Re: OpenCVS?
the man pages of opencvs are cvs.1, cvs.5 ans cvsintro.7 (know I remember) in the source directory of opencvs, that is : /usr/src/usr.bin/cvs/ a little mdoc -mandoc cvs.1 and there you go ! On Jan 26, 2008 8:43 AM, xavier brinon <[EMAIL PROTECTED]> wrote: > the man pages of opencvs are cvs.1, cvs.5 (as far as I remember) in > the source directory of opencvs > > > On Jan 25, 2008 4:38 PM, Julian Leyh <[EMAIL PROTECTED]> wrote: > > On 11:57 Sun 20 Jan , Darrin Chandler wrote: > > > On Sun, Jan 20, 2008 at 06:31:48PM +, Stuart Henderson wrote: > > > > On 2008/01/20 10:15, Unix Fan wrote: > > > > > Stuart Henderson wrote: > > > > > > See for yourself: > > > > > > http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/cvs/ > > > > > > > > > > I'm slighly confused by something if the "cvs" command in > > > > > OpenBSD 4.2 is "OpenCVS", > > > > > > > > it isn't - not everything in source is linked to the build yet. > > > > > > However, those interested in using/testing OpenCVS should take a peek at > > > their /usr/src/usr.bin/cvs/README file as a start. > > > > The binary gets installed as "opencvs", but the manpages as "cvs" - just in > > case you're wondering why "cvs --help" still is GNU CVS, and the manpages > > are not ;) > > > > -- > > If you don't remember something, it never existed... > > If you aren't remembered, you never existed... > > I don't quite understand what love is like... But if there > > was someone who liked me, I'd be happy.
Re: OpenCVS?
the man pages of opencvs are cvs.1, cvs.5 (as far as I remember) in the source directory of opencvs On Jan 25, 2008 4:38 PM, Julian Leyh <[EMAIL PROTECTED]> wrote: > On 11:57 Sun 20 Jan , Darrin Chandler wrote: > > On Sun, Jan 20, 2008 at 06:31:48PM +, Stuart Henderson wrote: > > > On 2008/01/20 10:15, Unix Fan wrote: > > > > Stuart Henderson wrote: > > > > > See for yourself: > > > > > http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/cvs/ > > > > > > > > I'm slighly confused by something if the "cvs" command in > > > > OpenBSD 4.2 is "OpenCVS", > > > > > > it isn't - not everything in source is linked to the build yet. > > > > However, those interested in using/testing OpenCVS should take a peek at > > their /usr/src/usr.bin/cvs/README file as a start. > > The binary gets installed as "opencvs", but the manpages as "cvs" - just in > case you're wondering why "cvs --help" still is GNU CVS, and the manpages > are not ;) > > -- > If you don't remember something, it never existed... > If you aren't remembered, you never existed... > I don't quite understand what love is like... But if there > was someone who liked me, I'd be happy.
Re: halt -p does not work with GENERIC.MP on 4.2-STABLE
On Fri, 25 Jan 2008 09:43:36 +0100, Pierre Riteau wrote: > On Jan 25, 2008 9:13 AM, Nicolas Letellier <[EMAIL PROTECTED]> wrote: >> I use OpenBSD 4.2-stable with a core2duo laptop. When I use GENERIC >> kernel, 'halt -p' works perfectly. However, when I use GENERIC.MP, >> 'halt -p' does not work and says : >> >> apm0: APM set power state: interface not connected (3) >> the operating system has halted >> Please press any key to reboot >> > > You should try with -current. Much work was done on ACPI since 4.2. > And I don't think the developers are interested in these kind of bugs > in -stable. I can confirm that it doesn't work on a fairly recent snapshot. It does work with GENERIC but when you do a `halt -p` under GENERIC.MP you get "syncing disks" and then something like "UHCI controller halted" and then nothing. This is on a ThinkPad T60 (ACPI only) running amd64. Jona
Re: Problems with Sticky-Address Not Sticking with Hoststated
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joerg Zinke wrote: | Hi David, | |> rdr on $int_if proto tcp from any to $webserver port $webports -> \ |> ~ round-robin sticky-address | | ^^^ I think the second rule is not needed if hoststated is running. | AFAIK this second rule will never be "executed" if hoststaed is | running, because hoststated creates the "same" rule (before) on the | anchor position. Previous resources we had looked at did not have the 'rdr' line in the pf.conf file if you were using hoststated either. And we had had the 'sticky-address' keyword in the 'service' block in the hoststated.conf file. With this setup, we were also seeing traffic jump between the two web servers. The book "The Book of PF" is a newer resource that I just got last week and it was the first document that refered to keeping the 'rdr' statement in the pf.conf file along with the 'sticky-address' keyword. Some of the prior resources I had referred to were: http://www.openbsd.org/papers/eurobsdcon07/pyr-loadbalancing/ The OpenBSD PF Packet Filter Book man hoststated.conf | Regards, | | Joerg - -- David Goldsmith SANS NOC Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHmqTC417vU8/9QfkRAiLZAJ0aZSZ3OJ2ZSDcUWkU9O/A2eW1O1ACeNDVl flCuiAuAqlXP9BR/OkBLEZA= =L3PU -END PGP SIGNATURE-
Re: Problems with Sticky-Address Not Sticking with Hoststated
Hi David, On Fri, 25 Jan 2008 13:24:25 -0500 David Goldsmith <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > We have two firewalls running OpenBSD 4.2 with PF and CARP. We have > two web servers that we want to load balance traffic between and have > clients stay connected to one server as long as that server is up. > > Our /etc/pf.conf and /etc/hoststated.conf files are configured per the > examples in "The Book of PF" on pages 51-53. The problem is that a > web client is not sticking to one server or the other. Each time we > refresh the page in the browser, we connect to the other server. The > servers each have a web page whose contents identify which server it > is. > > We have been testing this from clients with IP addresses on the > 10.1.16.0/24 subnet which is attached to the trunk0 interface on the > firewalls. The web servers are on the 10.1.48.0/24 subnet connected > to trunk2 on the firewalls. > > Here are the contents of the config files: > > /etc/pf.conf > - > int_if="trunk0" > build_if="trunk2" > > webserver="10.1.48.200" > webports = "{ http, https }" > table persist { 10.1.48.100, 10.1.48.101 } > > set timeout src.track 60 > > rdr-anchor "hoststated/*" > > rdr on $int_if proto tcp from any to $webserver port $webports -> \ > ~ round-robin sticky-address ^^^ I think the second rule is not needed if hoststated is running. AFAIK this second rule will never be "executed" if hoststaed is running, because hoststated creates the "same" rule (before) on the anchor position. > pass in on $int_if proto tcp from any to port $webports > pass out on $build_if proto tcp from any to port $webports > > > /etc/hoststated.conf > - > interval 30 > timeout 2000 > > site1_public= "10.1.48.200" > site1_web1a = "10.1.48.100" > site1_web1b = "10.1.48.101" > > # Port 80 > table webpool { > ~real port http > ~check http "/up.txt" code 200 > ~host $site1_web1a > ~host $site1_web1b > } > > service site1 { > ~virtual host $site1_public port http > ~tag HOSTSTATED > ~table webpool > } ^^^ here you missed the sticky-address option, check: man hoststated.conf Regards, Joerg
Re: help with pf
Just passing through while looking for something else, but can help: Aaron proficuous.com> writes: > my pf.conf: > ... > pass in on fxp3 inet proto tcp from $lan_net port { ssh www ntp https smtp imap imaps domain } to any > ... > pass in on fxp3 inet proto udp from $lan_net port { domain ntp } to any These lines are the problem - they are filtering on the source port being ssh, www, etc rather than the destination port. You need: pass in on fxp3 inet proto tcp from $lan_net to any port { sss www (etc) } pass in on fxp3 inet proto udp from $lan_net to any port { domain ntp } > I am sure this is some configuration error right in front of my face, > but for the life of me i'm not seeing it. Any help would be appreciated. No problem - I'm sure that even the gurus have had moments like this :-) Kevin
