Re: isakmpd does not initiate quick mode after main mode is established
I found that some of my problems are related to 'DELETE' messages from the peer ( cisco ASA's , for example ). There is another thread in this forum discussion this issue. Hans-Joerg Hoexer said that obsd/isakmpd should handle this case, but he will look into it. I would be interested to know if your problems are related to these 'DELETE' messages from the remote side. I see varying behaviour when these messages come in: . Sometimes the flows are deleted, and any further traffic gives 'no route to host' . Sometimes the flows are still shown ( in ipssecctl -sflow or netstat -rn -f encap ) and I see traffic on enc0, but no encap on the external interface. What do you see, when the connection dies? Regards Christoph -Urspr|ngliche Nachricht- Von: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] Im Auftrag von Christian Weisgerber Gesendet: Sonntag, 25. Januar 2009 23:10 An: misc@openbsd.org Betreff: Re: isakmpd does not initiate quick mode after main mode is established Christoph Leser le...@sup-logistik.de wrote: I'm still struggling to keep my ipsec vpns running smoothly. FWIW, I mostly use IPsec on my home WLAN and I observe a similar lack of reliability. My laptop sets up two IPsec associations, one IPv4 and one IPv6, and from time to time one of these or both fail inexplicably (no response, no proposal chosen) but eventually get established within ten minutes or so. Since this is WLAN, I have considered that packet loss may screw up the ISAKMP negotiation, but I haven't investigated. I wonder how people who run a large number of IPsec associations in production settings deal with this or if they are seeing it at all. -- Christian naddy Weisgerber na...@mips.inka.de
Problem with hvid in load-balancing carp in -current 4.4
Hi all I try to configure a failover and loadbalanced firewall with carp's. I use for hostname.carp0 on the first an the second with small modifications inet 10.0.0.1 255.255.255.0 NONE blancing ip carpnodes 1:0,2:100 carpdev xl0 carppeer 172.16.0.1 This results in carp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:12:5e:00:01:12 priority: 0 carp: carpdev xl0 advbase 1 balancing ip carppeer 172.16.0.1 state MASTER vhid 1 advskew 100 state MASTER vhid 2 advskew 0 inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 But where can I set the vhid. When I do so the vhid will not be shown. And when I set the vhid explicitly to 1 the result is carp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:12:5e:00:01:12 priority: 0 carp: BACKUP carpdev xl0 vhid 1 advbase 1 advskew 100 carppeer 172.16.0.1 inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 and now it seems that load-balancing doesn't work anymore. Where can I set the vhid, or where is the vhid shown or is it unnecessary? Thanks for you help. Kind regards Karl-Heinz [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: OT: Hard Disk Problems (was: Re: Dealing with Seagate's problematic 7200.11 firmware.)
Hi, On Sun, 25.01.2009 at 16:27:14 +, Dieter open...@sopwith.solgatos.com wrote: I wrote: You wrote: Is Maxtorman correct about the 320 log entries? My dealer told me a similar story, but I don't know where he had it from. I guess the next step is to find out if Maxtorman is correct about this 320 log entries stuff, and if the SMART log entries as reported by smartmontools is the log to worry about, or if there is some other log. I don't have an account on /., and also feel incapable of actually working on this problem, but someone who has and can, could probably try to nag maxtorman about improving smartmontools to the point that they do the right thing, or try to get him to connect one to somebody else who can verify the issue and/or provide more technical details. If he can find a way to almost-anonymously post to /., he might be able to give some hints to the smartmontools gyus, too. Then, we only need them to integrate everything and make a new release. Personally, I'd say that it'd be best if Seagate themselves would grab the opportunity to partially make good on the issue, but I heavily doubt that they understand, or want to understand, what's it about with FLOSS. Kind regards, --Toni++
error building xenocara on current
hi, i have an error compiling xenocrara on current. here are the steps i made: /usr/src is updated from cvs and compiled ok /usr/xenocara is updated from cvs then: rm -rf /usr/xobj/* cd /usr/xenocara make bootstrap make obj make build [...] make: don't know how to make app-defaults/Xedit-color.ad. Stop in /usr/xenocara/app/xedit/obj. *** Error code 2 Stop in /usr/xenocara/app/xedit/obj (line 437 of Makefile). *** Error code 1 Stop in /usr/xenocara/app/xedit (line 126 of /usr/X11R6/share/mk/bsd.xorg.mk). *** Error code 1 Stop in /usr/xenocara/app/xedit (line 187 of /usr/X11R6/share/mk/bsd.xorg.mk). *** Error code 1 Stop in /usr/xenocara/app (line 48 of /usr/share/mk/bsd.subdir.mk). *** Error code 1 Stop in /usr/xenocara (line 48 of /usr/share/mk/bsd.subdir.mk). 155m3.20s real 107m20.82s user42m53.31s system any idea? /var/run/dmesg.boot attached OpenBSD 4.4-current (GENERIC) #7: Sun Jan 25 22:54:55 CET 2009 r...@bumbu.bdz.home:/usr/src/sys/arch/i386/compile/GENERIC cpu0: VIA Samuel 2 (CentaurHauls 686-class) 600 MHz cpu0: FPU,DE,TSC,MSR,MTRR,PGE,MMX real mem = 502824960 (479MB) avail mem = 477855744 (455MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 01/06/04, BIOS32 rev. 0 @ 0xfb280, SMBIOS rev. 2.2 @ 0xf0800 (26 entries) bios0: vendor Award Software International, Inc. version 6.00 PG date 01/06/2004 bios0: VIA Technologies, Inc. CLE266-8235 apm0 at bios0: Power Management spec V1.2 (slowidle) apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0xdf44 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfded0/112 (5 entries) pcibios0: PCI Exclusive IRQs: 5 9 12 pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT82C596A ISA rev 0x00) pcibios0: PCI bus #3 is the last bus bios0: ROM list: 0xc/0xe000 0xd/0x8000! cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA VT8623 PCI rev 0x00 viaagp0 at pchb0: v2 agp0 at viaagp0: aperture at 0xd000, size 0x1000 ppb0 at pci0 dev 1 function 0 VIA VT8633 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 VIA CLE266 rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) cbb0 at pci0 dev 10 function 0 Ricoh 5C476 CardBus rev 0x80: irq 5 cbb1 at pci0 dev 10 function 1 Ricoh 5C476 CardBus rev 0x80: irq 12 VIA VT6306 FireWire rev 0x80 at pci0 dev 13 function 0 not configured uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x80: irq 5 uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x80: irq 12 uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x80: irq 9 ehci0 at pci0 dev 16 function 3 VIA VT6202 USB rev 0x82: irq 12 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 VIA EHCI root hub rev 2.00/1.00 addr 1 viapm0 at pci0 dev 17 function 0 VIA VT8235 ISA rev 0x00 iic0 at viapm0 spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM non-parity PC3200CL2.5 pciide0 at pci0 dev 17 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: SAMSUNG HD400LD wd0: 16-sector PIO, LBA48, 381554MB, 781422768 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: channel 1 disabled (no drives) auvia0 at pci0 dev 17 function 5 VIA VT8233 AC97 rev 0x50: irq 9 ac97: codec id 0x49434552 (ICEnsemble VIA VT1616i) ac97: codec features headphone, 18 bit DAC, 18 bit ADC, KS Waves 3D audio0 at auvia0 vr0 at pci0 dev 18 function 0 VIA RhineII-2 rev 0x74: irq 5, address 00:40:63:da:fb:4a ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 8: OUI 0x004063, model 0x0032 epic0 at pci0 dev 20 function 0 SMC 83C170 (EPIC/100) rev 0x06, SMC9432TX : irq 12, address 00:e0:29:26:b7:38 qsphy0 at epic0 phy 3: QS6612 10/100 PHY, rev. 1 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 2 device 0 cacheline 0x0, lattimer 0x20 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 3 device 0 cacheline 0x0, lattimer 0x20 pcmcia1 at cardslot1 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 VIA UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 VIA UHCI root hub rev 1.00/1.00 addr 1 isa0 at mainbus0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 viasio0 at isa0 port 0x2e/2: VT1211 rev 0x02, HM, WDG not activated npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 biomask ff65 netmask ff65 ttymask softraid0 at root root on wd0a swap on wd0b dump on wd0b
Re: Dealing with Seagate's problematic 7200.11 firmware.
