OpenBSD 4.3 running in VirtualBox? Anyone have it working properly?

[Richard Daemon]

OpenBSD 4.3 running in VirtualBox? Anyone have it working properly and
if so,  how?

Same problems as reported here: http://www.virtualbox.org/ticket/192

Regards,

Re: SD card and IDE converter

[Richard Daemon]

On Fri, Jul 25, 2008 at 10:37 PM, Chris Bennett
<[EMAIL PROTECTED]> wrote:
> I have tried to read an SD card using a usb adapter, which failed.
> I have also tried using kamera app in KDE, but although it says my camera is
> supported, this also fails to show any content.
>
> I saw an SD to IDE converter for sale.
> I was wondering if this might work with OBSD?
> I'd really like a way to get my pictures into OBSD without having to use
> windows
>
> Chris Bennett

I've never had a problem. Maybe you're missing a step?

Re: about dhcpd and carp device

[Richard Daemon]

On Mon, Jun 30, 2008 at 3:54 PM, Imre Oolberg <[EMAIL PROTECTED]> wrote:
> Hallo!
>
> I have been using for some time now carp failover and i am very content with
> it, thank you!
>
> I run some tests and i just wanted to confirm that in order to run dhcpd
> service one has to run it on a physical interface (which has ip address
> configured) like
>
> # dhcpd fxp0
>
> and not on a carp device which in turn uses fxp0 like that, right?
>
> # dhcpd carp1
>
>
> Best regards,
>
> Imre
>
> PS I learned from the archives that dhcp v.3 has so to say master and slave
> functionality but this is not an issue yet for me how to sync leases
> database and etc.
>
>

I'm just curious, why run dhcpd on a carp interface? What's the reason
for wanting to do this?

Re: strange network behaviour

[Richard Daemon]

On Mon, Jun 23, 2008 at 2:11 PM, Chris Cappuccio <[EMAIL PROTECTED]> wrote:
> this is a bug in the vr driver
> it's fixed in the current freebsd vr driver which people are attempting to 
> port over
>
> Manuel Heckel [EMAIL PROTECTED] wrote:
>> Hello everyone.
>>
>> I experience some strange network behaviour. My setup is as following:
>> * ALIX 2c3 hardware, connected to an adsl modem on vr2, pppoe/nat/pf
>> * internal lan, 10.1.0.0/16 (dhcp on the alix) via switch connected to vr0
>> of the alix
>>
>> This all works perfectly great, with one exception: sometimes (I can't
>> figure out any regularity, about one to five times a month) I loose my LAN
>> network connection. The adsl connection still works, I can ping the world.
>> But my internal LAN connection is dead. My Notebook doesn't get an IP
>> adress, a dump with tcpdump shows nothing but the traffic generated by my
>> notebook (mostly arp). The same on the ALIX, nothing but its own traffic. I
>> can solve this by doing a:
>> * ifconfig vr0 down
>> * ifconfig vr0 up
>> and everthing works fine again.
>>
>> Does anybody have a hint on whats going on here? What should I look for?
>>
>> Thank you all, regards,
>> Manuel
>
> --
> "Why is Chelsea Clinton so ugly? Because her father is Janet Reno." -- John 
> McCain
>
>

Will this fix be ported to -stable? In the mean time, what's the
solution to prevent this problem?

Re: news about BSD world

[Richard Daemon]

On Fri, May 16, 2008 at 4:54 AM, Katarzyna Kaczor
<[EMAIL PROTECTED]> wrote:
> Hi Guys,
>
> Would you like to reach to the large audience of BSD Magazine?
>
> I am happy to announce that we started News Section on BSD Magazine website.
> In this bookmark you can place news, press releases, latest and upcoming BSD
> events announcements and other information precious for BSD Community.
>
> If you want to add your news, please contact me directly at
> [EMAIL PROTECTED]
>
> Thanks a lot :)
>
>

Hi,

What ever happened with this? Any progress or status updates?

Re: NAT over internet & VPN?

[Richard Daemon]

On Thu, Jun 5, 2008 at 6:36 PM, Matt Garman <[EMAIL PROTECTED]> wrote:
> On Thu, Jun 05, 2008 at 03:07:30PM +0200, Almir Karic wrote:
>> On Wed, Jun 4, 2008 at 5:49 AM, Matt Garman <[EMAIL PROTECTED]> wrote:
>> > What I'd like to do is have my OBSD box to NAT on the tun device
>> > (VPN tunnel).  I.e., so I can use the VPN connection seamlessly
>> > from any system on my home network.
>>
>> basically you want to route your traffic encrypted to your home
>> and than let it to internet? to do this kind of a thing i'm using
>> openvpn in bridged mode and all NAT-ing is done on external
>> interface, the gateway does not differ between vpn client and
>> local client). it should be noted that people on this list tend to
>> prefer ipsec over openvpn.
>
> I don't think that's exactly what I want... but perhaps I don't
> fully understand you.
>
> I believe, in the most general sense, I want to NAT across two
> interfaces.  So, if I'm on one of my home computers, and I try to
> access IP xxx.xxx.xxx.xxx, then:
>if xxx.xxx.xxx.xxx is part of the VPN network, NAT on the VPN
>device (tun0)
>otherwise NAT to the Internet (vr0)
>
> It seems like this ought to be pretty trivial, but I'm clearly
> missing something!
>
> Thank you,
> Matt
>
>

Have you checked your routing table?

Maybe you're just missing or need a route to the VPN network, from
your internal network for when you want to access anything on the VPN
network from home.