Re: patch for mkhybrid man page
On Fri, Jan 25, 2008 at 09:32:31PM +, Jacob Meuser wrote: > > > > What would be considered upstream for mkhybrid? mkisofs (which > > mkhybrid seems to be based on) is now part of the cdrtools package > > (http://cdrecord.berlios.de/private/cdrecord.html). And as > > announced[1] while mkisofs is still GPL, it seems to depend on libscg > > which is licensed under Sun's CDDL. > > mkhybrid was a "fork" of mkisofs which added hsf/apple goo. the > hsf/apple stuff was rolled back into mkisofs and mkhybrid disappeared > years ago. > which probably means we (openbsd) won;t see fixes to that page while we carry on with mkhybrid. but honestly, that page is so messy i wouldn;t bother - it would be like putting a plaster on a gargantuan wound. jmc, running to the hills...
Re: OT: Can an SSH alternative to WebDav be use on OpenBSD
On January 24, 2008 04:58:57 pm Daniel Ouellet wrote: > Hi, > > I need some possible suggestions if I may asked to not setup, or have to > setup WebDav on OpenBSD to allow users to do their web folder stuff. It > can be setup with ftp for example to allow them to map a folder in their > "network place" on XP for example, but then they can't do the stupid > "save as" and just for that, they want to use the WebDav. However, then > it need to allow write access via http and the full load of issues that > could with that when combine with php, etc. > Hi Daniel, I use Zope on OpenBSD and on the same server, I have Samba as well. The Zope Server is set up for WebDav and some people use Windows to read and write from the Zope store using WebDav, some just use Samba shares, and others use https using OpenBSD httpd and mod_rewrite from port 443 to localhost:zopeport. Since users look at the WebDav as a "network place" they don't seem to mind having to move files from their Samba shares to the WebDav location and vice-versa. Not sure whether this is appropriate in your environment but it has worked well for me. HTH, Vijay -- Vijay Sankar, M.Eng., P.Eng. President & CEO ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB Canada R3J 0X6 Phone: +1 204 885 9535, E-Mail: [EMAIL PROTECTED]
Re: OT: Can an SSH alternative to WebDav be use on OpenBSD
Urban Hillebrand wrote: If using sftp with WinSCP is still an option, but you do not want users to have SSH access, this can be achieved easily with sshd_config-settings like: # override default of no subsystems Subsystem sftp/usr/libexec/sftp-server Match Group sftp X11Forwarding no AllowTcpForwarding no ForceCommand /usr/libexec/sftp-server Not sure if this is fits your needs though. I can test this too. I know this is very ridiculous, but see there is lots of laziness I guess at play here, or total lack of understanding. If it was employee, they would be out the door for such a laziness. Over years of pounding, some finally use WinSCP, or Putty and that's great. Others, just are brain dead and are just browser users and anything not in the browser is to complicated for them. Like I had to setup the FTP to allow them to use their stupid explorer to connect to FTP using their browser as it was to much trouble for them to use an ftp, or better yet an sftp client! I know. Then over time, even that, using FTP was to much trouble and they keep messing things up. How, I can't explain, I really can't figure out how they can do this, honest. I have no clue how someone can be that stupid. Then I had to explain how to setup the "My Network Places" in Windows for them to be able to use their Window Explorer to copy files back and forth using their FTP underlying process supported here and that got them to shut up for a while. The problem is that they complain as they can't use their stupid Word for example to edit a file remotely on the server because it doesn't map to a drive letter in Windows and as such for example, they can't do "save as". See how stupid this is! So, in the end is they sure want all the security, but no difference for them and they sure are not welling to learn anything new as they have done the same things for years and can't accept why it would need to be different. Then I look at setting up a tunnel between the various office and the remote servers, but then, I hit the wall with the IT internal department here. I am just stuck with this kind of stupidity and try to find all kind of different solutions that might shut them off for good and each time I thought I was closer to that, but then not. And obviously did I say they don't want to pay for special software, or add network stuff in the process. The sad part is that's the biggest client and the less savvy if you want and sure hell the one that give me the most trouble. So, that's why I am looking for may be some kind of miracle I guess. I have tried so many different things and always kit the wall with different department here that are just set in their ways so bad for years and just don't evolve, however wants security, but no inconvenient or changes what so ever. Sound familiar??? I was even going to install servers on site local to them and then just rsync them, but then, they don't want the delay here and the IT is oppose to have server internally that is control by outside people. Kind of a catch 22 if you asked me. But I keep trying to find ideas that might finally work for them, however, I have to admit, I am not successful yet. Best, Daniel
Re: patch for mkhybrid man page
On Fri, Jan 25, 2008 at 03:00:34PM -0500, Daniel Dickman wrote: > > > Here's a patch for the mkhybrid man page: > > > http://dickman.org/openbsd/mkhybrid_man_update.patch > > > > > > Changes are as follows: > > > - remove references to outdated cd burning packages and non-working urls > > > - update the url for the creator/type database to a working link > > > - spelling fixes > > > > general policy is, if it's 3rd party software, please check your fixes > > against the latest source, and send your fixes upstream. > > > > jmc > > > > What would be considered upstream for mkhybrid? mkisofs (which > mkhybrid seems to be based on) is now part of the cdrtools package > (http://cdrecord.berlios.de/private/cdrecord.html). And as > announced[1] while mkisofs is still GPL, it seems to depend on libscg > which is licensed under Sun's CDDL. mkhybrid was a "fork" of mkisofs which added hsf/apple goo. the hsf/apple stuff was rolled back into mkisofs and mkhybrid disappeared years ago. -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: OT: Can an SSH alternative to WebDav be use on OpenBSD
Boris Goldberg wrote: Hello Daniel, I believe it should be possible to set up samba-over-ssh. I mean samba listening localhost only on the server andputty (www.chiark.greenend.org.uk/~sgtatham/putty/) with port forwarding on clients. Thanks, I don't think they would go for that. Some already have WinSCP like I explain and they don't like having to save locally then transfer over, or use the built-in editor for small changes. Yea I know So if they can't do that, getting them to setup putty, witch some also already have may not fly. However, I will try that to see the results as I am curious about that idea. Thanks. You can also use samba-over-ipsec. IPSec is not less secure than ssh and gives you more flexibility.
