Re: OpenBSD as MS RIS-Server alternative?

[Lars Noodén]

Richard Daemon wrote:
> Sweet! I'm going to give this a try, this is something I've been
> looking for, for a while.
> 
> pxelinux boot prompt? Should work with OpenBSD's pxeboot the same way?

No comment.  I'm a novice at all that, but have been using an
OpenBSD-running Soekris unit as a portable PXE jukebox.  For the last
month and a half, I was serving up OpenBSD 4.2 and Debian 4.

The CF size I have limits me to the contents of two smaller ISO images,
or less.  I'd like to try more releases at the same time and have all of
the release, not just the net install.  I've generally done net install
via the regular mirrors.  When it was just one system, I could one
system use all the space and also serve up parts via anon ftp from the
same unit.

If you serve Debian or any Debian-based distros, especially in a hostile
environment (e.g. blocking most mirror sites, non-HTTP ports and
dropping connections)  I strongly recommend using Apt-Cacher.  If you
have the disk space and/or things are really very hostile, then pre-load
the cache in a more amenable environment.  Be warned that apt-cacher
will spawn a lot of processes.  Squid will work fine for both
installations, but in my (mis-)configuration provides little or no gain
for speed.  YMMV.

For the linux installs you can make limited modifications (e.g.
partitioning) with Kickstart or if you're tough, preseed.  For OpenBSD
customizations, I make one or two extra sets and serve those.

Regards,
-Lars

Please, Do not neglect this mail,19/05/2008

[Engr. Abubakar Lawal Yaradua.]

Please, Do not neglect this mail,
 
I am Engr. Abubakar Lawal Yaradua, The Group Managing Director of the Nigerian 
National Petroleum Corporation (NNPC),  By virtue of my position I can 
influence the issuance of the Bonny Light Crude Oil Allocation without having 
to pay for it. We will only pay the cost of the crude oil after we have sold 
it. Our own gain will be the commission which we will make from the sale of the 
product.
 
I am making this contact to you to seek your co-operation so that we can work 
together as partners to actualize the above goal. I cannot do it directly 
because issuing the crude oil allocation to myself will mean using my office 
for personal interest. That will expose me to prosecution as the law here does 
not permit that.
 
The allocation that will be issued to you is confirmable at Lloyds of London 
and also on Shell Screen. These are the two bodies that confirm crude oil 
transaction in the world. The confirmation will make every buyer see that the 
transaction is real and that you have legal right over the allocation.
 
If you are interested in this business please, get back to me so that I can 
brief you more.
 
Regards.
Engr. Abubakar Lawal Yaradua.

Possible to change indent length from 8 to 4 spaces in mg?

[Martin Gignac]

Hi,

I've been trying to figure out how to change the indent length when 
pressing the TAB key in mg from the standard 8 spaces to 4, but I haven't 
been able to find any setting that would seem to achieve this.


The man page and Google didn't turn up anything.

Is this at all possible in mg?

Thanks,
-Martin

Re: Multicasting on OpenBSD

[Insan Praja SW]

On Mon, 19 May 2008 02:50:33 +0700, Claudio Jeker  
<[EMAIL PROTECTED]> wrote:



On Mon, May 19, 2008 at 12:36:25AM +0700, Insan Praja SW wrote:
On Mon, 19 May 2008 00:18:49 +0700, Clint Pachl <[EMAIL PROTECTED]>  
wrote:

Hi Misc@,
I did man-it, yes I already know that OBSD got mrouted, mroute dan  
DVRMPD.

I'm just curious about it, cause I read Claudio Jeker's presentation on
obsd as routing platform that says there will be:
- mpls
- l2tp
- mac-in-mac
- bgp/vpn/vrf
which is all breakthrough in free-functional-secure os but nobody  
touches
PIM-SM/SSM. I'm not fussing about it, just curious.. Cause  
dvrmpd/mrouted

kinda.. emm.. outdated?
just my Rp2.00
Thanks,



Maybe that's because working on mpls, ospf6d and vrf at the same time is
already way to much for a bit of sparetime hacking. PIM-SM/SSM are beyond
complex. It will not happen anytime soon unless some new developers are
interested in this and start working on multicast routing.

Yap, I truly understand. Made me wanna return to college and push more  
effort on C :D

Good Luck Claudio,
Best Regards,




--
insandotpraja(at)gmaildotcom

[rn_walktree+0x3f] Panic During BGP+CARP Fail-Over

[Insan Praja SW]

Hi Misc@,
While working/experimenting with bgpd + carp and storing the prefix learn
by bgpd to a pftable, the carp peer hang when the other peer is rebooted.
Works ok before storing this prefixes to pftable. Both router are
identical.
So here is the config file on each router, dmesg and of course, the ddb
and trace,

Core1
||
|-- GWprefix feeder
||
Core2

Core1
pf.conf
---
in_if="em0"
ext_if="em1"
pfsync_if="em2"

set skip on lo
set limit {states 3, frags 15000}
scrub in all
table  persist
table  persist
table  const {192.168.0.0/16, 172.16.0.0/12, 0.0.0.0/7, 2.0.0.0/8,
5.0.0.
0/8, 7.0.0.0/8, 23.0.0.0/8, 27.0.0.0/8, 31.0.0.0/8, 36.0.0.0/7,
39.0.0.0/8, 42.0
.0.0/8, 49.0.0.0/8, 50.0.0.0/8, 94.0.0.0/7, 100.0.0.0/6, 104.0.0.0/5,
112.0.0.0/
6, 169.254.0.0/16, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/5, 184.0.0.0/6}

#allow all loopback interface to communicate
pass quick on lo0 all

#allow pfsync traffic in real interface not virtual interface
pass quick on $pfsync_if proto pfsync keep state

#allow CARP traffic
pass quick on {$in_if, $ext_if} proto carp keep state

#allow CARP traffic
pass quick on {$in_if, $ext_if} proto carp keep state

#allow icmp traffic
pass in quick on {$in_if, $ext_if, $pfsync_if} inet proto icmp from any to
any k
eep state
#pass in quick on $ext_if inet proto icmp from any to any keep state

#allow ssh access
pass in quick on {$in_if, $ext_if, $pfsync_if} proto tcp from any to any
port 22
 keep state

pass in quick on {$in_if, $ext_if, $pfsync_if} from  to any keep
state tag
 ALLOW
pass out quick on {$in_if, $ext_if, $pfsync_if} tagged ALLOW

block in quick on {$in_if, $ext_if, $pfsync_if} from  to any
tag BL
OK
block out quick on {$in_if, $ext_if, $pfsync_if} tagged BLOK

block in quick on {$in_if, $ext_if, $pfsync_if} from  to any tag
BLOCKED
block out quick on {$in_if, $ext_if, $pfsync_if} tagged BLOCKED

bgpd.conf
-
#macros
peer1="202.149.93.241"
peer2="10.10.10.5"

# global configuration
AS 65022
router-id 10.10.10.3
holdtime 180
holdtime min 3
listen on 127.0.0.1
listen on 10.10.10.3
fib-update yes
nexthop qualify via bgp
log updates
network 202.149.93.176/28

neighbor $peer1 {
remote-as   65021
descr   office-gtw
announceall
announce capabilities   yes
demote  carp
softreconfigin yes

softreconfigout yes
}
neighbor $peer2 {
remote-as   65022
descr   core2-exp
announceall
announce capabilities yes
softreconfigin yes
softreconfigout yes
tcp md5sig password  lalerijo
set pftable "bgpd"
}

deny from any
allow from any inet prefixlen 8 - 24
allow from {$peer1 $peer2} inet prefixlen 8 - 30
allow to {$peer1 $peer2} prefix 202.149.93.176/28 prefixlen 8 - 30
# do not accept a default route
deny from any prefix 0.0.0.0/0
# filter bogus networks
deny from any prefix 10.0.0.0/8 prefixlen >= 8
deny from any prefix 172.16.0.0/12 prefixlen >= 12
deny from any prefix 192.168.0.0/16 prefixlen >= 16
deny from any prefix 169.254.0.0/16 prefixlen >= 16
deny from any prefix 192.0.2.0/24 prefixlen >= 24
deny from any prefix 224.0.0.0/4 prefixlen >= 4
deny from any prefix 240.0.0.0/4 prefixlen >= 4


Core2
pf.conf

in_if="em0"
ext_if="em1"
pfsync_if="vlan111"

set skip on lo
set limit {states 3, frags 15000}
scrub in all
table  persist
table  persist
table  const {192.168.0.0/16, 172.16.0.0/12, 0.0.0.0/7, 2.0.0.0/8,
5.0.0.
0/8, 7.0.0.0/8, 23.0.0.0/8, 27.0.0.0/8, 31.0.0.0/8, 36.0.0.0/7,
39.0.0.0/8, 42.0
.0.0/8, 9.0.0.0/8, 50.0.0.0/8, 94.0.0.0/7,100.0.0.0/6,104.0.0.0/5,
112.0.0.0/6,
169.254.0.0/16, 173.0.0.0/8, 174.0.0.0/7,176.0.0.0/5,184.0.0.0/6}


#allow all loopback interface to communicate
pass quick on lo0 all
pass all
#allow pfsync traffic in real interface not virtual interface
pass quick on $pfsync_if proto pfsync keep state

#allow CARP traffic
pass quick on {$in_if, $ext_if} proto carp keep state

#allow CARP traffic
pass quick on {$in_if, $ext_if} proto carp keep state

#allow icmp traffic
pass in quick on {$in_if, $ext_if, $pfsync_if} inet proto icmp from any to
any k
eep state
#pass in quick on $ext_if inet proto icmp from any to any keep state

#allow ssh access
pass in quick on {$in_if, $ext_if, $pfsync_if} proto tcp from any to any
port 22
 keep state

pass in quick on {$in_if, $ext_if, $pfsync_if} from  to any keep
state tag
 ALLOW
pass out quick on {$in_if, $ext_if, $pfsync_if} tagged ALLOW

block in quick on {$in_if, $ext_if, $pfsync_if} from  to any
tag BL
OK
block out quick on {$in_if, $ext_if, $pfsync_if} tagged BLOK

block in quick on {$in_if, $ext_if, $pfsync_if} from  to any tag
BLOCKED
block out quick on {$in_if, $ext_if, $pfsync_if} tagged BLOCKED

bgpd.conf
-
#macros
peer1="202.149.93.241"
peer2="10.10.10.3"

# global configuration
AS 65022
router-id 10.10.10.5
holdtime 180
holdtime min 3
listen on 127.0.0.1
listen o

Re: port/package messages about manual optional configuration?

