-resolution monitors in the past wich could 'blur' these messages. (However, I think I can configure Mail to put a before each line) Mail's default editor also doesn't break lines automaticly after 72 characters. So for replying I should type ~m [enter] (to put the original message in the reply) and ~| fmt [enter] (to make my own lines break after 72 characters) or ~v [enter] (to compose my mail in vi) Doing this for every mail I reply is very unpractical. I want to use Mail on my ISP's shell account. (FreeBSD:-) ) But they use maildir. They do have a kind of maildir to mbox converter. It is a perl script: http://www.xs4all.nl/~pjhv/maildir2mbox . I think it is necessary to use maildir2mbox, if I want to use Mail. But I can't figure out how maildir2mbox works. Anyone experience with it? Someting else: When I use Vi, I almost always set wraplength to 72. When I typed a few lines and want to correct something in a previous line, the lines do not always wrap at 72 characters anymore. For example: I remove the word almost. Now the line is just 64 characters long so the paragraph from the word lines could just shove up. Does VI has a function for this or can do it automaticly? Or are the VI fans using FMT(1) for this? (I prefer VI over VIM) Pfff, I can't type English anymore right now. It is taking to much brainpower:-) So, please clear some things up for me:-) Pieter Verberne
Re: Using the C programming language
On Dec 24, 2007 4:40 AM, Rico Secada [EMAIL PROTECTED] wrote: Linus agreed that following OpenBSD's lead was the right way forward, and strlcpy() is in his BitKeeper repository, waiting for 2.5.71. There has also been a flurry of activity to convert kernel code over to the new function. By the time 2.6.0 comes out, strncpy() may no longer have a place in the Linux kernel. We are nearly in 2008, 2.6.24 is on its way to the release, and strncpy bugs still appear in the Linux kernel. I just stumbled upon this, it's a commit from yesterday in Linus' tree: From: Eric Sandeen [EMAIL PROTECTED] Date: Sat, 22 Dec 2007 22:03:24 + (-0800) Subject: ecryptfs: fix string overflow on long cipher names X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=b88629060b03adc58639f818fe0968bf5fe81b5d ecryptfs: fix string overflow on long cipher names Passing a cipher name 32 chars on mount results in an overflow when the cipher name is printed, because the last character in the struct ecryptfs_key_tfm's cipher_name string was never zeroed. Signed-off-by: Eric Sandeen [EMAIL PROTECTED] Acked-by: Michael Halcrow [EMAIL PROTECTED] Signed-off-by: Andrew Morton [EMAIL PROTECTED] Signed-off-by: Linus Torvalds [EMAIL PROTECTED] --- diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index bbed2fd..67e8b16 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -1847,6 +1847,7 @@ ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name, mutex_init(tmp_tfm-key_tfm_mutex); strncpy(tmp_tfm-cipher_name, cipher_name, ECRYPTFS_MAX_CIPHER_NAME_SIZE); + tmp_tfm-cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE] = '\0'; tmp_tfm-key_size = key_size; rc = ecryptfs_process_key_cipher(tmp_tfm-key_tfm, tmp_tfm-cipher_name, -- Pierre Riteau
https access error www.fistofiron.com
Hello, I am hosting www.fistofiron.com on a home network behind dsl link. i am able to pull up the site on netscape sometimes, and sometimes it gives error (timeout). it is a very small page. i am not sure, if there is some configuration error. $ lynx -dump https://www.fistofiron.com Looking up www.fistofiron.com Making HTTPS connection to www.fistofiron.com Retrying connection without TLS. Looking up www.fistofiron.com Making HTTPS connection to www.fistofiron.com Alert!: Unable to make secure connection to remote host. lynx: Can't access startfile https://www.fistofiron.com/ plz. advice. thank you. -BG ~~Kalyan-mastu~~
Re: pf + wii
On Dec 24, 2007, at 12:34 AM, Lord Sporkton wrote: i could be wrong but here is my 2 cents: ive seen something like this related to upnp, i would venture to guess your 2 friends have routers which support upnp and so far as i know openbsd does not support upnp. I would suggest either consulting the guitar hero manual or a tcpdump for the required ports for this game and try a static pat translation to your public ip. upnp allows the wii to request certain ports from the nat device be opened for it, in this case it sounds like you wii needs certain ports open to allow the server to connect to it, normally upnp would take care of it dynamically, but you dont have upnp, so you have to static assign the pat. UPnPd for OpenBSD.. http://www.tateoka.org/~tate/doc/openbsd-upnp.html http://miniupnp.free.fr/ Personally, I've yet to need anything like this.