Re: USB WLAN "dongles"
Hi, thanks to all for the answers. I am learning a lot... but the lacuna was much bigger than I thought. I have found this http://www.wiretex.de/shop/product_info.php/info/p632_UBIQUITI-SRC-2-4GHz---5GHz-300mW-Sendeleistung.html in ebay there's right now a good offer... The description of the link is in German, but I think you can understand it easily. The chip is ath0 too... does it mean it will work out of the box with OpenBSD? Thanks, Pau 2008/1/24, raven <[EMAIL PROTECTED]>: > Pau Amaro-Seoane ha scritto: > > what do you mean? I have to increase the gain of the reception on my > > laptop. Or do you mean I can use the built-in antenna of a router to > > do that? If so, how? I do have an old wifi router > > > > > If you have a fonera, you can use it like a repeater with an selfmade > Twin Quad antenna, he have a 12 dbi gain. > With this antenna i can going at 3.2 Km with goods ionospherics > conditions... > I tell you my experiment, in a modified firmware, dd-wrt. You can set > soo much parameters, like mW, dbi to be used... It's a good firmware as > far i know... > > hasta luego
Re: patch for mkhybrid man page
> > Here's a patch for the mkhybrid man page: > > http://dickman.org/openbsd/mkhybrid_man_update.patch > > > > Changes are as follows: > > - remove references to outdated cd burning packages and non-working urls > > - update the url for the creator/type database to a working link > > - spelling fixes > > general policy is, if it's 3rd party software, please check your fixes > against the latest source, and send your fixes upstream. > > jmc > What would be considered upstream for mkhybrid? mkisofs (which mkhybrid seems to be based on) is now part of the cdrtools package (http://cdrecord.berlios.de/private/cdrecord.html). And as announced[1] while mkisofs is still GPL, it seems to depend on libscg which is licensed under Sun's CDDL. [1] ftp://ftp.berlios.de/pub/cdrecord/alpha/AN-2.01.01a09
Re: Problems with Sticky-Address Not Sticking with Hoststated
I cannot answer your question. However, some suggestions: 1) Once you enable hoststated, you do not need the following line in pf: rdr on $int_if proto tcp from any to $webserver port $webports -> \ ~ round-robin sticky-address 2) And in hoststated you can use "backup table" for your second web server. Rami Sik Systems Engineer, NOC IP Applications Ph: (604) 630-5688 Fax: (604) 630-5652 This electronic mail transmission contains confidential information intended only for the named person(s). Any use, distribution, copying or disclosure by any other person is strictly prohibited. If you received this transmission in error, please notify the sender immediately so that we may correct our internal records. Please then delete the original message. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Goldsmith Sent: January 25, 2008 10:24 AM To: misc@openbsd.org Subject: Problems with Sticky-Address Not Sticking with Hoststated -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We have two firewalls running OpenBSD 4.2 with PF and CARP. We have two web servers that we want to load balance traffic between and have clients stay connected to one server as long as that server is up. Our /etc/pf.conf and /etc/hoststated.conf files are configured per the examples in "The Book of PF" on pages 51-53. The problem is that a web client is not sticking to one server or the other. Each time we refresh the page in the browser, we connect to the other server. The servers each have a web page whose contents identify which server it is. We have been testing this from clients with IP addresses on the 10.1.16.0/24 subnet which is attached to the trunk0 interface on the firewalls. The web servers are on the 10.1.48.0/24 subnet connected to trunk2 on the firewalls. Here are the contents of the config files: /etc/pf.conf - int_if="trunk0" build_if="trunk2" webserver="10.1.48.200" webports = "{ http, https }" table persist { 10.1.48.100, 10.1.48.101 } set timeout src.track 60 rdr-anchor "hoststated/*" rdr on $int_if proto tcp from any to $webserver port $webports -> \ ~ round-robin sticky-address pass in on $int_if proto tcp from any to port $webports pass out on $build_if proto tcp from any to port $webports /etc/hoststated.conf - interval 30 timeout 2000 site1_public= "10.1.48.200" site1_web1a = "10.1.48.100" site1_web1b = "10.1.48.101" # Port 80 table webpool { ~real port http ~check http "/up.txt" code 200 ~host $site1_web1a ~host $site1_web1b } service site1 { ~virtual host $site1_public port http ~tag HOSTSTATED ~table webpool } /etc/rc.conf - hoststated_flags="" # for normal use: "" pf=YES # Packet filter / NAT pf_rules=/etc/pf.conf # Packet filter rules file pflogd_flags= # add more flags, ie. "-s 256" Any obvious ideas about why our client is bouncing between the web servers? Could this be an issue with using trunk interfaces rather than the individual Ethernet devices? Do we need to refer to the CARP interfaces? Here is the results of running "pfctl -s all" after hitting refresh in the browser several times and hitting both web servers. PF State Info - - TRANSLATION RULES: rdr-anchor "hoststated/*" all rdr on trunk0 inet proto tcp from any to 10.1.48.200 port = www -> round-robin stic ky-address rdr on trunk0 inet proto tcp from any to 10.1.48.200 port = https -> round-robin st icky-address FILTER RULES: pass in on trunk0 proto tcp from any to port = www flags S/SA keep state pass in on trunk0 proto tcp from any to port = https flags S/SA keep state pass out on trunk2 proto tcp from any to port = www flags S/SA keep state pass out on trunk2 proto tcp from any to port = https flags S/SA keep state No queue in use STATES: all carp 10.1.16.252 -> 224.0.0.18 SINGLE:NO_TRAFFIC all carp 10.1.32.2 -> 224.0.0.18 SINGLE:NO_TRAFFIC all carp 10.1.48.2 -> 224.0.0.18 SINGLE:NO_TRAFFIC all carp 224.0.0.18 <- 10.1.16.2 NO_TRAFFIC:SINGLE all tcp 10.1.48.2:1091 -> 10.1.48.101:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.2:46783 -> 10.1.48.100:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.2:6985 -> 10.1.48.101:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.2:43486 -> 10.1.48.100:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.2:14244 -> 10.1.48.101:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.2:8754 -> 10.1.48.100:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.101:80 <- 10.1.48.200:80 <- 10.1.16.60:2216 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.16.60:2216 -> 10.1.48.101:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.100:80 <- 10.1.48.200:80 <- 10.1.16.60:2217 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.16.60:2217 -> 10.1.48.100:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.101:80 <- 10.1.48.200:80 <- 10.1.16.60:2218 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.16.60:2218 -> 10.1.48.101:80 FIN_WAIT_2:FIN_
Re: OT: Can an SSH alternative to WebDav be use on OpenBSD
Quoting "L. V. Lammert" <[EMAIL PROTECTED]>: On Fri, 25 Jan 2008, Frank Bax wrote: Boris Goldberg wrote: > Hello Daniel, > > I believe it should be possible to set up samba-over-ssh. I mean samba > listening localhost only on the server andputty > (www.chiark.greenend.org.uk/~sgtatham/putty/) with port forwarding on > clients. > You can also use samba-over-ipsec. IPSec is not less secure than ssh and > gives you more flexibility. > Has anyone figured out how to save PuTTY tunnel settings (whether for samba or anything else); so that they can be easily dropped onto multiple systems without having to do manual setup on each one? Have not tried tunnel settings, but I DO know that you can copy any session configurations by exporting the registry keys. Lee I can confirm that the port forwarding settings are stored in the registry. It is easy enough to write a quick script to add those registry entries into the reg. of a new computer. Look in the PuTTY FAQ, I think there is an example of how to do it in there. -- Tim Donahue This message was sent using IMP, the Internet Messaging Program.