Re: openbsd multiboot

[Richard Daemon]

On Wed, May 21, 2008 at 7:38 AM, Leo Baltus <[EMAIL PROTECTED]> wrote:
> Op 21/05/2008 om 01:10:05 +0300, schreef Imre Oolberg :
>> Some time ago i did experiment with dual-booting (actually
>> multi-booting) from one harddisk several OpenBSD instances, for the sake
>>  of fun. I settled to using dualboot OpenBSD to make upgrades more
>> suitable for me (just unpacking new distribution's file sets under /mnt
>> mounted empty partition and rebooting).
>
> Right, that's what I am aiming at.
>
>> But as i see it there is to ways of having multiple root i.e. a
>> partitions on one physical harddisk
>>
>> 1. Use only one fdisk partition and in it one OpenBSD root is normal a
>> partition and another is in the same disklabel, say g. And so for
>> example in this disklabel a, d, e, f partitions belong to one instance
>> and g is another (consisting of one filesystem). Two instances share
>> only swap partition.
>>
>> To select between them you need to say at boot> prompt
>>
>> boot> boot hd0a:/bsd
>>
>> or
>>
>> boot> boot hd0g:/bsd
>>
>> 2. Use severaly fdisk partitions, each has its own disklabel and this
>> disklabel is dedicated to one OpenBSD instance. OpenBSD bootloader is on
>>
>> To select between instances you need to use grub bootloader from binary
>> packages
>>
>> # pkg_add grub
>
> Ah, good OLD grub to the rescue. Thanks, I was staring at openbsd's
> boot, but it doesn't seem to have the configurability that e.g. grub
> has.
>
>> It goes like this that grub's first stage is in the harddisk's MBR and
>> openbsd bootloader's first stage is installed into each fdisk partition,
>>  i.e. you use chainloading.
>>
>> See also
>>
>> /usr/local/share/doc/grub/README.OpenBSD
>> /usr/local/share/examples/grub/menu.lst
>>
>> Essential is to understand that OpenBSD uses first fdisk's OpenBSD A6
>> disklabel it sees. Thats why grub fiddles with them.
>
> I am now totally confused about openbsd disk device naming schema.
>
> As I now see it /dev/wd0a refers tho the first ide disk with id 6B
> (OpenBSD), label a. As it is the one elected by boot to be the rootfs.
> It would make more sense to me to have en naming schema, which refers to
>
>wd$idedisk$partition$label
>
> Now, how can I mount, let's say, the fourth partition, on which I only
> want menu.lst to reside on. this can bee a tiny filesystem, with no OS.
>
> So I can
>mkfs /dev/$whatever
>mount /dev/$whatever /grub
>cp /usr/local/share/examples/grub/menu.lst /grub
>
> and move on.
>
>> Leo Baltus wrote:
>> >I would like to have more than one openbsd root filesystem on my
>> >hardrive. Could somebody please explain how to go about this?
>> >
>> >In a linux environment I could set up 2 lv's and point to each of them
>> >by kernel commandlines.
>> >
>> >Using openbsd I could use multiple bios-partitions each having an a: label
>> >but how do I tel the bootloader to use a specific partition?
>> >
>> >Maybe there is a way I didn't think of, please let me know.
>> >
>
> --
> Leo Baltus
>
>

Have you also considered http://gag.sourceforge.net ? Worth a look at
and very simple to setup/configure/use with almost any number of OS's
in a multiboot scenario.

Just my $0.02.

Re: OpenBSD as MS RIS-Server alternative?

[Richard Daemon]

On Sat, May 17, 2008 at 4:06 PM, Dan Brosemer <[EMAIL PROTECTED]> wrote:
> On Sat, May 17, 2008 at 10:17:17AM -0400, Richard Daemon wrote:
>> On Sat, May 17, 2008 at 9:15 AM, Dan Brosemer <[EMAIL PROTECTED]> wrote:
>>
>> I didn't know about this, looks great. Were you able to do it via PXE 
>> booting?
>
> Absolutely.  It's nothing-but-net.  I can even get it to read the hostname
> from DHCP and select an unattended configuration based on that.
>
> My installs go something like this:
>
> pxelinux boot prompt: win
> It asks me for a username to mount the share with.
> It asks me for a password to mount the share with.
> It asks me for a password to join the domain.
>
> Now, the machine just goes and installs itself including all applications
> and patches including as many reboots as needed.
>
> I really can't rave about it enough, and it works beautifully with an
> OpenBSD server.

Sweet! I'm going to give this a try, this is something I've been
looking for, for a while.

pxelinux boot prompt? Should work with OpenBSD's pxeboot the same way?

Re: OpenBSD as MS RIS-Server alternative?

