Re: HP DL320G6 not seeing internal drives
Snapshot results. OpenBSD 4.7 (RAMDISK_CD) #351: Tue Mar 9 10:02:25 MST 2010 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: Intel(R) Xeon(R) CPU E5502 @ 1.87GHz (GenuineIntel 686-class) 1.87 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16, xTPR real mem = 3881558016 (3701MB) avail mem = 3781189632 (3606MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS rev. 2.6 @ 0xe77fe000 (134 entries) bios0: vendor HP version W07 date 07/24/2009 bios0: HP ProLiant DL320 G6 acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SPCR MCFG HPET SPMI ERST APIC SRAT BERT HEST DMAR SSDT SSDT SSDT SSDT acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 16 (boot processor) cpu0: apic clock running at 133MHz cpu at mainbus0: not configured ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 0 pa 0xfec8, version 20, 24 pins acpiprt0 at acpi0: bus 1 (IP2P) acpiprt1 at acpi0: bus 3 (NIB1) acpiprt2 at acpi0: bus 4 (IPT5) acpiprt3 at acpi0: bus 0 (PRB2) acpiprt4 at acpi0: bus 10 (PT07) acpiprt5 at acpi0: bus 7 (PT03) acpiprt6 at acpi0: bus 13 (PT01) acpiprt7 at acpi0: bus 0 (PCI0) bios0: ROM list: 0xc/0xb000 0xcb000/0x1a00 0xcca00/0xc000! pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 5500 Host rev 0x13 ppb0 at pci0 dev 1 function 0 Intel X58 PCIE rev 0x13 pci1 at ppb0 bus 13 ppb1 at pci0 dev 3 function 0 Intel X58 PCIE rev 0x13 pci2 at ppb1 bus 7 ppb2 at pci0 dev 7 function 0 Intel X58 PCIE rev 0x13 pci3 at ppb2 bus 10 em0 at pci3 dev 0 function 0 Intel PRO/1000 PT (82571EB) rev 0x06: apic 0 int 6 (irq 7), address 00:15:17:d6:76:66 em1 at pci3 dev 0 function 1 Intel PRO/1000 PT (82571EB) rev 0x06: apic 0 int 13 (irq 11), address 00:15:17:d6:76:67 pchb1 at pci0 dev 13 function 0 vendor Intel, unknown product 0x343a rev 0x13 pchb2 at pci0 dev 13 function 1 vendor Intel, unknown product 0x343b rev 0x13 pchb3 at pci0 dev 13 function 2 vendor Intel, unknown product 0x343c rev 0x13 pchb4 at pci0 dev 13 function 3 vendor Intel, unknown product 0x343d rev 0x13 pchb5 at pci0 dev 13 function 4 Intel 5520/X58 QuickPath rev 0x13 pchb6 at pci0 dev 13 function 5 Intel 5520 QuickPath rev 0x13 pchb7 at pci0 dev 13 function 6 vendor Intel, unknown product 0x341a rev 0x13 pchb8 at pci0 dev 14 function 0 vendor Intel, unknown product 0x341c rev 0x13 pchb9 at pci0 dev 14 function 1 vendor Intel, unknown product 0x341d rev 0x13 pchb10 at pci0 dev 14 function 2 vendor Intel, unknown product 0x341e rev 0x13 pchb11 at pci0 dev 14 function 3 vendor Intel, unknown product 0x341f rev 0x13 pchb12 at pci0 dev 14 function 4 vendor Intel, unknown product 0x3439 rev 0x13 Intel X58 Misc rev 0x13 at pci0 dev 20 function 0 not configured Intel X58 GPIO rev 0x13 at pci0 dev 20 function 1 not configured Intel X58 RAS rev 0x13 at pci0 dev 20 function 2 not configured uhci0 at pci0 dev 26 function 0 Intel 82801JI USB rev 0x00: apic 8 int 20 (irq 5) uhci1 at pci0 dev 26 function 1 Intel 82801JI USB rev 0x00: apic 8 int 23 (irq 7) uhci2 at pci0 dev 26 function 2 Intel 82801JI USB rev 0x00: apic 8 int 22 (irq 10) ehci0 at pci0 dev 26 function 7 Intel 82801JI USB rev 0x00: apic 8 int 22 (irq 10) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb3 at pci0 dev 28 function 0 Intel 82801JI PCIE rev 0x00 pci4 at ppb3 bus 2 ppb4 at pci4 dev 0 function 0 ServerWorks PCIE-PCIX rev 0xb5 pci5 at ppb4 bus 3 bge0 at pci5 dev 4 function 0 Broadcom BCM5715 rev 0xa3, BCM5715 A3 (0x9003): apic 8 int 16 (irq 7), address 18:a9:05:00:ae:00 brgphy0 at bge0 phy 1: BCM5714 10/100/1000baseT/SX PHY, rev. 0 bge1 at pci5 dev 4 function 1 Broadcom BCM5715 rev 0xa3, BCM5715 A3 (0x9003): apic 8 int 17 (irq 11), address 18:a9:05:00:ae:01 brgphy1 at bge1 phy 1: BCM5714 10/100/1000baseT/SX PHY, rev. 0 ppb5 at pci0 dev 28 function 4 Intel 82801JI PCIE rev 0x00 pci6 at ppb5 bus 4 uhci3 at pci0 dev 29 function 0 Intel 82801JI USB rev 0x00: apic 8 int 20 (irq 5) uhci4 at pci0 dev 29 function 1 Intel 82801JI USB rev 0x00: apic 8 int 23 (irq 7) uhci5 at pci0 dev 29 function 2 Intel 82801JI USB rev 0x00: apic 8 int 22 (irq 10) ehci1 at pci0 dev 29 function 7 Intel 82801JI USB rev 0x00: apic 8 int 20 (irq 5) usb1 at ehci1: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb6 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x90 pci7 at ppb6 bus 1 vga1 at pci7 dev 3 function 0 ATI ES1000 rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) Compaq iLO rev 0x03 at pci7 dev 4 function 0 not configured Compaq iLO rev 0x03 at pci7 dev 4 function 2 not configured uhci6 at pci7 dev 4 function 4 Hewlett-Packard USB rev 0x00: apic 8 int 22 (irq 10) Hewlett-Packard IPMI rev 0x00 at pci7 dev 4 function 6 not configured usb2 at uhci6:
Re: HP DL320G6 not seeing internal drives
On 2010-03-11, a b rclo...@yahoo.co.uk wrote: Snapshot results. thanks, Brad points out that this device id needs adding to the ahci driver: .. Intel 82801JI RAID rev 0x00 at pci0 dev 31 function 2 not configured .. Index: ahci.c === RCS file: /cvs/src/sys/dev/pci/ahci.c,v retrieving revision 1.158 diff -u -p -r1.158 ahci.c --- ahci.c 21 Jan 2010 10:16:44 - 1.158 +++ ahci.c 11 Mar 2010 08:35:29 - @@ -442,6 +442,8 @@ static const struct ahci_device ahci_dev { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_82801H_RAID, NULL, NULL }, + { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_82801JI_RAID, + NULL, NULL }, { PCI_VENDOR_NVIDIA,PCI_PRODUCT_NVIDIA_MCP65_AHCI_2, NULL, ahci_nvidia_mcp_attach }, I'll get you some install media built to test.
Re: HP DL320G6 not seeing internal drives
thanks, Brad points out that this device id needs adding to the Kudos to Brad !;-) I'll get you some install media built to test. Aw-shucks, you guys makes me wonder why anyone would want to use anything other than OpenBSD with this sort of community spirit !;-) Thanks v. much, and keep up the (very good) work !
Problems with Carp, Multi-WAN and pf syntax.
Hello all, How do I configure a pf in a way that traffic that comes in one one CARP-Interface goes out to the same CARP-Interface? The syntax in -current has changed from the FAQ (which assumes OpenBSD-4.6). http://www.openbsd.org/faq/pf/pools.html#outgoing On a HP ProLiant with BCM5703X NICS I had to go with -current, because the NICS do not work with 4.6 (see here: http://old.nabble.com/ProLiant-DL360-G3---bge-won't-work-td26746681.html and here: http://marc.info/?l=openbsd-cvsm=12492713264w=2 ) I can make neither head nor tails from the manpage in this regard, so can anybody help? Marcus M|lb|sch
A small research paper - Thoughts about Cisco.
Dear OpenBSD community, I'm doing a small research paper on Cisco and try to find out if they are evil or not in relative to open/free source/standards, and business practice. Eg. locking people to their product line aka the MS way. I'm sending this mail to you guys because I think many of you know allot about networking, and the networking industry. I'm hoping that someone would be kind and share some of their impressions of Cisco with me. My hypothesis is that Cisco is following the best business practice in relation to proprietary and open/free source. To answer this hypothesis I'm trying to find out if Cisco is using their proprietary solution when there is a better open/free alternative. My preliminary thoughts is taken from what I have perceived, that Cisco makes a proprietary solution to give them a edge and uniqueness in the marked which they can harvest capital from. And when that solution has become commonplace they switch over to non-proprietary solutions to become more interoperable and thus stay competitive. First, Is this reasonable observation? Second, Are there any deviations from this trend? If so, why? I'm very grateful for any reply I get. Kind regards, TSLura.