Problems with Sticky-Address Not Sticking with Hoststated
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We have two firewalls running OpenBSD 4.2 with PF and CARP. We have two web servers that we want to load balance traffic between and have clients stay connected to one server as long as that server is up. Our /etc/pf.conf and /etc/hoststated.conf files are configured per the examples in "The Book of PF" on pages 51-53. The problem is that a web client is not sticking to one server or the other. Each time we refresh the page in the browser, we connect to the other server. The servers each have a web page whose contents identify which server it is. We have been testing this from clients with IP addresses on the 10.1.16.0/24 subnet which is attached to the trunk0 interface on the firewalls. The web servers are on the 10.1.48.0/24 subnet connected to trunk2 on the firewalls. Here are the contents of the config files: /etc/pf.conf - int_if="trunk0" build_if="trunk2" webserver="10.1.48.200" webports = "{ http, https }" table persist { 10.1.48.100, 10.1.48.101 } set timeout src.track 60 rdr-anchor "hoststated/*" rdr on $int_if proto tcp from any to $webserver port $webports -> \ ~ round-robin sticky-address pass in on $int_if proto tcp from any to port $webports pass out on $build_if proto tcp from any to port $webports /etc/hoststated.conf - interval 30 timeout 2000 site1_public= "10.1.48.200" site1_web1a = "10.1.48.100" site1_web1b = "10.1.48.101" # Port 80 table webpool { ~real port http ~check http "/up.txt" code 200 ~host $site1_web1a ~host $site1_web1b } service site1 { ~virtual host $site1_public port http ~tag HOSTSTATED ~table webpool } /etc/rc.conf - hoststated_flags="" # for normal use: "" pf=YES # Packet filter / NAT pf_rules=/etc/pf.conf # Packet filter rules file pflogd_flags= # add more flags, ie. "-s 256" Any obvious ideas about why our client is bouncing between the web servers? Could this be an issue with using trunk interfaces rather than the individual Ethernet devices? Do we need to refer to the CARP interfaces? Here is the results of running "pfctl -s all" after hitting refresh in the browser several times and hitting both web servers. PF State Info - - TRANSLATION RULES: rdr-anchor "hoststated/*" all rdr on trunk0 inet proto tcp from any to 10.1.48.200 port = www -> round-robin stic ky-address rdr on trunk0 inet proto tcp from any to 10.1.48.200 port = https -> round-robin st icky-address FILTER RULES: pass in on trunk0 proto tcp from any to port = www flags S/SA keep state pass in on trunk0 proto tcp from any to port = https flags S/SA keep state pass out on trunk2 proto tcp from any to port = www flags S/SA keep state pass out on trunk2 proto tcp from any to port = https flags S/SA keep state No queue in use STATES: all carp 10.1.16.252 -> 224.0.0.18 SINGLE:NO_TRAFFIC all carp 10.1.32.2 -> 224.0.0.18 SINGLE:NO_TRAFFIC all carp 10.1.48.2 -> 224.0.0.18 SINGLE:NO_TRAFFIC all carp 224.0.0.18 <- 10.1.16.2 NO_TRAFFIC:SINGLE all tcp 10.1.48.2:1091 -> 10.1.48.101:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.2:46783 -> 10.1.48.100:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.2:6985 -> 10.1.48.101:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.2:43486 -> 10.1.48.100:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.2:14244 -> 10.1.48.101:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.2:8754 -> 10.1.48.100:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.101:80 <- 10.1.48.200:80 <- 10.1.16.60:2216 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.16.60:2216 -> 10.1.48.101:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.100:80 <- 10.1.48.200:80 <- 10.1.16.60:2217 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.16.60:2217 -> 10.1.48.100:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.101:80 <- 10.1.48.200:80 <- 10.1.16.60:2218 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.16.60:2218 -> 10.1.48.101:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.100:80 <- 10.1.48.200:80 <- 10.1.16.60:2219 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.16.60:2219 -> 10.1.48.100:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.101:80 <- 10.1.48.200:80 <- 10.1.16.60:2220 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.16.60:2220 -> 10.1.48.101:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.100:80 <- 10.1.48.200:80 <- 10.1.16.60:2221 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.16.60:2221 -> 10.1.48.100:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.2:26880 -> 10.1.48.101:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.2:11005 -> 10.1.48.100:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.2:26283 -> 10.1.48.101:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.2:13055 -> 10.1.48.100:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.2:43776 -> 10.1.48.101:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.2:30663 -> 10.1.48.100:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.2:39595 -> 10.1.48.101:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.48.2:3984 -> 10.1.48.100:80
Re: OT: Can an SSH alternative to WebDav be use on OpenBSD
On Fri, 25 Jan 2008, Frank Bax wrote: > Boris Goldberg wrote: > > Hello Daniel, > > > > I believe it should be possible to set up samba-over-ssh. I mean samba > > listening localhost only on the server andputty > > (www.chiark.greenend.org.uk/~sgtatham/putty/) with port forwarding on > > clients. > > You can also use samba-over-ipsec. IPSec is not less secure than ssh and > > gives you more flexibility. > > > > > Has anyone figured out how to save PuTTY tunnel settings (whether for > samba or anything else); so that they can be easily dropped onto > multiple systems without having to do manual setup on each one? > Have not tried tunnel settings, but I DO know that you can copy any session configurations by exporting the registry keys. Lee Leland V. Lammert[EMAIL PROTECTED] Chief Scientist Omnitec Corporation Network/Internet Consultants www.omnitec.net
Re: setup degraded array using raidframe [SOLVED]
Hi [EMAIL PROTECTED] After careful thinking, I started reading the manpages again, more exactly raidctl(8) and raid(4). Of course, I was not paying attention the first 5 times i've read them ( stupid me ). In raidctl (8) it states clearly the special circumstances for setting up a raid array in degraded mode. "Configuration(using *-C* and *-I* /12345/ as above) proceeds normally, but initialization of the RAID set will have to wait until all physical components are present. After configuration, this set can be used normally, but will be operating in degraded mode. Once a second physical component is obtained, it can be hot-added, the existing data mirrored, and normal operation resumed." So there's where i've made the mistake. After configuring the degraded raid array i was initializing him ( raidctl -vi raid0 ).That's why after adding the "real" partition as spare , doing a reconstruction of component0 and parity re-write,after reboot component0 kept failing. Thank's againg to all and sorry again for the unnecessary bnoiseb.