[Richard Daemon]

On Sat, May 17, 2008 at 9:15 AM, Dan Brosemer <[EMAIL PROTECTED]> wrote:
> On Sat, May 17, 2008 at 10:52:49AM +0200, [EMAIL PROTECTED] wrote:
>> Hello everybody,
>>
>> I would like to know if it's possible to use OpenBSD as RIS-Server to
>> install WIndows via Network. I played around with this for 2 weeks now but
>> I can't figure out how it gets done. Something is missing (maybe a
>> dhcp-option?! :( )
>>
>> I use OpenBSD to provide kinda anything to connected PCs (remote install,
>> diagnostics, secure hdd formating (0,1,0 and other standards)).
>> Also I face problems to provide VistaPE (it wont realy boot, bootloader
>> comes up but then the bcd seams to be corrupted in soem way).
>>
>> So if somebody here also administrates Widnows-Servers (I don't know that
>> much about 'em :/) and knows how to emulate a RIS please tell me. I would
>> love to replace the Windows Box (the Imaging-Server was already replaced).
>>
>> The only things I've found with google where people using MS RIS to
>> install OpenBSD (scarry, or? :p) but not vice versa.
>
> This isn't RIS, so if you're tied to that technology, ignore me, but I think
> this solution is a superior way to accomplish the same goal:
>
> I install all my Windows systems using http://unattended.sourceforge.net/.
> Not only does it let me script my Windows install, but also all my
> application installs as well and I can have different application sets for
> different machines.  There's no need to keep it on similar hardware like
> with ghost/sysprep.
>
> All this requires is the stock dhcpd and tftpd along with samba (from ports)
> from the OpenBSD system serving it.  While it's not trivial to set up, the
> instructions are very clear and you shouldn't have any major trouble.


I didn't know about this, looks great. Were you able to do it via PXE booting?

Re: OpenBSD as MS RIS-Server alternative?

[Richard Daemon]

On Sat, May 17, 2008 at 4:52 AM,  <[EMAIL PROTECTED]> wrote:
> Hello everybody,
>
> I would like to know if it's possible to use OpenBSD as RIS-Server to
> install WIndows via Network. I played around with this for 2 weeks now but
> I can't figure out how it gets done. Something is missing (maybe a
> dhcp-option?! :( )
>
> I use OpenBSD to provide kinda anything to connected PCs (remote install,
> diagnostics, secure hdd formating (0,1,0 and other standards)).
> Also I face problems to provide VistaPE (it wont realy boot, bootloader
> comes up but then the bcd seams to be corrupted in soem way).
>
> So if somebody here also administrates Widnows-Servers (I don't know that
> much about 'em :/) and knows how to emulate a RIS please tell me. I would
> love to replace the Windows Box (the Imaging-Server was already replaced).
>
>
> The only things I've found with google where people using MS RIS to
> install OpenBSD (scarry, or? :p) but not vice versa.
>
>
> Kind regards,
> Sebastian

I'm very curious to know myself, if you get it working or find out
how, please post here or undeadly.org. Something like this would be
very handy for the work I do too.

Re: ath freezes system

[Richard Daemon]

On Sun, May 11, 2008 at 11:24 AM, comfooc <[EMAIL PROTECTED]> wrote:
> Hi,
>  I'm using OpenBSD-current and I have Atheros AR2413 MiniPCI card.
>  If I use twice command: "ifconfig -M athN" system freeze-up (only hard
>  reboot helps).
>
>  Cheers.
>
>  pcidump:
>  0:12:0: Atheros AR2413
> 0x: 001a168c 02900016 0201 5008
> 0x0010: fc01   
> 0x0020:   5001 2052168c
> 0x0030:  0044  1c0a0103
> 0x0040:  01c20001 c6004000 
> 0x0050:    
> 0x0060:    
> 0x0070:    
> 0x0080:    
> 0x0090:    
> 0x00a0:    
> 0x00b0:    
> 0x00c0:    
> 0x00d0:    
> 0x00e0:    
> 0x00f0:    
>
>  Dmesg:
>  OpenBSD 4.3-current (GENERIC) #853: Fri May  2 04:37:23 MDT 2008
> [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
>  cpu0: Intel Pentium III ("GenuineIntel" 686-class) 498 MHz
>  cpu0: 
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,SER,MMX,FXSR,SSE
>  real mem  = 200830976 (191MB)
>  avail mem = 185974784 (177MB)
>  mainbus0 at root
>  bios0 at mainbus0: AT/286+ BIOS, date 12/21/99, BIOS32 rev. 0 @
>  0xfd8b0, SMBIOS rev. 2.3 @ 0xec660 (31 entries)
>  bios0: vendor IBM version "1.03.23" date 12/21/1999
>  bios0: IBM 260961G
>  apm0 at bios0: Power Management spec V1.2
>  apm0: battery life expectancy 98%
>  apm0: AC on, battery charge high, charging
>  acpi at bios0 function 0x0 not configured
>  pcibios0 at bios0: rev 2.1 @ 0xfd8b0/0x750
>  pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf60/128 (6 entries)
>  pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371FB ISA" rev 0x00)
>  pcibios0: PCI bus #1 is the last bus
>  bios0: ROM list: 0xc/0xc000
>  cpu0 at mainbus0
>  pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
>  pchb0 at pci0 dev 0 function 0 "Intel 82440MX Host" rev 0x01
>  pcib0 at pci0 dev 7 function 0 "Intel 82440MX ISA" rev 0x01
>  pciide0 at pci0 dev 7 function 1 "Intel 82440MX IDE" rev 0x00: DMA,
>  channel 0 wired to compatibility, channel 1 wired to compatibility
>  wd0 at pciide0 channel 0 drive 0: 
>  wd0: 16-sector PIO, LBA, 11508MB, 23569967 sectors
>  wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
>  pciide0: channel 1 disabled (no drives)
>  uhci0 at pci0 dev 7 function 2 "Intel 82440MX USB" rev 0x00: irq 3
>  piixpcib0 at pci0 dev 7 function 3 "Intel 82440MX Power" rev 0x00
>  vga1 at pci0 dev 9 function 0 "Silicon Motion LynxEM+" rev 0xa0
>  wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
>  wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
>  cbb0 at pci0 dev 10 function 0 "TI PCI1211 CardBus" rev 0x00: irq 5
>  clct0 at pci0 dev 11 function 0 "Cirrus Logic CS4281 CrystalClear" rev
>  0x01 irq 4
>  ac97: codec id 0x43525914 (Cirrus Logic CS4297A rev 4)
>  ac97: codec features headphone, 20 bit DAC, 18 bit ADC, Crystal Semi 3D
>  audio0 at clct0
>  ath0 at pci0 dev 12 function 0 "Atheros AR2413" rev 0x01: irq 3
>  ath0: AR2413 7.8 phy 4.5 rf 5.6, FCC2A*, address 00:1d:0f:af:98:b7
>  isa0 at pcib0
>  isadma0 at isa0
>  pckbc0 at isa0 port 0x60/5
>  pckbd0 at pckbc0 (kbd slot)
>  pckbc0: using irq 1 for kbd slot
>  wskbd0 at pckbd0: console keyboard, using wsdisplay0
>  pms0 at pckbc0 (aux slot)
>  pckbc0: using irq 12 for aux slot
>  wsmouse0 at pms0 mux 0
>  pcppi0 at isa0 port 0x61
>  midi0 at pcppi0: 
>  spkr0 at pcppi0
>  lpt0 at isa0 port 0x378/4 irq 7
>  npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
>  fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
>  usb0 at uhci0: USB revision 1.0
>  uhub0 at usb0 "Intel UHCI root hub" rev 1.00/1.00 addr 1
>  isa at piixpcib0 not configured
>  cardslot0 at cbb0 slot 0 flags 0
>  cardbus0 at cardslot0: bus 1 device 0 cacheline 0x0, lattimer 0x20
>  pcmcia0 at cardslot0
>  biomask ef6d netmask ef6d ttymask ffef
>  mtrr: Pentium Pro MTRR support
>  ep1 at pcmcia0 function 0 "3Com, Megahertz 574B, B" port 0xa000/32:
>  address 00:50:da:e5:42:e7
>  tqphy0 at ep1 phy 0: 78Q2120 10/100 PHY, rev. 10
>  umass0 at uhub0 port 1 configuration 1 interface 0 "Kingston
>  DataTraveler 2.0" rev 2.00/2.00 addr 2
>  umass0: using SCSI over Bulk-Only
>  scsibus0 at umass0: 2 targets
>  sd0 at scsibus0 targ 1 lun 0:  SCSI2
>  0/direct removable
>  sd0: 3832MB, 488 cyl, 255 head, 63 sec, 512 bytes/sec, 7847936 sec total
>  softraid0 at root
>  root on wd0a swap on wd0b dump on wd0b
>
>