Re: Apache - bandwidth usage limit per vhost
Mr. Coppa, Thank you very much for the patch. It compiles without any error and it works ok but I've noticed that if the mod_throttle is loaded, apache doesn't want to restart with 'apachectl restart' anymore. You should manually 'apachectl stop' and 'apachectl start' it; A demonstration: # apachectl start /usr/sbin/apachectl start: httpd started # apachectl restart /usr/sbin/apachectl restart: httpd restarted -- (httpd stopped but did not start again) # apachectl stop /usr/sbin/apachectl stop: httpd (pid 947?) not running # apachectl start /usr/sbin/apachectl start: httpd started Do you have any suggestions? Kind Regards. --- Ozgur Kazancci
Re: Joomla - MySQL Problem: Could not connect to MySQL
I didn't notice, that httpd was still running. kill -TERM ID_of_httpd httpd -u solved the problem. Thank you! Everything works fine! Jan Alexander Hall wrote: Jan wrote: Thank you for the numerous responses! Except the solution to change localhost to 127.0.0.1 in the whole script, I tried everything you Do try that then. I dont know the script at hand, but it cannot be that many places that creates a database connection, can it? IIRC, localhost implies file socket, and even if I'm wrong, it requires a name lookup, and you might be missing /etc stuff in the chroot. proposed. It still doesn't work. Here a short review: === Are you trying to connect to the MySQL socket outside of the httpd chroot? === after having run apachectl start, I tried the same process using httpd -u. But nothing changed. You did mean you killed httpd in between, yes? === mysql -h localhost -u root -p Works perfect. mysql -h localhost -u joomla -p works also. How about mysql -h 127.0.0.1 -P 3306 -u joomla -p ? /Alexander === Have a look in /var/www/logs/ ===in the errorlog of the folder is no entry. access_log shows up: 172.16.172.130 -- [09/Mar/2010:09:47:26 -0700] POST /user01/installation/index.php HTTP/1.1 200 4270 === At the very least you'll also need the php5-mysql-5.2.6.tgz package installed as well. === php5-mysql and php5-mysqli packets are installed both === At the very least you'll also need the php5-mysql-5.2.6.tgz package installed as well. == That's the output of the mysql part in the phpinfo();: mysql MySQL Supportenabled active persistent links0 active links0 client api version5.0.51a mysql_module_typeexternal mysql_socket/var/run/mysql/mysql.sock mysql_include-I/usr/local/include/mysql mysql_libs-L/usr/local/include/mysql directivelocal valuemaster value mysql.allow_persistentOnOn mysql.connect_timeout6060 mysql.default_hostno valueno value mysql.default_passwordno valueno value mysql.default_portno valueno value mysql.default_socketno valueno value mysql.default_userno valueno value mysql.max_linksUnlimitedUnlimited mysql.max_persistentUnlimitedUnlimited mysql.trace_modeOffOff Thank you! Jan
Re: A small research paper - Thoughts about Cisco.
2010/3/11 TS Lura tsl...@gmail.com: Dear OpenBSD community, I'm doing a small research paper on Cisco and try to find out if they are evil or not in relative to open/free source/standards, and business practice. Eg. locking people to their product line aka the MS way. I'm sending this mail to you guys because I think many of you know allot about networking, and the networking industry. I'm hoping that someone would be kind and share some of their impressions of Cisco with me. My hypothesis is that Cisco is following the best business practice in relation to proprietary and open/free source. To answer this hypothesis I'm trying to find out if Cisco is using their proprietary solution when there is a better open/free alternative. My preliminary thoughts is taken from what I have perceived, that Cisco makes a proprietary solution to give them a edge and uniqueness in the marked which they can harvest capital from. And when that solution has become commonplace they switch over to non-proprietary solutions to become more interoperable and thus stay competitive. First, Is this reasonable observation? Second, Are there any deviations from this trend? If so, why? I'm very grateful for any reply I get. I had bad experiences with cisco being nice, we had to implement udld in our equipments, which cisco wrote and made a standard, but it seems they wrote it in a way that no one can implement, read: they simply won't explain the machine states protocol. http://www.faqs.org/rfcs/rfc5171.html It's simply insane, they write stuff so that no one can understand and/or implement. That was my closest experience with cisco niceness and I consider it enough to build up my hate.
Re: A small research paper - Thoughts about Cisco.
Read this http://kerneltrap.org/node/5382 especially part with title The politics of vulnerabilities: and you will get idea how much is Cisco nice. On Thu, Mar 11, 2010 at 1:41 PM, Christiano F. Haesbaert haesba...@haesbaert.org wrote: 2010/3/11 TS Lura tsl...@gmail.com: Dear OpenBSD community, I'm doing a small research paper on Cisco and try to find out if they are evil or not in relative to open/free source/standards, and business practice. Eg. locking people to their product line aka the MS way. I'm sending this mail to you guys because I think many of you know allot about networking, and the networking industry. I'm hoping that someone would be kind and share some of their impressions of Cisco with me. My hypothesis is that Cisco is following the best business practice in relation to proprietary and open/free source. To answer this hypothesis I'm trying to find out if Cisco is using their proprietary solution when there is a better open/free B alternative. My preliminary thoughts is taken from what I have perceived, that Cisco makes a proprietary solution to give them a edge and uniqueness in the marked which they can harvest capital from. And when that solution has become commonplace they switch over to non-proprietary solutions to become more interoperable and thus stay competitive. First, Is this reasonable observation? Second, Are there any deviations from this trend? If so, why? I'm very grateful for any reply I get. I had bad experiences with cisco being nice, we had to implement udld in our equipments, which cisco wrote and made a standard, but it seems they wrote it in a way that no one can implement, read: they simply won't explain the machine states protocol. http://www.faqs.org/rfcs/rfc5171.html It's simply insane, they write stuff so that no one can understand and/or implement. That was my closest experience with cisco niceness and I consider it enough to build up my hate. -- http://www.openbsd.org/lyrics.html
Re: Apache - bandwidth usage limit per vhost
Oh, my mistake.. I forgot that it was a jailed httpd. There was a File Not Found: /usr/lib/apache/modules/mod_throttle.so message in the error_log, but the file was already there (out of chroot path). So, I copied the mod_throttle.so file into /var/www/conf/modules and changed the path of LoadModule throttle_module in httpd.conf. 'apachectl restart' is working again. Thanks. // Ozgur
Re: sysctl(3)
Hi Otto, On Thu, 11.03.2010 at 07:08:24 +0100, Otto Moerbeek o...@drijf.net wrote: On Thu, Mar 11, 2010 at 12:23:22AM +0100, Toni Mueller wrote: Btw, in the snapshot of today, the sysctl(3) man page is absent: $ find . -name 'sysctl*' ./cat8/sysctl.0 ./cat5/sysctl.conf.0 $ Did you install the comp set? It's in there: $ tar ztf comp47.tgz | grep syscl ./usr/include/sys/sysctl.h ./usr/share/man/cat3/sysctl.0 thanks for the heads-up! No, I only installed the 'man' package on a different machine than the one I am working on (not OpenBSD, either). But I'll now grab 'comp' too and see if that helps. -- Kind regards, --Toni++
Re: HP DL320G6 not seeing internal drives
It should be possible to change this in the bios from RAID to AHCI also. On Thu, Mar 11, 2010 at 08:53:02AM +, Stuart Henderson wrote: On 2010-03-11, a b rclo...@yahoo.co.uk wrote: Snapshot results. thanks, Brad points out that this device id needs adding to the ahci driver: .. Intel 82801JI RAID rev 0x00 at pci0 dev 31 function 2 not configured ..
FROM SCIB 11/3/2010
From Siam City Bank Director, International Remittance Foreign Operations Dept, Siam City Bank Of Thailand Plc, Bangkok Thailand Good day Your long overdue Payment. I saw your email ( in the Central Computer among the list of unpaid beneficiaries, and lotto winners that was originated from Africa, Europe, Asia Plus Middle east, Americans ) among the list of individuals and companies that your unpaid fund has been located to the Bank, THAILAND Your email appeared among the beneficiaries, who will receive a payment of your fund and has been approved already for months. You are requested to get back to me for more direction and instruction on how to receive your fund. However, we received an email from one Mr. Virgle Lee Samples who told us that he is your next of kin and that you died in a car accident last week. He has also submitted his account for us to transfer the fund to him including his International passport; we want to hear from you before we can make the transfer to confirm if you are dead or not. Once again, I apologize to you on behalf Of IMF (International Monetary Fund) for failure to pay your funds in time, which according to records in the system had been long overdue. Yours Sincerely, Tony Chasra
apachectl restart bug?
When apachectl issuing a restart, it sends a SIGHUP signal to httpd, and when httpd receives this signal, it doesn't exit from its chroot. So, apachectl restart becomes unfunctional when you have external modules via LoadModule in your httpd.conf. I have the following line in my httpd.conf: LoadModule throttle_module /usr/lib/apache/modules/mod_throttle.so When you have such a line, (and the module file exists there) apache doesn't want to restart (apachectl restart) anymore. After executing apachectl restart command, error_log file receives: Syntax error on line 276 of /conf/httpd.conf: Cannot load /usr/lib/apache/modules/mod_throttle.so into server: File not found But the file is already there. So i should manually 'apachectl stop' and 'apachectl start' to restart httpd; A demonstration: # apachectl start /usr/sbin/apachectl start: httpd started # apachectl restart /usr/sbin/apachectl restart: httpd restarted --httpd stopped but didn't start again # apachectl stop /usr/sbin/apachectl stop: httpd (pid 947?) not running # apachectl start /usr/sbin/apachectl start: httpd started System: OpenBSD 4.6-stable with the stock httpd (Apache/1.3.29) Regards. -- Ozgur Kazancci
Re: apachectl restart bug?
On Thu, 11 Mar 2010, Ozgur Kazancci wrote: When apachectl issuing a restart, it sends a SIGHUP signal to httpd, and when httpd receives this signal, it doesn't exit from its chroot. So, apachectl restart becomes unfunctional when you have external modules via LoadModule in your httpd.conf. I have the following line in my httpd.conf: LoadModule throttle_module /usr/lib/apache/modules/mod_throttle.so When you have such a line, (and the module file exists there) apache doesn't want to restart (apachectl restart) anymore. Oh common, at least read the apachectl(8) man page. -- Antoine
Re: apachectl restart bug?
On Thu, Mar 11, 2010 at 04:08:10PM +0200, Ozgur Kazancci wrote: When apachectl issuing a restart, it sends a SIGHUP signal to httpd, and when httpd receives this signal, it doesn't exit from its chroot. So, apachectl restart becomes unfunctional when you have external modules via LoadModule in your httpd.conf. That's a documented 'feature' in man apachectl: restart Restart httpd(8) by sending it a SIGHUP. If the daemon is not running, it is started. This command automatically checks the configuration files via configtest before initi- ating the restart to make sure httpd(8) doesn't die. If httpd runs chrooted (default in OpenBSD) and 3rd party mod- ules are loaded, restart may fail due to path inconsisten- cy. Completely stop and start the daemon instead.
Re: apachectl restart bug?