Re: OT: Can an SSH alternative to WebDav be use on OpenBSD
Boris Goldberg wrote: Hello Daniel, I believe it should be possible to set up samba-over-ssh. I mean samba listening localhost only on the server andputty (www.chiark.greenend.org.uk/~sgtatham/putty/) with port forwarding on clients. You can also use samba-over-ipsec. IPSec is not less secure than ssh and gives you more flexibility. Has anyone figured out how to save PuTTY tunnel settings (whether for samba or anything else); so that they can be easily dropped onto multiple systems without having to do manual setup on each one?
Re: OT: Can an SSH alternative to WebDav be use on OpenBSD
If your interest is seeing the code, not being able to get it for free, then talk to the SftpDrive people; they're a down to earth group of guys, and are really great to work with, and for all I know, they might be perfectly open to letting you see the code. On Jan 24, 2008 7:41 PM, Daniel Ouellet <[EMAIL PROTECTED]> wrote: > > Andrew Ruscica wrote: > > On Thu, Jan 24, 2008 at 05:58:57PM -0500, Daniel Ouellet wrote: > > .. > >> I only allow ssh access and in very special case, I had accepted ftp from > > > > If you're considering a commercial product, http://www.sftpdrive.com > > > > If the product performs as it says, you shouldn't need to change anything > > on the web server. > > Thanks, I appreciate your suggestions, but I will stick with solutions > that I could see the code and that are open source. > > I got a few suggestions that might make sense so far. > > Thanks for your time in offering solutions however. > > Best, > > Daniel > > -- Systems Programmer, Principal Electrical & Computer Engineering The University of Arizona [EMAIL PROTECTED]
Re: setup degraded array using raidframe
Mitja Mu>enih wrote: Wrong procedure - you never need a -I or -i again, once you have created the set initially. At this point you can try to salvage your setup by adding wd0d as spare, then simply fail component0 (raidctl -vF component0 raid0). Don't do any reinitialization as you did. Mitja Hi all! At the sugestion of Mitja Mu>enih i did exactly this: # raidctl -a /dev/wd0d raid0 # raidctl -vF component0 raid0 Reconstruction status: 0% | | ETA:00:01 - # raidctl -vs raid0 raid0 Components: component0: spared /dev/wd1d: optimal Spares: /dev/wd0d: used_spare component0 status is: spared. Skipping label. Component label for /dev/wd1d: Row: 0, Column: 1, Num Rows: 1, Num Columns: 2 Version: 2, Serial Number: 2008012402, Mod Counter: 61 Clean: No, Status: 0 sectPerSU: 128, SUsPerPU: 1, SUsPerRU: 1 Queue size: 100, blocksize: 512, numBlocks: 3729536 RAID Level: 1 Autoconfig: Yes Root partition: Yes Last configured as: raid0 raidctl: ioctl (RAIDFRAME_GET_COMPONENT_LABEL) failed # reboot After reboot # raidctl -vs raid0 raid0 Components: component0: failed /dev/wd1d: optimal No spares. component0 status is: failed. Skipping label. Component label for /dev/wd1d: Row: 0, Column: 1, Num Rows: 1, Num Columns: 2 Version: 2, Serial Number: 2008012402, Mod Counter: 65 Clean: No, Status: 0 sectPerSU: 128, SUsPerPU: 1, SUsPerRU: 1 Queue size: 100, blocksize: 512, numBlocks: 3729536 RAID Level: 1 Autoconfig: Yes Root partition: Yes Last configured as: raid0 Parity status: clean Reconstruction is 100% complete. Parity Re-write is 100% complete. Copyback is 100% complete. About using the non-existent disk, been there, done that, same result. In a previous attempt at doing this setup, i've used in /etc/raid0.conf as START DISKS /dev/wd1d and /dev/wd2d. The result was the same. I saw on http://erdelynet.com/openbsd/raidframe-tricks/ a good trick at doing this. Mike Erdely ended up in a setup of his with the same problem. He unconfigured the raid ( raidctl -u raid0 ) and then he configured it again ( raidctl -c /etc/raid0.conf raid0). The big difference is that he was creating an array for /home, so I can't use the same trick.
Re: Archiving pkg's added by pkg_add -u
On Jan 25, 2008 10:46 AM, Bernd Ahlers <[EMAIL PROTECTED]> wrote: > Read the pkg_add(1) manpage again and look for PKG_CACHE. Great! Many thanks! -- Best Regards Edd http://students.dec.bournemouth.ac.uk/ebarrett
Re: Anyone lucky with pf rtable ?
