pf outbound nat load balancing issue
Hi all, I have a very basic pf NAT setup for testing on my new firewall. The firewall has two PPPoE connections which are using multipath default routes to load balance. Load balancing works for non-NAT traffic, but NAT traffic is only going out via one link, not both. I am wondering what the behaviour is of interface groups? How are they load-balanaced/selected? I have looked into outgoing load-balancing in the pf faq, but i'm not sure this applies when you're using multipath default routes? I have configured both PPPoE interfaces as a group called 'wan'. My NAT rule is on this interface group name :- -bash-3.2# cat /etc/pf.conf scrub out on wan max-mss 1440 nat-anchor ftp-proxy/* rdr-anchor ftp-proxy/* nat on wan from vlan1010:network to any - $some_external_nat_ip rdr pass on vlan1010 proto tcp from any to any port ftp - 127.0.0.1 port 8021 anchor ftp-proxy/* -bash-3.2# ifconfig wan pppoe1: flags=8851UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST mtu 1492 dev: fxp1 state: session sid: 0x6 PADI retries: 0 PADR retries: 0 time: 12:49:11 sppp: phase network authproto chap authname xxx.1 groups: pppoe wan egress inet6 fe80::2e0:18ff:feca:bf15%pppoe1 - prefixlen 64 scopeid 0x15 inet 217.169.2.61 -- 81.187.81.72 netmask 0x pppoe2: flags=8851UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST mtu 1492 dev: fxp2 state: session sid: 0x6 PADI retries: 0 PADR retries: 0 time: 12:49:11 sppp: phase network authproto chap authname xxx.2 groups: pppoe wan egress inet6 fe80::2e0:18ff:feca:bf15%pppoe2 - prefixlen 64 scopeid 0x16 inet 90.155.88.39 -- 81.187.81.72 netmask 0x (both links are with the same ISP, with same endpoint IP) -bash-3.2# route show -inet Routing tables Internet: DestinationGatewayFlagsRefs UseMtu Interface default0.0.0.1UGS 1 786060 - pppoe1 default0.0.0.3UGS 0 190688 - pppoe2 -bash-3.2# cat /etc/hostname.pppoe1 inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev fxp1 authproto chap authname 'xxx.1' authkey 'xxx' group wan up !route add default -mpath -ifp pppoe1 0.0.0.1 -bash-3.2# cat /etc/hostname.pppoe2 inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev fxp2 authproto chap authname 'xxx.2' authkey 'xxx' group wan up !route add default -mpath -ifp pppoe2 0.0.0.3 (second is 0.0.0.3 because endpoint IP is the same for both links, this caused a problem when using 0.0.0.1 for both {eg, both routes werent added} - working fine for non-nat traffic) Thanks!
2 questions regarding carp and dhcp
Hello everybody, two questions regarding carp and dhcp, one running the firewall as a dhcp client, and one running as server. I want to provide dhcp from the firewall. Therefore I did setup the dhcp server on both hosts of the cluster. The firewall is configured as master/backup mode. The backup host has a advskew of 20 configured, and on both hosts, net.inet.carp.preempt=1. Both hosts run a snapshot version, from about the time, when OpenBSD 4.4 was branched. The carp interface sits on top of a vlan interface. When I start the dhcpd listening on the vlan interface, then the carp interface on top goes into Master mode, the others stay in backup mode. First, I wonder, whether it is right that the carp on top of a, I guess because of using the bpf on the vlan interface below, goes to master state when the dhcpd starts listening on it. Second, I wonder, why due to net.inet.carp.preempt=1 one interface can be in BACKUP state, and the rest in MASTER state. My second question, is retrieving the IP address of a carp interface via DHCP. right now I've multiple static aliases defined on the external carp interface of my firewall. My ISP wants to switch to DHCP with indefinite lease time. As far as I know, carp and dhcp do not work together? Second, I've no idea, how these guys want to assign multiple IP addresses to the same MAC address via DHCP? Don't know whether there are some DHCP options to hand out multiple addresses to a DHCP request on the server side, but would the client be able to handle that? I think I could setup ifstated, and when the carp interfaces on one box become master, I start the dhcpd on the one vlan interface, and maybe the dhclient on the external interface. Any idea whether that would work? any suggestions appreciated cheers Sebastian
Re: reliable, dd over simple ip network
On 21:28:56 Oct 15, Neko wrote: Good day to all of you, i have found a really dirty way of going around this, so im fishing for advices on finding a reliable way to dd over simple ip network with the generic bsd. could this be done in a straight pipe ? i have an ftp on the generic bsd, containing data, this bsd system is on a multiple os drive. i have no choice to dd, since multiple partition got updated out of hand, no way to single track specific updated folders. *well actually yes, its the dirty way stipulated above* since my partitions have 16% free on all systems, i cant tarball the drive sent it to target machine and uncompress, anyays, if you have suggestion on opensource pkgs, services i could open, or any bright idea i would like to hear them, dd(1) is not a good idea. If you want to back up across the n/w, then dump(8) with ssh(8) may be interesting. # dump af - | ssh ... will work out much faster and better than plain old dd(1). On the other side you have to run # input | restore xf - -Girish
Re: 4.4 arrived in New Zealand
Got mine today. Sydney Australia. Thanks to all the devs and supportive user community! Another brilliant set and release!
Re: RES: RES: Filtering outgoing connections in pf
But it can still be a router if it does not do natting, a router with only public IP's Cezary Morga wrote: Dnia Eroda, 15 paE:dziernika 2008, cgc napisaE: And any box that is doing packet filtering between 2 or more networks, eg. a private network and the internet, is a router as far as I am aware If it's natting or filtering packets it's a gateway. -- Cezary Morga If you live to be one hundred, you've got it made. Very few people die past that age. (George Burns) -- Charlie Clark Network Engineer Lemon Computing Ltd Unit 9 26-28 Priests Bridge London SW14 8TA UK Tel: +44 208 878 2138 Fax: +44 208 878 2163 Email: [EMAIL PROTECTED] Site: http://www.lemon-computing.com/ Lemon Computing is a limited company registered in England Wales under Company No. 03697052
Re: Funny linker error: relocation truncated to fit
Hello, On Wed, Oct 15, 2008 at 5:30 PM, Ted Unangst [EMAIL PROTECTED] wrote: On Wed, Oct 15, 2008 at 11:53 AM, Edd Barrett [EMAIL PROTECTED] wrote: Hi Guys, Does anyone know what this weird linker error means? xetexini.o(.text+0x4bc): In function `initialize': : relocation truncated to fit: R_SPARC_H44 zzzaa It causes my build to fail. You compiled with -fpic instead of -fPIC. Big libraries need the super pic to generate correct code. Thanks :) -- Best Regards Edd http://students.dec.bournemouth.ac.uk/ebarrett
Re: what exactly is enc0?
On Wednesday 15 October 2008, ropers wrote: I don't know if it is possible to use --surrounding physical space permitting-- 64bit cards in 32 bit slots (and have them run w/ reduced performance). IIRC, something like that used to be possible back when it came to the transition from 8bit ISA to 16bit ISA slots; back then, some 16bit ISA cards could be used in 8bit slots at reduced speeds. Whether something like that is possible now with 64bit PCI cards I don't know. Maybe someone else knows. Of course it depends on the design of the specific card, but yes, at least *some* 64-bit cards can be used in 32-bit slots. I've seen early 64-bit PCI SCSI controller cards that were built this way. -- JCR
RES: RES: RES: Filtering outgoing connections in pf
Hi, I wanna allow local users ( 10.10.0.0/24 ) to Access internet just using port 80, 25 110 and 53 udp. I wanna allow full access to 10.10.20.0/24 to the internet. I mean, no restriction. Easy like that. I used openBSD 3.8 in the past and I was able to filter packets in $ext_if from my local network ( 10.10.0.0/24 ). Tests: 1) Users_tcp_ports = { 25, 80, 110, 443 } Users_udp_ports = { 53, 123 } Normal_users = 10.10.0.0/24 Power_users = 10.10.20.0/24 nat on $ext_if from $normal_users to any port $users_tcp_ports - ($ext_if) tagged NORMAL_USERS_NAT nat on $ext_if from $power_users to any - ($ext_if) tagged POWER_USERS_NAT #outgoing Block out on $ext_if Pass out quick on $ext_if from ($ext_if) to any #filtering on $int_if Pass in quick on $int_if inet proto tcp from $normal_users to any port $users_tcp_ports Pass In quick on $int_if inet proto tcp from $power_users to any Should this solve my problem? I still have no test enviroment. I have around 300 users already going to the internet and to other WAN sites trhough this openBSD. Plz, post me your suggestios. Thanks -Mensagem original- De: cgc [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 15 de outubro de 2008 16:21 Para: Ricardo Augusto de Souza Cc: misc@openbsd.org Assunto: Re: RES: RES: Filtering outgoing connections in pf What exactly are you trying to achieve? what pc's do you want to have access to what ports? Are you just allowing every pc in the 10.10.0.0/16 network the same access or not? And access to what? Just web traffic? pings? dns? ... You will have to be abit more specific And any box that is doing packet filtering between 2 or more networks, eg. a private network and the internet, is a router as far as I am aware Regards, Charlie On Wed, 15 Oct 2008 16:06:16 -0300, Ricardo Augusto de Souza [EMAIL PROTECTED] wrote: This sounds good. But my openBSD is working like a router. If I remove the rule pass in quick on $int_if I will have a lot of pcs that cannot access other subnets. Do u know what protocol I must allow to routes work? thank -Mensagem original- De: cgc [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 15 de outubro de 2008 15:49 Para: Ricardo Augusto de Souza Cc: misc@openbsd.org Assunto: Re: RES: Filtering outgoing connections in pf let me give you an example, if you just want 10.10.0.0/16 to have port 80 access then you need 3 rules: #the nat nat on $ext_if from 10.10.0.0/16 to any port 80 - ($ext_if) #allow through $int_if pass in quick on $int_if proto tcp from 10.10.0.0/16 to any port 80 #and finally allow through $ext_if pass out quick on $ext_if proto tcp from ($ext_if) to any You can lock $ext_if down to just port 80 but the point is $int_if is where you do the filtering for 10.10.0.0/16 Correct me if I am wrong. Regards, Charlie On Wed, 15 Oct 2008 14:44:43 -0300, Ricardo Augusto de Souza [EMAIL PROTECTED] wrote: Is is possible filter outgoing packets in $ext_if even doing NAT? I mean, after nat on $ext_if from 10.10.0.0/16 to any - ($ext_if) all packets from 10.10.0.0/16 will be translated to $ext_if. I wish I could filter 10.10.0.0/16 packets in $ext_if. Is is possible? Thanks -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de Ricardo Augusto de Souza Enviada em: quarta-feira, 15 de outubro de 2008 13:01 Para: misc@openbsd.org Assunto: Filtering outgoing connections in pf Hi, I AM confused with some PF rules. I am trying to allow just some ports to my local users. I am using block out on $ext_if but I think I would be able to choose ports my lan users will access with rule Pass out on $ext_if proto tcp from 10.10.0.0/16 to any port { 80, 25, 110 } keep state . It seems to be ok, but I had to add this rule: Pass out on $ext_if from $ext_if to any ( without this rule my box cannot connect to the internet ). With this rule, All users can connect to any out port. Question: What is the right way to have my box at the internet and my users can only access that selected ports? Thanks My pf.conf: set loginterface xl1 set skip on lo0 scrub in set require-order yes set state-policy if-bound altq on xl1 priq bandwidth 50Kb queue { q_pri, q_def } queue q_pri priority 7 queue q_def priority 1 priq(default) # interface externa WAN ext_if=xl1 # interface interna LAN int_if=xl0 # interface MPLS mpls_if =bge0 #interfaces VPn tuneis vpn_if ={ tun0, tun1, tun2, tun3, tun4 } vpn_net ={ 10.10.9.0/26 } #Default GW gw=200.162.41.33 table badsites persist file /etc/badsites.txt winupdate = { 65.54.87.0/24 }
Re: RES: RES: RES: Filtering outgoing connections in pf
That looks like it should work fine apart from the capital letters in your macro's Regards, Charlie Ricardo Augusto de Souza wrote: Hi, I wanna allow local users ( 10.10.0.0/24 ) to Access internet just using port 80, 25 110 and 53 udp. I wanna allow full access to 10.10.20.0/24 to the internet. I mean, no restriction. Easy like that. I used openBSD 3.8 in the past and I was able to filter packets in $ext_if from my local network ( 10.10.0.0/24 ). Tests: 1) Users_tcp_ports = { 25, 80, 110, 443 } Users_udp_ports = { 53, 123 } Normal_users = 10.10.0.0/24 Power_users = 10.10.20.0/24 nat on $ext_if from $normal_users to any port $users_tcp_ports - ($ext_if) tagged NORMAL_USERS_NAT nat on $ext_if from $power_users to any - ($ext_if) tagged POWER_USERS_NAT #outgoing Block out on $ext_if Pass out quick on $ext_if from ($ext_if) to any #filtering on $int_if Pass in quick on $int_if inet proto tcp from $normal_users to any port $users_tcp_ports Pass In quick on $int_if inet proto tcp from $power_users to any Should this solve my problem? I still have no test enviroment. I have around 300 users already going to the internet and to other WAN sites trhough this openBSD. Plz, post me your suggestios. Thanks -Mensagem original- De: cgc [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 15 de outubro de 2008 16:21 Para: Ricardo Augusto de Souza Cc: misc@openbsd.org Assunto: Re: RES: RES: Filtering outgoing connections in pf What exactly are you trying to achieve? what pc's do you want to have access to what ports? Are you just allowing every pc in the 10.10.0.0/16 network the same access or not? And access to what? Just web traffic? pings? dns? ... You will have to be abit more specific And any box that is doing packet filtering between 2 or more networks, eg. a private network and the internet, is a router as far as I am aware Regards, Charlie On Wed, 15 Oct 2008 16:06:16 -0300, Ricardo Augusto de Souza [EMAIL PROTECTED] wrote: This sounds good. But my openBSD is working like a router. If I remove the rule pass in quick on $int_if I will have a lot of pcs that cannot access other subnets. Do u know what protocol I must allow to routes work? thank -Mensagem original- De: cgc [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 15 de outubro de 2008 15:49 Para: Ricardo Augusto de Souza Cc: misc@openbsd.org Assunto: Re: RES: Filtering outgoing connections in pf let me give you an example, if you just want 10.10.0.0/16 to have port 80 access then you need 3 rules: #the nat nat on $ext_if from 10.10.0.0/16 to any port 80 - ($ext_if) #allow through $int_if pass in quick on $int_if proto tcp from 10.10.0.0/16 to any port 80 #and finally allow through $ext_if pass out quick on $ext_if proto tcp from ($ext_if) to any You can lock $ext_if down to just port 80 but the point is $int_if is where you do the filtering for 10.10.0.0/16 Correct me if I am wrong. Regards, Charlie On Wed, 15 Oct 2008 14:44:43 -0300, Ricardo Augusto de Souza [EMAIL PROTECTED] wrote: Is is possible filter outgoing packets in $ext_if even doing NAT? I mean, after nat on $ext_if from 10.10.0.0/16 to any - ($ext_if) all packets from 10.10.0.0/16 will be translated to $ext_if. I wish I could filter 10.10.0.0/16 packets in $ext_if. Is is possible? Thanks -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de Ricardo Augusto de Souza Enviada em: quarta-feira, 15 de outubro de 2008 13:01 Para: misc@openbsd.org Assunto: Filtering outgoing connections in pf Hi, I AM confused with some PF rules. I am trying to allow just some ports to my local users. I am using block out on $ext_if but I think I would be able to choose ports my lan users will access with rule Pass out on $ext_if proto tcp from 10.10.0.0/16 to any port { 80, 25, 110 } keep state . It seems to be ok, but I had to add this rule: Pass out on $ext_if from $ext_if to any ( without this rule my box cannot connect to the internet ). With this rule, All users can connect to any out port. Question: What is the right way to have my box at the internet and my users can only access that selected ports?
Re: dmesg IBM x3650 OpenBSD 4.3
On Monday 13 October 2008, Artur Grabowski wrote: gm_sjo [EMAIL PROTECTED] writes: 2008/10/10 Theo de Raadt [EMAIL PROTECTED]: Wow. Good luck. Can't you see we've been down that road before with those bastards? But really. Good luck. You really are too optimistic, but sure, learn the reality for yourself. I'm sure calling vendors 'bastards' on a public mailing list is really going to help the cause. Works better than anything else. //art Yep. If you need an example, search the archives for HiFn and the following story will unfold... HiFn makes crypto accelerators. Some folks working on OpenBSD wanted to support these chips, but the could not get documentation from the company. The company said they'd release documentation a few times to a few different people, but nothing happened. Theo called them liars (or similarly direct names) and there were a few big threads about about the missing HiFn docs here on misc, twice they were slashdotted. Since HiFn is basically in my back yard, I walked into their office one day, talked to a few people, and set up a meeting with their CEO and CTO. Both of them were good guys, and willing to help. The said they would get the problem of the missing docs cleared up. I stayed in contact with them for a few months but nothing happened, and the docs were *STILL* missing... Eight months (or more) later, my phone rings, and on the other end of the line was the VP of Sales and Marketing from HiFn. You see, it was the Sales and Marketing department of HiFn that had forbid the release of needed documentation. Since sales and marketing are the bread and butter of every company, they obviously have a ton of power to make sure things done their way. The reason why they internally stopped all efforts to release documentation is because they used the gathered registration info for sales leads and marketing input. So why the heck did the VP call me? --The answer is *VERY* *SIMPLE* Theo and plenty of others around here created yet another long and brutally direct thread about the missing HiFn documentation. The thread once again made it onto slashdot and elsewhere, and someone informed the HiFn Sales/Marketing folks about the on-going Public Relations disaster for the company created by all the good from OpenBSD land. The VP asked me to inform the OpenBSD camp that a FTP server with all needed docs would be opened in a matter of hours, and this time they actually kept their promise and release their docs. Me being nice, taking the time to physically meet with the top guys at HiFn and very politely discuss the missing documentation changed absolutely nothing. The thing that *REALLY* caused the release of the docs was Theo and others around here being brutally direct, extremely honest, and not pulling any punches. The less than funny part is, Theo told me at the start that I would be wasting my time trying to meet and talk with them. Being overly optimistic, I gave it a try anyhow, only to prove Theo was right all along. Theo: 1 JCR: 0 Being nice just means it's easier for them to ignore you. If you want docs, be loud, be honest, be direct, be persistent, become a huge Public Relations nightmare, and never pull any punches. -- JCR