Dieter wrote: Recovering from Seagate's problematic 7200.11 firmware. Most of you have read about the problems with Seagate's 7200.11 disks. For those of you that haven't, the firmware on many of these drives is buggy, and can brick the drive when powering up or rebooting the system. Thus far, Seagate's response has been less than wonderful. We need a FLOSS solution. Goals: 1) Ability to read the number of log entries. 2) Ability to change the number of log entries. 3) Ability to install new firmware from Unix. We need for this to work with any flavor of Unix, on any CPU arch, without reboot or power cycle. We need for this to work on one drive without affecting other drives. I don't expect to be able to write FLOSS firmware for the drives, so this isn't listed as a goal. If you think you can, please feel free. The problem: IF the drive is powered down when there are 320 entries in this journal or log, then when it is powered back up, the drive errors out on init and won't boot properly - to the point that it won't even report it's information to the BIOS. Maxtorman, slashdot discussion [2] Just a hypothetical situation, since we do not have the sourcecode of the firmware: isn't it possible some kind of mathematical operation is occuring on the number of log entries causing some kind of infinite loop to occur or a division that leads to/by 0 that the software/hardware is unable to handle? That could mean this problem could also manifest itself on for example multiples of 320, so just putting the counter on 321 may just be delaying the inevitable. And what happens if the counter overflows and reaches 320 again? Glenn If Maxtorman is correct, then once the drive has been operating awhile, we have a 1 in 320 chance that the circular log is at entry 320. We want to be able to find out how many log entries the disk currently has, and we want to be able to change the number of log entries away from 320, while we wait for Seagate to get its act together and release firmware that works properly. Since Seagate's solution will require attaching the drive to an x86 system and booting a FreeDOS ISO from CD, if the log is at 320 that boot will brick the drive. There are other firmware problems with the 7200.11 series, but this is the biggie. Once Seagate releases working firmware, we want to be able to install it from Unix, on any CPU arch. Seagate's release can only install on x86 using FreeDOS. *ATA Commands that may be useful: command namecommand code in hex page [1] pdf page [1] Read Log Ext0x2F27 33 S.M.A.R.T. Read Log Sector 0xB0 / 0xD5 28,34 34,40 S.M.A.R.T. Write Log Sector 0xB0 / 0xD6 28,34 34.40 Write Log Extended 0x3F28 34 Download Microcode 0x9227 33 Questions: Is Maxtorman correct about the 320 log entries? Are the commands listed above the ones we need? What is the difference between the Log Extended and the S.M.A.R.T. Log Sector? Is Microcode the same as firmware? (Seagate uses the term firmware elsewhere in the manual, but I don't find any sort of write firmware command.) Where can we get more detailed info about these commands and how to use them? References: [1] Seagate Barracuda 7200.11 Serial ATA Product Manual rev C August 2008 http://www.seagate.com/staticfiles/support/disc/manuals/desktop/Barracuda%207200.11/100507013c.pdf [2] http://it.slashdot.org/article.pl?sid=09/01/21/0052236
Re: Fujitsu-siemens machine freezes
[ Moving to misc@openbsd.org, tech@ is for 'Discussion of technical topics for OpenBSD developers and advanced users. This is not a tech support forum, do not use it as such.' www.openbsd.org/mail.html ] On 2009/01/25 23:51, BOG BOG wrote: Hello, In this weekend i bought a fujitsu-siemens machine, with the following configuration: From your description you could be trying any of these: i386 4.4, amd64 4.4, i386 -current, amd64 -current. Try a different one. If it still fails with -current you will need to get dmesg out of the machine somehow, see FAQ 4.15 (you can use a USB stick instead a floppy disk, it will probably show up as /dev/sd0i). Pentium Core duo Intel E2200, 2.20 Ghz FSB 800 Mhz 3 Gb ram: 2 GB (1 module(s) with 2 GB, DDR2), 800 MHz 1 GB (1 module(s) with 1 GB, DDR2), 800 MHz Hdd 500 Gb, Serial ATA II The following is copy/paste from the data sheet(found here: http://sp.fujitsu-siemens.com/dmsp/docs/ds-esprimo-p3510.pdf) Mainboard typeD2750 Formfactor5BTX Chipset Intel. G31 Processor socket LGA 775 Processor quantity maximum1 System bus (FSB / HT / QPI) up to 1333 MHz Memory slots 2 DIMM (DDR2) Supported capacity RAM (max.) 8 GB Memory frequency 800 MHz Memory notes With future modules. Dual channel support. For dual channel performance, 2 memory modules have to be ordered. Capacity per channel has to be the same. LAN 10/100/1000 MBit/s Realtek RTL8111C BIOS version Phoenix 6.0 BIOS features BIOS Flash EPROM update by software Recovery BIOS Audio codec Realtek ALC262 Audio featuresHigh Definition audio The problem is that after the process of creating the partitions, and copying the base modules, the machine freezes. I do not install xserver modules, as I want it to be a server, an right after the game44.tgz module is copied on the hard drive, the system freezes. I tried to exclude game44.tgz, in a new installation process, and after man44.tgz, the system freezes. I really do not understand the problem, because the hard drive as well as cd drive are detected and properly initialized. Unfortunately, I do not have the dmesg I do not want to put other os on this machine, because i like OpenBSD. I really apreciate any help in this direction, Thank you very much, bogdan
Re: Fujitsu-siemens machine freezes
hello, i'll try to extract the dmesg out that machine. tonight i want to try also the amd64 install image, and i want to make dmesg dump for both i386 and amd64. thank you for answering, bogdan --- On Mon, 1/26/09, Jasper Lievisse Adriaanse jas...@humppa.nl wrote: From: Jasper Lievisse Adriaanse jas...@humppa.nl Subject: Re: Fujitsu-siemens machine freezes To: BOG BOG bo...@yahoo.com Date: Monday, January 26, 2009, 4:38 AM On Sun, Jan 25, 2009 at 11:51:19PM -0800, BOG BOG wrote: Hello, In this weekend i bought a fujitsu-siemens machine, with the following configuration: Pentium Core duo Intel E2200, 2.20 Ghz FSB 800 Mhz 3 Gb ram: 2 GB (1 module(s) with 2 GB, DDR2), 800 MHz 1 GB (1 module(s) with 1 GB, DDR2), 800 MHz Hdd 500 Gb, Serial ATA II The following is copy/paste from the data sheet(found here: http://sp.fujitsu-siemens.com/dmsp/docs/ds-esprimo-p3510.pdf) Mainboard typeD2750 Formfactor5BTX Chipset Intel. G31 Processor socket LGA 775 Processor quantity maximum1 System bus (FSB / HT / QPI) up to 1333 MHz Memory slots 2 DIMM (DDR2) Supported capacity RAM (max.) 8 GB Memory frequency 800 MHz Memory notes With future modules. Dual channel support. For dual channel performance, 2 memory modules have to be ordered. Capacity per channel has to be the same. LAN 10/100/1000 MBit/s Realtek RTL8111C BIOS version Phoenix 6.0 BIOS features BIOS Flash EPROM update by software Recovery BIOS Audio codec Realtek ALC262 Audio featuresHigh Definition audio The problem is that after the process of creating the partitions, and copying the base modules, the machine freezes. I do not install xserver modules, as I want it to be a server, an right after the game44.tgz module is copied on the hard drive, the system freezes. I tried to exclude game44.tgz, in a new installation process, and after man44.tgz, the system freezes. I really do not understand the problem, because the hard drive as well as cd drive are detected and properly initialized. Unfortunately, I do not have the dmesg I do not want to put other os on this machine, because i like OpenBSD. I really apreciate any help in this direction, Thank you very much, bogdan hi, a dmesg is absolutely needed to diagnose your problem (or rather the computer's ;-) ) could you perhaps make pictures of the dmesg? cheers, jasper -- Intelligence should guide our actions, but in harmony with the texture of the situation at hand -- Francisco Varela
Re: Fujitsu-siemens machine freezes
Thank you for your answer. I'll try to follow the suggestions you have made. Sorry for not using the correct mailing list. --- On Mon, 1/26/09, Stuart Henderson s...@spacehopper.org wrote: From: Stuart Henderson s...@spacehopper.org Subject: Re: Fujitsu-siemens machine freezes To: BOG BOG bo...@yahoo.com Cc: misc@openbsd.org, t...@openbsd.org Date: Monday, January 26, 2009, 4:03 AM [ Moving to misc@openbsd.org, tech@ is for 'Discussion of technical topics for OpenBSD developers and advanced users. This is not a tech support forum, do not use it as such.' www.openbsd.org/mail.html ] On 2009/01/25 23:51, BOG BOG wrote: Hello, In this weekend i bought a fujitsu-siemens machine, with the following configuration: From your description you could be trying any of these: i386 4.4, amd64 4.4, i386 -current, amd64 -current. Try a different one. If it still fails with -current you will need to get dmesg out of the machine somehow, see FAQ 4.15 (you can use a USB stick instead a floppy disk, it will probably show up as /dev/sd0i).
