Re: configuring the GENERIC kernel (was Re: Issue compiling a program on OpenBSD)

[Ross Cameron]

On Sat, Mar 29, 2008 at 9:21 PM, Jacob Meuser <[EMAIL PROTECTED]> wrote:
>
> On Sat, Mar 29, 2008 at 12:58:40PM -0400, Douglas A. Tutty wrote:
>  > On Sat, Mar 29, 2008 at 11:00:01AM +0200, Lars Nood??n wrote:
>  > > > ... using the GENERIC kernel ...
>  >
>  > > 2) One thing that may not be visible enough is that config(8) can be
>  > > used to modify kernel parameters without needing to recompile.  That
>  > > gives you a fair amount of customization without deviating from the
>  > > GENERIC configuration.
>  > >
>  > > It is possible to make modifications to the currently running kernel as
>  > > well as to save these changes in the form of a new kernel binary so that
>  > > the changes stay even after system restarts.
>  >
>  > One thing I'm not clear on: if the only issue is kernel size based on
>  > having an old box with low memory, where every MB counts, does
>  > deactivating unnecessary drivers with config actually result in a
>  > smaller kernel or just a kernel with deactivated drivers?  Shrinking the
>  > kernel would be the only reason I would have of touching the kernel as
>  > I'm not into trying out experimental features.  It would be too bad if
>  > config doesn't do this.
>
>  if your machine is low enough on ram that you would even consider
>  recompiling a kernel, just to save ram, it's time to retire
>  the machine.

I'd disagree VERY strongly there,... there are LOTS of low spec (yet
industrial tolerance) hardware appliances out there (and I spend
almost my entire live working on this kind of hardware.
The malleability and source availability of the free UNIX-like
systems is what allows one to use these platforms in the first place.
Imagine trying to get Microsoft or Sun to produce an OS for you that
runs on a 486dx100?

Re: configuring the GENERIC kernel (was Re: Issue compiling a program on OpenBSD)

[Ross Cameron]

On Sun, Mar 30, 2008 at 9:26 PM, Jacob Meuser <[EMAIL PROTECTED]> wrote:
>  you say, "config makes me boot faster."  so then people go and config
>  their kernel, and then we get problem reports about broken kernels.
>
>  that's fine if you want to go break your machines.  don't try telling
>  others to do the same.

I disagree,... this form of knowledge sharing amongst more advanced
users of any OS should be encouraged.
Perhaps there is merit in it in a wider context,... we wont know
unless such things are discussed and debated.
Simply poh pohing it out of hand without wider discussion
throughout the user base is foolish at best.

Calling Lontronics !!!

[Graham Bentley]

Hi list !

Just looking for Jan [aka Lontronics]
You disappeared from Zenwalk / Arch

Where are you ?

Graham [EMAIL PROTECTED]

Re: configuring the GENERIC kernel (was Re: Issue compiling a program on OpenBSD)

[Jacob Meuser]

On Mon, Mar 31, 2008 at 09:47:09AM +0200, Ross Cameron wrote:
> On Sun, Mar 30, 2008 at 9:26 PM, Jacob Meuser <[EMAIL PROTECTED]> wrote:
> >  you say, "config makes me boot faster."  so then people go and config
> >  their kernel, and then we get problem reports about broken kernels.
> >
> >  that's fine if you want to go break your machines.  don't try telling
> >  others to do the same.
> 
> I disagree,... this form of knowledge sharing amongst more advanced
> users of any OS should be encouraged.
> Perhaps there is merit in it in a wider context,... we wont know
> unless such things are discussed and debated.
> Simply poh pohing it out of hand without wider discussion
> throughout the user base is foolish at best.

please learn to use the archives before saying whether or not something
has been/needs to be discussed.

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org

Usefull info for a bug report regarding carp/pfsync?

[Simon Kammerer]

Hi!

after several years without any problems, we upgraded the hardware of 
our carp/pfsync gateway about four week ago. Two weeks ago, the gateway 
crashed completely: Both nodes were unreachable on all network 
interfaces, we had to reset both machines. Same problem last night. I 
can't find anything strange in  the logs.

Its 4.2 from the official CD set, AMD64.

Any hints what to add to a usefull bug report in addition to dmesg output?

Thanks
Simon

Re: configuring the GENERIC kernel (was Re: Issue compiling a program on OpenBSD)

[Jacob Meuser]

On Mon, Mar 31, 2008 at 09:39:33AM +0200, Ross Cameron wrote:
> On Sat, Mar 29, 2008 at 9:21 PM, Jacob Meuser <[EMAIL PROTECTED]> wrote:
> >
> > On Sat, Mar 29, 2008 at 12:58:40PM -0400, Douglas A. Tutty wrote:
> >  > On Sat, Mar 29, 2008 at 11:00:01AM +0200, Lars Nood??n wrote:
> >  > > > ... using the GENERIC kernel ...
> >  >
> >  > > 2) One thing that may not be visible enough is that config(8) can be
> >  > > used to modify kernel parameters without needing to recompile.  That
> >  > > gives you a fair amount of customization without deviating from the
> >  > > GENERIC configuration.
> >  > >
> >  > > It is possible to make modifications to the currently running kernel as
> >  > > well as to save these changes in the form of a new kernel binary so 
> > that
> >  > > the changes stay even after system restarts.
> >  >
> >  > One thing I'm not clear on: if the only issue is kernel size based on
> >  > having an old box with low memory, where every MB counts, does
> >  > deactivating unnecessary drivers with config actually result in a
> >  > smaller kernel or just a kernel with deactivated drivers?  Shrinking the
> >  > kernel would be the only reason I would have of touching the kernel as
> >  > I'm not into trying out experimental features.  It would be too bad if
> >  > config doesn't do this.
> >
> >  if your machine is low enough on ram that you would even consider
> >  recompiling a kernel, just to save ram, it's time to retire
> >  the machine.
> 
> I'd disagree VERY strongly there,... there are LOTS of low spec (yet
> industrial tolerance) hardware appliances out there (and I spend
> almost my entire live working on this kind of hardware.

great.  you know what you're doing (presumably).  this discussion is
not about such hardware, nor about such situations.

the thing is, if you do such things, you _BETTER_ know what you're
doing, because you are "on your own".  do not expect help from
here.  and definitely _DO NOT_ try to hide that you have made such
modifications when you post bug reports.

> The malleability and source availability of the free UNIX-like
> systems is what allows one to use these platforms in the first place.
> Imagine trying to get Microsoft or Sun to produce an OS for you that
> runs on a 486dx100?

there are "distros" based on OpenBSD specifically for such purposes.
discussions about tweaking your kernel for such situations are
probably much more acceptable there.

I think people don't comprehend how small the OpenBSD developer community
is compared to, oh, let's say linux.

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: configuring the GENERIC kernel (was Re: Issue compiling a program on OpenBSD)

[Artur Grabowski]

"Ross Cameron" <[EMAIL PROTECTED]> writes:

> On Sun, Mar 30, 2008 at 9:26 PM, Jacob Meuser <[EMAIL PROTECTED]> wrote:
> >  you say, "config makes me boot faster."  so then people go and config
> >  their kernel, and then we get problem reports about broken kernels.
> >
> >  that's fine if you want to go break your machines.  don't try telling
> >  others to do the same.
> 
> I disagree,... this form of knowledge sharing amongst more advanced
> users of any OS should be encouraged.

Yes, and the knowledge among the more advanced users is "don't do it". So
that's what's being shared.

> Perhaps there is merit in it in a wider context,... we wont know
> unless such things are discussed and debated.
> Simply poh pohing it out of hand without wider discussion
> throughout the user base is foolish at best.

Oh, really. And you think that we haven't discussed this for the past
10 years? all over the mailing lists. 

//art

Re: configuring the GENERIC kernel (was Re: Issue compiling a program on OpenBSD)

[bofh]

On Mon, Mar 31, 2008 at 3:47 AM, Ross Cameron <[EMAIL PROTECTED]>
wrote:

> On Sun, Mar 30, 2008 at 9:26 PM, Jacob Meuser <[EMAIL PROTECTED]>
> wrote:
> >  you say, "config makes me boot faster."  so then people go and config
> >  their kernel, and then we get problem reports about broken kernels.
> >
> >  that's fine if you want to go break your machines.  don't try telling
> >  others to do the same.
>
> I disagree,... this form of knowledge sharing amongst more advanced
> users of any OS should be encouraged.


Unfortunately, a lot of !advanced users will also experiment, and then come
back with "it's broken, fix it".   For advanced users who like to tinker,
OpenBSD's support model is /usr/src/.  Unfortunately, too many people who
think they can mangle config means that they are "advanced (l)users".

Perhaps there is merit in it in a wider context,... we wont know
> unless such things are discussed and debated.
>Simply poh pohing it out of hand without wider discussion
> throughout the user base is foolish at best.


In my experience, it's simply a matter of experience and resources, and the
OpenBSD project as a whole is very unhappy with supporting users who insist
on playing with "ooo, shiny, I need another 1% of performance", or "I can
get my kernel down to 3,467,296 bytes with stupid kernel tricks!"