Shutdown with the power button
Hi list, Wondering if anyone knows how (or if it is possible) to be able to gracefully power down an OpenBSD box by hitting the power button on the server. Useful when you need someone to power down a system (like in a power failure situation) but there is no console attached. FreeBSD and linux provide what I am talking about, hit the power button and it looks like the equiv of a halt -p - But I don't want to use linux or FreeBSD on these firewall boxes. Not something I would use very often, but two nights ago really needed it. The OpenBSD box ended up having a hard power switch off instead of a clean shutdown. The server in question is a HP DL 360. Thanks, Mikel
Re: Shutdown with the power button
On Thu, Oct 16, 2008 at 11:22 PM, Gregory Edigarov [EMAIL PROTECTED] wrote: Mikel Lindsaar wrote: Wondering if anyone knows how (or if it is possible) to be able to gracefully power down an OpenBSD box by hitting the power button on the server. Mine does clean shutdown on power button just from the box Hmm... here is the dmesg then any ideas? OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 3.06GHz (GenuineIntel 686-class) 3.07 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR real mem = 2147028992 (2047MB) avail mem = 2068054016 (1972MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS rev. 2.3 @ 0xec000 (42 entries) bios0: vendor HP version P31 date 03/03/2005 bios0: HP ProLiant DL360 G3 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC SPCR acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 32 bits acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (PCI1) acpiprt2 at acpi0: bus 4 (PCI2) acpicpu0 at acpi0 acpitz0 at acpi0: critical temperature 31 degC bios0: ROM list: 0xc/0x8000 0xc8000/0x4000 0xee000/0x2000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 ServerWorks CNB20-HE Host (GC-LE) rev 0x31 pchb1 at pci0 dev 0 function 1 ServerWorks CNB20-HE Host (GC-LE) rev 0x00 pchb2 at pci0 dev 0 function 2 ServerWorks CNB20-HE Host (GC-LE) rev 0x00 pci1 at pchb2 bus 1 em0 at pci1 dev 1 function 0 Intel PRO/1000MT (82546EB) rev 0x01: irq 15, address 00:04:23:c8:03:f6 em1 at pci1 dev 1 function 1 Intel PRO/1000MT (82546EB) rev 0x01: irq 11, address 00:04:23:c8:03:f7 bge0 at pci1 dev 2 function 0 Broadcom BCM5703X rev 0x02, BCM5703 A2 (0x1002): irq 11, address 00:0b:cd:83:67:89 brgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2 vga1 at pci0 dev 3 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ciss0 at pci0 dev 4 function 0 Compaq Smart Array 5i/532 rev.2 rev 0x01: irq 3 ciss0: 1 LD, HW rev 1, FW 2.76/2.76 scsibus0 at ciss0: 1 targets sd0 at scsibus0 targ 0 lun 0: COMPAQ, LOGICAL VOLUME, 2.76 SCSI2 0/direct fixed sd0: 34727MB, 4427 cyl, 255 head, 63 sec, 512 bytes/sec, 71122560 sec total Compaq iLO rev 0x01 at pci0 dev 5 function 0 not configured Compaq iLO rev 0x01 at pci0 dev 5 function 2 not configured piixpm0 at pci0 dev 15 function 0 ServerWorks CSB5 rev 0x93: polling iic0 at piixpm0 spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM registered ECC PC2300CL2.5 spdmem1 at iic0 addr 0x52: 512MB DDR SDRAM registered ECC PC2100CL2.5 spdmem2 at iic0 addr 0x54: 512MB DDR SDRAM registered ECC PC2100CL2.5 spdmem3 at iic0 addr 0x56: 512MB DDR SDRAM registered ECC PC2100CL2.5 pciide0 at pci0 dev 15 function 1 ServerWorks CSB5 IDE rev 0x93: DMA atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: COMPAQ, CRN-8245B, 2.19 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, DMA mode 2 pciide0: no compatibility interrupt for use by channel 1 ohci0 at pci0 dev 15 function 2 ServerWorks OSB4/CSB5 USB rev 0x05: irq 10, version 1.0, legacy support pchb3 at pci0 dev 15 function 3 ServerWorks CSB5 LPC rev 0x00 pchb4 at pci0 dev 17 function 0 ServerWorks CIOB-X2 PCIX rev 0x05 pchb5 at pci0 dev 17 function 2 ServerWorks CIOB-X2 PCIX rev 0x05 pci2 at pchb5 bus 4 bge1 at pci2 dev 2 function 0 Broadcom BCM5703X rev 0x02, BCM5703 A2 (0x1002): irq 15, address 00:0b:cd:83:67:ab brgphy1 at bge1 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2 usb0 at ohci0: USB revision 1.0 uhub0 at usb0 ServerWorks OHCI root hub rev 1.00/1.00 addr 1 isa0 at mainbus0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask 65ed netmask eded ttymask ffef mtrr: Pentium Pro MTRR support softraid0 at root root on sd0a swap on sd0b dump on sd0b
Re: Shutdown with the power button
It probably needs to be enabled in the bios. On Thu, Oct 16, 2008 at 11:30:02PM +1100, Mikel Lindsaar wrote: On Thu, Oct 16, 2008 at 11:22 PM, Gregory Edigarov [EMAIL PROTECTED] wrote: Mikel Lindsaar wrote: Wondering if anyone knows how (or if it is possible) to be able to gracefully power down an OpenBSD box by hitting the power button on the server. Mine does clean shutdown on power button just from the box Hmm... here is the dmesg then any ideas? OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 3.06GHz (GenuineIntel 686-class) 3.07 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR real mem = 2147028992 (2047MB) avail mem = 2068054016 (1972MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS rev. 2.3 @ 0xec000 (42 entries) bios0: vendor HP version P31 date 03/03/2005 bios0: HP ProLiant DL360 G3 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC SPCR acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 32 bits acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (PCI1) acpiprt2 at acpi0: bus 4 (PCI2) acpicpu0 at acpi0 acpitz0 at acpi0: critical temperature 31 degC bios0: ROM list: 0xc/0x8000 0xc8000/0x4000 0xee000/0x2000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 ServerWorks CNB20-HE Host (GC-LE) rev 0x31 pchb1 at pci0 dev 0 function 1 ServerWorks CNB20-HE Host (GC-LE) rev 0x00 pchb2 at pci0 dev 0 function 2 ServerWorks CNB20-HE Host (GC-LE) rev 0x00 pci1 at pchb2 bus 1 em0 at pci1 dev 1 function 0 Intel PRO/1000MT (82546EB) rev 0x01: irq 15, address 00:04:23:c8:03:f6 em1 at pci1 dev 1 function 1 Intel PRO/1000MT (82546EB) rev 0x01: irq 11, address 00:04:23:c8:03:f7 bge0 at pci1 dev 2 function 0 Broadcom BCM5703X rev 0x02, BCM5703 A2 (0x1002): irq 11, address 00:0b:cd:83:67:89 brgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2 vga1 at pci0 dev 3 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ciss0 at pci0 dev 4 function 0 Compaq Smart Array 5i/532 rev.2 rev 0x01: irq 3 ciss0: 1 LD, HW rev 1, FW 2.76/2.76 scsibus0 at ciss0: 1 targets sd0 at scsibus0 targ 0 lun 0: COMPAQ, LOGICAL VOLUME, 2.76 SCSI2 0/direct fixed sd0: 34727MB, 4427 cyl, 255 head, 63 sec, 512 bytes/sec, 71122560 sec total Compaq iLO rev 0x01 at pci0 dev 5 function 0 not configured Compaq iLO rev 0x01 at pci0 dev 5 function 2 not configured piixpm0 at pci0 dev 15 function 0 ServerWorks CSB5 rev 0x93: polling iic0 at piixpm0 spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM registered ECC PC2300CL2.5 spdmem1 at iic0 addr 0x52: 512MB DDR SDRAM registered ECC PC2100CL2.5 spdmem2 at iic0 addr 0x54: 512MB DDR SDRAM registered ECC PC2100CL2.5 spdmem3 at iic0 addr 0x56: 512MB DDR SDRAM registered ECC PC2100CL2.5 pciide0 at pci0 dev 15 function 1 ServerWorks CSB5 IDE rev 0x93: DMA atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: COMPAQ, CRN-8245B, 2.19 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, DMA mode 2 pciide0: no compatibility interrupt for use by channel 1 ohci0 at pci0 dev 15 function 2 ServerWorks OSB4/CSB5 USB rev 0x05: irq 10, version 1.0, legacy support pchb3 at pci0 dev 15 function 3 ServerWorks CSB5 LPC rev 0x00 pchb4 at pci0 dev 17 function 0 ServerWorks CIOB-X2 PCIX rev 0x05 pchb5 at pci0 dev 17 function 2 ServerWorks CIOB-X2 PCIX rev 0x05 pci2 at pchb5 bus 4 bge1 at pci2 dev 2 function 0 Broadcom BCM5703X rev 0x02, BCM5703 A2 (0x1002): irq 15, address 00:0b:cd:83:67:ab brgphy1 at bge1 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2 usb0 at ohci0: USB revision 1.0 uhub0 at usb0 ServerWorks OHCI root hub rev 1.00/1.00 addr 1 isa0 at mainbus0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask 65ed netmask eded ttymask ffef mtrr: Pentium Pro MTRR support softraid0 at root root on sd0a swap on sd0b dump on sd0b
ral(4) stops generating traffic
Hi, I 'm running OpenBSD 4.4-current (RALDBG) #0: Fri Oct 10 16:56:50 CEST 2008, which is GENERIC with RAL_DEBUG, but I've seen this problem with previous kernels and without RAL_DEBUG, too. # dmesg | grep ral ral0 at pci0 dev 14 function 0 Ralink RT2860 rev 0x00: irq 10EEPROM rev=1, FAE=1 ral0: MAC/BBP RT2860 (rev 0x0101), RF RT2820 (2T3R) This is a pci Edimax EW-7728IN, which I believe is the same card that was donated to damien@ (?) and that led to 28xx support. After an unfixed amount of time, from a few minutes up to a few days, the interface simply stops respoding to probe requests: # tcpdump -nvvvs 1000 -i ral0 -y IEEE802_11_RADIO not subtype beacon 14:17:40.761912 CLI1-MAC ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 16): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig -19dBm, antenna 2, signal 17dB 14:17:40.963338 CLI1-MAC ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 32): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig -17dBm, antenna 2, signal 15dB 14:21:03.860025 CLI2-MAC ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 1120): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig -27dBm, antenna 1, signal 25dB 14:21:04.306901 CLI2-MAC ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 1520): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig -23dBm, antenna 1, signal 21dB Whereas normally you'd see the probe req, probe resp, auth req, auth resp, assoc req, assoc resp, wpa dance. # tcpdump -nvvvs 1000 -i ral0 -y IEEE802_11_RADIO | grep beacon | grep AP-MAC Shows that it stops sending beacon frames. It's still picking up the beacons from the 5 other wlans it can see, so rx seems to work fine. # ifconfig ral0 down ifconfig ral0 up Fixes everything, until it happens again after a seemingly random interval. The kernel doesn't log anything unusual even with RAL_DEBUG. I suppose I should sendbug, but I think lots of people have these cards so I'd like to know if anyone else is seeing this. Any ideas? Thanks and please cc, bbee