Re: Fujitsu-siemens machine freezes
I tried to install OpenBSD4.4 i386. The instalation image was created by me, and it worked fine for an update from 4.3 to 4.4. version, but on different machine, the one i worked on. I'll try to get a stick and save the dmesg for fujitsu machine. Thank you for your suggestions --- On Mon, 1/26/09, Kenneth R Westerback kwesterb...@rogers.com wrote: From: Kenneth R Westerback kwesterb...@rogers.com Subject: Re: Fujitsu-siemens machine freezes To: BOG BOG bo...@yahoo.com Date: Monday, January 26, 2009, 4:12 AM On Sun, Jan 25, 2009 at 11:51:19PM -0800, BOG BOG wrote: Hello, In this weekend i bought a fujitsu-siemens machine, with the following configuration: Pentium Core duo Intel E2200, 2.20 Ghz FSB 800 Mhz 3 Gb ram: 2 GB (1 module(s) with 2 GB, DDR2), 800 MHz 1 GB (1 module(s) with 1 GB, DDR2), 800 MHz Hdd 500 Gb, Serial ATA II The following is copy/paste from the data sheet(found here: http://sp.fujitsu-siemens.com/dmsp/docs/ds-esprimo-p3510.pdf) Mainboard typeD2750 Formfactor5BTX Chipset Intel. G31 Processor socket LGA 775 Processor quantity maximum1 System bus (FSB / HT / QPI) up to 1333 MHz Memory slots 2 DIMM (DDR2) Supported capacity RAM (max.) 8 GB Memory frequency 800 MHz Memory notes With future modules. Dual channel support. For dual channel performance, 2 memory modules have to be ordered. Capacity per channel has to be the same. LAN 10/100/1000 MBit/s Realtek RTL8111C BIOS version Phoenix 6.0 BIOS features BIOS Flash EPROM update by software Recovery BIOS Audio codec Realtek ALC262 Audio featuresHigh Definition audio The problem is that after the process of creating the partitions, and copying the base modules, the machine freezes. I do not install xserver modules, as I want it to be a server, an right after the game44.tgz module is copied on the hard drive, the system freezes. I tried to exclude game44.tgz, in a new installation process, and after man44.tgz, the system freezes. I really do not understand the problem, because the hard drive as well as cd drive are detected and properly initialized. Unfortunately, I do not have the dmesg I do not want to put other os on this machine, because i like OpenBSD. I really apreciate any help in this direction, Thank you very much, bogdan What version of OpenBSD are you trying to install? If it isn't a -current snapshot then please try a -current snapshot. Are you trying to install i386 OpenBSD or amd64 OpenBSD? In either case try the other one. :-). A dmesg would really help. Ken
Re: Dealing with Seagate's problematic 7200.11 firmware.
On Fri, Jan 23, 2009 at 09:28:34PM +, Dieter wrote: Recovering from Seagate's problematic 7200.11 firmware. Most of you have read about the problems with Seagate's 7200.11 disks. For those of you that haven't, the firmware on many of these drives is buggy, and can brick the drive when powering up or rebooting the system. Thus far, How can I know if I have a suspicious drive? E.g# smartctl -i -d ata /dev/rwd1c smartctl version 5.33 [i386-unknown-openbsd4.1] Copyright (C) 2002-4 Bruce Allen Home page is http://smartmontools.sourceforge.net/ === START OF INFORMATION SECTION === Device Model: ST3808110AS Serial Number:5LRA2E2J Firmware Version: 3.AJJ User Capacity:80,026,361,856 bytes Device is:Not in smartctl database [for details use: -P showall] ATA Version is: 7 ATA Standard is: Exact ATA specification draft version not indicated Local Time is:Mon Jan 26 15:31:45 2009 CET SMART support is: Available - device has SMART capability. SMART support is: Enabled Google for ST3808110AS gives me Barracuda 7200.9 SATA 80-GB Hard Drive, so I guess this one is not suspicious, but I have more disks, in other servers. What if i find a 7200.10, 7200.11, ES or ES.2, is that enough for me to suspect it? Seagate's response has been less than wonderful. We need a FLOSS solution. Goals: 1) Ability to read the number of log entries. 2) Ability to change the number of log entries. 3) Ability to install new firmware from Unix. We need for this to work with any flavor of Unix, on any CPU arch, without reboot or power cycle. We need for this to work on one drive without affecting other drives. I don't expect to be able to write FLOSS firmware for the drives, so this isn't listed as a goal. If you think you can, please feel free. The problem: IF the drive is powered down when there are 320 entries in this journal or log, then when it is powered back up, the drive errors out on init and won't boot properly - to the point that it won't even report it's information to the BIOS. Maxtorman, slashdot discussion [2] If Maxtorman is correct, then once the drive has been operating awhile, we have a 1 in 320 chance that the circular log is at entry 320. We want to be able to find out how many log entries the disk currently has, and we want to be able to change the number of log entries away from 320, while we wait for Seagate to get its act together and release firmware that works properly. Since Seagate's solution will require attaching the drive to an x86 system and booting a FreeDOS ISO from CD, if the log is at 320 that boot will brick the drive. There are other firmware problems with the 7200.11 series, but this is the biggie. Once Seagate releases working firmware, we want to be able to install it from Unix, on any CPU arch. Seagate's release can only install on x86 using FreeDOS. *ATA Commands that may be useful: command name command code in hex page [1] pdf page [1] Read Log Ext 0x2F27 33 S.M.A.R.T. Read Log Sector0xB0 / 0xD5 28,34 34,40 S.M.A.R.T. Write Log Sector 0xB0 / 0xD6 28,34 34.40 Write Log Extended0x3F28 34 Download Microcode0x9227 33 Questions: Is Maxtorman correct about the 320 log entries? Are the commands listed above the ones we need? What is the difference between the Log Extended and the S.M.A.R.T. Log Sector? Is Microcode the same as firmware? (Seagate uses the term firmware elsewhere in the manual, but I don't find any sort of write firmware command.) Where can we get more detailed info about these commands and how to use them? References: [1] Seagate Barracuda 7200.11 Serial ATA Product Manual rev C August 2008 http://www.seagate.com/staticfiles/support/disc/manuals/desktop/Barracuda%207200.11/100507013c.pdf [2] http://it.slashdot.org/article.pl?sid=09/01/21/0052236 -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
Failover bridge(4) with RSTP
I'm attempting to setup a failover bridge(4) configuration with RSTP for rapid failover. At this point I'm still tweaking the bridges and switches. We're using a Foundry LS648 for this test, so we don't have Cisco's uplinkFast extension at our disposal. We have two VLANs configured on the switch, each with 802.1w enabled and functioning normally. Plugged into each VLAN is a single client and one interface from each firewall. 10.20.0.2 - vlan200 - bridge0 - vlan300 - 10.20.0.3 Regardless of whether I use rstp (default) or stp (+ ifpriority/ifcost) on the bridges, it always takes ~5 minutes to failover. I noticed that with stp enabled on the physical interfaces, the switch would immediately show the correct bridge as the forwarding root. With the default rstp, the switch shows all ports as designated forwarding. I've also tried disabling learning on the internal interfaces and adding static entries for 10.20.0.3, but this has no effect on the recovery time. Any suggestions on getting a rapid failover working? Thanks, -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
connecting to external binat ip from internal network
Hi, I am dealing with a 3.9 firewall with 6 Gigabit interfaces and half a dozen vlans. 2 of the interfaces are the uplinks , em0 and em1. em0 talks to network say, 1.2.3.0/24 and has ip address 1.2.3.4 em1 talks to 1.2.4.0/24, has no ip address, and belongs to a bridge with bge0. The default gateway for 1.2.4.0/24 is outside our control. bge0 has ip address 1.2.4.1 bge0 is connected with the switch with all the systems belonging to 1.2.4.0/24, their default gateway is on em1. on em2,em3,vlanX interfaces are connected various 10.0.0.0/24 subnets with hosts that some are natted, some are binatted, on the em0 interface. I would like to be able to connect to the binatted hosts from the internal network using either their internal ips or their externals ones. From 10.x ips connecting to 10.x works fine. Connecting to a binatted 10.x host using an external ip fails. Ping works, but tcp connections are refused, since I am actually connecting to the firewall (em0 has the externals ips as aliases) and not to the host. The situation is more or less similar to what is described at http://www.openbsd.org/faq/pf/rdr.html. I can get around this problem by using rdr on the internal interface and sending all tcp/udp ports destined to the external ip to the internal ip. However, non tcp/udp traffic (icmps for example) still gets replied by the firewall, and I was wondering if there is a better solution. Communication between the bridged network 1.2.4.0 and 10.x is achieved by setting 1.2.4.1 (bge0 ip address) as the gateway for 10.x network in the 1.2.4.0/24 systems. However I have not figured a way for hosts in the 1.2.4.0/24 network to communicate with binatted systems using their external ip. Pinging the binat external address is successful only for the first request. The second request never reaches the internal interface for the 10.x network, and tcpdump does not show it up on the external interface (em0) either. Anyone got a clue? This setup is legacy and goes back quiet some years (2.x era). The are several drawbacks/flaws and while typing this e-mail I spotted even more. Work around so far has been using split DNS. There is no effort available right now to redesign the whole network. Any insight is appreciated. Cheers, -- = Dimitris Zilaskos GridAUTH Operations Centre @ Aristotle University of Thessaloniki , Greece Tel: +302310998988 Fax: +302310994309 http://www.grid.auth.gr =
4.4 as a VBox guest?