It all boils down to the old "doctor, doctor, it hurts when I do that"
joke.  OpenBSD is just being proactive in telling the users 'don't do that'.

On the other hand, people like you do have legitimate needs, and it's up to
the developers to see if they can support you.



-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
"This officer's men seem to follow him merely out of idle curiosity." --
Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks factory
where smoking on the job is permitted." -- Gene Spafford
learn french: http://www.youtube.com/watch?v=j1G-3laJJP0&feature=related

Possible daytime saving bug?

[Sunnz]

Hello,

Running 4.2 here, and it seems like OpenBSD is one week early can it
comes to turning off daylight saving time, it is already one hour slow
and this should only happen next week.

I looked at the errate for 4.2 but no such fix. There was one for the
U.S. in 4.0. But here this is Australia/Canberra.

So is this a bug or is there someone fixing this now? Or how can I fix
this myself?

Thanks.

-- 
This e-mail may be confidential. It may also be legally privileged.
You may not copy, forward, distribute, disclose, or, use any part of
it. If you haveb(received this message in error, please delete it and
all copies from your systemb(and notify the sender immediately by
return e-mail. Internet communicationsb(cannot be guaranteed to be
timely, secure, error, or, virus-free. The sender do not accept
liability for any errors, or, omissions. Nevertheless, this text has
no effective legal binding on your part. There is no obligation to
abide any or all parts of this, just as any texts appended to e-mail
on rest of the Internet.

Re: problem with ipsec

[Sebastian Reitenbach]

"Sebastian Reitenbach" <[EMAIL PROTECTED]> wrote: 
> Hi,
> 
> in /etc/ipsec.conf I have the following configured:
> 
> ike active esp from 192.168.14.12/24 to 172.22.34.0/16 \
>local $our_gw peer $remote1_gw \
>main auth hmac-sha2-256 enc 3des group grp2 \
>quick auth hmac-sha2-256 enc aes group modp1024 \
>psk "AKey"
> 
> 
> ike active esp from { 192.168.10.0/23 } to { 111.173.28.0/20, 
> 10.128.22.0/23 } \
> local $our_gw peer $remote2_gw \
> main auth hmac-md5 enc 3des group grp2 \
> quick auth hmac-md5 enc aes group none \
> psk "Anotherkey"
> 
> 
> when I start 
> isakmpd -K -c /etc/isakmpd/isakmpd.conf
> then the first tunnel is established, but for the second, I see the 
> following in the logs:
> 
> 180727.337795 SA   60 sa_create: sa 0x89e9e600 phase 1 added to exchange 
> 0x89e9e100 (Default-phase-1)
> 180727.337805 Mesg 50 message_parse_payloads: offset 40 payload PROPOSAL
> 180727.337814 Mesg 50 message_parse_payloads: offset 48 payload TRANSFORM
> 180727.337823 Mesg 50 Transform 1's attributes
> 180727.337833 Mesg 50 Attribute ENCRYPTION_ALGORITHM value 5
> 180727.337842 Mesg 50 Attribute HASH_ALGORITHM value 1
> 180727.337850 Mesg 50 Attribute AUTHENTICATION_METHOD value 1
> 180727.337858 Mesg 50 Attribute GROUP_DESCRIPTION value 2
> 180727.337867 Mesg 50 Attribute LIFE_TYPE value 1
> 180727.337876 Mesg 50 Attribute LIFE_DURATION value 28800
> 180727.337915 Mesg 60 message_validate_payloads: payload PROPOSAL at 
> 0x82e87ca8 of message 0x82e87700
> 180727.337927 Mesg 70 NO: 1
> 180727.337936 Mesg 70 PROTO: ISAKMP
> 180727.337947 Mesg 70 SPI_SZ: 0
> 180727.337958 Mesg 70 NTRANSFORMS: 1
> 180727.337967 Mesg 70 SPI:
> 180727.337977 Mesg 60 message_validate_payloads: payload TRANSFORM at 
> 0x82e87cb0 of message 0x82e87700
> 180727.337987 Mesg 70 NO: 1
> 180727.337997 Mesg 70 ID: 1
> 180727.338005 Mesg 70 SA_ATTRS:
> 180727.338017 Mesg 60 message_validate_payloads: payload VENDOR at 
> 0x82e87cd4 of message 0x82e87700
> 180727.338026 Mesg 70 ID:
> 180727.338036 Exch 50 nat_t_check_vendor_payload: bad size 40 != 16
> 180727.338046 Exch 50 nat_t_check_vendor_payload: bad size 40 != 16
> 180727.338055 Exch 50 nat_t_check_vendor_payload: bad size 40 != 16
> 180727.338064 Mesg 40 message_validate_vendor: vendor ID seen
> 180727.338075 Misc 30 ipsec_responder: phase 1 exchange 2 step 0
> 180727.338087 Cryp 60 hash_get: requested algorithm 0
> 180727.338155 Negt 30 message_negotiate_sa: transform 1 proto 1 proposal 1 
> ok
> 180727.338179 Negt 70 attribute_unacceptable: HASH_ALGORITHM: got MD5, 
> expected SHA
> 180727.338190 Negt 20 ike_phase_1_validate_prop: failure
> 180727.338201 Negt 30 message_negotiate_sa: proposal 1 failed
> 180727.338210 Default message_negotiate_sa: no compatible proposal found
> 
> 
> When I switch the statements in /etc/ipsec.conf then both tunnels get 
> established and are working fine. Is there any explanation for this 
> behaviour? I have OpenBSD 4.1 running.

Now it gets even worse, sometimes after some minuts, somtimes it takes some 
days, a default route through the tunnel for one of our local networks 
behind our VPN endpoint:
netstat -rn -f encap:
...
default0 192.168.10/23 0 0 
$remote2_gw/esp/use/in
192.168.10/23  0 default   0 0 
$remote2_gw/esp/require/out
...


We had the tunnel configured for one network on the remote side, running for 
months. Then we added the 10.128.22.0/23 to the remote networks. Since then, 
from time to time, the default route shows up. The device on the other side 
is a cisco.

Any idea how I delete the default route? How do I have to specify the SA, to 
be able to remove it? Right now I restart the isakmpd, and have to reload 
the configuration when I want to remove the wrong default route?

kind regards
Sebastian

Re: Possible daytime saving bug?

[Rod Whitworth]

On Mon, 31 Mar 2008 19:00:29 +1000, Sunnz wrote:

>Hello,
>
>Running 4.2 here, and it seems like OpenBSD is one week early can it
>comes to turning off daylight saving time, it is already one hour slow
>and this should only happen next week.

And you just found out that it was changing? It was in the news last
year.

>
>I looked at the errate for 4.2 but no such fix. There was one for the
>U.S. in 4.0. But here this is Australia/Canberra.

So do what I did last year  and find the zonefiles and replace the out
of date ones.
They don't depend on specific OS versions to work.

Grab a recent snapshot and extract the right bits and put them in the
right place.

Easy!

>
>So is this a bug or is there someone fixing this now? Or how can I fix
>this myself?
>
It's not made by OpenBSD devs. Last year I found the source and
downloaded the Aussie stuff. You get a cushy ride because current snaps
have what you need.

>Thanks.
>
>-- 
>This e-mail may be confidential. It may also be legally privileged.

BULLSHIT - You put it out here in a public place and you cannot retract
it and we did not agree to your crappy meaningless bumpf.

>You may not copy, forward, distribute, disclose, or, use any part of
>it. If you haveb(received this message in error, please delete it and
>all copies from your systemb(and notify the sender immediately by
>return e-mail. Internet communicationsb(cannot be guaranteed to be
>timely, secure, error, or, virus-free. The sender do not accept
>liability for any errors, or, omissions. Nevertheless, this text has
>no effective legal binding on your part. There is no obligation to
>abide any or all parts of this, just as any texts appended to e-mail
>on rest of the Internet.
>
 The receiver says "GOOFYS"
See:http://www.goldmark.org/jeff/stupid-disclaimers/
and the text you copied is full of grammatical and spelling errors of
the kind usually found in Nigerian scam emails.

Oh,  and don't reply to the sender address. The reply-to: means what it
says and frankly a reply to the list will suffice and isn't really
needed either.
R/
--
"People who don't want their beliefs laughed at shouldn't have such 
funny beliefs."
---  Al Terego.

Re: Possible daytime saving bug?

[Sunnz]

Right, this is fix up on my machine by editing the
/usr/src/share/zoneinfo/datfiles/australasia file...

I am not sure if I had a diff or not... I had `ci -l` the original
file then `ci` again once it is done. It is only 3 lines of change
anyway...

Re: Possible daytime saving bug?

[Rod Whitworth]

On Mon, 31 Mar 2008 20:30:56 +1000, Sunnz wrote:

>Right, this is fix up on my machine by editing the
>/usr/src/share/zoneinfo/datfiles/australasia file...
>
>I am not sure if I had a diff or not... I had `ci -l` the original
>file then `ci` again once it is done. It is only 3 lines of change
>anyway...
>

Sigh. just get all of the contents of
/usr/share/zoneinfo/Australia/ from a recent snapshot and put it in the
same spot on your tree.

2EZ.