Same problem here, same NIC too.

http://cvs.openbsd.org/faq/faq6.html#CARP - section 6.11.2 missing new syntax?

[Richard Daemon]

Don't know if this was left out, but seems this section doesn't
mention the new CARP syntax such as using carpnodes?

No big deal here, but just thought I would mention it in case it was missed?

Thanks for the great work, great documentation and yet another great release!

Re: Install Open BSD along with Windows XP, Free BSD and Linux

[Richard Daemon]

On Tue, Apr 29, 2008 at 11:39 PM, aromes <[EMAIL PROTECTED]> wrote:
> Hi All,
>  Just couple of questions please:
>
>  -Do you know a multi-booter software (doesn't matter if it's commercial)
>  that will
>  let me multiboot easily Windows XP, Free BSD, Open BSD and Linux from
>  partitions that are
>  on the same hard drive?
>  -Can Open BSD (as it's possible with Linux) be booted (off whatever
>  partition) from a boot floppy?
>  -Can Open BSD be installed on a 3rd, 4th partition of a hard drive?
>
>  Thanks
>  --
>  View this message in context: 
> http://www.nabble.com/Install-Open-BSD-along-with-Windows-XP%2C-Free-BSD-and-Linux-tp16974804p16974804.html
>  Sent from the openbsd user - misc mailing list archive at Nabble.com.
>
>
Personally, I've used and like GAG (gag.sourceforge.net).

Re: ath0 - not reachable - system hangs

[Richard Daemon]

On Tue, Apr 15, 2008 at 11:52 AM, Dirk Mast <[EMAIL PROTECTED]> wrote:
>
> Matthew Szudzik wrote:
>
>  >> ath0 at pci0 dev 12 function 0 "Atheros AR2413" rev 0x01: irq 9
>  >> ath0: AR2413 7.8 phy 4.5 rf 5.6, FCC2A*, address 00:1d:0f:af:98:88
>  >
>  > According to the CVS log at
>  >  http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/ic/ath.c#rev1.56
>  > "support is still incomplete" for the AR2413 chipset.
>
>
>
> This log is now 17 months old, I had hoped, that something would
>  have changed there.
>
>  Perhaps it was overseen and forgotten by the devs.
>
>  Could we somehow help w/ testing or in some other way?
>
>  I can't donate the hardware, but I could definitely spend some time
>  or apply some patches if that would help the devs anyhow.
>
>  Would be nice, if these devices would work in the future.

I could probably still get them at a cheap price, $20.00 or so and
ship them if the shipping isn't too costly.
I too would love to get them fully and properly working.

Re: Use of 'Puffy' Logo *and* weatherproof stickers?

