Re: Backup and monitoring
How about looking at rsync Thats what we use and it will list out changes. I used to cron it each night and have it email the output... -- J.D. Bronson
Re: 4.6 reboots x336 ibm server(s)
I would try a -current but the 4.6-STABLE I have in use on Machine #1 has been running fine and I am not seeing reboots or unexpected shutdowns as the OP has been experiencing. The Machine #2 will only run -current and I can't figure that out when they are identical. I suspect 4.7 will run fine on both machines.. -- J.D. Bronson
Re: 4.6 reboots x336 ibm server(s)
I just joined this thread today, but had a similar issue with an IBM 305 machine. On 4.5, it would randomly just shut down. No reason. Nothing in any logs, it was as if the power was pulled. I have 2 identical IBM 305 machines and it was happening on both, so that technically ruled out any specific hardware failure. What I did notice (in the BIOS events) was that the IBM reported fan #1,2,3 loss. Something seemed to disrupt the fan speed to bios reporting and I suspect the machine powered down since it thought it was overheating? - I could go a day or 2 weeks. Very random. 4.6 hasn't done this (yet) and uptime has been over a month. However, eventhough both IBMs are the same in every way, 4.6-REL will boot on machine #2 but I have no networking. If I use a 4.6-CUR snapshot, it comes up fine. That makes NO sense, yet another user reported the same exact thing. -- J.D. Bronson
Re: IBM 305 server and 4.6
Mauro Rezzonico wrote: Just a shot in the dark: If the problem is with the network, maybe the problem is from the net (cables, switches, hub, routers, etc.) You could try to ping the machines from a laptop connected by a cross-cable... If the required hardware is at hand and you have access to the machines this is going to cost you very little time I tried GENERIC vs GENERIC.MP and that didnt help... So then I tried a 11/19 snapshot today. It works on the stubborn machine. Works perfectly in fact. Seems we are in the same boat. It still makes no sense. -- J.D. Bronson Aurora Sinai Medical Center Aurora West Allis Medical Center Office: 414.978.8282 // Fax: 414.978.3988
Re: IBM 305 server and 4.6
Mauro Rezzonico wrote: Just a shot in the dark: If the problem is with the network, maybe the problem is from the net (cables, switches, hub, routers, etc.) You could try to ping the machines from a laptop connected by a cross-cable... If the required hardware is at hand and you have access to the machines this is going to cost you very little time As I had mentioned though, any other OS on this machine works fine. That essentially eliminates any network issue I can think of. I even went as far as setting up the machine and my laptop on a stand alone unmanaged ethernet switch. Nothing else on there. Still nothing. -ifconfig -a shows the NIC up. -I can internally ping the nic from the console. -netstat -rn shows proper routes. If I try to ping another LAN machine from the console, i get request timed out and arp -a shows IPs with (incomplete) in the MAC area section. I am going to try a snapshot from 11/19 I just got. Openbsd just doesnt like this 1 particular machineIf I take the drive out and put in the other IBM (same exact model/type) it works fine. I am not going to spend more than a few hrs on this at this point and just give up...but a snapshot try won't hurt and its easy enough. I will follow up shortly. -- JD
Re: IBM 305 server and 4.6
Since 4.6 will run on one machine and not the other, I did run diff on the dmesg outputs. The *only* difference was a BIOS line: Machine that works: bios0: IBM -[8673000]- Machine that fails: bios0: IBM -[867382X]- They are both 8673-82X machines and I can't see this being an issue, but I dont know. I think the motherboard was swapped out at some point and likely lost the suffix part. I could try a snapshot. I have nothing to loose, but since the release works on one machine and they are virtually identical, I'm not sure. Any other OS works on the weird machine. -- J.D. Bronson
IBM 305 server and 4.6
I have a very odd thing happening and I am looking for anything I may have overlooked while troubleshooting... (2) identical IBM 305 (8673-82x) machines equipped 100% the same with dual onboard BGE gig NICs. Nothing else extra added. Bios is same and options are setup exact. Basically machine #2 is just a 'ready' backup for machine #1 and typically I build the OS on Machine #1 then 'clone' an identical drive - toss it in machine #2 and test it. Usually thats never any issue. I am unable to do this with OpenBSD 4.6 i386. Thinking it was a mistake in the 'cloning', I took the drive out of machine #1 and put it into machine #2. It boots fine. NIC shows gig speed as expected - but while everything seems ok - the machine wont communicate with my lan. I rebooted the network switch in case it was an arp issue. Nope. I then did a standalone fresh install on machine #2. No issues with install or boot, but the same NO NETWORK. If I install any other OS on machine #2, such as net or free - the machine runs and performs fine. I am at a total loss on this as it makes NO sense whatsoever but don't know what else to check. Anything left to check out that I missed? -- J.D. Bronson
dhclient
