date:20081014

Re: New Atheros Chips

2008-10-14 Thread Peter N. M. Hansteen

Neal Hogan [EMAIL PROTECTED] writes:

 I second Hannes' query. I have a T400 with a 5424 chipset. 4.4 recognizes
 the devise, but I'm unable to connect (I get *ath0: unable to reset
 hardware; hal status 3.* error mesg when I attempt to ifconfig). 

Sounds like somebody needs to get reyk@ one of these then 

- P
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

route-to doesnot work for me - what am i doing wrong

2008-10-14 Thread Siju George

Hi,

I have firewall

sk0 - LAN Interface
rl1 - Primary internet connection
rl2 - secondary Internet connection

I have a line in pf.conf

pass in quick on $int_if route-to ( $ext_if2 $ext_ifgw ) from
hifxchn2 to any keep state

to route requests from hosts in hifxchn2 through the rl2 internet
connection but it does not seem to work.

the full pf.conf is below

===
##NETWORK INTERFACES
#
int_if=sk0#HiFX LAN Interface - Connected to Main
Swithches - using 172.16.0.0/12 Range.
ext_if=rl1#Dataone Connection - rl2 interface
Connected to the Dataone Router.
ext_if2=rl2
ext_ifgw=122.166.40.1
proxy=122.166.40.36


#Private IP Address Range Specified by RFC 1918.
#
priv_nets={ 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }


#Computers in HiFX LAN that are permitted to bypass squid to make HTTP
and HTTPS connections directly to the Internet
#
table bypass-squid-users persist file /etc/pf-tables/bypass-squid-users

#Websites to which bypassing SQUID is allowed.
#
table bypass-squid-sites persist file /etc/pf-tables/bypass-squid-sites
table lanspl persist file /etc/pf-tables/lanspl
table adm persist file /etc/pf-tables/adms
table vtcservers persist file /etc/pf-tables/vtcservers
table bannedIPs persist file /etc/pf-tables/bannedIPs
table authpf_users persist
table hifxchn2 persist file /etc/pf-tables/hifxchn2

#Traffic Normalization - Required for pppoe connection.
#
scrub on $ext_if all no-df random-id fragment reassemble

###Network Address Translation and Port Redirection
###The First Matching rule wins here for any packet and no further
nat or rdr rules are checked.
nat-anchor authpf/*
rdr-anchor authpf/*
binat-anchor authpf/*

nat pass on $ext_if from adm to any - ($ext_if)
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr pass on $int_if proto tcp from $int_if:network to any port 21 -
127.0.0.1 port 8021

# redirect to beergas website
rdr pass on $ext_if inet proto tcp from any to any port 80 -
172.16.4.12 port 80
rdr pass on $ext_if inet proto tcp from any to any port 443 -
172.16.4.12 port 443

###
#
nat on $ext_if from bypass-squid-users to any - ($ext_if)

#NAT connections to specified websites.
nat on $ext_if from any to bypass-squid-sites port { 80, 443 } - ($ext_if)
nat on $ext_if from any to bypass-squid-sites port { 80, 443 } - ($ext_if2)

#Block NAT for other hosts to port 80 and 443 on the Internet.
#They should all go via SQUID CACHE PROXY
#
no nat on $ext_if from any to any port { 80, 443 }
no nat on $ext_if2 from any to any port { 80, 443 }

#Allow NAT for rest of the Computers to Internet - port 80 and 443 is
already blocked for these hosts by the rule above.
#
nat on $ext_if from $int_if:network to any - ($ext_if)
nat on $ext_if2 from $int_if:network to any - ($ext_if2)

#The SQUID CACHE PROXY Listens on localhost interface port 8080 for
security reasons.
#PROXY configuration for computers in the HIFX LAN Machine in the IP
Address of $int_if and port 8080
#Hence all Traffic comming to $int_if port 8080 should be redirected
to SQUID running on localhost:8080
#

no rdr on $int_if from any to 70.86.222.30
rdr on $int_if proto tcp from any to any port 8080 - 127.0.0.1 port 8080

###Filter Rules.
###The last matching rule wins here for packets except when the quick
word is used in which case Further rules are not processed.
#Starting with a Deny all Traffic Policy. Later rules open up the
firewall for required traffic.

block all
pass in quick on $ext_if inet proto tcp from any to any port ssh keep state

#Blocking RFC1918 Traffic.
block in log quick on $ext_if from $priv_nets to any
block out log quick on $ext_if from any to $priv_nets
block out log quick on $ext_if from any to bannedIPs

#Allow all traffic on the localhost interface.

pass quick on lo0 all

#Allow Traffic from HIFX LAN to pass through the firewall  also allow
traffic from firewall to enter the LAN.

pass in quick on $int_if from any to $int_if keep state
pass out quick on $int_if from $int_if to any keep state


pass in quick on $int_if route-to ( $ext_if2 $ext_ifgw ) from
hifxchn2 to any keep state

pass in quick on $int_if from $int_if:network to any keep state
pass out quick on $int_if from any to $int_if:network keep state



#Allow Trafficfrom Firewall to pass out to the Internet.
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if2 proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
pass out on $ext_if2 proto { udp, icmp } all keep state


#ftp-proxy
anchor ftp-proxy/*
pass out proto tcp from $proxy to any port 21 keep state

#authpf
anchor authpf/*



# ifconfig -a
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33224
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128

Re: New Atheros Chips

2008-10-14 Thread Peter Hessler

On 2008 Oct 14 (Tue) at 08:11:59 +0200 (+0200), Peter N. M. Hansteen wrote:
:Neal Hogan [EMAIL PROTECTED] writes:
:
: I second Hannes' query. I have a T400 with a 5424 chipset. 4.4 recognizes
: the devise, but I'm unable to connect (I get *ath0: unable to reset
: hardware; hal status 3.* error mesg when I attempt to ifconfig). 
:
:Sounds like somebody needs to get reyk@ one of these then 

I have one of these chips, and I see reyk on a regular basis.  We're
working on it.

-- 
Join the march to save individuality!

softraid status?

2008-10-14 Thread Michael


Hello,

been a long time since any updates to softraid and I just wanted to ask 
how the status is?


Will there be any more changes to the metadata? I wouldn't want to 
create one now if the metadata is going to change again soon.



Thanks in advance,

Michael

Re: mutt: SMTP authentication requires SASL

2008-10-14 Thread Stuart Henderson

On 2008-10-14, Chris [EMAIL PROTECTED] wrote:
 I've been trying to send mails via Gmail's IMAP using Mutt 1.5.17 on
 OBSD 4.3. I installed this Mutt from the package list.

You want the mutt-1.5.17p0-sasl.tgz package, not mutt-1.5.17p0.tgz

Doubled binary in /bin in snapshot?

2008-10-14 Thread Tomas Bodzar


Hi all,

have you same problem ? Look at $ls -lF /bin
There is a [* and test* ,both binaries do the same and cmp(1) says,that 
they are same.


Am I missing something or it's bug?

snapshot i386 #1076

Re: Doubled binary in /bin in snapshot?

2008-10-14 Thread Andreas Kahari

You're missing something.

Try man [ and man test.

They are the same. No problem.

Andreas

2008/10/14 Tomas Bodzar [EMAIL PROTECTED]:
 Hi all,

 have you same problem ? Look at $ls -lF /bin
 There is a [* and test* ,both binaries do the same and cmp(1) says,that they
 are same.

 Am I missing something or it's bug?

 snapshot i386 #1076





-- 
Andreas Kahari
Somewhere in the general Cambridge area, UK

Re: Doubled binary in /bin in snapshot?