[Richard Daemon]

On Wed, Apr 9, 2008 at 9:46 AM, Kevin Wilcox <[EMAIL PROTECTED]> wrote:
> Hannah Schroeter wrote:
>
>
> > I read there (http://www.openbsd.org/art1.html):
> >
> >  but do not make profit from them since our own T-shirt sales provide
> >  funding so that OpenBSD can continue to operate.
> >
> > Recently it was said on a mailing list, that T-shirt sales do *not*
> > provide net funding, only donations and *CD* sales do. Which is true?
> >
>
>  I was a bit curious about that, too, but just figured it was a page left
> that still needed editing.
>
>  I also have a question of my own related to Puffy and, rather than start a
> new thread, I'll go ahead and ask in this one since it's kind of on-topic.
>
>  Before I have some weatherproof OpenBSD/Puffy stickers made up for my own
> personal use, does anyone know *off the top of your head* if there are
> already some out there, available for purchase, where proceeds find their
> way back to the project? I'd rather buy some knowing that some of the $$ is
> going to make its way back to OpenBSD than to spend the same amount and it
> all go to a corporate interest.
>
>  By weatherproof, I plan to stick it on my motorcycle luggage where it will
> be exposed to sun, rain, snow, ice and 120km/h+ winds.
>
>  Thanks!
>
>  kmw

Motocycle in snow and ice? And you're only concerned with having a
weatherproof sticker? ;-)

Re: Usefull info for a bug report regarding carp/pfsync?

[Richard Daemon]

On Tue, Apr 1, 2008 at 12:12 PM, Preston Kutzner
<[EMAIL PROTECTED]> wrote:
>
> On Mon, 31 Mar 2008 10:44:28 +0200
>  Simon Kammerer <[EMAIL PROTECTED]> wrote:
>
>  > Hi!
>  >
>  > after several years without any problems, we upgraded the hardware of
>  > our carp/pfsync gateway about four week ago. Two weeks ago, the gateway
>  > crashed completely: Both nodes were unreachable on all network
>  > interfaces, we had to reset both machines. Same problem last night. I
>  > can't find anything strange in  the logs.
>  > Its 4.2 from the official CD set, AMD64.
>  >
>  > Any hints what to add to a usefull bug report in addition to dmesg output?
>  >
>  > Thanks
>  > Simon
>  >
>  >
>
>  While I'm not having exactly the same issue, I am having a similar
>  issue.  Here's what I've been experiencing that I've found no
>  resolution to:
>
>  I'm running a small shuttle box (AMD_64) with nForce3 chipset.  It's
>  using the nfe(4) driver.  This box is used as a basic transparent
>  caching proxy server (squid + squidGuard)  Throughput is fairly
>  low-volume, as we only have a 1.5Mbit T1/DS1 connection.  The problem
>  I'm having is that periodically (and seemingly randomly) the TCP/IP
>  stack will apparently lock-up.  All network communication will cease
>  and a restart is needed to correct the problem.  While the network is
>  locked-up on the machine, I am still able to login via a local console,
>  and everything else seems to be working correctly.
>
>  I'm running OpenBSD 4.2.  Here is my dmesg output, as well as my sysctl
>  output.  I've tweaked a couple of settings in hopes that it would fix
>  the network lock-up issue, but so far, it hasn't.
>
>  DMESG output:
>
>  OpenBSD 4.2 (GENERIC) #1179: Tue Aug 28 10:37:50 MDT 2007
> [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC
>  real mem = 1073278976 (1023MB)
>  avail mem = 1030926336 (983MB)
>  mainbus0 at root
>  bios0 at mainbus0: SMBIOS rev. 2.2 @ 0xf (39 entries)
>  bios0: vendor Phoenix Technologies, LTD version "6.00 PG" date
>  06/28/2005 bios0: Shuttle Inc SN95V30
>  acpi at mainbus0 not configured
>  cpu0 at mainbus0: (uniprocessor)
>  cpu0: AMD Athlon(tm) 64 Processor 3700+, 2211.01 MHz
>  cpu0:
>  FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
>  H,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
>  cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB
>  64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8
>  4MB entries fully associative cpu0: DTLB 32 4KB entries fully
>  associative, 8 4MB entries fully associative cpu0: AMD erratum 89
>  present, BIOS upgrade may be required pci0 at mainbus0 bus 0:
>  configuration mode 1 pchb0 at pci0 dev 0 function 0 "NVIDIA nForce3 250
>  PCI Host" rev 0xa1 pcib0 at pci0 dev 1 function 0 "NVIDIA nForce3 250
>  ISA" rev 0xa2 nviic0 at pci0 dev 1 function 1 "NVIDIA nForce3 250
>  SMBus" rev 0xa1 iic0 at nviic0 iic1 at nviic0
>  adt0 at iic1 addr 0x2e: adm1027 rev 0x6a
>  iic1: addr 0x4e 03=06 04=06 12=ff 13=0f 28=83 29=12 2a=12 2b=28
>  ohci0 at pci0 dev 2 function 0 "NVIDIA nForce3 250 USB" rev 0xa1: irq
>  7, version 1.0, legacy support ohci1 at pci0 dev 2 function 1 "NVIDIA
>  nForce3 250 USB" rev 0xa1: irq 5, version 1.0, legacy support ehci0 at
>  pci0 dev 2 function 2 "NVIDIA nForce3 250 USB2" rev 0xa2: irq 10 usb0
>  at ehci0: USB revision 2.0 uhub0 at usb0: NVIDIA EHCI root hub, rev
>  2.00/1.00, addr 1 nfe0 at pci0 dev 5 function 0 "NVIDIA nForce3 LAN"
>  rev 0xa2: irq 10, address 00:30:1b:ba:2d:ee eephy0 at nfe0 phy 1:
>  Marvell 88E Gigabit PHY, rev. 2 auich0 at pci0 dev 6 function 0
>  "NVIDIA nForce3 250 AC97" rev 0xa1: irq 7, nForce3 AC97 ac97: codec id
>  0x414c4760 (Avance Logic ALC655 rev 0) audio0 at auich0
>  pciide0 at pci0 dev 8 function 0 "NVIDIA nForce3 250 IDE" rev 0xa2:
>  DMA, channel 0 configured to compatibility, channel 1 configured to
>  compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at
>  pciide0 channel 1 drive 1 scsibus0 at atapiscsi0: 2 targets
>  cd0 at scsibus0 targ 0 lun 0:  SCSI0
>  5/cdrom removable cd0(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 4
>  pciide1 at pci0 dev 10 function 0 "NVIDIA nForce3 250 SATA" rev 0xa2:
>  DMA pciide1: using irq 11 for native-PCI interrupt
>  wd0 at pciide1 channel 0 drive 0: 
>  wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors
>  wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
>  ppb0 at pci0 dev 11 function 0 "NVIDIA nForce3 250 AGP" rev 0xa2
>  pci1 at ppb0 bus 1
>  vga1 at pci1 dev 0 function 0 "ATI Radeon 9200 SE Sec" rev 0x01
>  wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
>  wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
>  "ATI Radeon 9200 SE" rev 0x01 at pci1 dev 0 function 1 not configured
>  ppb1 at pci0 dev 14 function 0 "NVIDIA nForce3 250 PCI-PCI" rev 0xa2
>  pci2 at ppb1 bus 2
>  "VIA VT6306 FireWire" rev 0x80 at pci2 dev 7 function 0 not configured
>  pchb1 at pci0 dev 24 funct