* Insan Praja SW <[EMAIL PROTECTED]> [2008-01-25 16:46]: > On Fri, 25 Jan 2008 16:28:42 +0700, Henning Brauer <[EMAIL PROTECTED]> > wrote: > >> * Insan Praja SW <[EMAIL PROTECTED]> [2008-01-24 18:43]: >>> Hi Misc@, >>> I'm currently setup bgp router using openbgp. Routes learned from >>> openbgpd >>> are stored in routing table 1. So, I got this client from NET2, coming >>> from >>> the same interface that my ibgp peer coming from, and I want to pass >>> client >>> from NET2 going to regional exchange to QUAGGA router. I got no luck >>> with: >>> "pass on $ext_if from $NET2 to any modulate state rtable 1", NET2 always >>> use the default route via $ext_if when going to regional exchange >>> I appreciate any input and suggestion regarding this. >> >> assigning an rtable decision on the outbond interface is too late, >> since the routang decision has already been taken then. yu have to do >> it in the inbound direction. that is true for the reverse path too. >> > > Hi Henning and Misc@, > I figured out that my pf.conf on "pass on $ext_if from $NET2 to any > modulate state rtable 1" is wrong after carefully trying to understand pf. > So, I change it to #pass in on $int_if from $NET2 to any modulate state > rtable 1". It doesn't change anything, NET2 always going to the default > gateway. well, it definately works, carefully check that the rule really is the last matching one and that you actually have a route in that table that matches. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: Anyone lucky with pf rtable ?
On Fri, 25 Jan 2008 16:28:42 +0700, Henning Brauer <[EMAIL PROTECTED]> wrote: * Insan Praja SW <[EMAIL PROTECTED]> [2008-01-24 18:43]: Hi Misc@, I'm currently setup bgp router using openbgp. Routes learned from openbgpd are stored in routing table 1. So, I got this client from NET2, coming from the same interface that my ibgp peer coming from, and I want to pass client from NET2 going to regional exchange to QUAGGA router. I got no luck with: "pass on $ext_if from $NET2 to any modulate state rtable 1", NET2 always use the default route via $ext_if when going to regional exchange I appreciate any input and suggestion regarding this. assigning an rtable decision on the outbond interface is too late, since the routang decision has already been taken then. yu have to do it in the inbound direction. that is true for the reverse path too. Hi Henning and Misc@, I figured out that my pf.conf on "pass on $ext_if from $NET2 to any modulate state rtable 1" is wrong after carefully trying to understand pf. So, I change it to #pass in on $int_if from $NET2 to any modulate state rtable 1". It doesn't change anything, NET2 always going to the default gateway. Thanks, Insan ext_if = "vlan2" ext_if0 = "vlan111" ext_if1 = "vlan4" ext_if2 = "vlan22" int_if = "em0" int_if0 = "rl0" int_priv = "{$int_if $int_if0}" port_proxy = "3128" mail_server = "202.149.93.14" icmp_types = "{ echoreq, unreach }" 3d_net = "{202.149.93.8 202.149.93.32/28}" 3d_local_net = "{202.149.93.32/27}" eazy_net = "{210.23.64.0/24, 210.23.66.0/24, 210.23.68.0/24, 210.23.79.0/24}" simaya_net = "{202.149.93.6 202.149.93.16/28}" simaya_local_net = "{202.149.93.80/28}" gl_net = "{10.10.10.0/24 192.168.0.0/24} eazy_port = "15001:2" simaya_port = "20001:25000" gl_port = "25001:3" tigadport = "30001:35000" ejiport = "35001:4" serport = "40001:45001" #TABLE table const {210.23.64.0/24, 210.23.66.0/24, 210.23.68.0/24, 210.23.79.0/24} table const {202.149.93.6, 202.149.93.16/28} table <3d_net> const {202.149.93.8, 202.149.93.32/27} table const {202.149.93.242, 202.149.93.243, 202.149.93.244, 202.149.93.245, 202.149.93.246} # Active IP on vlan4 table const {192.168.0.0/24, 10.10.10.0/24} # internal network and management network table const { 0.0.0.0/32, 1.0.0.0/8, 2.0.0.0/8, 5.0.0.0/8,7.0.0.0/8, 10.0.0.0/8, 23.0.0.0/8, 27.0.0.0/8, 31.0.0.0/8, 36.0.0.0/8, 37.0.0.0/8, 39.0.0.0/8, 42.0.0.0/8, 49.0.0.0/8, 50.0.0.0/8, 100.0.0.0/8, 101.0.0.0/8, 102.0.0.0/8, 103.0.0.0/8, 1 04.0.0.0/8, 105.0.0.0/8, 106.0.0.0/8, 107.0.0.0/8, 108.0.0.0/8, 109.0.0.0/8, 110.0.0.0/8, 111.0.0.0/8, 112.0.0.0/8, 113.0.0.0/ 8, 127.0.0.0/8, 169.254.0.0/16, 172.16.0.0/12, 173.0.0.0/8, 175.0.0.0/8, 176.0.0.0/8, 177.0.0.0/8, 178.0.0.0/8, 179.0.0.0/8, 1 80.0.0.0/8, 181.0.0.0/8, 182.0.0.0/8, 183.0.0.0/8, 184.0.0.0/8, 185.0.0.0/8, 192.0.2.0/24, 192.168.0.0/16, 197.0.0.0/8, 174.0. 0.0/8, 223.0.0.0/8 } # martians of the internet set ruleset-optimization basic set optimization aggressive set block-policy drop scrub in all #QUEUE altq on $ext_if2 bandwidth 6Mb hfsc(linkshare 5Mb upperlimit 5Mb) queue {office, eazy, simaya, 3d, server} queue officebandwidth 256Kb priority 7 qlimit 500 hfsc (realtime 50% default ecn) queue eazy bandwidth 1024Kb priority 6 qlimit 500 hfsc (upperlimit 1024Kb ecn) queue simayabandwidth 2564Kb priority 6 qlimit 500 hfsc (upperlimit 2564Kb ecn) queue 3dbandwidth 1024Kb priority 6 qlimit 500 hfsc (upperlimit 1024Kb ecn) queue server bandwidth 128Kb priority 6 qlimit 500 hfsc (upperlimit 512Kb ecn) altq on $ext_if bandwidth 8Mb hfsc(linkshare 5Mb upperlimit 5Mb) queue {dn_office, dn_eazy, dn_simaya, dn_3d, up_server} queue dn_office bandwidth 512Kb priority 7 qlimit 500 hfsc (realtime 50% default ecn) queue dn_eazy bandwidth 1024Kb priority 6 qlimit 500 hfsc (upperlimit 1024Kb ecn) queue dn_simaya bandwidth 2564Kb priority 6 qlimit 500 hfsc (upperlimit 2564Kb ecn) queue dn_3d bandwidth 1024Kb priority 6 qlimit 500 hfsc (upperlimit 1024Kb ecn) queue up_server bandwidth 512Kb priority 6 qlimit 500 hfsc (upperlimit 1024Kb ecn) altq on $ext_if1 bandwidth 2Mb hfsc(linkshare 2Mb upperlimit 2Mb) queue {dn_trg, dn_nas, dn_ejigem, dn_matabumi, dn_crot} queue dn_trg bandwidth 25% priority 6 qlimit 500 hfsc (realtime 50% default ecn) queue dn_nas bandwidth 25% priority 5 qlimit 500 hfsc (upperlimit 25% ecn) queue dn_matabumi bandwidth 25% priority 6 qlimit 500 hfsc (upperlimit 25% ecn) queue dn_crot bandwidth 15% priority 6 qlimit 500 hfsc (upperlimit 25% ecn) queue dn_ejigem bandwidth 10% priority 6 qlimit 500 hfsc (upperlimit 10% ecn) nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" no nat on $ext_if inet from <3d_net> to any nat pass on $ext_if inet from to any -> $ext_if nat pass on $ext_if1 inet from to any -> $ext_if1 nat pass on $ext_if2 inet from $eazy_net to any -> $ext_if2 port $ejiport source-hash nat pass on $ext_if2 inet from $3d_net to any -> $ext_if2 port $tigadport source-hash nat pass on $ext_if2 inet from $simaya_net to
Re: OpenCVS?