2008-10-14 Thread Tomas Bodzar


I'm not so old :-D
A little magic for someone who is not good in Unix scripting and 
think,that [ is only mistake :-)


Thanks all for answer and more light on it for me

Almir Karic wrote:

On Tue, Oct 14, 2008 at 03:22:32PM +0200, Tomas Bodzar wrote:

Hi all,

have you same problem ? Look at $ls -lF /bin
There is a [* and test* ,both binaries do the same and cmp(1) says,that  
they are same.


Am I missing something or it's bug?


you are missing the lesson in history in unix shell scripting :-)

they are not doubled, they are hard links:

$ ls -i /bin/{test,[}   
25985 /bin/[ 25985 /bin/test

Re: BSD Port from OpenJDK

2008-10-14 Thread Kurt Miller

On Wednesday 08 October 2008 2:21:23 pm Benjamin Adams wrote:
 Just wondering if this will effect OpenBSD with java:

Eventually it will make things easier for BSD Java porting.

-Kurt

Re: sparc64 cas0 error

2008-10-14 Thread Carofa

 Michael schrieb:
 sometimes I get this on my SUN Fire v440 when there is some traffic:

 cas0: status=7889090RXDONE,RX_COMP_FULL,RXMAC

 cas0 stops working then. Using ifconfig cas0 down/up only helps for a
 very short time. Only way to get it to work again for some time is a
 full reboot.

 Yes I have the same problem on my Sun Blade 150 with cas1:

cas1: status=10681090RXDONE,RX_COMP_FULL
cas1: status=10689090RXDONE,RX_COMP_FULL,RXMAC
cas1: status=16981090RXDONE,RX_COMP_FULL
cas1: status=16989090RXDONE,RX_COMP_FULL,RXMAC
cas1: status=c001090RXDONE,RX_COMP_FULL
cas1: status=c001090RXDONE,RX_COMP_FULL
cas1: status=d801090RXDONE,RX_COMP_FULL
cas1: status=d809090RXDONE,RX_COMP_FULL,RXMAC
cas1: status=581090RXDONE,RX_COMP_FULL
cas1: status=7c81090RXDONE,RX_COMP_FULL


but cas1 does not stop working! I use the Computer as Bridge.
-- 
View this message in context: 
http://www.nabble.com/sparc64-cas0-error-tp18586312p19971803.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: pkg_add ftp options

2008-10-14 Thread Bryan Irvine

On Tue, Oct 14, 2008 at 8:08 AM, Aaron Martinez [EMAIL PROTECTED] wrote:
 I've just installed OpenBSD from a snapshot yesterday and noticed
 afterwards I can't seem to ftp out from the command line either passive or
 active.  I finally issued an ftp -AaE some ftp site and it works just
 fine so I'm guessing that the firewall i'm sitting behind is doing
 something wrong with control connections. Unfortunately most people here
 are using windows and it seems to work fine from winbloze.  This does
 however make installing packages rather difficult.

 Is there any way to specify to pkg_add any ftp options so I can get around
 this  issue?  I saw in the man page that you can set the FTPMODE
 environment variable to active, which I did, but still no luck.

man 1 pkg_add and look for FETCH_COMMAND.

-B

pkg_add ftp options

2008-10-14 Thread Aaron Martinez

I've just installed OpenBSD from a snapshot yesterday and noticed
afterwards I can't seem to ftp out from the command line either passive or
active.  I finally issued an ftp -AaE some ftp site and it works just
fine so I'm guessing that the firewall i'm sitting behind is doing
something wrong with control connections. Unfortunately most people here
are using windows and it seems to work fine from winbloze.  This does
however make installing packages rather difficult.

Is there any way to specify to pkg_add any ftp options so I can get around
this  issue?  I saw in the man page that you can set the FTPMODE
environment variable to active, which I did, but still no luck.

Thanks,

Aaron Martinez

strptime and mktime()?

2008-10-14 Thread Mark B.

Hi,

[Posting here because I think there is a potential manual
improvement in this puzzle, which I will be happy to write up once
I figure it out.]

I'm trying to figure out how to convert a string to seconds since epoch
in the local timezone.

When I use strptime() and mktime(), I get a result that is one hour off.

My best guess is that mktime() expects tm_isdst but strptime() doesn't
load it.  But I don't know how to work around this.

Or am I missing something else?

Below is a short program that demonstrates the behavior and it's output.

Thanks for any help,

m

$ ./a.out
date -j 200810140806.21 +%s returns 1223985981
a.out: tm.tm_sec= 21
a.out: tm.tm_min= 6
a.out: tm.tm_hour   = 8
a.out: tm.tm_mday   = 14
a.out: tm.tm_mon= 9
a.out: tm.tm_year   = 108
a.out: tm.tm_wday   = 0
a.out: tm.tm_yday   = 0
a.out: tm.tm_isdst  = 0
a.out: tm.tm_zone   = (null)
a.out: tm.tm_gmtoff = 0
exp 1223985981, got 1223989581: delta = -3600
$



#include sys/types.h
#include sys/wait.h

#include limits.h
#include err.h
#include float.h
#include stdio.h
#include stdlib.h
#include string.h
#include time.h

#define EXITOK(rc)  (WIFEXITED(rc)  WEXITSTATUS(rc) == 0)

static char *time_s= 2008-10-14 08:06:21;
static char *time_s_v2 = 200810140806.21;
static char *fmt= %Y-%m-%d %H:%M:%S;

/* Return seconds since epoch computed using the date utility. */
time_t
expected()
{
char cmd[500] = {0};
char outbuf[4096];
unsigned longexp, act;
int  rc;
FILE*pfp;

/* date -j 200810140806.21 +%s */
(void) snprintf(cmd, sizeof(cmd),
date -j %s +%%s, time_s_v2);

if ((pfp = popen(cmd, r)) == NULL)
errx(1, popen failed.);
while (fgets(outbuf, sizeof(outbuf), pfp) != NULL)
printf(%s returns %s, cmd, outbuf);
if((rc = pclose(pfp)) == -1)
errx(1, pclose returns -1);
if (!EXITOK(rc))
errx(1, %s didn't terminate normally, cmd);

return (time_t) strtoul(outbuf, 0, 10);
}

/* Returns seconds since epoch using strptime() and mktime() */
time_t
actual()
{
struct tm   tm;
time_t   rval;

rval = (time_t) 0;

memset(tm, 0, sizeof(tm));
if (strptime(time_s, fmt, tm) == NULL)
errx(1, fmt '%s' didn't match '%s', fmt, time_s);

warnx(tm.tm_sec= %d, tm.tm_sec);
warnx(tm.tm_min= %d, tm.tm_min);
warnx(tm.tm_hour   = %d, tm.tm_hour);
warnx(tm.tm_mday   = %d, tm.tm_mday);
warnx(tm.tm_mon= %d, tm.tm_mon);
warnx(tm.tm_year   = %d, tm.tm_year);
warnx(tm.tm_wday   = %d, tm.tm_wday);
warnx(tm.tm_yday   = %d, tm.tm_yday);
warnx(tm.tm_isdst  = %d, tm.tm_isdst);
warnx(tm.tm_zone   = %s, tm.tm_zone);
warnx(tm.tm_gmtoff = %lu, tm.tm_gmtoff);

return mktime(tm);
}

int
main(void)
{
time_t  act, exp;
double  delta;

exp = expected();
act = actual();

delta = difftime(exp, act);
if (fabs(delta)  DBL_EPSILON) {
printf(exp %llu, got %llu: delta = %.0f\n,
(long long int) exp, (long long int) act,
delta);
return 1;
}
else
return 0;

}

4.4 arriving in the U.S.

2008-10-14 Thread Dave Anderson

Today's mail delivered the 4.4 CDs near Boston, Mass.