On Thu, Mar 11, 2010 at 03:20:33PM +0100, Antoine Jacoutot wrote: On Thu, 11 Mar 2010, Ozgur Kazancci wrote: When apachectl issuing a restart, it sends a SIGHUP signal to httpd, and when httpd receives this signal, it doesn't exit from its chroot. So, apachectl restart becomes unfunctional when you have external modules via LoadModule in your httpd.conf. I have the following line in my httpd.conf: LoadModule throttle_module /usr/lib/apache/modules/mod_throttle.so When you have such a line, (and the module file exists there) apache doesn't want to restart (apachectl restart) anymore. Oh common, at least read the apachectl(8) man page. or the FAQ ... Gilles -- Gilles Chehade freelance developer/sysadmin/consultant http://www.poolp.org
Re: A small research paper - Thoughts about Cisco.
On 11. mars 2010, at 12.13, TS Lura wrote: Dear OpenBSD community, I'm doing a small research paper on Cisco and try to find out if they are evil or not in relative to open/free source/standards, and business practice. Eg. locking people to their product line aka the MS way. I'm sending this mail to you guys because I think many of you know allot about networking, and the networking industry. I'm hoping that someone would be kind and share some of their impressions of Cisco with me. My hypothesis is that Cisco is following the best business practice in relation to proprietary and open/free source. To answer this hypothesis I'm trying to find out if Cisco is using their proprietary solution when there is a better open/free alternative. My preliminary thoughts is taken from what I have perceived, that Cisco makes a proprietary solution to give them a edge and uniqueness in the marked which they can harvest capital from. And when that solution has become commonplace they switch over to non-proprietary solutions to become more interoperable and thus stay competitive. First, Is this reasonable observation? Second, Are there any deviations from this trend? If so, why? I'm very grateful for any reply I get. Kind regards, TSLura. Hi, Lots of flame-bait in there, which at least I am happily ignoring. Couple of interesting points though: 1. Time to market, it's normally 'do it yourself' in private first, then open source later. E.g. Cisco did ISL first until 802.1Q was later established as the standard, and adopted by them. 2. Throughbred solutions, e.g. some (most?) products are a mix match of proprietary open source, e.g. see this link for open source software incorporated into a particular Cisco product: http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/license/fwsmoslic.html /Pete
Re: Problems with Carp, Multi-WAN and pf syntax.
Marcus M|lb|sch schrieb: How do I configure a pf in a way that traffic that comes in one one CARP-Interface goes out to the same CARP-Interface? The syntax in -current has changed from the FAQ (which assumes OpenBSD-4.6). After some help from a friendly soul, and reducinge my pf.conf to the bare minimum it still does not work as intended. Either I have hit a bug, or still have a wrong conf. NICS are configured so: # /etc/hostname.bge0 inet 192.168.3.1 255.255.255.0 192.168.3.255 # /etc/hostname.em0 (WAN-1) inet wan1-ip 255.255.255.248 wan1-brd !route add -mpath default wan1-gw # /etc/hostname.em1 (WAN-2) inet wan2-ip 255.255.255.248 wan2-brd !route add -mpath default wan-2gw sysctl is configured for multipath and forwarding: # /etc/syctl.conf net.inet.ip.forwarding=1 net.inet.ip.multipath=1 pf.conf looks like this: # /etc/pf.conf # Macros if_wan1 = em0 if_wan2 = em1 if_wan = { $if_wan1 $if_wan2 } if_dmz = bge0 gw_wan1 = wan1-gw gw_wan2 = wan2-gw # Allow ICMP passin log quick on $if_wan inet proto icmp from any to any # Redirect WWW traffic passin log quick on $if_wan inet proto tcp from any to any rdr-to some-servers round-robin # NAT for outgoing connections on each internet interface passout logon $if_wan1from any to any nat-to ($if_wan1) passout logon $if_wan2from any to any nat-to ($if_wan2) # route packets from any IPs on $if_wan1 to $gw_wan2 and the same for $if_versa and $gw_versa passout log quick on $if_wan1 from $if_wan2 route-to ($if_wan2 $gw_wan2) passout log quick on $if_wan2 from $if_wan1 route-to ($if_wan1 $gw_wan1) At first everything seems to be fine: Accessing the www-servers from outside per the wan2 interface works as intended: The traffic goes in through the wan2 interface, gets redirected to the www-servers via round robin (if one of them goes down that doesn't matter, as is the whole idea), and gets back through wan2. However. If I access the www-servers from outside via wan-1 ip, 50% of the time the traffic tries to go back through the wan-2 interface, and that is something I don't understand. Same for ICMP. Any help? Marcus M|lb|sch
Re: 4.6 reboots x336 ibm server(s)
Hey guys, sent an acpi dump with dmesg info a couple of months ago to this list hoping the developers might be able to fix this. Just letting you know that 4.7 snapshot still reboots the box unless you disable ppb*. Any way i can help? Cheers, Steph
Re: A small research paper - Thoughts about Cisco.
I'm sorry. My intent was not to be inflammatory. My experience with Cisco as a company is limited, so I'm therefor trying to find out more. In that process I maybe asking a controversial question. Which for some is quite obvious. Thanks for the replies so far. .tsl On Thu, Mar 11, 2010 at 2:33 PM, Pete Vickers p...@systemnet.no wrote: On 11. mars 2010, at 12.13, TS Lura wrote: Dear OpenBSD community, I'm doing a small research paper on Cisco and try to find out if they are evil or not in relative to open/free source/standards, and business practice. Eg. locking people to their product line aka the MS way. I'm sending this mail to you guys because I think many of you know allot about networking, and the networking industry. I'm hoping that someone would be kind and share some of their impressions of Cisco with me. My hypothesis is that Cisco is following the best business practice in relation to proprietary and open/free source. To answer this hypothesis I'm trying to find out if Cisco is using their proprietary solution when there is a better open/free alternative. My preliminary thoughts is taken from what I have perceived, that Cisco makes a proprietary solution to give them a edge and uniqueness in the marked which they can harvest capital from. And when that solution has become commonplace they switch over to non-proprietary solutions to become more interoperable and thus stay competitive. First, Is this reasonable observation? Second, Are there any deviations from this trend? If so, why? I'm very grateful for any reply I get. Kind regards, TSLura. Hi, Lots of flame-bait in there, which at least I am happily ignoring. Couple of interesting points though: 1. Time to market, it's normally 'do it yourself' in private first, then open source later. E.g. Cisco did ISL first until 802.1Q was later established as the standard, and adopted by them. 2. Throughbred solutions, e.g. some (most?) products are a mix match of proprietary open source, e.g. see this link for open source software incorporated into a particular Cisco product: http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/license/fwsmoslic.html /Pete
Re: Problems with Carp, Multi-WAN and pf syntax.
On 2010-03-11, Marcus M?lb?sch muelbue...@as-infodienste.de wrote: Hello all, How do I configure a pf in a way that traffic that comes in one one CARP-Interface goes out to the same CARP-Interface? you're probably looking for reply-to, something along these lines: pass in quick on gif1 inet to (gif1) reply-to 10.33@gif1 pass in quick on pppoe0 inet to (pppoe0) reply-to 0.0@pppoe0
help with mail retrieval/cleaning/storage setup using openbsd
Hi, I need to setup an obsd box to work as a local storing mail server (where I can run some antivirus like clamav), for a domain that is hosted on the web. My idea is to have a script that periodically fetches the mail for all users, via POP3 or other protocol, from the the Internet domaing hosting service, runs some kind of antivirus software and then stores them locally for later retrieval (via POP3 ou IMAP) by the users. Has anyone worked on a similar setup and could share some insights? Thanks in advance. Regards, Jose
Re: sysctl(3)
On Thu, 11.03.2010 at 14:31:46 +0100, Toni Mueller openbsd-m...@oeko.net wrote: But I'll now grab 'comp' too and see if that helps. I've now looked at the man page in -current, and it does not cover the leaves below PF_KEY. -- Kind regards, --Toni++
Re: help with mail retrieval/cleaning/storage setup using openbsd
On 2010-3-11 6:59 PM, inet_use...@samerica.com wrote: My idea is to have a script that periodically fetches the mail for all users, For that, one option is fetchmail: http://www.openbsd.org/4.6_packages/i386/fetchmail-6.3.9.tgz-long.html /Lars
Re: sysctl(3)
On Thu, Mar 11, 2010 at 06:02:49PM +0100, Toni Mueller wrote: On Thu, 11.03.2010 at 14:31:46 +0100, Toni Mueller openbsd-m...@oeko.net wrote: But I'll now grab 'comp' too and see if that helps. I've now looked at the man page in -current, and it does not cover the leaves below PF_KEY. i think otto meant only about the missing page, not the PF_KEY stuff. that is currently documented, but we're working on a fix... jmc
Re: Apache - bandwidth usage limit per vhost
On Thu, Mar 11, 2010 at 6:17 AM, Ozgur Kazancci ozgur.kazan...@info.uvt.rowrote: Oh, my mistake.. I forgot that it was a jailed httpd. There was a File Not Found: /usr/lib/apache/modules/mod_throttle.so message in the error_log, but the file was already there (out of chroot path). So, I copied the mod_throttle.so file into /var/www/conf/modules and changed the path of LoadModule throttle_module in httpd.conf. 'apachectl restart' is working again. Thanks. // Ozgur Just curious.. did 'apachectl graceful' tell you anything about that missing file when testing? That's my first and favorite debug command for apache esp. in production env.
Re: Apache - bandwidth usage limit per vhost
On Thu, Mar 11, 2010 at 10:17 AM, Ted Roby ted.r...@gmail.com wrote: On Thu, Mar 11, 2010 at 6:17 AM, Ozgur Kazancci ozgur.kazan...@info.uvt.ro wrote: Oh, my mistake.. I forgot that it was a jailed httpd. There was a File Not Found: /usr/lib/apache/modules/mod_throttle.so message in the error_log, but the file was already there (out of chroot path). So, I copied the mod_throttle.so file into /var/www/conf/modules and changed the path of LoadModule throttle_module in httpd.conf. 'apachectl restart' is working again. Thanks. // Ozgur Just curious.. did 'apachectl graceful' tell you anything about that missing file when testing? That's my first and favorite debug command for apache esp. in production env. Sorry!! I meant to ask about 'apachectl configtest'. THAT is my favorite
Re: A small research paper - Thoughts about Cisco.