Re: OT: Wireframe Puffy 3D model for Lego's

[Richard Daemon]

On Sun, Mar 9, 2008 at 11:56 PM, Daniel Ouellet <[EMAIL PROTECTED]> wrote:
> Daniel Anderson wrote:
>  > If nobody responds to this with a quality file, I will gladly make a 2D
>  > version of it as an SVG for you and all of us.
>
>  I will wait a few days, may be someone might have something or not. I
>  can't say yet. No reply other then yours yet. Anything would be mostly
>  appreciated by my Sun and it would be much welcome. I always told my Sun
>  that you need not to have a weak heart to be on this list, but great
>  reply always come in time when needed and available.
>
>  My Sun asked me if an MLCad was available. I asked him, what's MLCad? He
>  spend hours explaining to me how this works and it's special for Lego's
>  and help a lots for it. So, we spend good times having fun. I sure don't
>  expect to have such a file as it would the up most gift to get, but
>  anything to start with that provide some perspective would sure be
>  welcome and I guess in time, he may finish the MLCad and make it
>  available with the Lego kit too. (;>
>
>  This is obviously way remote form OpenBSD, other then just Puffy, so I
>  don't want to take any ore time for anyone.
>
>  Just if you have something I would welcome getting it, or being pointed
>  in the right direction. It's hard to work from the image itself.
>
>  In any case, your offer is very much appreciated and I thank you too.
>
>  Best,
>
>  Daniel

Has he replied to this? I haven't been able to contact him off list,
the mail keeps failing.

TIA!

Re: soekris/pcenginges and RO mounting

[Richard Daemon]

On Tue, Mar 25, 2008 at 2:06 AM, Raja Subramanian
<[EMAIL PROTECTED]> wrote:
> On Sun, Mar 23, 2008 at 7:48 PM, Martin Marcher <[EMAIL PROTECTED]> wrote:
>  > being relatively new to obsd I have the problem of finding the right doc 
> parts.
>  >
>  > What I'm looking for are starting points to read about what to do when
>  > RO mounting the root fs (and all other parts) especially on CF-media.
>
>  I created an OpenBSD 4.1 based Live CD that mounts / as ro and /dev, /tmp,
>  /var /urs/local live in mfs.  OpenBSD makes this really easy, but I have not
>  documented the process.  Just download the iso image from the below URL
>  and take a look at the boot up scripts in /etc.  The change should be pretty
>  easy to understand.
>
>  http://rajasuperman.blogspot.com/2007/09/openbsd-41-live-cd.html
>
>  Hope this helps.
>
>  - Raja

If you can document the process, even if it's rough notes and not
formatted, I'm sure a lot of other people would also benefit and
appreciate it too!

Thanks for the ISO!

Regards,

Re: OpenBSD Artwork BSD Licensed?