Many thanks to the developers,

Dave

-- 
Dave Anderson
[EMAIL PROTECTED]

Re: route-to doesnot work for me - what am i doing wrong

2008-10-14 Thread Insan Praja SW

On Tue, 14 Oct 2008 14:33:19 +0700, Siju George [EMAIL PROTECTED]  
wrote:

Hi Siju,
I think there are several things you need to understand more about pf  
quick option.
If you don't use quick option on rules, then it will be last matching rule  
applied, but if you you use quick option, the first matching rule will be  
applied, the rest will be ignored. So, if you use quick option the filter  
order would be;


rule 1 # very detail
rule 2 # pretty much detail
rule 3 # detail
rule 4 # not detail

something like;
pass in quick on $int_if inet proto tcp from net_example1 to internet
pass in quick on $int_if inet from net_example1 to internet
pass in quick on $int_if from net_example1 to any
pass in quick on $int_if


if you don't use quick then it would be;
rule 1 # not detail
rule 2 # detail
rule 3 # pretty much detail
rule 4 # very detail

something like;
pass in on $int_if
pass in on $int_if from net_example1 to any
pass in on $int_if from net_example1 to internet
pass in on $int_if inet from net_example1 to internet
pass in on $int_if inet proto tcp from net_example to internet

HTH,
Insan


Hi,

I have firewall

sk0 - LAN Interface
rl1 - Primary internet connection
rl2 - secondary Internet connection

I have a line in pf.conf

pass in quick on $int_if route-to ( $ext_if2 $ext_ifgw ) from
hifxchn2 to any keep state

to route requests from hosts in hifxchn2 through the rl2 internet
connection but it does not seem to work.

the full pf.conf is below

===
##NETWORK INTERFACES
#
int_if=sk0#HiFX LAN Interface - Connected to Main
Swithches - using 172.16.0.0/12 Range.
ext_if=rl1#Dataone Connection - rl2 interface
Connected to the Dataone Router.
ext_if2=rl2
ext_ifgw=122.166.40.1
proxy=122.166.40.36


#Private IP Address Range Specified by RFC 1918.
#
priv_nets={ 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }


#Computers in HiFX LAN that are permitted to bypass squid to make HTTP
and HTTPS connections directly to the Internet
#
table bypass-squid-users persist file  
/etc/pf-tables/bypass-squid-users


#Websites to which bypassing SQUID is allowed.
#
table bypass-squid-sites persist file  
/etc/pf-tables/bypass-squid-sites

table lanspl persist file /etc/pf-tables/lanspl
table adm persist file /etc/pf-tables/adms
table vtcservers persist file /etc/pf-tables/vtcservers
table bannedIPs persist file /etc/pf-tables/bannedIPs
table authpf_users persist
table hifxchn2 persist file /etc/pf-tables/hifxchn2

#Traffic Normalization - Required for pppoe connection.
#
scrub on $ext_if all no-df random-id fragment reassemble

###Network Address Translation and Port Redirection
###The First Matching rule wins here for any packet and no further
nat or rdr rules are checked.
nat-anchor authpf/*
rdr-anchor authpf/*
binat-anchor authpf/*

nat pass on $ext_if from adm to any - ($ext_if)
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr pass on $int_if proto tcp from $int_if:network to any port 21 -
127.0.0.1 port 8021

# redirect to beergas website
rdr pass on $ext_if inet proto tcp from any to any port 80 -
172.16.4.12 port 80
rdr pass on $ext_if inet proto tcp from any to any port 443 -
172.16.4.12 port 443

###
#
nat on $ext_if from bypass-squid-users to any - ($ext_if)

#NAT connections to specified websites.
nat on $ext_if from any to bypass-squid-sites port { 80, 443 } -  
($ext_if)
nat on $ext_if from any to bypass-squid-sites port { 80, 443 } -  
($ext_if2)


#Block NAT for other hosts to port 80 and 443 on the Internet.
#They should all go via SQUID CACHE PROXY
#
no nat on $ext_if from any to any port { 80, 443 }
no nat on $ext_if2 from any to any port { 80, 443 }

#Allow NAT for rest of the Computers to Internet - port 80 and 443 is
already blocked for these hosts by the rule above.
#
nat on $ext_if from $int_if:network to any - ($ext_if)
nat on $ext_if2 from $int_if:network to any - ($ext_if2)

#The SQUID CACHE PROXY Listens on localhost interface port 8080 for
security reasons.
#PROXY configuration for computers in the HIFX LAN Machine in the IP
Address of $int_if and port 8080
#Hence all Traffic comming to $int_if port 8080 should be redirected
to SQUID running on localhost:8080
#

no rdr on $int_if from any to 70.86.222.30
rdr on $int_if proto tcp from any to any port 8080 - 127.0.0.1 port 8080

###Filter Rules.
###The last matching rule wins here for packets except when the quick
word is used in which case Further rules are not processed.
#Starting with a Deny all Traffic Policy. Later rules open up the
firewall for required traffic.

block all
pass in quick on $ext_if inet proto tcp from any to any port ssh keep  
state


#Blocking RFC1918 Traffic.
block in log quick on $ext_if from $priv_nets to any
block out log quick on $ext_if from any to $priv_nets
block out log quick on $ext_if from any to bannedIPs

#Allow all traffic on the localhost interface.

pass quick on lo0 all

IPsec somewhat misleading error message

2008-10-14 Thread Dirk Mast

Hello,

whilst setting up IPSEC, I discovered, that isakmpd answers with
NO_PROPOSAL_CHOSEN if you mix up the phase 2 ID's, here the src/dst IPs of 
the rule.

I think this is misleading, since as I understand it, NO_PROPOSAL_CHOSEN
should be sent, if the clients can't find a matching encryption algorithm 
in phase 2.

Please correct me here, if I'm wrong.


172-Oct 13 21:51:15 PFusch isakmpd[21124]: responder_recv_HASH_SA_NONCE:
peer proposed invalid phase 2 IDs: initiator id ac10015f: 172.16.1.95,
responder id ac100100/ff00: 172.16.1.0/255.255.255.0
173:Oct 13 21:51:15 PFusch isakmpd[21124]: dropped message from 172.16.1.95
port 500 due to notification type NO_PROPOSAL_CHOSEN


I think this should make it more clear to state that it's the message id
and not the enc algorithm.

Don't be to harsh, it's the first patch I ever made.



Index: src/sbin/isakmpd/ike_quick_mode.c
===
RCS file: /cvs/src/sbin/isakmpd/ike_quick_mode.c,v
retrieving revision 1.101
diff -u -r1.101 ike_quick_mode.c
--- src/sbin/isakmpd/ike_quick_mode.c   15 Aug 2007 21:05:45 - 
1.101
+++ src/sbin/isakmpd/ike_quick_mode.c   14 Oct 2008 16:27:12 -
@@ -1699,7 +1699,7 @@
(exchange-doi-decode_ids(initiator id %s, responder
 id %s, ie-id_ci, ie-id_ci_sz, ie-id_cr,
ie-id_cr_sz, 1)));
-   message_drop(msg, ISAKMP_NOTIFY_NO_PROPOSAL_CHOSEN, 0, 1,0);
+   message_drop(msg, ISAKMP_NOTIFY_INVALID_MESSAGE_ID, 0, 1,0);
goto cleanup;
}

Re: strptime and mktime()?

2008-10-14 Thread Philip Guenther

On Tue, Oct 14, 2008 at 10:04 AM, Mark B. [EMAIL PROTECTED] wrote:
...
 My best guess is that mktime() expects tm_isdst but strptime() doesn't
 load it.  But I don't know how to work around this.

strptime() doesn't have enough information to set the tm_isdst member.
 Indeed, if you set it yourself before calling strptime(), it'll leave
it unaltered.  Right now, you're setting it to zero via a memset().
Let's see what the mktime() manpage says about tm_isdst:
 (A positive or zero value for tm_isdst causes
 mktime() to presume initially that summer time (for example, Daylight
 Saving Time in the U.S.A.) respectively, is or is not in effect for the
 specified time.  A negative value for tm_isdst causes the mktime() func-
 tion to attempt to divine whether summer time is in effect for the speci-
 fied time; in this case it does not use a consistent rule and may give a
 different answer when later presented with the same argument.)