On 3/11/10 6:13 AM, TS Lura wrote: Dear OpenBSD community, I'm doing a small research paper on Cisco and try to find out if they are evil or not in relative to open/free source/standards, and business practice. Eg. locking people to their product line aka the MS way. I'm sending this mail to you guys because I think many of you know allot about networking, and the networking industry. I'm hoping that someone would be kind and share some of their impressions of Cisco with me. My hypothesis is that Cisco is following the best business practice in relation to proprietary and open/free source. To answer this hypothesis I'm trying to find out if Cisco is using their proprietary solution when there is a better open/free alternative. My preliminary thoughts is taken from what I have perceived, that Cisco makes a proprietary solution to give them a edge and uniqueness in the marked which they can harvest capital from. And when that solution has become commonplace they switch over to non-proprietary solutions to become more interoperable and thus stay competitive. First, Is this reasonable observation? Second, Are there any deviations from this trend? If so, why? I'm very grateful for any reply I get. Kind regards, TSLura. Well, this is a big question and you will get a very wide feedback and I would guess, not much good one, but I sure could wrong. For my own having to deal with them for years and have sadly plenty of SmartNet contract as well, they only thing I can tell you, and there is a lot. The only time I ear from Cisco, even if some IOS may have big bugs in them and that may affect me, they will only contact me when the SmartNet time to renew comes! One would thank that they may follow up with their own urgent fix, but no! For the ISL, you already got that reply, but a few years ago, they still were trying to force you to buy their switches and use ISL over the standard 802.11Q! For VoIP, even if SIP is the wide standard, they still try to lock you in their Skiny protocol over the wide standard one and even if you hve smartnet on their 7960 SIP phones, unless you use their own proprietary system they will not support the SIP standard and provide IOS upgrade for it as they should, even with smartnet. They called meon that and try to talk me init, but I cancel ALL the smartnet for ANY Cisco IP phones and that's a lots of them. What's the point of having smartnet if you can't get IOS upgrades and there answer was for the physical device if it break, you get it replace and all. Well, you know what, if it break I can replace if with Polycom instead and they support it better then Cisco does! But if I can't do that, then even getting a new Cisco is better and cheaper int he end then having a worthless smartnet on the phones! As for OpenStandard, CARP and VRRP is a good example, you can research that if you like. That's an OpenBSD solution over a Cisco suppose to be Open one! Then you have the same thing when you need new equipment, if you tell Cisco that you are looking at competition product of their, then you will get discount as long as you know what you are talking about on the hardware. Never on the SmartNet. But very interestingly here, if you talk about Open solutions, like the bgpd or even the ospfd, or better yet, the upcoming MPLS, then you really get them talking and yes, they will call you and try to talk to you in not touching that telling you all kind of bullshit that it's not supported, that you will get problem, it will not work, that you will be better served by Cisco and they will stand by you to help you in emergency and all that crap sale talk. Don't get me wrong Cisco does have good product for most of them. They will help some, may be not as they should for sure if you have SmartNet, but that will cost you big time! However, you will be stuck in this endless continuous under power hardware that needs constant upgrade all the time and they will suck you dry in smartnet contract for not much servic in the end provided sadly in the last few years by 1/2 the time from people that you can't even understand when you talk to them. Sadly the one I find the best are when you open your ticket at night and you get them from down under in Australia. They follow up better and give you better feedback then sadly anyone so far I got in the US and definitely much better then when you are so unlucky to get them from Asia when they follow their script to the letter for most of them when you talk tot hem. You will get some good one at time, but by far it's not the norm as long as you can understand them. Don't get me wrong, some are very nice and know their stuff, but that's not the norm by far and for the price you have to pay for your smartnet, you sure hell have the right to expect BETTER!!! In short, my own experience is as follow. The niceness of Cisco is directly in reverse of the choice of solution you pick being the start
Re: Apache - bandwidth usage limit per vhost
Just curious.. did 'apachectl graceful' tell you anything about that missing file when testing? -- No, 'apachectl graceful' did not give any error.
Re: sysctl(3)
On Thu, Mar 11, 2010 at 05:22:39PM +0001, Jason McIntyre wrote: On Thu, Mar 11, 2010 at 06:02:49PM +0100, Toni Mueller wrote: On Thu, 11.03.2010 at 14:31:46 +0100, Toni Mueller openbsd-m...@oeko.net wrote: But I'll now grab 'comp' too and see if that helps. I've now looked at the man page in -current, and it does not cover the leaves below PF_KEY. i think otto meant only about the missing page, not the PF_KEY stuff. that is currently documented, but we're working on a fix... er, undocumented rather. jmc
openbsd on EFI
I'm a mac user who switched because of System 10 (10.1). I like the bsd env, but I have found myself back on my true security blanket, OpenBSD. I've read various opinions on EFI, and know what to expect as a reply from the hard-liners, but I would like to get a more general opinion of all who contribute to this list regarding their opinions on EFI from the angle of reliability and security. At its most extreme, EFI seems to create a sub-layer where the Operating System never truly has control of the hardware. Given that scenario, is there any possibility (and desire) of flashing the EFI with an Open (read, OpenBSD approved) solution? I'm not talking about rEFIt, which I use, but a more permanent equation. As it is now, rEFIt does not replace anything. This is evidenced by the fact that resetting PRAM (cmd+option+p+r at startup, three times) restores the original bootloader. I assume the copy used for this restore can't be entirely Read-Only as Apple wants to update it as well. I am keeping my current Macbook (rev3,1) in a devel state, and am entirely compliant with any desired experimentation. If there's a high possibility this experimentation could fry my chips, then I just need a year to complete my AppleCare coverage. (haha!)
Re: Apache - bandwidth usage limit per vhost
Just curious.. did 'apachectl graceful' tell you anything about that missing file when testing? That's my first and favorite debug command for apache esp. in production env. Sorry!! I meant to ask about 'apachectl configtest'. THAT is my favorite -- No error. # apachectl configtest Processing config directory: /var/www/conf/modules/*.conf Processing config file: /var/www/conf/modules/host.conf Syntax OK
pjsua + asterisk: debugging or working config
trying to get pjsua working with asterisk using a really basic config file and am having trouble: registration keeps timing out. here is the config file: --registrar=sip:A.B.C.D --id=sip:u...@a.b.c.d --realm=* --username=user --password=pass pjsua then sends registration requests and times out. 12:30:21.978 pjsua_core.c TX 410 bytes Request msg REGISTER/cseq=51529 (tdta0x20b5330a8) to UDP A.B.C.D:5060: REGISTER sip:A.B.C.D SIP/2.0 Via: SIP/2.0/UDP 172.17.57.242:5060;rport;branch=z9hG4bKPj6ac2000313cd8c03 Max-Forwards: 70 From: sip:u...@a.b.c.d;tag=6ac2000213cd8c03 To: sip:u...@a.b.c.d Call-ID: 6ac2000113cd8c03 CSeq: 51529 REGISTER User-Agent: PJSUA v0.7.0/openbsd Contact: sip:u...@a.b.c.d:5060;transport=UDP Expires: 55 Content-Length: 0 any clues as to how i can debug this or a working configuration for use with asterisk would be appreciated. cheers, jake
Re: help with mail retrieval/cleaning/storage setup using openbsd
http://www.kernel-panic.it/openbsd/mail/ On Thu, Mar 11, 2010 at 5:59 PM, inet_use...@samerica.com wrote: Hi, I need to setup an obsd box to work as a local storing mail server (where I can run some antivirus like clamav), for a domain that is hosted on the web. My idea is to have a script that periodically fetches the mail for all users, via POP3 or other protocol, from the the Internet domaing hosting service, runs some kind of antivirus software and then stores them locally for later retrieval (via POP3 ou IMAP) by the users. Has anyone worked on a similar setup and could share some insights? Thanks in advance. Regards, Jose -- http://www.openbsd.org/lyrics.html
Re: A small research paper - Thoughts about Cisco.
On Thu, Mar 11, 2010 at 4:13 AM, TS Lura tsl...@gmail.com wrote: Dear OpenBSD community, I'm doing a small research paper on Cisco and try to find out if they are evil or not in relative to open/free source/standards, and business practice. Eg. locking people to their product line aka the MS way. My experience has nothing to do with the sales/support side of Cisco, but I'm going to reply anyway! As a sys admin with servers located at the old Mae West building (San Jose, Market and Post), I had a password dictionary attack launched against my mail server from a compromised machine inside of Cisco's test labs. I was able to verify through unrelated networks and DNS servers that the compromised machine was located in their test labs in San Jose. Most of you with this experience will agree that an attack from within the same city as your server, let alone the same country, is quite rare. Despite my emailing all associated admin addresses I could find with Cisco, and even getting one reply back from a sysadmin of theirs, the machine remained corrupted and spewing out dictionary attacks for quite some time. Of course, I was blocking it both at the application and firewall. After a couple of weeks I gave up checking to see if the machine had even been shutdown. As a person who Cisco had no monetary interest in, but was directly affecting through their own negligence, I received as much care as Ben Stein might expect from a 1935 German Healthcare Plan.
Re: IPv6, ftp-proxy and PF rules
On Thu, Mar 11, 2010 at 6:45 AM, Mattieu Baptiste mattie...@gmail.com wrote: correctly routed on my firewall. But as I don't want to route a giant port range for FTP on this firewall, I intend to use ftp-proxy. But the rdr-to rule doesn't seem to redirect packets to the ftp-proxy process. I get you now. Since this is a newish feature, i guess it needs more testing :) Steph
Re: A small research paper - Thoughts about Cisco.
On Thu, 11 Mar 2010 15:43 +, TS Lura tsl...@gmail.com wrote: I'm sorry. My intent was not to be inflammatory. My experience with Cisco as a company is limited, so I'm therefor trying to find out more. In that process I maybe asking a controversial question. Which for some is quite obvious. Thanks for the replies so far. .tsl Do they donate to OpenSSH? They use it a lot, but they are not listed here: http://openbsd.org/donations.html Maybe they donate privately. Brad
Re: apachectl restart bug?