I am running a fairly simple dhclient on my OBSD 4.4 box and it runs as a firewall. bge0 = lan bge1 = wan dhcp to ISP What I have discovered is that all works well UNTIL the ISP modem is rebooted. At that point, dhclient seems to sleep and then VANISH. For example...I am running fine and then reboot my ISP modem: Here is what happens: 06:45:48 fw dhclient[16611]: DHCPREQUEST on bge1 to 255.255.255.255 port 67 06:45:55 fw dhclient[16611]: DHCPREQUEST on bge1 to 255.255.255.255 port 67 06:46:02 fw dhclient[16611]: DHCPDISCOVER on bge1 to 255.255.255.255 port 67 interval 4 06:46:06 fw dhclient[16611]: DHCPDISCOVER on bge1 to 255.255.255.255 port 67 interval 6 06:46:12 fw dhclient[16611]: DHCPDISCOVER on bge1 to 255.255.255.255 port 67 interval 11 06:46:15 fw dhclient[16611]: DHCPREQUEST on bge1 to 255.255.255.255 port 67 06:46:19 fw dhclient[16611]: DHCPREQUEST on bge1 to 255.255.255.255 port 67 06:46:19 fw dhclient[16611]: DHCPACK from 75.9.96.1 06:46:19 fw dhclient[16611]: bound to 75.9.X.X -- renewal in 300 seconds. 06:46:23 fw dhclient[16611]: DHCPDISCOVER on bge1 to 255.255.255.255 port 67 interval 13 06:46:36 fw dhclient[16611]: No DHCPOFFERS received. 06:46:36 fw dhclient[16611]: Trying recorded lease 75.9.X.X 06:46:39 fw dhclient[16611]: No working leases in persistent database - sleeping. ..and then nothing more. Sleep becomes death, until a reboot or a manual run of 'dhclient bge1' is invoked. Any thoughts? -JD
Re: CD files - order question
At 06:01 AM 09/12/2007, The King of Norway wrote: JD said that he'd rather make a donation than buy discs that would be a waste of money (both for him and the OpenBSD project since those discs aren't free to produce). That seems like a very commendable attitude. At least, I don't find it insulting in any way. Sean. Thanks Sean. That was my point. I have donated 2-3x so far in the past and typically prefer that over buying CDs. At least 100% of my funds go direct to Theo and/or the team vs some of the money going towards CD production. -JD
Re: Show your appreciation and get your 4.2 DVD
* Three CDROMs in a regular size soft-shell DVD case. * The complete install components for FIVE architectures: i386, amd64, macppc, sparc64. * The following architectures only available via FTP download: alpha, armish, hp300, hppa, landisk, luna88k, mac68k, mvme68k, mvme88k, sparc, vax, zaurus. Umm. Whats the 5th architecture thats in a complete install on CD? (sparc?) - the site is missing a 5th arch listing (see above)... I need i386 and sparc and sparc64 - as long as these are on these CDs, I will place an order :-) -JD
Re: kernelmode pppoe 4.1
At 11:23 AM 7/29/2007 -0500, JD Bronson wrote: At 06:11 PM 7/29/2007 +0200, Matthias Kilian wrote: On Sun, Jul 29, 2007 at 09:48:29AM -0500, JD Bronson wrote: > My question is, is there a way to politely shut down the pppoe0 > interface during a reboot? Sure. Add ifconfig pppoe0 down to your /etc/rc.shutdown. I will test this. I am not sure it will help, but I doubt it will hurt! -JD A combination of both of these works perfect. /etc/rc.shutdown: /sbin/ifconfig pppoe0 down /bin/sleep 8 and then adding this to the kernel config: option PPPOE_TERM_UNKNOWN_SESSIONS ..these both seem to work great together. The option value will help on reboot but still takes a few tries (faster auth than without this though) - using just config auth takes about 1min or more. but killing the pppoe nicely before rebooting seems to have the best effect. With both, auth is within 10 seconds. -JD
arp and dhcp 4.1
I recently moved my PPPoE over and onto my 4100 modem. It is capable of passing my public IP into the openbsd box and then when I reboot, since the modem keeps my connection alive I dont change IPs as often...This works very well...but, however, this has caused a new twist: My modem appears to be at IP 192.168.0.1 My openbsd box has 2 NICs in it: WAN = DHCP (connected to the 4100 modem) LAN = 10.0.0.1 When the openbsd box boots, it asks for a DHCP address and the modem hands it a public one...207.227.122.7 for example. This works well...with one exception: Each so many seconds or so, my dmesg is filled with tons of these: arplookup: unable to enter address for 192.168.0.1 arplookup: unable to enter address for 192.168.0.1 arplookup: unable to enter address for 192.168.0.1 arplookup: unable to enter address for 192.168.0.1 arplookup: unable to enter address for 192.168.0.1 arplookup: unable to enter address for 192.168.0.1 arplookup: unable to enter address for 192.168.0.1 arplookup: unable to enter address for 192.168.0.1 Now I certainly know why, but cant seem to solve this. If I try to add an alias IP on the WAN NIC (after DHCP) this works but seems to kill off dhclient so once it gets a public IP it never asks/updates again. I am looking for a solution either in a NIC or route command... If I can add an alias to the DHCP nic so that it has and maintains a DHCP IP and a static 192.168.x.x IP, it would work excellent. OTOH: I could tell the modem to hand me a private IP but I would prefer to have the openbsd box use a public. Any thoughts? -- J.D. Bronson Information Services Aurora West Allis Memorial Hospital Office: 414.978.8282 Fax: 414.977.5299 http://www.myspace.com/wrqz
Re: ppp logging?
At 06:33 AM 07/26/2007, J.D. Bronson wrote: I am running 4.1-STABLE and having issues with ppp logging. I created /var/log/ppp.log and nothing will log to it when ppp runs (userland pppoe). My ppp.conf file contains the normal stuff: default: set log Phase Chat IPCP CCP tun command set redial 5 1 set reconnect 5 1 att: set device "!/usr/sbin/pppoe -i hme0" set mtu max 1492 set speed sync ... ... It appears to be logging to /var/log/daemon (thanks to daemon.info -> /var/log/daemon in syslog.conf) but not ppp.log What am I missing to log stuff to ppp.log?? -JD I did just add this to syslog.conf: !ppp *.* /var/log/ppp.log and now, I get logging in ppp.log but ONLY on reboot/shutdown. It will not log anything on startup - and all my logging in /var/log/daemon for ppp is now only shutdown as well. Startup is NOT getting logged Help? -JD -- J.D. Bronson Telecommunications Site Support Aurora West Allis Memorial Hospital Office: 414.978.8282 Fax: 414.977.5299
ppp logging?