[Richard Daemon]

On Sat, Mar 22, 2008 at 10:46 PM, Theo de Raadt <[EMAIL PROTECTED]> wrote:
>
> > I'm not sure how else to ask this, but are we allowed to take some of
>  > the OpenBSD artwork such as the blowfish wireframe pictures and specs,
>  > get some stickers, t-shirts or other custom media developed and
>  > perhaps even sell them?
>  > Of course, any profits would get funneled back - and at the same time,
>  > it is a form of advocacy and support in a positive light for a
>  > preferred project.
>  >
>  > I'm just curious to know if something like this is allowed or
>  > acceptable? Is it something that would be frowned upon? Is the artwork
>  > under a BSD license or such, or is it considered to be copyright the
>  > owner(s) and not allowed?
>  >
>  > According to
>  > http://www.openbsd.org/art4.html
>  >
>  > "Most images provided here are copyright by OpenBSD, by Theo de Raadt,
>  > or by other members or developers of the OpenBSD group. However, it is
>  > our intent that anyone be able to use these images to represent
>  > OpenBSD in a positive light. So enjoy them and let the world see them,
>  > if that is your wish."
>  >
>  > I know it says this on openbsd.org, but not specifically the questions
>  > above. This seems to imply using existing images from the image files
>  > on the website, but not the artwork itself - hence this email as I'm
>  > only wondering how this works.
>  >
>  > I appreciate any clarification on these questions.
>
>  Permission for resale is not granted.  The project sells some products
>  which use the artwork, and the project in part survives on the sale of
>  those items.
>
>  This has been asked numerous times before.  And yeah, quite a few
>  people have said they would funnel profits back to the project, yet
>  I've never not seen that happen even once.  Even when some big tshirt
>  printing places were doing it so, and their customers had said they
>  were doing so.  Not a dime.  Not saying you would be the same as those
>  people, but you had better prepare for me to be extremely sceptical
>  about such promises.

You're absolutely right and I can only agree with you in every aspect.

I appreciate the reply and feedback from you and the others who replied.
It was just a question, not an intention to actually take any sales
away from OpenBSD or to even go through with it.

I wouldn't doubt it either that people make promises like that and
don't actually go through with their promises once the money starts
coming in to them...

On a side note, is there somewhere we can purchase some translucent
wireframe blowfish stickers?
I for one would love to have some of these and I'm sure others would too.

Re: soekris/pcenginges and RO mounting

[Richard Daemon]

On Sun, Mar 23, 2008 at 11:23 AM, Lars NoodC)n <[EMAIL PROTECTED]> wrote:
> Martin Marcher wrote:
>  >...
>
> > What I'm looking for are starting points to read about what to do when
>  > RO mounting the root fs (and all other parts) especially on CF-media.
>
>  I did this recently, in December and January, and can point out what I
>  found.  More experienced or expert users will be able to say what the
>  better options are.
>
>  Since the smallest CF I could get was 1GB, I split it into two, to have
>  one for the root tree and another partition for reserve copies in case
>  experiments don't work.  The whole system, including extras, is about
>  202 MB.  I chose to do any compilation on another machine and therefore
>  left out comp, the man pages (for me) are as essential as the kernel so
>  I've kept them.  I can't remember why I kept misc.
>
>   [X] bsd
>   [X] bsd.rd
>   [ ] bsd.mp
>   [X] base42.tgz
>   [X] etc42.tgz
>   [X] misc42.tgz
>   [ ] comp42.tgz
>   [X] man42.tgz
>   [ ] game42.tgz
>   [ ] xbase42.tgz
>   [ ] xetc42.tgz
>   [ ] xshare42.tgz
>   [ ] xfont42.tgz
>   [ ] xserv42.tgz
>
>  I chose to have /tmp, /var, and /dev in memory and put the rest of the
>  normal system into one partition. /home is a symlink to /var/home/,
>  /root is a symlink to /var/root, /data is a separate partition for spare
>  material and short term backup.  No swap partition was used.
>
>  Templates for /dev and /var are kept in /dev.base and /var.base,
>  respectively.  There are probably better naming conventions.
>  mfs loads into RAM and then mounts the RAM versions.
>
>  Here is what I have in /etc/fstab (wrapped text) to do that:
>
>   /dev/wd0a / ffs ro 1 1
>   /dev/wd0d /data ffs rw,nodev,nosuid 1 2
>
>   # populate /var with data from CF, then mount in RAM
>   swap /var mfs -P/var.base,-s16,noexec,async,nosuid, \
>   nodev,noatime,rw 0 0
>
>   # mount /tmp in memory
>   swap /tmp mfs noexec,async,nosuid,nodev,noatime,rw, \
>   -b4096,-i1024,-s15000,-m0 0 0
>
>   # mount /dev in memory
>   swap /dev mfs rw,-P=/dev.base,-s=3000,-i=1024 0 0
>
>  When you make changes, mount -o rw /, then make the changes then sync.
>
>  I have also used config(8) to tune the GENERIC kernel somewhat.  Just
>  what I chose, I cannot recall, but when it is time to look at that
>  again, I will try removing unneeded devices.
>
>  Here is what I chose to have in /etc/boot.conf, the re-configured kernel
>  is called /nbsd:
>
>   stty com0 19200
>   set tty com0
>   #set image /bsd
>   set image /nbsd
>
>  To use cu, kermit or tip for serial console, you must be a member of the
>  group dialer.
>
>  I'm going to assume you have already set up a way to do the
>  installation.  I chose to use PXE boot.  Now that I seem to be swimming
>  in USB devices and media, I will probably try using those next time
>  instead.  Having PXE boot available is an advantage later if you want to
>  set run live CDs or thin clients.
>
>  For the logging, I've chosen not to worry about it yet.  When the
>  machine powers down, the logs are lost.  Maybe you could set up
>  something in /etc/rc.shutdown to rsync to a non-volatile partition.
>  An external log server is another option.  I've had log servers in the
>  past, but will postpone that till I can experiment more with IPv6.
>  There was a good IPv4 summary of logging on BSDTalk in January:
>
>   http://bsdtalk.blogspot.com/2008/01/bsdtalk138-central-syslog.html
>   http://cisx1.uma.maine.edu/~wbackman/bsdtalk/bsdtalk138.ogg
>
>  There is apparently a risk that the log partition on the log server can
>  get filled by anyone who wants to do so.
>
>  YMMV,
>  -Lars

I do pretty much the same as this, for years now on WRAP, Soekris and
now ALIX too (with BIOS 0.99b) but my fstab is a little different.
I install them via PXEbooting OpenBSD and they all run 4.2-stable
built on another, fast system, make via release(8) basically.