On Thu, 11 Mar 2010, Gilles Chehade wrote: On Thu, Mar 11, 2010 at 03:20:33PM +0100, Antoine Jacoutot wrote: On Thu, 11 Mar 2010, Ozgur Kazancci wrote: When apachectl issuing a restart, it sends a SIGHUP signal to httpd, and when httpd receives this signal, it doesn't exit from its chroot. So, apachectl restart becomes unfunctional when you have external modules via LoadModule in your httpd.conf. I have the following line in my httpd.conf: LoadModule throttle_module /usr/lib/apache/modules/mod_throttle.so When you have such a line, (and the module file exists there) apache doesn't want to restart (apachectl restart) anymore. Oh common, at least read the apachectl(8) man page. or the FAQ ... Is this something utterly stupid? just wasting some time... david --- apachectl.orig Wed Mar 3 23:20:53 2010 +++ apachectl Thu Mar 11 20:11:31 2010 @@ -27,6 +27,9 @@ # the path to your httpd binary, including options if necessary HTTPD=/usr/sbin/httpd # +# the path to your httpd configuration file +CONFIGFILE=/var/www/conf/httpd.conf +# # a command that outputs a formatted text version of the HTML at the # url given on the command line. Designed for lynx, however other # programs may work. @@ -116,11 +119,19 @@ fi else if $HTTPD $RCFLAGS -t /dev/null 21; then - if kill -HUP $PID ; then - echo $0 $ARG: httpd restarted + if ps ax | grep $PID | grep chroot /dev/null \ + egrep '^ *LoadModule' $CONFIGFILE /dev/null + then + echo $0 $ARG: httpd chrooted with external modules + echo $0 $ARG: trying stop/start + $0 stop sleep 2 $0 start else - echo $0 $ARG: httpd could not be restarted - ERROR=6 + if kill -HUP $PID ; then + echo $0 $ARG: httpd restarted + else + echo $0 $ARG: httpd could not be restarted + ERROR=6 + fi fi else echo $0 $ARG: configuration broken, ignoring restart
4.7: huge partition at install time
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi folks, I tried todays installer CD of 4.7. Installation went fine, except for one problem: It failed to initialize the 1.4 TByte data partition, and on the first reboot it complained about a file system problem and entered single user mode. Surely no big thing, but I wonder whether it would be possible to use ffs2 by default, if the partition is too huge for ffs? Regards Harri Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuZTMYACgkQUTlbRTxpHjdtRQCgkcG+Y5SZ+/nyPYxwjFCxfcdN q7AAoJKtHHND9+btXeS8kgkvil5tcM8d =MXh6 -END PGP SIGNATURE-
Re: 4.7: huge partition at install time
No one canceled RTFM and UTFG http://www.openbsd.org/faq/faq14.html#LargeDrive On Thu, Mar 11, 2010 at 9:04 PM, Harald Dunkel ha...@darkharri.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi folks, I tried todays installer CD of 4.7. Installation went fine, except for one problem: It failed to initialize the 1.4 TByte data partition, and on the first reboot it complained about a file system problem and entered single user mode. Surely no big thing, but I wonder whether it would be possible to use ffs2 by default, if the partition is too huge for ffs? Regards Harri Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuZTMYACgkQUTlbRTxpHjdtRQCgkcG+Y5SZ+/nyPYxwjFCxfcdN q7AAoJKtHHND9+btXeS8kgkvil5tcM8d =MXh6 -END PGP SIGNATURE- -- http://www.openbsd.org/lyrics.html
Re: openbsd on EFI
On 2010-03-11, Ted Roby ted.r...@gmail.com wrote: At its most extreme, EFI seems to create a sub-layer where the Operating System never truly has control of the hardware. since the 386SL cpu, i386 machines have had SMM (system management mode) which runs underneath the OS...
Re: pjsua + asterisk: debugging or working config
On 2010-03-11, Jacob Yocom-Piatt j...@fixedpointgroup.com wrote: trying to get pjsua working with asterisk using a really basic config file and am having trouble: registration keeps timing out. here is the config file: --realm=* a literal '*'? you probably need whatever's set in asterisk/sip.conf as realm. --no-vad may be useful too.
Su Empresa Ante 35 Millones de Usuarios Mexicanos En Internet - iMex´10 Marzo 26 Mexico DF - Presentado x Google, WSI, OCC Mundial y Doppler
Si no puede ver correctamente el contenido de este Newsletter Haga Click Aqui Congress Marketing Presenta Congreso Nacional iMexB410 Internet Marketing Experts Mexico City Sponsored By Google - WSI We Simplify The Internet - OCC Mundial - Doppler E-Mail Marketing Made SimpleiMex[IMAGE] Ser Visto Para Ser Rentable El Internet como medio de mercadotecnia ofrece beneficios excepcionales y un potencial de reconocimiento de marca para todo tipo de industria. Un evento sin precedentes que propone alternativas de vanguardia y tecnologCa expuestas por lCderes en el C!mbito. La mercadotecnia por Internet es altamente rentable, ofrece muchas ventajas C:nicas que la publicidad tradicional no puede igualar, asC como herramientas de alto impacto y desempeC1o que desarrollarC!n un verdadero vCnculo entre su empresa y su mercado meta. Objetivos y beneficios B?QuC) puede hacer la mercadotecnia por internet por mi negocio? b Generar trC!fico a su sitio web o instalaciones fCsicas (generaciC3n de contactos, ventas, etc.) b Mejorar sus actividades promocionales en lCnea b una forma mC!s de llegar a los clientes b Extender el posicionamiento de su marca en nuevos mercados b Dar a su negocio una ventaja sobre su competencia b Reducir sus costos de mercadotecnia a la vez que mejora sus resultados Viernes 26 de Marzo de 2010 - Crowne Plaza Hotel de MC)xico[IMAGE] Algunos de los temas generales a tratar . Tu presencia en internet . Posicionamiento, trC!fico objetivo y mercadotecnia online . Impacto de las redes sociales como estratC)gia de negocios . La visiC3n de Google . e-mail Marketing Y muchos mC!s! [IMAGE] Descargue su Brochure en pdf con detalles y costos del evento Click AquC Congress Marketing Online S.C. B) 2009 - Afinandoideas.com. Todos los derechos reservados. TelC)fonos en la Cd. de Guadalajara 01(33)1201-6898, (33)1562-1784 y (33)3110-6502 Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Congress Marketing o bien un usuario le refirio para recibir este boletCn. Como usuario de Congress Marketing, en este acto autoriza de manera expresa que Congress Marketing le puede contactar vCa correo electrC3nico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de el y reporte su cuenta respondiendo este correo con el subject BAJA CM000SCRMZ. Unsubscribe to this mailing list, reply a blank message withe the subject UNSUBSCRIBE CM000SCRMZ Tenga en cuenta que la gestiC3n de nuestras bases de datos es de suma importancia y no es intenciC3n de la empresa la inconformidad del receptor.
Re: 4.7: huge partition at install time
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/11/10 21:18, Tomas Bodzar wrote: No one canceled RTFM and UTFG http://www.openbsd.org/faq/faq14.html#LargeDrive I am not talking about the boot partition, but about a data partition set up at install time. Not to mention that OpenBSD is so easy to install, you hardly need the documentation :-). Regards Harri Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEUEARECAAYFAkuZWDAACgkQUTlbRTxpHjfffACWPEkIhd9CPHSi7qSAWRp4q8pO SACeOjdPIHfpJ8K45Ij80Yws7ar++xI= =BBMh -END PGP SIGNATURE-
Re: Atheros AR5212 802.11a/b/g mini-pci wont do 802.11g hostap
Yeah, this is something I did battle with awhile ago. I have a laptop with an Atheros 5005 based card that I use as a gateway between a wired and wireless network. As far as I know, the ath(4) driver doesn't have the ability to do 11g, only 11a and 11b. Same thing with a DCMA81 11abg card. I can't see it being too hard to do, the driver will support OFDM54 - whether this will cooperate with a 802.11g based router I couldn't say. On Thu, Mar 11, 2010 at 2:54 AM, Forman, Jeffrey j...@jeffreyforman.net wrote: To do some more testing, I upgraded to the latest i386 snapshot, but seems that I get the same results. 802.11a/b work, but not g. A subscriber emailed me off list about forcing mode 11g in the hostname.ath0 file, which I did. But to no avail, that did not work either. On Wed, Mar 10, 2010 at 8:48 AM, Forman, Jeffrey j...@jeffreyforman.netwrote: Hi Misc, I recently have built myself a pcengines alix single board computer with an Winstrom CM9 (atheros ar5212) mini pci wifi card, that according to ath(4) supports hostap mode. I believe I have my hostname.ath0 file setup correctly, but the card refuses to go into 11g mode, only using 11b/11a. When attempting to run sh /etc/netstart ath0 with the below hostnames.ath0, I receive no error message. The card just goes into 11b or 11a mode. Is there something I'm missing, or any debugging I can provide to get this functionality working? Currently I am running the 4.6 stable branch on this machine. Thanks, Jeff dmesg: OpenBSD 4.6-stable (GENERIC) #2: Sun Mar 7 23:07:23 EST 2010 r...@builder:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD 586-class) 499 MHz cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX real mem = 268009472 (255MB) avail mem = 250335232 (238MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 11/05/08, BIOS32 rev. 0 @ 0xfd088 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xe/0xa800 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x33 glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES vr0 at pci0 dev 9 function 0 VIA VT6105M RhineIII rev 0x96: irq 10, address 00:0d:b9:1b:b6:4c ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr1 at pci0 dev 10 function 0 VIA VT6105M RhineIII rev 0x96: irq 11, address 00:0d:b9:1b:b6:4d ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr2 at pci0 dev 11 function 0 VIA VT6105M RhineIII rev 0x96: irq 15, address 00:0d:b9:1b:b6:4e ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 ath0 at pci0 dev 12 function 0 Atheros AR5212 rev 0x01: irq 9 ath0: AR5213A 5.9 phy 4.3 rf5112a 3.6, FCC2A*, address 00:1b:b1:02:de:ad glxpcib0 at pci0 dev 15 function 0 AMD CS5536 ISA rev 0x03: rev 0, 32-bit 3579545Hz timer, watchdog, gpio gpio0 at glxpcib0: 32 pins pciide0 at pci0 dev 15 function 2 AMD CS5536 IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: SanDisk SDCFH-008G wd0: 1-sector PIO, LBA, 7641MB, 15649200 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 pciide0: channel 1 ignored (disabled) ohci0 at pci0 dev 15 function 4 AMD CS5536 USB rev 0x02: irq 12, version 1.0, legacy support ehci0 at pci0 dev 15 function 5 AMD CS5536 USB rev 0x02: irq 12 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 AMD EHCI root hub rev 2.00/1.00 addr 1 isa0 at glxpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 usb1 at ohci0: USB revision 1.0 uhub1 at usb1 AMD OHCI root hub rev 1.00/1.00 addr 1 biomask 71e7 netmask ffe7 ttymask mtrr: K6-family MTRR support (2 registers) nvram: invalid checksum umass0 at uhub0 port 1 configuration 1 interface 0 Western Digital External HDD rev 2.00/1.75 addr 2 umass0: using SCSI over Bulk-Only scsibus0 at umass0: 2 targets, initiator 0 sd0 at scsibus0 targ 1 lun 0: WD, 2500BMV External, 1.75 SCSI2 0/direct fixed sd0: 238475MB, 512 bytes/sec, 488397168 sec total softraid0 at root root on wd0a swap on wd0b dump on wd0b # cat /etc/hostname.ath0 inet 10.10.1.1 255.255.255.0 10.10.1.255 mediaopt hostap nwid mywifi wpa wpaciphers tkip,ccmp wpapsk redacted description Wireless HostAP # ifconfig ath0 media ath0: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:1b:b1:de:ad description: Wireless
Re: apachectl restart bug?