Re: Marry Christmas!
Christmas and a pagan holiday might both be celebrated on the same day; but this does not make Christmas a pagan holiday, Marco Peereboom wrote: Christmas is a pagan holiday so it really does not matter if one is religious or not. On Sun, Dec 23, 2007 at 07:11:46PM +0100, Maxim Bourmistrov wrote: subject to you all, religious or not! P.S. and Happy New Year! //Santa
Re: pf + wii
johan beisser wrote: On Dec 24, 2007, at 12:34 AM, Lord Sporkton wrote: i could be wrong but here is my 2 cents: ive seen something like this related to upnp, i would venture to guess your 2 friends have routers which support upnp and so far as i know openbsd does not support upnp. I would suggest either consulting the guitar hero manual or a tcpdump for the required ports for this game and try a static pat translation to your public ip. upnp allows the wii to request certain ports from the nat device be opened for it, in this case it sounds like you wii needs certain ports open to allow the server to connect to it, normally upnp would take care of it dynamically, but you dont have upnp, so you have to static assign the pat. UPnPd for OpenBSD.. http://www.tateoka.org/~tate/doc/openbsd-upnp.html http://miniupnp.free.fr/ Personally, I've yet to need anything like this. I haven't tried it with a Wii yet, but I've used miniupnp for a year or so now and it's worked great whenever I've needed upnp support on a pf firewall. Make sure you follow the documentation and add the required anchors to the appropriate places in your pf.conf or else you won't make too much progress!
Re: Marry Christmas!
It sure as hell does not make it a christian holiday. You might want to do some reading. Anyhow, this does not belong on a mailing list. On Mon, Dec 24, 2007 at 01:27:50PM -0500, Frank Bax wrote: Christmas and a pagan holiday might both be celebrated on the same day; but this does not make Christmas a pagan holiday, Marco Peereboom wrote: Christmas is a pagan holiday so it really does not matter if one is religious or not. On Sun, Dec 23, 2007 at 07:11:46PM +0100, Maxim Bourmistrov wrote: subject to you all, religious or not! P.S. and Happy New Year! //Santa
Re: Marry Christmas!
On 23 Dec 2007 15:54:56 -0800, Unix Fan [EMAIL PROTECTED] wrote: Typically one spells it Merry, not Marry. You never know. Perhaps he was really wanting to be married to Christmas or have someone here marry Christmas. Even though it isn't clear on who is intended to be marrying Christmas, it may just be important by itself that Christmas be married. :-)
Re: Marry Christmas!
follow the shoe. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of James Hartley Sent: Monday, December 24, 2007 2:05 PM To: Unix Fan Cc: misc@openbsd.org Subject: Re: Marry Christmas! On 23 Dec 2007 15:54:56 -0800, Unix Fan [EMAIL PROTECTED] wrote: Typically one spells it Merry, not Marry. You never know. Perhaps he was really wanting to be married to Christmas or have someone here marry Christmas. Even though it isn't clear on who is intended to be marrying Christmas, it may just be important by itself that Christmas be married. :-)
Re: Marry Christmas!
On Mon, Dec 24, 2007 at 12:25:16PM -0600, Marco Peereboom wrote: It sure as hell does not make it a christian holiday. You might want to do some reading. Christmas is just the day after my birthday. Today is the really important day. :) Anyhow, this does not belong on a mailing list. True enough. gg
Re: Using Mail(1)
Pieter Verberne [EMAIL PROTECTED] wrote:
For example: I remove the word almost. Now the line is just 64
characters long so the paragraph from the word lines could just shove
up. Does VI has a function for this or can do it automaticly? Or are the
VI fans using FMT(1) for this?
I have
map q !}fmt
in my ~/.nexrc. ('q' because it is reminiscent of M-q fill-paragraph
in Emacs-style editors, and because it is unused.)