Rod/
/earth: write failed, file system is full
cp: /earth/creatures: No space left on device

Third Global Congress of Women in Politics and Governance

[Global Congress of Women in Politics and Governance]

Dear Colleagues and Friends,

Greetings from the Center for Asia Pacific Women in Politics (CAPWIP) and the 
United Nations International Strategy for Disaster Risk Reduction (UN-ISDR)!
 
We are pleased to invite you to the Third Global Congress of Women in Politics 
and Governance which will be held on October 19-22, 2008 at the Dusit Hotel, 
Makati City, Metro Manila, Philippines.  The theme of the congress is Gender 
and Climate Change.

Women and environment experts have raised concern over the absence of women in 
the discourse and debate on climate change, a global mainstream issue that is 
currently impacting the entire world. The involvement of women in areas of 
environmental management and governance should not be perceived as an 
afterthought. Women's roles are of considerable importance in the promotion of 
environmental ethics.
The current imperative is for women to understand the phenomenon of climate 
change and its impacts and implications at the individual, household, community 
and national levels. Studies show that women have a definite information 
deficit on climate politics and climate protection. Only with this information 
can women take their proper, significant and strategic role in the issue of 
climate change.
Invited to this congress are women parliamentarians, women in decision - making 
and governance, environment organizations, youth Leaders and Media Practitioners
The Congress will have the following objectives:
Overall Purpose: To provide a forum for women legislators, and women in 
decision making and environment organizations at all levels, in formulating 
gender-responsive legislation and policies.


Specific Objectives: 
a) To understand the phenomenon of climate change, its impacts and implications;
b). to review and examine the gender aspects of climate change and formulate 
appropriate actions to address such;
c). to define the roles women can play in addressing the issues of climate 
change at the global, national and sub-national levels; and 
d). to identify and define the action agenda for parliamentarians, policy 
advocates and women leaders to support global and national actions to adapt to 
and mitigate the impacts of climate change.
Congress Proceedings:
The discussion on gender and climate change will be organized around 
identifying the challenges to action as well as defining the appropriate 
responses to effectively address the impacts of climate change. Inputs to the 
discussion will be collected and organized around: 1) geographic location and 
2) types of actions: i.e. preparedness, risk reduction: building community 
resilience; adaptation; and mitigation. Cross cutting these discussions will be 
the identification of technologies in aid of responding to climate change. 
The focus of the discussions will revolve around defining and elaborating 
actions (i.e. preparedness, disaster risk reduction, adaptation, and 
mitigation) to cope with climate change and its impacts.
Preparedness and disaster risk reduction is about building individual and 
community capacities to position themselves and their communities so that the 
likelihood of climate change-induced disasters is reduced; the intensity or 
adverse impacts of disasters are cushioned and that inhabitants are able to 
respond promptly, expeditiously and effectively. Adaptation entails actions 
that moderate harm, or exploit benefits, of climate change.  Mitigation entails 
actions that minimizes or cushions the adverse impacts of climate change. 
In all of these actions, special attention will be given to defining how women 
and gender could be mainstreamed. In other words, the Congress should define 
how women can be given the social space to participate, influence, and benefit 
from global and local responses to climate change. 
The registration fee for the four day congress is one hundred eight thousand 
Philippine Pesos (P108, 000). per person for single room accommodations and 
Eighty eight thousand Philippine Pesos (P88, 000). per person for twin room 
sharing accommodations (two persons in one room). We are sending you the 
detailed information sheet (which contains the registration form) as an 
attachment to this email. 

The training will be held on Oct 19-22, 2008. However, the participants will be 
requested to be in Manila the day before, October 18, 2008 and leave Manila 
only on October 23, 2008. The overnight hotel accommodation on October 18, 2008 
is already included in the fee. Participants will be billeted in the Dusit 
Hotel, the venue of the congress and hotels near the Dusit Hotel, accessible 
within walking distance. Room accommodations in the Dusit Hotel, the venue of 
the Congress will be on a first come - first served basis.

You can also download the full information sheet and registration form for this 
Third Global Congress of Women in Politics and Governance from our website, 


Importance of the Congress

Today, on the average, one person out 

Re: Possible daytime saving bug?

[Edwards, David (JTS)]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> On Behalf Of Sunnz
> Sent: Monday, 31 March 2008 7:30 PM
> To: OpenBSD Misc
> Subject: Possible daytime saving bug?
>
> Hello,
>
> Running 4.2 here, and it seems like OpenBSD is one week early can it
> comes to turning off daylight saving time, it is already one hour slow
> and this should only happen next week.
>
> I looked at the errate for 4.2 but no such fix. There was one for the
> U.S. in 4.0. But here this is Australia/Canberra.
>
> So is this a bug or is there someone fixing this now? Or how can I fix
> this myself?

Not a bug, unless it's a political one..


You need to update your timezone info.

I used the instructions from here with some munging:
http://www.twinsun.com/tz/tz-link.htm

Try this:
cd /tmp
mkdir tz
cd tz
wget 'ftp://elsie.nci.nih.gov/pub/tz*.tar.gz'
gzip -dc tzcode*.tar.gz | tar -xf -
gzip -dc tzdata*.tar.gz | tar -xf -
make

** Don't do a "make install"..

Copy the file "/tmp/tz/local/zoneinfo/Australia/Adelaide" to the
directory "/usr/share/zoneinfo/Australia"

Assuming "/etc/localtime" is linked correctly to
"/usr/share/zoneinfo/Australia/Adelaide", this should fix it
immediately.

ciao
dave

Re: Possible daytime saving bug?

[Rod Whitworth]

On Mon, 31 Mar 2008 20:32:28 +1030, Edwards, David  (JTS) wrote:

>> -Original Message-
>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>> On Behalf Of Sunnz
>> Sent: Monday, 31 March 2008 7:30 PM
>> To: OpenBSD Misc
>> Subject: Possible daytime saving bug?
>>
>> Hello,
>>
>> Running 4.2 here, and it seems like OpenBSD is one week early can it
>> comes to turning off daylight saving time, it is already one hour slow
>> and this should only happen next week.
>>
>> I looked at the errate for 4.2 but no such fix. There was one for the
>> U.S. in 4.0. But here this is Australia/Canberra.
>>
>> So is this a bug or is there someone fixing this now? Or how can I fix
>> this myself?
>
>Not a bug, unless it's a political one..
>
>
>You need to update your timezone info.
>
>I used the instructions from here with some munging:
>http://www.twinsun.com/tz/tz-link.htm
>
>Try this:
>cd /tmp
>mkdir tz
>cd tz
>wget 'ftp://elsie.nci.nih.gov/pub/tz*.tar.gz'
>gzip -dc tzcode*.tar.gz | tar -xf -
>gzip -dc tzdata*.tar.gz | tar -xf -
>make
>
>** Don't do a "make install"..
>
>Copy the file "/tmp/tz/local/zoneinfo/Australia/Adelaide" to the
>directory "/usr/share/zoneinfo/Australia"
>
>Assuming "/etc/localtime" is linked correctly to
>"/usr/share/zoneinfo/Australia/Adelaide", this should fix it
>immediately.

Not if he wants Canberra

>
>ciao
>dave
>


Rod/
/earth: write failed, file system is full
cp: /earth/creatures: No space left on device

Re: Possible daytime saving bug?

[Sunnz]

2008/3/31, Edwards, David  (JTS) <[EMAIL PROTECTED]>:
> > -Original Message-
>  > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>  > On Behalf Of Sunnz
>  > Sent: Monday, 31 March 2008 7:30 PM
>  > To: OpenBSD Misc
>  > Subject: Possible daytime saving bug?
>  >
>  > Hello,
>  >
>  > Running 4.2 here, and it seems like OpenBSD is one week early can it
>  > comes to turning off daylight saving time, it is already one hour slow
>  > and this should only happen next week.
>  >
>  > I looked at the errate for 4.2 but no such fix. There was one for the
>  > U.S. in 4.0. But here this is Australia/Canberra.
>  >
>  > So is this a bug or is there someone fixing this now? Or how can I fix
>  > this myself?
>
>
> Not a bug, unless it's a political one..
>
>
>  You need to update your timezone info.
>
>  I used the instructions from here with some munging:
>  http://www.twinsun.com/tz/tz-link.htm
>

Thank you very much Dave, this is very helpful. I thought that the
zoneinfo is part of the base system, and should be updated accordingly
with an errata? I thought that because I saw an errata in 4.0 for US
DST.

Re: Usefull info for a bug report regarding carp/pfsync?

[Johan Fredin]

On 08-03-31 10.44, Simon Kammerer wrote:

Hi!

after several years without any problems, we upgraded the hardware of 
our carp/pfsync gateway about four week ago. Two weeks ago, the gateway 
crashed completely: Both nodes were unreachable on all network 
interfaces, we had to reset both machines. Same problem last night. I 
can't find anything strange in  the logs.

Its 4.2 from the official CD set, AMD64.


Did you update your system with patch 004 from 
http://www.openbsd.org/errata42.html?


I believe that bug has been known to lock up machines like yours did.

/Johan

stp on carp interface

[Arjen Van Drie]

Hi,


I currently have a carp on vlan on trunk on 2 physical interfaces
config, working well. I want to start using STP for switch redundancy
and am wondering if STP works with carp.


