Re: OpenBSD as MS RIS-Server alternative?
Richard Daemon wrote: > Sweet! I'm going to give this a try, this is something I've been > looking for, for a while. > > pxelinux boot prompt? Should work with OpenBSD's pxeboot the same way? No comment. I'm a novice at all that, but have been using an OpenBSD-running Soekris unit as a portable PXE jukebox. For the last month and a half, I was serving up OpenBSD 4.2 and Debian 4. The CF size I have limits me to the contents of two smaller ISO images, or less. I'd like to try more releases at the same time and have all of the release, not just the net install. I've generally done net install via the regular mirrors. When it was just one system, I could one system use all the space and also serve up parts via anon ftp from the same unit. If you serve Debian or any Debian-based distros, especially in a hostile environment (e.g. blocking most mirror sites, non-HTTP ports and dropping connections) I strongly recommend using Apt-Cacher. If you have the disk space and/or things are really very hostile, then pre-load the cache in a more amenable environment. Be warned that apt-cacher will spawn a lot of processes. Squid will work fine for both installations, but in my (mis-)configuration provides little or no gain for speed. YMMV. For the linux installs you can make limited modifications (e.g. partitioning) with Kickstart or if you're tough, preseed. For OpenBSD customizations, I make one or two extra sets and serve those. Regards, -Lars
Please, Do not neglect this mail,19/05/2008
Please, Do not neglect this mail, I am Engr. Abubakar Lawal Yaradua, The Group Managing Director of the Nigerian National Petroleum Corporation (NNPC), By virtue of my position I can influence the issuance of the Bonny Light Crude Oil Allocation without having to pay for it. We will only pay the cost of the crude oil after we have sold it. Our own gain will be the commission which we will make from the sale of the product. I am making this contact to you to seek your co-operation so that we can work together as partners to actualize the above goal. I cannot do it directly because issuing the crude oil allocation to myself will mean using my office for personal interest. That will expose me to prosecution as the law here does not permit that. The allocation that will be issued to you is confirmable at Lloyds of London and also on Shell Screen. These are the two bodies that confirm crude oil transaction in the world. The confirmation will make every buyer see that the transaction is real and that you have legal right over the allocation. If you are interested in this business please, get back to me so that I can brief you more. Regards. Engr. Abubakar Lawal Yaradua.
Possible to change indent length from 8 to 4 spaces in mg?
Hi, I've been trying to figure out how to change the indent length when pressing the TAB key in mg from the standard 8 spaces to 4, but I haven't been able to find any setting that would seem to achieve this. The man page and Google didn't turn up anything. Is this at all possible in mg? Thanks, -Martin
Re: Multicasting on OpenBSD
On Mon, 19 May 2008 02:50:33 +0700, Claudio Jeker <[EMAIL PROTECTED]> wrote: On Mon, May 19, 2008 at 12:36:25AM +0700, Insan Praja SW wrote: On Mon, 19 May 2008 00:18:49 +0700, Clint Pachl <[EMAIL PROTECTED]> wrote: Hi Misc@, I did man-it, yes I already know that OBSD got mrouted, mroute dan DVRMPD. I'm just curious about it, cause I read Claudio Jeker's presentation on obsd as routing platform that says there will be: - mpls - l2tp - mac-in-mac - bgp/vpn/vrf which is all breakthrough in free-functional-secure os but nobody touches PIM-SM/SSM. I'm not fussing about it, just curious.. Cause dvrmpd/mrouted kinda.. emm.. outdated? just my Rp2.00 Thanks, Maybe that's because working on mpls, ospf6d and vrf at the same time is already way to much for a bit of sparetime hacking. PIM-SM/SSM are beyond complex. It will not happen anytime soon unless some new developers are interested in this and start working on multicast routing. Yap, I truly understand. Made me wanna return to college and push more effort on C :D Good Luck Claudio, Best Regards, -- insandotpraja(at)gmaildotcom
[rn_walktree+0x3f] Panic During BGP+CARP Fail-Over
Hi Misc@, While working/experimenting with bgpd + carp and storing the prefix learn by bgpd to a pftable, the carp peer hang when the other peer is rebooted. Works ok before storing this prefixes to pftable. Both router are identical. So here is the config file on each router, dmesg and of course, the ddb and trace, Core1 || |-- GWprefix feeder || Core2 Core1 pf.conf --- in_if="em0" ext_if="em1" pfsync_if="em2" set skip on lo set limit {states 3, frags 15000} scrub in all table persist table persist table const {192.168.0.0/16, 172.16.0.0/12, 0.0.0.0/7, 2.0.0.0/8, 5.0.0. 0/8, 7.0.0.0/8, 23.0.0.0/8, 27.0.0.0/8, 31.0.0.0/8, 36.0.0.0/7, 39.0.0.0/8, 42.0 .0.0/8, 49.0.0.0/8, 50.0.0.0/8, 94.0.0.0/7, 100.0.0.0/6, 104.0.0.0/5, 112.0.0.0/ 6, 169.254.0.0/16, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/5, 184.0.0.0/6} #allow all loopback interface to communicate pass quick on lo0 all #allow pfsync traffic in real interface not virtual interface pass quick on $pfsync_if proto pfsync keep state #allow CARP traffic pass quick on {$in_if, $ext_if} proto carp keep state #allow CARP traffic pass quick on {$in_if, $ext_if} proto carp keep state #allow icmp traffic pass in quick on {$in_if, $ext_if, $pfsync_if} inet proto icmp from any to any k eep state #pass in quick on $ext_if inet proto icmp from any to any keep state #allow ssh access pass in quick on {$in_if, $ext_if, $pfsync_if} proto tcp from any to any port 22 keep state pass in quick on {$in_if, $ext_if, $pfsync_if} from to any keep state tag ALLOW pass out quick on {$in_if, $ext_if, $pfsync_if} tagged ALLOW block in quick on {$in_if, $ext_if, $pfsync_if} from to any tag BL OK block out quick on {$in_if, $ext_if, $pfsync_if} tagged BLOK block in quick on {$in_if, $ext_if, $pfsync_if} from to any tag BLOCKED block out quick on {$in_if, $ext_if, $pfsync_if} tagged BLOCKED bgpd.conf - #macros peer1="202.149.93.241" peer2="10.10.10.5" # global configuration AS 65022 router-id 10.10.10.3 holdtime 180 holdtime min 3 listen on 127.0.0.1 listen on 10.10.10.3 fib-update yes nexthop qualify via bgp log updates network 202.149.93.176/28 neighbor $peer1 { remote-as 65021 descr office-gtw announceall announce capabilities yes demote carp softreconfigin yes softreconfigout yes } neighbor $peer2 { remote-as 65022 descr core2-exp announceall announce capabilities yes softreconfigin yes softreconfigout yes tcp md5sig password lalerijo set pftable "bgpd" } deny from any allow from any inet prefixlen 8 - 24 allow from {$peer1 $peer2} inet prefixlen 8 - 30 allow to {$peer1 $peer2} prefix 202.149.93.176/28 prefixlen 8 - 30 # do not accept a default route deny from any prefix 0.0.0.0/0 # filter bogus networks deny from any prefix 10.0.0.0/8 prefixlen >= 8 deny from any prefix 172.16.0.0/12 prefixlen >= 12 deny from any prefix 192.168.0.0/16 prefixlen >= 16 deny from any prefix 169.254.0.0/16 prefixlen >= 16 deny from any prefix 192.0.2.0/24 prefixlen >= 24 deny from any prefix 224.0.0.0/4 prefixlen >= 4 deny from any prefix 240.0.0.0/4 prefixlen >= 4 Core2 pf.conf in_if="em0" ext_if="em1" pfsync_if="vlan111" set skip on lo set limit {states 3, frags 15000} scrub in all table persist table persist table const {192.168.0.0/16, 172.16.0.0/12, 0.0.0.0/7, 2.0.0.0/8, 5.0.0. 0/8, 7.0.0.0/8, 23.0.0.0/8, 27.0.0.0/8, 31.0.0.0/8, 36.0.0.0/7, 39.0.0.0/8, 42.0 .0.0/8, 9.0.0.0/8, 50.0.0.0/8, 94.0.0.0/7,100.0.0.0/6,104.0.0.0/5, 112.0.0.0/6, 169.254.0.0/16, 173.0.0.0/8, 174.0.0.0/7,176.0.0.0/5,184.0.0.0/6} #allow all loopback interface to communicate pass quick on lo0 all pass all #allow pfsync traffic in real interface not virtual interface pass quick on $pfsync_if proto pfsync keep state #allow CARP traffic pass quick on {$in_if, $ext_if} proto carp keep state #allow CARP traffic pass quick on {$in_if, $ext_if} proto carp keep state #allow icmp traffic pass in quick on {$in_if, $ext_if, $pfsync_if} inet proto icmp from any to any k eep state #pass in quick on $ext_if inet proto icmp from any to any keep state #allow ssh access pass in quick on {$in_if, $ext_if, $pfsync_if} proto tcp from any to any port 22 keep state pass in quick on {$in_if, $ext_if, $pfsync_if} from to any keep state tag ALLOW pass out quick on {$in_if, $ext_if, $pfsync_if} tagged ALLOW block in quick on {$in_if, $ext_if, $pfsync_if} from to any tag BL OK block out quick on {$in_if, $ext_if, $pfsync_if} tagged BLOK block in quick on {$in_if, $ext_if, $pfsync_if} from to any tag BLOCKED block out quick on {$in_if, $ext_if, $pfsync_if} tagged BLOCKED bgpd.conf - #macros peer1="202.149.93.241" peer2="10.10.10.3" # global configuration AS 65022 router-id 10.10.10.5 holdtime 180 holdtime min 3 listen on 127.0.0.1 listen o
Re: port/package messages about manual optional configuration?