I am running 4.1-STABLE and having issues with ppp logging. I created /var/log/ppp.log and nothing will log to it when ppp runs (userland pppoe). My ppp.conf file contains the normal stuff: default: set log Phase Chat IPCP CCP tun command set redial 5 1 set reconnect 5 1 att: set device "!/usr/sbin/pppoe -i hme0" set mtu max 1492 set speed sync ... ... It appears to be logging to /var/log/daemon (thanks to daemon.info -> /var/log/daemon in syslog.conf) but not ppp.log What am I missing to log stuff to ppp.log?? -JD
Re: SSH brute force attacks no longer being caught by PF rule
Guys...I was not the one that started this thread.. I just chimed in and asked for a tweak on the setup. I have what I need for now :) -JD At 11:54 AM 06/28/2007, Daniel Ouellet wrote: J.D. Bronson wrote: At 08:56 AM 06/28/2007, Stuart Henderson wrote: On 2007/06/28 08:46, J.D. Bronson wrote: > Will NEW offenders be added to /etc/tables/scanners > as they are discovered and therefore not just remain in kernel? No, pf does not write to files. How about cron(8) and pfctl(8) instead? so if it wont write to a file...I presume it blocks whats listed in /etc/tables/scanners permanently and then only blocks NEW offenders via kernel memory? (can someone clarify my understanding of that? I would ideally like to stop attacks and then write the offenders in a file so I dont loose these during a reboot... what if I cron something like this: pfctl -t scanners -T show >> /etc/tables/scanners pfctl -f /etc/pf.conf Would that work?? I was trying to help giving you an example that would work, as you said it was working before and not anymore. But I guess you need to go back and read the faq, and the man page on pf and cron. Looks like you want others to do the work for you and giving you the answer, or even more details is like doing the setup for you and you will not remember or understand it properly to do it right the next time around. Sorry, I really was going to send you more but deleted my email. It wouldn't be the right way to help you. Configuring a firewall is important to make sure you protect yourself and your office, etc. Do your homework first, then if you have question you sure can asked and will be more then happy to help. Feeding you with a spoon is the wrong thing to do here as firewall is to important for you not to understand it fully. I sure don't want to be mean, but I think that's the best way to help you. I fell it wouldn't be helping you doing so. If you are not sure of something, why not testing it and see. (;> Best, Daniel
Re: SSH brute force attacks no longer being caught by PF rule
At 08:56 AM 06/28/2007, Stuart Henderson wrote: On 2007/06/28 08:46, J.D. Bronson wrote: > Will NEW offenders be added to /etc/tables/scanners > as they are discovered and therefore not just remain in kernel? No, pf does not write to files. How about cron(8) and pfctl(8) instead? so if it wont write to a file...I presume it blocks whats listed in /etc/tables/scanners permanently and then only blocks NEW offenders via kernel memory? (can someone clarify my understanding of that? I would ideally like to stop attacks and then write the offenders in a file so I dont loose these during a reboot... what if I cron something like this: pfctl -t scanners -T show >> /etc/tables/scanners pfctl -f /etc/pf.conf Would that work??
Re: SSH brute force attacks no longer being caught by PF rule
I have a question about this.. Will NEW offenders be added to /etc/tables/scanners as they are discovered and therefore not just remain in kernel? It would be nice since doing a reboot wipes out kernel kept IPs... table persist file "/etc/tables/scanners" vs table persist Thanks :) -JD >Date: Thu, 28 Jun 2007 01:39:37 -0400 >From: Daniel Ouellet <[EMAIL PROTECTED]> >User-Agent: Thunderbird 1.5.0.12 (Windows/20070509) >To: OpenBSD >Subject: Re: SSH brute force attacks no longer being caught by PF rule >Sender: [EMAIL PROTECTED] > >Steve B wrote: >>The rule I've had in my pf.conf file to catch and block forceful SSH >>attempts no longer appears to be working. I see the entries in my authlog, >>but the IPs are no longer getting added to my table. I suspect I screwed >>something up, but so far I am at a loss to see where. Could someone pass >>another set of eyes over the relevant parts of my pf.conf? > >Put quickly as an example, but you can try: > ># Define some variable for clarity >SSH_LIMIT="(max-src-conn-rate 3/30, overload flush global)" > >## SSH Hackers - blocked IPs >table persist file "/etc/tables/scanners" > ># Block ssh access to bad ssh scanner >block drop in log quick on $ext_if inet proto tcp \ >from to any port ssh > ># Allow quick valid traffic to ssh but log all attempts as well >pass in log quick on $ext_if inet proto tcp from ! \ >to $ext_if port ssh flags S/SA keep state \ >$SSH_LIMIT > >You may also want to add a section to always make sure you will have >SSH access to your box before you block all SSH access like you did >should someone spoof your source IP to log yourself out as well with >may be something like: > ># Allow quick ssh access to good guys on main interface. >pass in quick on $ext_if inet proto tcp from \ >to $ext_if port ssh flags S/SA keep state > >Daniel
starting pppoe
I cant recall if I need to do this or not... fxp1 is my NIC used to connect to my DSL modem. I have this setup: % cat /etc/hostname.tun0 !/usr/sbin/ppp -ddial isp PF=YES is set in rc.conf Do I still need to have this file? % cat /etc/hostname.fxp1 up -JD -- J.D. Bronson Telecommunications Site Support Aurora West Allis Memorial Hospital Office: 414.978.8282 Fax: 414.977.5299
pfr_detach_table
I am starting to see alot of these on 'dmesg' and wondering what they mean and how to troubleshoot. The network appears to be functions fine though. I am running 3.8-stable with a generic kernel. pfr_detach_table: refcount = 0. pfr_detach_table: refcount = 0. pfr_detach_table: refcount = 0. pfr_detach_table: refcount = 0. pfr_detach_table: refcount = 0. pfr_detach_table: refcount = 0. pfr_detach_table: refcount = 0. pfr_detach_table: refcount = 0. pfr_detach_table: refcount = 0. pfr_detach_table: refcount = 0. pfr_detach_table: refcount = 0. pfr_detach_table: refcount = 0. pfr_detach_table: refcount = 0. pfr_detach_table: refcount = 0.