I would then throw away the trunk, configure it as a bridge, enable stp
on the bridge, then define the vlan(s) and last (but definitely not
least) set carp on each vlan.


Someone already did this? Or combine at least carp and stp ? Anything
worth mentioning?


Thanks,

Arjen.

Re: 4.2 still has X tree dependency?

[Stuart Henderson]

On 2008-03-31, Mikel Lindsaar <[EMAIL PROTECTED]> wrote:
> I am running 4.1 on several servers, one thing I found was the
> surprise on needing the X package to install some of the non x-windows
> ports due to dependencies within that tree.  I think it was for the
> graphics libraries, either way, I installed the x packages and all is
> well.

GD. This still needs X in 4.3 for libfontconfig and libfreetype.

> But I remember reading in a FAQ or release notes somewhere that this
> was a mistake and would be fixed in the next version of OpenBSD (ie,
> remove the dependency on the x-windows system for these libraries).

In 4.1 libexpat was in ports. In 4.2 it moved to xbase; in 4.3 it will
be in base. This affects some ports but not GD.

Re: Possible daytime saving bug?

[Damon McMahon]

Greetings,

On 31/03/2008, at 8:46 PM, Rod Whitworth wrote:

On Mon, 31 Mar 2008 19:00:29 +1000, Sunnz wrote:


Hello,

Running 4.2 here, and it seems like OpenBSD is one week early can it
comes to turning off daylight saving time, it is already one hour  
slow

and this should only happen next week.


And you just found out that it was changing? It was in the news last
year.



I looked at the errate for 4.2 but no such fix. There was one for the
U.S. in 4.0. But here this is Australia/Canberra.


So do what I did last year  and find the zonefiles and replace the out
of date ones.
They don't depend on specific OS versions to work.

Grab a recent snapshot and extract the right bits and put them in the
right place.

Easy!



So is this a bug or is there someone fixing this now? Or how can I  
fix

this myself?


It's not made by OpenBSD devs. Last year I found the source and
downloaded the Aussie stuff. You get a cushy ride because current  
snaps

have what you need.


...or if you're like a lot of OpenBSD users and would prefer to  
understand what's going on, replace your src/share/zoneinfo/datfiles/ 
australasia with that in CVS and then use the instructions in patches/ 
4.0/common/009_timezone.patch to build and install the time zone.


Furthermore, the notes at the end of src/share/zoneinfo/datfiles/ 
australasia provide a rather entertaining discussion about  
Australia's absurd time zones ;-)


Best wishes,
Damon

problem regarding squid

[Anil Saini]

hello sir

m using squid on openBSD 4.2
>
> my cache.log shows
>
> dnssubmit: queue overloaded, rejecting x.com
> dnssubmit: queue overloaded, rejecting x.com
> dnssubmit: queue overloaded, rejecting x.com
> dnssubmit: queue overloaded, rejecting x.com
> dnssubmit: queue overloaded, rejecting x.com
>
> how i solve this problem
>
>
> --
> Anil Saini
> M.E. - Software Systems
> B.E. - Electronics and Communication
>
> Project Assistant
> CISCO LAB
> Information Processing Center Unit
> BITS-PILANI <[EMAIL PROTECTED]>

Re: Dangers to upgrading without install kernel

[Darrin Chandler]

On Mon, Mar 31, 2008 at 11:13:34AM +0800, Uwe Dippel wrote:
> On Thu, 27 Mar 2008 21:00:54 -0400, Juan Miscaro wrote:
> 
> > The online upgrade documentation [1] is fairly vehement about its
> > recommendation regarding the use of the install kernel when upgrading. 
> > I was wondering why?  What dangers await someone going down the remote
> > upgrade path?
> > 
> > /juan
> > 
> > [1] http://www.openbsd.org/faq/upgrade42.html#upgrade
> 
> Depending on your setup and hardware, a remote upgrade is pretty decently
> easy. Here I have the privilege of serial console, and then the remote
> upgrade is identical to the local one; except of rebooting to bsd.rd
> instead of the CDROM.

And then there's yaifo (in ports), which gives you bsd.rd+sshd. You must
get the config correct so it knows the interfaces, but it will be a good
choice for some people. Especially if you'd like to repartition, etc.,
remotely.

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
[EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

Openbgpd in -current does not announce prefix

[Christian]

Hi Claudio & Co.,

I am running 4.3-current. I am using a very basic bgpd config 
file that worked for 4.2 very well. Unfortunatelly, with 
-current my router does not want to announce our prefix anymore.


Any ideas?

Thanks,
- Christian

Details: (my as: 303, transit: 304)

I am able to receive prefixes from my transit provider.
bgpctl shows the following (77.X.Y.0/21 being our prefix):

# bgpctl show rib 77.X.Y.0
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete

flags destination gateway  lpref   med aspath origin
  77.X.Y.0/21   A.B.C.D 105 0 304 [SOMEAS] 303 i
I*77.X.Y.0/21   77.X.Y.2   100 0 i
AI77.X.Y.0/21   0.0.0.0100 0 i

So there are two funny things:

- I get my own prefix (announced by our other router, 77.X.Y.2) 
via the transit provider.

- The line with my announced prefix ("AI") is missing the "*".

2# bgpctl network show
flags: S = Static
flags destination
* 77.X.Y.0/21

/etc/bgpd.conf:

AS 303

router-id 77.X.Z.3

network 77.X.Y.0/21

group "Peering XXX" {

remote-as 304

neighbor A.B.C.D {
tcp md5sig password "xxx"
announce self
set localpref 105
}
}

group IBPG {

group IBPG {

remote-as 303

neighbor 77.X.Y.2 {
tcp md5sig password "x"
}

[...some other internal IBGP sessions...]
}

deny from any

allow quick from group IBPG
allow from any inet prefixlen 8 - 24
allow from any prefix 0.0.0.0/0

# filter bogus networks
deny from any prefix 10.0.0.0/8 prefixlen >= 8
deny from any prefix 172.16.0.0/12 prefixlen >= 12
deny from any prefix 192.168.0.0/16 prefixlen >= 16
deny from any prefix 169.254.0.0/16 prefixlen >= 16
deny from any prefix 192.0.2.0/24 prefixlen >= 24
deny from any prefix 224.0.0.0/4 prefixlen >= 4
deny from any prefix 240.0.0.0/4 prefixlen >= 4

Re: configuring the GENERIC kernel (was Re: Issue compiling a program on OpenBSD)

[Douglas A. Tutty]

On Sun, Mar 30, 2008 at 02:58:38PM -0400, scott wrote:
> I believe it was mentioned aways back in the message stream, but perhaps
> it's worth reconsidering at this juncture...
> 
> Keep the low emi/rfi 386 machine user-proximity but convert it to an X
> server with the more capable X client (app server) machine farther away.

Sure that suggestion was made.  Currently, the X server is my Athlon64
and is 60 feet away from my wife and its still too close.  I have been
given a dual P-133 Tyan board which will become the
application/file/whatever server and we'll see how close to it my wife
can be once I get it set up in a good steel case (I'm looking at
addtronics steel cases since this board is Baby-AT).  I'll save the
Athlon box for things that only it can do conveniently (editing or
retouching picture, watching DVDs, graphical web-browsing).

Note that none of my old boxes are low enough in RAM to need a custom
kernel.  The Tyan board will take a max of 512 MB (8 x 64 MB EDO ECC
SIMMS) once I get them.  My IBM 486 takes 4 x 32 MB once I get them.
The biggest issue is boot drives: I may be using CF cards for boot and
then adding a scsi card to the Tyan and use SCSI drives for the data
archive.

Doug.

Openbgpd in -current does not announce prefix

[Christian]

Hi Claudio & co.,

I am running 4.3-current. I am using a very basic bgpd config 
file that worked for 4.2 very well. Unfortunatelly, with 
-current my router does not want to announce our prefix anymore.


Any ideas?

Thanks,
- Christian

Details: (my as: 303, transit: 304)

I am able to receive prefixes from my transit provider.
bgpctl shows the following (77.X.Y.0/21 being our prefix):

# bgpctl show rib 77.X.Y.0
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete

flags destination gateway  lpref   med aspath origin
  77.X.Y.0/21   A.B.C.D 105 0 304 [SOMEAS] 303 i
I*77.X.Y.0/21   77.X.Y.2   100 0 i
AI77.X.Y.0/21   0.0.0.0100 0 i

So there are two funny things:

- I get my own prefix (announced by our other router, 77.X.Y.2) 
via the transit provider.

- The line with my announced prefix ("AI") is missing the "*".