Hi! [Your quoting is severly messed up, please fix it; your line lengths too] On Sun, May 18, 2008 at 06:53:16PM +, Jay wrote: >That helps, thanks. >How about though for the scenario where I just installed something, and all >its dependencies, without knowing what they are? >Like: > cd /usr/ports/x11/kde > sudo make install >Seems like maybe the install messages should be logged somewhere specific? > maybe sudo make install | tee lookthroughthislater.txt I guess I should use > tee or > more. >Ah, this is close: > cd /var/db/pkg > pkg_info -M * That's about the same as pkg_info -M -a >You know, at least it tells me for everything installed on my machine, not >necessarily sorted by time or anything. You can, of course, get an approximation by ls -tr on /var/db/pkg (however already installed packages where dependencies are registered get touched, too). Also see script to record what happens on a make install/pkg_add session. > - Jay Kind regards, Hannah.
Re: possible setup "bug" -- chose of default "a" partition can be wrong like if it is swap
On 5/18/08, Jay <[EMAIL PROTECTED]> wrote: > If I have my "a" slice/partition is a "small" swap partition and my "c" slice > is a "large" BSD partition, setup should install to "c". > Or at least maybe prompt. Usually I want fewer prompts/questions, but.. a is / and b is swap. Yes, you can set it up other ways, but such configurations are never tested and you will only ever confuse people if you ask for help. So leave it the openbsd way.
(Fwd) Re: pf-altq-bandwith_problem
sorry, missed misc@ when replying... On 18 May 2008 at 19:16, Jesus Sanchez wrote: > Martin Gignac escribis: > >> I will try, thanks for the info. Just to make sure I'm not dealing > >> with a bug can anyone try this??... just set a global limit to a > >> interface ($int_if), then do a ftp transfer to the gateway ( the > >> one with the PF+ALTQ) and time the put and get transfers with a > >> large file. > >> > >> When I get a download time of 3 minutes, the upload is of 10 > >> seconds... :s > > > > Hi, > > > > Just a shot in the dark here. Maybe I totally misunderstood your > > sentence: > > > > "When I get a download time of 3 minutes, the upload is of 10 > > seconds..." > > > > Did you mean: > > > > "_While_ I get a download time of 3 minutes, the upload is of 10 > > seconds..." > > > > If that's what you meant, isn't that behavior normal? Considering > > that (as the PF user's guide puts it): > > > > "Note that queueing is only useful for packets in > > the outbound direction. Once a packet arrives on an interface in > > the inbound direction it's already too late to queue it -- it's > > already consumed network bandwidth to get to the interface that > > just received it." > > > > Sorry if my question is beside the point! :o) > > -Martin > > > Maybe you're right with the PF user's guide, anyway I explain better > to avoid confussions: > > [Joe PC] -- [OpenBSD box] -- Internet, > > lets take away the internet, only the Joe - box thing is the matter. > > OpenBSD is doing nat as explained on my pf.conf in the original post > of this thread. The OpenBSD box also makes of FTP server, but I want > a limit of 100Kbs (simetrical 100Kbs) speaking of bits, and not bytes. > So I do the needed rules on pf.conf to make Joe get only 100Kbs of > the interface in OpenBSD box serving Joe PC. > > If, from Joe PC, I get a file by ftp from the OpenBSD box, I get > exactly what I want, the 100Kb limit. (at the same time I'm not doing > anything with the net, like browsing or getting mail...) > > If, from Joe PC, I put a file by ftp to OpenBSD box, then the problem > appears, and the speed ups in a factor of 40x. If I change the > bandwidth value on altq rule of pf.conf, then the speed of put a file > on OpenBSD box also changes, but is 40 times more speed. I mean, I > want simetrical 100Kbs limit on the interface to Joe PC, can I have > this setting? Not easily. As Martin pointed out, pf can only control outbound bandwidth, i.e. from the OpenBSD box out to Joe and not the other way around. So any control applied to the opposite direction is indirect. That is you can slow down most TCP protocols (such as FTP) by slowing down the ACKnowledgements of the received packets. But of course the ACK packets do not use nearly as much bandwidth as the data packets they are acknowledging. The 40x ratio you have observed sounds quite reasonable given header overheads. So, if you want to try to control Joe's upload bandwidth you will need to set up a special very slow queue for the FTP ACK packets. > > I hope not to be making noise in the mail list. > > Thanks for your time. > -Jesus > > --- End of forwarded message --- - System Administrator[EMAIL PROTECTED] Bitwise Internet Technologies, Inc. 22 Drydock Avenue tel: (617) 737-1837 Boston, MA 02210 fax: (617) 439-4941
$30milion business proposal if you are interested reply me or call+ 22678217398.
You are invited to "$30milion business proposal if you are interested reply me or call+ 22678217398.". By your host Aishatuu Aruba: Date: Sunday May 18, 2008 Time: 7:00 pm - 8:00 pm (GMT +00:00) Will you attend? RSVP to this invitation at: http://calendar.yahoo.com/aishatuuaruba25?v=126&a1=0&iid=whB9nvpb8NA0%40d9XHxY5Qqd%40ktEwBmdGNh%408-77%40Y5v%40&igid=whB9nvpb8NA0%40d9XHxY5Qqd%401tFwBmtC4h%408Oz7dY5v%40 Copyright ) 2008 All Rights Reserved www.yahoo.com Privacy Policy: http://privacy.yahoo.com/privacy/us Terms of Service: http://docs.yahoo.com/info/terms/
Re: Multicasting on OpenBSD
On Mon, May 19, 2008 at 12:36:25AM +0700, Insan Praja SW wrote: > On Mon, 19 May 2008 00:18:49 +0700, Clint Pachl <[EMAIL PROTECTED]> wrote: > Hi Misc@, > I did man-it, yes I already know that OBSD got mrouted, mroute dan DVRMPD. > I'm just curious about it, cause I read Claudio Jeker's presentation on > obsd as routing platform that says there will be: > - mpls > - l2tp > - mac-in-mac > - bgp/vpn/vrf > which is all breakthrough in free-functional-secure os but nobody touches > PIM-SM/SSM. I'm not fussing about it, just curious.. Cause dvrmpd/mrouted > kinda.. emm.. outdated? > just my Rp2.00 > Thanks, > Maybe that's because working on mpls, ospf6d and vrf at the same time is already way to much for a bit of sparetime hacking. PIM-SM/SSM are beyond complex. It will not happen anytime soon unless some new developers are interested in this and start working on multicast routing. -- :wq Claudio
Re: port/package messages about manual optional configuration?
That helps, thanks. How about though for the scenario where I just installed something, and all its dependencies, without knowing what they are? Like: cd /usr/ports/x11/kde sudo make install Seems like maybe the install messages should be logged somewhere specific? maybe sudo make install | tee lookthroughthislater.txt I guess I should use tee or > more. Ah, this is close: cd /var/db/pkg pkg_info -M * You know, at least it tells me for everything installed on my machine, not necessarily sorted by time or anything. - Jay > Date: Sun, 18 May 2008 18:22:17 +0200> From: [EMAIL PROTECTED]> To: [EMAIL PROTECTED]> CC: misc@openbsd.org> Subject: Re: port/package messages about manual optional configuration?> > Hi!> > On Sun, May 18, 2008 at 03:49:24PM +, Jay wrote:> >The "important" messages from installing packages/ports.> >There is something I have noticed in various package/port systems, including> >OpenBSD, Debian, and more.> >Here is an example:> >$ sudo pkg_add python--- python-2.5.2 ---If you want to use> >this package as your default system python, as rootcreate symbolic links like> >so (overwriting any previous default): ln -sf /usr/local/bin/python2.5> >/usr/local/bin/python ln -sf /usr/local/bin/pydoc2.5 /usr/local/bin/pydoc> > >Now, in this case, I have installed just one package, interactively, so the> >point is mostly moot.But for the scenario of installing something with> >dependencies, something that takes a while,where I walk away and come back> >much later, these "important" messages, these messages aboutoptional manual> >configuration, should be collected somewhere for my perusal.> >Maybe they already are?> > pkg_info -M package_name> pkg_info -M -a> man 1 pkg_info> > >Thanks, - Jay> > Hope that helps.> > Kind regards,> > Hannah.