[Hannah Schroeter]

Hi!

[Your quoting is severly messed up, please fix it; your line lengths too]

On Sun, May 18, 2008 at 06:53:16PM +, Jay wrote:
>That helps, thanks.
>How about though for the scenario where I just installed something, and all 
>its dependencies, without knowing what they are?

>Like:
> cd /usr/ports/x11/kde
> sudo make install 

>Seems like maybe the install messages should be logged somewhere specific?

> maybe sudo make install | tee lookthroughthislater.txt I guess I should use 
> tee or > more.

>Ah, this is close:
> cd /var/db/pkg 
> pkg_info -M *

That's about the same as pkg_info -M -a

>You know, at least it tells me for everything installed on my machine, not 
>necessarily sorted by time or anything.

You can, of course, get an approximation by ls -tr on /var/db/pkg
(however already installed packages where dependencies are registered
get touched, too).

Also see script to record what happens on a make install/pkg_add
session.

> - Jay

Kind regards,

Hannah.

Re: possible setup "bug" -- chose of default "a" partition can be wrong like if it is swap

[Ted Unangst]

On 5/18/08, Jay <[EMAIL PROTECTED]> wrote:
> If I have my "a" slice/partition is a "small" swap partition and my "c" slice
>  is a "large" BSD partition, setup should install to "c".
>  Or at least maybe prompt. Usually I want fewer prompts/questions, but..

a is / and b is swap.  Yes, you can set it up other ways, but such
configurations are never tested and you will only ever confuse people
if you ask for help.  So leave it the openbsd way.

(Fwd) Re: pf-altq-bandwith_problem

[System Administrator]

sorry, missed misc@ when replying...

On 18 May 2008 at 19:16, Jesus Sanchez wrote:

> Martin Gignac escribis:
> >> I will try, thanks for the info. Just to make sure I'm not dealing
> >> with a bug can anyone try this??... just set a global limit to a
> >> interface ($int_if), then do a ftp transfer to the gateway ( the
> >> one with the PF+ALTQ) and time the put and get transfers with a
> >> large file.
> >>
> >> When I get a download time of 3 minutes, the upload is of 10 
> >> seconds... :s
> >
> > Hi,
> >
> > Just a shot in the dark here. Maybe I totally misunderstood your
> > sentence:
> >
> >   "When I get a download time of 3 minutes, the upload is of 10
> >   seconds..."
> >
> > Did you mean:
> >
> >   "_While_ I get a download time of 3 minutes, the upload is of 10
> >   seconds..."
> >
> > If that's what you meant, isn't that behavior normal? Considering
> > that (as the PF user's guide puts it):
> >
> >   "Note that queueing is only useful for packets in
> >   the outbound direction. Once a packet arrives on an interface in
> >   the inbound direction it's already too late to queue it -- it's
> >   already consumed network bandwidth to get to the interface that
> >   just received it."
> >
> > Sorry if my question is beside the point! :o)
> > -Martin
> >
> Maybe you're right with the PF user's guide, anyway I explain better
> to avoid confussions:
> 
> [Joe PC] -- [OpenBSD box] -- Internet,
> 
> lets take away the internet, only the Joe - box thing is the matter.
> 
> OpenBSD is doing nat as explained on my pf.conf in the original post
> of this thread.  The OpenBSD box also makes of FTP server, but I want
> a limit of 100Kbs (simetrical 100Kbs) speaking of bits, and not bytes.
>  So I do the needed rules on pf.conf to make Joe get only 100Kbs of
> the interface in OpenBSD box serving Joe PC.
> 
> If, from Joe PC, I get a file by ftp from the OpenBSD box, I get
> exactly what I want, the 100Kb limit. (at the same time I'm not doing
> anything with the net, like browsing or getting mail...)
> 
> If, from Joe PC, I put a file by ftp to OpenBSD box, then the problem
> appears, and the speed ups in a factor of 40x. If I change the
> bandwidth value on altq rule of pf.conf, then the speed of put a file
> on OpenBSD box also changes, but is 40 times more speed. I mean, I
> want simetrical 100Kbs limit on the interface to Joe PC, can I have
> this setting?

Not easily. As Martin pointed out, pf can only control outbound 
bandwidth, i.e. from the OpenBSD box out to Joe and not the other way
around. So any control applied to the opposite direction is indirect.
That is you can slow down most TCP protocols (such as FTP) by slowing
down the ACKnowledgements of the received packets. But of course the 
ACK
packets do not use nearly as much bandwidth as the data packets they 
are
acknowledging. The 40x ratio you have observed sounds quite reasonable
given header overheads. So, if you want to try to control Joe's upload
bandwidth you will need to set up a special very slow queue for the FTP
ACK packets.

> 
> I hope not to be making noise in the mail list.
> 
> Thanks for your time.
>  -Jesus
> 
> 


--- End of forwarded message ---
-
System Administrator[EMAIL PROTECTED]
Bitwise Internet Technologies, Inc.
22 Drydock Avenue tel: (617) 737-1837
Boston, MA 02210  fax: (617) 439-4941

$30milion business proposal if you are interested reply me or call+ 22678217398.

[Aishatuu Aruba]

You are invited to "$30milion business proposal if you are interested reply me 
or call+ 22678217398.".


By your host Aishatuu Aruba:


 Date:  Sunday May 18, 2008

 Time:  7:00 pm - 8:00 pm (GMT +00:00)

Will you attend? RSVP to this invitation at:

 
http://calendar.yahoo.com/aishatuuaruba25?v=126&a1=0&iid=whB9nvpb8NA0%40d9XHxY5Qqd%40ktEwBmdGNh%408-77%40Y5v%40&igid=whB9nvpb8NA0%40d9XHxY5Qqd%401tFwBmtC4h%408Oz7dY5v%40

Copyright ) 2008 All Rights Reserved
 www.yahoo.com

Privacy Policy:
 http://privacy.yahoo.com/privacy/us

Terms of Service:
 http://docs.yahoo.com/info/terms/

Re: Multicasting on OpenBSD

[Claudio Jeker]

On Mon, May 19, 2008 at 12:36:25AM +0700, Insan Praja SW wrote:
> On Mon, 19 May 2008 00:18:49 +0700, Clint Pachl <[EMAIL PROTECTED]> wrote:
> Hi Misc@,
> I did man-it, yes I already know that OBSD got mrouted, mroute dan DVRMPD. 
> I'm just curious about it, cause I read Claudio Jeker's presentation on 
> obsd as routing platform that says there will be:
> - mpls
> - l2tp
> - mac-in-mac
> - bgp/vpn/vrf
> which is all breakthrough in free-functional-secure os but nobody touches 
> PIM-SM/SSM. I'm not fussing about it, just curious.. Cause dvrmpd/mrouted 
> kinda.. emm.. outdated?
> just my Rp2.00
> Thanks,
>

Maybe that's because working on mpls, ospf6d and vrf at the same time is
already way to much for a bit of sparetime hacking. PIM-SM/SSM are beyond
complex. It will not happen anytime soon unless some new developers are
interested in this and start working on multicast routing.

-- 
:wq Claudio

Re: port/package messages about manual optional configuration?

[Jay]

That helps, thanks.
How about though for the scenario where I just installed something, and all
its dependencies, without knowing what they are?

Like:
 cd /usr/ports/x11/kde
 sudo make install

Seems like maybe the install messages should be logged somewhere specific?

 maybe sudo make install | tee lookthroughthislater.txt I guess I should use
tee or > more.

Ah, this is close:
 cd /var/db/pkg
 pkg_info -M *

You know, at least it tells me for everything installed on my machine, not
necessarily sorted by time or anything.

 - Jay



> Date: Sun, 18 May 2008 18:22:17 +0200> From: [EMAIL PROTECTED]> To:
[EMAIL PROTECTED]> CC: misc@openbsd.org> Subject: Re: port/package messages
about manual optional configuration?> > Hi!> > On Sun, May 18, 2008 at
03:49:24PM +, Jay wrote:> >The "important" messages from installing
packages/ports.> >There is something I have noticed in various package/port
systems, including> >OpenBSD, Debian, and more.> >Here is an example:> >$ sudo
pkg_add python--- python-2.5.2 ---If you want to use> >this
package as your default system python, as rootcreate symbolic links like> >so
(overwriting any previous default): ln -sf /usr/local/bin/python2.5>
>/usr/local/bin/python ln -sf /usr/local/bin/pydoc2.5 /usr/local/bin/pydoc> >
>Now, in this case, I have installed just one package, interactively, so the>
>point is mostly moot.But for the scenario of installing something with>
>dependencies, something that takes a while,where I walk away and come back>
>much later, these "important" messages, these messages aboutoptional manual>
>configuration, should be collected somewhere for my perusal.> >Maybe they
already are?> > pkg_info -M package_name> pkg_info -M -a> man 1 pkg_info> >
>Thanks, - Jay> > Hope that helps.> > Kind regards,> > Hannah.

Re: possible setup "bug" -- chose of default "a" partition can be wrong like if it is swap

[Jay]

Ben, I did mix up which letter is which. I didn't mean to violate which one is
the entire drive. I was going from memory. That wasn't the point.
Yes, the first time I installed, I took the defaults, and it worked.
Then I tried to install Solaris. Then with that in recent memory, I tried to
be like it.

I know multiple partitions/slices/labels are encouraged, but the docs also say
one is ok, and I really don't like to "fragment" stuff like this. I don't want
to have to decide how much space I need for everything, and then have it be
very difficult to change later.
Granted, lately I'm wanting to share something, like maybe /home, across
multiple operating systems.

I didn't google for swap file, admitted.

I don't really care if the swap partition is at the start, I was just
following what Solaris had encouraged.
As for it being "tiny", well, yeah, with 512meg, 1gig, and more physical
memory, I don't see why swap should be much, certainly more than 512meg.