2# bgpctl network show
flags: S = Static
flags destination
* 77.X.Y.0/21

/etc/bgpd.conf:

AS 303

router-id 77.X.Z.3

network 77.X.Y.0/21

group "Peering XXX" {

remote-as 304

neighbor A.B.C.D {
tcp md5sig password "xxx"
announce self
set localpref 105
}
}

group IBPG {

group IBPG {

remote-as 303

neighbor 77.X.Y.2 {
tcp md5sig password "x"
}

[...some other internal IBGP sessions...]
}

deny from any

allow quick from group IBPG
allow from any inet prefixlen 8 - 24
allow from any prefix 0.0.0.0/0

# filter bogus networks
deny from any prefix 10.0.0.0/8 prefixlen >= 8
deny from any prefix 172.16.0.0/12 prefixlen >= 12
deny from any prefix 192.168.0.0/16 prefixlen >= 16
deny from any prefix 169.254.0.0/16 prefixlen >= 16
deny from any prefix 192.0.2.0/24 prefixlen >= 24
deny from any prefix 224.0.0.0/4 prefixlen >= 4
deny from any prefix 240.0.0.0/4 prefixlen >= 4

First Technology Meeting at Isla Cristina city

[Igor Sobrado]

The first Technology Meeting at Isla Cristina city will take place
on April 3rd and 4th, 2008 at Isla Cristina, near Huelva, Spain.
This two days event will be a good oportunity to talk to developers
and users of some of the most important free software projects.
There will be three workshops on the first day.

On the BSD land, probably what we are more interested in, the speakers
will be Julio Merino Vidal (NetBSD) and me (OpenBSD).

A more detailed description of this event (in spanish) is available here:

   http://www.iesmirabent.com/jornadas/index2.html

(index.html is a good framework for testing flash on OpenBSD...)

I am working on a set of slides in english.  I will be glad to speak
in english if someone requires it.

There are no access restrictions to this event, but it is advisable
for assistants to register before the event starts.

Igor

Cd boot issue, boot.conf

[B A]

Hello!



Do you know why bootloader ignores option 

"set device cd0a"

on etc/boot.conf while booting from cd?

It's always asking me about root device.



I'm trying to build livecd from snapshot and I'usinf GENERIC kernel,

all works fine, except what I must specify boot device each time.



Thanks in advance.



My /etc/boot.conf on cd:



set image /bsd

set device cd0a

set timeout 5





Opions to build iso:



-no-iso-translate -R -T -allow-leading-dots -l -d -D -N  -b cdbr 
-boot-load-size 4 -c  boot.catalog -no-emul-boot -o /tmp/livecd.iso ./

Re: problem regarding squid

[Calomel]

Anil,

This is from the squid FAQ:

12.40 dnsSubmit: queue overload, rejecting blah

This means that you are using external dnsserver processes for lookups, and
all processes are busy, and Squid's pending queue is full. Each dnsserver
program can only handle one request at a time. When all dnsserver processes
are busy, Squid queues up requests, but only to a certain point.

To alleviate this condition, you need to either (1) increase the number of
dnsserver processes by changing the value for dns_children in your config
file, or (2) switch to using Squid's internal DNS client code.

Note that in some versions, Squid limits dns_children to 32. To increase it
beyond that value, you would have to edit the source code.


Hope this helps.

  Squid config "how to" (squid.conf)
  http://calomel.org/squid.html

--
  Calomel @ http://calomel.org
  Open Source Research and Reference


On Mon, Mar 31, 2008 at 05:04:10PM +0530, Anil Saini wrote:
>hello sir
>
>m using squid on openBSD 4.2
>>
>> my cache.log shows
>>
>> dnssubmit: queue overloaded, rejecting x.com
>> dnssubmit: queue overloaded, rejecting x.com
>> dnssubmit: queue overloaded, rejecting x.com
>> dnssubmit: queue overloaded, rejecting x.com
>> dnssubmit: queue overloaded, rejecting x.com
>>
>> how i solve this problem
>>
>>
>> --
>> Anil Saini
>> M.E. - Software Systems
>> B.E. - Electronics and Communication
>>
>> Project Assistant
>> CISCO LAB
>> Information Processing Center Unit
>> BITS-PILANI <[EMAIL PROTECTED]>

Re: Cd boot issue, boot.conf

[mickey]

On Mon, Mar 31, 2008 at 06:21:30PM +0400, B A wrote:
> Hello!
> 
> Do you know why bootloader ignores option 
> "set device cd0a"
> on etc/boot.conf while booting from cd?
> It's always asking me about root device.

because root on cd is not supported.
there are diffs that were sent about 2-3y ago
but they were not welcome for some reason...

cu
-- 
paranoic mickey   (my employers have changed but, the name has remained)

Cd boot issue, boot.conf

[B A]

Hello!



Do you know why bootloader ignores option

"set device cd0a"

on etc/boot.conf while booting from cd?

It's always asking me about root device.



I'm trying to build livecd from snapshot and I'usinf GENERIC kernel,

all works fine, except what I must specify boot device each time.



Thanks in advance.



My /etc/boot.conf on cd:



set image /bsd

set device cd0a

set timeout 5





Opions to build iso:



-no-iso-translate -R -T -allow-leading-dots -l -d -D -N  -b cdbr 
-boot-load-size 4 -c  boot.catalog -no-emul-boot -o /tmp/livecd.iso ./

Simple OBSD/Samba sharing/restart question

[Ed Flecko]

Hi folks,
I'm running OpenBSD 4.2, I've installed and configured Samba.

I have a shared directory on the OBSD box that I store some backup log
files stored in. I want to be able to read the log files (or any other
files as well) from the shared directory, but I'm not able to do so.

Here's my smb.conf file :

[global]

workgroup = PROXYBOX

server string = Samba Server

security = share

[homes]
   comment = Home Directories
   browseable = no
   writable = yes

[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
   guest ok = no
   writable = no
   printable = yes

[shared]
comment = Shared directory on the proxy server
path = /var/squid/logs/squid_logs
read only = no
browseable = yes
guest ok = yes
public = yes

For testing purposes, I've set the permissions on the squid_logs
directory to: 777

I can map the drive from a Windows box and even create
files/folders...but I can copy files from it to the Windows box or
read files. O.K., I'm stumped; what am I overlooking???

Also, once you've made changes to your smb.conf file, how do you
stop/restart Samba???

Thank you,
Ed

creating FAT32 partitions?

[Fred Snurd]

I apologize for the newbie question, but how is one supposed to add a FAT32 
partition?  The following shows where I have verified the partitioning of a USB 
flash drive containing two partitions through fdisk.  One for OpenBSD (type A6) 
& the rest FAT32.  Yet when entering the disklabel, I am not seeing the FAT32 
partition (typically partition 'i'), and disklabel doesn't allow adding it 
either.  What is the trick for making this visible?

$ sudo fdisk sd0
Disk: sd0   geometry: 124/255/63 [2002944 Sectors]
Offset: 0   Signature: 0xAA55
  Starting EndingLBA Info:
 #: id  C   H  S -  C   H  S [   start:size ]

 0: 06 26   0  1 -123 254 63 [  417690: 1574370 ] DOS > 32MB  
 1: 00  0   0  0 -  0   0  0 [   0:   0 ] unused  
 2: 00  0   0  0 -  0   0  0 [   0:   0 ] unused  
*3: A6  0   0 33 - 25 254 63 [  32:  417658 ] OpenBSD 
$  sudo disklabel -E sd0
# Inside MBR partition 3: type A6 start 32 size 417658
Treating sectors 32-417690 as the OpenBSD portion of the disk.
You can use the 'b' command to change this.

Initial label editor (enter '?' for help at any prompt)
> p
device: /dev/rsd0c
type: SCSI
disk: SCSI disk
label: Flash Voyager  
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 124
total sectors: 2002944
free sectors: 0
rpm: 3600

16 partitions:
#size   offset  fstype [fsize bsize  cpg]
  a:   417658   32  4.2BSD   2048 163841 
  c:  20029440  unused  0 0  
> a i
No space left, you need to shrink a partition
> q
No label changes.
$ 





  

Special deal for Yahoo! users & friends - No Cost. Get a month of Blockbuster 
Total Access now 
http://tc.deals.yahoo.com/tc/blockbuster/text3.com

Re: Simple OBSD/Samba sharing/restart question

[Dan Brosemer]

On Mon, Mar 31, 2008 at 09:00:41AM -0700, Ed Flecko wrote:
> Hi folks,
> [shared]
> comment = Shared directory on the proxy server
> path = /var/squid/logs/squid_logs
> read only = no
> browseable = yes
> guest ok = yes
> public = yes

Try something along these lines:
[common]
   comment = Public Drive
   writable = yes
   locking = yes
   path = /home/shares/common
   public = yes
   create mode = 666
   directory mode = 777

> For testing purposes, I've set the permissions on the squid_logs
> directory to: 777
> 
> I can map the drive from a Windows box and even create
> files/folders...but I can copy files from it to the Windows box or
> read files. O.K., I'm stumped; what am I overlooking???
> 
> Also, once you've made changes to your smb.conf file, how do you
> stop/restart Samba???

You don't need to.  It re-reads it when there are changes.

But should you need to stop and start it, just kill off the [sn]mbd
processes and fire them off manually.