REPOST: console on 3.9-current question
I was surprised that no one replied on this list about this issue...so I wanted to repost it ONE time. Someone out there must also be seeing this and if its normal..I would like to know...(and if its normal..why) REPOST: After further testing, its not only the console, but also over SSH. (on the same LAN segment) - so that would eliminate a few possibilities. I noticed this awhile back on 3.9-current and it is still there in the latest snapshot I tried (4/22)...I am hoping someone has seen this.. I installed from the snapshot and didnt customize a thing. When the machine is done loading (IBM rack server)...I simply logged in (as root at the moment). I am not running serial or headless. I have a normal monitor/keyboard (PS2) plugged in. When I type at the console to begin to setup the machine, the characters do not follow me in real time as I type. Its like I am on an overseas long distance 300 baud dialup line. There is quite a delay and sometimes I can type several words and then a few seconds later - they show up. This does not happen on the same machine if I install 3.8. I have (4) identical machines (make/model/ram/cpu/hard drives) and they all work fine with 3.8 - it is only past 3.8 that I noticed this. Any thoughts? -JD
console on 3.9-current question
I noticed this awhile back on 3.9-current and it is still there in the latest snapshot I tried (4/22)...I am hoping someone has seen this.. I installed from the snapshot and didnt customise a thing. When the machine is done loading (IBM rack server)...I simply logged in (as root at the moment). I am not running serial or headless. I have a normal monitor/keyboard (PS2) plugged in. When I type at the console to begin to setup the machine, the characters do not follow me in real time as I type. Its like I am on an overseas long distance 300 baud dialup line. There is quite a delay and sometimes I can type several words and then a few seconds later - they show up. This does not happen on the same machine if I install 3.8. I have (4) identical machines (make/model/ram/cpu/hard drives) and they all work fine with 3.8 - it is only past 3.8 that I noticed this. Any thoughts? - should I file a bug? Thanks- -JD
pf scrub (3.8)
I was wondering if this setup is OK or totally wrong... /etc/pf.conf: # bge0 = int_inf (LAN) # bge1 = ext_inf (WAN) scrub on bge0 reassemble tcp no-df random-id fragment reassemble scrub on bge1 reassemble tcp no-df random-id fragment reassemble I am not sure if this is double redundant or anything and was wondering. Nothing seems to be a problem though... -JD
Re: BerkeleyDB on 3.8
At 05:32 PM 12/22/2005, Ted Unangst wrote: On 12/22/05, steven mestdagh <[EMAIL PROTECTED]> wrote: > On Thu, Dec 22, 2005 at 05:10:56PM -0600, J.D. Bronson wrote: > > How can I tell what version the BDB is that comes within OpenBSD 3.8? look in cvs. the answer is 1.85 plus some of 1.86 plus some other patches. > see FAQ 15.2.3. not so useful for the libraries that are shipped in base. I was looking at that FAQ and was wondering what I was missing. Thanks to all of you who responded. I had a guess it was 1.x and thats fine. It works for me.
BerkeleyDB on 3.8
How can I tell what version the BDB is that comes within OpenBSD 3.8? thanks -JD
Re: HP DL Server Fan speed
At 06:41 AM 12/21/2005, Steve Murdoch wrote: Hi all, This has been asked a truck load of times in the archives but I havent found a solution. HP DL server fans ran flat out all the time. Any way of slowing them up and quieting them down ? Does the new ACPI stuff have any impact on this. Steve Try finding 56ohm inline resistors? Try running them at 7v ? Try finding slower speed fans? My IBMs came with 10Krpm fans and I replaced them with 5K RPM fans and things still stay cool and much quieter. Alot of your options depend on exact size. My fans are a weirdo 40x28!
Re: disklabel "unused partition" warnings
At 07:18 PM 12/3/2005, Simon Morgan wrote: Simon Morgan gmail.com> writes: > It's had all kinds of different operating systems installed on it > at various times. Strange. I just ran the same command on a completely different machine and got the exact same warnings: # Inside MBR partition 3: type A6 start 63 size 40017852 # /dev/rwd0c: type: ESDI disk: ad0s1 label: flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 16 sectors/cylinder: 1008 cylinders: 39703 total sectors: 40020624 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 8 partitions: # sizeoffset fstype [fsize bsize cpg] a:30737763 4.2BSD 2048 16384 304 # Cyl 0*- 304 b:614880307440swap # Cyl 305 - 914 c: 4002056163 unused 0 0 # Cyl 0*- 39702 d:245952922320 4.2BSD 2048 16384 244 # Cyl 915 - 1158 e:164304 1168272 4.2BSD 2048 16384 164 # Cyl 1159 - 1321 f: 8388576 1332576 4.2BSD 2048 16384 328 # Cyl 1322 - 9643 g: 30299472 9721152 4.2BSD 2048 16384 328 # Cyl 9644 - 39702 disklabel: warning, unused partition i: size 1413615339 offset -2147417768 disklabel: warning, unused partition j: size -196918 offset 402701520 disklabel: warning, unused partition k: size 503365533 offset 1463353529 disklabel: warning, unused partition l: size -1407327343 offset -1382830702 disklabel: warning, unused partition m: size -2013104760 offset -1065155243 disklabel: warning, unused partition n: size 402998726 offset 268977606 disklabel: warning, unused partition o: size -400023365 offset 17760443 disklabel: warning, unused partition p: size 1723867151 offset 251775107 I had this too, until I did a zero of the drive then fdisk -i then zero then fdisk -i. dd if=/dev/zero of=/dev/rwd1c bs=1024k ...the problem seemed to be from using a FreeBSD setup drive (with 10 partitions) and then trying to simply install OBSD on this drive. I think if I zero'd the drive 2x before install OBSD, this problem wouldnt have happened. -JD
pf and cable modems
I noticed that when I reboot my cable modem ( I have a pool of statics ) I see this on the console of the obsd box: arplookup: unable to enter address for 169.0.0.1 arplookup: unable to enter address for 169.0.0.1 arplookup: unable to enter address for 169.0.0.1 arplookup: unable to enter address for 169.0.0.1 arplookup: unable to enter address for 169.0.0.1 arplookup: unable to enter address for 10.50.134.218 arplookup: unable to enter address for 10.50.134.218 arplookup: unable to enter address for 10.50.134.218 arplookup: unable to enter address for 10.50.134.218 arplookup: unable to enter address for 10.50.134.218 ..I was looking for an explanation of this. Thanks :) -- J.D. Bronson Information Services Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.977.5299 -Taco Bell is *not* the Mexican Telephone Company-
pf + wan nat loopback - possible?