 - Jay



> CC: misc@openbsd.org> From: [EMAIL PROTECTED]> To: [EMAIL PROTECTED]>
Subject: Re: possible setup "bug" -- chose of default "a" partition can be
wrong like if it is swap> Date: Sun, 18 May 2008 10:26:03 -0700> > > On May
18, 2008, at 8:54 AM, Jay wrote:> > you are making a lot of bad assumptions.>
> > If I have my "a" slice/partition is a "small" swap partition and my > >
"c" slice> > is a "large" BSD partition, setup should install to "c".> > you
should not use c for anything. it's the whole disk.> > >> > Or at least maybe
prompt. Usually I want fewer prompts/questions, > > but..> >> > I ran into
this problem because Solaris setup encourages the swap> > partition/slice to
be first.> > solaris does this because it expands the installer into the swap
> partition and runs it from there.> > >> > Luckily "a" filled up during setup
and not later, so damage/pain was> > minimized.> > you're assuming that
openbsd partitions need to be on the disk in > alphabetical order. this is
false> >> > I realize the defaults in the install and the directions have you
> > create the> > BSD slice/partition as "a" so if you ignore Solaris you tend
to get > > it right.> > yes. if you don't assume that openbsd will work like
 and > actually read the docs you tend to be better off> > > Any
chance ever of a "swap file" instead of a "swap partition/slice"?> > yes. i
leave the googling up to you.> > > I'm sure this isn't a good "bug report",
and debatable, so misc...> > I"m _guessing_ that what you're trying to achieve
( unadvisedly ) is > to have a tiny swap partition at the beginning of the
disk and a > single partition for the OS. I'm not going to bother preaching at
you > about why this is bad, if you were interested in why you'd have >
already taken the time to find out.> > you can do this by creating the b
(swap) partition first during the > install and then creating the a partition
_physically_after_it_ on the > disk.> > Luckily, you don't have to do it this
way. you can simply follow the > instructions in the INSTALL. file
and end up with a sane > partitioning scheme.> >> > - Jay> >> > Ben

Re: AltQ only catching in one queue

[Chris Smith]

On Sunday 18 May 2008, Steve B wrote:
> set loginterface $ext_if
> set state-policy if-bound
> set skip on lo0
> set skip on enc0

Don't know exactly but for starters Unless you have good reason for 
changing some things from the default I would recommend rewriting the 
above by dropping both:

set loginterface $ext_if
set state-policy if-bound

Unless you can explain why you don't want the default of "floating" for 
state-policy, maybe it's a good idea not to screw with it.

Also, just to clean up, the next two lines can be combined:

set skip on { lo0, enc0 }

Of course, if you're not tunneling ("ifconfig -A" shows no enc0) then 
you don't need to skip the interface.

Also, and I don't claim to be an expert, but if you're running a recent 
version of OpenBSD then drop all of your keep/synproxy/modulate/flags 
qualifiers, especially during troubleshooting. PF will, by default, use 
the normally proper state options ("keep state" for udp, and "flags 
S/SA keep state" for tcp). And my guess is that "synproxy state" is 
only really useful for inbound connections on the external interface to 
inside public IP address/port destinations (welcome for any 
clarification from the experts on this), if so it seems out of place 
here.
Remember, you can always gum the works up after you get it working :)

-- 
Chris

Re: pf-altq-bandwith_problem

[Martin Gignac]

If that's what you meant, isn't that behavior normal? Considering that (as 
the PF user's guide puts it):


  "Note that queueing is only useful for packets in
  the outbound direction. Once a packet arrives on an interface in the
  inbound direction it's already too late to queue it -- it's already
  consumed network bandwidth to get to the interface that just received
  it."


[Joe PC] -- [OpenBSD box] -- Internet,

limit of 100Kbs (simetrical 100Kbs) speaking of bits, and not bytes.  So I
do the needed rules on pf.conf to make Joe get only 100Kbs of the
interface in OpenBSD box serving Joe PC.

If, from Joe PC, I get a file by ftp from the OpenBSD box, I get exactly
what I want, the 100Kb limit. (at the same time I'm not doing anything
with the net, like browsing or getting mail...)

If, from Joe PC, I put a file by ftp to OpenBSD box, then the problem
appears, and the speed ups in a factor of 40x. If I change the bandwidth
value on altq rule of pf.conf, then the speed of put a file on OpenBSD
box also changes, but is 40 times more speed. I mean, I want simetrical
100Kbs limit on the interface to Joe PC, can I have this setting?


When Joe downloads _from_ the OpenBSD box, then queuing is involved (and 
seems to work in your case) because the majority of data (FTP data) is 
being sent *out* of the OpenBSD box (hence, in the outbound direction from 
the point of view of the interface) and therefore _is_ subject to your 
queueing parameters.


When Joe uploads _to_ the OpenBSD box, then queueing is _not_ involved 
since the data is coming _in_ to the box, and ALTQ cannot shape _incoming_ 
traffic.


The way I see it, the only way for you to shape traffic symmetrically in 
both directions is to run your FTP server on another machine than the 
OpenBSD one, make sure that traffic between Joes' box and the FTP server 
gets _routed_ via the OpenBSD box, and apply your queue on the "Joe-side" 
interface and on the "FTP-side" interface. That way, you'll be shaping the 
traffic going from Joe's to the FTP box as well since the FTP traffic from 
Joe's uploads will be shaped at the egress interface when the packets are 
moving from the OpenBSD box towards the FTP server.


Hope this helps,
-Martin

Re: Multicasting on OpenBSD

[Insan Praja SW]

On Mon, 19 May 2008 00:18:49 +0700, Clint Pachl <[EMAIL PROTECTED]> wrote:
Hi Misc@,
I did man-it, yes I already know that OBSD got mrouted, mroute dan DVRMPD.  
I'm just curious about it, cause I read Claudio Jeker's presentation on  
obsd as routing platform that says there will be:

- mpls
- l2tp
- mac-in-mac
- bgp/vpn/vrf
which is all breakthrough in free-functional-secure os but nobody touches  
PIM-SM/SSM. I'm not fussing about it, just curious.. Cause dvrmpd/mrouted  
kinda.. emm.. outdated?

just my Rp2.00
Thanks,


Insan

Insan Praja SW wrote:

Hi Misc@,
Just wondering around, is there any multicasting technology (PIM-SM,  
PIM-SSM etc) currently developed or implemented in OpenBSD?. Since  
working with this unbelievable OS (especially with  
routing/filtering/forwarding) I wish to know more about it.
Right now I managed to use OBSD4.3-current to BGP routing  
(redundant/loadbalance with carp), storing the prefix to pftable, set  
the rtlabel, labeling rules with pf, multiple routing table, tagging  
rules, just unbelievable awesome.

Best of luck to the guys working such a "nice" OS.
Thanks,


$ apropos multicast

(did people forget about the manpages?)




--
insandotpraja(at)gmaildotcom

Re: S/Key *and* password for SSH login

[Mark Shroyer]

On Sun, May 18, 2008 at 12:56:29PM +, Stuart Henderson wrote:
> On 2008-05-18, Mark Shroyer <[EMAIL PROTECTED]> wrote:
> > I've set up a nice secondary authentication mechanism on a Linux server.
> > I use this when I must shell in from, e.g., a computer lab, and I don't
> > have an authorized SSH private key on my workstation.  To login without
> > a private key, I must:
> >
> >  1) Enter my account's current S/Key one-time password
> >
> > and
> >
> >  2) Enter my Unix password
> >
> > in sequence.
> 
> In what way does typing your password in to an untrusted machine
> improve security?

 1) I didn't say untrusted machine.  I know these computers' admins and
fully trust them.

 2) If it is impossible to log into the machine remotely with only its
password, then when one actually thinks about it for just a moment
and gets over the knee-jerk "OMG you're giving them your
password!!1!" reaction, one realizes that this scheme *does* in fact
increase security compared to S/Key alone, even if I were to use it
from an untrusted machine.

Now, I don't want this thread to turn into a long and boring critique of
my authentication device.  I just want to know, for better or for worse,
how one would go about setting it up on OpenBSD without PAM.  Any ideas?

-- 
Mark Shroyer
http://markshroyer.com/contact/

Re: possible setup "bug" -- chose of default "a" partition can be wrong like if it is swap

[Ben Calvert]

On May 18, 2008, at 8:54 AM, Jay wrote:

you are making a lot of bad assumptions.

If I have my "a" slice/partition is a "small" swap partition and my  
"c" slice

is a "large" BSD partition, setup should install to "c".


you should not use c for anything.  it's the whole disk.



Or at least maybe prompt. Usually I want fewer prompts/questions,  
but..


I ran into this problem because Solaris setup encourages the swap
partition/slice to be first.


solaris does this because it expands the installer into the swap  
partition and runs it from there.




Luckily "a" filled up during setup and not later, so damage/pain was
minimized.


you're assuming that openbsd partitions need to be on the disk in  
alphabetical order.  this is false


I realize the defaults in the install and the directions have you  
create the
BSD slice/partition as "a" so if you ignore Solaris you tend to get  
it right.


yes.  if you don't assume that openbsd will work like  and  
actually read the docs you tend to be better off



Any chance ever of a "swap file" instead of a "swap partition/slice"?


yes.  i leave the googling up to you.


I'm sure this isn't a good "bug report", and debatable, so misc...


I"m _guessing_ that what you're trying to achieve ( unadvisedly ) is  
to have a tiny swap partition at the beginning of the disk and a  
single partition for the OS.  I'm not going to bother preaching at you  
about why this is bad, if you were interested in why you'd have  
already taken the time to find out.


you can do this by creating the b (swap) partition first during the  
install and then creating the a partition _physically_after_it_ on the  
disk.


Luckily, you don't have to do it this way.  you can simply follow the  
instructions in the INSTALL. file and end up with a sane  
partitioning scheme.


- Jay



Ben

Re: Multicasting on OpenBSD

[Clint Pachl]

Insan Praja SW wrote:

Hi Misc@,
Just wondering around, is there any multicasting technology (PIM-SM, 
PIM-SSM etc) currently developed or implemented in OpenBSD?. Since 
working with this unbelievable OS (especially with 
routing/filtering/forwarding) I wish to know more about it.
Right now I managed to use OBSD4.3-current to BGP routing 
(redundant/loadbalance with carp), storing the prefix to pftable, set 
the rtlabel, labeling rules with pf, multiple routing table, tagging 
rules, just unbelievable awesome.

Best of luck to the guys working such a "nice" OS.
Thanks,


$ apropos multicast

(did people forget about the manpages?)

Re: pf-altq-bandwith_problem

[Jesus Sanchez]

Martin Gignac escribis:
I will try, thanks for the info. Just to make sure I'm not dealing 
with a bug can anyone try this??... just set a global limit to a 
interface ($int_if), then do a ftp transfer to the gateway ( the one 
with the PF+ALTQ) and time the put and get transfers with a large file.


When I get a download time of 3 minutes, the upload is of 10 
seconds... :s


Hi,

Just a shot in the dark here. Maybe I totally misunderstood your 
sentence:


  "When I get a download time of 3 minutes, the upload is of 10
  seconds..."