--
Christian naddy Weisgerber [EMAIL PROTECTED]
Re: Using Mail(1)
On Mon, Dec 24, 2007 at 08:36:09PM +, Christian Weisgerber wrote:
Pieter Verberne [EMAIL PROTECTED] wrote:
For example: I remove the word almost. Now the line is just 64
characters long so the paragraph from the word lines could just shove
up. Does VI has a function for this or can do it automaticly? Or are the
VI fans using FMT(1) for this?
I have
map q !}fmt
in my ~/.nexrc. ('q' because it is reminiscent of M-q fill-paragraph
in Emacs-style editors, and because it is unused.)
vim actually has an internal fmt command.
I found about it fairly recently. All vi users use the filter command
all the time, and it usually takes us a while to adjust to vim improvements ;)
sendmail: smarthost help
Hi, this is probably a stupid error, but I'm stuck. :-( I'm trying to set up my sendmail to use a smarthost. If I now do - sudo sendmail -bv [EMAIL PROTECTED] [EMAIL PROTECTED] deliverable: mailer relay, host gwyn.kn-bremen.de, user [EMAIL PROTECTED] - But sendmail still uses the mx for oneiros.de for mails to [EMAIL PROTECTED]: - Dec 24 22:16:34 gryphon sendmail[30514]: lBOLGYxf030514: from=ms, size=37, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], [EMAIL PROTECTED] Dec 24 22:16:34 gryphon sM-mta[11881]: lBOLGYJL011881: from=[EMAIL PROTECTED], size=344, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=ESMTP, daemon=MTA, [EMAIL PROTECTED] [127.0.0.1] Dec 24 22:16:34 gryphon sendmail[30514]: lBOLGYxf030514: [EMAIL PROTECTED], ctladdr=ms (1000/1000), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30037, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (lBOLGYJL011881 Message accepted for delivery) Dec 24 22:16:42 gryphon sM-mta[1635]: lBOLGYJL011881: to=[EMAIL PROTECTED], ctladdr=[EMAIL PROTECTED] (1000/1000), delay=00:00:08, xdelay=00:00:08, mailer=relay, pri=30344, relay=mail.variomedia.de. [81.28.224.26], dsn=4.0.0, stat=Deferred: 451-Mails from 84.137.59.178 refused: Dynamic IP Addresses See: - What's wrong here? Best Martin
Re: https access error www.fistofiron.com
On Mon, Dec 24, 2007 at 09:19:13AM -0800, badeguruji wrote: Hello, Hi. I am hosting www.fistofiron.com on a home network behind dsl link. i am able to pull up the site on netscape sometimes, and sometimes it gives error (timeout). it is a very small page. i am not sure, if there is some configuration error. Well do you use ADSL? If one of your links (up- or download) are saturated you will see this error. $ lynx -dump https://www.fistofiron.com Looking up www.fistofiron.com Making HTTPS connection to www.fistofiron.com Retrying connection without TLS. Looking up www.fistofiron.com Making HTTPS connection to www.fistofiron.com Alert!: Unable to make secure connection to remote host. lynx: Can't access startfile https://www.fistofiron.com/ Well ... you think this is somehow OpenBSD related why not posting more info? Did you try it from an internal host? From an external host? Do you have _ANY_ pf related rules installed? If yes post these rules. The usual questions: - can you ping the host (without packet loss?) - is your lynx SSL-aware? - what does openssl s_client -host www.fistofiron.com -port 443 say? This is somehow OpenBSD related, isnt it ? HTH, Andreas. P.S.: Oh and merry christmas ;) -- Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition.
Re: Using the C programming language
Rico Secada wrote: Again lets ask Boing. I'm fully aware that spelling flames are terribly tasteless, but the image of planes loaded with Ada code going boing, boing, boing down the runway just won't leave my mind. It's Boeing. --Jon Radel [EMAIL PROTECTED] P.S. Sorry. [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
OT: Where to buy an appliance style case?
Has anyone seen a manufacturer that sells an appliance style chassis? I'd like to slim down my current 4U/OBSD box to a 1U form factor using a VIA C7 board. Ideally I'd like to have a chassis that has the Ethernet ports on the front, along with a serial port. Something like an old Symantec Firewall, Netscreen or Watchguard chassis. Alternatively has anyone hacked one of these type of devices and installed their own board and drive?