Re: KDE Question, Blank 'Kicker' at the bottom of the screen, missing menus
On Wednesday 15 October 2008, [EMAIL PROTECTED] wrote: I installed all of the relevant KDE packages and set it to start at boot time with KDM and it worked fine initially, for a couple days. Without my changing anything in particular, the equivalent of the windows taskbar at the bottom of the screen became blank. The usual launch menu and boxes symbolizing minimized programs are gone but the bar is still there, it's just solid grey. This is true both when I login as root and as myself. First of all, please wrap text at 72 char for mailing list posts as described in: http://www.openbsd.org/mail.html As for your problem, you've obviously changed something important, such as a default configuration of KDE. The only other realistic possibility is your hard drive is failing and said default configuration files cannot be read. The third, and least likely, option is you've made the same exact configuration mistake on both user accounts. You should try disabling KDM, creating a new user, logging in as new user into the default ksh shell, and then launching kde manually with `startkde` If the problem persists, then you've somehow hosed the main kde kicker configuration file, or it cannot be read properly from disk. /usr/local/share/config.kcfg/kickerSettings.kcfg Possibly, you've set kicker (the above file) to be Locked ? entry name=Locked type=Bool labelWhen this option is enabled, the panels may not be moved and items cannot be removed or added/label defaultfalse/default /entry A possible solution to fix errant changes would be to 1.) uninstall KDE packages 2.) check to make sure the packages uninstalled cleanly (i.e. all installed package files were deleted properly). 3.) Remove any KDE user configuration (~/.kde) 4.) reinstall KDE packages. NOTE: if you're using kmail, deleting your ~/.kde directory will wipe out all your mail. Good Luck, JCR
Re: Shutdown with the power button
see /etc/rc.shutdown and set: powerdown=YES # set to YES for powerdown Good Luck. On Thu, Oct 16, 2008 at 11:30:02PM +1100, Mikel Lindsaar wrote: On Thu, Oct 16, 2008 at 11:22 PM, Gregory Edigarov [EMAIL PROTECTED] wrote: Mikel Lindsaar wrote: Wondering if anyone knows how (or if it is possible) to be able to gracefully power down an OpenBSD box by hitting the power button on the server. Mine does clean shutdown on power button just from the box Hmm... here is the dmesg then any ideas? OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 3.06GHz (GenuineIntel 686-class) 3.07 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR real mem = 2147028992 (2047MB) avail mem = 2068054016 (1972MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS rev. 2.3 @ 0xec000 (42 entries) bios0: vendor HP version P31 date 03/03/2005 bios0: HP ProLiant DL360 G3 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC SPCR acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 32 bits acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (PCI1) acpiprt2 at acpi0: bus 4 (PCI2) acpicpu0 at acpi0 acpitz0 at acpi0: critical temperature 31 degC bios0: ROM list: 0xc/0x8000 0xc8000/0x4000 0xee000/0x2000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 ServerWorks CNB20-HE Host (GC-LE) rev 0x31 pchb1 at pci0 dev 0 function 1 ServerWorks CNB20-HE Host (GC-LE) rev 0x00 pchb2 at pci0 dev 0 function 2 ServerWorks CNB20-HE Host (GC-LE) rev 0x00 pci1 at pchb2 bus 1 em0 at pci1 dev 1 function 0 Intel PRO/1000MT (82546EB) rev 0x01: irq 15, address 00:04:23:c8:03:f6 em1 at pci1 dev 1 function 1 Intel PRO/1000MT (82546EB) rev 0x01: irq 11, address 00:04:23:c8:03:f7 bge0 at pci1 dev 2 function 0 Broadcom BCM5703X rev 0x02, BCM5703 A2 (0x1002): irq 11, address 00:0b:cd:83:67:89 brgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2 vga1 at pci0 dev 3 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ciss0 at pci0 dev 4 function 0 Compaq Smart Array 5i/532 rev.2 rev 0x01: irq 3 ciss0: 1 LD, HW rev 1, FW 2.76/2.76 scsibus0 at ciss0: 1 targets sd0 at scsibus0 targ 0 lun 0: COMPAQ, LOGICAL VOLUME, 2.76 SCSI2 0/direct fixed sd0: 34727MB, 4427 cyl, 255 head, 63 sec, 512 bytes/sec, 71122560 sec total Compaq iLO rev 0x01 at pci0 dev 5 function 0 not configured Compaq iLO rev 0x01 at pci0 dev 5 function 2 not configured piixpm0 at pci0 dev 15 function 0 ServerWorks CSB5 rev 0x93: polling iic0 at piixpm0 spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM registered ECC PC2300CL2.5 spdmem1 at iic0 addr 0x52: 512MB DDR SDRAM registered ECC PC2100CL2.5 spdmem2 at iic0 addr 0x54: 512MB DDR SDRAM registered ECC PC2100CL2.5 spdmem3 at iic0 addr 0x56: 512MB DDR SDRAM registered ECC PC2100CL2.5 pciide0 at pci0 dev 15 function 1 ServerWorks CSB5 IDE rev 0x93: DMA atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: COMPAQ, CRN-8245B, 2.19 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, DMA mode 2 pciide0: no compatibility interrupt for use by channel 1 ohci0 at pci0 dev 15 function 2 ServerWorks OSB4/CSB5 USB rev 0x05: irq 10, version 1.0, legacy support pchb3 at pci0 dev 15 function 3 ServerWorks CSB5 LPC rev 0x00 pchb4 at pci0 dev 17 function 0 ServerWorks CIOB-X2 PCIX rev 0x05 pchb5 at pci0 dev 17 function 2 ServerWorks CIOB-X2 PCIX rev 0x05 pci2 at pchb5 bus 4 bge1 at pci2 dev 2 function 0 Broadcom BCM5703X rev 0x02, BCM5703 A2 (0x1002): irq 15, address 00:0b:cd:83:67:ab brgphy1 at bge1 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2 usb0 at ohci0: USB revision 1.0 uhub0 at usb0 ServerWorks OHCI root hub rev 1.00/1.00 addr 1 isa0 at mainbus0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask 65ed netmask eded ttymask ffef mtrr: Pentium Pro MTRR support softraid0 at root root on sd0a swap on sd0b dump on sd0b -- Guillermo Bernaldo de Quirss Maraver Pedroche.
Re: BSD Port from OpenJDK
On Tuesday 14 October 2008, Kurt Miller wrote: Quite frankly I'm pretty upset at all the 'Java sucks' banter on misc. If you and the other naysayers don't realize that porting Java to OpenBSD was a 'Good-Thing' then you are just UNINFORMED! http://en.wikipedia.org/wiki/Illegitimi_non_carborundum :-) Thanks for all your hard work! -- JCR
Re: Shutdown with the power button
hi, On Thu, Oct 16, 2008 at 11:30:02PM +1100, Mikel Lindsaar wrote: Hmm... here is the dmesg then any ideas? looks like you're missing an acpibtn (man acpibtn). -- CUL8R, Peter.
Re: what exactly is enc0?
* ropers [EMAIL PROTECTED] [2008-10-15 22:44]: (Personally, I've never even ever run across anything else but 5V PCI cards and slots. Probably because I've never owned a Soekris.) I'm pretty sure that your average pile of pci cards has way more 3.3v capable cards than 5v-only ones. ay more. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: VESA 1280x800
On Thu, Oct 16, 2008 at 2:30 AM, Jairo Souto [EMAIL PROTECTED] wrote: Would you, please, tell me how to add the card PCI id in the nv driver? Add: { 0x10DE0533, GeForce 7000M }, in xenocara/driver/xf86-video-nv/src/nv_driver.c, after line 391. (Sorry I can't generate a patch right now. Then cd xenocara/driver/xf86-video-nv and run make -f Makefile.bsd-wrapper. -- Matthieu Herrb
Re: reliable, dd over simple ip network
On Wed, Oct 15, 2008 at 09:28:56PM -0700, Neko wrote: since my partitions have 16% free on all systems, i cant tarball the drive sent it to target machine and uncompress, Tarball it up, pipe the output somewhere, eg via ssh (disclaimer: untested; concept only) [tar commands, to stdout] | ssh [EMAIL PROTECTED] cat - [tar commands to untar the ball] or tarball.tgz Or use rsync? Doug.
Re: Timeout on network interface
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2008-10-13, Stuart Henderson [EMAIL PROTECTED] wrote: There are not issues with re(4) which are being worked on which pertain to this issue. The problem mentioned by the original poster is an issue with the (emulated) RTL8139 driver provided by QEMU which KVM is derived from. The driver does not fully emulate the hw by default unless compiled with a particular define, in this case it is the timer interrupt. This needs to be fixed upstream with QEMU and then also bug the KVM developers to copy the change over to their source tree. I was looking for the bug report in Qemu but I could not find it. You have some link to be able to have a reference and track its state? No, but there's a nice post about it here. http://forums.citrix.com/thread.jspa?messageID=1343896tstart=0 OpenBSD and FreeBSD both have this defined in their respective ports trees. http://www.openbsd.org/cgi-bin/cvsweb/ports/emulators/qemu/patches/patch-hw_rtl8139_c?rev=1.4 http://www.freebsd.org/cgi/cvsweb.cgi/ports/emulators/qemu/files/rtl8139-re-patch?rev=1.1 It's peculiar that testing both Linux distributions and Windows XP, I did not have this problem using the same network card. Not really. Not all drivers for the same hardware work the same way. Thanks for the reply and the links, Stuart. I found temporarily a workaround using model=ne2k_pci with kvm. Regards, Daniel iEYEARECAAYFAkj3ChIACgkQZpa/GxTmHTd84ACeLnASR8uKIGzlDoxq/0OBx7W9 kb4AnA2SB4wtuaHcqDv9uUscL+aiJ9A2 =+n1O -END PGP SIGNATURE-
Re: what exactly is enc0?