Did you mean:

  "_While_ I get a download time of 3 minutes, the upload is of 10
  seconds..."

If that's what you meant, isn't that behavior normal? Considering that 
(as the PF user's guide puts it):


  "Note that queueing is only useful for packets in
  the outbound direction. Once a packet arrives on an interface in the
  inbound direction it's already too late to queue it -- it's already
  consumed network bandwidth to get to the interface that just received
  it."

Sorry if my question is beside the point! :o)
-Martin


Maybe you're right with the PF user's guide, anyway I explain better to
avoid confussions:

[Joe PC] -- [OpenBSD box] -- Internet,

lets take away the internet, only the Joe - box thing is the matter.

OpenBSD is doing nat as explained on my pf.conf in the original post of
this thread.  The OpenBSD box also makes of FTP server, but I want a
limit of 100Kbs (simetrical 100Kbs) speaking of bits, and not bytes.  So I
do the needed rules on pf.conf to make Joe get only 100Kbs of the
interface in OpenBSD box serving Joe PC.

If, from Joe PC, I get a file by ftp from the OpenBSD box, I get exactly
what I want, the 100Kb limit. (at the same time I'm not doing anything
with the net, like browsing or getting mail...)

If, from Joe PC, I put a file by ftp to OpenBSD box, then the problem
appears, and the speed ups in a factor of 40x. If I change the bandwidth
value on altq rule of pf.conf, then the speed of put a file on OpenBSD
box also changes, but is 40 times more speed. I mean, I want simetrical
100Kbs limit on the interface to Joe PC, can I have this setting?

I hope not to be making noise in the mail list.

Thanks for your time.
-Jesus

Re: port/package messages about manual optional configuration?

[Hannah Schroeter]

Hi!

On Sun, May 18, 2008 at 03:49:24PM +, Jay wrote:
>The "important" messages from installing packages/ports.
>There is something I have noticed in various package/port systems, including
>OpenBSD, Debian, and more.
>Here is an example:
>$ sudo pkg_add python--- python-2.5.2 ---If you want to use
>this package as your default system python, as rootcreate symbolic links like
>so (overwriting any previous default): ln -sf /usr/local/bin/python2.5
>/usr/local/bin/python ln -sf /usr/local/bin/pydoc2.5  /usr/local/bin/pydoc

>Now, in this case, I have installed just one package, interactively, so the
>point is mostly moot.But for the scenario of installing something with
>dependencies, something that takes a while,where I walk away and come back
>much later, these "important" messages, these messages aboutoptional manual
>configuration, should be collected somewhere for my perusal.
>Maybe they already are?

pkg_info -M package_name
pkg_info -M -a
man 1 pkg_info

>Thanks, - Jay

Hope that helps.

Kind regards,

Hannah.

Re: wvdial.conf -> ppp.conf

[Barry Commander]

2008/5/18 Jesse Callaway <[EMAIL PROTECTED]>:

> On Sun, May 18, 2008 at 10:43 AM, Barry Commander
> <[EMAIL PROTECTED]> wrote:
> > chatscript for archives
> >
> > $ cat /etc/ppp/chatscript
> > ABORT   BUSY
> > ABORT   VOICE
> > ABORT   "NO CARRIER"
> > ABORT   "NO DIALTONE"
> > ABORT   "NO DIAL TONE"
> > ""  ATZ
> > OK  ATE0V1&D2&C1S0=0+IFC=2,2
> > OK  AT+CGDCONT=1,"IP","general.t-mobile.uk"
> > OK  ATDT*99#
> > CONNECT ""
> > $
> >
> >
> > 2008/5/18 Barry Commander <[EMAIL PROTECTED]>:
> >
> >> I now have limited connectivity (I can ping and receive replies from
> >> internet hosts, but HTTP access time out). I'm using:
> >>
> >> # cat /etc/ppp/ppp.conf
> >> default:
> >>  set log Phase Chat LCP IPCP CCP tun command$ cat /etc/ppp/chatscript
> >> ABORT   BUSY
> >> ABORT   VOICE
> >> ABORT   "NO CARRIER"
> >> ABORT   "NO DIALTONE"
> >> ABORT   "NO DIAL TONE"
> >> ""  ATZ
> >> OK  ATE0V1&D2&C1S0=0+IFC=2,2
> >> OK  AT+CGDCONT=1,"IP","general.t-mobile.uk"
> >> OK  ATDT*99#
> >> CONNECT ""
> >> $
> >>
> >>
> >> tmobile:
> >>  set device /dev/ttyU0
> >>  set speed 38400
> >>  set log ALL
> >>
> >>  set login "\"!chat -f /etc/ppp/chatscript\""
> >>  set logout "ABORT BUSY ABORT ERROR TIMEOUT 30 \"\" +++ATH OK-ATH-OK"
> >>
> >>  set phone *99***1\#
> >>  set authname "web"
> >>  set authkey "web"
> >>  set timeout 120
> >>  set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
> >>  add default HISADDR
> >>  enable dns
> >>  disable ipv6cp
> >>
> >> which gives me:
> >> May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: 0.0.0.0/0: Change
> >> route failed: errno: No such process
> >> May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: 10.0.0.2: Change
> >> route failed: errno: No such process
> >> May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: ff01:5::/32:
> Change
> >> route failed: errno: No such process
> >> May 18 16:10:06 tom-laptop ppp[17987]: tun0: Warning: tun0: DIFADDR
> >> 10.33.237.63/24 -> 10.0.0.2 returns 0
> >>
> >> I've tried setting my default route to both 10.33.237.63 and 10.0.0.2and
> >> get the same limited connectivity with both.
> >> Any clues?
> >> Regards
> >>
> >> Barry
> >>
> >>
> >>
> >> 2008/5/18 Barry Commander <[EMAIL PROTECTED]>:
> >>
> >>> So far I have:
> >>>
> >>> default:
> >>>  set log Phase Chat LCP IPCP CCP tun command
> >>>
> >>> tmobile:
> >>>  set device /dev/cua00
> >>>  set speed 38400
> >>>  set log ALL
> >>>
> >>>  set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
> >>> \"\" AT OK-AT-OK ATZ OK \
> >>> AT+CGDCONT=1,\\\"IP\\\",\\\"general.t-mobile.uk\\\",\\\"
> 0.0.0.0\\\",0,0
> >>> OK \
> >>> AT+CGATT=1 OK \
> >>> \\dATDT\\T TIMEOUT 40 CONNECT"
> >>>
> >>>  set logout "ABORT BUSY ABORT ERROR TIMEOUT 30 \"\" +++ATH OK-ATH-OK"
> >>>
> >>>  set phone *99***1#
> >>>  set authname "web"
> >>>  set authkey "web"
> >>>  set timeout 120
> >>>  set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
> >>>  add default HISADDR
> >>>  enable dns
> >>>  disable ipv6cp
> >>>
> >>> Which gives:
> >>> # ppp -auto tmobile
> >>> Working in auto mode
> >>> Using interface: tun0
> >>> Warning: tun0: AIFADDR 10.0.0.1/24 -> 10.0.0.2 returns 0
> >>> Warning: Add route failed: 0.0.0.0/0 already exists
> >>> #
> >>>
> >>> May 18 14:50:40 tom-laptop ppp[8643]: tun0: Warning: tun0: AIFADDR
> >>> 10.0.0.1/24 -> 10.0.0.2 returns 0
> >>> May 18 14:50:40 tom-laptop ppp[8643]: tun0: Warning: Add route failed:
> >>> 0.0.0.0/0 already exists
> >>> May 18 14:50:50 tom-laptop ppp[32305]: tun0: Warning: Chat script
> failed
> >>>
> >>> # route -n show
> >>> Routing tables
> >>>
> >>> Internet:
> >>> DestinationGatewayFlags   Refs  Use   Mtu  Prio
> >>> Iface
> >>> default192.168.1.1UGS7 1315 -
> 8
> >>> iwn0
> >>> 10.0.0.2   10.0.0.1   UH 00 -
> 4
> >>> tun0
> >>> 127/8  127.0.0.1  UGRS   00 33208
> 8
> >>> lo0
> >>> 127.0.0.1  127.0.0.1  UH 10 33208
> 4
> >>> lo0
> >>> 192.168.1/24   link#1 UC 10 - 4
> >>> iwn0
> >>> 192.168.1.100:0e:2e:85:c4:13  UHLc   1   31 -
> 4
> >>> iwn0
> >>> 224/4  127.0.0.1  URS00 33208
> 8
> >>> lo0
> >>>
> >>> # ifconfig tun0
> >>> tun0: flags=8051 mtu 1500
> >>> groups: tun
> >>> inet 10.0.0.1 --> 10.0.0.2 netmask 0xff00
> >>>
> >>> Any other info of use?
> >>> Thanks
> >>> Barry
> >>>
> >>> 2008/5/18 Barry Commander <[EMAIL PROTECTED]>:
> >>>
> >>> Hello
>  I've tried and failed for a few days to convert the following
> wvdial.conf
>  to something suitable for use on OpenBSD ( I was thinking ppp.conf )
>  Could someone show me a working example please?
> 

possible setup "bug" -- chose of default "a" partition can be wrong like if it is swap

[Jay]

If I have my "a" slice/partition is a "small" swap partition and my "c" slice
is a "large" BSD partition, setup should install to "c".
Or at least maybe prompt. Usually I want fewer prompts/questions, but..

I ran into this problem because Solaris setup encourages the swap
partition/slice to be first.
Luckily "a" filled up during setup and not later, so damage/pain was
minimized.

I realize the defaults in the install and the directions have you create the
BSD slice/partition as "a" so if you ignore Solaris you tend to get it right.

Any chance ever of a "swap file" instead of a "swap partition/slice"?

I'm sure this isn't a good "bug report", and debatable, so misc...

 - Jay

port/package messages about manual optional configuration?

[Jay]

The "important" messages from installing packages/ports.
There is something I have noticed in various package/port systems, including
OpenBSD, Debian, and more.
Here is an example:
$ sudo pkg_add python--- python-2.5.2 ---If you want to use
this package as your default system python, as rootcreate symbolic links like
so (overwriting any previous default): ln -sf /usr/local/bin/python2.5
/usr/local/bin/python ln -sf /usr/local/bin/pydoc2.5  /usr/local/bin/pydoc

Now, in this case, I have installed just one package, interactively, so the
point is mostly moot.But for the scenario of installing something with
dependencies, something that takes a while,where I walk away and come back
much later, these "important" messages, these messages aboutoptional manual
configuration, should be collected somewhere for my perusal.
Maybe they already are?