Successfully installed 4.4 (release) on VBox 2.1.2 (AMD64 OpenSuSE 11.1), however after installation I'm starting to see SegFaults whenever I try to do anything (like pkg_add). It also looks like some weird things are showing up in dmesg (softraid0?), .. sshd appears to work OK so I'd be happy to setup public keys should a developer wish to poke around. Lee drive config: /dev/wd0a on / type ffs (local) /dev/wd0g on /home type ffs (local, nodev, nosuid) /dev/wd0e on /tmp type ffs (local, nodev, nosuid) /dev/wd0h on /u type ffs (local, nodev, nosuid) /dev/wd0d on /usr type ffs (local, nodev) /dev/wd0f on /var type ffs (local, nodev, nosuid) = network config: lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33204 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 pcn0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 08:00:27:80:04:b5 groups: egress media: Ethernet none status: active inet6 fe80::a00:27ff:fe80:4b5%pcn0 prefixlen 64 scopeid 0x1 inet 206.197.251.50 netmask 0xff00 broadcast 206.197.251.255 enc0: flags=0 mtu 1536 dmesg: OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Athlon(tm) 64 Processor 3200+ (AuthenticAMD 686-class, 512KB L2 cache) 2 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,APIC,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3 cpu0: AMD erratum 89 present, BIOS upgrade may be required real mem = 469266432 (447MB) avail mem = 445194240 (424MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 06/23/99, BIOS32 rev. 0 @ 0xfbbe0, SMBIOS rev. 2.5 @ 0xe1000 (3 entries) bios0: vendor innotek GmbH version VirtualBox date 12/01/2006 bios0: innotek GmbH VirtualBox apm0 at bios0: Power Management spec V1.2 apm0: APM engage (device 1): unknown error code? (83) apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0x0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfbf30/192 (10 entries) pcibios0: PCI Interrupt Router at 000:01:0 (Intel 82371SB ISA rev 0x00) pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x9000 0xe2000/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82441FX rev 0x02 pcib0 at pci0 dev 1 function 0 Intel 82371SB ISA rev 0x00 pciide0 at pci0 dev 1 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: VBOX HARDDISK wd0: 128-sector PIO, LBA, 5120MB, 10485760 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets, initiator 7 cd0 at scsibus0 targ 0 lun 0: VBOX, CD-ROM, 1.0 ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 vga1 at pci0 dev 2 function 0 InnoTek VirtualBox Graphics Adapter rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) drm at vga1 unsupported pcn0 at pci0 dev 3 function 0 AMD 79c970 PCnet-PCI rev 0x40, Am79c973, rev 0: irq 11, address 08:00:27:80:04:b5 acphy0 at pcn0 phy 0: AC101 10/100 PHY, rev. 11 ifmedia_set: no match for 0x20/0x InnoTek VirtualBox Guest Service rev 0x00 at pci0 dev 4 function 0 not configured piixpm0 at pci0 dev 7 function 0 Intel 82371AB Power rev 0x08: SMBus disabled isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec fd1 at fdc0 drive 1: density unknown biomask e7fd netmask effd ttymask mtrr: CPU supports MTRRs but not enabled softraid0 at root root on wd0a swap on wd0b dump on wd0b
PF/NAT Issue
Hello, I'm having a problem with NAT. I have given up trying fancy pf stuff and I am using a barely modified version of the example ruleset from the using pf guide on the OpenBSD site: # OpenBSD Packet Filter Configuration # # macros ext_if=dc0 int_if=sis0 tcp_services={ 22, 113 } icmp_types=echoreq # options set block-policy return set loginterface $ext_if set skip on lo # scrub scrub in # nat/rdr nat on $ext_if from !($ext_if) - ($ext_if:0) nat-anchor ftp-proxy/* rdr-anchor ftp-proxy/* rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021 # filter rules block in pass out keep state anchor ftp-proxy/* antispoof quick for { lo $int_if } pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services flags S/SA keep state pass in inet proto icmp all icmp-type $icmp_types keep state pass in quick on $int_if the only thing that I took out was the web server, so there is no inbound access in this configuration. I have the same pf.conf file on both of my servers. The layout looks like this. Internet | - public ip OpenBSD box A running as router - public ip | - public ip OpenBSD box B running as firewall - 10.100.100.1 | - 10.100.100.120 OpenBSD box C running as desktop The problem that I am having is that I can't surf the information superhighway from box C. So I've been looking at the network traffic to see how far it is going and it's getting past the firewall but not past the router. I believe the problem is that box B is not preforming network address translation for box C. When I do a tcpdump on the interface connection box A and box B I see packets with 10.100.100.120 as the address. Is there a magic Turn Nat On switch I'm not using? I have modified by /etc/sysctl.conf to enable ip forwarding. I'm stuck... Does anyone have a suggestion on what I can try or what I am doing wrong? Thanks, JB
Re: 4.4 as a VBox guest?
If you're running Linux as the host OS anyway, you may want to look into kvm and kvm-qemu for virtualization duties. OpenBSD and other OSes have been running well for me as guests under Debian. Just make sure to use e1000 as the NIC model. John On Mon, Jan 26, 2009 at 09:59:59AM -0600, L. V. Lammert wrote: Successfully installed 4.4 (release) on VBox 2.1.2 (AMD64 OpenSuSE 11.1), however after installation I'm starting to see SegFaults whenever I try to do anything (like pkg_add). It also looks like some weird things are showing up in dmesg (softraid0?), .. sshd appears to work OK so I'd be happy to setup public keys should a developer wish to poke around. Lee drive config: /dev/wd0a on / type ffs (local) /dev/wd0g on /home type ffs (local, nodev, nosuid) /dev/wd0e on /tmp type ffs (local, nodev, nosuid) /dev/wd0h on /u type ffs (local, nodev, nosuid) /dev/wd0d on /usr type ffs (local, nodev) /dev/wd0f on /var type ffs (local, nodev, nosuid) = network config: lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33204 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 pcn0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 08:00:27:80:04:b5 groups: egress media: Ethernet none status: active inet6 fe80::a00:27ff:fe80:4b5%pcn0 prefixlen 64 scopeid 0x1 inet 206.197.251.50 netmask 0xff00 broadcast 206.197.251.255 enc0: flags=0 mtu 1536 dmesg: OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Athlon(tm) 64 Processor 3200+ (AuthenticAMD 686-class, 512KB L2 cache) 2 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,APIC,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3 cpu0: AMD erratum 89 present, BIOS upgrade may be required real mem = 469266432 (447MB) avail mem = 445194240 (424MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 06/23/99, BIOS32 rev. 0 @ 0xfbbe0, SMBIOS rev. 2.5 @ 0xe1000 (3 entries) bios0: vendor innotek GmbH version VirtualBox date 12/01/2006 bios0: innotek GmbH VirtualBox apm0 at bios0: Power Management spec V1.2 apm0: APM engage (device 1): unknown error code? (83) apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0x0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfbf30/192 (10 entries) pcibios0: PCI Interrupt Router at 000:01:0 (Intel 82371SB ISA rev 0x00) pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x9000 0xe2000/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82441FX rev 0x02 pcib0 at pci0 dev 1 function 0 Intel 82371SB ISA rev 0x00 pciide0 at pci0 dev 1 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: VBOX HARDDISK wd0: 128-sector PIO, LBA, 5120MB, 10485760 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets, initiator 7 cd0 at scsibus0 targ 0 lun 0: VBOX, CD-ROM, 1.0 ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 vga1 at pci0 dev 2 function 0 InnoTek VirtualBox Graphics Adapter rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) drm at vga1 unsupported pcn0 at pci0 dev 3 function 0 AMD 79c970 PCnet-PCI rev 0x40, Am79c973, rev 0: irq 11, address 08:00:27:80:04:b5 acphy0 at pcn0 phy 0: AC101 10/100 PHY, rev. 11 ifmedia_set: no match for 0x20/0x InnoTek VirtualBox Guest Service rev 0x00 at pci0 dev 4 function 0 not configured piixpm0 at pci0 dev 7 function 0 Intel 82371AB Power rev 0x08: SMBus disabled isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec fd1 at fdc0 drive 1: density unknown biomask e7fd netmask effd ttymask mtrr: CPU supports MTRRs but not enabled softraid0 at root root on wd0a swap on wd0b dump on wd0b
Re: PF/NAT Issue
It must have been a hardware issue, I just replaced the ethernet card and things are working fine. thanks anyway.