Re: possible setup "bug" -- chose of default "a" partition can be wrong like if it is swap
Ben, I did mix up which letter is which. I didn't mean to violate which one is the entire drive. I was going from memory. That wasn't the point. Yes, the first time I installed, I took the defaults, and it worked. Then I tried to install Solaris. Then with that in recent memory, I tried to be like it. I know multiple partitions/slices/labels are encouraged, but the docs also say one is ok, and I really don't like to "fragment" stuff like this. I don't want to have to decide how much space I need for everything, and then have it be very difficult to change later. Granted, lately I'm wanting to share something, like maybe /home, across multiple operating systems. I didn't google for swap file, admitted. I don't really care if the swap partition is at the start, I was just following what Solaris had encouraged. As for it being "tiny", well, yeah, with 512meg, 1gig, and more physical memory, I don't see why swap should be much, certainly more than 512meg. - Jay > CC: misc@openbsd.org> From: [EMAIL PROTECTED]> To: [EMAIL PROTECTED]> Subject: Re: possible setup "bug" -- chose of default "a" partition can be wrong like if it is swap> Date: Sun, 18 May 2008 10:26:03 -0700> > > On May 18, 2008, at 8:54 AM, Jay wrote:> > you are making a lot of bad assumptions.> > > If I have my "a" slice/partition is a "small" swap partition and my > > "c" slice> > is a "large" BSD partition, setup should install to "c".> > you should not use c for anything. it's the whole disk.> > >> > Or at least maybe prompt. Usually I want fewer prompts/questions, > > but..> >> > I ran into this problem because Solaris setup encourages the swap> > partition/slice to be first.> > solaris does this because it expands the installer into the swap > partition and runs it from there.> > >> > Luckily "a" filled up during setup and not later, so damage/pain was> > minimized.> > you're assuming that openbsd partitions need to be on the disk in > alphabetical order. this is false> >> > I realize the defaults in the install and the directions have you > > create the> > BSD slice/partition as "a" so if you ignore Solaris you tend to get > > it right.> > yes. if you don't assume that openbsd will work like and > actually read the docs you tend to be better off> > > Any chance ever of a "swap file" instead of a "swap partition/slice"?> > yes. i leave the googling up to you.> > > I'm sure this isn't a good "bug report", and debatable, so misc...> > I"m _guessing_ that what you're trying to achieve ( unadvisedly ) is > to have a tiny swap partition at the beginning of the disk and a > single partition for the OS. I'm not going to bother preaching at you > about why this is bad, if you were interested in why you'd have > already taken the time to find out.> > you can do this by creating the b (swap) partition first during the > install and then creating the a partition _physically_after_it_ on the > disk.> > Luckily, you don't have to do it this way. you can simply follow the > instructions in the INSTALL. file and end up with a sane > partitioning scheme.> >> > - Jay> >> > Ben
Re: AltQ only catching in one queue
On Sunday 18 May 2008, Steve B wrote: > set loginterface $ext_if > set state-policy if-bound > set skip on lo0 > set skip on enc0 Don't know exactly but for starters Unless you have good reason for changing some things from the default I would recommend rewriting the above by dropping both: set loginterface $ext_if set state-policy if-bound Unless you can explain why you don't want the default of "floating" for state-policy, maybe it's a good idea not to screw with it. Also, just to clean up, the next two lines can be combined: set skip on { lo0, enc0 } Of course, if you're not tunneling ("ifconfig -A" shows no enc0) then you don't need to skip the interface. Also, and I don't claim to be an expert, but if you're running a recent version of OpenBSD then drop all of your keep/synproxy/modulate/flags qualifiers, especially during troubleshooting. PF will, by default, use the normally proper state options ("keep state" for udp, and "flags S/SA keep state" for tcp). And my guess is that "synproxy state" is only really useful for inbound connections on the external interface to inside public IP address/port destinations (welcome for any clarification from the experts on this), if so it seems out of place here. Remember, you can always gum the works up after you get it working :) -- Chris
Re: pf-altq-bandwith_problem
If that's what you meant, isn't that behavior normal? Considering that (as the PF user's guide puts it): "Note that queueing is only useful for packets in the outbound direction. Once a packet arrives on an interface in the inbound direction it's already too late to queue it -- it's already consumed network bandwidth to get to the interface that just received it." [Joe PC] -- [OpenBSD box] -- Internet, limit of 100Kbs (simetrical 100Kbs) speaking of bits, and not bytes. So I do the needed rules on pf.conf to make Joe get only 100Kbs of the interface in OpenBSD box serving Joe PC. If, from Joe PC, I get a file by ftp from the OpenBSD box, I get exactly what I want, the 100Kb limit. (at the same time I'm not doing anything with the net, like browsing or getting mail...) If, from Joe PC, I put a file by ftp to OpenBSD box, then the problem appears, and the speed ups in a factor of 40x. If I change the bandwidth value on altq rule of pf.conf, then the speed of put a file on OpenBSD box also changes, but is 40 times more speed. I mean, I want simetrical 100Kbs limit on the interface to Joe PC, can I have this setting? When Joe downloads _from_ the OpenBSD box, then queuing is involved (and seems to work in your case) because the majority of data (FTP data) is being sent *out* of the OpenBSD box (hence, in the outbound direction from the point of view of the interface) and therefore _is_ subject to your queueing parameters. When Joe uploads _to_ the OpenBSD box, then queueing is _not_ involved since the data is coming _in_ to the box, and ALTQ cannot shape _incoming_ traffic. The way I see it, the only way for you to shape traffic symmetrically in both directions is to run your FTP server on another machine than the OpenBSD one, make sure that traffic between Joes' box and the FTP server gets _routed_ via the OpenBSD box, and apply your queue on the "Joe-side" interface and on the "FTP-side" interface. That way, you'll be shaping the traffic going from Joe's to the FTP box as well since the FTP traffic from Joe's uploads will be shaped at the egress interface when the packets are moving from the OpenBSD box towards the FTP server. Hope this helps, -Martin
Re: Multicasting on OpenBSD
On Mon, 19 May 2008 00:18:49 +0700, Clint Pachl <[EMAIL PROTECTED]> wrote: Hi Misc@, I did man-it, yes I already know that OBSD got mrouted, mroute dan DVRMPD. I'm just curious about it, cause I read Claudio Jeker's presentation on obsd as routing platform that says there will be: - mpls - l2tp - mac-in-mac - bgp/vpn/vrf which is all breakthrough in free-functional-secure os but nobody touches PIM-SM/SSM. I'm not fussing about it, just curious.. Cause dvrmpd/mrouted kinda.. emm.. outdated? just my Rp2.00 Thanks, Insan Insan Praja SW wrote: Hi Misc@, Just wondering around, is there any multicasting technology (PIM-SM, PIM-SSM etc) currently developed or implemented in OpenBSD?. Since working with this unbelievable OS (especially with routing/filtering/forwarding) I wish to know more about it. Right now I managed to use OBSD4.3-current to BGP routing (redundant/loadbalance with carp), storing the prefix to pftable, set the rtlabel, labeling rules with pf, multiple routing table, tagging rules, just unbelievable awesome. Best of luck to the guys working such a "nice" OS. Thanks, $ apropos multicast (did people forget about the manpages?) -- insandotpraja(at)gmaildotcom
Re: S/Key *and* password for SSH login
On Sun, May 18, 2008 at 12:56:29PM +, Stuart Henderson wrote: > On 2008-05-18, Mark Shroyer <[EMAIL PROTECTED]> wrote: > > I've set up a nice secondary authentication mechanism on a Linux server. > > I use this when I must shell in from, e.g., a computer lab, and I don't > > have an authorized SSH private key on my workstation. To login without > > a private key, I must: > > > > 1) Enter my account's current S/Key one-time password > > > > and > > > > 2) Enter my Unix password > > > > in sequence. > > In what way does typing your password in to an untrusted machine > improve security? 1) I didn't say untrusted machine. I know these computers' admins and fully trust them. 2) If it is impossible to log into the machine remotely with only its password, then when one actually thinks about it for just a moment and gets over the knee-jerk "OMG you're giving them your password!!1!" reaction, one realizes that this scheme *does* in fact increase security compared to S/Key alone, even if I were to use it from an untrusted machine. Now, I don't want this thread to turn into a long and boring critique of my authentication device. I just want to know, for better or for worse, how one would go about setting it up on OpenBSD without PAM. Any ideas? -- Mark Shroyer http://markshroyer.com/contact/
Re: possible setup "bug" -- chose of default "a" partition can be wrong like if it is swap
On May 18, 2008, at 8:54 AM, Jay wrote: you are making a lot of bad assumptions. If I have my "a" slice/partition is a "small" swap partition and my "c" slice is a "large" BSD partition, setup should install to "c". you should not use c for anything. it's the whole disk. Or at least maybe prompt. Usually I want fewer prompts/questions, but.. I ran into this problem because Solaris setup encourages the swap partition/slice to be first. solaris does this because it expands the installer into the swap partition and runs it from there. Luckily "a" filled up during setup and not later, so damage/pain was minimized. you're assuming that openbsd partitions need to be on the disk in alphabetical order. this is false I realize the defaults in the install and the directions have you create the BSD slice/partition as "a" so if you ignore Solaris you tend to get it right. yes. if you don't assume that openbsd will work like and actually read the docs you tend to be better off Any chance ever of a "swap file" instead of a "swap partition/slice"? yes. i leave the googling up to you. I'm sure this isn't a good "bug report", and debatable, so misc... I"m _guessing_ that what you're trying to achieve ( unadvisedly ) is to have a tiny swap partition at the beginning of the disk and a single partition for the OS. I'm not going to bother preaching at you about why this is bad, if you were interested in why you'd have already taken the time to find out. you can do this by creating the b (swap) partition first during the install and then creating the a partition _physically_after_it_ on the disk. Luckily, you don't have to do it this way. you can simply follow the instructions in the INSTALL. file and end up with a sane partitioning scheme. - Jay Ben
Re: Multicasting on OpenBSD
Insan Praja SW wrote: Hi Misc@, Just wondering around, is there any multicasting technology (PIM-SM, PIM-SSM etc) currently developed or implemented in OpenBSD?. Since working with this unbelievable OS (especially with routing/filtering/forwarding) I wish to know more about it. Right now I managed to use OBSD4.3-current to BGP routing (redundant/loadbalance with carp), storing the prefix to pftable, set the rtlabel, labeling rules with pf, multiple routing table, tagging rules, just unbelievable awesome. Best of luck to the guys working such a "nice" OS. Thanks, $ apropos multicast (did people forget about the manpages?)