Re: Using the C programming language
On Dec 24, 2007 4:35 AM, scott [EMAIL PROTECTED] wrote: off misc@ http://www.urbandictionary.com/define.php?term=ROTFLMAO See #3. Silly boy. OK, so I didn't roll on the floor laughing my ass off, but I certainly did burst out in fits of giggles. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Re: Marry Christmas!
Frank Bax wrote: Christmas and a pagan holiday might both be celebrated on the same day; but this does not make Christmas a pagan holiday, jesus' birthday and santa claus have been sacrificed on the altar of judeo-christian consumerism in the interest of paying homage to the western gods of fiat currencies and bank-controlled boom-bust economics. does a sacrifice on an altar to such foul gods not qualify christmas as a pagan holiday? ;) Marco Peereboom wrote: Christmas is a pagan holiday so it really does not matter if one is religious or not. On Sun, Dec 23, 2007 at 07:11:46PM +0100, Maxim Bourmistrov wrote: subject to you all, religious or not! P.S. and Happy New Year! //Santa
Re: Using the C programming language
On Mon, 24 Dec 2007 17:01:54 -0500 Jon Radel [EMAIL PROTECTED] wrote: Rico Secada wrote: Again lets ask Boing. I'm fully aware that spelling flames are terribly tasteless, but the image of planes loaded with Ada code going boing, boing, boing down the runway just won't leave my mind. Quite funny actually - lol :-) It's Boeing. Thanks! :-) --Jon Radel [EMAIL PROTECTED] P.S. Sorry. [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
Re: pf + wii
my point was that its a possibility, as upnp support is not standard, whether or not that is the issue at hand can be decided from game documentation and testing with static pat however thank you for the mention of the upnp daemons, i will have to check those out. On 24/12/2007, Nick Gustas [EMAIL PROTECTED] wrote: johan beisser wrote: On Dec 24, 2007, at 12:34 AM, Lord Sporkton wrote: i could be wrong but here is my 2 cents: ive seen something like this related to upnp, i would venture to guess your 2 friends have routers which support upnp and so far as i know openbsd does not support upnp. I would suggest either consulting the guitar hero manual or a tcpdump for the required ports for this game and try a static pat translation to your public ip. upnp allows the wii to request certain ports from the nat device be opened for it, in this case it sounds like you wii needs certain ports open to allow the server to connect to it, normally upnp would take care of it dynamically, but you dont have upnp, so you have to static assign the pat. UPnPd for OpenBSD.. http://www.tateoka.org/~tate/doc/openbsd-upnp.html http://miniupnp.free.fr/ Personally, I've yet to need anything like this. I haven't tried it with a Wii yet, but I've used miniupnp for a year or so now and it's worked great whenever I've needed upnp support on a pf firewall. Make sure you follow the documentation and add the required anchors to the appropriate places in your pf.conf or else you won't make too much progress! -- -Lawrence -Student ID 1028219
OT: 5 years of OpenBSD ... Thank you ;)
O.K. This is totally off-topic. But I wish to say Thank you. ;) In the end of 2002 I used Linux and ipchains (now iptables) and I was really pissed off by making a syntax error and I shot myself right in the foot. So someone tells me about about this pf thingy. (*) After installing OpenBSD 3.2 on my front router I was VERY pleased ;) So I installed OpenBSD on every host in my DMZ (and since 2005 on every Desktop system). To make this post as short as possible ... I NEVER regret this decission. O.K. PenguinOS has been installed on some hosts but as years passing by I was frustrated that it includes new drivers but the drivers was never tested (even on i386 !!1!elf!!). E.g. the -binary only- bcm43xx firmware using 2.6.19 (or so) locked up the system after a few frames. Well it compiled o.k but does anyone tested it on a real system ?!? So I really stick with OpenBSD. It doesn't cover the ultra-up-to-date hardware but the at least it was tested on a real systems! And if it doesn't work I file a bug report. And I don't have any problems using a daily CVS snapshot and recompile it. Usually it works more stable than the so called stable kernel. O.K. I stop the rant ... ;) So ... I love OpenBSD. And THANK YOU FOR 5 YEARS OF PROTECTING MY NETWORK ;) Keep on running! A. (*) To be exactly I installed my first OpenBSD system on 26-Dec-2002 P.S.: Since 3.4 I bought every CD set. Even the one I doesn't need anymore (like my 4.1 set bought on 27-Oct ;) ) -- Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition.