Sounds like you're expecting the behavior of tm_isdst  0, so set it
to negative one before calling mktime.

(The not a consistent rule is because there's an hour of date-time
strings every year that repeat, first with summer time, then with
standard time.  If you can't stand the ambiguity, then you need to
carry the zone information along with your date-time strings and then
do the zone handling yourself.)


Philip Guenther

4.4 arrived

2008-10-14 Thread Henri Salo

My box (4.4 CD + The Book Of PF + Secure Architectures With OpenBSD)
arrived to Espoo, Finland today. Thank you very much.

Great books by the way.

-- 
Henri Salo fgeek at hack.fi +358407705733
GPG ID: 2EA46E4F  fp: 14D0 7803 BFF6 EFA0 9998  8C4B 5DFE A106 2EA4 6E4F

PPPoE(4) Two ADSL modems (identical LCP session issue)

2008-10-14 Thread gm_sjo

I am running 4.3 GENERIC.MP.

I appear to have hit an issue whereby two adsl modems are presenting
the same LCP session. I believe this is confusing pppoe(4). I am
unable to reconfigure the session presented by the modem (which I
believe likely to be the case on most devices).

Scenario:-

- Two ethernet interfaces connected directly to two adsl bridge modems
(which do pppoapppoe, but pppoe as far as obsd is concerned),
configured as pppoe1 and pppoe2.
- Either pppoe interface will connect as long as the other interface
is set to 'down'.
- If you try and bring the other interface up whilst the other is
active, you get the following :-

Oct 14 18:49:55 hadrian /bsd: pppoe1: session 0x6 connected
Oct 14 18:49:55 hadrian /bsd: pppoe1: lcp open(initial)
Oct 14 18:49:55 hadrian /bsd: pppoe1: lcp initial-starting
Oct 14 18:49:55 hadrian /bsd: pppoe1: phase establish
Oct 14 18:49:55 hadrian /bsd: pppoe1: lcp up(starting)
Oct 14 18:49:55 hadrian /bsd: pppoe1: lcp starting-req-sent
Oct 14 18:49:55 hadrian /bsd: pppoe1: lcp output conf-req id=0x85
len=10 05-06-32-b5-5d-33
Oct 14 18:49:55 hadrian /bsd: pppoe1 (8864) state=3, session=0x6
output - 00:50:7f:37:80:1b, len=18
Oct 14 18:49:56 hadrian /bsd: pppoe1: lcp TO(req-sent) rst_counter = 10
Oct 14 18:49:56 hadrian /bsd: pppoe1: lcp output conf-req id=0x86
len=10 05-06-32-b5-5d-33

.. which repeats 10 times and resets, then repeats indefinately.

I believe the issue is with session=0x6. This is the same session
number that is associated with the interface that is currently up and
working (pppoe2 in this example).

Unfortunately i'm not a developer, but the guy who found this for me
suggested to look at
sys/net/if_pppoe.c:pppoe_find_softc_by_session() and hinted that the
behaviour of this should change.

Is anyone aware of this issue? I've never submitted a bug before :-)

Thanks

Re: Best Way to get OpenBSD installed on Sun Blade 1000/2000

2008-10-14 Thread L. V. Lammert

On Mon, 13 Oct 2008, Vivek Ayer wrote:

 I'm getting zilch. I'm starting to suspect that I got ripped off on
 this cable. I could be just as wrong. I just need to test this cable
 with a windows machine via hyperterminal to absolutely make sure it's
 not working.

Serial cables can be a PAIN - there's no way to verify the connections
without a breakout box that shows the signals. If you don't have one,
google the pinouts and check for -V on pins 2 and 3 where they meet one of
the machines.

Lee

Re: strptime and mktime()?

2008-10-14 Thread Philip Guenther

I wrote:
 strptime() doesn't have enough information to set the tm_isdst member.
  Indeed, if you set it yourself before calling strptime(), it'll leave
 it unaltered.

To correct myself: the above is not strictly portable, as strptime()
is allowed to change any and all members of struct tm.  You should set
the tm_isdst member to the desired value after calling strptime().


Philip Guenther

Re: Help to test important azalia(4) diffs

2008-10-14 Thread Rafal Brodewicz

On Mon, Oct 13, 2008 at 09:18:58PM +0300, Alexey Suslikov wrote:
 Hello [EMAIL PROTECTED]
 
 We have two important diffs to azalia(4) audio driver.
 
 1. http://marc.info/?l=openbsd-techm=122365193510743w=2
 2. http://marc.info/?l=openbsd-techm=122381492825141w=2
 
 If you just have no regressions and no noticeable changes, it
 is also important to report.

No noticable changes here.

BEFORE PATCHES

OpenBSD 4.4-current (GENERIC.MP) #38: Tue Oct 14 19:48:49 CEST 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1051734016 (1003MB)
avail mem = 1020895232 (973MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf2a9f (25 entries)
bios0: vendor Hewlett-Packard version 68DDU Ver. F.13 date 08/18/2008
bios0: Hewlett-Packard HP Compaq 6510b (GB866EA#AKD)
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SLIC HPET APIC MCFG TCPA SSDT SSDT SSDT SSDT SSDT SSDT
acpi0: wakeup devices C0B0(S5) C108(S3) C10F(S3) C110(S3) C111(S3) C119(S3) 
C11A(S3) C11B(S3) C131(S5) C2A1(S5) C132(S0) C137(S0) C134(S5) C2A2(S5) C23D(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz, 1795.81 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu0: 2MB 64b/line 8-way L2 cache
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz, 1795.50 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu1: 2MB 64b/line 8-way L2 cache
ioapic0 at mainbus0 apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 1
acpiprt0 at acpi0: bus 2 (C0B0)
acpiprt1 at acpi0: bus 8 (C11D)
acpiprt2 at acpi0: bus 16 (C131)
acpiprt3 at acpi0: bus 24 (C132)
acpiprt4 at acpi0: bus 40 (C134)
acpiprt5 at acpi0: bus 0 (C003)
acpiec0 at acpi0
acpicpu0 at acpi0
acpicpu1 at acpi0
acpitz0 at acpi0: critical temperature 105 degC
acpitz1 at acpi0: critical temperature 108 degC
acpitz2 at acpi0: critical temperature 110 degC
acpitz3 at acpi0: critical temperature 256 degC
acpitz4 at acpi0: critical temperature 108 degC
acpibat0 at acpi0: C23B model Primary serial 43469 2007/04/27 type LIon oem 
Hewlett-Packard
acpibat1 at acpi0: C23A not present
acpiac0 at acpi0: AC unit offline
acpibtn0 at acpi0: C2BF
acpibtn1 at acpi0: C153
acpivideo at acpi0 not configured
cpu0: unknown Enhanced SpeedStep CPU, msr 0x0617092506000925
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1800 MHz (1292 mV): speeds: 1800, 1200 MHz
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 Intel GM965 Host rev 0x0c
vga1 at pci0 dev 2 function 0 Intel GM965 Video rev 0x0c
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
agp0 at vga1: aperture at 0xd000, size 0x1000
Intel GM965 Video rev 0x0c at pci0 dev 2 function 1 not configured
uhci0 at pci0 dev 26 function 0 Intel 82801H USB rev 0x03: apic 1 int 16 (irq 
10)
uhci1 at pci0 dev 26 function 1 Intel 82801H USB rev 0x03: apic 1 int 17 (irq 
10)
ehci0 at pci0 dev 26 function 7 Intel 82801H USB rev 0x03: apic 1 int 18 (irq 
11)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 Intel 82801H HD Audio rev 0x03: apic 1 int 
16 (irq 10)
azalia0: codec[s]: Analog Devices/0x1981, ATT/Lucent/0x1040, using Analog 
Devices/0x1981
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 Intel 82801H PCIE rev 0x03
pci1 at ppb0 bus 8
ppb1 at pci0 dev 28 function 1 Intel 82801H PCIE rev 0x03: apic 1 int 17 (irq 
10)
pci2 at ppb1 bus 16
wpi0 at pci2 dev 0 function 0 Intel PRO/Wireless 3945ABG rev 0x02: apic 1 int 
17 (irq 10), MoW2, address 00:1b:77:16:56:9a
ppb2 at pci0 dev 28 function 2 Intel 82801H PCIE rev 0x03: apic 1 int 18 (irq 
11)
pci3 at ppb2 bus 24
bge0 at pci3 dev 0 function 0 Broadcom BCM5787M rev 0x02, BCM5754/5787 A2 
(0xb002): apic 1 int 18 (irq 11), address 00:17:a4:e8:2a:06
brgphy0 at bge0 phy 1: BCM5787 10/100/1000baseT PHY, rev. 0
ppb3 at pci0 dev 28 function 4 Intel 82801H PCIE rev 0x03: apic 1 int 16 (irq 
10)
pci4 at ppb3 bus 40
uhci2 at pci0 dev 29 function 0 Intel 82801H USB rev 0x03: apic 1 int 20 (irq 
10)
uhci3 at pci0 dev 29 function 1 Intel 82801H USB rev 0x03: apic 1 int 21 (irq 
10)
uhci4 at pci0 dev 29 function 2 Intel 82801H USB rev 0x03: apic 1 int 18 (irq 
11)
ehci1 at pci0 dev 29 function 7 Intel 82801H USB rev 0x03: apic 1 int 20 (irq 
10)
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb4 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xf3
pci5 at