J.C. Roberts schrieb: On Wednesday 15 October 2008, ropers wrote: I don't know if it is possible to use --surrounding physical space permitting-- 64bit cards in 32 bit slots (and have them run w/ reduced performance). IIRC, something like that used to be possible back when it came to the transition from 8bit ISA to 16bit ISA slots; back then, some 16bit ISA cards could be used in 8bit slots at reduced speeds. Whether something like that is possible now with 64bit PCI cards I don't know. Maybe someone else knows. Of course it depends on the design of the specific card, but yes, at least *some* 64-bit cards can be used in 32-bit slots. I've seen early 64-bit PCI SCSI controller cards that were built this way. -- JCR Not that I would recommend them anymore, but the D-Link DGE-550T/SX (64bit/66MHz) worked in an Asus P4P800-VM (PCI 32bit) for me (with OpenBSD of course). I think it depends on the card __and__ the mainboard if it works or not. guido
Re: Shutdown with the power button
On 15:41:27 Oct 16, Guillermo Bernaldo de Quiros Maraver Pedroche wrote: see /etc/rc.shutdown and set: powerdown=YES # set to YES for powerdown Try this. It might work. My /etc/sysctl.conf has the line machdep.kbdreset=1 # permit console CTRL-ALT-DEL to do a nice halt I find that this along with the above option set in /etc/rc.shutdown is a nice way to shutdown the machine by pressing the magic buttons... -Girish
weird dmesg
I was preparing some information about my system to post my questions here and I saw that weird output in dmesg. Take a look. How can I avoid/fix this? # dmesg info.txt # vi info.txt [4] + Suspendedvi info.txt # # cat info.txt speaker lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask ff65 netmask ff65 ttymask ffe7 mtrr: Pentium Pro MTRR support Kernelized RAIDframe activated Silitek IBM USB HUB KEYBOARD rev 1.10/1.00 addr 2 at uhub2 port 1 not configured ahd0: target 0 synchronous with period = 0x8, offset = 0x7f(RDSTRM|DT|IU|RTI|QAS) ahd0: target 6 synchronous with period = 0x8, offset = 0x7f(RDSTRM|DT|IU|RTI|QAS) cd0(atapiscsi0:0:0): Check Condition (error 0x70) on opcode 0x0 SENSE KEY: Not Ready ASC/ASCQ: Medium Not Present softraid0 at root root on sd0a swap on sd0b dump on sd0b arp: attempt to add entry for 10.10.100.253 on xl0 by 00:0a:5e:63:7e:2e on bge0 arp: attempt to add entry for 10.10.0.94 on xl0 by 00:15:58:d8:80:1d on bge0 arp: attempt to add entry for 10.10.0.39 on xl0 by 00:0e:a6:be:d9:9a on bge0 arp: attempt to add entry for 10.10.0.86 on xl0 by 00:15:58:d8:7e:f3 on bge0 Silitek IBM USB HUB KEYBOARD rev 1.10/1.00 addr 2 at uhub2 port 1 not configured arp info overwritten for 10.100.1.2 by 00:0d:88:53:31:1e on bge0 arp info overwritten for 10.100.1.2 by 00:0d:88:53:31:1d on bge0 arp: attempt to add entry for 10.10.0.82 on xl0 by 00:15:f2:5d:e7:74 on bge0 arp: attempt to add entry for 10.10.0.108 on xl0 by 00:18:71:8c:29:83 on bge0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0 arp info overwritten for 10.10.0.9 by 00:0f:ea:d2:07:52 on xl0 arp: attempt to overwrite entry for 10.10.0.9 on xl0 by 00:0d:88:53:31:1e on bge0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0 Silitek IBM USB HUB KEYBOARD rev 1.10/1.00 addr 2 at uhub2 port 1 not configured Silitek IBM USB HUB KEYBOARD rev 1.10/1.00 addr 2 at uhub2 port 2 not configured Silitek IBM USB HUB KEYBOARD rev 1.10/1.00 addr 2 at uhub2 port 1 not configured arp: attempt to add entry for 10.10.0.80 on xl0 by 00:1a:6b:59:42:cc on bge0 arp: attempt to add entry for 10.10.0.61 on xl0 by 00:1c:25:c0:74:e6 on bge0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0 arp info overwritten for 10.10.0.9 by 00:0f:ea:d2:07:52 on xl0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0 arp: attempt to add entry for 10.10.0.112 on xl0 by 00:1a:6b:59:05:25 on bge0 arp info overwritten for 10.10.0.69 by 00:04:75:b1:71:ea on xl0 arp info overwritten for 10.10.0.69 by 00:1a:6b:59:09:9c on xl0 arp info overwritten for 10.10.0.69 by 00:04:75:b1:71:ea on xl0 arp info overwritten for 10.10.0.69 by 00:1a:6b:59:09:9c on xl0 ichiic0: exec: op 1, addr 0x2e, cmdlen 1, len 1, flags 0x00: timeout, status 0x0 ichiic0: abort failed, status 0x40INUSE arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0 arp: attempt to add entry for 10.10.0.89 on xl0 by 00:1a:6b:59:44:59 on bge0 arp: attempt to add entry for 10.10.0.40 on xl0 by 00:14:22:b4:29:0f on bge0 arp info overwritten for 10.100.1.2 by 00:0d:88:53:31:1d on bge0 ichiic0: exec: op 1, addr 0x2d, cmdlen 1, len 1, flags 0x00: timeout, status 0x0 ichiic0: abort failed, status 0x40INUSE arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0 arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c2 on bge0 arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c3 on bge0 arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c2 on bge0 arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c3 on bge0 arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c2 on bge0 arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c2 on bge0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0 arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c3 on bge0 arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c2 on bge0 arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c3 on bge0 arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c2 on bge0 arp: attempt to add
package ports tools, ftp and pf
I get no reply when I try to subscribe to the pf mailing list, so I'll ask here. I'm running OpenBSD 4.3 stable on amd64. I use what is in the pf faq to allow ftp from my internal lan via nat, which works, but I can't ftp from the computer that is running pf unless I use ftp -AaE as I read about in a post on this list I think. And, I am unable to retrieve or query package or install ports. If I simply use ftp without arguments, I can login but I can't list directories. It hangs after printing 200 EPRT command successful. I tried setting FETCH_CMD to '/usr/bin/ftp -AaE' but I still can not use pkg_add, and I can't use pkg_info. If I try to build a port, it can't retrieve the files. I would prefer to fix my pf rules. What do I need to do to allow ftp, package tools and ports to work from the machine running pf? Also, my filtering rules start with block log all, which I hoped would log anything that is blocked, but I don't see anything that looks like ftp being blocked in pflog. If I disable pf, package tools work. Is there a way to log everything that is blocked? Kendall
Re: reliable, dd over simple ip network
Maybe the simplest usage: tar cfz - /somedir | ssh somehost dd of=/somefile.tgz John On Thu, Oct 16, 2008 at 10:42:17AM -0400, Douglas A. Tutty wrote: On Wed, Oct 15, 2008 at 09:28:56PM -0700, Neko wrote: since my partitions have 16% free on all systems, i cant tarball the drive sent it to target machine and uncompress, Tarball it up, pipe the output somewhere, eg via ssh (disclaimer: untested; concept only) [tar commands, to stdout] | ssh [EMAIL PROTECTED] cat - [tar commands to untar the ball] or tarball.tgz Or use rsync? Doug.
Re: pf outbound nat load balancing issue
Forgot to mention, i'm running 4.3 release. 2008/10/16 gm_sjo [EMAIL PROTECTED]: Hi all, I have a very basic pf NAT setup for testing on my new firewall. The firewall has two PPPoE connections which are using multipath default routes to load balance. Load balancing works for non-NAT traffic, but NAT traffic is only going out via one link, not both.
Get Popular Screensavers
Halloween Screensavers! Hundreds of wicked Halloween Screensavers! Spook your friends with one of our spooktastic screensavers this Halloween! They will love it! Our Screen Savers: Are totally Free! There are thousands of free photos exclusive 3-D animations to choose from Require NO Registration Have NO Spyware or Adware Click Here to send one today! http://livabledesign.com/RRSSGNvFZOvvueGvGvGvNeSxRZuOFG/ For more information about PopularScreenSavers, including our address and unsubscribe go to http://livabledesign.com/RRSSGNvFZOvvueGvGeGvNeSxRZuOFG/ PopularScreenSavers One North Lexington 9th Floor White Plains, NY 10601 This email is a commercial advertisement sent in compliance with the CanSpam Act of 2003. if you wish to be excluded from all mailings, please use the link at the bottom of the page. Brought to you By: PMC Marketing 68995c8 , 1440 Coral Ridge Dr. #422 , Coral Springs , Florida 33071 1066304100 Unsubscribe misc@openbsd.org http://livabledesign.com/RRSSGNvFZOvvueGvGSGvNeSxRZuOFG/
Re: what exactly is enc0?