Re: pf + wii
Glad to hear! However, the rdr pass is a bit of a by-pass. The
rule set is better written ...
# --- ok
rdr pass on $IF_RR proto udp from any to ($IF_RR) - $HOST_WII
# ---
#--- better
rdr on $IF_RR inet proto udp \
from any to ($IF_RR) tag OKGAMING - $HOST_WII
#
pass in log quick on sis1 inet proto udp \
tagged OKGAMING keep state
#
pass out log quick on sis2 proto udp \
tagged OKGAMING keep state
#---
#---best
table mybuddies const { 1.2.3.4, 5.6.7.8 }
#
rdr on $IF_RR inet proto udp \
from mybuddies to ($IF_RR) tag OKGAMING - $HOST_WII
#
pass in log quick on $IF_RR inet proto udp \
tagged OKGAMING keep state
#
pass out log quick on sis2 proto udp \
tagged OKGAMING keep state
#---
Include one of the foregoing with all due respect to the other rules in
your pf.conf.
Cheers,
/Scott
-Original Message-
From: slug bait [EMAIL PROTECTED]
To: scott [EMAIL PROTECTED]
Subject: Re: pf + wii
Date: Mon, 24 Dec 2007 12:16:28 -0500
Delivered-To: [EMAIL PROTECTED]
rdr pass on $IF_RR proto udp from any to ($IF_RR) - $HOST_WII
bingo! I just got my ass kicked in my first online match. Thanks! :D
Re: Using Mail(1)
On 22:15:03 Dec 24, Marc Espie wrote: vim actually has an internal fmt command. I found about it fairly recently. All vi users use the filter command all the time, and it usually takes us a while to adjust to vim improvements ;) I have this on my vimrc. sy on se nu se textwidth=72 nnoremap C-k :,$dCR se spell spelllang=en_us nnoremap C-F5 :highlight clear spellbadCR nnoremap C-F3 ihttp://sirsasana.org/ports/ESCa Setting se textwidth=72 is the best way. No need to invoke 'fmt'. Check out my other useful stuff too. I have an on the fly spell checker and a short hand for sending ports. ;) vim helps me avoid errors in e-mail messages ( though I keep making typos despite that ;). Also check out the mapping for 'Ctrl-K' which is extremely critical for e-mail. Whenever you reply to a mail on the list, you keep running into the need for deleting everything from current line downwards. As to the preference between vim and vi, I would say that I have kind of got spoilt by the luxury of vim. I definitely agree that vim sometimes is a bit slow and that it has bloat that can be avoided, but what the heck? Vim's syntax highlighting never ever let me down. ;) It cannot understand all sorts of #ifdef, so sometimes the bracket matching fails but throw any config file or whatever you think of at it and vim does a marvelous job. Yes, I am typing this mail in vim. I have written an article on vim too. http://linuxjournal.com/8289 I know this discussion is about vi and not vim, but Marc spoilt me. ;) -Girish
Re: Disable UltraNavi Keybord's TouchPad
On Fri, Dec 21, 2007 at 05:02:05PM +0800, CF Wang wrote: Hi, all I run OpenBSD on ThinkPad X31 with an LCD monitor and UltraNavi Keyboard. My main working environment is on X windows. My problem is that when I typing with keyboard, my fingers sometimes touch the touchpad so I would like to know is there some way to disable the touchpad. usually there is an entry in the bios that allows you to disable the touchpad, this is what I do on my T42.
Re: Using the C programming language
On Mon, 24 Dec 2007, Jon Radel wrote: Rico Secada wrote: Again lets ask Boing. I'm fully aware that spelling flames are terribly tasteless, but the image of planes loaded with Ada code going boing, boing, boing down the runway just won't leave my mind. It's Boeing. Ada was just coming onto the scene when I quit that sort of work many years ago, but we were considering it for some projects. Ada seemed to me like an excuse to include management in the development process and double the programming staff for the same project. Never could do anything for simplification or good coding. In addition, VERY few outside the defense industry have ever played with it (much less been productive and written good code), so that 'market' of experienced programmers is WAY too small to be useful for an international development environment. Happy Holidays to all! Lee