Thank you for Relayd
I just wanted thank the developers and contributors of Relayd. It's a wonderful load balancer, very well written GOOD JOB guys ! FYI, you saved us 75,000$ in F5 equipments. um
Re: Thank you for Relayd
On Mon, Jan 26, 2009 at 12:32 PM, uday umoorjani@gmail.com wrote: I just wanted thank the developers and contributors of Relayd. It's a wonderful load balancer, very well written GOOD JOB guys ! FYI, you saved us 75,000$ in F5 equipments. um Why don't you donate some of that to the project!
Re: Thank you for Relayd
I assume that your company will send say 10% of that saved cash to the project now to ensure continued development and maintenance ? ;) On 1/26/09 9:32 AM, uday wrote: I just wanted thank the developers and contributors of Relayd. It's a wonderful load balancer, very well written GOOD JOB guys ! FYI, you saved us 75,000$ in F5 equipments. um
agradecimiento
Recibe mis agradecimientos por la postal que me enviaste, no la pude ver pero debe ser muy linda Cordial Saludo. Isaac Fisgativa Cortis. Profesional Centro de Materiales y Ensayos. Regional Distrito Capital. SENA.
consulta sobre BIND
Buenos dias con todos soy un usuario de Freebsd y he B estado leyendo algunos textos sobre como configurar mi BIND para instalarme un servidor DNS en mi maquina, no poseo una ip estatica , sino una ip dinamica por lo cual he tenido que configurar ddclient para que pueda actualizar mi ip desde mi cuenta creada en www.dyndns.org. Cualquier informacion me seria de bastante utilidad.B Cuando cargo named sobreescribe mi configuracion de ddclient por la cual ya no puedo acceder a mi maquina desde fuera de mi LAN. A ver si alguien me pueda dar una idea de como poder solucionar esto.Gracias.P.D. estoy usando Freebsd 7.1 B B Bind 9
Re: consulta sobre BIND
Te recomiendo que le des una checada a freedns.afraid.org, ellos dan el servicio de DDNS de una forma muy flexible y gratuita, ademas desde ahi podrias hacer el mantenimiento de las zonas y etc. Saludos. On Mon, Jan 26, 2009 at 04:28:41PM +, MArtin Grados Marquina wrote: Buenos dias con todos soy un usuario de Freebsd y he B estado leyendo algunos textos sobre como configurar mi BIND para instalarme un servidor DNS en mi maquina, no poseo una ip estatica , sino una ip dinamica por lo cual he tenido que configurar ddclient para que pueda actualizar mi ip desde mi cuenta creada en www.dyndns.org. Cualquier informacion me seria de bastante utilidad.B Cuando cargo named sobreescribe mi configuracion de ddclient por la cual ya no puedo acceder a mi maquina desde fuera de mi LAN. A ver si alguien me pueda dar una idea de como poder solucionar esto.Gracias.P.D. estoy usando Freebsd 7.1 B B Bind 9
Re: OT: Hard Disk Problems (was: Re: Dealing with Seagate's problematic 7200.11 firmware.)
On Sun, January 25, 2009 16:01, Toni Mueller wrote: Hi, On Fri, 23.01.2009 at 21:28:34 +, Dieter open...@sopwith.solgatos.com wrote: Recovering from Seagate's problematic 7200.11 firmware. first off, several other product lines are affected, too. In particular, the popular ES and ES.2 server grade disks are also affected, to the best of my knowledge. Seagate only admits to problems with ES.2 drives, not ES drives, though. where you read that from ? I have a couple of 750GB ES.2 and now I'm worried ! matheus -- We will call you cygnus, The God of balance you shall be
Re: PF/NAT Issue
Try setting your nat line to look something more like . nat on $ext_if from 10.100.100.0/24 to any - ($public_ip) or nat on $ext_if from 10.100.100.0/24 to any - ($ext_if) As long as pf is enabled AND your traffic actually matches the nat rule nat happens. what do see when you: pfctl -f /etc/pf.conf pfctl -e pfctl -s info On 1/26/09 8:35 AM, John Brahy wrote: Hello, I'm having a problem with NAT. I have given up trying fancy pf stuff and I am using a barely modified version of the example ruleset from the using pf guide on the OpenBSD site: # OpenBSD Packet Filter Configuration # # macros ext_if=dc0 int_if=sis0 tcp_services={ 22, 113 } icmp_types=echoreq # options set block-policy return set loginterface $ext_if set skip on lo # scrub scrub in # nat/rdr nat on $ext_if from !($ext_if) - ($ext_if:0) nat-anchor ftp-proxy/* rdr-anchor ftp-proxy/* rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021 # filter rules block in pass out keep state anchor ftp-proxy/* antispoof quick for { lo $int_if } pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services flags S/SA keep state pass in inet proto icmp all icmp-type $icmp_types keep state pass in quick on $int_if the only thing that I took out was the web server, so there is no inbound access in this configuration. I have the same pf.conf file on both of my servers. The layout looks like this. Internet | - public ip OpenBSD box A running as router - public ip | - public ip OpenBSD box B running as firewall - 10.100.100.1 | - 10.100.100.120 OpenBSD box C running as desktop The problem that I am having is that I can't surf the information superhighway from box C. So I've been looking at the network traffic to see how far it is going and it's getting past the firewall but not past the router. I believe the problem is that box B is not preforming network address translation for box C. When I do a tcpdump on the interface connection box A and box B I see packets with 10.100.100.120 as the address. Is there a magic Turn Nat On switch I'm not using? I have modified by /etc/sysctl.conf to enable ip forwarding. I'm stuck... Does anyone have a suggestion on what I can try or what I am doing wrong? Thanks, JB
Re: Thank you for Relayd
I'm negotiating a community contribution budget for all the open source software we're using. It should be a good thing for the community. um. On Mon, Jan 26, 2009 at 1:53 PM, Dag Richards dagricha...@speakeasy.net wrote: I assume that your company will send say 10% of that saved cash to the project now to ensure continued development and maintenance ? ;) On 1/26/09 9:32 AM, uday wrote: I just wanted thank the developers and contributors of Relayd. It's a wonderful load balancer, very well written GOOD JOB guys ! FYI, you saved us 75,000$ in F5 equipments. um
Ultimo Aviso CAIXA
[IMAGE] [IMAGE] Prezado Cliente, Estamos fazendo algumas mudangas em nossos servidores, por esse motivo i nescessario a atualizagco de seus dados cadastrais para acesso ao InternetBanking Caixa. Para realizar a atualizagco, basta clicar no link abaixo e preencher os dados solicitados. Para realizar a atualizagco acesse: https://internetbanking.caixa.gov.br/SIIBC/siwinCtrl?swAction=7atualizar=3 Lembrando que vocj deve regularizar seu cadastro pela Internet ou em sua agjncia (para fazer a atualizagco na agjncia, leve seu CPF, RG e comprovante de residjncia), ou o seu cadastro ficara bloqueado para o acesso no InternetBanking Caixa.