Re: pf-altq-bandwith_problem
Martin Gignac escribis: I will try, thanks for the info. Just to make sure I'm not dealing with a bug can anyone try this??... just set a global limit to a interface ($int_if), then do a ftp transfer to the gateway ( the one with the PF+ALTQ) and time the put and get transfers with a large file. When I get a download time of 3 minutes, the upload is of 10 seconds... :s Hi, Just a shot in the dark here. Maybe I totally misunderstood your sentence: "When I get a download time of 3 minutes, the upload is of 10 seconds..." Did you mean: "_While_ I get a download time of 3 minutes, the upload is of 10 seconds..." If that's what you meant, isn't that behavior normal? Considering that (as the PF user's guide puts it): "Note that queueing is only useful for packets in the outbound direction. Once a packet arrives on an interface in the inbound direction it's already too late to queue it -- it's already consumed network bandwidth to get to the interface that just received it." Sorry if my question is beside the point! :o) -Martin Maybe you're right with the PF user's guide, anyway I explain better to avoid confussions: [Joe PC] -- [OpenBSD box] -- Internet, lets take away the internet, only the Joe - box thing is the matter. OpenBSD is doing nat as explained on my pf.conf in the original post of this thread. The OpenBSD box also makes of FTP server, but I want a limit of 100Kbs (simetrical 100Kbs) speaking of bits, and not bytes. So I do the needed rules on pf.conf to make Joe get only 100Kbs of the interface in OpenBSD box serving Joe PC. If, from Joe PC, I get a file by ftp from the OpenBSD box, I get exactly what I want, the 100Kb limit. (at the same time I'm not doing anything with the net, like browsing or getting mail...) If, from Joe PC, I put a file by ftp to OpenBSD box, then the problem appears, and the speed ups in a factor of 40x. If I change the bandwidth value on altq rule of pf.conf, then the speed of put a file on OpenBSD box also changes, but is 40 times more speed. I mean, I want simetrical 100Kbs limit on the interface to Joe PC, can I have this setting? I hope not to be making noise in the mail list. Thanks for your time. -Jesus
Re: port/package messages about manual optional configuration?
Hi! On Sun, May 18, 2008 at 03:49:24PM +, Jay wrote: >The "important" messages from installing packages/ports. >There is something I have noticed in various package/port systems, including >OpenBSD, Debian, and more. >Here is an example: >$ sudo pkg_add python--- python-2.5.2 ---If you want to use >this package as your default system python, as rootcreate symbolic links like >so (overwriting any previous default): ln -sf /usr/local/bin/python2.5 >/usr/local/bin/python ln -sf /usr/local/bin/pydoc2.5 /usr/local/bin/pydoc >Now, in this case, I have installed just one package, interactively, so the >point is mostly moot.But for the scenario of installing something with >dependencies, something that takes a while,where I walk away and come back >much later, these "important" messages, these messages aboutoptional manual >configuration, should be collected somewhere for my perusal. >Maybe they already are? pkg_info -M package_name pkg_info -M -a man 1 pkg_info >Thanks, - Jay Hope that helps. Kind regards, Hannah.
Re: wvdial.conf -> ppp.conf
2008/5/18 Jesse Callaway <[EMAIL PROTECTED]>: > On Sun, May 18, 2008 at 10:43 AM, Barry Commander > <[EMAIL PROTECTED]> wrote: > > chatscript for archives > > > > $ cat /etc/ppp/chatscript > > ABORT BUSY > > ABORT VOICE > > ABORT "NO CARRIER" > > ABORT "NO DIALTONE" > > ABORT "NO DIAL TONE" > > "" ATZ > > OK ATE0V1&D2&C1S0=0+IFC=2,2 > > OK AT+CGDCONT=1,"IP","general.t-mobile.uk" > > OK ATDT*99# > > CONNECT "" > > $ > > > > > > 2008/5/18 Barry Commander <[EMAIL PROTECTED]>: > > > >> I now have limited connectivity (I can ping and receive replies from > >> internet hosts, but HTTP access time out). I'm using: > >> > >> # cat /etc/ppp/ppp.conf > >> default: > >> set log Phase Chat LCP IPCP CCP tun command$ cat /etc/ppp/chatscript > >> ABORT BUSY > >> ABORT VOICE > >> ABORT "NO CARRIER" > >> ABORT "NO DIALTONE" > >> ABORT "NO DIAL TONE" > >> "" ATZ > >> OK ATE0V1&D2&C1S0=0+IFC=2,2 > >> OK AT+CGDCONT=1,"IP","general.t-mobile.uk" > >> OK ATDT*99# > >> CONNECT "" > >> $ > >> > >> > >> tmobile: > >> set device /dev/ttyU0 > >> set speed 38400 > >> set log ALL > >> > >> set login "\"!chat -f /etc/ppp/chatscript\"" > >> set logout "ABORT BUSY ABORT ERROR TIMEOUT 30 \"\" +++ATH OK-ATH-OK" > >> > >> set phone *99***1\# > >> set authname "web" > >> set authkey "web" > >> set timeout 120 > >> set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 > >> add default HISADDR > >> enable dns > >> disable ipv6cp > >> > >> which gives me: > >> May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: 0.0.0.0/0: Change > >> route failed: errno: No such process > >> May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: 10.0.0.2: Change > >> route failed: errno: No such process > >> May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: ff01:5::/32: > Change > >> route failed: errno: No such process > >> May 18 16:10:06 tom-laptop ppp[17987]: tun0: Warning: tun0: DIFADDR > >> 10.33.237.63/24 -> 10.0.0.2 returns 0 > >> > >> I've tried setting my default route to both 10.33.237.63 and 10.0.0.2and > >> get the same limited connectivity with both. > >> Any clues? > >> Regards > >> > >> Barry > >> > >> > >> > >> 2008/5/18 Barry Commander <[EMAIL PROTECTED]>: > >> > >>> So far I have: > >>> > >>> default: > >>> set log Phase Chat LCP IPCP CCP tun command > >>> > >>> tmobile: > >>> set device /dev/cua00 > >>> set speed 38400 > >>> set log ALL > >>> > >>> set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \ > >>> \"\" AT OK-AT-OK ATZ OK \ > >>> AT+CGDCONT=1,\\\"IP\\\",\\\"general.t-mobile.uk\\\",\\\" > 0.0.0.0\\\",0,0 > >>> OK \ > >>> AT+CGATT=1 OK \ > >>> \\dATDT\\T TIMEOUT 40 CONNECT" > >>> > >>> set logout "ABORT BUSY ABORT ERROR TIMEOUT 30 \"\" +++ATH OK-ATH-OK" > >>> > >>> set phone *99***1# > >>> set authname "web" > >>> set authkey "web" > >>> set timeout 120 > >>> set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 > >>> add default HISADDR > >>> enable dns > >>> disable ipv6cp > >>> > >>> Which gives: > >>> # ppp -auto tmobile > >>> Working in auto mode > >>> Using interface: tun0 > >>> Warning: tun0: AIFADDR 10.0.0.1/24 -> 10.0.0.2 returns 0 > >>> Warning: Add route failed: 0.0.0.0/0 already exists > >>> # > >>> > >>> May 18 14:50:40 tom-laptop ppp[8643]: tun0: Warning: tun0: AIFADDR > >>> 10.0.0.1/24 -> 10.0.0.2 returns 0 > >>> May 18 14:50:40 tom-laptop ppp[8643]: tun0: Warning: Add route failed: > >>> 0.0.0.0/0 already exists > >>> May 18 14:50:50 tom-laptop ppp[32305]: tun0: Warning: Chat script > failed > >>> > >>> # route -n show > >>> Routing tables > >>> > >>> Internet: > >>> DestinationGatewayFlags Refs Use Mtu Prio > >>> Iface > >>> default192.168.1.1UGS7 1315 - > 8 > >>> iwn0 > >>> 10.0.0.2 10.0.0.1 UH 00 - > 4 > >>> tun0 > >>> 127/8 127.0.0.1 UGRS 00 33208 > 8 > >>> lo0 > >>> 127.0.0.1 127.0.0.1 UH 10 33208 > 4 > >>> lo0 > >>> 192.168.1/24 link#1 UC 10 - 4 > >>> iwn0 > >>> 192.168.1.100:0e:2e:85:c4:13 UHLc 1 31 - > 4 > >>> iwn0 > >>> 224/4 127.0.0.1 URS00 33208 > 8 > >>> lo0 > >>> > >>> # ifconfig tun0 > >>> tun0: flags=8051 mtu 1500 > >>> groups: tun > >>> inet 10.0.0.1 --> 10.0.0.2 netmask 0xff00 > >>> > >>> Any other info of use? > >>> Thanks > >>> Barry > >>> > >>> 2008/5/18 Barry Commander <[EMAIL PROTECTED]>: > >>> > >>> Hello > I've tried and failed for a few days to convert the following > wvdial.conf > to something suitable for use on OpenBSD ( I was thinking ppp.conf ) > Could someone show me a working example please? >
possible setup "bug" -- chose of default "a" partition can be wrong like if it is swap
If I have my "a" slice/partition is a "small" swap partition and my "c" slice is a "large" BSD partition, setup should install to "c". Or at least maybe prompt. Usually I want fewer prompts/questions, but.. I ran into this problem because Solaris setup encourages the swap partition/slice to be first. Luckily "a" filled up during setup and not later, so damage/pain was minimized. I realize the defaults in the install and the directions have you create the BSD slice/partition as "a" so if you ignore Solaris you tend to get it right. Any chance ever of a "swap file" instead of a "swap partition/slice"? I'm sure this isn't a good "bug report", and debatable, so misc... - Jay
port/package messages about manual optional configuration?