I had all of this working with PPPoE + PF, but now i have a T-1 with several IPs all aliased off of the main. pf is working finehowever, I now have lost WAN NAT LOOPBACK. What I need is a way to go from one LAN machine to the WAN and loopback to the other LAN machine. LAN->WAN->LAN Since this 'just works' with pppoe, how do I do it with pf? simple pf.conf: binat on $bge1 from 192.168.82.170 to any -> 67.x.x.1 binat on $bge1 from 192.168.82.171 to any -> 67.x.x.2 binat on $bge1 from 192.168.82.172 to any -> 67.x.x.3 binat on $bge1 from 192.168.82.173 to any -> 67.x.x.4 and so on. I need to use 192.168.82.172 to go and connect to public 67.x.x.2 This results in an immediate connection refused. I see nothing in the pflog and I even tried pass out quick all. So I dont think pf is technically blocking it -but Why do I need this? - I run 2 external DNS servers (with views) and as such NS2 needs to talk to NS1 but using the WAN NAT loopbacks. thanks in advance for any tips. -- J.D. Bronson Information Services Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.977.5299 -Taco Bell is *not* the Mexican Telephone Company-
(3.8) pf smtp synproxy
I have noticed an odd thing. I think someone else reported this awhile back...but using pf with synproxy like this: pass in quick on $EXT_INT proto tcp from any to $SERVERS port 25 flags S/SA synproxy state ..causes issues. What I see are tons of rejects in pflog all relating to yahoo email servers (big surprise here). Now, if I change 'synproxy' to 'modulate' - things work fine as expected. So..I was wondering if anyone has a workaround on how to deal with 'yahoo'. So far, from installing pf - 'yahoo' is the only *legit* system I have seen that is not working with synproxy. I enjoy this feature however, as I am seeing alot of cable modem IPs that are failing with synproxy...so I would like to continue to use it. Yahoo seems to use smtp servers all over the map...they dont just have 1 or 2 netblocks that I could permit via modulate state ahead of synproxy state rules. Any thoughts on this? - I dont consider it a bug at all, but was wondering if/how anyone is dealing with this. I think this is a decent feature to have and use - if I can find a workaround. Perhaps a table or something, but I may not be able to locate all of the yahoo mail server IPs. Thanks in advance for any tips. -JD
DNS attack?
I am starting to see TONS of these things in my pflog Nov 12 19:50:58.030904 rule 48/(match) block in on tun0: 63.219.179.130.13519 > 65.x.x.169.53: 47505+[|domain] Nov 12 19:51:08.037007 rule 48/(match) block in on tun0: 63.219.179.130.13519 > 65.x.x.169.53: 59022+[|domain] I have a block of static IPs - but nothing is running on the .169 IP and I dont understand this sorta thing. PF is doing its job just fine...I guess I am looking for what these mean and if anyone knows what this is. Usually all the IPs that are hitting me have no rDNS and are all over the world -- J.D. Bronson Information Services West Allis Memorial Hospital Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.977.5299 Microsoft Gives you Windows || Unix Gives you a home
Re: identd - what am I missing
At 06:08 AM 11/12/2005, you wrote: > I disabled identd in inetd.conf. > I issued a kill -1 on the identd process. ^ identd process or inetd process ? After a change in inetd.conf you want to kill -HUP the latter, inetd. If you see an identd running than you may either see something spawned by inetd or a standalone identd which is not ran from inetd. In that case you'll need to kill identd and/or remove it from your rc startup. Dw. Thanks...but I did that (was a typo). I just dont understand why (when identD is disabled in inetd.conf) that the machine does not immediately respond back with CONNECTION REFUSED - but sits for 5-8 seconds. As a better fix for now, I simply added a block RST into pf.conf and basically accomplished the same thing. -- J.D. Bronson Information Services West Allis Memorial Hospital Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.977.5299 Microsoft Gives you Windows || Unix Gives you a home
identd - what am I missing
I am running 3.8 and on a single machine with no pf or nat... I disabled identd in inetd.conf. I issued a kill -1 on the identd process. I then tried this: % telnet localhost 113 Trying 127.0.0.1... {long pause here} telnet: connect to address 127.0.0.1: Connection refused Why the long pause (5-8seconds) - and how can I get it to immediately say Connection Refused? Thanks :-) PS - the same behavior is exhibited even if trying the FQDN. -- J.D. Bronson Information Services West Allis Memorial Hospital Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.977.5299 Microsoft Gives you Windows || Unix Gives you a home
Re: PPPoE and static IP block
At 04:48 PM 11/11/2005, Greg Thomas wrote: On 11/11/05, Joe S <[EMAIL PROTECTED]> wrote: > > I have new static IP ADSL service from SBC. SBC assigns a /29 netblock > once authenticated via PPPoE. The ISP routes all traffic for the IP > block down the same PPP session, and the last usable IP is the gateway. > I plan to assign the static IPs to some of my servers. > > I'm not sure how to setup the routing on my OpenBSD 3.8 firewall. Has > anyone run into this? I don't want to do any 1 to 1 NAT. > > Thanks. Are you not going to use their supplied router? We have several of these lines in place and I just use their Netopia routers for the PPPoE stuff with an OpenBSD bridging firewall between the router and our systems. I've never used PPPoE on OpenBSD but it should be fairly easy to replace the SBC equipment with an OpenBSD box. Get the WAN IP from SBC's tech, or from their provided router, use that IP for the external interface, and use the gateway IP, or one of the other IPs for the internal interface. Greg this is trivial to do. I run SBC static and use OpenBSD for PPPoE and pf. I have servers and clients. It all runs good. Email me offline if you have specific questions and check out dslreports.com for additional tips. -- J.D. Bronson Information Services West Allis Memorial Hospital Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.977.5299 Microsoft Gives you Windows || Unix Gives you a home
Re: ssh brute force attacks
At 03:57 PM 11/11/2005, Joachim Schipper wrote: On Fri, Nov 11, 2005 at 04:44:46PM -0500, stan wrote: > I;ve got a machien that seems to getting atacked by what appears to be a > simplistic "brute force" attck. it's getting hit multiple ties a second > with bogus root login attempts, my guess is that they are trying dictionary > atacks on the password for root. > > Any sugestions as to how to deal with this? Change the port ssh is > listening on maybe? PermitRootLogin no? AllowUsers me? AllowGroups ssh-users? PasswordAuthentication no? Port XYZ? # passwd? or maybe something like this (untested): If your running pf: First add a line to create a persistent table: table persist and a block rule like this block in quick from then add a rule like this pass in quick on $ext_if proto tcp from any to ($ext_if) port 22 keep state (max-src-conn-rate 3/10, overload flush) basically it says if an IP tries to connect more then 3 times in 10 seconds add them to the attackers table, which is blocked of course. -JD -- J.D. Bronson Information Services West Allis Memorial Hospital Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.977.5299 Microsoft Gives you Windows || Unix Gives you a home
Re: Symbios Logic 53C1030 error
At 09:30 AM 11/08/2005, Per-Olov Sjvholm wrote: On Tuesday 08 November 2005 13.07, J.D. Bronson wrote: > At 12:21 AM 11/08/2005, Per-Olov Sjvholm wrote: > >OK. > > > >Thanks for the reply > > > >B t w... What is "IM"? > > > > > >Regards > >Per-Olov > > Integrated Mirroring. > LSI cards that I tested work fine under OBSD, but > not the IM support. It is not there yet. If you > can -even- get it to mirror, performance is quite sub par. (at this point) > > HTH > > -JD Yes it *seems* to work ok if I use the disks as single disks without mirroring or striping. Do you think there are any drawbacks with the card if I just skip mirroring? Can you trust the card? Is it just if IM is set up that causes problem? I dont recall *any* issue with running these cards under openbsd as long as the mirror was not used. There was no drawback. As an alternative...if you use equal disks, you can slice and dice them (the same as the main one) and then run rsync as often as you like to create a pseudo 'offline' mirror. Thats what I do with IDE machinesand the nice thing, is that unlike a mirror...if I delete something I can still grab it off the 2nd drive as long as I hit it before the cron rsync runs :-) If I did have any issue (I really cant recall) it would be on the mailing list archives. -JD
Re: Symbios Logic 53C1030 error
At 12:21 AM 11/08/2005, Per-Olov Sjvholm wrote: OK. Thanks for the reply B t w... What is "IM"? Regards Per-Olov Integrated Mirroring. LSI cards that I tested work fine under OBSD, but not the IM support. It is not there yet. If you can -even- get it to mirror, performance is quite sub par. (at this point) HTH -JD
Re: Telnet daemon retired in 3.8 ?