The board's PCI slot has to be molded to support it. If not, a dremmel and a little precision will permit the card to sit in the slot with no problems. Shave a few mm off the PCI slot's side, don't cut the card. . On 10/16/08, J.C. Roberts [EMAIL PROTECTED] wrote: On Wednesday 15 October 2008, ropers wrote: I don't know if it is possible to use --surrounding physical space permitting-- 64bit cards in 32 bit slots (and have them run w/ reduced performance). IIRC, something like that used to be possible back when it came to the transition from 8bit ISA to 16bit ISA slots; back then, some 16bit ISA cards could be used in 8bit slots at reduced speeds. Whether something like that is possible now with 64bit PCI cards I don't know. Maybe someone else knows. Of course it depends on the design of the specific card, but yes, at least *some* 64-bit cards can be used in 32-bit slots. I've seen early 64-bit PCI SCSI controller cards that were built this way. -- JCR
Re: package ports tools, ftp and pf
Either switch to passive ftp, or open your ftp-data port. That should solve some of your problems. On 10/16/08, Kendall Shaw [EMAIL PROTECTED] wrote: I get no reply when I try to subscribe to the pf mailing list, so I'll ask here. I'm running OpenBSD 4.3 stable on amd64. I use what is in the pf faq to allow ftp from my internal lan via nat, which works, but I can't ftp from the computer that is running pf unless I use ftp -AaE as I read about in a post on this list I think. And, I am unable to retrieve or query package or install ports. If I simply use ftp without arguments, I can login but I can't list directories. It hangs after printing 200 EPRT command successful. I tried setting FETCH_CMD to '/usr/bin/ftp -AaE' but I still can not use pkg_add, and I can't use pkg_info. If I try to build a port, it can't retrieve the files. I would prefer to fix my pf rules. What do I need to do to allow ftp, package tools and ports to work from the machine running pf? Also, my filtering rules start with block log all, which I hoped would log anything that is blocked, but I don't see anything that looks like ftp being blocked in pflog. If I disable pf, package tools work. Is there a way to log everything that is blocked? Kendall
RES: weird dmesg
No ideas? -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de Ricardo Augusto de Souza Enviada em: quinta-feira, 16 de outubro de 2008 12:08 Para: misc@openbsd.org Assunto: weird dmesg I was preparing some information about my system to post my questions here and I saw that weird output in dmesg. Take a look. How can I avoid/fix this? # dmesg info.txt # vi info.txt [4] + Suspendedvi info.txt # # cat info.txt speaker lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask ff65 netmask ff65 ttymask ffe7 mtrr: Pentium Pro MTRR support Kernelized RAIDframe activated Silitek IBM USB HUB KEYBOARD rev 1.10/1.00 addr 2 at uhub2 port 1 not configured ahd0: target 0 synchronous with period = 0x8, offset = 0x7f(RDSTRM|DT|IU|RTI|QAS) ahd0: target 6 synchronous with period = 0x8, offset = 0x7f(RDSTRM|DT|IU|RTI|QAS) cd0(atapiscsi0:0:0): Check Condition (error 0x70) on opcode 0x0 SENSE KEY: Not Ready ASC/ASCQ: Medium Not Present softraid0 at root root on sd0a swap on sd0b dump on sd0b arp: attempt to add entry for 10.10.100.253 on xl0 by 00:0a:5e:63:7e:2e on bge0 arp: attempt to add entry for 10.10.0.94 on xl0 by 00:15:58:d8:80:1d on bge0 arp: attempt to add entry for 10.10.0.39 on xl0 by 00:0e:a6:be:d9:9a on bge0 arp: attempt to add entry for 10.10.0.86 on xl0 by 00:15:58:d8:7e:f3 on bge0 Silitek IBM USB HUB KEYBOARD rev 1.10/1.00 addr 2 at uhub2 port 1 not configured arp info overwritten for 10.100.1.2 by 00:0d:88:53:31:1e on bge0 arp info overwritten for 10.100.1.2 by 00:0d:88:53:31:1d on bge0 arp: attempt to add entry for 10.10.0.82 on xl0 by 00:15:f2:5d:e7:74 on bge0 arp: attempt to add entry for 10.10.0.108 on xl0 by 00:18:71:8c:29:83 on bge0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0 arp info overwritten for 10.10.0.9 by 00:0f:ea:d2:07:52 on xl0 arp: attempt to overwrite entry for 10.10.0.9 on xl0 by 00:0d:88:53:31:1e on bge0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0 Silitek IBM USB HUB KEYBOARD rev 1.10/1.00 addr 2 at uhub2 port 1 not configured Silitek IBM USB HUB KEYBOARD rev 1.10/1.00 addr 2 at uhub2 port 2 not configured Silitek IBM USB HUB KEYBOARD rev 1.10/1.00 addr 2 at uhub2 port 1 not configured arp: attempt to add entry for 10.10.0.80 on xl0 by 00:1a:6b:59:42:cc on bge0 arp: attempt to add entry for 10.10.0.61 on xl0 by 00:1c:25:c0:74:e6 on bge0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0 arp info overwritten for 10.10.0.9 by 00:0f:ea:d2:07:52 on xl0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0 arp: attempt to add entry for 10.10.0.112 on xl0 by 00:1a:6b:59:05:25 on bge0 arp info overwritten for 10.10.0.69 by 00:04:75:b1:71:ea on xl0 arp info overwritten for 10.10.0.69 by 00:1a:6b:59:09:9c on xl0 arp info overwritten for 10.10.0.69 by 00:04:75:b1:71:ea on xl0 arp info overwritten for 10.10.0.69 by 00:1a:6b:59:09:9c on xl0 ichiic0: exec: op 1, addr 0x2e, cmdlen 1, len 1, flags 0x00: timeout, status 0x0 ichiic0: abort failed, status 0x40INUSE arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0 arp: attempt to add entry for 10.10.0.89 on xl0 by 00:1a:6b:59:44:59 on bge0 arp: attempt to add entry for 10.10.0.40 on xl0 by 00:14:22:b4:29:0f on bge0 arp info overwritten for 10.100.1.2 by 00:0d:88:53:31:1d on bge0 ichiic0: exec: op 1, addr 0x2d, cmdlen 1, len 1, flags 0x00: timeout, status 0x0 ichiic0: abort failed, status 0x40INUSE arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0 arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c2 on bge0 arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c3 on bge0 arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c2 on bge0 arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c3 on bge0 arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c2 on bge0 arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c2 on bge0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1d on xl0 arp info overwritten for 10.10.0.9 by 00:0d:88:53:31:1e on xl0 arp info overwritten for 10.100.1.11 by 00:09:6b:6b:d0:c3 on bge0
WPA Enterprise (openBSD 4.4)
Hello, being a new openBSD User, I encounter several problems, which I normally manage to solve by doing research and/or reading man files. Except for one thing. WPA Enterprise. At my university we have an WPA Enterprise Wlan, where students use to connect to the virtual world. Well, after installing openBSD 4.4 snapshot, I didn't encounter problems to connect to WPA(2) Networks, works really great, except for this university network, which is very important for me, because I spend most of my time there. I found out in the man page that WPA Enterprise is supported. Owing a wlan card using the wpi driver this should work. I also manage to connect to the AP. I see following output when I enter ifconfig wpi0: wpi0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:14:02:08:e4:3f groups: wlan media: IEEE802.11 autoselect (OFDM36 mode 11a) status: active ieee80211: nwid wlan23 chan 11 bssid 00:20:2b:68:e6:b0 37dB wpaprotos wpa1 wpaakms 802.1x wpaciphers tkip wpagroupcipher tkip 100dBm inet6 fe80::213:2ff:fe08:e43f%wpi0 prefixlen 64 scopeid 0x2 My problem is that I don't know how to authenticate myself. How can I provide my login an password? I would be very pleased if someone has the time to help me, Thanks Greetings, Kabel
Re: reliable, dd over simple ip network
On Wed, Oct 15, 2008 at 10:28 PM, Neko [EMAIL PROTECTED] wrote: i have found a really dirty way of going around this, so im fishing for advices on finding a reliable way to dd over simple ip network with the generic bsd. could this be done in a straight pipe ? i have an ftp on the generic bsd, containing data, this bsd system is on a multiple os drive. i have no choice to dd, since multiple partition got updated out of hand, no way to single track specific updated folders. *well actually yes, its the dirty way stipulated above* since my partitions have 16% free on all systems, i cant tarball the drive sent it to target machine and uncompress, anyays, if you have suggestion on opensource pkgs, services i could open, or any bright idea i would like to hear them You could easily use a few pipes, dd and the built-in netcatand add some compression too if you wanted.
whitelisting X DSL (dynamic IP)s
Hi, I am planning to setup a network with a OpenBSD/SPAMD firewall, and an internal POSTFIX server with SASL SMTP AUTH. While think about it, I realized that I have a problem here. Whenever a mobile user wants to send mail (relaying) through the POSTFIX server, he will have to go through the greylist process. I can tell my users to try at least 3 times ( in a period of 30 minutes) to send email messages every time they change IP address. But then, I will end up with a bunch of whitelisted dynamically allocated IPs by various ISPs. So my question is: what is the best way to deal with this kind of situation. Should I reduce the value of whiteexp ? Has anybody thought of way of cleaning such road-warrior addresses on a daily basis ? To be fare, these address should not stay in the whitelist for long, since they change hands quite often!! Any comments, suggestion, links would be appreciated. Best regards, Jose -- Be Yourself @ mail.com! Choose From 200+ Email Addresses Get a Free Account at www.mail.com
Re: reliable, dd over simple ip network
Daniel Melameth escribis: On Wed, Oct 15, 2008 at 10:28 PM, Neko [EMAIL PROTECTED] wrote: i have found a really dirty way of going around this, so im fishing for advices on finding a reliable way to dd over simple ip network with the generic bsd. could this be done in a straight pipe ? i have an ftp on the generic bsd, containing data, this bsd system is on a multiple os drive. i have no choice to dd, since multiple partition got updated out of hand, no way to single track specific updated folders. *well actually yes, its the dirty way stipulated above* since my partitions have 16% free on all systems, i cant tarball the drive sent it to target machine and uncompress, anyays, if you have suggestion on opensource pkgs, services i could open, or any bright idea i would like to hear them You could easily use a few pipes, dd and the built-in netcatand add some compression too if you wanted. nc -l , tar and gzip also looks great. -Jesus
Re: whitelisting X DSL (dynamic IP)s
On Oct 16, 2008, at 1:59 PM, Jose Fragoso wrote: So my question is: what is the best way to deal with this kind of situation. Should I reduce the value of whiteexp ? Has anybody thought of way of cleaning such road-warrior addresses on a daily basis ? To be fare, these address should not stay in the whitelist for long, since they change hands quite often!! Use SMTP-AUTH on an alternate port, say submission (port 587) and require SASL on top of that. There are literally hundreds of howtos and docs on doing this with Sendmail and Postfix. It should solve all your issues with greylisting on port 25.