The "important" messages from installing packages/ports. There is something I have noticed in various package/port systems, including OpenBSD, Debian, and more. Here is an example: $ sudo pkg_add python--- python-2.5.2 ---If you want to use this package as your default system python, as rootcreate symbolic links like so (overwriting any previous default): ln -sf /usr/local/bin/python2.5 /usr/local/bin/python ln -sf /usr/local/bin/pydoc2.5 /usr/local/bin/pydoc Now, in this case, I have installed just one package, interactively, so the point is mostly moot.But for the scenario of installing something with dependencies, something that takes a while,where I walk away and come back much later, these "important" messages, these messages aboutoptional manual configuration, should be collected somewhere for my perusal. Maybe they already are? Thanks, - Jay
Small diff to make dhclient(8) go to background immediately
I very much appreciate the work of reyk@ on dhclient to make it renew the lease when the link is lost. However it might happen that you don't have a link at the moment where you launch dhclient but you know that you might get a link afterwards. This is true when you launch your laptop somewhere where you have wifi connectivity but unfortunately you're in a spot where you don't currently receive it. If you specify 'dhcp' in hostname. you will have to wait until dhclient times out or hit Ctrl-C at startup. This tiny patch adds an option to dhclient to tell it to just go into background and wait until you get a link. I would appreciate any comments. Thanks! Index: dhclient.c === RCS file: /cvs/src/sbin/dhclient/dhclient.c,v retrieving revision 1.118 diff -u -r1.118 dhclient.c --- dhclient.c 9 May 2008 05:19:14 - 1.118 +++ dhclient.c 18 May 2008 15:11:53 - @@ -253,7 +253,7 @@ int main(int argc, char *argv[]) { - int ch, fd, quiet = 0, i = 0, pipe_fd[2]; + int ch, fd, quiet = 0, background = 0, i = 0, pipe_fd[2]; extern char *__progname; struct passwd *pw; @@ -261,8 +261,11 @@ openlog(__progname, LOG_PID | LOG_NDELAY, DHCPD_LOG_FACILITY); setlogmask(LOG_UPTO(LOG_INFO)); - while ((ch = getopt(argc, argv, "c:dl:qu")) != -1) + while ((ch = getopt(argc, argv, "bc:dl:qu")) != -1) switch (ch) { + case 'b': + background = 1; + break; case 'c': path_dhclient_conf = optarg; break; @@ -319,6 +322,9 @@ read_client_conf(); + if (background) + goto dispatch; + if (!(ifi->linkstat = interface_link_status(ifi->name))) { fprintf(stderr, "%s: no link ...", ifi->name); if (config->link_timeout == 0) { @@ -409,7 +415,7 @@ { extern char *__progname; - fprintf(stderr, "usage: %s [-dqu] [-c file] [-l file] interface\n", + fprintf(stderr, "usage: %s [-bdqu] [-c file] [-l file] interface\n", __progname); exit(1); }
Re: pf-altq-bandwith_problem
I will try, thanks for the info. Just to make sure I'm not dealing with a bug can anyone try this??... just set a global limit to a interface ($int_if), then do a ftp transfer to the gateway ( the one with the PF+ALTQ) and time the put and get transfers with a large file. When I get a download time of 3 minutes, the upload is of 10 seconds... :s Hi, Just a shot in the dark here. Maybe I totally misunderstood your sentence: "When I get a download time of 3 minutes, the upload is of 10 seconds..." Did you mean: "_While_ I get a download time of 3 minutes, the upload is of 10 seconds..." If that's what you meant, isn't that behavior normal? Considering that (as the PF user's guide puts it): "Note that queueing is only useful for packets in the outbound direction. Once a packet arrives on an interface in the inbound direction it's already too late to queue it -- it's already consumed network bandwidth to get to the interface that just received it." Sorry if my question is beside the point! :o) -Martin
Re: wvdial.conf -> ppp.conf
On Sun, May 18, 2008 at 10:43 AM, Barry Commander <[EMAIL PROTECTED]> wrote: > chatscript for archives > > $ cat /etc/ppp/chatscript > ABORT BUSY > ABORT VOICE > ABORT "NO CARRIER" > ABORT "NO DIALTONE" > ABORT "NO DIAL TONE" > "" ATZ > OK ATE0V1&D2&C1S0=0+IFC=2,2 > OK AT+CGDCONT=1,"IP","general.t-mobile.uk" > OK ATDT*99# > CONNECT "" > $ > > > 2008/5/18 Barry Commander <[EMAIL PROTECTED]>: > >> I now have limited connectivity (I can ping and receive replies from >> internet hosts, but HTTP access time out). I'm using: >> >> # cat /etc/ppp/ppp.conf >> default: >> set log Phase Chat LCP IPCP CCP tun command$ cat /etc/ppp/chatscript >> ABORT BUSY >> ABORT VOICE >> ABORT "NO CARRIER" >> ABORT "NO DIALTONE" >> ABORT "NO DIAL TONE" >> "" ATZ >> OK ATE0V1&D2&C1S0=0+IFC=2,2 >> OK AT+CGDCONT=1,"IP","general.t-mobile.uk" >> OK ATDT*99# >> CONNECT "" >> $ >> >> >> tmobile: >> set device /dev/ttyU0 >> set speed 38400 >> set log ALL >> >> set login "\"!chat -f /etc/ppp/chatscript\"" >> set logout "ABORT BUSY ABORT ERROR TIMEOUT 30 \"\" +++ATH OK-ATH-OK" >> >> set phone *99***1\# >> set authname "web" >> set authkey "web" >> set timeout 120 >> set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 >> add default HISADDR >> enable dns >> disable ipv6cp >> >> which gives me: >> May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: 0.0.0.0/0: Change >> route failed: errno: No such process >> May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: 10.0.0.2: Change >> route failed: errno: No such process >> May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: ff01:5::/32: Change >> route failed: errno: No such process >> May 18 16:10:06 tom-laptop ppp[17987]: tun0: Warning: tun0: DIFADDR >> 10.33.237.63/24 -> 10.0.0.2 returns 0 >> >> I've tried setting my default route to both 10.33.237.63 and 10.0.0.2 and >> get the same limited connectivity with both. >> Any clues? >> Regards >> >> Barry >> >> >> >> 2008/5/18 Barry Commander <[EMAIL PROTECTED]>: >> >>> So far I have: >>> >>> default: >>> set log Phase Chat LCP IPCP CCP tun command >>> >>> tmobile: >>> set device /dev/cua00 >>> set speed 38400 >>> set log ALL >>> >>> set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \ >>> \"\" AT OK-AT-OK ATZ OK \ >>> >>> AT+CGDCONT=1,\\\"IP\\\",\\\"general.t-mobile.uk\\\",\\\"0.0.0.0\\\",0,0 >>> OK \ >>> AT+CGATT=1 OK \ >>> \\dATDT\\T TIMEOUT 40 CONNECT" >>> >>> set logout "ABORT BUSY ABORT ERROR TIMEOUT 30 \"\" +++ATH OK-ATH-OK" >>> >>> set phone *99***1# >>> set authname "web" >>> set authkey "web" >>> set timeout 120 >>> set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 >>> add default HISADDR >>> enable dns >>> disable ipv6cp >>> >>> Which gives: >>> # ppp -auto tmobile >>> Working in auto mode >>> Using interface: tun0 >>> Warning: tun0: AIFADDR 10.0.0.1/24 -> 10.0.0.2 returns 0 >>> Warning: Add route failed: 0.0.0.0/0 already exists >>> # >>> >>> May 18 14:50:40 tom-laptop ppp[8643]: tun0: Warning: tun0: AIFADDR >>> 10.0.0.1/24 -> 10.0.0.2 returns 0 >>> May 18 14:50:40 tom-laptop ppp[8643]: tun0: Warning: Add route failed: >>> 0.0.0.0/0 already exists >>> May 18 14:50:50 tom-laptop ppp[32305]: tun0: Warning: Chat script failed >>> >>> # route -n show >>> Routing tables >>> >>> Internet: >>> DestinationGatewayFlags Refs Use Mtu Prio >>> Iface >>> default192.168.1.1UGS7 1315 - 8 >>> iwn0 >>> 10.0.0.2 10.0.0.1 UH 00 - 4 >>> tun0 >>> 127/8 127.0.0.1 UGRS 00 33208 8 >>> lo0 >>> 127.0.0.1 127.0.0.1 UH 10 33208 4 >>> lo0 >>> 192.168.1/24 link#1 UC 10 - 4 >>> iwn0 >>> 192.168.1.100:0e:2e:85:c4:13 UHLc 1 31 - 4 >>> iwn0 >>> 224/4 127.0.0.1 URS00 33208 8 >>> lo0 >>> >>> # ifconfig tun0 >>> tun0: flags=8051 mtu 1500 >>> groups: tun >>> inet 10.0.0.1 --> 10.0.0.2 netmask 0xff00 >>> >>> Any other info of use? >>> Thanks >>> Barry >>> >>> 2008/5/18 Barry Commander <[EMAIL PROTECTED]>: >>> >>> Hello I've tried and failed for a few days to convert the following wvdial.conf to something suitable for use on OpenBSD ( I was thinking ppp.conf ) Could someone show me a working example please? [EMAIL PROTECTED]:~$ cat /etc/wvdial.conf [Dialer Defaults] Phone = *99***1# Username = web Password = web Stupid Mode = 1 Dial Command = ATDT Modem = /dev/ttyUSB0 Baud = 460800 Init2 = ATZ Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 ISDN = 0 Modem Type = Analog Modem Init5 =
Re: pf-altq-bandwith_problem