-- 
"Burnished gallows set with red
 Caress the fevered, empty mind
 Of man who hangs bloodied and blind
 To reach for wisdom, not for bread."  -- Deoridhe Grimsdaughter

dhcp with unaddressed interfaces underlying carp

[Jon Radel]

I have a physical interface with no address:

em3: flags=8943 mtu 1500
lladdr 00:04:23:d7:71:4a
description: dmz zone
groups: dmz
media: Ethernet autoselect (1000baseT
full-duplex,master,rxpause,txpause)
status: active
inet6 fe80::204:23ff:fed7:714a%em3 prefixlen 64 scopeid 0x4

being used for a carp interface:

# ifconfig carp1
carp1: flags=8943 mtu 1500
lladdr 00:00:5e:00:01:02
description: dmz zone
carp: MASTER carpdev em3 vhid 2 advbase 1 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:102%carp1 prefixlen 64 scopeid 0xb
inet 216.143.151.1 netmask 0xfff0 broadcast 216.143.151.15
inet 70.184.242.161 netmask 0xfff0 broadcast 70.184.242.175
inet6 2001:4830:167d:5237::1 prefixlen 64
inet6 2001:470:880a:5237::1 prefixlen 64

I'm not using an IPv4 address on em3, as I'm kind of short of public
addresses.  I do, however, have one device (Cisco 7960 phone, should you
care), on that segment that works much better with DHCP, so I want to
run dhcpd.

dhcpd refuses to run on em3, as there is no address:

Mar 31 15:52:52 right dhcpd: Can't listen on em3 - it has no IP address.

however, if one trusts tcpdump used with -i carp1 and -i em3, all those
nice broadcast bootp requests are seen on em3 only, so asking dhcpd to
listen on carp1, to my non-surprise, doesn't appear to do anything
useful.  (dhcpd doesn't log anything and nothing replies out either
carp1 or em3).

None of which is terribly surprising.  However, before I go off and burn
more IP addresses on the physical interfaces, or use a server other than
my firewall for dhcpd, I was going to ask if I was missing a more
elegant solution.

Is there anyway to convince a carp device that it wants to pay attention
to broadcasts?

Obligatory dmesg found below.

Thanks.

--Jon Radel



OpenBSD 4.2-stable (GENERIC) #0: Wed Mar 26 16:54:32 UTC 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
RTC BIOS diagnostic error 80
cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz ("GenuineIntel" 686-class) 2.80 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CNXT-ID,CX16,xTPR
real mem  = 50944 (485MB)
avail mem = 484925440 (462MB)
RTC BIOS diagnostic error 80
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 11/01/06, SMBIOS rev. 2.4 @
0xe4410 (31 entries)
bios0: vendor Intel Corp. version "MQ96510J.86A.1545.2006.1101.2008"
date 11/01/2006
bios0: Intel Corporation DG965SS
apm0 at bios0: Power Management spec V1.2
apm0: battery life expectancy 0%
apm0: AC off, battery charge unknown, estimated 0:00 hours
apm0: flags 30102 dobusy 0 doidle 1
pcibios at bios0 function 0x1a not configured
bios0: ROM list: 0xc/0xb000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82965 MCH" rev 0x02
vga1 at pci0 dev 2 function 0 "Intel 82965 Video" rev 0x02: can't map
mmadr registers
: AGP GART
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"Intel 82965 HECI" rev 0x02 at pci0 dev 3 function 0 not configured
em0 at pci0 dev 25 function 0 "Intel ICH8 IGP C" rev 0x02: irq 9,
address 00:16:76:b5:94:b7
uhci0 at pci0 dev 26 function 0 "Intel 82801H USB" rev 0x02: irq 11
uhci1 at pci0 dev 26 function 1 "Intel 82801H USB" rev 0x02: irq 10
ehci0 at pci0 dev 26 function 7 "Intel 82801H USB" rev 0x02: irq 11
usb0 at ehci0: USB revision 2.0
uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1
ppb0 at pci0 dev 28 function 0 "Intel 82801H PCIE" rev 0x02
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 1 "Intel 82801H PCIE" rev 0x02
pci2 at ppb1 bus 2
pciide0 at pci2 dev 0 function 0 "Marvell 88SE6101 IDE" rev 0xb1: DMA
(unsupported), channel 0 configured to native-PCI, channel 1 configured
to native-PCI
pciide0: using irq 9 for native-PCI interrupt
pciide0: channel 0 ignored (not responding; disabled or no drives?)
pciide0: channel 1 ignored (not responding; disabled or no drives?)
ppb2 at pci0 dev 28 function 2 "Intel 82801H PCIE" rev 0x02
pci3 at ppb2 bus 3
ppb3 at pci0 dev 28 function 3 "Intel 82801H PCIE" rev 0x02
pci4 at ppb3 bus 4
ppb4 at pci0 dev 28 function 4 "Intel 82801H PCIE" rev 0x02
pci5 at ppb4 bus 5
uhci2 at pci0 dev 29 function 0 "Intel 82801H USB" rev 0x02: irq 10
uhci3 at pci0 dev 29 function 1 "Intel 82801H USB" rev 0x02: irq 11
uhci4 at pci0 dev 29 function 2 "Intel 82801H USB" rev 0x02: irq 11
ehci1 at pci0 dev 29 function 7 "Intel 82801H USB" rev 0x02: irq 10
usb1 at ehci1: USB revision 2.0
uhub1 at usb1: Intel EHCI root hub, rev 2.00/1.00, addr 1
ppb5 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xf2
pci6 at ppb5 bus 6
em1 at pci6 dev 0 function 0 "Intel PRO/1000MT (82546GB)" rev 0x03: irq
10, address 00:04:23:d7:72:26
em2 at pci6 dev 0 function 1 "Intel PRO/1000MT (82546GB)" rev 0x03: irq
11, address 00:04:23:

Re: Trouble using :peer modifier correctly

[Girish Venkatachalam]

On 13:49:15 Mar 31, Egbert Krook wrote:
> On Mon, Mar 31, 2008 at 02:29:58AM -0400, Nick Davey wrote:
> > On Mon, Mar 31, 2008 at 12:16 AM, Theo de Raadt <[EMAIL PROTECTED]>
> > >:peer Translates to the point to point interface's peer
> > >
> > > That won't work.  Your fxp is not a point-to-point interface.  It is a
> > > broadcast interface.  It has many peers, not one.
> 
> It doesn't matter. If you look at my ifconfig output you'll see I already
> tried that.

No use trying that.

In the case of PPP alone, there is a concept of point to point link.

There are other less common protocols with similar characteristics but for now 
let us focus on this one.

It is like taking a bus from one point and dozing off. Once you wake up
you wake up at the other point - your destination.

This is not the usual case with buses that stop many times along the way. 

PPP is the former and Ethernet the latter.

You can clearly see that the ":peer" specifier would make sense only on
a point to point link and not otherwise. 

Hope this clarifies matters.

Thanks.

-Girish

Re: Trouble using :peer modifier correctly

[Girish Venkatachalam]

On 02:29:58 Mar 31, Nick Davey wrote:
> Does it matter that the subnet mask is configured as a /30, or is it the
> media type that controls this behavior? Is there any way to use this
> mechanism on an ethernet interfaces?

Ethernet is a broadcast medium.

The :peer specifier works only for point to point links like PPP or
SLIP.

No matter what you do it won't work with Ethernet.

For further details you can read up the OSPF RFC or google for broadcast
networks and point to point network topologies.

-Girish

Re: creating FAT32 partitions?

[Nick Holland]

Fred Snurd wrote:
I apologize for the newbie question, 


the lack of line wraps is mighty annoying, too.

> but how is one supposed to add a FAT32 partition?  The following shows
> where I have verified the partitioning of a USB flash drive containing
> two partitions through fdisk.  One for OpenBSD (type A6) & the rest
> FAT32.  Yet when entering the disklabel, I am not seeing the FAT32
> partition (typically partition 'i'), and disklabel doesn't allow adding
> it either.  What is the trick for making this visible?


$ sudo fdisk sd0
Disk: sd0   geometry: 124/255/63 [2002944 Sectors]
Offset: 0   Signature: 0xAA55
  Starting EndingLBA Info:
 #: id  C   H  S -  C   H  S [   start:size ]

 0: 06 26   0  1 -123 254 63 [  417690: 1574370 ] DOS > 32MB  
 1: 00  0   0  0 -  0   0  0 [   0:   0 ] unused  
 2: 00  0   0  0 -  0   0  0 [   0:   0 ] unused  
*3: A6  0   0 33 - 25 254 63 [  32:  417658 ] OpenBSD 
$  sudo disklabel -E sd0

# Inside MBR partition 3: type A6 start 32 size 417658
Treating sectors 32-417690 as the OpenBSD portion of the disk.
You can use the 'b' command to change this.

Initial label editor (enter '?' for help at any prompt)

p

device: /dev/rsd0c
type: SCSI
disk: SCSI disk
label: Flash Voyager  
bytes/sector: 512

sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 124
total sectors: 2002944
free sectors: 0
rpm: 3600

16 partitions:
#size   offset  fstype [fsize bsize  cpg]
  a:   417658   32  4.2BSD   2048 163841 
  c:  20029440  unused  0 0  

a i

No space left, you need to shrink a partition

q

No label changes.
$ 


I assume you want to be able to access the FAT32 partition from Windows.
I've found that W2k and XP both seem to require that the FAT32 partition
be physically first on the disk.