Re: 4.4 arriving in the U.S.

2008-10-14 Thread Daniel A. Ramaley

On Tuesday October 14 2008 12:19, you wrote:
Today's mail delivered the 4.4 CDs near Boston, Mass.

Also to Des Moines, Iowa.

Many thanks to the developers,

Agreed. Thank you developers!



Dan RamaleyDial Center 118, Drake University
Network Programmer/Analyst 2407 Carpenter Ave
+1 515 271-4540Des Moines IA 50311 USA

Re: route-to doesnot work for me - what am i doing wrong

2008-10-14 Thread Stuart Henderson

 If you don't use quick option on rules, then it will be last matching rule  
 applied, but if you you use quick option, the first matching rule will be  
 applied, the rest will be ignored. So, if you use quick option the filter  
 order would be;

picking just the in...on $int_if rules in order;

 pass in quick on $int_if from any to $int_if keep state
 pass in quick on $int_if route-to ( $ext_if2 $ext_ifgw ) from hifxchn2 to 
 any keep state
 pass in quick on $int_if from $int_if:network to any keep state

so this is not a problem.


 pass in quick on $int_if route-to ( $ext_if2 $ext_ifgw ) from
 hifxchn2 to any keep state

 to route requests from hosts in hifxchn2 through the rl2 internet
 connection but it does not seem to work.

you should route the packets in the outgoing direction.

Re: 4.4 arriving in the U.S.

2008-10-14 Thread Daniel Anderson

Arrived northwest of Seattle, WA.

Thanks!

--
On Tuesday 14 October 2008 10:19:46 am Dave Anderson wrote:
 Today's mail delivered the 4.4 CDs near Boston, Mass.

 Many thanks to the developers,

   Dave

Re: Doubled binary in /bin in snapshot?

2008-10-14 Thread Almir Karic

On Tue, Oct 14, 2008 at 03:22:32PM +0200, Tomas Bodzar wrote:
 Hi all,

 have you same problem ? Look at $ls -lF /bin
 There is a [* and test* ,both binaries do the same and cmp(1) says,that  
 they are same.

 Am I missing something or it's bug?

you are missing the lesson in history in unix shell scripting :-)

they are not doubled, they are hard links:

$ ls -i /bin/{test,[}   
25985 /bin/[ 25985 /bin/test

Re: 4.4 arriving in the U.S.

2008-10-14 Thread Todd Alan Smith

Received mine today as well! I'm in Madison, WI.
Awesome artwork and stickers! Puffy rules!

Re: BSD Port from OpenJDK

2008-10-14 Thread Jason Garrett

On Tue, Oct 14, 2008 at 10:13 AM, new_guy [EMAIL PROTECTED] wrote:
 Ben Adams-3 wrote:

 Just wondering if this will effect OpenBSD with java:
 Per the interim governance guidelines for Projects [1] I'm pleased
 to announce the creation of the BSD Port Project


 Java is nasty. There... I said it and it is true. The goopy OOP of Java will
 tarnish anything it touches. Personally, I hope Java (in all of its virtual
 glory) never makes it into OpenBSD at all. Real men will cry man tears when
 OpenBSD ships with Java.

Amen!

Re: BSD Port from OpenJDK

2008-10-14 Thread Mike Shaw

C'mon now.  It's not that bad.
How else are you going to employ 120 developers and project managers to
build a shopping cart app?  And buying 40 multi-core 8 gig app servers every
now and then really helps those struggling hardware makers.
In short, Java helps the economy.  Since all things not helping the economy
are now evil...you don't want OpenBSD to be evil do you?

Ok...woefully off topic.  Back under my rock.

-Mike

On Tue, Oct 14, 2008 at 10:13 AM, new_guy [EMAIL PROTECTED] wrote:

 Ben Adams-3 wrote:
 
  Just wondering if this will effect OpenBSD with java:
  Per the interim governance guidelines for Projects [1] I'm pleased
  to announce the creation of the BSD Port Project
 

 Java is nasty. There... I said it and it is true. The goopy OOP of Java
 will
 tarnish anything it touches. Personally, I hope Java (in all of its virtual
 glory) never makes it into OpenBSD at all. Real men will cry man tears when
 OpenBSD ships with Java.

 --
 View this message in context:
 http://www.nabble.com/BSD-Port-from-OpenJDK-tp19884864p19975609.html
 Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: strptime and mktime()?

2008-10-14 Thread Mark B.

On Tue, Oct 14, 2008 at 1:31 PM, Philip Guenther [EMAIL PROTECTED] wrote:
 On Tue, Oct 14, 2008 at 10:04 AM, Mark B. [EMAIL PROTECTED] wrote:
 ...
 My best guess is that mktime() expects tm_isdst but strptime() doesn't
 load it.  But I don't know how to work around this.

 strptime() doesn't have enough information to set the tm_isdst member.


If it had a format specifier for timezone, then I guess it could
figure it out.  But I don't see that format specifier in the
strptime() manual.


 Sounds like you're expecting the behavior of tm_isdst  0, so set it
 to negative one before calling mktime.


Yes, that works just fine.  I'll send my thanks to [EMAIL PROTECTED]  :)

m

Re: strptime and mktime()?

2008-10-14 Thread Philip Guenther

On Tue, Oct 14, 2008 at 11:19 AM, Mark B. [EMAIL PROTECTED] wrote:
 On Tue, Oct 14, 2008 at 1:31 PM, Philip Guenther [EMAIL PROTECTED] wrote:
...
 strptime() doesn't have enough information to set the tm_isdst member.

 If it had a format specifier for timezone, then I guess it could
 figure it out.  But I don't see that format specifier in the
 strptime() manual.

Right.  That's probably because struct tm doesn't represent a
time+offset, or even a location-independent time, but rather just a
broken down time.  The meaning of a given struct tm value depends on
the timezone you apply to it, which is why we have both localtime()
and gmtime(), so create tm values that presume different timezone
values.