At 05:28 PM 11/7/2005, Matthew S Elmore wrote: I cannot appear to locate a telnet daemon in 3.8 installs now. It appears to have silently disappeared between 3.7 and 3.8. I see no mention of this in the release notes or after a cursory search of the mailing lists. It's possible it is mentioned somewhere and I am missing it. I understand the advantages of ssh over telnet, but telnet is still heavily used in many environments. Is it merely hiding somewhere or can someone recommend an alternative for me? Regards, Matt I noticed the same thing.I used to use telnet via the LAN and ssh via the WAN...and now run ssh on both. Thanks to a tip from this list, I used different configs..on the LAN, I use passwords, so ssh works very much like telnetd and on the WAN, I only permit publickeys for security. HTH. -JD
3.8 build world
I did a normal install and then made the GENERIC kernel. rebooted.. then built world. It completed with no issues. So then I was attempting to clean up the build environment: rm -rf /usr/obj/* cd /usr/src && find . -type l -name obj | xargs rm and during the 1st step - the machine stopped responding to my ssh session. so I logged into the console (no issue) and looked at all the processes. Nothing was running - so I thought this cleanup was done. but an ls -al of /usr/obj proved me wrong. I then tried to do this manually from the console and noticed that the hard drive was no longer responding to openbsd. I am running an IBM 305 with serverworks chipsets and IDE (new) seagate drives. After a reboot, the drive needed to be fsck'd but then seemed to work. Any thoughts on this - its rather concerning that this could happen while in use. For the record, I never noticed this when I ran a snapshot 30 days ago. thanks- -- J.D. Bronson Information Services West Allis Memorial Hospital Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.977.5299 Microsoft Gives you Windows || Unix Gives you a home
Re: ssh passwords and publickeys
No. Its not answering wrong. It crossed my mind...but I am not sure I can actually do this and if so, how do I specify the alternate config? start is as 'sshd -f BLAH' ? At 03:27 PM 9/23/2005, you wrote: just a guess, but can you run two instances of sshd with different conf files? .. each binding to a specific interface? is this answering a question with a question? J.D. Bronson wrote: Is there any way to accomplish this: 1. Use ssh with passwords internally (lan to lan connections) 2 Use ssh with publickeys externally (wan to lan connections) ...thanks! J.D. Bronson Off The Hook Phone Repair, Inc. 24 Hour Service // Free Estimates For Fast Repairs: CALL US - IF YOU CAN! Office: 414.978.8282 // Pager: 414.314.8282 J.D. Bronson Off The Hook Phone Repair, Inc. 24 Hour Service // Free Estimates For Fast Repairs: CALL US - IF YOU CAN! Office: 414.978.8282 // Pager: 414.314.8282
ssh passwords and publickeys
Is there any way to accomplish this: 1. Use ssh with passwords internally (lan to lan connections) 2 Use ssh with publickeys externally (wan to lan connections) ...thanks! J.D. Bronson Off The Hook Phone Repair, Inc. 24 Hour Service // Free Estimates For Fast Repairs: CALL US - IF YOU CAN! Office: 414.978.8282 // Pager: 414.314.8282
ppp in userland
Are there any 'known' issues with pppoe in userland under 3.7-stable? At times I am seeing a serious slowdown (6mb DSL line drops to less than 2K/sec) - and rebooting the router will fix this. Prior to reboot - there is nothing in pflog or any log file indicating any issues whatsoever - even with debug cranked. ppp.log shows nothing as well. I usually have less than 50 NAT entries - so thats not it either. I just thought I would ask in addition to asking my ISP - but if it was the ISP, I wouldnt think that a reboot can consistently fix my speed issues - but I am not sure. thanks- -- J.D. Bronson Information Services Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.314.8787
SCSI RAID cards for 3.7?
I am wondering if anyone has any recommendations for very well supported RAID cards (u320) for 3.7 ? I have a nice LSI card, but the mpt support is not quite there just yet and I was hoping someone might have another suggestion - adaptec perhaps? thanks in advance...I really want a hardware based RAID rather than something software base... -- J.D. Bronson Information Services Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.314.8787
Re: mpt driver 3.7 missing tape drive?