Thanks, - Jay

Small diff to make dhclient(8) go to background immediately

[Jona Joachim]

I very much appreciate the work of reyk@ on dhclient to make it renew the lease 
when the
link is lost. However it might happen that you don't have a link at the moment 
where
you launch dhclient but you know that you might get a link afterwards.
This is true when you launch your laptop somewhere where you have wifi 
connectivity
but unfortunately you're in a spot where you don't currently receive it.
If you specify 'dhcp' in hostname. you will have to wait until dhclient 
times out
or hit Ctrl-C at startup.
This tiny patch adds an option to dhclient to tell it to just go into 
background and wait
until you get a link.

I would appreciate any comments.
Thanks!


Index: dhclient.c
===
RCS file: /cvs/src/sbin/dhclient/dhclient.c,v
retrieving revision 1.118
diff -u -r1.118 dhclient.c
--- dhclient.c  9 May 2008 05:19:14 -   1.118
+++ dhclient.c  18 May 2008 15:11:53 -
@@ -253,7 +253,7 @@
 int
 main(int argc, char *argv[])
 {
-   int  ch, fd, quiet = 0, i = 0, pipe_fd[2];
+   int  ch, fd, quiet = 0, background = 0, i = 0, pipe_fd[2];
extern char *__progname;
struct passwd *pw;
 
@@ -261,8 +261,11 @@
openlog(__progname, LOG_PID | LOG_NDELAY, DHCPD_LOG_FACILITY);
setlogmask(LOG_UPTO(LOG_INFO));
 
-   while ((ch = getopt(argc, argv, "c:dl:qu")) != -1)
+   while ((ch = getopt(argc, argv, "bc:dl:qu")) != -1)
switch (ch) {
+   case 'b':
+   background = 1;
+   break;
case 'c':
path_dhclient_conf = optarg;
break;
@@ -319,6 +322,9 @@
 
read_client_conf();
 
+   if (background)
+   goto dispatch; 
+
if (!(ifi->linkstat = interface_link_status(ifi->name))) {
fprintf(stderr, "%s: no link ...", ifi->name);
if (config->link_timeout == 0) {
@@ -409,7 +415,7 @@
 {
extern char *__progname;
 
-   fprintf(stderr, "usage: %s [-dqu] [-c file] [-l file] interface\n",
+   fprintf(stderr, "usage: %s [-bdqu] [-c file] [-l file] interface\n",
__progname);
exit(1);
 }

Re: pf-altq-bandwith_problem

[Martin Gignac]

I will try, thanks for the info. Just to make sure I'm not dealing with 
a bug can anyone try this??... just set a global limit to a interface 
($int_if), then do a ftp transfer to the gateway ( the one with the 
PF+ALTQ) and time the put and get transfers with a large file.


When I get a download time of 3 minutes, the upload is of 10 seconds... 
:s


Hi,

Just a shot in the dark here. Maybe I totally misunderstood your sentence:

  "When I get a download time of 3 minutes, the upload is of 10
  seconds..."

Did you mean:

  "_While_ I get a download time of 3 minutes, the upload is of 10
  seconds..."

If that's what you meant, isn't that behavior normal? Considering that (as 
the PF user's guide puts it):


  "Note that queueing is only useful for packets in
  the outbound direction. Once a packet arrives on an interface in the
  inbound direction it's already too late to queue it -- it's already
  consumed network bandwidth to get to the interface that just received
  it."

Sorry if my question is beside the point! :o)
-Martin

Re: wvdial.conf -> ppp.conf

[Jesse Callaway]

On Sun, May 18, 2008 at 10:43 AM, Barry Commander
<[EMAIL PROTECTED]> wrote:
> chatscript for archives
>
> $ cat /etc/ppp/chatscript
> ABORT   BUSY
> ABORT   VOICE
> ABORT   "NO CARRIER"
> ABORT   "NO DIALTONE"
> ABORT   "NO DIAL TONE"
> ""  ATZ
> OK  ATE0V1&D2&C1S0=0+IFC=2,2
> OK  AT+CGDCONT=1,"IP","general.t-mobile.uk"
> OK  ATDT*99#
> CONNECT ""
> $
>
>
> 2008/5/18 Barry Commander <[EMAIL PROTECTED]>:
>
>> I now have limited connectivity (I can ping and receive replies from
>> internet hosts, but HTTP access time out). I'm using:
>>
>> # cat /etc/ppp/ppp.conf
>> default:
>>  set log Phase Chat LCP IPCP CCP tun command$ cat /etc/ppp/chatscript
>> ABORT   BUSY
>> ABORT   VOICE
>> ABORT   "NO CARRIER"
>> ABORT   "NO DIALTONE"
>> ABORT   "NO DIAL TONE"
>> ""  ATZ
>> OK  ATE0V1&D2&C1S0=0+IFC=2,2
>> OK  AT+CGDCONT=1,"IP","general.t-mobile.uk"
>> OK  ATDT*99#
>> CONNECT ""
>> $
>>
>>
>> tmobile:
>>  set device /dev/ttyU0
>>  set speed 38400
>>  set log ALL
>>
>>  set login "\"!chat -f /etc/ppp/chatscript\""
>>  set logout "ABORT BUSY ABORT ERROR TIMEOUT 30 \"\" +++ATH OK-ATH-OK"
>>
>>  set phone *99***1\#
>>  set authname "web"
>>  set authkey "web"
>>  set timeout 120
>>  set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
>>  add default HISADDR
>>  enable dns
>>  disable ipv6cp
>>
>> which gives me:
>> May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: 0.0.0.0/0: Change
>> route failed: errno: No such process
>> May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: 10.0.0.2: Change
>> route failed: errno: No such process
>> May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: ff01:5::/32: Change
>> route failed: errno: No such process
>> May 18 16:10:06 tom-laptop ppp[17987]: tun0: Warning: tun0: DIFADDR
>> 10.33.237.63/24 -> 10.0.0.2 returns 0
>>
>> I've tried setting my default route to both 10.33.237.63 and 10.0.0.2 and
>> get the same limited connectivity with both.
>> Any clues?
>> Regards
>>
>> Barry
>>
>>
>>
>> 2008/5/18 Barry Commander <[EMAIL PROTECTED]>:
>>
>>> So far I have:
>>>
>>> default:
>>>  set log Phase Chat LCP IPCP CCP tun command
>>>
>>> tmobile:
>>>  set device /dev/cua00
>>>  set speed 38400
>>>  set log ALL
>>>
>>>  set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
>>> \"\" AT OK-AT-OK ATZ OK \
>>> 
>>> AT+CGDCONT=1,\\\"IP\\\",\\\"general.t-mobile.uk\\\",\\\"0.0.0.0\\\",0,0
>>> OK \
>>> AT+CGATT=1 OK \
>>> \\dATDT\\T TIMEOUT 40 CONNECT"
>>>
>>>  set logout "ABORT BUSY ABORT ERROR TIMEOUT 30 \"\" +++ATH OK-ATH-OK"
>>>
>>>  set phone *99***1#
>>>  set authname "web"
>>>  set authkey "web"
>>>  set timeout 120
>>>  set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
>>>  add default HISADDR
>>>  enable dns
>>>  disable ipv6cp
>>>
>>> Which gives:
>>> # ppp -auto tmobile
>>> Working in auto mode
>>> Using interface: tun0
>>> Warning: tun0: AIFADDR 10.0.0.1/24 -> 10.0.0.2 returns 0
>>> Warning: Add route failed: 0.0.0.0/0 already exists
>>> #
>>>
>>> May 18 14:50:40 tom-laptop ppp[8643]: tun0: Warning: tun0: AIFADDR
>>> 10.0.0.1/24 -> 10.0.0.2 returns 0
>>> May 18 14:50:40 tom-laptop ppp[8643]: tun0: Warning: Add route failed:
>>> 0.0.0.0/0 already exists
>>> May 18 14:50:50 tom-laptop ppp[32305]: tun0: Warning: Chat script failed
>>>
>>> # route -n show
>>> Routing tables
>>>
>>> Internet:
>>> DestinationGatewayFlags   Refs  Use   Mtu  Prio
>>> Iface
>>> default192.168.1.1UGS7 1315 - 8
>>> iwn0
>>> 10.0.0.2   10.0.0.1   UH 00 - 4
>>> tun0
>>> 127/8  127.0.0.1  UGRS   00 33208 8
>>> lo0
>>> 127.0.0.1  127.0.0.1  UH 10 33208 4
>>> lo0
>>> 192.168.1/24   link#1 UC 10 - 4
>>> iwn0
>>> 192.168.1.100:0e:2e:85:c4:13  UHLc   1   31 - 4
>>> iwn0
>>> 224/4  127.0.0.1  URS00 33208 8
>>> lo0
>>>
>>> # ifconfig tun0
>>> tun0: flags=8051 mtu 1500
>>> groups: tun
>>> inet 10.0.0.1 --> 10.0.0.2 netmask 0xff00
>>>
>>> Any other info of use?
>>> Thanks
>>> Barry
>>>
>>> 2008/5/18 Barry Commander <[EMAIL PROTECTED]>:
>>>
>>> Hello
 I've tried and failed for a few days to convert the following wvdial.conf
 to something suitable for use on OpenBSD ( I was thinking ppp.conf )
 Could someone show me a working example please?

 [EMAIL PROTECTED]:~$ cat /etc/wvdial.conf
 [Dialer Defaults]
 Phone = *99***1#
 Username = web
 Password = web
 Stupid Mode = 1
 Dial Command = ATDT
 Modem = /dev/ttyUSB0
 Baud = 460800
 Init2 = ATZ
 Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
 ISDN = 0
 Modem Type = Analog Modem
 Init5 = 

Re: pf-altq-bandwith_problem

[Jesus Sanchez]

Maxim Belooussov escribis:

Hi,


  

I have a little problem when trying to setup a altq bandwidth shape with
pf. My intention is to give Joe only 100Kbs (bits) of the Internet total
bandwidth, and also I have set some local local servers on my OpenBSD to
give some services to Joe, but I also want to give it at the 100Kbs
speed mentioned before, even beign local network (up to 100Mbs).