When dealing with this in the past (for parsing Date: header fields
from email message, etc), I've generally parsed everything except the
zone to get a struct tm, use timegm() to convert that to a UTC value,
then corrected the returned time_t manually based on the zone
information that was present to get the time_t for the absolute time
represented.


If only the new date-time library proposals that have been talked
about on comp.std.c for *years* would ever achieve consensus...


Philip Guenther

Re: route-to doesnot work for me - what am i doing wrong

2008-10-14 Thread Charlie Clark


Hi Siju,

isn't this:

pass in quick on $int_if route-to ( $ext_if2 $ext_ifgw ) from
hifxchn2 to any keep state


meant to be like this:

pass in quick on $int_if route-to { ( $ext_if2 $ext_ifgw ) } from
hifxchn2 to any keep state



Regards,

Charlie

Siju George wrote:

Hi,

I have firewall

sk0 - LAN Interface
rl1 - Primary internet connection
rl2 - secondary Internet connection

I have a line in pf.conf


to route requests from hosts in hifxchn2 through the rl2 internet
connection but it does not seem to work.

the full pf.conf is below

===
##NETWORK INTERFACES
#
int_if=sk0#HiFX LAN Interface - Connected to Main
Swithches - using 172.16.0.0/12 Range.
ext_if=rl1#Dataone Connection - rl2 interface
Connected to the Dataone Router.
ext_if2=rl2
ext_ifgw=122.166.40.1
proxy=122.166.40.36


#Private IP Address Range Specified by RFC 1918.
#
priv_nets={ 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }


#Computers in HiFX LAN that are permitted to bypass squid to make HTTP
and HTTPS connections directly to the Internet
#
table bypass-squid-users persist file /etc/pf-tables/bypass-squid-users

#Websites to which bypassing SQUID is allowed.
#
table bypass-squid-sites persist file /etc/pf-tables/bypass-squid-sites
table lanspl persist file /etc/pf-tables/lanspl
table adm persist file /etc/pf-tables/adms
table vtcservers persist file /etc/pf-tables/vtcservers
table bannedIPs persist file /etc/pf-tables/bannedIPs
table authpf_users persist
table hifxchn2 persist file /etc/pf-tables/hifxchn2

#Traffic Normalization - Required for pppoe connection.
#
scrub on $ext_if all no-df random-id fragment reassemble

###Network Address Translation and Port Redirection
###The First Matching rule wins here for any packet and no further
nat or rdr rules are checked.
nat-anchor authpf/*
rdr-anchor authpf/*
binat-anchor authpf/*

nat pass on $ext_if from adm to any - ($ext_if)
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr pass on $int_if proto tcp from $int_if:network to any port 21 -
127.0.0.1 port 8021

# redirect to beergas website
rdr pass on $ext_if inet proto tcp from any to any port 80 -
172.16.4.12 port 80
rdr pass on $ext_if inet proto tcp from any to any port 443 -
172.16.4.12 port 443

###
#
nat on $ext_if from bypass-squid-users to any - ($ext_if)

#NAT connections to specified websites.
nat on $ext_if from any to bypass-squid-sites port { 80, 443 } - ($ext_if)
nat on $ext_if from any to bypass-squid-sites port { 80, 443 } - ($ext_if2)

#Block NAT for other hosts to port 80 and 443 on the Internet.
#They should all go via SQUID CACHE PROXY
#
no nat on $ext_if from any to any port { 80, 443 }
no nat on $ext_if2 from any to any port { 80, 443 }

#Allow NAT for rest of the Computers to Internet - port 80 and 443 is
already blocked for these hosts by the rule above.
#
nat on $ext_if from $int_if:network to any - ($ext_if)
nat on $ext_if2 from $int_if:network to any - ($ext_if2)

#The SQUID CACHE PROXY Listens on localhost interface port 8080 for
security reasons.
#PROXY configuration for computers in the HIFX LAN Machine in the IP
Address of $int_if and port 8080
#Hence all Traffic comming to $int_if port 8080 should be redirected
to SQUID running on localhost:8080
#

no rdr on $int_if from any to 70.86.222.30
rdr on $int_if proto tcp from any to any port 8080 - 127.0.0.1 port 8080

###Filter Rules.
###The last matching rule wins here for packets except when the quick
word is used in which case Further rules are not processed.
#Starting with a Deny all Traffic Policy. Later rules open up the
firewall for required traffic.

block all
pass in quick on $ext_if inet proto tcp from any to any port ssh keep state

#Blocking RFC1918 Traffic.
block in log quick on $ext_if from $priv_nets to any
block out log quick on $ext_if from any to $priv_nets
block out log quick on $ext_if from any to bannedIPs

#Allow all traffic on the localhost interface.

pass quick on lo0 all

#Allow Traffic from HIFX LAN to pass through the firewall  also allow
traffic from firewall to enter the LAN.

pass in quick on $int_if from any to $int_if keep state
pass out quick on $int_if from $int_if to any keep state


pass in quick on $int_if route-to ( $ext_if2 $ext_ifgw ) from
hifxchn2 to any keep state

pass in quick on $int_if from $int_if:network to any keep state
pass out quick on $int_if from any to $int_if:network keep state



#Allow Trafficfrom Firewall to pass out to the Internet.
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if2 proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
pass out on $ext_if2 proto { udp, icmp } all keep state


#ftp-proxy
anchor ftp-proxy/*
pass out proto tcp from $proxy to any port 21 keep state

#authpf
anchor authpf/*

Votre stand parapluie au meilleur rapport qualité-prix

2008-10-14 Thread 2M Expo

Bonjour, 

Notre entreprise est spicialisie dans la conception et la mise en place
de stands parapluie et de stands modulables, en tant que distributeur
Nomadic Display.

Dans le cadre de leur participation ` des salons en tant qu'exposants, de
nombreuses entreprises de tous secteurs d'activiti nous accordent ainsi
leur confiance, pour amiliorer et perenniser leur image, avec des
solutions totalement personnalisies, qui leur permettent en mjme temps de
diviser leur budget par deux.

Nous avons ainsi mis en place une nouvelle offre : le stand Parapluie
PACK VOYAGEUR, comprenant pour un montant total de 1 950 â¬ HT : le
stand parapluie 3 lhs et 2 retours, le visuel en impression numirique,
l'encapsulation deep, la valise cylindrique de transport (frais de
transport en sus).

Pour binificier de cette offre spiciale, valable pendant 30 jours,
n'hisitez pas ` nous contacter. Notre iquipe criative saura concevoir le
projet adapti ` votre image et votre budget. Pour recevoir une
information complimentaire et jtre recontacti, je vous remercie de
cliquer sur ce lien.

Cordialement,

Eric Martin
2M Expo - Trappes



Conformiment ` l'article 34 de la loi n078-17 du 6 janvier 1978 relative
` l'informatique, aux fichiers et aux libertis, vous disposez d'un droit
d'acchs et de modification aux informations vous concernant. E-mail
envoyi par Emails For You - Si vous ne souhaitez plus recevoir de
messages : cliquez sur ce lien

Re: BSD Port from OpenJDK

2008-10-14 Thread new_guy

Ben Adams-3 wrote:
 
 Just wondering if this will effect OpenBSD with java:
 Per the interim governance guidelines for Projects [1] I'm pleased
 to announce the creation of the BSD Port Project
 

Java is nasty. There... I said it and it is true. The goopy OOP of Java will
tarnish anything it touches. Personally, I hope Java (in all of its virtual
glory) never makes it into OpenBSD at all. Real men will cry man tears when
OpenBSD ships with Java. 