On 3/11/10, David Coppa dco...@gmail.com wrote: Is this something utterly stupid? just wasting some time... david --- apachectl.orig Wed Mar 3 23:20:53 2010 +++ apachectl Thu Mar 11 20:11:31 2010 @@ -27,6 +27,9 @@ # the path to your httpd binary, including options if necessary HTTPD=/usr/sbin/httpd # +# the path to your httpd configuration file +CONFIGFILE=/var/www/conf/httpd.conf it may fail in case one uses -d and/or -f flags to the httpd (e.g. sets them in /etc/rc.conf or /etc/rc.conf.local) +# # a command that outputs a formatted text version of the HTML at the # url given on the command line. Designed for lynx, however other # programs may work. @@ -116,11 +119,19 @@ fi else if $HTTPD $RCFLAGS -t /dev/null 21; then - if kill -HUP $PID ; then - echo $0 $ARG: httpd restarted + if ps ax | grep $PID | grep chroot /dev/null \ + egrep '^ *LoadModule' $CONFIGFILE /dev/null + then + echo $0 $ARG: httpd chrooted with external modules + echo $0 $ARG: trying stop/start + $0 stop sleep 2 $0 start else - echo $0 $ARG: httpd could not be restarted - ERROR=6 + if kill -HUP $PID ; then + echo $0 $ARG: httpd restarted + else + echo $0 $ARG: httpd could not be restarted + ERROR=6 + fi fi else echo $0 $ARG: configuration broken, ignoring restart
Re: 4.7: huge partition at install time
On 3/11/2010 2:53 PM, Harald Dunkel wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/11/10 21:18, Tomas Bodzar wrote: No one canceled RTFM and UTFG http://www.openbsd.org/faq/faq14.html#LargeDrive I am not talking about the boot partition, but about a data partition set up at install time. Not to mention that OpenBSD is so easy to install, you hardly need the documentation :-). That is your first mistake. For one thing, you mentioned a file system problem... what was the exact error? If you are trying to fsck that slice, you'll have to wait a long time, and you'll need a whole gob of RAM to fsck it. You'd do better splitting that into two disks. Search the mailing list for large drive issue... Bryan
Re: 4.7: huge partition at install time
On 2010-03-11, Harald Dunkel ha...@darkharri.de wrote: On 03/11/10 21:18, Tomas Bodzar wrote: No one canceled RTFM and UTFG http://www.openbsd.org/faq/faq14.html#LargeDrive I am not talking about the boot partition, but about a data partition set up at install time. Not to mention that OpenBSD is so easy to install, you hardly need the documentation :-). Maybe we should make it harder then! Read the FFS vs. FFS2 section.
Re: OT: multiple web servers on OpenBSD (WAS: OT: vmware blah blah)
Scott McEachern wrote: ... I ended up doing this: - one OpenBSD box, with multiple IP address aliases - one OpenBSD firewall, which rdr's external IPs to the appropriate webserver IP - 5 chrooted OpenBSD default (1.3.29) Apache's (at this time, I have no need for Apache 2, but hey, it's in ports.) - 5 custom httpd.conf files for each - 5 custom php.ini files for each (plus other related config file friends) - 5 different httpd daemons for each (httpd0-4), just in case - virtual aliases with Apache is not a solution because the sites use https/ssl - all the sites have all the php-*, pear-*, mod_* stuff at their disposal I have the same setup running. Each apache instance runs chrooted under their own user id and home directory. The setup I had before that was more interesting as it only needed one IP. A main httpd instance was setup to do proxy for the individual httpd instances of each site. The main instance ran on port 80 with the real IP. The site instances ran on localhost with each their own port number and weren't accessible from outside of the machine. Logging, SSL and maintenance is a pain though.
ftp-proxy for outgoing connection
Hi, my -current firewall is configured to block all in, block all out and allow only certain outbound connections. Now I want to allow outbound ftp connections. I read ftp-proxy(8) and http://openbsd.org/faq/pf/ftp.html#client. As I understand it, ftp-proxy could be used to create rules for inbound and outbound connections on 4.6. Now on -current the rdr keyword is missing from the pf.conf syntax. Instead ftp-proxy(8) suggests using rdr-to, but this only works for inbound connections. Is it possible to allow ftp connections from a local client to public ftp serves on the internet? Possibly by using ftp-proxy? Kind regards, Christopher
Re: OT: multiple web servers on OpenBSD (WAS: OT: vmware blah blah)
On Thu, 11 Mar 2010 16:47:54 -0600, Claus cnie...@gmx.net wrote: I have the same setup running. Each apache instance runs chrooted under their own user id and home directory. That's a lot of apache instances running... and how much functionality are you really getting out of them? Lighttpd or NginX with FastCGI works very well. I'm running php-fastcgi once per domain, chrooted to its virtual host directory; I've also got non-PHP FastCGI applications running in unrelated chroots. One process (lighttpd) handles SSL and most logging (each PHP instance logs in its chroot, but that separates different users' PHP logs too). Maintenance is still a pain, though, as I have to copy all relevant binaries, PHP modules, and dependent shared libraries into each chroot every upgrade. I keep meaning to write a script to maintain that: copy new binaries (e.g., php-fastcgi) over, determine what shared objects they link to, copy those over, and delete old versions. -- Matthew Weigel hacker unique idempot . ent
Re: ftp-proxy for outgoing connection
Use 4.6, read this: http://www.openbsd.org/faq/current.html#20090901 or wait until 4.7 and read the new man page. Cheers, noah Christopher Zimmermann wrote: Hi, my -current firewall is configured to block all in, block all out and allow only certain outbound connections. Now I want to allow outbound ftp connections. I read ftp-proxy(8) and http://openbsd.org/faq/pf/ftp.html#client. As I understand it, ftp-proxy could be used to create rules for inbound and outbound connections on 4.6. Now on -current the rdr keyword is missing from the pf.conf syntax. Instead ftp-proxy(8) suggests using rdr-to, but this only works for inbound connections. Is it possible to allow ftp connections from a local client to public ftp serves on the internet? Possibly by using ftp-proxy? Kind regards, Christopher
Re: IPv6, ftp-proxy and PF rules
On Mon, Mar 08, 2010 at 10:36:46AM +0100, Mattieu Baptiste wrote: Hi all, I have a public FTP server accessible through redirections on my firewall via ftp-proxy (my server has a private IPv4 address on a local subnet). I d'like to make it accessible through my IPv6 connectivity (gif tunnel with hurricane electric). With this IPv6 connectivity, all my servers have public addresses. But I can't find a way to do it with ftp-proxy which seems to support my setup. In my pf.conf I have: anchor ftp-proxy/* pass in log quick on gif0 inet6 proto tcp to port ftp rdr-to ::1 port 8121 Then I start the IPv6 instance of ftp-proxy with: /usr/sbin/ftp-proxy -6 -p 8121 I tried to start ftp-proxy with -vv -D 7 but I haven't any output (with the IPv4 instance of ftp-proxy I can see the ftp connection). Nothing happens. It seems the redirection in my pf.conf isn't happening. On the other hand, with the log keyword on this rule, the rule correctly matches since I can see it on pflog0... Any Ideas ? Local IPv6 redirects do not work at least not to ::1. This is a bu^Wfeature in netinet6. It seems none of our IPv6 users care to much to fix it (or they're equaly scared of the code). -- :wq Claudio
Re: ftp-proxy for outgoing connection
On 2010-03-11, Christopher Zimmermann madro...@zakweb.de wrote: Hi, my -current firewall is configured to block all in, block all out and allow only certain outbound connections. Now I want to allow outbound ftp connections. I read ftp-proxy(8) and http://openbsd.org/faq/pf/ftp.html#client. As I understand it, ftp-proxy could be used to create rules for inbound and outbound connections on 4.6. Now on -current the rdr keyword is missing from the pf.conf syntax. Instead ftp-proxy(8) suggests using rdr-to, but this only works for inbound connections. Is it possible to allow ftp connections from a local client to public ftp serves on the internet? Possibly by using ftp-proxy? I suspect your understanding of inbound is from the viewpoint of your network; PF doesn't care about that at all, it's only concerned with whether a packet is inbound or outbound to a particular interface. rdr only works for inbound connections too. A rule like the following works just fine for a ftp connection from a local client to a public ftp server: pass in quick log on {lan, wifi, natted} inet proto tcp \ to port 21 rdr-to 127.0.0.1
Re: Route modified dynamically
On 2010-03-10, Massimo Lusetti mass...@cedoc.mo.it wrote: Hi misc, I got a 4.5 box which act as a perimeter ipsec routing gateway, it has 682 flow (by ipsecctl -sf | wc -l). Some of this flow are up with a static route to the other point of the ipsec tunnel and some of these routes are changing dynamically (netstat shows UGHMS flags). When these routes changes dynamically my tunnel fall cause i cannot reach my tunnel endpoint anymore. Probably these redirect are coming from some ciscozze with HSRP or something and I've already asked the ciscozze admin to look without any luck so I guess I've to do something on my side and I'm here to ask for hints. M flag - yes, that's from a redirect. sysctl net.inet.icmp.rediraccept=0 should prevent them from being accepted, but there will be a reason why you're getting them, you should try and work out what this is...