  

my pf.conf (very simple, very unsafe, just to try this)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

ext_if="rl0"
int_if="sk0"

scrub in all

altq on $int_if cbq bandwidth 100Kb queue main
queue main bandwidth 100% cbq(default)

nat on $ext_if from $int_if:network -> $ext_if

block all
pass queue main

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-



Have you tried tagging the traffic for Joe and then altq it on tag?

or, first, you could try this one first:

pass out on $int_if queue main

(sorry if it didn't help, I haven't played with altq since I left adsl
world three years ago)

Max

  
I will try, thanks for the info. Just to make sure I'm not dealing with 
a bug
can anyone try this??... just set a global limit to a interface 
($int_if), then do

a ftp transfer to the gateway ( the one with the PF+ALTQ) and time the
put and get transfers with a large file.

When I get a download time of 3 minutes, the upload is of 10 seconds... :s

Thanks for your time.
-Jesus

Re: wvdial.conf -> ppp.conf

[Barry Commander]

chatscript for archives

$ cat /etc/ppp/chatscript
ABORT   BUSY
ABORT   VOICE
ABORT   "NO CARRIER"
ABORT   "NO DIALTONE"
ABORT   "NO DIAL TONE"
""  ATZ
OK  ATE0V1&D2&C1S0=0+IFC=2,2
OK  AT+CGDCONT=1,"IP","general.t-mobile.uk"
OK  ATDT*99#
CONNECT ""
$


2008/5/18 Barry Commander <[EMAIL PROTECTED]>:

> I now have limited connectivity (I can ping and receive replies from
> internet hosts, but HTTP access time out). I'm using:
>
> # cat /etc/ppp/ppp.conf
> default:
>  set log Phase Chat LCP IPCP CCP tun command$ cat /etc/ppp/chatscript
> ABORT   BUSY
> ABORT   VOICE
> ABORT   "NO CARRIER"
> ABORT   "NO DIALTONE"
> ABORT   "NO DIAL TONE"
> ""  ATZ
> OK  ATE0V1&D2&C1S0=0+IFC=2,2
> OK  AT+CGDCONT=1,"IP","general.t-mobile.uk"
> OK  ATDT*99#
> CONNECT ""
> $
>
>
> tmobile:
>  set device /dev/ttyU0
>  set speed 38400
>  set log ALL
>
>  set login "\"!chat -f /etc/ppp/chatscript\""
>  set logout "ABORT BUSY ABORT ERROR TIMEOUT 30 \"\" +++ATH OK-ATH-OK"
>
>  set phone *99***1\#
>  set authname "web"
>  set authkey "web"
>  set timeout 120
>  set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
>  add default HISADDR
>  enable dns
>  disable ipv6cp
>
> which gives me:
> May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: 0.0.0.0/0: Change
> route failed: errno: No such process
> May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: 10.0.0.2: Change
> route failed: errno: No such process
> May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: ff01:5::/32: Change
> route failed: errno: No such process
> May 18 16:10:06 tom-laptop ppp[17987]: tun0: Warning: tun0: DIFADDR
> 10.33.237.63/24 -> 10.0.0.2 returns 0
>
> I've tried setting my default route to both 10.33.237.63 and 10.0.0.2 and
> get the same limited connectivity with both.
> Any clues?
> Regards
>
> Barry
>
>
>
> 2008/5/18 Barry Commander <[EMAIL PROTECTED]>:
>
>> So far I have:
>>
>> default:
>>  set log Phase Chat LCP IPCP CCP tun command
>>
>> tmobile:
>>  set device /dev/cua00
>>  set speed 38400
>>  set log ALL
>>
>>  set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
>> \"\" AT OK-AT-OK ATZ OK \
>> 
>> AT+CGDCONT=1,\\\"IP\\\",\\\"general.t-mobile.uk\\\",\\\"0.0.0.0\\\",0,0
>> OK \
>> AT+CGATT=1 OK \
>> \\dATDT\\T TIMEOUT 40 CONNECT"
>>
>>  set logout "ABORT BUSY ABORT ERROR TIMEOUT 30 \"\" +++ATH OK-ATH-OK"
>>
>>  set phone *99***1#
>>  set authname "web"
>>  set authkey "web"
>>  set timeout 120
>>  set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
>>  add default HISADDR
>>  enable dns
>>  disable ipv6cp
>>
>> Which gives:
>> # ppp -auto tmobile
>> Working in auto mode
>> Using interface: tun0
>> Warning: tun0: AIFADDR 10.0.0.1/24 -> 10.0.0.2 returns 0
>> Warning: Add route failed: 0.0.0.0/0 already exists
>> #
>>
>> May 18 14:50:40 tom-laptop ppp[8643]: tun0: Warning: tun0: AIFADDR
>> 10.0.0.1/24 -> 10.0.0.2 returns 0
>> May 18 14:50:40 tom-laptop ppp[8643]: tun0: Warning: Add route failed:
>> 0.0.0.0/0 already exists
>> May 18 14:50:50 tom-laptop ppp[32305]: tun0: Warning: Chat script failed
>>
>> # route -n show
>> Routing tables
>>
>> Internet:
>> DestinationGatewayFlags   Refs  Use   Mtu  Prio
>> Iface
>> default192.168.1.1UGS7 1315 - 8
>> iwn0
>> 10.0.0.2   10.0.0.1   UH 00 - 4
>> tun0
>> 127/8  127.0.0.1  UGRS   00 33208 8
>> lo0
>> 127.0.0.1  127.0.0.1  UH 10 33208 4
>> lo0
>> 192.168.1/24   link#1 UC 10 - 4
>> iwn0
>> 192.168.1.100:0e:2e:85:c4:13  UHLc   1   31 - 4
>> iwn0
>> 224/4  127.0.0.1  URS00 33208 8
>> lo0
>>
>> # ifconfig tun0
>> tun0: flags=8051 mtu 1500
>> groups: tun
>> inet 10.0.0.1 --> 10.0.0.2 netmask 0xff00
>>
>> Any other info of use?
>> Thanks
>> Barry
>>
>> 2008/5/18 Barry Commander <[EMAIL PROTECTED]>:
>>
>> Hello
>>> I've tried and failed for a few days to convert the following wvdial.conf
>>> to something suitable for use on OpenBSD ( I was thinking ppp.conf )
>>> Could someone show me a working example please?
>>>
>>> [EMAIL PROTECTED]:~$ cat /etc/wvdial.conf
>>> [Dialer Defaults]
>>> Phone = *99***1#
>>> Username = web
>>> Password = web
>>> Stupid Mode = 1
>>> Dial Command = ATDT
>>> Modem = /dev/ttyUSB0
>>> Baud = 460800
>>> Init2 = ATZ
>>> Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
>>> ISDN = 0
>>> Modem Type = Analog Modem
>>> Init5 = AT+CGDCONT=1,"IP","general.t-mobile.uk";
>>>
>>>
>>> Any help will be really appreciated!
>>> Thanks
>>> Barry

Re: wvdial.conf -> ppp.conf

[Barry Commander]

I now have limited connectivity (I can ping and receive replies from
internet hosts, but HTTP access time out). I'm using:

# cat /etc/ppp/ppp.conf
default:
 set log Phase Chat LCP IPCP CCP tun command

tmobile:
 set device /dev/ttyU0
 set speed 38400
 set log ALL

 set login "\"!chat -f /etc/ppp/chatscript\""
 set logout "ABORT BUSY ABORT ERROR TIMEOUT 30 \"\" +++ATH OK-ATH-OK"

 set phone *99***1\#
 set authname "web"
 set authkey "web"
 set timeout 120
 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
 add default HISADDR
 enable dns
 disable ipv6cp

which gives me:
May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: 0.0.0.0/0: Change
route failed: errno: No such process
May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: 10.0.0.2: Change route
failed: errno: No such process
May 18 16:09:35 tom-laptop ppp[17987]: tun0: Warning: ff01:5::/32: Change
route failed: errno: No such process
May 18 16:10:06 tom-laptop ppp[17987]: tun0: Warning: tun0: DIFADDR
10.33.237.63/24 -> 10.0.0.2 returns 0

I've tried setting my default route to both 10.33.237.63 and 10.0.0.2 and
get the same limited connectivity with both.
Any clues?
Regards
Barry



2008/5/18 Barry Commander <[EMAIL PROTECTED]>:

> So far I have:
>
> default:
>  set log Phase Chat LCP IPCP CCP tun command
>
> tmobile:
>  set device /dev/cua00
>  set speed 38400
>  set log ALL
>
>  set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
> \"\" AT OK-AT-OK ATZ OK \
> 
> AT+CGDCONT=1,\\\"IP\\\",\\\"general.t-mobile.uk\\\",\\\"0.0.0.0\\\",0,0
> OK \
> AT+CGATT=1 OK \
> \\dATDT\\T TIMEOUT 40 CONNECT"
>
>  set logout "ABORT BUSY ABORT ERROR TIMEOUT 30 \"\" +++ATH OK-ATH-OK"
>
>  set phone *99***1#
>  set authname "web"
>  set authkey "web"
>  set timeout 120
>  set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
>  add default HISADDR
>  enable dns
>  disable ipv6cp
>
> Which gives:
> # ppp -auto tmobile
> Working in auto mode
> Using interface: tun0
> Warning: tun0: AIFADDR 10.0.0.1/24 -> 10.0.0.2 returns 0
> Warning: Add route failed: 0.0.0.0/0 already exists
> #
>
> May 18 14:50:40 tom-laptop ppp[8643]: tun0: Warning: tun0: AIFADDR
> 10.0.0.1/24 -> 10.0.0.2 returns 0
> May 18 14:50:40 tom-laptop ppp[8643]: tun0: Warning: Add route failed:
> 0.0.0.0/0 already exists
> May 18 14:50:50 tom-laptop ppp[32305]: tun0: Warning: Chat script failed
>
> # route -n show
> Routing tables
>
> Internet:
> DestinationGatewayFlags   Refs  Use   Mtu  Prio
> Iface
> default192.168.1.1UGS7 1315 - 8
> iwn0
> 10.0.0.2   10.0.0.1   UH 00 - 4
> tun0
> 127/8  127.0.0.1  UGRS   00 33208 8
> lo0
> 127.0.0.1  127.0.0.1  UH 10 33208 4
> lo0
> 192.168.1/24   link#1 UC 10 - 4
> iwn0
> 192.168.1.100:0e:2e:85:c4:13  UHLc   1   31 - 4
> iwn0
> 224/4  127.0.0.1  URS00 33208 8
> lo0
>
> # ifconfig tun0
> tun0: flags=8051 mtu 1500
> groups: tun
> inet 10.0.0.1 --> 10.0.0.2 netmask 0xff00
>
> Any other info of use?
> Thanks
> Barry
>
> 2008/5/18 Barry Commander <[EMAIL PROTECTED]>:
>
> Hello
>> I've tried and failed for a few days to convert the following wvdial.conf
>> to something suitable for use on OpenBSD ( I was thinking ppp.conf )
>> Could someone show me a working example please?
>>
>> [EMAIL PROTECTED]:~$ cat /etc/wvdial.conf
>> [Dialer Defaults]
>> Phone = *99***1#
>> Username = web
>> Password = web
>> Stupid Mode = 1
>> Dial Command = ATDT
>> Modem = /dev/ttyUSB0
>> Baud = 460800
>> Init2 = ATZ
>> Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
>> ISDN = 0
>> Modem Type = Analog Modem
>> Init5 = AT+CGDCONT=1,"IP","general.t-mobile.uk";
>>
>>
>> Any help will be really appreciated!
>> Thanks
>> Barry

Re: PHP gd library isn't loading...