Re: whitelisting X DSL (dynamic IP)s
Jose Fragoso wrote: Hi, I am planning to setup a network with a OpenBSD/SPAMD firewall, and an internal POSTFIX server with SASL SMTP AUTH. While think about it, I realized that I have a problem here. Whenever a mobile user wants to send mail (relaying) through the POSTFIX server, he will have to go through the greylist process. I can tell my users to try at least 3 times ( in a period of 30 minutes) to send email messages every time they change IP address. But then, I will end up with a bunch of whitelisted dynamically allocated IPs by various ISPs. So my question is: what is the best way to deal with this kind of situation. Should I reduce the value of whiteexp ? Has anybody thought of way of cleaning such road-warrior addresses on a daily basis ? To be fare, these address should not stay in the whitelist for long, since they change hands quite often!! Any comments, suggestion, links would be appreciated. Best regards, Jose I do this with qmail. You need another smtp server listening on another port for relaying mail. 587 is the smtp submission port, 465 is the SSL-wrapped port. Once your relay users authenticate, you can relay out and skip talking to your own port 25 smtp daemon. I run TLS on port 587, and SSL on 465. Jeff
Re: WPA Enterprise (openBSD 4.4)
kabel wrote: Hello, being a new openBSD User, I encounter several problems, which I normally manage to solve by doing research and/or reading man files. Except for one thing. WPA Enterprise. As far as I know OpenBSD doesn't have 802.1X (The Enterprise part of WPA Enterprise) support. I have a quote from *Jonathan Gray:* So there are a few problems, one is that no one is terribly interested in developing the required code for it, and the other is that all the freely available 802.1X supplicants seem to be vastly overengineered. The focus is more towards having as much hardware as possible just working out of box than dealing with the pain of yet another IEEE state machine. http://www.onlamp.com/pub/a/bsd/2007/05/03/openbsd-41-puffy-strikes-again.html?page=2 At my university we have an WPA Enterprise Wlan, where students use to connect to the virtual world. I'm at the university of Amsterdam and they have 802.1X too. I wish I could do more than buy a cd set every release. Well, after installing openBSD 4.4 snapshot, I didn't encounter problems to connect to WPA(2) Networks, works really great, except for this university network, which is very important for me, because I spend most of my time there. I found out in the man page that WPA Enterprise is supported. Owing a wlan card using the wpi driver this should work. I also manage to connect to the AP. I see following output when I enter ifconfig wpi0: wpi0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:14:02:08:e4:3f groups: wlan media: IEEE802.11 autoselect (OFDM36 mode 11a) status: active ieee80211: nwid wlan23 chan 11 bssid 00:20:2b:68:e6:b0 37dB wpaprotos wpa1 wpaakms 802.1x wpaciphers tkip wpagroupcipher tkip 100dBm inet6 fe80::213:2ff:fe08:e43f%wpi0 prefixlen 64 scopeid 0x2 My problem is that I don't know how to authenticate myself. How can I provide my login an password? I would be very pleased if someone has the time to help me, Thanks Greetings, Kabel -- Floor Terra [EMAIL PROTECTED] www: http://brobding.mine.nu/ Netiquette Guidelines: http://www.apps.ietf.org/rfc/rfc1855.html
Re: reliable, dd over simple ip network
wow thanks for your time, yes i already master dd, and i have to use it since im cloning two disk that are identical both disk with more that 5 partition / 6 os. i have no choice I HAVE TO binary copy the disk, and their is a catch since i want to update all my partitions in a fly, since many of them had updates, i normally got track of all of the changes and ftp the small tarballs to the appropriate system, and what i meant by catch is disks are identical i have 16% free on both disk, i cant afford *in the design not monetarly* to dump a tarball that would weight more that a hundred time what i have left for ressources. i am using ip4/ftp/ssh/sftp as of openservices, my question is i need to create a device that could stream the binary flow straight to my disk tru the ip4/sftp/ssh net. more suggestion ? thanks neko --- On Thu, 10/16/08, Mr D R Hughes [EMAIL PROTECTED] wrote: From: Mr D R Hughes [EMAIL PROTECTED] Subject: Re: reliable, dd over simple ip network To: [EMAIL PROTECTED] Date: Thursday, October 16, 2008, 5:43 AM Neko wrote: Good day to all of you, i have found a really dirty way of going around this, so im fishing for advices on finding a reliable way to dd over simple ip network with the generic bsd. could this be done in a straight pipe ? i have an ftp on the generic bsd, containing data, this bsd system is on a multiple os drive. i have no choice to dd, since multiple partition got updated out of hand, no way to single track specific updated folders. *well actually yes, its the dirty way stipulated above* since my partitions have 16% free on all systems, i cant tarball the drive sent it to target machine and uncompress, If you can mount the destination (eg; via NFS or Samba) then you can still use tar (it should also be possible to pipe the tarred stdin through scp to an sshd enabled destination if you can't mount it):- cd TargetDir tar cvpf - . | ( cd DestinationDir tar xvpf - . ) ; sync ; sync Other choices would include dump (re; $ man dump) and rsync (re; OpenBSD packages), but if for some reason you really must use dd (eg; to clone a disk/partition), I've not tried it but dd should work using the following or similar command over a network mounted filesystem after booting to single user with network support mode:- dd if=/dev/TargetDisk | ( cd /DestinationDir dd of=BackupFile.image ) ; sync ; sync Note that this process is likely to take a very long time unless you give dd appropriate ibs and obs or bs value/s to speed it up (see $ man dd). The destination backup file will also be a raw data (ie; image) file which you'll have to mount as a vnode pseudo-device (see $ man vnconfig) if you only want to restore a few files and not the whole disk or partition at a later date. Generally dd isn't a good choice for backing up data unless you want to keep clones of hard disks or partitions for replication. Also when cloning disks or partitions it is usually more convenient to remove the source disk/s and fit it and the destination disk/s to a spare machine for cloning. Rhys anyays, if you have suggestion on opensource pkgs, services i could open, or any bright idea i would like to hear them, since my solution for now is screwdrivers :C thanks neko
Re: reliable, dd over simple ip network
since tar can be a device, and ssh open a port can i use straight device to device using both engines ? --- On Thu, 10/16/08, John Jackson [EMAIL PROTECTED] wrote: From: John Jackson [EMAIL PROTECTED] Subject: Re: reliable, dd over simple ip network To: misc@openbsd.org Date: Thursday, October 16, 2008, 12:26 PM Maybe the simplest usage: tar cfz - /somedir | ssh somehost dd of=/somefile.tgz John On Thu, Oct 16, 2008 at 10:42:17AM -0400, Douglas A. Tutty wrote: On Wed, Oct 15, 2008 at 09:28:56PM -0700, Neko wrote: since my partitions have 16% free on all systems, i cant tarball the drive sent it to target machine and uncompress, Tarball it up, pipe the output somewhere, eg via ssh (disclaimer: untested; concept only) [tar commands, to stdout] | ssh [EMAIL PROTECTED] cat - [tar commands to untar the ball] or tarball.tgz Or use rsync? Doug.
Re: reliable, dd over simple ip network
On 2008-10-16, Neko [EMAIL PROTECTED] wrote: yes i already master dd, and i have to use it since im cloning two disk that are identical both disk with more that 5 partition / 6 os. If you've mastered it, you'll know it can output or input data over a pipe to/from another program. Like ssh.
Re: ral(4) stops generating traffic
I think I probably see the same thing on RT2860, but you've got further tracking down what's happening than me (my debugging is hampered by the AP being about 2 hour's drive away..) In gmane.os.openbsd.misc, you wrote: Hi, I 'm running OpenBSD 4.4-current (RALDBG) #0: Fri Oct 10 16:56:50 CEST 2008, which is GENERIC with RAL_DEBUG, but I've seen this problem with previous kernels and without RAL_DEBUG, too. # dmesg | grep ral ral0 at pci0 dev 14 function 0 Ralink RT2860 rev 0x00: irq 10EEPROM rev=1, FAE=1 ral0: MAC/BBP RT2860 (rev 0x0101), RF RT2820 (2T3R) This is a pci Edimax EW-7728IN, which I believe is the same card that was donated to damien@ (?) and that led to 28xx support. After an unfixed amount of time, from a few minutes up to a few days, the interface simply stops respoding to probe requests: # tcpdump -nvvvs 1000 -i ral0 -y IEEE802_11_RADIO not subtype beacon 14:17:40.761912 CLI1-MAC ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 16): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig -19dBm, antenna 2, signal 17dB 14:17:40.963338 CLI1-MAC ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 32): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig -17dBm, antenna 2, signal 15dB 14:21:03.860025 CLI2-MAC ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 1120): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig -27dBm, antenna 1, signal 25dB 14:21:04.306901 CLI2-MAC ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 1520): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig -23dBm, antenna 1, signal 21dB Whereas normally you'd see the probe req, probe resp, auth req, auth resp, assoc req, assoc resp, wpa dance. # tcpdump -nvvvs 1000 -i ral0 -y IEEE802_11_RADIO | grep beacon | grep AP-MAC Shows that it stops sending beacon frames. It's still picking up the beacons from the 5 other wlans it can see, so rx seems to work fine. # ifconfig ral0 down ifconfig ral0 up Fixes everything, until it happens again after a seemingly random interval. The kernel doesn't log anything unusual even with RAL_DEBUG. I suppose I should sendbug, but I think lots of people have these cards so I'd like to know if anyone else is seeing this. Any ideas? Thanks and please cc, bbee
Avviso di accredito
[IMAGE] Ultime da Poste Italiane: Gentile Cliente, Ci e' arrivata una segnalazione di accredito di Euro 216,31 ricevuta dal UFFICIO POSTALE di ROMA. L'accredito e' stato temporaneamente bloccato a causa dell'incongruenza dei suoi dati, potra' ora verificare i suoi dati e successivamente le sara' accreditato l'importo ricevuto Accedi a Poste.it ; Acceda al servizio accrediti online di Poste.it e verifichi le sue operazioni ; Sai che da oggi offriamo il doppio dei servizi? Vi offriamo solo servizi sicuri e di alta qualita'. Cordiali saluti, Poste Italiane Societ` del gruppo: [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] Ti preghiamo di non inviare alcuna risposta a questo messaggio e-mail, poichi non verr` presa in considerazione.