Re: OT: multiple web servers on OpenBSD (WAS: OT: vmware blah blah)
Claus wrote: I have the same setup running. Each apache instance runs chrooted under their own user id and home directory. I realized after I sent that message that I left out a couple of details, like each instance also having its own user (www0-4). I leave the default www user and /var/www stuff pretty much untouched in case I need to look at something 'untainted' by my fingers. The normal install of the modules modifies those bits of course, which are later copied to the individual httpd homedirs as needed. I don't recall exactly what does and doesn't need copying, I have it all _very_ throughly documented kinda script-like so I can reproduce it quickly if need be, with my notes and copy/paste-able mass link / copy / etc commands. The setup I had before that was more interesting as it only needed one IP. A main httpd instance was setup to do proxy for the individual httpd instances of each site. The main instance ran on port 80 with the real IP. The site instances ran on localhost with each their own port number and weren't accessible from outside of the machine. Logging, SSL and maintenance is a pain though. I never tried the proxy method simply because I wanted all daemons to be autonomous. If something died, so be it (I should note it's never happened yet). Not to mention, I use a couple of the sites for development, so sometimes I have to kill an individual httpd{x} instance when I monkey with the config. I have briefly considering moving from Apache to nginx, but haven't for a few reasons: 1) ATM, I don't need the performance of nginx vs. Apache, not by a long shot 2) I love the track record of OpenBSD's Apache. It's been fine for me for years. 3) just when I was peeking into nginx (stable) a security vuln popped up. I'm sure it's excellent, but *to me* it could mature, security-wise. (no flames please) 4) time to play with it all and get everything nicely together 5) simple philosophy: if it ain't broke, don't fix it. When I have time, I need to figure out some automated solution to deal with the logs. I use cronolog for rotation with custom log file formats, and have plans to do some things with webalizer-type apps, but that's still on the back burner. My interest is in using relayd to filter bad requests (again, back burner for now.) I have *not* done my homework on this yet, but when I farted around with it briefly a few days back, I ran into problems with the relayd config for SSL acceleration. Again, when I have time I'll look into it, but I was stumped and figured I'll make sure my RTFM-fu is strong before I post here about it. (Besides, isn't it somehow more satisfying to finally go *aha I fixed my mistake* without asking for help?) I knew I wasn't the only one that realized (for many circumstances, I'm not saying _all_) that VM'ing a lot of services is just silly, but it's nice to hear from others also doing the multiple httpd thing with OpenBSD. For Matthew Weigel: Yes, there are a lot of httpd instances. I'm not entirely sure of how shared memory applies in this case (probably not), but on my web server my memory use is 129M/316M, and that includes a bunch of other daemons (eg. databases), when pretty much idle. It has plenty of room to grow, but if memory becomes an issue, I'll look harder into nginx. (I'd like to do it just for the knowledge, but again, time constraints.) For the installation of everything into the chroot, I can't comment on non-Apache setups, but with Apache it loads that stuff before chrooting so only one installed version needs to be done, which makes life easier. The links (etc) still have to be done. It could easily be scripted, but I prefer to have my notes (with my big don't forget warnings) where I can just paste the commands. If your documentation (notes) are solid, you'll be fine, and I just played musical tables with the servers (new drives for both) using carp and another box a few months back with no probs. As long as your notes are thorough enough that a blind drunk moron could do it.. :) Hope this isn't noise on the list. -- -RSM http://www.erratic.ca
Re: Route modified dynamically
On Fri, Mar 12, 2010 at 12:28:33AM +, Stuart Henderson wrote: On 2010-03-10, Massimo Lusetti mass...@cedoc.mo.it wrote: Hi misc, I got a 4.5 box which act as a perimeter ipsec routing gateway, it has 682 flow (by ipsecctl -sf | wc -l). Some of this flow are up with a static route to the other point of the ipsec tunnel and some of these routes are changing dynamically (netstat shows UGHMS flags). Wow that's a strange flag combo. Why is S M set together? Hmm. Another strange routing thing I need to have a loot at. Most probably the cloning is done wrong. When these routes changes dynamically my tunnel fall cause i cannot reach my tunnel endpoint anymore. Probably these redirect are coming from some ciscozze with HSRP or something and I've already asked the ciscozze admin to look without any luck so I guess I've to do something on my side and I'm here to ask for hints. M flag - yes, that's from a redirect. sysctl net.inet.icmp.rediraccept=0 should prevent them from being accepted, but there will be a reason why you're getting them, you should try and work out what this is... -- :wq Claudio
Pravo je vreme da se pobrinete za svoj izgled
Top Shop Top Shop âPoD etna | Lepota | Budi fit! | DomaDinstvo | Zdrav Eivot | Saveti i zabava Do savrÅ¡enog izgleda bez muke! Ab Tronic X 2 Do D vrstih trbuÅ¡njaka bez veEbanja. Ab Tronic X2 radi umesto Vas! Ab Tronic X2 7.990 rsd poruD ite viÅ¡e Hair Do - POPUST! Super frizura u svakoj prilici za svega nekoliko minuta! SavrÅ¡eno pristaju svakoj kosi! Hair Do 6.791,5 rsd poruD ite viÅ¡e Top Shop Ab Rocket - POPUST! Dvrsti trbuÅ¡njaci uz minimalni napor. VeEbajte uz prijatnu masaEu leDa! Ab Rocket 5.992 rsd poruD ite viÅ¡e Leg Magic - POPUST! Zategnute noge i zadnjica za samo 13 minuta veEbanja dnevno! Izgledajte privlaD no. PQP5P=P0P6P5Q P4P;Q P=PP3 Leg Magic 6.391 rsd poruD ite viÅ¡e Variolux MasaEer VibromasaEa celog tela, oblikuje ruke, noge, zadnjicu i stomak, eliminiÅ¡e celulit! Variolux Massager 14.990 rsd poruD ite viÅ¡e Winsor Pilates 3 DVD-a Najpopularniji program pilates treninga na svetu! Uz POPUST od D ak 62%! Winsor Pilates 1.341 rsd poruD ite viÅ¡e 2 X Snuggie - POPUST! Hladno vreme ne prestaje. Obezbedite sebi i joÅ¡ nekom najtoplije Debe - sa rukavima! 2 x Snuggie 2.990 rsd poruD ite viÅ¡e Proactiv + POKLON! Krema za masnu koEu. Pripremite svoje lice za leto. Uz POKLON papuD e! Proactiv 990 rsd poruD ite viÅ¡e Velform Enchance Bra 2 prsluka za podizanje grudi u crnoj i kren boji. Zavodljiv dekolte za 1 minut! Velgorm Enchance Bra 3.490 rsd poruD ite viÅ¡e Rejuvera + POKLON Kompletna nega lica po super ceni! Proactiv krema na POKLON! Rejuvera + Poklon 5.490 rsd poruD ite viÅ¡e Nega tela i kose Paket kozmetike za negu tela i kose. Losoin i Å¡ampon protiv peruti + krema za lice i telo. Stara planinska riznica - paket 1.590 rsd poruD ite viÅ¡e Nega i relaksacija tela Kozmetika za negu i relaksaciju tela. Anticelulit gel + piling so + krema za negu lica i tela. Stara planinska riznica - relaksacija i nega tela 1.690 rsd poruD ite viÅ¡e Rina's 1+2 PAKET! Knjige sa recepturama za skidanje kilograma i odrEavanje idealne telesne teEine. Rina's 1+2 1.190 rsd poruD ite viÅ¡e H2O Mop Ultra ParoD istaD 3 u 1 - D iÅ¡Denje podova, tepiha i nameÅ¡taja - sve u jednom! H2O Mop Ultra 9.990 rsd poruD ite viÅ¡e FlavorWave Oven Brzo pripremanje ukusnih i zdravih obroka i priprema viÅ¡e jela od jednom! FlavorWave Turbo Oven 11.490 rsd poruD ite viÅ¡e Quelle popust od 30%! Ovu elektronsku poÅ¡tu primate, ukoliko ste svojevoljno ostavili svoju e-mail adresu na nekom od sajtova Top Shop-a, uD estvovali u naÅ¡oj poklon igri ili nagradnom kvizu ili se prijavili za e-D asopis Top Shop-a ili nekog od nasih brendova. Ponude date u ovom e-mailu vaEe iskljuD ivo za porudEbine upuDene putem Interneta ili broja telefona 021 489 26 60. Ponude vaEe do 31. 03. 2010. ili do isteka zaliha. Isporuku vrÅ¡imo samo u Srbiji. Ukoliko ne Eelite viÅ¡e da primate naÅ¡e elektronske poruke, za odjavljivanje sa naÅ¡e e-mailing liste, , kliknite ovde. U obrazac na internet stranici upiÅ¡ite svoju taD nu e-mail adresu i odjavu potvrdite. Studio Moderna d.o.o., Bulevar vojvode Stepe 30, 21000 Novi Sad, Tel: 021 489 26 60, Fax: 021 489 29 08, E-mail: i...@news.e-topshop.tv [IMAGE]If you would no longer like to receive our emails please unsubscribe by clicking here.