-- 
View this message in context: 
http://www.nabble.com/BSD-Port-from-OpenJDK-tp19884864p19975609.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: route-to doesnot work for me - what am i doing wrong

2008-10-14 Thread Siju George

Thanks I figured it out.
I missed the nat rule for $ext_if2

--Siju

On Tue, Oct 14, 2008 at 1:03 PM, Siju George [EMAIL PROTECTED] wrote:
 Hi,

 I have firewall

 sk0 - LAN Interface
 rl1 - Primary internet connection
 rl2 - secondary Internet connection

 I have a line in pf.conf

 pass in quick on $int_if route-to ( $ext_if2 $ext_ifgw ) from
 hifxchn2 to any keep state

 to route requests from hosts in hifxchn2 through the rl2 internet
 connection but it does not seem to work.

 the full pf.conf is below

 ===
 ##NETWORK INTERFACES
 #
 int_if=sk0#HiFX LAN Interface - Connected to Main
 Swithches - using 172.16.0.0/12 Range.
 ext_if=rl1#Dataone Connection - rl2 interface
 Connected to the Dataone Router.
 ext_if2=rl2
 ext_ifgw=122.166.40.1
 proxy=122.166.40.36


 #Private IP Address Range Specified by RFC 1918.
 #
 priv_nets={ 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }


 #Computers in HiFX LAN that are permitted to bypass squid to make HTTP
 and HTTPS connections directly to the Internet
 #
 table bypass-squid-users persist file /etc/pf-tables/bypass-squid-users

 #Websites to which bypassing SQUID is allowed.
 #
 table bypass-squid-sites persist file /etc/pf-tables/bypass-squid-sites
 table lanspl persist file /etc/pf-tables/lanspl
 table adm persist file /etc/pf-tables/adms
 table vtcservers persist file /etc/pf-tables/vtcservers
 table bannedIPs persist file /etc/pf-tables/bannedIPs
 table authpf_users persist
 table hifxchn2 persist file /etc/pf-tables/hifxchn2

 #Traffic Normalization - Required for pppoe connection.
 #
 scrub on $ext_if all no-df random-id fragment reassemble

 ###Network Address Translation and Port Redirection
 ###The First Matching rule wins here for any packet and no further
 nat or rdr rules are checked.
 nat-anchor authpf/*
 rdr-anchor authpf/*
 binat-anchor authpf/*

 nat pass on $ext_if from adm to any - ($ext_if)
 nat-anchor ftp-proxy/*
 rdr-anchor ftp-proxy/*
 rdr pass on $int_if proto tcp from $int_if:network to any port 21 -
 127.0.0.1 port 8021

 # redirect to beergas website
 rdr pass on $ext_if inet proto tcp from any to any port 80 -
 172.16.4.12 port 80
 rdr pass on $ext_if inet proto tcp from any to any port 443 -
 172.16.4.12 port 443

 ###
 #
 nat on $ext_if from bypass-squid-users to any - ($ext_if)

 #NAT connections to specified websites.
 nat on $ext_if from any to bypass-squid-sites port { 80, 443 } - ($ext_if)
 nat on $ext_if from any to bypass-squid-sites port { 80, 443 } - ($ext_if2)

 #Block NAT for other hosts to port 80 and 443 on the Internet.
 #They should all go via SQUID CACHE PROXY
 #
 no nat on $ext_if from any to any port { 80, 443 }
 no nat on $ext_if2 from any to any port { 80, 443 }

 #Allow NAT for rest of the Computers to Internet - port 80 and 443 is
 already blocked for these hosts by the rule above.
 #
 nat on $ext_if from $int_if:network to any - ($ext_if)
 nat on $ext_if2 from $int_if:network to any - ($ext_if2)

 #The SQUID CACHE PROXY Listens on localhost interface port 8080 for
 security reasons.
 #PROXY configuration for computers in the HIFX LAN Machine in the IP
 Address of $int_if and port 8080
 #Hence all Traffic comming to $int_if port 8080 should be redirected
 to SQUID running on localhost:8080
 #

 no rdr on $int_if from any to 70.86.222.30
 rdr on $int_if proto tcp from any to any port 8080 - 127.0.0.1 port 8080

 ###Filter Rules.
 ###The last matching rule wins here for packets except when the quick
 word is used in which case Further rules are not processed.
 #Starting with a Deny all Traffic Policy. Later rules open up the
 firewall for required traffic.

 block all
 pass in quick on $ext_if inet proto tcp from any to any port ssh keep state

 #Blocking RFC1918 Traffic.
 block in log quick on $ext_if from $priv_nets to any
 block out log quick on $ext_if from any to $priv_nets
 block out log quick on $ext_if from any to bannedIPs

 #Allow all traffic on the localhost interface.

 pass quick on lo0 all

 #Allow Traffic from HIFX LAN to pass through the firewall  also allow
 traffic from firewall to enter the LAN.

 pass in quick on $int_if from any to $int_if keep state
 pass out quick on $int_if from $int_if to any keep state


 pass in quick on $int_if route-to ( $ext_if2 $ext_ifgw ) from
 hifxchn2 to any keep state

 pass in quick on $int_if from $int_if:network to any keep state
 pass out quick on $int_if from any to $int_if:network keep state



 #Allow Trafficfrom Firewall to pass out to the Internet.
 pass out on $ext_if proto tcp all modulate state flags S/SA
 pass out on $ext_if2 proto tcp all modulate state flags S/SA
 pass out on $ext_if proto { udp, icmp } all keep state
 pass out on $ext_if2 proto { udp, icmp } all keep state


 #ftp-proxy
 anchor ftp-proxy/*
 pass out proto tcp from $proxy to any port 21 keep state

 #authpf
 anchor authpf/*

Re: BSD Port from OpenJDK

2008-10-14 Thread Kurt Miller

On Tuesday 14 October 2008 11:13:41 am new_guy wrote:
 Ben Adams-3 wrote:
  
  Just wondering if this will effect OpenBSD with java:
  Per the interim governance guidelines for Projects [1] I'm pleased
  to announce the creation of the BSD Port Project
  
 
 Java is nasty. There... I said it and it is true. The goopy OOP of Java will
 tarnish anything it touches. Personally, I hope Java (in all of its virtual
 glory) never makes it into OpenBSD at all. Real men will cry man tears when
 OpenBSD ships with Java. 
 

Uninformed. We've had Java for years and now we have packages:

ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/i386/jdk-1.7.0.00b24p2.tgz

4.4 will have packages also.

Your negativity sucks. Porting Java to OpenBSD was and is not
a trivial effort. It also serves as an excellent test bed for
threads, the runtime linker and large memory applications.

Porting Java to OpenBSD enabled the LOCKSS project to use it
for its noble goals. It uncovered deadlocks in our pthread
lib that resulted in large improvements to libpthread. Its use
of dlopen() and friends resulted in significant improvements
in our runtime linker. Oh and who made those improvements???
The same person who took the time to port Java to OpenBSD!! Me
and other OpenBSD developers who saw the need to improve things.

BTW, all those system level improvements have made significant
stability gains for applications like firefox, KDE, OpenOffice,
Asterisk, etc, etc which all use threads and dlopen() alot.

Quite frankly I'm pretty upset at all the 'Java sucks' banter on
misc. If you and the other naysayers don't realize that porting
Java to OpenBSD was a 'Good-Thing' then you are just UNINFORMED!

-Kurt

Re: PPPoE(4) Two ADSL modems (identical LCP session issue)

2008-10-14 Thread Can Erkin Acar

I have previously used two PPPoE links succesfully. The 
sys/net/if_pppoe.c:pppoe_find_softc_by_session() is correct as long as 
the devices are attached to different ethernet devices.


Since you have not provided any information about your configuration, I 
can only make a guess.  I would say that you are using the same ISP and 
credentials (username/password) for both pppoe interfaces. If this is 
the case, most probably your ISP prevents more than one connection from 
a given account. If this is not the case, please provide more 
information about your setup.