On 11:57 Sun 20 Jan , Darrin Chandler wrote: > On Sun, Jan 20, 2008 at 06:31:48PM +, Stuart Henderson wrote: > > On 2008/01/20 10:15, Unix Fan wrote: > > > Stuart Henderson wrote: > > > > See for yourself: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/cvs/ > > > > > > I'm slighly confused by something if the "cvs" command in > > > OpenBSD 4.2 is "OpenCVS", > > > > it isn't - not everything in source is linked to the build yet. > > However, those interested in using/testing OpenCVS should take a peek at > their /usr/src/usr.bin/cvs/README file as a start. The binary gets installed as "opencvs", but the manpages as "cvs" - just in case you're wondering why "cvs --help" still is GNU CVS, and the manpages are not ;) -- If you don't remember something, it never existed... If you aren't remembered, you never existed... I don't quite understand what love is like... But if there was someone who liked me, I'd be happy.
Re: OT: Can an SSH alternative to WebDav be use on OpenBSD
Hello Daniel, I believe it should be possible to set up samba-over-ssh. I mean samba listening localhost only on the server andputty (www.chiark.greenend.org.uk/~sgtatham/putty/) with port forwarding on clients. You can also use samba-over-ipsec. IPSec is not less secure than ssh and gives you more flexibility. -- Best regards, Borismailto:[EMAIL PROTECTED]
Re: Recording OpenNTPd PID at daemon startup
Claudio Jeker wrote: > We don't believe in pid files. Use pgrep(1) and pkill(1) instead, you will > never have stale info that way. Sweet! Use of pid files seemed like an anachronism anyway. pkill does what I wanted. Now I don't have to write an extra shell script. -Lars
Re: Recording OpenNTPd PID at daemon startup
On Fri, Jan 25, 2008 at 03:17:55PM +0200, Lars Noodin wrote: > How should I go about recording the process id for the OpenNTP daemon? > Usually processes get written in /var/run/ > > Many daemons allow relocation via options or the config file e.g. > /usr/sbin/apt-cacher -d -p /var/run/apt-cacher.pid; > /usr/local/sbin/dnsmasq --pid-file=/var/run/dnsmasq.pid; > > I've checked in the man pages for ntpd and ntpd.conf but these options > are not mentioned. > http://www.openbsd.org/cgi-bin/man.cgi?query=ntpd > http://www.openbsd.org/cgi-bin/man.cgi?query=ntpd.conf > > How is it done? > We don't believe in pid files. Use pgrep(1) and pkill(1) instead, you will never have stale info that way. -- :wq Claudio
Re: Recording OpenNTPd PID at daemon startup
* Lars Noodin <[EMAIL PROTECTED]> [2008-01-25 14:20]: > How should I go about recording the process id for the OpenNTP daemon? > Usually processes get written in /var/run/ > > Many daemons allow relocation via options or the config file e.g. > /usr/sbin/apt-cacher -d -p /var/run/apt-cacher.pid; > /usr/local/sbin/dnsmasq --pid-file=/var/run/dnsmasq.pid; > > I've checked in the man pages for ntpd and ntpd.conf but these options > are not mentioned. > http://www.openbsd.org/cgi-bin/man.cgi?query=ntpd > http://www.openbsd.org/cgi-bin/man.cgi?query=ntpd.conf > > How is it done? ntps does not write a pid file on purpose. they are useless and inherently racey. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Recording OpenNTPd PID at daemon startup
How should I go about recording the process id for the OpenNTP daemon? Usually processes get written in /var/run/ Many daemons allow relocation via options or the config file e.g. /usr/sbin/apt-cacher -d -p /var/run/apt-cacher.pid; /usr/local/sbin/dnsmasq --pid-file=/var/run/dnsmasq.pid; I've checked in the man pages for ntpd and ntpd.conf but these options are not mentioned. http://www.openbsd.org/cgi-bin/man.cgi?query=ntpd http://www.openbsd.org/cgi-bin/man.cgi?query=ntpd.conf How is it done? Regards, -Lars
Re: patch for mkhybrid man page
On Fri, Jan 25, 2008 at 06:41:53AM -0500, Daniel Dickman wrote: > Here's a patch for the mkhybrid man page: > http://dickman.org/openbsd/mkhybrid_man_update.patch > > Changes are as follows: > - remove references to outdated cd burning packages and non-working urls > - update the url for the creator/type database to a working link > - spelling fixes general policy is, if it's 3rd party software, please check your fixes against the latest source, and send your fixes upstream. jmc
patch for mkhybrid man page
Here's a patch for the mkhybrid man page: http://dickman.org/openbsd/mkhybrid_man_update.patch Changes are as follows: - remove references to outdated cd burning packages and non-working urls - update the url for the creator/type database to a working link - spelling fixes
Re: Archiving pkg's added by pkg_add -u
On 2008/01/25 10:20, Edd Barrett wrote: > I was wondering if there is a way that pkg_add -u can save packages > that it installs into a specified directory. See ENVIRONMENT in pkg_add(1).
Re: Archiving pkg's added by pkg_add -u
Edd Barrett [Fri, Jan 25, 2008 at 10:20:50AM +] wrote: >I was wondering if there is a way that pkg_add -u can save packages >that it installs into a specified directory. > >I think I could save a lot of bandwidth if this were possible, as I >have several machines to update with snapshots every 2 weeks or so. > >Just an idea. > Read the pkg_add(1) manpage again and look for PKG_CACHE. Regards, Bernd
Archiving pkg's added by pkg_add -u
Hi there, I was wondering if there is a way that pkg_add -u can save packages that it installs into a specified directory. I think I could save a lot of bandwidth if this were possible, as I have several machines to update with snapshots every 2 weeks or so. Just an idea. -- Best Regards Edd http://students.dec.bournemouth.ac.uk/ebarrett
Re: OT: Can an SSH alternative to WebDav be use on OpenBSD
If using sftp with WinSCP is still an option, but you do not want users to have SSH access, this can be achieved easily with sshd_config-settings like: # override default of no subsystems Subsystem sftp/usr/libexec/sftp-server Match Group sftp X11Forwarding no AllowTcpForwarding no ForceCommand /usr/libexec/sftp-server Not sure if this is fits your needs though. -Urban
tes please ignore
tess
Re: Anyone lucky with pf rtable ?