[Jeff Ross]

Stuart Henderson wrote:

On 2008-05-18, Jeff Ross <[EMAIL PROTECTED]> wrote:
PHP Warning:  PHP Startup: Unable to load dynamic library 
'/var/www/lib/php/modules/gd.so' - Cannot load specified object in 
Unknown on line 0


php5-gd-5.2.5   image manipulation extensions for php5


This is not the no_x11 flavour; have you installed xbase?



Thanks to all who replied.  I did have xbase installed but it was an 
older version.  Bringing everything back up to current fixed that problem.


Now all I have to do is get php built with tidy support :-(

Jeff

Re: S/Key *and* password for SSH login

[Jacob Yocom-Piatt]

Stuart Henderson wrote:

On 2008-05-18, Mark Shroyer <[EMAIL PROTECTED]> wrote:
  

I've set up a nice secondary authentication mechanism on a Linux server.
I use this when I must shell in from, e.g., a computer lab, and I don't
have an authorized SSH private key on my workstation.  To login without
a private key, I must:

 1) Enter my account's current S/Key one-time password

and

 2) Enter my Unix password

in sequence.



In what way does typing your password in to an untrusted machine
improve security?

  


it's 2 factor authentication, duh! i read about that on the intarnetz so 
it must be a good idea regardless of the 2 factors i choose.


;)

Re: S/Key *and* password for SSH login

[Stuart Henderson]

On 2008-05-18, Mark Shroyer <[EMAIL PROTECTED]> wrote:
> I've set up a nice secondary authentication mechanism on a Linux server.
> I use this when I must shell in from, e.g., a computer lab, and I don't
> have an authorized SSH private key on my workstation.  To login without
> a private key, I must:
>
>  1) Enter my account's current S/Key one-time password
>
> and
>
>  2) Enter my Unix password
>
> in sequence.

In what way does typing your password in to an untrusted machine
improve security?

Re: wvdial.conf -> ppp.conf

[Barry Commander]

So far I have:

default:
 set log Phase Chat LCP IPCP CCP tun command

tmobile:
 set device /dev/cua00
 set speed 38400
 set log ALL

 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
\"\" AT OK-AT-OK ATZ OK \
AT+CGDCONT=1,\\\"IP\\\",\\\"general.t-mobile.uk\\\",\\\"0.0.0.0\\\",0,0
OK \
AT+CGATT=1 OK \
\\dATDT\\T TIMEOUT 40 CONNECT"

 set logout "ABORT BUSY ABORT ERROR TIMEOUT 30 \"\" +++ATH OK-ATH-OK"

 set phone *99***1#
 set authname "web"
 set authkey "web"
 set timeout 120
 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
 add default HISADDR
 enable dns
 disable ipv6cp

Which gives:
# ppp -auto tmobile
Working in auto mode
Using interface: tun0
Warning: tun0: AIFADDR 10.0.0.1/24 -> 10.0.0.2 returns 0
Warning: Add route failed: 0.0.0.0/0 already exists
#

May 18 14:50:40 tom-laptop ppp[8643]: tun0: Warning: tun0: AIFADDR
10.0.0.1/24 -> 10.0.0.2 returns 0
May 18 14:50:40 tom-laptop ppp[8643]: tun0: Warning: Add route failed:
0.0.0.0/0 already exists
May 18 14:50:50 tom-laptop ppp[32305]: tun0: Warning: Chat script failed

# route -n show
Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio
Iface
default192.168.1.1UGS7 1315 - 8 iwn0
10.0.0.2   10.0.0.1   UH 00 - 4 tun0
127/8  127.0.0.1  UGRS   00 33208 8 lo0
127.0.0.1  127.0.0.1  UH 10 33208 4 lo0
192.168.1/24   link#1 UC 10 - 4 iwn0
192.168.1.100:0e:2e:85:c4:13  UHLc   1   31 - 4 iwn0
224/4  127.0.0.1  URS00 33208 8 lo0

# ifconfig tun0
tun0: flags=8051 mtu 1500
groups: tun
inet 10.0.0.1 --> 10.0.0.2 netmask 0xff00

Any other info of use?
Thanks
Barry

2008/5/18 Barry Commander <[EMAIL PROTECTED]>:

> Hello
> I've tried and failed for a few days to convert the following wvdial.conf
> to something suitable for use on OpenBSD ( I was thinking ppp.conf )
> Could someone show me a working example please?
>
> [EMAIL PROTECTED]:~$ cat /etc/wvdial.conf
> [Dialer Defaults]
> Phone = *99***1#
> Username = web
> Password = web
> Stupid Mode = 1
> Dial Command = ATDT
> Modem = /dev/ttyUSB0
> Baud = 460800
> Init2 = ATZ
> Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
> ISDN = 0
> Modem Type = Analog Modem
> Init5 = AT+CGDCONT=1,"IP","general.t-mobile.uk";
>
>
> Any help will be really appreciated!
> Thanks
> Barry

4.3, snapshot panic while booting after ahci when no cd in drive (amd64)

[Marius Hooge]

Hi, I just discovered this weird behaviour.
It looks like I've always booted this machine with any kind of cd/dvd in the
sata attached dvd-rw drive. Without a cd the kernel panics right after
the ahci message. Well, the workaround is obvious.
I tried it on 4.3 amd64 and the snapshot from May 2 (which may be the same
anyway..?) The messages are from snapshot.
I attached the full dmesg from the booted system at the end.
Since I don't have acces to a serial console I'm typing this off of the
screen. I hope this is worth it and helps improving..

ddb output:

ahci0 at pci0 dev 18 function 0 "ATI ICP600 SATA" rev 0x00: irq 11, AHCI 1.1
scsibus0 at ahci0: 32 targets
panic: kernel diagnostic assertion "ccb->ccb_xa.state == ATA_S_ONCHIP"
failed: file "/usr/src/sys/dev/pci/ahci.c", line 1788
Stopped at  Debugger+0x5:leave
Debugger() at Debugger+0x5
panic() at panic+0x12a
__assert() at __assert+0x21
ahci_port_intr() at ahci_port_intr+0x218
ahci_poll() at ahci_poll+0x4d
ahci_ata_cmd() at ahci_ata_cmd+0x9f
ata_exec() at ata_exec+0x1a
scsi_execute_xs() at scsi_execute_xs+0x6d
scsi_scsi_cmd() at scsi_scsi_cmd+0xcb
scsi_test_unit_ready() at ascsi_test_unit_ready+0x4d
end trace frame: 0x80c25a70, count: 0

ddb> trace
Debugger() at Debugger+0x5r
panic() at panic+0x12a
__assert() at __assert+0x21
ahci_port_intr() at ahci_port_intr+0x218
ahci_poll() at ahci_poll+0x4d
ahci_ata_cmd() at ahci_ata_cmd+0x9f
ata_exec() at ata_exec+0x19
scsi_execute_xs() at scsi_execute_xs+0x6d
scsi_scsi_cmd() ata scsi_scsi_cmd+0xcb
scsi_test_unit_ready() ata scsi_test_unit_ready+0x4d
scsi_probedev() at scsi_pobedev+0x28a
scsi_probe_target() at scsi_probe_target+0x26
scsi_probe_bus() at scsi_probe_bus+0x38
config_attach() at config_attach+0x11b
atascsi_attach() at atascsi_attach+0xf8
ahci_pci_attach() ata ahci_pci_attach+0x17d
config_attach() at config_attach+0x11b
pci_probe_device() at pci_probe_device+0x20e
pci_enumerate_bus() at pci_enumerate_bus+0x104
config_attach() at config_attach+0x11b
cpu_configure() at cpu_configure+0x1c
main() at main+0x3b2
end trace frame: 0x0, count: -24

ddb> ps
  PID   PPID   PGRP   UID  S   FLAGS  WAIT   COMMAND
*0 -1  0 0  7 0x80200 swapper

full dmesg:
OpenBSD 4.3-current (GENERIC) #1430: Fri May  2 03:06:32 MDT 2008
   [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 2012672000 (1919MB)
avail mem = 1942323200 (1852MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xfb990 (48 entries)
bios0: vendor American Megatrends Inc. version "V1.5" date 10/15/2007
bios0: MICRO-STAR INTERANTIONAL CO.,LTD MS-7368
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC MCFG OEMB HPET SSDT
acpi0: wakeup devices PCE2(S0) PCE3(S0) PCE4(S0) PCE5(S0) PCE6(S0) 
PCE7(S0) SBAZ(S0) PS2K(S0) PS2M(S0) P0PC(S0) AC97(S0) MC97(S0) USB1(S0) 
USB2(S0) USB3(S0) USB4(S0) USB5(S0) EUSB(S0) PWRB(S0)

acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihpet0 at acpi0: 14318180 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (P0P1)
acpiprt2 at acpi0: bus -1 (PCE2)
acpiprt3 at acpi0: bus -1 (PCE3)
acpiprt4 at acpi0: bus -1 (PCE4)
acpiprt5 at acpi0: bus -1 (PCE5)
acpiprt6 at acpi0: bus -1 (PCE6)
acpiprt7 at acpi0: bus 2 (PCE7)
acpiprt8 at acpi0: bus 3 (P0PC)
acpicpu0 at acpi0: PSS
acpibtn0 at acpi0: PWRB
cpu0 at mainbus0: (uniprocessor)
cpu0: AMD Athlon(tm) Processor LE-1600, 2200.28 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 
64b/line 16-way L2 cache

cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: PowerNow! K8 2200 MHz: speeds: 2200 2000 1800 1000 MHz
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 "ATI RS690 Host" rev 0x00
ppb0 at pci0 dev 1 function 0 "ATI RS690 PCIE" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 5 function 0 "ATI Radeon X1250" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
azalia0 at pci1 dev 5 function 2 "ATI RS690 HD Audio" rev 0x00: irq 10
azalia0: /usr/src/sys/dev/pci/azalia.c/1359 invalid PCM format: 0x
azalia0: No codecs found
ppb1 at pci0 dev 7 function 0 "ATI RS690 PCIE" rev 0x00
pci2 at ppb1 bus 2
re0 at pci2 dev 0 function 0 "Realtek 8168" rev 0x01: RTL8168 2 
(0x3800), irq 10, address 00:1d:92:34:4f:37

rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2
ahci0 at pci0 dev 18 function 0 "ATI IXP600 SATA" rev 0x00: irq 11, AHCI 1.1
scsibus0 at ahci0: 32 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 
5/cdrom removable
sd0 at scsibus0 targ 1 lun 0:  ATAPI 
0/direct fixed

sd0: 76319MB, 9729 cyl, 255 head, 63 sec, 512 bytes/sec, 156301488 sec total
ohci0 at pci0 dev 19 function 0 "ATI IXP600 USB" rev 0x00: irq 5, 
version 1.0, legacy support
ohci1 at pci0 dev 19 functio

wvdial.conf -> ppp.conf

[Barry Commander]

Hello
I've tried and failed for a few days to convert the following wvdial.conf to
something suitable for use on OpenBSD ( I was thinking ppp.conf )
Could someone show me a working example please?