Re: package ports tools, ftp and pf
On Thu, 2008-10-16 at 11:25 -0700, Johan Beisser wrote: Either switch to passive ftp, or open your ftp-data port. That should solve some of your problems. My problem seems to be similar to the thread Active FTP doesn't work through a 3.3 firewall. I do actually have entries in pflog which I missed because they are incoming with source port 20. So, I added: pass in quick on $ext_if proto tcp from any port 20 to $ext_if port { 4 65500 } and I can now use pkg_info. On 10/16/08, Kendall Shaw [EMAIL PROTECTED] wrote: I get no reply when I try to subscribe to the pf mailing list, so I'll ask here. I'm running OpenBSD 4.3 stable on amd64. I use what is in the pf faq to allow ftp from my internal lan via nat, which works, but I can't ftp from the computer that is running pf unless I use ftp -AaE as I read about in a post on this list I think. And, I am unable to retrieve or query package or install ports. If I simply use ftp without arguments, I can login but I can't list directories. It hangs after printing 200 EPRT command successful. I tried setting FETCH_CMD to '/usr/bin/ftp -AaE' but I still can not use pkg_add, and I can't use pkg_info. If I try to build a port, it can't retrieve the files. I would prefer to fix my pf rules. What do I need to do to allow ftp, package tools and ports to work from the machine running pf? Also, my filtering rules start with block log all, which I hoped would log anything that is blocked, but I don't see anything that looks like ftp being blocked in pflog. If I disable pf, package tools work. Is there a way to log everything that is blocked? Kendall
X not start
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all! I'm trying to use KDE in OpenBSD but I'm having problems with the basic step: to obtain that X server works. I have this problem with OpenBSD 4.3. With snapshot of OpenBSD 4.4, X server works without problems. For both cases, I indicated during the installation that X server would be used. Both installations are kvm virtual machines in the same hardware. In both installations I generate the X configuration file with: # X -configure And I test it with: # X -config xorg.conf.new Doing 'diff' of both configuration files, I obtain the following thing: # diff xorg.conf.new.43 xorg.conf.new.44 21a22 Load dri It is the log that I obtain in OpenBSD 4.3: - (--) checkDevMem: using aperture driver /dev/xf86 (--) Using wscons driver on /dev/ttyC4 in pcvt compatibility mode (version 3.32) This is a pre-release version of the X server from The X.Org Foundation. It is not supported in any way. Bugs may be filed in the bugzilla at http://bugs.freedesktop.org/. Select the xorg product for bugs you find in this release. Before reporting bugs in pre-release versions please check the latest version in the X.Org Foundation git repository. See http://wiki.x.org/wiki/GitPage for git access instructions. X.Org X Server 1.4.0.90 Release Date: 5 September 2007 X Protocol Version 11, Revision 0 Build Operating System: OpenBSD 4.3 i386 Current Operating System: OpenBSD puffy.educ.ar 4.3 GENERIC#698 i386 Build Date: 07 March 2008 07:40:46PM Before reporting problems, check http://wiki.x.org to make sure that you have the latest version. Module Loader present Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. (==) Log file: /var/log/Xorg.0.log, Time: Thu Oct 16 22:33:15 2008 (EE) Unable to locate/open config file: xorg.conf.new (II) Loader magic: 0x3c01c4e0 (II) Module ABI versions: X.Org ANSI C Emulation: 0.3 X.Org Video Driver: 2.0 X.Org XInput driver : 2.0 X.Org Server Extension : 0.3 X.Org Font Renderer : 0.5 (II) Loader running on openbsd (II) LoadModule: pcidata (II) Loading /usr/X11R6/lib/modules//libpcidata.so (II) Module pcidata: vendor=X.Org Foundation compiled for 1.4.0.90, module version = 1.0.0 ABI class: X.Org Video Driver, version 2.0 (WW) OS did not count PCI devices, guessing wildly (II) PCI: PCI scan (all values are in hex) (II) PCI: 00:00:0: chip 8086,1237 card , rev 02 class 06,00,00 hdr 00 (II) PCI: 00:01:0: chip 8086,7000 card , rev 00 class 06,01,00 hdr 80 (II) PCI: 00:01:1: chip 8086,7010 card , rev 00 class 01,01,80 hdr 00 (II) PCI: 00:01:3: chip 8086,7113 card , rev 03 class 06,80,00 hdr 00 (II) PCI: 00:02:0: chip 1013,00b8 card , rev 00 class 03,00,00 hdr 00 (II) PCI: 00:03:0: chip 10ec,8029 card , rev 00 class 02,00,00 hdr 00 (II) PCI: End of PCI scan (II) Host-to-PCI bridge: (II) Bus 0: bridge is at (0:0:0), (0,0,0), BCTRL: 0x0008 (VGA_EN is set) (II) Bus 0 I/O range: [0] -1 0 0x - 0x (0x1) IX[B] (II) Bus 0 non-prefetchable memory range: [0] -1 0 0x - 0x (0x0) MX[B] (II) Bus 0 prefetchable memory range: [0] -1 0 0x - 0x (0x0) MX[B] (II) PCI-to-ISA bridge: (II) Bus -1: bridge is at (0:1:0), (0,-1,-1), BCTRL: 0x0008 (VGA_EN is set) (--) PCI:*(0:2:0) Cirrus Logic GD 5446 rev 0, Mem @ 0xf000/25, 0xf200/12 New driver is cirrus (==) Using default built-in configuration (55 lines) (==) --- Start of built-in configuration --- Section Module Loadextmod Loaddbe Loadglx Loadfreetype Loadtype1 Loadrecord Loaddri EndSection Section Monitor Identifier Builtin Default Monitor EndSection Section Device Identifier Builtin Default cirrus Device 0 Driver cirrus EndSection Section Screen Identifier Builtin Default cirrus Screen 0 Device Builtin Default cirrus Device 0 Monitor Builtin Default Monitor EndSection Section Device Identifier Builtin Default fbdev Device 0 Driver fbdev EndSection Section Screen Identifier Builtin Default fbdev Screen 0 Device Builtin Default fbdev Device 0 Monitor Builtin Default Monitor EndSection Section Device Identifier Builtin Default vesa Device 0 Driver vesa EndSection Section
Re: X not start
On 00:55:38 Oct 17, Daniel Bareiro wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all! I'm trying to use KDE in OpenBSD but I'm having problems with the basic step: to obtain that X server works. I have this problem with OpenBSD 4.3. With snapshot of OpenBSD 4.4, X server works without problems. For both cases, I indicated during the installation that X server would be used. Both installations are kvm virtual machines in the same hardware. In both installations I generate the X configuration file with: # X -configure And I test it with: # X -config xorg.conf.new If the previous step reported success then you should try exactly what it says. And it asks you to run # X -config /root/xorg.conf.new There is a silly bug and 'X -config' won't work with relative paths... -Girish
Re: ral(4) stops generating traffic
Stuart Henderson schrieb: I think I probably see the same thing on RT2860, but you've got further tracking down what's happening than me (my debugging is hampered by the AP being about 2 hour's drive away..) In gmane.os.openbsd.misc, you wrote: Hi, I 'm running OpenBSD 4.4-current (RALDBG) #0: Fri Oct 10 16:56:50 CEST 2008, which is GENERIC with RAL_DEBUG, but I've seen this problem with previous kernels and without RAL_DEBUG, too. # dmesg | grep ral ral0 at pci0 dev 14 function 0 Ralink RT2860 rev 0x00: irq 10EEPROM rev=1, FAE=1 ral0: MAC/BBP RT2860 (rev 0x0101), RF RT2820 (2T3R) This is a pci Edimax EW-7728IN, which I believe is the same card that was donated to damien@ (?) and that led to 28xx support. After an unfixed amount of time, from a few minutes up to a few days, the interface simply stops respoding to probe requests: # tcpdump -nvvvs 1000 -i ral0 -y IEEE802_11_RADIO not subtype beacon 14:17:40.761912 CLI1-MAC ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 16): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig -19dBm, antenna 2, signal 17dB 14:17:40.963338 CLI1-MAC ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 32): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig -17dBm, antenna 2, signal 15dB 14:21:03.860025 CLI2-MAC ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 1120): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig -27dBm, antenna 1, signal 25dB 14:21:04.306901 CLI2-MAC ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 1520): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig -23dBm, antenna 1, signal 21dB Whereas normally you'd see the probe req, probe resp, auth req, auth resp, assoc req, assoc resp, wpa dance. # tcpdump -nvvvs 1000 -i ral0 -y IEEE802_11_RADIO | grep beacon | grep AP-MAC Shows that it stops sending beacon frames. It's still picking up the beacons from the 5 other wlans it can see, so rx seems to work fine. # ifconfig ral0 down ifconfig ral0 up Fixes everything, until it happens again after a seemingly random interval. The kernel doesn't log anything unusual even with RAL_DEBUG. I suppose I should sendbug, but I think lots of people have these cards so I'd like to know if anyone else is seeing this. Any ideas? Thanks and please cc, bbee After reading this, I think I have a similar problem (But sorry, I did not dig any deeper) First the part of the dmesg: ral0 at pci0 dev 20 function 0 Ralink RT2860 rev 0x00: irq 15, address xx:xx:xx:xx:xx:xx ral0: MAC/BBP RT2860 (rev 0x0101), RF RT2820 (2T3R) and my /etc/hostname.ral0 contains: inet x.y.z.w a.b.c.d NONE media autoselect mode 11g mediaopt hostap nwid abc wpa wpapsk 0xa0101010101010101010101010101010101010101010101010101010101010101 wpaprotos wpa1 chan 11 description WLAN WPA From time to time I could not connect any more so I had to restart ral0 which leads to my (quick'n'dirty) workaround. In my /etc/crontab is the following line: 30 4 * * * root /bin/sh /etc/netstart ral0 Up to now this worked for me and I have forgotten about the problem :-( until I read this thread... guido