Maxim Belooussov escribis: Hi, I have a little problem when trying to setup a altq bandwidth shape with pf. My intention is to give Joe only 100Kbs (bits) of the Internet total bandwidth, and also I have set some local local servers on my OpenBSD to give some services to Joe, but I also want to give it at the 100Kbs speed mentioned before, even beign local network (up to 100Mbs). my pf.conf (very simple, very unsafe, just to try this) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ext_if="rl0" int_if="sk0" scrub in all altq on $int_if cbq bandwidth 100Kb queue main queue main bandwidth 100% cbq(default) nat on $ext_if from $int_if:network -> $ext_if block all pass queue main =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Have you tried tagging the traffic for Joe and then altq it on tag? or, first, you could try this one first: pass out on $int_if queue main (sorry if it didn't help, I haven't played with altq since I left adsl world three years ago) Max I will try, thanks for the info. Just to make sure I'm not dealing with a bug can anyone try this??... just set a global limit to a interface ($int_if), then do a ftp transfer to the gateway ( the one with the PF+ALTQ) and time the put and get transfers with a large file. When I get a download time of 3 minutes, the upload is of 10 seconds... :s Thanks for your time. -Jesus
Re: wvdial.conf -> ppp.conf
chatscript for archives $ cat /etc/ppp/chatscript ABORT BUSY ABORT VOICE ABORT "NO CARRIER" ABORT "NO DIALTONE" ABORT "NO DIAL TONE" "" ATZ OK ATE0V1&D2&C1S0=0+IFC=2,2 OK AT+CGDCONT=1,"IP","general.t-mobile.uk" OK ATDT*99# CONNECT "" $ 2008/5/18 Barry Commander <[EMAIL PROTECTED]>: > I now have limited connectivity (I can ping and receive replies from > internet hosts, but HTTP access time out). I'm using: > > # cat /etc/ppp/ppp.conf > default: > set log Phase Chat LCP IPCP CCP tun command$ cat /etc/ppp/chatscript > ABORT BUSY > ABORT VOICE > ABORT "NO CARRIER" > ABORT "NO DIALTONE" > ABORT "NO DIAL TONE" > "" ATZ > OK ATE0V1&D2&C1S0=0+IFC=2,2 > OK AT+CGDCONT=1,"IP","general.t-mobile.uk" > OK ATDT*99# > CONNECT "" > $ > > > tmobile: > set device /dev/ttyU0 > set speed 38400 > set log ALL > > set login "\"!chat -f /etc/ppp/chatscript\"" > set logout "ABORT BUSY ABORT ERROR TIMEOUT 30 \"\" +++ATH OK-ATH-OK" > > set phone *99***1\# > set authname "web" > set authkey "web" > set timeout 120 > set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 > add default HISADDR > enable dns > disable ipv6cp > > which gives me: > May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: 0.0.0.0/0: Change > route failed: errno: No such process > May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: 10.0.0.2: Change > route failed: errno: No such process > May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: ff01:5::/32: Change > route failed: errno: No such process > May 18 16:10:06 tom-laptop ppp[17987]: tun0: Warning: tun0: DIFADDR > 10.33.237.63/24 -> 10.0.0.2 returns 0 > > I've tried setting my default route to both 10.33.237.63 and 10.0.0.2 and > get the same limited connectivity with both. > Any clues? > Regards > > Barry > > > > 2008/5/18 Barry Commander <[EMAIL PROTECTED]>: > >> So far I have: >> >> default: >> set log Phase Chat LCP IPCP CCP tun command >> >> tmobile: >> set device /dev/cua00 >> set speed 38400 >> set log ALL >> >> set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \ >> \"\" AT OK-AT-OK ATZ OK \ >> >> AT+CGDCONT=1,\\\"IP\\\",\\\"general.t-mobile.uk\\\",\\\"0.0.0.0\\\",0,0 >> OK \ >> AT+CGATT=1 OK \ >> \\dATDT\\T TIMEOUT 40 CONNECT" >> >> set logout "ABORT BUSY ABORT ERROR TIMEOUT 30 \"\" +++ATH OK-ATH-OK" >> >> set phone *99***1# >> set authname "web" >> set authkey "web" >> set timeout 120 >> set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 >> add default HISADDR >> enable dns >> disable ipv6cp >> >> Which gives: >> # ppp -auto tmobile >> Working in auto mode >> Using interface: tun0 >> Warning: tun0: AIFADDR 10.0.0.1/24 -> 10.0.0.2 returns 0 >> Warning: Add route failed: 0.0.0.0/0 already exists >> # >> >> May 18 14:50:40 tom-laptop ppp[8643]: tun0: Warning: tun0: AIFADDR >> 10.0.0.1/24 -> 10.0.0.2 returns 0 >> May 18 14:50:40 tom-laptop ppp[8643]: tun0: Warning: Add route failed: >> 0.0.0.0/0 already exists >> May 18 14:50:50 tom-laptop ppp[32305]: tun0: Warning: Chat script failed >> >> # route -n show >> Routing tables >> >> Internet: >> DestinationGatewayFlags Refs Use Mtu Prio >> Iface >> default192.168.1.1UGS7 1315 - 8 >> iwn0 >> 10.0.0.2 10.0.0.1 UH 00 - 4 >> tun0 >> 127/8 127.0.0.1 UGRS 00 33208 8 >> lo0 >> 127.0.0.1 127.0.0.1 UH 10 33208 4 >> lo0 >> 192.168.1/24 link#1 UC 10 - 4 >> iwn0 >> 192.168.1.100:0e:2e:85:c4:13 UHLc 1 31 - 4 >> iwn0 >> 224/4 127.0.0.1 URS00 33208 8 >> lo0 >> >> # ifconfig tun0 >> tun0: flags=8051 mtu 1500 >> groups: tun >> inet 10.0.0.1 --> 10.0.0.2 netmask 0xff00 >> >> Any other info of use? >> Thanks >> Barry >> >> 2008/5/18 Barry Commander <[EMAIL PROTECTED]>: >> >> Hello >>> I've tried and failed for a few days to convert the following wvdial.conf >>> to something suitable for use on OpenBSD ( I was thinking ppp.conf ) >>> Could someone show me a working example please? >>> >>> [EMAIL PROTECTED]:~$ cat /etc/wvdial.conf >>> [Dialer Defaults] >>> Phone = *99***1# >>> Username = web >>> Password = web >>> Stupid Mode = 1 >>> Dial Command = ATDT >>> Modem = /dev/ttyUSB0 >>> Baud = 460800 >>> Init2 = ATZ >>> Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 >>> ISDN = 0 >>> Modem Type = Analog Modem >>> Init5 = AT+CGDCONT=1,"IP","general.t-mobile.uk"; >>> >>> >>> Any help will be really appreciated! >>> Thanks >>> Barry
Re: wvdial.conf -> ppp.conf
I now have limited connectivity (I can ping and receive replies from internet hosts, but HTTP access time out). I'm using: # cat /etc/ppp/ppp.conf default: set log Phase Chat LCP IPCP CCP tun command tmobile: set device /dev/ttyU0 set speed 38400 set log ALL set login "\"!chat -f /etc/ppp/chatscript\"" set logout "ABORT BUSY ABORT ERROR TIMEOUT 30 \"\" +++ATH OK-ATH-OK" set phone *99***1\# set authname "web" set authkey "web" set timeout 120 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 add default HISADDR enable dns disable ipv6cp which gives me: May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: 0.0.0.0/0: Change route failed: errno: No such process May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: 10.0.0.2: Change route failed: errno: No such process May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: ff01:5::/32: Change route failed: errno: No such process May 18 16:10:06 tom-laptop ppp[17987]: tun0: Warning: tun0: DIFADDR 10.33.237.63/24 -> 10.0.0.2 returns 0 I've tried setting my default route to both 10.33.237.63 and 10.0.0.2 and get the same limited connectivity with both. Any clues? Regards Barry 2008/5/18 Barry Commander <[EMAIL PROTECTED]>: > So far I have: > > default: > set log Phase Chat LCP IPCP CCP tun command > > tmobile: > set device /dev/cua00 > set speed 38400 > set log ALL > > set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \ > \"\" AT OK-AT-OK ATZ OK \ > > AT+CGDCONT=1,\\\"IP\\\",\\\"general.t-mobile.uk\\\",\\\"0.0.0.0\\\",0,0 > OK \ > AT+CGATT=1 OK \ > \\dATDT\\T TIMEOUT 40 CONNECT" > > set logout "ABORT BUSY ABORT ERROR TIMEOUT 30 \"\" +++ATH OK-ATH-OK" > > set phone *99***1# > set authname "web" > set authkey "web" > set timeout 120 > set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 > add default HISADDR > enable dns > disable ipv6cp > > Which gives: > # ppp -auto tmobile > Working in auto mode > Using interface: tun0 > Warning: tun0: AIFADDR 10.0.0.1/24 -> 10.0.0.2 returns 0 > Warning: Add route failed: 0.0.0.0/0 already exists > # > > May 18 14:50:40 tom-laptop ppp[8643]: tun0: Warning: tun0: AIFADDR > 10.0.0.1/24 -> 10.0.0.2 returns 0 > May 18 14:50:40 tom-laptop ppp[8643]: tun0: Warning: Add route failed: > 0.0.0.0/0 already exists > May 18 14:50:50 tom-laptop ppp[32305]: tun0: Warning: Chat script failed > > # route -n show > Routing tables > > Internet: > DestinationGatewayFlags Refs Use Mtu Prio > Iface > default192.168.1.1UGS7 1315 - 8 > iwn0 > 10.0.0.2 10.0.0.1 UH 00 - 4 > tun0 > 127/8 127.0.0.1 UGRS 00 33208 8 > lo0 > 127.0.0.1 127.0.0.1 UH 10 33208 4 > lo0 > 192.168.1/24 link#1 UC 10 - 4 > iwn0 > 192.168.1.100:0e:2e:85:c4:13 UHLc 1 31 - 4 > iwn0 > 224/4 127.0.0.1 URS00 33208 8 > lo0 > > # ifconfig tun0 > tun0: flags=8051 mtu 1500 > groups: tun > inet 10.0.0.1 --> 10.0.0.2 netmask 0xff00 > > Any other info of use? > Thanks > Barry > > 2008/5/18 Barry Commander <[EMAIL PROTECTED]>: > > Hello >> I've tried and failed for a few days to convert the following wvdial.conf >> to something suitable for use on OpenBSD ( I was thinking ppp.conf ) >> Could someone show me a working example please? >> >> [EMAIL PROTECTED]:~$ cat /etc/wvdial.conf >> [Dialer Defaults] >> Phone = *99***1# >> Username = web >> Password = web >> Stupid Mode = 1 >> Dial Command = ATDT >> Modem = /dev/ttyUSB0 >> Baud = 460800 >> Init2 = ATZ >> Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 >> ISDN = 0 >> Modem Type = Analog Modem >> Init5 = AT+CGDCONT=1,"IP","general.t-mobile.uk"; >> >> >> Any help will be really appreciated! >> Thanks >> Barry
Re: PHP gd library isn't loading...