> I have the LSI 20320 card (not using any IM or IS) and when the > machine posts, the scsi card shows both drives and my HP tape drive. so..yes...it does show up in the LSI BIOS screen both drives and the tape drivebut just not within the OS. At 10:07 AM 7/22/2005, Marco Peereboom wrote: Does the tape show in BIOS? On Fri, Jul 22, 2005 at 09:07:38AM -0500, J.D. Bronson wrote: > lexi# uname -a > OpenBSD lexi.wixb.com 3.7 GENERIC#0 i386 > > mpt0 at pci1 dev 3 function 0 "Symbios Logic 53c1030" rev 0x08: irq 11 > mpt0: IM support: 6 > scsibus0 at mpt0: 16 targets > sd0 at scsibus0 targ 0 lun 0: SCSI3 0/direct > fixed > sd0: 17524MB, 27206 cyl, 2 head, 659 sec, 512 bytes/sec, 35890512 sec total > sd1 at scsibus0 targ 1 lun 0: SCSI3 0/direct > fixed > sd1: 17524MB, 27206 cyl, 2 head, 659 sec, 512 bytes/sec, 35890512 sec total > mpt0: target 0 Synchronous at 10MHz width 16bit offset 127 QAS 0 DT 0 IU 0 > mpt0: target 1 Synchronous at 10MHz width 16bit offset 127 QAS 0 DT 0 IU 0 > > lexi# mt status > mt: /dev/rst0: Device not configured > lexi# > > I have the LSI 20320 card (not using any IM or IS) and when the > machine posts, the scsi card shows both drives and my HP tape drive. > > However, once in OBSD 3.7, there is no tape drive available. > > if I shut down and replace the LSI card with an Adaptec 29160 card, > the tape drive *is* seen fine. > > Is this a known issue - and/or any advice on how I can get my HP tape > drive to work with the LSI card? > > Thanks - > > > > > > -- > J.D. Bronson > Information Services > Aurora Health Care - Milwaukee, Wisconsin > Office: 414.978.8282 // Fax: 414.314.8787 -- J.D. Bronson Information Services Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.314.8787
mpt driver 3.7 missing tape drive?
lexi# uname -a OpenBSD lexi.wixb.com 3.7 GENERIC#0 i386 mpt0 at pci1 dev 3 function 0 "Symbios Logic 53c1030" rev 0x08: irq 11 mpt0: IM support: 6 scsibus0 at mpt0: 16 targets sd0 at scsibus0 targ 0 lun 0: SCSI3 0/direct fixed sd0: 17524MB, 27206 cyl, 2 head, 659 sec, 512 bytes/sec, 35890512 sec total sd1 at scsibus0 targ 1 lun 0: SCSI3 0/direct fixed sd1: 17524MB, 27206 cyl, 2 head, 659 sec, 512 bytes/sec, 35890512 sec total mpt0: target 0 Synchronous at 10MHz width 16bit offset 127 QAS 0 DT 0 IU 0 mpt0: target 1 Synchronous at 10MHz width 16bit offset 127 QAS 0 DT 0 IU 0 lexi# mt status mt: /dev/rst0: Device not configured lexi# I have the LSI 20320 card (not using any IM or IS) and when the machine posts, the scsi card shows both drives and my HP tape drive. However, once in OBSD 3.7, there is no tape drive available. if I shut down and replace the LSI card with an Adaptec 29160 card, the tape drive *is* seen fine. Is this a known issue - and/or any advice on how I can get my HP tape drive to work with the LSI card? Thanks - -- J.D. Bronson Information Services Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.314.8787
3.7 fdisk Fuji 18GB drive issue
I am trying to install a Fuji 18GB scsi drive into an existing 3.7 install and ran into an issue with fdisk. The dmesg shows this: mpt0 at pci1 dev 3 function 0 "Symbios Logic 53c1030" rev 0x08: irq 11 mpt0: IM support: 6 scsibus0 at mpt0: 16 targets sd0 at scsibus0 targ 0 lun 0: SCSI3 0/direct fixed sd0: 17524MB, 27206 cyl, 2 head, 659 sec, 512 bytes/sec, 35890512 sec total ..and I noticed that '659 sec' will be too much for fdisk and as suspected: # fdisk -i sd0 fdisk: sysctl(machdep.bios.diskinfo): Device not configured - -- ATTENTION - UPDATING MASTER BOOT RECORD -- - Do you wish to write new MBR and partition table? [n] y Warning CHS values out of bounds only saving LBA values So what is recommended to do at this point. This is a brand new drive attached to an LSI (mpt) u360 controller. Can someone please help me or point me to a web page that can explain what to do in this case? - this is hardly a large size drive. thanks in advance! -- J.D. Bronson Information Services Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.314.8787
3.7-stable kernel question
I was wondering if this seems normal or not... The stock 3.7 released kernel is about 5151552 in size. I cvs'd up to 3.7-stable today and rebuilt GENERIC. It ended up rather larger at 7372576 Jul 18 06:27 bsd. I know this might be a stupid question, but normally when I did this in the past I never noticed quite so much difference in size. The time stamp on 'GENERIC' is still: 18856 Mar 18 16:39 GENERIC I am only asking as I want to make sure I didnt overlook something. -- J.D. Bronson Information Services Telecommunications Site Support Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.328.8787
Re: ppp.conf 3.7
At 09:00 PM 7/17/2005, you wrote: On Sun, Jul 17, 2005 at 06:34:48PM -0500, J.D. Bronson wrote: > Is 'enable mssfixup' still required in ppp.conf > or has that been changed elsewhere now... > > I thought I recalled reading somewhere that this was no longer > necessary, but I dont see any comment on the archives indicating such. I have no idea why you would think this wouldn't be necessary. It definitely is no matter what. Perhaps it was a different flavor of *bsd. Thanks for the reply. -- J.D. Bronson Information Services Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.314.8787
ppp.conf 3.7
Is 'enable mssfixup' still required in ppp.conf or has that been changed elsewhere now... I thought I recalled reading somewhere that this was no longer necessary, but I dont see any comment on the archives indicating such. thanks. -- J.D. Bronson Information Services Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.314.8787
Re: 3.7 - in kernel pppoe
At 02:57 PM 7/5/2005, you wrote: On 7/5/05, J.D. Bronson <[EMAIL PROTECTED]> wrote: > I am wondering if there is anyone using this that can tell me if > there is a way to have 'lqr' supported -or- some other way of knowing > if/when the link goes down? > > Last time I tried this - it worked fine, but if the link went down it > never 'redialed' back to the PPPoE provider > > Using userland pppoe - this is never an issue. > > thanks! > I heard about ten times it was fixed in -current. Stop asking it dammit. > > Now there's a decent reply. Lets see...this was my FIRST real in-kernel questionI dont seem to recall asking this before. Alot of us CAN'T follow -current. I can't...Thats why i asked about 3.7. Now, can someone out there (that uses 3.7-stable) with more than a peanut for a brain possibly help me? I thought I asked nicely and it was a legit question. Perhaps someone on the list is using this and knows. Otherwise, I can continue to use 3.7 with userland pppoe just fine. Jeff
3.7 - in kernel pppoe