Thanks,

Can

PS: I (and a lot of other developers) do not follow misc@ and it is hard 
to reply to mails that one did not receive.  Please try to submit a 
proper bug report next time.

Amazon Success

2008-10-14 Thread Amazon Opportunity

Amazing webstores .com

You are just one click away from having access to everything you need to create 
and manage a successful business on the internet!

http://ogremedia.com/fssjNWvtaqvvxjNiNvNvWjsifaxqtN/

Get your own branded web site powered by Amazon

Amazon#039;s trusted payments system, no merchant account needed.

Trial membership at no cost.


Click to start your FREE trial
http://ogremedia.com/fssjNWvtaqvvxjNiNvNvWjsifaxqtN/

unsubscribe http://ogremedia.com/fssjNWvtaqvvxjNiNjNvWjsifaxqtN/
230 West 400 South First Floor. Salt Lake City, UT 84101

This email is a commercial advertisement sent in compliance with the CanSpam 
Act of 2003. 
if you wish to be excluded from all mailings, please use the link at the bottom 
of the page.
Brought to you By:
PMC Marketing 68995c8 ,  1440 Coral Ridge Dr. #422 , Coral Springs , Florida 
33071
31686890
Unsubscribe misc@openbsd.org 
http://ogremedia.com/fssjNWvtaqvvxjNiNsNvWjsifaxqtN/

Re: VESA 1280x800

2008-10-14 Thread Jairo Souto


Would you, please, tell me how to add the card PCI id in the nv driver?

--
Jairo Souto (38)8814-4787

Matthieu Herrb wrote:
 On Sun, Oct 12, 2008 at 3:42 PM, Jonathan Schleifer
 [EMAIL PROTECTED] wrote:
 Am 12.10.2008 um 15:30 schrieb Jairo Souto:

 It's possible for Xorg to run on VESA mode 1280x800?
 As this is not a VESA resolution: No.


 That's true.

 You could try to add the PCI id of this card to the list of G80 cards
 in the nv driver and see if it runs on it, but I'm not sure if the
 GeForce 7000M is using a G80 chipset or something newer not yet
 supported by the nv driver.

 --
 Jonathan

 [demime 1.01d removed an attachment of type 
application/pgp-signature which had a name of PGP.sig]

Re: 4.4 arriving in the U.S.

2008-10-14 Thread Bryan

On Tue, Oct 14, 2008 at 9:08 PM, Todd Alan Smith
[EMAIL PROTECTED] wrote:
 Received mine today as well! I'm in Madison, WI.
 Awesome artwork and stickers! Puffy rules!



San Diego, CA here... was delayed a day due to Columbus Day.   Even
the wife chuckled at the theme...

Re: BSD Port from OpenJDK

2008-10-14 Thread new_guy

Kurt Miller-3 wrote:
 
 Your negativity sucks. Porting Java to OpenBSD was and is not
 a trivial effort. It also serves as an excellent test bed for
 threads, the runtime linker and large memory applications.
 
 That was meant as a joke. I got 4.4 today and it had a sticker poking fun
 at Java. (Java wants you to sell out Solo! NDA, etc.) My comment was meant
 in the same spirit. But really... for some folks... Java just sucks, but
 at the same time, I appreciate folks (like you) who make it suck less.
 Nothing personal, OK?
 

-- 
View this message in context: 
http://www.nabble.com/BSD-Port-from-OpenJDK-tp19884864p19984974.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: Best Way to get OpenBSD installed on Sun Blade 1000/2000

2008-10-14 Thread Vivek Ayer

Alright guysthe serial cable was indeed bad. I finally got the ok prompt.

Only one problem. I can't type anything at the ok prompt. I can
terminate cu and get back in, but when I'm in, I can't type anything.
If I let it come up to a SunOS login, I can type stuff. This is really
weird. I used terminal type vt100 or sun on the computer accessing the
Sun.

Help appreciated

Vivek

On Tue, Oct 14, 2008 at 7:39 AM, L. V. Lammert [EMAIL PROTECTED] wrote:
 On Mon, 13 Oct 2008, Vivek Ayer wrote:

 I'm getting zilch. I'm starting to suspect that I got ripped off on
 this cable. I could be just as wrong. I just need to test this cable
 with a windows machine via hyperterminal to absolutely make sure it's
 not working.

 Serial cables can be a PAIN - there's no way to verify the connections
 without a breakout box that shows the signals. If you don't have one,
 google the pinouts and check for -V on pins 2 and 3 where they meet one of
 the machines.

Lee

Re: BSD Port from OpenJDK

2008-10-14 Thread Ted Unangst

On Tue, Oct 14, 2008 at 9:03 PM, new_guy [EMAIL PROTECTED] wrote:
 Kurt Miller-3 wrote:

 Your negativity sucks. Porting Java to OpenBSD was and is not
 a trivial effort. It also serves as an excellent test bed for
 threads, the runtime linker and large memory applications.

 That was meant as a joke. I got 4.4 today and it had a sticker poking fun

It came across as distinctly unfunny.  Kurt has done a lot of great work.

There are always technologies that some people like and some don't.
If you are not forced to use a technology you don't like, don't
belittle the people who make it happen for the rest of us.  And if you
are forced, blame somebody else. :)

Re: 4.4 arriving in the U.S.

2008-10-14 Thread Jonathan Thornburg

4.4 arrived here today (Tue 14.Oct) in Bloomington, Indiana.

Re: BSD Port from OpenJDK

2008-10-14 Thread Jason Beaudoin

 Your negativity sucks. Porting Java to OpenBSD was and is not
 a trivial effort. It also serves as an excellent test bed for
 threads, the runtime linker and large memory applications.

 Porting Java to OpenBSD enabled the LOCKSS project to use it
 for its noble goals. It uncovered deadlocks in our pthread
 lib that resulted in large improvements to libpthread. Its use
 of dlopen() and friends resulted in significant improvements
 in our runtime linker. Oh and who made those improvements???
 The same person who took the time to port Java to OpenBSD!! Me
 and other OpenBSD developers who saw the need to improve things.

 BTW, all those system level improvements have made significant
 stability gains for applications like firefox, KDE, OpenOffice,
 Asterisk, etc, etc which all use threads and dlopen() alot.

 Quite frankly I'm pretty upset at all the 'Java sucks' banter on
 misc. If you and the other naysayers don't realize that porting
 Java to OpenBSD was a 'Good-Thing' then you are just UNINFORMED!

 -Kurt



Any negativity shed on misc@ or elsewhere shall never be enough to
overcome how much you folks rock, and how much appreciation had for
the work we all invest in progressing this system we love so much!

So thank you, to all, saying it is never enough, let's hack :)


Cheers,
~Jason

Re: 4.4 arriving in the U.S.

2008-10-14 Thread new_guy

4.4 CDs arrived in Virginia (east coast USA). Thanks... the T-Shirt is cool
too.




-- 
View this message in context: 
http://www.nabble.com/4.4-arriving-in-the-U.S.-tp19978347p19985423.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: 4.4 arriving in the U.S.

2008-10-14 Thread Bren Smith

Woot! Arrived in Grass Valley, California this afternoon!

Re: 4.4 arriving in the U.S.

2008-10-14 Thread J.C. Roberts

On Tuesday 14 October 2008, Dave Anderson wrote:
 Today's mail delivered the 4.4 CDs near Boston, Mass.

 Many thanks to the developers,

   Dave

Silicon Valley!

Thanks to Austin and Computer Shop Calgary for the fast shipment!

And big thanks to all of the OpenBSD developers!

--
JCR

4.4 arrived in New Zealand

2008-10-14 Thread Richard Toohey

Thanks to all the developers and everyone else who helped get 4.4 to  
my doorstep.


Your work is much appreciated.

49 matches

Mail list logo