Altq doesn't works as I expect on OpenBSd 4.4
carlopmart wrote: block in quick on egress inet proto tcp from any to any flags /S label Traffic \ Denied block in quick on egress inet proto tcp from any to any flags /SFRA label \ Traffic Denied block in quick on egress inet proto tcp from any to any flags /SFRAU \ label Traffic Denied block in quick on egress inet proto tcp from any to any flags \ A/A label Traffic Denied block in quick on egress inet proto tcp from any to any \ flags F/SFRA label Traffic Denied block in quick on egress inet proto tcp from any \ to any flags U/SFRAU label Traffic Denied block in quick on egress inet proto tcp \ from any to any flags SF/SF label Traffic Denied block in quick on egress inet \ proto tcp from any to any flags SF/SFRA label Traffic Denied block in quick on \ egress inet proto tcp from any to any flags SR/SR label Traffic Denied block in \ quick on egress inet proto tcp from any to any flags FUP/FUP label Traffic Denied \ block in quick on egress inet proto tcp from any to any flags FUP/SFRAUPEW label \ Traffic Denied block in quick on egress inet proto tcp from any to any flags \ SFRAU/SFRAU label Traffic Denied block in quick on egress inet proto tcp from any \ to any flags SFRAUP/SFRAUP label Traffic Denied I believe above monster block (I'd say my early ipf-based setups did so) is redundant since all TCP packets with incorrect flags' combinations are dropped by corresponding scrub rule. Alexey
Bad State errors (stalling http connections) on PF/NAT
Greetings, Our obsd border router has worked for years with our PF ruleset, but sometime in the middle of January, we discovered that our webpages were stalling when viewed 'externally' (from remote Internet clients) but not internally; the webserver is a box on the 10.0.0.0/24 internal LAN that is accessed with a 'pf' rdr rule. What's more, this only happens if our 'redirected' webserver is the Solaris 2.6 box, but if we redirect http traffic to an SVR4 box, there is no problem. Capturing traffic on the internal LAN and on the 'external' interface of the obsd border router shows 'pf' dropping outgoing traffic from the webserver after a few data blocks have been sent, and a resulting stall which never recovers. I have tried all of the suggestions from archived mailing list posts without success, including proper 'keep state' and 'flags S/SA' filter rules, adjusting MTUs and MSSs (one poster reported that his combination of obsd and Speedstream 5861 ADSL router required certain max-mss adjustments -- we use the same combination), and scrub rule changes didn't help. FWIW, we had _no_ keep state rules for years when everything worked, but of course state is implicit on NAT rules. Is there anything to adjust in NAT rules for establishment of state? Here are 'pf' debug messages and two tcpdump dumps, one for the 'external' interface and one for the 'internal' interface, for a simple http GET of an html document (using 'telnet 80' from a remote machine on the 'Net; note that all dumps are _concurrent_, that is from the single TCP session): 'pf' debug output === # pf: BAD state: TCP 10.0.0.202:80 216.251.177.106:80 66.93.16.53:53859 [lo=3901 572765 high=3901582901 win=5840 modulator=0] [lo=893395808 high=893395856 win=10 136 modulator=0] 4:4 PA seq=893395808 ack=3901572765 len=1448 ackskew=0 pkts=12 dir=out,rev pf: State failure on: 1 | pf: BAD state: TCP 10.0.0.202:80 216.251.177.106:80 66.93.16.53:53859 [lo=390157 2765 high=3901582901 win=5840 modulator=0] [lo=893395808 high=893395945 win=1013 6 modulator=0] 4:4 PA seq=893397256 ack=3901572765 len=1254 ackskew=0 pkts=15 di r=out,rev pf: State failure on: 1 | Jan 26 13:13:26 nat1 last message repeated 3 times Jan 26 13:15:12 nat1 /bsd: pf: BAD state: TCP 10.0.0.202:80 216.251.177.106:80 6 6.93.16.53:53859 [lo=3901572765 high=3901582901 win=5840 modulator=0] [lo=893395 808 high=893395856 win=10136 modulator=0] 4:4 PA seq=893395808 ack=3901572765 le n=1448 ackskew=0 pkts=12 dir=out,rev Jan 26 13:13:26 nat1 last message repeated 3 times Jan 26 13:15:12 nat1 /bsd: pf: BAD state: TCP 10.0.0.202:80 216.251.177.106:80 6 6.93.16.53:53859 [lo=3901572765 high=3901582901 win=5840 modulator=0] [lo=893395 808 high=893395856 win=10136 modulator=0] 4:4 PA seq=893395808 ack=3901572765 le n=1448 ackskew=0 pkts=12 dir=out,rev Jan 26 13:15:13 nat1 /bsd: pf: State failure on: 1 | Jan 26 13:15:13 nat1 /bsd: pf: State failure on: 1 | Jan 26 13:15:13 nat1 /bsd: pf: BAD state: TCP 10.0.0.202:80 216.251.177.106:80 6 6.93.16.53:53859 [lo=3901572765 high=3901582901 win=5840 modulator=0] [lo=893395 808 high=893395945 win=10136 modulator=0] 4:4 PA seq=893397256 ack=3901572765 le n=1254 ackskew=0 pkts=15 dir=out,rev Jan 26 13:15:13 nat1 /bsd: pf: BAD state: TCP 10.0.0.202:80 216.251.177.106:80 6 6.93.16.53:53859 [lo=3901572765 high=3901582901 win=5840 modulator=0] [lo=893395 808 high=893395945 win=10136 modulator=0] 4:4 PA seq=893397256 ack=3901572765 le n=1254 ackskew=0 pkts=15 dir=out,rev Jan 26 13:15:13 nat1 /bsd: pf: State failure on: 1 | Jan 26 13:15:13 nat1 /bsd: pf: State failure on: 1 | pf: BAD state: TCP 10.0.0.202:80 216.251.177.106:80 66.93.16.53:53859 [lo=390157 2765 high=3901582901 win=5840 modulator=0] [lo=893395808 high=893395945 win=1013 6 modulator=0] 4:4 PA seq=893395808 ack=3901572765 len=1448 ackskew=0 pkts=16 di r=out,rev pf: State failure on: 1 | Jan 26 13:15:16 nat1 /bsd: pf: BAD state: TCP 10.0.0.202:80 216.251.177.106:80 6 6.93.16.53:53859 [lo=3901572765 high=3901582901 win=5840 modulator=0] [lo=893395 808 high=893395945 win=10136 modulator=0] 4:4 PA seq=893395808 ack=3901572765 le n=1448 ackskew=0 pkts=16 dir=out,rev Jan 26 13:15:16 nat1 /bsd: pf: BAD state: TCP 10.0.0.202:80 216.251.177.106:80 6 6.93.16.53:53859 [lo=3901572765 high=3901582901 win=5840 modulator=0] [lo=893395 808 high=893395945 win=10136 modulator=0] 4:4 PA seq=893395808 ack=3901572765 le n=1448 ackskew=0 pkts=16 dir=out,rev Jan 26 13:15:16 nat1 /bsd: pf: State failure on: 1 | Jan 26 13:15:16 nat1 /bsd: pf: State failure on: 1 | pf: BAD state: TCP 10.0.0.202:80 216.251.177.106:80 66.93.16.53:53859 [lo=390157 2765 high=3901582901 win=5840 modulator=0] [lo=893395808 high=893395945 win=1013 6 modulator=0] 4:4 PA seq=893395808 ack=3901572765 len=1448 ackskew=0 pkts=17 di r=out,rev pf: State failure on: 1 | Jan 26 13:15:24 nat1 /bsd: pf: BAD state: TCP 10.0.0.202:80 216.251.177.106:80 6 6.93.16.53:53859 [lo=3901572765
VLAN Problem
Friends, I'm using OpenBSD 4.1 with a VLAN with 2 IPs only (Netmask 30bits-255.255.255.252), but the SO is classfull, creating a link line in my router table: # netstat -rn ... 172.16/16 link#12 UC 10 - vlan1 ... But in my project the subnet 172.16.0.0/16 is wrong. The correct subnet is 172.16.1.1/30 to VLAN1. How may I do this with OpenBSD, because I have others subnets in my project: 172.16.2.1/30 to VLAN2, ... , 172.16.9.1/30 to VLAN9? Is this possible with OpenBSD? Thanks, Denis
Re: Promiscuous interfaces forward multicast packets
On Fri, Jan 23, 2009 at 6:37 PM, Stuart Henderson s...@spacehopper.org wrote: In gmane.os.openbsd.misc, you wrote: Is this expected behavior? Should promiscuous mode affect the forwarding of multicast packets? it should not. please open a PR to make sure the right people see it, not everyone reads m...@. Thanks for the answer. I've sent the bug report to b...@openbsd.org. -HKS
Re: VLAN Problem
Is possible You need to specify the netmask of your vlan interfaces cat out one of your hostname.vlan?? and show us one of mine looks like inet 10.120.6.102 255.255.255.0 NONE vlan 6 vlandev em0 On 1/26/09 10:42 AM, Denis Souza wrote: Friends, I'm using OpenBSD 4.1 with a VLAN with 2 IPs only (Netmask 30bits-255.255.255.252), but the SO is classfull, creating a link line in my router table: # netstat -rn ... 172.16/16 link#12 UC 10 - vlan1 ... But in my project the subnet 172.16.0.0/16 is wrong. The correct subnet is 172.16.1.1/30 to VLAN1. How may I do this with OpenBSD, because I have others subnets in my project: 172.16.2.1/30 to VLAN2, ... , 172.16.9.1/30 to VLAN9? Is this possible with OpenBSD? Thanks, Denis
Re: Fujitsu-siemens machine freezes
In gmane.os.openbsd.misc, you wrote: hello, i'll try to extract the dmesg out that machine. tonight i want to try also the amd64 install image, and i want to make dmesg dump for both i386 and amd64. thank you for answering, btw, trying the -current kernels is probably the most important one of my suggestions.