I am wondering if there is anyone using this that can tell me if there is a way to have 'lqr' supported -or- some other way of knowing if/when the link goes down? Last time I tried this - it worked fine, but if the link went down it never 'redialed' back to the PPPoE provider Using userland pppoe - this is never an issue. thanks! -- J.D. Bronson Information Services Telecommunications Site Support Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.328.8787
Re: openntpd and access
At 04:40 PM 6/26/2005, Jason Crawford wrote: What about trying listen on *? And are you mabye running pf with block-policy return? There are a bunch of reasons why connections might be reset. If listen on * still doesn't work, maybe think about filing some sort of bug report, or posting more to the list to get the problem solved, because OpenNTPd should work just fine, does for me. My entire network (including my XP machines) sync against OpenNTPd running on current just fine. Jason that seemed to do it. I set the listen to "*" and now things are good. Odd perhaps, but thanks alot for the tip... -- J.D. Bronson Information Services - Telecom Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.314.8787
Re: openntpd and access
At 04:29 PM 6/26/2005, Jason Crawford wrote: By default, OpenNTPd doesn't listen on any port, it just acts as a client for the local machine only. In order for it to serve time to other machines on your network, you must uncomment the listen * line in /etc/ntpd.conf, then send a SIGHUP to ntpd, or restart it, in order for it to listen on port 123. time in inetd.conf refers to the UNIX time protocol on port 37, which doesn't really have anything to do with ntp. Uncomment the listen * line in /etc/ntpd.conf and then it'll allow any box to sync time with it. Jason Thats what I had thoughtso here is what I did with ntpd.conf: # Addresses to listen on (ntpd does not listen by default) listen on 192.168.10.1 ...then rebooted (what the heck) and still it wont permit any time sync. the clients still get connection refused. Its ok though, I got it working via NTPD, but just didnt understand why openntpd has this issue. :-( thanks for the reply. -- J.D. Bronson Information Services - Telecom Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.314.8787
openntpd and access
I am using obsd 3.7 with a update to 3.7-stable. I am using the stock ntpd.. I have several Cisco boxes that need to sync off of this obsd box for NTP and they are seeing connection refused. I enabled time (udp/tcp) in inetd.conf and gave it a HUP. Still cisco sees 'connection refused'. So then I tried installing NTPD and running that instead. This time, it works...so..I know something is not happy with OpenNTPD... What do I need to do to permit OpenNTPD to allow the cisco to use it? my ntpd.conf file is generic and I dont have any ACLs setup. Thanks in advance guys.... -- J.D. Bronson Information Services - Telecom Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.314.8787
Re: perl -MCPAN checksum mismatch on anything
At 09:40 PM 6/24/2005, Uwe Dippel wrote: On Fri, 24 Jun 2005 20:03:31 -0500, J.D. Bronson wrote: > I too have this same problem. > > Fresh install...no custom anything...just trying to add modules to > perl, and anything tried fails 100% no matter which source I use > (even perl.org). > > Whats going on? - anyone have any further insight on this? Promise and curse of the base install. I wished I simply could wipe perl and install it from scratch; but since it does belong to the base, I wouldn't know how. I have of course removed the .perl stuff, but that's not everything. Some config is written in /usr/libdata respectively /usr/local at your initial call of cpan, respectively the o conf init. Uwe for the record, I rather tried this. I built a NEW version of perl from src and used all different locations. When I tried to run MCPAN on this version, it fails the exact same way. So I wouldnt waste any time trying that :) -- J.D. Bronson Information Services - Telecom Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.314.8787
Re: perl -MCPAN checksum mismatch on anything
I too have this same problem. Fresh install...no custom anything...just trying to add modules to perl, and anything tried fails 100% no matter which source I use (even perl.org). Whats going on? - anyone have any further insight on this? -- J.D. Bronson Information Services - Telecom Aurora Health Care - Milwaukee, Wisconsin Office: 414.978.8282 // Fax: 414.314.8787
Re: OpenBSD 3.6, Intel 3.0 HT processor!!
At 09:04 AM 05/12/2005, JR Dalrymple wrote: You can solve the problem by going into the bios setup and disabling HT. Or you can suffer the performance loss. Your choice. Joco Salvatti wrote: Hi all, I have a Server box running OpenBSD 3.6, Intel 3.0 HT processor, I've compiled a kernel with SMP support, but where can I verify if it's really using SMP? Under GNU/Linux distros i run cat /proc/cpuinfo and it shows me two processors. Under OpenBSD I've mounted the kernel filesystem and I toke a look at ncpu but it still saying that there is only one processor. Can anyone tell me what's going wrong? And how can I solve it? For now, thanks. Is there absolutely no benefit to HTT at all? Systems we run HTT with (Unix) seem to perform slightly better and building world has been noticeably faster. No matter what I set the BIOS to - I cannot get SMP/HTT to work in OpenBSD, but it does work with others.... -- J.D. Bronson Off The Hook Phone Repair, Inc. For Fast Repairs: CALL US - IF YOU CAN Office: 414.978.8282 // Pager: 414.314.8282
LSI20160 support?
Does anyone happen to know if this card (LSI20160) with the LSI53C1000 controller is supported? It looks like the LSI53C1010 isbut I wanted to be sure before buying it. Thanks in advance guys! -- J.D. Bronson Off The Hook Phone Repair, Inc. For Fast Repairs: CALL US - IF YOU CAN Office: 414.978.8282 // Pager: 414.314.8282
Re: kern.securelevel=2 and savecore
At 07:50 AM 5/1/2005, J.D. Bronson wrote: I have finished an install of obsd and wanted to finalize it by setting the securelevel as high as I can. I presume this value 'kern.securelevel=2' is in sysctl.conf and when I put it in there - booting it does enter into securelevel=2. However, I see this on the boot up: .. ... May 1 07:38:14 obsd named[8950]: running May 1 07:38:29 obsd savecore: /dev/wd0b: Operation not permitted Is this expected and normal or did I place the sysctl in the wrong place? I found if I put this in /etc/rc.securelevel ...all is well. Sorry about the posts. Jeff
kern.securelevel=2 and savecore
I have finished an install of obsd and wanted to finalize it by setting the securelevel as high as I can. I presume this value 'kern.securelevel=2' is in sysctl.conf and when I put it in there - booting it does enter into securelevel=2. However, I see this on the boot up: .. ... May 1 07:38:14 obsd named[8950]: running May 1 07:38:29 obsd savecore: /dev/wd0b: Operation not permitted Is this expected and normal or did I place the sysctl in the wrong place? thanks in advance... Jeff