Re: loongson was -current or -stable [was: Not another Browser Question]
On Sat, Mar 6, 2010 at 3:37 PM, Eric Furman ericfur...@fastmail.net wrote: Yea ,and its made by the Chinese. Fuck China. China is one of the worst murderous dictatorships in the last 500 years. If it was 1935 and the UberMensch PC would you all be falling over yourselves to get one?? George Santayana is rolling over in his grave. My appy poly loggies for my political rant. Cary on... Like OpenBGPD and Hitler? --Siju
Re: Muzica Populara Romaneasca
Buna, Uite un site cu muzica populara sa descarci gratis mp3, m-am gandit ca poate iti place muzica populara. www.muzoon.go.ro
Su Empresa Ante 35 Millones de Usuarios Mexicanos En Internet - iMex´10 Marzo 26 Mexico DF - Presentado x Google, WSI, OCC Mundial y Doppler
Si no puede ver correctamente el contenido de este Newsletter Haga Click Aqui Congress Marketing Presenta Congreso Nacional iMexB410 Internet Marketing Experts Mexico City Sponsored By Google - WSI We Simplify The Internet - OCC Mundial - Doppler E-Mail Marketing Made SimpleiMex[IMAGE] Ser Visto Para Ser Rentable El Internet como medio de mercadotecnia ofrece beneficios excepcionales y un potencial de reconocimiento de marca para todo tipo de industria. Un evento sin precedentes que propone alternativas de vanguardia y tecnologCa expuestas por lCderes en el C!mbito. La mercadotecnia por Internet es altamente rentable, ofrece muchas ventajas C:nicas que la publicidad tradicional no puede igualar, asC como herramientas de alto impacto y desempeC1o que desarrollarC!n un verdadero vCnculo entre su empresa y su mercado meta. Objetivos y beneficios B?QuC) puede hacer la mercadotecnia por internet por mi negocio? b Generar trC!fico a su sitio web o instalaciones fCsicas (generaciC3n de contactos, ventas, etc.) b Mejorar sus actividades promocionales en lCnea b una forma mC!s de llegar a los clientes b Extender el posicionamiento de su marca en nuevos mercados b Dar a su negocio una ventaja sobre su competencia b Reducir sus costos de mercadotecnia a la vez que mejora sus resultados Viernes 26 de Marzo de 2010 - Crowne Plaza Hotel de MC)xico[IMAGE] Algunos de los temas generales a tratar . Tu presencia en internet . Posicionamiento, trC!fico objetivo y mercadotecnia online . Impacto de las redes sociales como estratC)gia de negocios . La visiC3n de Google . e-mail Marketing Y muchos mC!s! [IMAGE] Descargue su Brochure en pdf con detalles y costos del evento Click AquC Congress Marketing Online S.C. B) 2009 - Todos los derechos reservados. TelC)fonos en la Cd. de Guadalajara 01(33)1201-6898, (33)1562-1784 y (33)3110-6502 Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Congress Marketing o bien un usuario le refirio para recibir este boletCn. Como usuario de Congress Marketing, en este acto autoriza de manera expresa que Congress Marketing le puede contactar vCa correo electrC3nico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de el y reporte su cuenta respondiendo este correo con el subject BAJA CM000SCRMZ. Unsubscribe to this mailing list, reply a blank message withe the subject UNSUBSCRIBE CM000SCRMZ Tenga en cuenta que la gestiC3n de nuestras bases de datos es de suma importancia y no es intenciC3n de la empresa la inconformidad del receptor.
Re: Route modified dynamically
On Fri, Mar 12, 2010 at 01:43:39AM +0100, Claudio Jeker wrote: | On Fri, Mar 12, 2010 at 12:28:33AM +, Stuart Henderson wrote: | On 2010-03-10, Massimo Lusetti mass...@cedoc.mo.it wrote: | Hi misc, | I got a 4.5 box which act as a perimeter ipsec routing gateway, it | has 682 flow (by ipsecctl -sf | wc -l). | | Some of this flow are up with a static route to the other point of the | ipsec tunnel and some of these routes are changing dynamically (netstat | shows UGHMS flags). | | | Wow that's a strange flag combo. Why is S M set together? SM both set ? Why are you not making a v6 joke, Claudio ? :) Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/ [demime 1.01d removed an attachment of type application/pgp-signature]
Re: ftp-proxy for outgoing connection
On 12 March 2010 c. 03:23:00 Stuart Henderson wrote: On 2010-03-11, Christopher Zimmermann madro...@zakweb.de wrote: Hi, my -current firewall is configured to block all in, block all out and allow only certain outbound connections. Now I want to allow outbound ftp connections. I read ftp-proxy(8) and http://openbsd.org/faq/pf/ftp.html#client. As I understand it, ftp-proxy could be used to create rules for inbound and outbound connections on 4.6. Now on -current the rdr keyword is missing from the pf.conf syntax. Instead ftp-proxy(8) suggests using rdr-to, but this only works for inbound connections. Is it possible to allow ftp connections from a local client to public ftp serves on the internet? Possibly by using ftp-proxy? I suspect your understanding of inbound is from the viewpoint of your network; PF doesn't care about that at all, it's only concerned with whether a packet is inbound or outbound to a particular interface. rdr only works for inbound connections too. A rule like the following works just fine for a ftp connection from a local client to a public ftp server: pass in quick log on {lan, wifi, natted} inet proto tcp \ to port 21 rdr-to 127.0.0.1 Well, if block out all is set on external interface then ftp-proxy outgoing connections will be blocked - ftp-proxy(8) does not create PF rules for connections itself. Something like pass out on $ext_if from ($ext_if) to port ftp will workaround this, but I think ftp-proxy(8) should be fixed instead... -- Best wishes, Vadim Zhukov A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: apachectl restart bug?
On Thu, Mar 11, 2010 at 10:39 PM, Denis Doroshenko denis.doroshe...@gmail.com wrote: it may fail in case one uses -d and/or -f flags to the httpd (e.g. sets them in /etc/rc.conf or /etc/rc.conf.local) This doesn't obey to -d too: # the path to your PID file PIDFILE=/var/www/logs/httpd.pid the problem is apachectl being generally crappy! ciao, david
Re: ftp-proxy for outgoing connection
On Fri, 12 Mar 2010 00:23:00 + (UTC) Stuart Henderson wrote: On 2010-03-11, Christopher Zimmermann madro...@zakweb.de wrote: Hi, my -current firewall is configured to block all in, block all out and allow only certain outbound connections. Now I want to allow outbound ftp connections. I read ftp-proxy(8) and http://openbsd.org/faq/pf/ftp.html#client. As I understand it, ftp-proxy could be used to create rules for inbound and outbound connections on 4.6. Now on -current the rdr keyword is missing from the pf.conf syntax. Instead ftp-proxy(8) suggests using rdr-to, but this only works for inbound connections. Is it possible to allow ftp connections from a local client to public ftp serves on the internet? Possibly by using ftp-proxy? I suspect your understanding of inbound is from the viewpoint of your network; PF doesn't care about that at all, it's only concerned with whether a packet is inbound or outbound to a particular interface. ok, thanks. Thats clear. I don't have a whole net. Its just a single workstation, using pppoe0 to reach the internet. So the ftp client is running on the firewall, not behind it. The packets will be outbound on my pppoe0, but not inbound any any interface, will they? rdr only works for inbound connections too. As I unterstood it, it works _only_ for inbound connections. A rule like the following works just fine for a ftp connection from a local client to a public ftp server: pass in quick log on {lan, wifi, natted} inet proto tcp \ to port 21 rdr-to 127.0.0.1 Isn't this just the example from the default pf.conf with on {...} added and port 8021 left away? After reading http://www.openbsd.org/faq/current.html#20090901 it seems to me that it is in fact not possible at the moment to use a ftp-client on a firewall until the current restrictio on rdr-to in pfctl will be removed. Is this true? Chrisotpher
Re: ftp-proxy for outgoing connection
On 2010/03/12 10:14, Vadim Zhukov wrote: On 12 March 2010 ?. 03:23:00 Stuart Henderson wrote: On 2010-03-11, Christopher Zimmermann madro...@zakweb.de wrote: Hi, my -current firewall is configured to block all in, block all out and allow only certain outbound connections. Now I want to allow outbound ftp connections. I read ftp-proxy(8) and http://openbsd.org/faq/pf/ftp.html#client. As I understand it, ftp-proxy could be used to create rules for inbound and outbound connections on 4.6. Now on -current the rdr keyword is missing from the pf.conf syntax. Instead ftp-proxy(8) suggests using rdr-to, but this only works for inbound connections. Is it possible to allow ftp connections from a local client to public ftp serves on the internet? Possibly by using ftp-proxy? I suspect your understanding of inbound is from the viewpoint of your network; PF doesn't care about that at all, it's only concerned with whether a packet is inbound or outbound to a particular interface. rdr only works for inbound connections too. A rule like the following works just fine for a ftp connection from a local client to a public ftp server: pass in quick log on {lan, wifi, natted} inet proto tcp \ to port 21 rdr-to 127.0.0.1 Well, if block out all is set on external interface then ftp-proxy outgoing connections will be blocked - ftp-proxy(8) does not create PF rules for connections itself. Something like True, I was just considering the differences from 4.6. pass out on $ext_if from ($ext_if) to port ftp will workaround this, but I think ftp-proxy(8) should be fixed instead... hmm, that used to be there... what do you think, does this make sense? Index: ftp-proxy.8 === RCS file: /cvs/src/usr.sbin/ftp-proxy/ftp-proxy.8,v retrieving revision 1.14 diff -u -p -r1.14 ftp-proxy.8 --- ftp-proxy.8 21 Nov 2009 13:59:31 - 1.14 +++ ftp-proxy.8 12 Mar 2010 07:41:10 - @@ -170,6 +170,7 @@ Adjust the rules as needed. .Bd -literal -offset 2n anchor ftp-proxy/* pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021 +pass out on egress proto tcp from (self) to port 21 user proxy .Ed .Sh SEE ALSO .Xr ftp 1 ,
Re: apachectl restart bug?
On 2010-03-12, David Coppa dco...@gmail.com wrote: On Thu, Mar 11, 2010 at 10:39 PM, Denis Doroshenko denis.doroshe...@gmail.com wrote: it may fail in case one uses -d and/or -f flags to the httpd (e.g. sets them in /etc/rc.conf or /etc/rc.conf.local) This doesn't obey to -d too: # the path to your PID file PIDFILE=/var/www/logs/httpd.pid the problem is apachectl being generally crappy! I don't think there's much point in having apachectl parse enough to work this out, but maybe it's worth checking if httpd is still running after the HUP and printing a simple warning if not..