Stuart Henderson wrote: On 2008-05-18, Jeff Ross <[EMAIL PROTECTED]> wrote: PHP Warning: PHP Startup: Unable to load dynamic library '/var/www/lib/php/modules/gd.so' - Cannot load specified object in Unknown on line 0 php5-gd-5.2.5 image manipulation extensions for php5 This is not the no_x11 flavour; have you installed xbase? Thanks to all who replied. I did have xbase installed but it was an older version. Bringing everything back up to current fixed that problem. Now all I have to do is get php built with tidy support :-( Jeff
Re: S/Key *and* password for SSH login
Stuart Henderson wrote: On 2008-05-18, Mark Shroyer <[EMAIL PROTECTED]> wrote: I've set up a nice secondary authentication mechanism on a Linux server. I use this when I must shell in from, e.g., a computer lab, and I don't have an authorized SSH private key on my workstation. To login without a private key, I must: 1) Enter my account's current S/Key one-time password and 2) Enter my Unix password in sequence. In what way does typing your password in to an untrusted machine improve security? it's 2 factor authentication, duh! i read about that on the intarnetz so it must be a good idea regardless of the 2 factors i choose. ;)
Re: S/Key *and* password for SSH login
On 2008-05-18, Mark Shroyer <[EMAIL PROTECTED]> wrote: > I've set up a nice secondary authentication mechanism on a Linux server. > I use this when I must shell in from, e.g., a computer lab, and I don't > have an authorized SSH private key on my workstation. To login without > a private key, I must: > > 1) Enter my account's current S/Key one-time password > > and > > 2) Enter my Unix password > > in sequence. In what way does typing your password in to an untrusted machine improve security?
Re: wvdial.conf -> ppp.conf
So far I have: default: set log Phase Chat LCP IPCP CCP tun command tmobile: set device /dev/cua00 set speed 38400 set log ALL set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \ \"\" AT OK-AT-OK ATZ OK \ AT+CGDCONT=1,\\\"IP\\\",\\\"general.t-mobile.uk\\\",\\\"0.0.0.0\\\",0,0 OK \ AT+CGATT=1 OK \ \\dATDT\\T TIMEOUT 40 CONNECT" set logout "ABORT BUSY ABORT ERROR TIMEOUT 30 \"\" +++ATH OK-ATH-OK" set phone *99***1# set authname "web" set authkey "web" set timeout 120 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 add default HISADDR enable dns disable ipv6cp Which gives: # ppp -auto tmobile Working in auto mode Using interface: tun0 Warning: tun0: AIFADDR 10.0.0.1/24 -> 10.0.0.2 returns 0 Warning: Add route failed: 0.0.0.0/0 already exists # May 18 14:50:40 tom-laptop ppp[8643]: tun0: Warning: tun0: AIFADDR 10.0.0.1/24 -> 10.0.0.2 returns 0 May 18 14:50:40 tom-laptop ppp[8643]: tun0: Warning: Add route failed: 0.0.0.0/0 already exists May 18 14:50:50 tom-laptop ppp[32305]: tun0: Warning: Chat script failed # route -n show Routing tables Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default192.168.1.1UGS7 1315 - 8 iwn0 10.0.0.2 10.0.0.1 UH 00 - 4 tun0 127/8 127.0.0.1 UGRS 00 33208 8 lo0 127.0.0.1 127.0.0.1 UH 10 33208 4 lo0 192.168.1/24 link#1 UC 10 - 4 iwn0 192.168.1.100:0e:2e:85:c4:13 UHLc 1 31 - 4 iwn0 224/4 127.0.0.1 URS00 33208 8 lo0 # ifconfig tun0 tun0: flags=8051 mtu 1500 groups: tun inet 10.0.0.1 --> 10.0.0.2 netmask 0xff00 Any other info of use? Thanks Barry 2008/5/18 Barry Commander <[EMAIL PROTECTED]>: > Hello > I've tried and failed for a few days to convert the following wvdial.conf > to something suitable for use on OpenBSD ( I was thinking ppp.conf ) > Could someone show me a working example please? > > [EMAIL PROTECTED]:~$ cat /etc/wvdial.conf > [Dialer Defaults] > Phone = *99***1# > Username = web > Password = web > Stupid Mode = 1 > Dial Command = ATDT > Modem = /dev/ttyUSB0 > Baud = 460800 > Init2 = ATZ > Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 > ISDN = 0 > Modem Type = Analog Modem > Init5 = AT+CGDCONT=1,"IP","general.t-mobile.uk"; > > > Any help will be really appreciated! > Thanks > Barry
4.3, snapshot panic while booting after ahci when no cd in drive (amd64)
Hi, I just discovered this weird behaviour. It looks like I've always booted this machine with any kind of cd/dvd in the sata attached dvd-rw drive. Without a cd the kernel panics right after the ahci message. Well, the workaround is obvious. I tried it on 4.3 amd64 and the snapshot from May 2 (which may be the same anyway..?) The messages are from snapshot. I attached the full dmesg from the booted system at the end. Since I don't have acces to a serial console I'm typing this off of the screen. I hope this is worth it and helps improving.. ddb output: ahci0 at pci0 dev 18 function 0 "ATI ICP600 SATA" rev 0x00: irq 11, AHCI 1.1 scsibus0 at ahci0: 32 targets panic: kernel diagnostic assertion "ccb->ccb_xa.state == ATA_S_ONCHIP" failed: file "/usr/src/sys/dev/pci/ahci.c", line 1788 Stopped at Debugger+0x5:leave Debugger() at Debugger+0x5 panic() at panic+0x12a __assert() at __assert+0x21 ahci_port_intr() at ahci_port_intr+0x218 ahci_poll() at ahci_poll+0x4d ahci_ata_cmd() at ahci_ata_cmd+0x9f ata_exec() at ata_exec+0x1a scsi_execute_xs() at scsi_execute_xs+0x6d scsi_scsi_cmd() at scsi_scsi_cmd+0xcb scsi_test_unit_ready() at ascsi_test_unit_ready+0x4d end trace frame: 0x80c25a70, count: 0 ddb> trace Debugger() at Debugger+0x5r panic() at panic+0x12a __assert() at __assert+0x21 ahci_port_intr() at ahci_port_intr+0x218 ahci_poll() at ahci_poll+0x4d ahci_ata_cmd() at ahci_ata_cmd+0x9f ata_exec() at ata_exec+0x19 scsi_execute_xs() at scsi_execute_xs+0x6d scsi_scsi_cmd() ata scsi_scsi_cmd+0xcb scsi_test_unit_ready() ata scsi_test_unit_ready+0x4d scsi_probedev() at scsi_pobedev+0x28a scsi_probe_target() at scsi_probe_target+0x26 scsi_probe_bus() at scsi_probe_bus+0x38 config_attach() at config_attach+0x11b atascsi_attach() at atascsi_attach+0xf8 ahci_pci_attach() ata ahci_pci_attach+0x17d config_attach() at config_attach+0x11b pci_probe_device() at pci_probe_device+0x20e pci_enumerate_bus() at pci_enumerate_bus+0x104 config_attach() at config_attach+0x11b cpu_configure() at cpu_configure+0x1c main() at main+0x3b2 end trace frame: 0x0, count: -24 ddb> ps PID PPID PGRP UID S FLAGS WAIT COMMAND *0 -1 0 0 7 0x80200 swapper full dmesg: OpenBSD 4.3-current (GENERIC) #1430: Fri May 2 03:06:32 MDT 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 2012672000 (1919MB) avail mem = 1942323200 (1852MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xfb990 (48 entries) bios0: vendor American Megatrends Inc. version "V1.5" date 10/15/2007 bios0: MICRO-STAR INTERANTIONAL CO.,LTD MS-7368 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC MCFG OEMB HPET SSDT acpi0: wakeup devices PCE2(S0) PCE3(S0) PCE4(S0) PCE5(S0) PCE6(S0) PCE7(S0) SBAZ(S0) PS2K(S0) PS2M(S0) P0PC(S0) AC97(S0) MC97(S0) USB1(S0) USB2(S0) USB3(S0) USB4(S0) USB5(S0) EUSB(S0) PWRB(S0) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpihpet0 at acpi0: 14318180 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (P0P1) acpiprt2 at acpi0: bus -1 (PCE2) acpiprt3 at acpi0: bus -1 (PCE3) acpiprt4 at acpi0: bus -1 (PCE4) acpiprt5 at acpi0: bus -1 (PCE5) acpiprt6 at acpi0: bus -1 (PCE6) acpiprt7 at acpi0: bus 2 (PCE7) acpiprt8 at acpi0: bus 3 (P0PC) acpicpu0 at acpi0: PSS acpibtn0 at acpi0: PWRB cpu0 at mainbus0: (uniprocessor) cpu0: AMD Athlon(tm) Processor LE-1600, 2200.28 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: PowerNow! K8 2200 MHz: speeds: 2200 2000 1800 1000 MHz pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 "ATI RS690 Host" rev 0x00 ppb0 at pci0 dev 1 function 0 "ATI RS690 PCIE" rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 "ATI Radeon X1250" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) azalia0 at pci1 dev 5 function 2 "ATI RS690 HD Audio" rev 0x00: irq 10 azalia0: /usr/src/sys/dev/pci/azalia.c/1359 invalid PCM format: 0x azalia0: No codecs found ppb1 at pci0 dev 7 function 0 "ATI RS690 PCIE" rev 0x00 pci2 at ppb1 bus 2 re0 at pci2 dev 0 function 0 "Realtek 8168" rev 0x01: RTL8168 2 (0x3800), irq 10, address 00:1d:92:34:4f:37 rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2 ahci0 at pci0 dev 18 function 0 "ATI IXP600 SATA" rev 0x00: irq 11, AHCI 1.1 scsibus0 at ahci0: 32 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable sd0 at scsibus0 targ 1 lun 0: ATAPI 0/direct fixed sd0: 76319MB, 9729 cyl, 255 head, 63 sec, 512 bytes/sec, 156301488 sec total ohci0 at pci0 dev 19 function 0 "ATI IXP600 USB" rev 0x00: irq 5, version 1.0, legacy support ohci1 at pci0 dev 19 functio
wvdial.conf -> ppp.conf
Hello I've tried and failed for a few days to convert the following wvdial.conf to something suitable for use on OpenBSD ( I was thinking ppp.conf ) Could someone show me a working example please? [EMAIL PROTECTED]:~$ cat /etc/wvdial.conf [Dialer Defaults] Phone = *99***1# Username = web Password = web Stupid Mode = 1 Dial Command = ATDT Modem = /dev/ttyUSB0 Baud = 460800 Init2 = ATZ Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 ISDN = 0 Modem Type = Analog Modem Init5 = AT+CGDCONT=1,"IP","general.t-mobile.uk"; Any help will be really appreciated! Thanks Barry
Re: [OpenBSD 4.2] dhclient issues
Chris schrieb: I am having issues with one of my OBSD boxes receiving DHCP IP address from my ADSL modem. This problem has just started recently and I am not sure if it's a software or hardware that's causing the issue. My network interface is fxp0 and if I do "ifconfig fxp0", it shows "status: no career". If I do "dhclient fxp0" I get the following: "no carrier" means no cable connection - check your hw. what do the status LEDs on either your nic and your modem indicate?