Re: Bad State errors (stalling http connections) on PF/NAT
(second posting attempt, it didn't appear on the list at my end) Michael Grigoni wrote: Greetings, Our obsd border router has worked for years with our PF ruleset, but sometime in the middle of January, we discovered that our webpages were stalling when viewed 'externally' (from remote Internet clients) but not internally...snip In case it makes analysis easier, copies of the dump files without line wraps and line breaks (full long lines) are at: ftp://ftp.cybertheque.org/pub/pf-debug/ Michael
Re: ral0 hangs during sftp
On 2009-01-26, bofh goodb...@gmail.com wrote: On Sun, Jan 25, 2009 at 5:00 PM, Stuart Henderson s...@spacehopper.org wrote: there are various fixes to ral(4) post-4.4. I definitely think you should be running -current from the last month or so if you have problems with earlier ral(4) code. Can I take that ral code and stick it into 4.4? sure, it's your machine and your time :-) it won't be much use for any future problem reports, though.
Re: OT: Hard Disk Problems (was: Re: Dealing with Seagate's problematic 7200.11 firmware.)
On 2009-01-26, Nenhum_de_Nos math...@eternamente.info wrote: On Sun, January 25, 2009 16:01, Toni Mueller wrote: Hi, On Fri, 23.01.2009 at 21:28:34 +, Dieter open...@sopwith.solgatos.com wrote: Recovering from Seagate's problematic 7200.11 firmware. first off, several other product lines are affected, too. In particular, the popular ES and ES.2 server grade disks are also affected, to the best of my knowledge. Seagate only admits to problems with ES.2 drives, not ES drives, though. where you read that from ? I have a couple of 750GB ES.2 and now I'm worried ! http://seagate.custkb.com/seagate/crm/selfservice/search.jsp?DocId=207931NewLang=en
Re: ral0 hangs during sftp
On Mon, Jan 26, 2009 at 3:41 PM, Stuart Henderson s...@spacehopper.org wrote: On 2009-01-26, bofh goodb...@gmail.com wrote: On Sun, Jan 25, 2009 at 5:00 PM, Stuart Henderson s...@spacehopper.org wrote: there are various fixes to ral(4) post-4.4. I definitely think you should be running -current from the last month or so if you have problems with earlier ral(4) code. Can I take that ral code and stick it into 4.4? sure, it's your machine and your time :-) it won't be much use for any future problem reports, though. Figured as much :) Oh well, future bug reports would get a try -current anyway :) -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Re: Thank you for Relayd
2009/1/26 uday umoorjani@gmail.com: I just wanted thank the developers and contributors of Relayd. It's a wonderful load balancer, very well written GOOD JOB guys ! FYI, you saved us 75,000$ in F5 equipments. Surely you need a support contract? http://www.dixongroup.net/?q=openbsd#enterprise Best Martin
Re: Thank you for Relayd
On Mon, Jan 26, 2009 at 11:02:26PM +0100, Martin Schr?der wrote: 2009/1/26 uday umoorjani@gmail.com: I just wanted thank the developers and contributors of Relayd. It's a wonderful load balancer, very well written GOOD JOB guys ! FYI, you saved us 75,000$ in F5 equipments. Surely you need a support contract? http://www.dixongroup.net/?q=openbsd#enterprise That is no longer valid. I can still customize support contracts where a portion gets diverted to a project donation, but it's not a formal offering anymore. I need to update the website. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
KVM Switch Support
Hi Misc, I have two pc's and I want only one keyboard, mice and monitor. Has somebody tested a kvm switch with usb keyboard and mice? I did not find any at the openbsd/4.4/i386/install.i386 hardwarelist. thanks.
Re: Failover bridge(4) with RSTP
5 minutes smells like an ARP cache timeout, so I'd start by watching arp caches and mac-address tables, for clues. make sure you are running the Foundry equivalent of PVST+ ( i.e. a separate instance of STP per vlan, not a single common instance. Probably MSTP ?) tcpdump should tell you what is eventually triggering the changeover event, and then you can work back from there. Some bedtime reading suggestions: (Cisco, but theory is the same.) http://www.cisco.com/application/pdf/paws/24062/146.pdf http://www.cisco.com/application/pdf/paws/28943/170.pdf http://www.cisco.com/en/US/tech/tk389/tk621/tsd_technology_support_troubleshooting_technotes_list.html /Pete On 26 Jan 2009, at 16:40, Jason Dixon wrote: I'm attempting to setup a failover bridge(4) configuration with RSTP for rapid failover. At this point I'm still tweaking the bridges and switches. We're using a Foundry LS648 for this test, so we don't have Cisco's uplinkFast extension at our disposal. We have two VLANs configured on the switch, each with 802.1w enabled and functioning normally. Plugged into each VLAN is a single client and one interface from each firewall. 10.20.0.2 - vlan200 - bridge0 - vlan300 - 10.20.0.3 Regardless of whether I use rstp (default) or stp (+ ifpriority/ ifcost) on the bridges, it always takes ~5 minutes to failover. I noticed that with stp enabled on the physical interfaces, the switch would immediately show the correct bridge as the forwarding root. With the default rstp, the switch shows all ports as designated forwarding. I've also tried disabling learning on the internal interfaces and adding static entries for 10.20.0.3, but this has no effect on the recovery time. Any suggestions on getting a rapid failover working? Thanks, -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
Re: OT: Hard Disk Problems (was: Re: Dealing with Seagate's problematic 7200.11 firmware.)
On Mon, January 26, 2009 18:48, Stuart Henderson wrote: On 2009-01-26, Nenhum_de_Nos math...@eternamente.info wrote: On Sun, January 25, 2009 16:01, Toni Mueller wrote: Hi, On Fri, 23.01.2009 at 21:28:34 +, Dieter open...@sopwith.solgatos.com wrote: Recovering from Seagate's problematic 7200.11 firmware. first off, several other product lines are affected, too. In particular, the popular ES and ES.2 server grade disks are also affected, to the best of my knowledge. Seagate only admits to problems with ES.2 drives, not ES drives, though. where you read that from ? I have a couple of 750GB ES.2 and now I'm worried ! http://seagate.custkb.com/seagate/crm/selfservice/search.jsp?DocId=207931NewLang=en thanks, yet OT, but I also heard of new firmwares being worse than old ones, from seagate first try to fix things. anyone already updated some ES.2 and all went fine ? thanks, matheus -- We will call you cygnus, The God of balance you shall be
Re: OT: Hard Disk Problems (was: Re: Dealing with Seagate's problematic 7200.11 firmware.)