[EMAIL PROTECTED]:~$ cat /etc/wvdial.conf
[Dialer Defaults]
Phone = *99***1#
Username = web
Password = web
Stupid Mode = 1
Dial Command = ATDT
Modem = /dev/ttyUSB0
Baud = 460800
Init2 = ATZ
Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
ISDN = 0
Modem Type = Analog Modem
Init5 = AT+CGDCONT=1,"IP","general.t-mobile.uk";


Any help will be really appreciated!
Thanks
Barry

Re: [OpenBSD 4.2] dhclient issues

[Dorian Büttner]

Chris schrieb:

I am having issues with one of my OBSD boxes receiving DHCP IP address
from my ADSL modem. This problem has just started recently and I am
not sure if it's a software or hardware that's causing the issue. My
network interface is fxp0 and if I do "ifconfig fxp0", it shows
"status: no career". If I do "dhclient fxp0" I get the following:

  
"no carrier" means no cable connection - check your hw. what do the 
status LEDs on either your nic and your modem indicate?

Re: PHP gd library isn't loading...

[Stuart Henderson]

On 2008-05-18, Jeff Ross <[EMAIL PROTECTED]> wrote:
> PHP Warning:  PHP Startup: Unable to load dynamic library 
> '/var/www/lib/php/modules/gd.so' - Cannot load specified object in 
> Unknown on line 0
>
> php5-gd-5.2.5   image manipulation extensions for php5

This is not the no_x11 flavour; have you installed xbase?

Re: pf-altq-bandwith_problem

[Stuart Henderson]

On 2008-05-18, Lord Sporkton <[EMAIL PROTECTED]> wrote:
> as a side note, i dont believe openbsd can do altq on anything other
> than a physical interface, so if you put the servers on a dmz, make
> sure to use a physical interface, not a vlan.

altq works here on pppoe and vlan.

Re: Multicasting on OpenBSD

[Stuart Henderson]

On 2008-05-18, Insan Praja SW <[EMAIL PROTECTED]> wrote:
> Just wondering around, is there any multicasting technology (PIM-SM,  
> PIM-SSM etc) currently developed or implemented in OpenBSD?. Since working  
> with this unbelievable OS (especially with routing/filtering/forwarding) I  
> wish to know more about it.

You might be able to do PIM-SM using Xorp (in ports). In base we
have DVMRP support (look at dvmrpd not mrouted).

On the smaller end of the pipe, igmpproxy (in ports) works nicely
for me with the BBC's multicast feeds.

S/Key *and* password for SSH login

[Mark Shroyer]

I've set up a nice secondary authentication mechanism on a Linux server.
I use this when I must shell in from, e.g., a computer lab, and I don't
have an authorized SSH private key on my workstation.  To login without
a private key, I must:

 1) Enter my account's current S/Key one-time password

and

 2) Enter my Unix password

in sequence.  Importantly, if I enter the correct S/Key password but
then an incorrect Unix password, I must proceed to supply the *next*
S/Key password before I can try entering the Unix password again.  This
means that even if someone knows my current one-time password, he can
use it to take only a single shot at guessing my Unix password; the
overall strength of the authentication scheme is essentially the product
of my Unix password's and S/Key's strength.

With PAM, I achieve this by putting the following in /etc/pam.d/ssh:

auth requisite pam_opie.so
auth required pam_unix.so

(OPIE is an S/Key implementation on Linux.)

Now I'd like to set up the same scheme on my OpenBSD machines.  But how?
I don't mind implementing my own BSD Auth mechanism, if I must, in order
to obtain the desired logic, but even then I don't know how I would
configure sshd to use it exclusively without changing the behavior of
console logins as well:  As far as I can tell, login.conf doesn't let
one specify SSH-specific rules like it does for FTP (there's no
auth-ssh-defaults hiding somewhere, is there?), and I can't find
anything pertinent in the OpenSSH documentation either.

Simply logging in with "username:skey_and_passwd" (where
login_skey_and_passwd is my hypothetical BSD Auth mechanism) wouldn't
suffice, because my goal is to require authenticating with both factors,
not to make it optional; but disabling password logins across the board
by setting auth-defaults won't do it either, because I still want to
authenticate with just my password when I login from the console.

So, any thoughts?  Thanks in advance!

-- 
Mark Shroyer
http://markshroyer.com/contact/

Re: PHP gd library isn't loading...

[Richard Toohey]

On 18/05/2008, at 12:09 PM, Jeff Ross wrote:

It seems that I've somehow lost the ability to load the php5-gd  
library into apache on my more or less -current box, even though  
I've installed the package and made the link as instructed when I  
installed the package.


A page that pulls php_info() doesn't show gd at all, and if I tack  
a call to gd_info() to that script the whole thing fails with a  
function not found error.


When I start or re-start apache I do not get any errors, but when I  
run a scrip from the cli I get this:


PHP Warning:  PHP Startup: Unable to load dynamic library '/var/www/ 
lib/php/modules/gd.so' - Cannot load specified object in Unknown on  
line 0





Was this all working before and suddenly stopped working?

Or something that you are trying to get going for the first time?

What does the gd.so module say that it needs (use ldd?)

I have not got an OpenBSD current PHP 5 system to hand, this is from  
FreeBSD,

so may or may not help.

> ldd /usr/local/lib/php/20060613/gd.so
/usr/local/lib/php/20060613/gd.so:
libt1.so.5 => /usr/local/lib/libt1.so.5 (0x281b6000)
libfreetype.so.9 => /usr/local/lib/libfreetype.so.9  
(0x28207000)

libX11.so.6 => /usr/local/lib/libX11.so.6 (0x2826f000)
libXpm.so.4 => /usr/local/lib/libXpm.so.4 (0x28354000)
libpng.so.5 => /usr/local/lib/libpng.so.5 (0x28363000)
libz.so.3 => /lib/libz.so.3 (0x28385000)
libjpeg.so.9 => /usr/local/lib/libjpeg.so.9 (0x28396000)
libm.so.4 => /lib/libm.so.4 (0x283b4000)
libXau.so.6 => /usr/local/lib/libXau.so.6 (0x283ca000)
libXdmcp.so.6 => /usr/local/lib/libXdmcp.so.6 (0x283cd000)
librpcsvc.so.3 => /usr/lib/librpcsvc.so.3 (0x283d2000)

Do you need to copy anything else into the chrooted() Apache  
environment?
(Not that it helps with the CLI error message, but the ldd advice is  
in there.)


http://www.openbsd.org/faq/faq10.html#httpdchroot

php.ini OK?

HTH.

[OpenBSD 4.2] dhclient issues

[Chris]

I am having issues with one of my OBSD boxes receiving DHCP IP address
from my ADSL modem. This problem has just started recently and I am
not sure if it's a software or hardware that's causing the issue. My
network interface is fxp0 and if I do "ifconfig fxp0", it shows
"status: no career". If I do "dhclient fxp0" I get the following:

DHCPREQUEST on fxp0 to 255.255.255.255 port 67
DHCPREQUEST on fxp0 to 255.255.255.255 port 67
DHCPREQUEST on fxp0 to 255.255.255.255 port 67
DHCPREQUEST on fxp0 to 255.255.255.255 port 67
DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 1
DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 2
DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 5
DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 11
DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 13
DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 12
DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 13
DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 4
No DHCPOFFERS received.
Trying recorded lease 192.16.25.11
bound: renewal in 13249 seconds

My /etc/hostname.fxp0 file reads: dhcp NONE NONE NONE NONE. I have
been using this exact same setting for a long time now.

I don't have any problem with the ADSL modem as other machines can
receive DHCP addresses fine. I have also changed the CAT5 cable.

Is there anything more I could do to figure out what the problem is?
Or am I doing something wrong?

Thanks for any help.

$30milion business proposal if you are interested reply me or call+22678217398

[Mohammed Ali]

You are invited to "$30milion business proposal if you are interested reply me 
or call+22678217398".


By your host Mohammed Ali:


 Date:  Sunday May 18, 2008

 Time:  8:00 am - 9:00 am (GMT +00:00)

Will you attend? RSVP to this invitation at:

 
http://calendar.yahoo.com/mohammed.ali001?v=126&a1=0&iid=uhBnfgpbIuxC%40JH7JxQNQqd%40oFAbBMnGHpC76F7bW9v%40&igid=uhBnfgpbIuxC%40JH7JxQNQqd%409FBbBM7CWpC7MB7fW9v%40

Copyright ) 2008 All Rights Reserved
 www.yahoo.com

Privacy Policy:
 http://privacy.yahoo.com/privacy/us

Terms of Service:
 http://docs.yahoo.com/info/terms/

Problems trunk-ing tun interfaces

[Romar Morales]

I need help trunking tun interfaces.

Actual goal - aggregate six ADSL connections from an office to a
central network with gigE internet access for higher bandwidth to the
office.

Current state- four layer 2 tunnels that work individually, but which
fail when part of a trunk virtual interface
I've tried trunkproto of roundrobin, loadbalance and failover and none
of them work. When not part of the trunk, the individual tun pass
traffic properly.

Is there some sysctl setting I'm not aware of that is required for
trunking the tun interfaces to pass IP traffic across all the tun
interfaces?

-- 
Romar Morales