Re: PHP gd library isn't loading...
On 2008-05-18, Jeff Ross <[EMAIL PROTECTED]> wrote: > PHP Warning: PHP Startup: Unable to load dynamic library > '/var/www/lib/php/modules/gd.so' - Cannot load specified object in > Unknown on line 0 > > php5-gd-5.2.5 image manipulation extensions for php5 This is not the no_x11 flavour; have you installed xbase?
Re: pf-altq-bandwith_problem
On 2008-05-18, Lord Sporkton <[EMAIL PROTECTED]> wrote: > as a side note, i dont believe openbsd can do altq on anything other > than a physical interface, so if you put the servers on a dmz, make > sure to use a physical interface, not a vlan. altq works here on pppoe and vlan.
Re: Multicasting on OpenBSD
On 2008-05-18, Insan Praja SW <[EMAIL PROTECTED]> wrote: > Just wondering around, is there any multicasting technology (PIM-SM, > PIM-SSM etc) currently developed or implemented in OpenBSD?. Since working > with this unbelievable OS (especially with routing/filtering/forwarding) I > wish to know more about it. You might be able to do PIM-SM using Xorp (in ports). In base we have DVMRP support (look at dvmrpd not mrouted). On the smaller end of the pipe, igmpproxy (in ports) works nicely for me with the BBC's multicast feeds.
S/Key *and* password for SSH login
I've set up a nice secondary authentication mechanism on a Linux server. I use this when I must shell in from, e.g., a computer lab, and I don't have an authorized SSH private key on my workstation. To login without a private key, I must: 1) Enter my account's current S/Key one-time password and 2) Enter my Unix password in sequence. Importantly, if I enter the correct S/Key password but then an incorrect Unix password, I must proceed to supply the *next* S/Key password before I can try entering the Unix password again. This means that even if someone knows my current one-time password, he can use it to take only a single shot at guessing my Unix password; the overall strength of the authentication scheme is essentially the product of my Unix password's and S/Key's strength. With PAM, I achieve this by putting the following in /etc/pam.d/ssh: auth requisite pam_opie.so auth required pam_unix.so (OPIE is an S/Key implementation on Linux.) Now I'd like to set up the same scheme on my OpenBSD machines. But how? I don't mind implementing my own BSD Auth mechanism, if I must, in order to obtain the desired logic, but even then I don't know how I would configure sshd to use it exclusively without changing the behavior of console logins as well: As far as I can tell, login.conf doesn't let one specify SSH-specific rules like it does for FTP (there's no auth-ssh-defaults hiding somewhere, is there?), and I can't find anything pertinent in the OpenSSH documentation either. Simply logging in with "username:skey_and_passwd" (where login_skey_and_passwd is my hypothetical BSD Auth mechanism) wouldn't suffice, because my goal is to require authenticating with both factors, not to make it optional; but disabling password logins across the board by setting auth-defaults won't do it either, because I still want to authenticate with just my password when I login from the console. So, any thoughts? Thanks in advance! -- Mark Shroyer http://markshroyer.com/contact/
Re: PHP gd library isn't loading...
On 18/05/2008, at 12:09 PM, Jeff Ross wrote: It seems that I've somehow lost the ability to load the php5-gd library into apache on my more or less -current box, even though I've installed the package and made the link as instructed when I installed the package. A page that pulls php_info() doesn't show gd at all, and if I tack a call to gd_info() to that script the whole thing fails with a function not found error. When I start or re-start apache I do not get any errors, but when I run a scrip from the cli I get this: PHP Warning: PHP Startup: Unable to load dynamic library '/var/www/ lib/php/modules/gd.so' - Cannot load specified object in Unknown on line 0 Was this all working before and suddenly stopped working? Or something that you are trying to get going for the first time? What does the gd.so module say that it needs (use ldd?) I have not got an OpenBSD current PHP 5 system to hand, this is from FreeBSD, so may or may not help. > ldd /usr/local/lib/php/20060613/gd.so /usr/local/lib/php/20060613/gd.so: libt1.so.5 => /usr/local/lib/libt1.so.5 (0x281b6000) libfreetype.so.9 => /usr/local/lib/libfreetype.so.9 (0x28207000) libX11.so.6 => /usr/local/lib/libX11.so.6 (0x2826f000) libXpm.so.4 => /usr/local/lib/libXpm.so.4 (0x28354000) libpng.so.5 => /usr/local/lib/libpng.so.5 (0x28363000) libz.so.3 => /lib/libz.so.3 (0x28385000) libjpeg.so.9 => /usr/local/lib/libjpeg.so.9 (0x28396000) libm.so.4 => /lib/libm.so.4 (0x283b4000) libXau.so.6 => /usr/local/lib/libXau.so.6 (0x283ca000) libXdmcp.so.6 => /usr/local/lib/libXdmcp.so.6 (0x283cd000) librpcsvc.so.3 => /usr/lib/librpcsvc.so.3 (0x283d2000) Do you need to copy anything else into the chrooted() Apache environment? (Not that it helps with the CLI error message, but the ldd advice is in there.) http://www.openbsd.org/faq/faq10.html#httpdchroot php.ini OK? HTH.
[OpenBSD 4.2] dhclient issues
I am having issues with one of my OBSD boxes receiving DHCP IP address from my ADSL modem. This problem has just started recently and I am not sure if it's a software or hardware that's causing the issue. My network interface is fxp0 and if I do "ifconfig fxp0", it shows "status: no career". If I do "dhclient fxp0" I get the following: DHCPREQUEST on fxp0 to 255.255.255.255 port 67 DHCPREQUEST on fxp0 to 255.255.255.255 port 67 DHCPREQUEST on fxp0 to 255.255.255.255 port 67 DHCPREQUEST on fxp0 to 255.255.255.255 port 67 DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 1 DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 2 DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 5 DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 11 DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 13 DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 12 DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 13 DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 4 No DHCPOFFERS received. Trying recorded lease 192.16.25.11 bound: renewal in 13249 seconds My /etc/hostname.fxp0 file reads: dhcp NONE NONE NONE NONE. I have been using this exact same setting for a long time now. I don't have any problem with the ADSL modem as other machines can receive DHCP addresses fine. I have also changed the CAT5 cable. Is there anything more I could do to figure out what the problem is? Or am I doing something wrong? Thanks for any help.
$30milion business proposal if you are interested reply me or call+22678217398
You are invited to "$30milion business proposal if you are interested reply me or call+22678217398". By your host Mohammed Ali: Date: Sunday May 18, 2008 Time: 8:00 am - 9:00 am (GMT +00:00) Will you attend? RSVP to this invitation at: http://calendar.yahoo.com/mohammed.ali001?v=126&a1=0&iid=uhBnfgpbIuxC%40JH7JxQNQqd%40oFAbBMnGHpC76F7bW9v%40&igid=uhBnfgpbIuxC%40JH7JxQNQqd%409FBbBM7CWpC7MB7fW9v%40 Copyright ) 2008 All Rights Reserved www.yahoo.com Privacy Policy: http://privacy.yahoo.com/privacy/us Terms of Service: http://docs.yahoo.com/info/terms/
Problems trunk-ing tun interfaces
I need help trunking tun interfaces. Actual goal - aggregate six ADSL connections from an office to a central network with gigE internet access for higher bandwidth to the office. Current state- four layer 2 tunnels that work individually, but which fail when part of a trunk virtual interface I've tried trunkproto of roundrobin, loadbalance and failover and none of them work. When not part of the trunk, the individual tun pass traffic properly. Is there some sysctl setting I'm not aware of that is required for trunking the tun interfaces to pass IP traffic across all the tun interfaces? -- Romar Morales