Zero your drive (dd if=/dev/zero of=/dev/rsdXc count=200.  Replace the X
as appropriate, of course), then start over.
Create a FAT partition first, then an OpenBSD partition, then disklabel.
Since both partitions will be there when disklabel is first invoked, it
will give you what you are after automatically.

IF you want the OpenBSD partition to be bootable, set that in OpenBSD's
fdisk, too.  Windows really gets unhappy when it sees multiple partitions
on removable media, so it won't help you at all.

Once the FAT partition is created in OpenBSD, however, it can (and probably
should be) formatted in Windows.  Windows does that ok, as long as it is the
first partition on the disk.

Nick.

A pair of pf questions...

[Christopher Sean Hilton]

Hi,

My  goal is to use OpenBSD to filter packets between my wireless  
segment and my DMZ. I've protected my wireless with WEP but in the  
long haul I'd like to be able to remove any authentication, WEP or WPA  
from the wireless segment. My first question is this:  This strategy  
seemed to make sense a couple of years ago. Is there a better way to  
go now?


If this is a reasonable way to go I have a question about how to  
filter packets with pf in a bridged environment. I'd like to use a  
bridge because it means the least amount of work for me with regard to  
providing services to the wireless network (dhcp etc). In my  
implementation I'm filtering at the interfaces. My machine has a quad  
tulip card:


   - de0 connects to the internet
   - de1 connects to and has an ip address for my DMZ
   - de2 connects to my wireless access point and has no ip
   - bridge0 consists of interfaces de1 and de2

In my configuration I seem to be leaking packets from the bridge into  
the kernel where they hit a keep state rule that allows their passage.  
e.g. my simplified ruleset reads:


block in all
block out all

pass out on de0 from $my_network to any port 5222 flags S/SA keep  
state


pass in on de1
pass out on de1

pass in on de2 proto tcp \
from $wireless_network \
to any port 993 flags S/SA keep state

When I test this I find that a client on the wireless network can go  
to Google Talk (tcp port 5222) and the rule that allowed passage is:


 pass in on de1

I'm obviously confused about the way packets pass through the bridge.

Any help would be appreciated. Please cc my address. I am subscribed  
to the list and I do read it but it's slightly easier. I will post my  
results to list for future Google searchers.


Thanks
-- Chris

--
Chris Hilton   chris-at-vindaloo-dot-com

   "All I was doing was trying to get home from work!"
-- Rosa Parks

app_add gettext fails on i386 and SPARC64

[Matthew Smith]

Hi Folks

My second day on OpenBSD after many on AIX, Linux, etc.  I am making 
this move on couple of machines as I want to make use of the kernel PPS 
facility so that they can run as time servers.  I am also considering 
OpenBSD as an alternative to Solaris and Linux when I rebuild my office 
server later this year.  (I want the unholy combination of RAID-Z, PPS 
and the ability to run Stallion serial cards which neither Solaris nor 
Linux can deliver.)


I have done a couple of installations, one on an i386 machine, the other 
on a SPARC 64.  Trying to add the gettext package (I was actually trying 
to install vim in the first instance, I get this error:


# pkg_add gettext-0.14.6p0
libiconv-1.9.2p3: complete
Can't install gettext-0.14.6p0: lib not found expat.8.0
Dependencies for gettext-0.14.6p0 resolve to: libiconv-1.9.2p3 (todo: 
libiconv-1.9.2p3)

Full dependency tree is libiconv-1.9.2p3

# pkg_add libiconv-1.9.2p3
,,,runs without error; trying to repeat the gettext install brings back 
the same message.


I have tried this with PKG_PATH set both to a local mirror and to 
ftp.openbsd.org with the same results.


Any ideas?

I've put the dmesg for the Ultrasparc box down at the very bottom of 
this message in case anyone is interested, although I rather doubt that 
it has any bearing on the current problem.


Cheers

M

--
Matthew Smith
Smiffytech - Technology Consulting & Web Application Development
Business: http://www.smiffytech.com/
Personal: http://www.smiffysplace.com/
LinkedIn: http://www.linkedin.com/in/smiffy


console is keyboard/display
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2007 OpenBSD. All rights reserved. 
http://www.OpenBSD.org


OpenBSD 4.2 (GENERIC) #1427: Tue Aug 28 10:46:40 MDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC
real mem = 268435456 (256MB)
avail mem = 247496704 (236MB)
mainbus0 at root: Sun Blade 100 (UltraSPARC-IIe)
cpu0 at mainbus0: SUNW,UltraSPARC-IIe (rev 1.4) @ 502 MHz, version 0 FPU
cpu0: physical 16K instruction (32 b/l), 16K data (32 b/l), 256K 
external (64 b/l)

psycho0 at mainbus0: pci108e,a001, impl 0, version 0, ign 7c0
psycho0: bus range 0-1, PCI bus 0
psycho0: dvma map c000-dfff, iotdb 4c-54
pci0 at psycho0
ebus0 at pci0 dev 12 function 0 "Sun RIO EBus" rev 0x01
"flashprom" at ebus0 addr 0-f not configured
clock1 at ebus0 addr 0-1fff: mk48t59
ebus1 at pci0 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00
"dma" at ebus1 addr 0- ipl 42 not configured
power0 at ebus1 addr 800-82f ipl 32
com0 at ebus1 addr 3f8-3ff ipl 43: ns16550a, 16 byte fifo
com1 at ebus1 addr 2e8-2ef ipl 43: ns16550a, 16 byte fifo
"Acer Labs M7101 Power" rev 0x00 at pci0 dev 3 function 0 not configured
gem0 at pci0 dev 12 function 1 "Sun ERI Ether" rev 0x01: ivec 0x7c6, 
address 00:03:ba:11:a1:15
ukphy0 at gem0 phy 1: Generic IEEE 802.3u media interface, rev. 1: OUI 
0x0010dd, model 0x0002

"Sun FireWire" rev 0x01 at pci0 dev 12 function 2 not configured
ohci0 at pci0 dev 12 function 3 "Sun USB" rev 0x01: ivec 0x7e4, version 
1.0, legacy support

autri0 at pci0 dev 8 function 0 "Acer Labs M5451 Audio" rev 0x01: ivec 0x7e3
ac97: codec id 0x41445348 (Analog Devices AD1881A)
ac97: codec features headphone, Analog Devices Phat Stereo
audio0 at autri0
midi0 at autri0: <4DWAVE MIDI UART>
pciide0 at pci0 dev 13 function 0 "Acer Labs M5229 UDMA IDE" rev 0xc3: 
DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI

pciide0: using ivec 0x7cc for native-PCI interrupt
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 78533MB, 160836480 sectors
atapiscsi0 at pciide0 channel 0 drive 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 
5/cdrom removable

wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
cd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2
wd1 at pciide0 channel 1 drive 0: 
wd1: 16-sector PIO, LBA48, 78533MB, 160836480 sectors
wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
ppb0 at pci0 dev 5 function 0 "DEC 21152 PCI-PCI" rev 0x03
pci1 at ppb0 bus 1
"Stallion Technologies EasyIO" rev 0x01 at pci1 dev 0 function 0 not 
configured

vgafb0 at pci0 dev 19 function 0 "ATI Rage XL" rev 0x27
wsdisplay0 at vgafb0: console (std, sun emulation)
usb0 at ohci0: USB revision 1.0
uhub0 at usb0: Sun OHCI root hub, rev 1.00/1.00, addr 1
"pcons" at mainbus0 not configured
uhidev0 at uhub0 port 2 configuration 1 interface 0
uhidev0: vendor 0x04d9 product 0x1203, rev 2.00/2.60, addr 2, iclass 3/1
ukbd0 at uhidev0: 8 modifier keys, 6 key codes
wskbd0 at ukbd0: console keyboard, using wsdisplay0
uhidev1 at uhub0 port 2 configuration 1 interface 1
uhidev1: vendor 0x04d9 product 0x1203, rev 2.00/2.60, addr 2, iclass 3/0
uhidev1: 2 report ids
uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
uhid1 at uhidev1 reportid 2: input=3, output=0, feature=0
bootpath: /[EMAIL PROTECTED],0/[EMAIL PROTECTED

Re: app_add gettext fails on i386 and SPARC64

[Tobias Ulmer]

On Tue, Apr 01, 2008 at 08:23:06AM +1030, Matthew Smith wrote:
> Hi Folks
>
> My second day on OpenBSD after many on AIX, Linux, etc.  I am making this 
> move on couple of machines as I want to make use of the kernel PPS facility 
> so that they can run as time servers.  I am also considering OpenBSD as an 
> alternative to Solaris and Linux when I rebuild my office server later this 
> year.  (I want the unholy combination of RAID-Z, PPS and the ability to run 
> Stallion serial cards which neither Solaris nor Linux can deliver.)
>
> I have done a couple of installations, one on an i386 machine, the other on 
> a SPARC 64.  Trying to add the gettext package (I was actually trying to 
> install vim in the first instance, I get this error:
>
> # pkg_add gettext-0.14.6p0
> libiconv-1.9.2p3: complete
> Can't install gettext-0.14.6p0: lib not found expat.8.0
> Dependencies for gettext-0.14.6p0 resolve to: libiconv-1.9.2p3 (todo: 
> libiconv-1.9.2p3)
> Full dependency tree is libiconv-1.9.2p3
>
> # pkg_add libiconv-1.9.2p3
> ,,,runs without error; trying to repeat the gettext install brings back the 
> same message.
>
> I have tried this with PKG_PATH set both to a local mirror and to 
> ftp.openbsd.org with the same results.
>
> Any ideas?