* Insan Praja SW <[EMAIL PROTECTED]> [2008-01-24 18:43]: > Hi Misc@, > I'm currently setup bgp router using openbgp. Routes learned from openbgpd > are stored in routing table 1. So, I got this client from NET2, coming from > the same interface that my ibgp peer coming from, and I want to pass client > from NET2 going to regional exchange to QUAGGA router. I got no luck with: > "pass on $ext_if from $NET2 to any modulate state rtable 1", NET2 always > use the default route via $ext_if when going to regional exchange > I appreciate any input and suggestion regarding this. assigning an rtable decision on the outbond interface is too late, since the routang decision has already been taken then. yu have to do it in the inbound direction. that is true for the reverse path too. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: brute force voip QoS
On Wed, 2008-01-23 at 15:53 -0800, David Newman wrote: > How you detect a VoIP flow may also be an issue. If your VoIP traffic > uses SIP, you can classify the signaling traffic on 5060/udp -- but then > the voice or video traffic will use RTP/RTCP and some ephemeral port > chosen during call setup. ... > (If anyone has a method for RTP/RTCP awareness in pf -- including the > ability to set up and tear down rules for the call duration -- please > share it!) I am just wondering if the RTP proxy in siproxd could help. I guess one could write pf (altq) rules based on the RTP port range chosen. May not be so flexible or even suitable in every scenario (since one needs to setup a siproxd), then again... (See http://siproxd.sourceforge.net/index.php?op=faq for RTP proxy details.) What do you think?
Re: halt -p does not work with GENERIC.MP on 4.2-STABLE
On Jan 25, 2008 9:13 AM, Nicolas Letellier <[EMAIL PROTECTED]> wrote: > I use OpenBSD 4.2-stable with a core2duo laptop. When I use GENERIC > kernel, 'halt -p' works perfectly. However, when I use GENERIC.MP, > 'halt -p' does not work and says : > > apm0: APM set power state: interface not connected (3) > the operating system has halted > Please press any key to reboot > You should try with -current. Much work was done on ACPI since 4.2. And I don't think the developers are interested in these kind of bugs in -stable. -- Pierre Riteau
halt -p does not work with GENERIC.MP on 4.2-STABLE
Hello, I use OpenBSD 4.2-stable with a core2duo laptop. When I use GENERIC kernel, 'halt -p' works perfectly. However, when I use GENERIC.MP, 'halt -p' does not work and says : apm0: APM set power state: interface not connected (3) the operating system has halted Please press any key to reboot As you can see, the machine does not shutdown powerdown with GENERIC.MP. Powerdown works with GENERIC. I copied my /bsd.mp to /bsd to use it as default kernel. With GENERIC.MP avec 'config -ef /bsd', I tried to disable apm. Same result. I tried to enable acpi. Same result. I tried to enable acpi and apm in the kernel, same result. I tried to enable apmd_flags="-C" in /etc/rc.conf.local, same result. I don't understand why powerdown the machine is impossible with GENERIC.MP. With a Core2Duo CPU, I would like to user SMP kernel. Or, is SMP kernel really important with a double core CPU? See my dmesg : OpenBSD 4.2-stable (GENERIC.MP) #2: Fri Jan 25 09:53:58 CET 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Genuine Intel(R) CPU T2300 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,EST,TM2,xTPR real mem = 1073115136 (1023MB) avail mem = 1029959680 (982MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 07/27/06, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.3 @ 0xfc660 (35 entries) bios0: vendor American Megatrends Inc. version "A6JCMAS.219 " date 07/27/2006 bios0: ASUSTeK Computer Inc. A6JC apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 3.0 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf56b0/224 (12 entries) pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801GBM LPC" rev 0x00) pcibios0: PCI bus #5 is the last bus bios0: ROM list: 0xc/0xf000 mainbus0: Intel MP Specification (Version 1.4) cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 166 MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Genuine Intel(R) CPU T2300 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,EST,TM2,xTPR mainbus0: bus 0 is type PCI mainbus0: bus 1 is type PCI mainbus0: bus 2 is type PCI mainbus0: bus 3 is type PCI mainbus0: bus 4 is type PCI mainbus0: bus 5 is type PCI mainbus0: bus 6 is type ISA ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130a2c06000a2c cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 1667 MHz (1404 mV): speeds: 1667, 1000 MHz pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82945GM MCH" rev 0x03 ppb0 at pci0 dev 1 function 0 "Intel 82945GM PCIE" rev 0x03 pci_intr_map: bus 0 dev 1 func 0 pin 2; line 3 pci_intr_map: no MP mapping found pci_intr_map: bus 0 dev 1 func 0 pin 3; line 4 pci_intr_map: no MP mapping found pci_intr_map: bus 0 dev 1 func 0 pin 4; line 5 pci_intr_map: no MP mapping found pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "NVIDIA GeForce 7300 Go" rev 0xa1 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: apic 2 int 21 (irq 3) azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: Realtek ALC880 (rev. 8.0), HDA version 1.0 azalia0: codec: Motorola/0x3055 (rev. 7.0), HDA version 1.0 azalia0: codec[1]: No support for modem function groups azalia0: codec[1]: No audio function groups audio0 at azalia0 ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02 pci_intr_map: bus 0 dev 28 func 0 pin 2; line 3 pci_intr_map: no MP mapping found pci_intr_map: bus 0 dev 28 func 0 pin 3; line 4 pci_intr_map: no MP mapping found pci2 at ppb1 bus 2 re0 at pci2 dev 0 function 0 "Realtek 8168" rev 0x01: RTL8168 2 (0x3800), apic 2 int 16 (irq 11), address 00:18:f3:5b:f6:31 rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2 ppb2 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02 pci_intr_map: bus 0 dev 28 func 3 pin 2; line 3 pci_intr_map: no MP mapping found pci_intr_map: bus 0 dev 28 func 3 pin 3; line 4 pci_intr_map: no MP mapping found pci3 at ppb2 bus 3 wpi0 at pci3 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: apic 2 int 19 (irq 5), MoW2, address 00:13:02:dd:05:5f uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 2 int 23 (irq 7) uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 2 int 19 (irq 5) uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: apic 2 int 18 (irq 4) uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: apic 2 int 22 (irq 6) ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: apic 2 int 23 (irq