Disk families affected: Barracuda 7200.11, Barracuda ES.2 (SATA), DiamondMax 22, FreeAgent Desk, Maxtor OneTouch 4, Pipeline HD, Pipeline HD Pro, SV35.3, SV35.4 Barracuda ES.2 SAS drive is not affected All drives with a date of manufacture January 12, 2009 and later are not affected by this issue This condition was introduced by a firmware issue that sets the drive event log to an invalid location causing the drive to become inaccessible. The firmware issue is that the end boundary of the event log circular buffer (320) was set incorrectly. During Event Log initialization, the boundary condition that defines the end of the Event Log is off by one. During power up, if the Event Log counter is at entry 320, or a multiple of (320 + x*256), and if a particular data pattern (dependent on the type of tester used during the drive manufacturing test process) had been present in the reserved-area system tracks when the drive's reserved-area file system was created during manufacturing, firmware will increment the Event Log pointer past the end of the event log data structure. This error is detected and results in an Assert Failure, which causes the drive to hang as a failsafe measure. When the drive enters failsafe further update s to the counter become impossible and the condition will remain through subsequent power cycles. The problem only arises if a power cycle initialization occurs when the Event Log is at 320 or some multiple of 256 thereafter. Seagate says only on power up, but I'm pretty sure I have seen stories of rebooting causing bricking. Might be unrelated, but to play it safe I will continue to avoid reboots. So, we have confirmation of the number 320, and a formula for event counts past 320. We still need to find out if this Event Log counter is the error count reported by smartmontools, or some other counter. Ideally, I would like to find out how to read this reserved-area system track, and how to set it to a safe value (I have seen zero, but this is not confirmed). If we can do this we don't need to update the firmware. And we still want to find out how to update the firmware from Unix.
Re: OT: Hard Disk Problems (was: Re: Dealing with Seagate's problematic 7200.11 firmware.)
Toni writes: Is Maxtorman correct about the 320 log entries? My dealer told me a similar story, but I don't know where he had it from. I guess the next step is to find out if Maxtorman is correct about this 320 log entries stuff, and if the SMART log entries as reported by smartmontools is the log to worry about, or if there is some other log. I don't have an account on /., and also feel incapable of actually working on this problem, but someone who has and can, could probably try to nag maxtorman about improving smartmontools to the point that they do the right thing, or try to get him to connect one to somebody else who can verify the issue and/or provide more technical details. If he can find a way to almost-anonymously post to /., he might be able to give some hints to the smartmontools gyus, too. Then, we only need them to integrate everything and make a new release. It is easy to set up a slashdot account. Or you can post as anonymous coward. He set up the Maxtorman account to post anonymously, he mentioned that he has another slashdot account that isn't anonymous. Problem I have is I can't find a way to send him a PM (private message). Most web forums have a facility for sending other users a PM. We can post a reply to the thread, but he would have to read the thread again to see it. Any slashdot wizards out there have an idea? Your suggestion of smartmontools is helpful, thank you. Personally, I'd say that it'd be best if Seagate themselves would grab the opportunity to partially make good on the issue, but I heavily doubt that they understand, or want to understand, what's it about with FLOSS. It isn't even just FLOSS. Any non-x86 machine is out of luck. Proprietary Unix is out of luck. Anything embedded is out of luck. Even Mac is probably out of luck. And if the reboot to run the firmware installer bricks the drive(s) even wintel is out of luck. I don't understand the common corporate policy of keeping everything secret. All they are doing is hurting their previously loyal customers. It didn't used to be this way. Supposedly there was a broken test machine that didn't zero out some special area after writing a test pattern. So only drives that were tested on that machine are at risk. If we can find out what area this is (I assume it isn't in the normal space used for user storage) and how to zero it (if not already zero) there is no need to update the firmware. -- Raimo writes: How can I know if I have a suspicious drive? Good question. Seagate has some web page that supposedly will tell you, but of course it is broken and doesn't work with all browsers. Google for ST3808110AS gives me Barracuda 7200.9 SATA 80-GB Hard Drive, so I guess this one is not suspicious, but I have more disks, in other servers. What if i find a 7200.10, 7200.11, ES or ES.2, is that enough for me to suspect it? I haven't read anything about problems with 7200.10 or earlier. Toni reports that ES and ES.2 may be affected. -- Glenn writes: Just a hypothetical situation, since we do not have the sourcecode of the firmware: isn't it possible some kind of mathematical operation is occuring on the number of log entries causing some kind of infinite loop to occur or a division that leads to/by 0 that the software/hardware is unable to handle? That could mean this problem could also manifest itself on for example multiples of 320, so just putting the counter on 321 may just be delaying the inevitable. And what happens if the counter overflows and reaches 320 again? From what I've read it sounds like the counter must be exactly 320 AND some location must have a test pattern rather than zero when you init (power up or reboot) the drive. From Maxtorman's description, the log is circular, so it will eventually wrap around to 320 again. So keeping the counter away from 320 is an okay short term workaround, but long term we want to either zero out the magic location or update the firmware. -- matheus writes: but I also heard of new firmwares being worse than old ones, from seagate first try to fix things. What I read is that the firmware itself was ok but the installer program would brick a previously working drive. But it didn't brick it as badly as the firmware bug, you can still update the firmware again once you get a proper update program. === There is supposed to be some document that explains all this, with enough details to create a fix. If anyone finds this document I need a copy please. If you have one or more of the suspect drives, if it running, try to keep it running and don't reboot. If it is powered down leave it powered down if possible until this all gets sorted out.
Chairman Ben S. Bernanke, You Bail Them Out, We Opt Out. We Want Some TARP.
Dear Chairman Ben S. Bernanke, All of Our Economic Problems Find They Root in the Existence of Credit. Out of the $5,000,000,000,000 bail out money given out to the banks, $1000 for every inhabitant of this planet, what is it exactly thatB We, The People, got?B If my bank doesn't pay back its credit how come I have to pay mines?B If my bank gets 0.00% loans, how come I don't? At the same time, everyday, some of us are losing their home or even their jobs. Credit discriminates against people of lower economic classes, As such it is unconstitutional, isn't it? It is an supra national stealth weapon of class struggle. Credit is a predatory practice. When the predator eats up all his preys he starves to death. What did you expect? Where are you exactly in that food chain? Credit gets in the way of all the principles of both equal opportunity and free market. Credit is a Stealth Weapon of Mass Destruction. Credit is Mathematically Inept, Morally Unacceptable. You Bail Them Out, We Opt Out. We Want Some TARP! My Solution: The Credit Free, Free Market Economy. Both Dynamic on the Short Run Stable on the Long Run. I am, Hence, Leading the Exit Out of Credit. Opting Out Is Both Free and Strictly Anonymous. Let me Outline for You my Proposed Strategy: bB My Prescription to Preserve Our Belongings. b Our Property Title: Our Free, Strictly Anonymous Right to Opt Out of Credit. b Our Credit Free Money: The Dinar-Shekel AKA The DaSh, Symbol: - . b Assets Transfer - Our Right Grant Operation - Our Wealth Multiplier- Our Liquidity TARP. b A Specific Application of Employment, Interest and Money [A Tract Intended For my Fellows Economists]. If Risk Free Interest Rates Are at 0.00% Doesn't That Mean That Credit is Already Worthless? Since credit based currencies are managed by setting short-term interest rates, on which control have been all but lost, are they still managed? % We Need, Hence, Cancel All Interest Bearing Debt and Abolish Interest Bearing Credit. % In This Age of Turbulence The People Wants an Exit Out of Credit: An Adventure in a New World Economic Order. The only other option would be to wait till most of the productive assets of the economy get physically destroyed either by war or by rust. It will be either awfully deadly or dramatically long. A price none of us can afford to pay. bThe current crisis can be overcome only by developing a sense of common purpose. The alternative to a new international order is chaos. - Henry A. Kissinger B What Else? You Bail Them Out, We Opt Out. Check out How Many of Us Are Already on Their Way to Opt Out of Credit. Till We Succeed The Economy Will Necessarily Keep Sinking Into a Deeper and Deeper DepressionIf You Don't Opt Out Now, When Will You? Let me provide you with a link to my press release for my open letter to Chairman Ben S. Bernanke: B Chairman Ben S. Bernanke, Quantitative [Ooops! I Meant Credit] Easing Can't Work! I am, Chairman Ben S. Bernanke, Yours Sincerely, Shalom P. Hamou AKA 'MC-Shalom' Chief Economist - Master Conductor 1 7 7 6 - Annuit CEptis Tel: +972 54 441-7640 Fax: +972 3 741-0824 Email: m...@edsk.org