Read http://www.openbsd.org/faq/faq15.html#NoFun and look out for expat.

> [...]

Re: app_add gettext fails on i386 and SPARC64

[Paul de Weerd]

On Tue, Apr 01, 2008 at 08:23:06AM +1030, Matthew Smith wrote:
> Hi Folks
>
> My second day on OpenBSD after many on AIX, Linux, etc.  I am making this 
> move on couple of machines as I want to make use of the kernel PPS facility 
> so that they can run as time servers.  I am also considering OpenBSD as an 
> alternative to Solaris and Linux when I rebuild my office server later this 
> year.  (I want the unholy combination of RAID-Z, PPS and the ability to run 
> Stallion serial cards which neither Solaris nor Linux can deliver.)
>
> I have done a couple of installations, one on an i386 machine, the other on 
> a SPARC 64.  Trying to add the gettext package (I was actually trying to 
> install vim in the first instance, I get this error:
>
> # pkg_add gettext-0.14.6p0
> libiconv-1.9.2p3: complete
> Can't install gettext-0.14.6p0: lib not found expat.8.0
> Dependencies for gettext-0.14.6p0 resolve to: libiconv-1.9.2p3 (todo: 
> libiconv-1.9.2p3)
> Full dependency tree is libiconv-1.9.2p3

You'll have to install libexpat. In 4.2 (which I guess is what you're
running), this library is provided by the x-packages. There's a FAQ
entry on this, see http://www.openbsd.org/faq/upgrade42.html#libexpat
for more details.

Paul 'WEiRD' de Weerd

PS: Thanks for including a dmesg, completeness rocks ;)

-- 
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
 http://www.weirdnet.nl/ 

Re: app_add gettext fails on i386 and SPARC64

[Edwards, David (JTS)]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> On Behalf Of Matthew Smith
> Sent: Tuesday, 1 April 2008 8:23 AM
> To: misc@openbsd.org
> Subject: app_add gettext fails on i386 and SPARC64
>
> Hi Folks
>
[snip]
>
> I have done a couple of installations, one on an i386
> machine, the other
> on a SPARC 64.  Trying to add the gettext package (I was
> actually trying
> to install vim in the first instance, I get this error:
>
> # pkg_add gettext-0.14.6p0
> libiconv-1.9.2p3: complete
> Can't install gettext-0.14.6p0: lib not found expat.8.0
> Dependencies for gettext-0.14.6p0 resolve to: libiconv-1.9.2p3 (todo:
> libiconv-1.9.2p3)
> Full dependency tree is libiconv-1.9.2p3

I think you need to install xbase to get the expat libs (or at least
some libs from xbase42.tgz).

I believe this is changing for 4.3 with expat moving to base43.tgz.

ciao
dave

Re: Possible daytime saving bug?

[Edwards, David (JTS)]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> On Behalf Of Rod Whitworth
> Sent: Monday, 31 March 2008 9:54 PM
> To: OpenBSD Misc
> Subject: Re: Possible daytime saving bug?
>
> On Mon, 31 Mar 2008 20:32:28 +1030, Edwards, David  (JTS) wrote:
>
[snip]
> >
> >Copy the file "/tmp/tz/local/zoneinfo/Australia/Adelaide" to the
> >directory "/usr/share/zoneinfo/Australia"
> >
> >Assuming "/etc/localtime" is linked correctly to
> >"/usr/share/zoneinfo/Australia/Adelaide", this should fix it
> >immediately.
>
> Not if he wants Canberra

Errr, whoops.  As you might be able to tell, I'm from Adelaide :-)

Re: app_add gettext fails on i386 and SPARC64

[Matthew Smith]

Quoth Paul de Weerd at 2008-04-01 08:41...


You'll have to install libexpat. In 4.2 (which I guess is what you're
running), this library is provided by the x-packages. There's a FAQ
entry on this, see http://www.openbsd.org/faq/upgrade42.html#libexpat
for more details.


Thanks Paul and to Tobias - that's fixed it.  Now comes the hard bit 
which is finding the cable I need to plug my GPS into the back of the 
machine...


Cheers

M

--
Matthew Smith
Smiffytech - Technology Consulting & Web Application Development
Business: http://www.smiffytech.com/
Personal: http://www.smiffysplace.com/
LinkedIn: http://www.linkedin.com/in/smiffy

Re: OT: Wireframe Puffy 3D model for Lego's

[Daniel Ouellet]

Richard Daemon wrote:

Has he replied to this? I haven't been able to contact him off list,
the mail keeps failing.


Nope, not yet anyway...

But here is something fun, not puffy sadly until my Son can get a 3D 
version somewhat usable to create one. Or may be he will try to do 
something, I can't say for sure.


Here, however he did his first version for fun and testing of the top 
portion of the 4.2 T-Shirt OpenBSD logo in Lego, and you can see what it 
looks like here as well as the complete parts list needed to built it.


http://openbsdsupport.org/lego/

Kind of fun to see it if you asked me. (;>

He is working now on the PDF manual on how to put all of the pieces 
together and will be adding it when finish. But for now, you can see 
what it looks like. The parts are all available, but not in one store so 
far. We need to order them form a few different places to get all needed 
to do this, but they sure are available.


I guess it's never to early to get young mind turn on to OpenBSD! (;>

Best,

Daniel

PS: Still would be very much appreciated if some 3D, or somewhat like it 
of Puffy is available somewhere to start with.

Re: Possible daytime saving bug?

[Matthew Smith]

Quoth Edwards, David (JTS) at 2008-04-01 07:59...


>Assuming "/etc/localtime" is linked correctly to
>"/usr/share/zoneinfo/Australia/Adelaide", this should fix it
>immediately.

Not if he wants Canberra


Errr, whoops.  As you might be able to tell, I'm from Adelaide :-)


I've come in on this one late - is there an updated zoneinfo to 
compensate for this daft extension of daylight saving which has been 
inflicted upon those of us in the Australia/Adelaide TZ?


I noticed when I did my installs yesterday that they thought I was on CST.

Not an issue though - once I've got the GPS hooked up and am running 
Stratum 1, I'm planning to move to a constant UTC +09:30 on all my 
machines.  When I lived in the UK, I spent a whole summer with my watch 
on GMT and never had any issues - no different from all the TZ 
conversions I have to do to work out what time it is where all those 
with whom I have correspondence are.


You don't want to know what I'm doing with the Gregorian calendar, with 
which I also have issues ;-)


Cheers

M


--
Matthew Smith
Smiffytech - Technology Consulting & Web Application Development
Business: http://www.smiffytech.com/
Personal: http://www.smiffysplace.com/
LinkedIn: http://www.linkedin.com/in/smiffy

Re: A pair of pf questions...

[Christopher Sean Hilton]

On Mar 31, 2008, at 4:58 PM, Christopher Sean Hilton wrote:

Hi,



Just a followup. I figured that I might have better luck with this  
configuration.


 de0 - External interface to Internet
 de1 - Internal interface to DMZ
 de2 - No IP interface to DMZ
 de3 - No IP interface to wireless

 bridge0 (de3 <-> de2)

It works a little better. I'm able to screen packets going to my own  
network. But packets that come on in the wifi interface that are  
destined for the internet are getting natted before they go out onto  
the DMZ via de2. This causes them to be rejected when they again  
appear on de1 for having an invalid source address.


I'm really not understanding how packets pass through the filter. I  
would expect that packets wouldn't be natted until they appeared as an  
outbound packet on de0.


Any help...

Thanks again

-- Chris

Re: A pair of pf questions...

[Christopher Sean Hilton]

On Mar 31, 2008, at 8:53 PM, Jon Radel wrote:


Christopher Sean Hilton wrote:


On Mar 31, 2008, at 4:58 PM, Christopher Sean Hilton wrote:

Hi,



Just a followup. I figured that I might have better luck with this
configuration.

de0 - External interface to Internet
de1 - Internal interface to DMZ
de2 - No IP interface to DMZ
de3 - No IP interface to wireless

bridge0 (de3 <-> de2)

It works a little better. I'm able to screen packets going to my own
network. But packets that come on in the wifi interface that are
destined for the internet are getting natted before they go out  
onto the
DMZ via de2. This causes them to be rejected when they again appear  
on

de1 for having an invalid source address.

I'm really not understanding how packets pass through the filter. I
would expect that packets wouldn't be natted until they appeared as  
an

outbound packet on de0.

Any help...

Thanks again

-- Chris



You haven't shared any NAT statements from your config; rather hard to
guess what you might, or might not, be doing.




There's only the one:

 nat on $ext_if from $internal_net to any -> ($ext_if)

--
Chris Hilton   chris-at-vindaloo-dot-com

   "All I was doing was trying to get home from work!"
-- Rosa Parks