I also have the MFS contens such as /var/logs, /var/. sync to CF
on graceful shutdown via /etc/rc.shutdown and a crontab that
periodically syncs the MFS back to CF.
Never had a problem with any of these systems or the CF cards.

The systems do some really wonderful things, thanks to OpenBSD! =)

Regards.
Some contents on my CF card (config files, etc.) are remotely backed
up via rsync over SSH and/or tar over SSH to a remote system (and a
local backup too).

OpenBSD Artwork BSD Licensed?

[Richard Daemon]

Hi all,

I'm not sure how else to ask this, but are we allowed to take some of
the OpenBSD artwork such as the blowfish wireframe pictures and specs,
get some stickers, t-shirts or other custom media developed and
perhaps even sell them?
Of course, any profits would get funneled back - and at the same time,
it is a form of advocacy and support in a positive light for a
preferred project.

I'm just curious to know if something like this is allowed or
acceptable? Is it something that would be frowned upon? Is the artwork
under a BSD license or such, or is it considered to be copyright the
owner(s) and not allowed?

According to
http://www.openbsd.org/art4.html

"Most images provided here are copyright by OpenBSD, by Theo de Raadt,
or by other members or developers of the OpenBSD group. However, it is
our intent that anyone be able to use these images to represent
OpenBSD in a positive light. So enjoy them and let the world see them,
if that is your wish."

I know it says this on openbsd.org, but not specifically the questions
above. This seems to imply using existing images from the image files
on the website, but not the artwork itself - hence this email as I'm
only wondering how this works.

I appreciate any clarification on these questions.

Thank you,

Richard

Re: [OT] Pursuing Management to adopt OpenBSD

[Richard Daemon]

On Thu, Mar 20, 2008 at 5:50 PM, Chris <[EMAIL PROTECTED]> wrote:
> I been trying (rather unsuccessfully) to convince various clients and
>  employers to adopt OpenBSD. Most people, I find, are resistent to
>  change and would not use anything they are not familiar with. Others
>  would say that if I leave the job, it would be hard to find people who
>  can use (or even heard of) OpenBSD and in some places Management never
>  heard of OpenBSD and have very little clue as to how good or bad it is
>  compared to Linux/ Solaris and Windows thus they will just knock off
>  the proposal in 2 seconds.
>
>  Is there any way I could convince these people to make the move to
>  OpenBSD? Suggestions, tips and tricks along with real life examples
>  would be much appreciated. Thanks.


I'm in the same boat... Wondering the same things and looking for ways
as well, especially with the clueless IT manager types that have only
heard of Linux or Solaris at most.

Now if only someone could write a book on how to sell "free", OSS
solutions like this (with a lot of focus on OpenBSD) I would be one of
the first to pre-order it!

Re: ath0 - not reachable - system hangs

[Richard Daemon]

On Tue, Mar 11, 2008 at 7:32 AM, Dirk Mast <[EMAIL PROTECTED]> wrote:
>
> Matthew Szudzik wrote:
>
>  >> ath0 at pci0 dev 12 function 0 "Atheros AR2413" rev 0x01: irq 9
>  >> ath0: AR2413 7.8 phy 4.5 rf 5.6, FCC2A*, address 00:1d:0f:af:98:88
>  >
>  > According to the CVS log at
>  >  http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/ic/ath.c#rev1.56
>  > "support is still incomplete" for the AR2413 chipset.
>
>  This log is now 17 months old, I had hoped, that something would
>  have changed there.
>
>  Perhaps it was overseen and forgotten by the devs.
>
>  Could we somehow help w/ testing or in some other way?
>
>  I can't donate the hardware, but I could definitely spend some time
>  or apply some patches if that would help the devs anyhow.
>
>  Would be nice, if these devices would work in the future.

I can find the hardware, only ~ $21.00 Canadian for the AR2413 PCI ones.

Re: ath0 - not reachable - system hangs

[Richard Daemon]

On Mon, Mar 10, 2008 at 6:18 PM, Richard Daemon
<[EMAIL PROTECTED]> wrote:
>
> On Mon, Mar 10, 2008 at 5:16 PM, Dirk Mast <[EMAIL PROTECTED]> wrote:
>  > Hello,
>  >
>  >  I use a Atheros Mini-PCI Card, which I brought up with the following 
> command
>  >  (via the Book of pf):
>  >
>  >  sudo ifconfig ath0 up mediaopt hostap mode 11b chan 11 nwid pla nwkey 
> pladoh
>  >
>  >  sudo ifconfig ath0 10.50.90.1
>  >
>  >
>  >  I then can't find the AP, even when standing a few centimeters away.
>  >
>  >  (Not when using OpenBSD, and not when using Backtrack w/ Kismet)
>  >
>  >  That's the first issue (not working is bad..) but when I then
>  >  change the ath0 setup anyhow with ifconfig,
>  >  like ifconfig ath0 down or change the IP, the whole box hangs:
>  >  - doesn't answer to pings
>  >  - stops forwarding packets
>  >  - is not reachable anymore on all interfaces
>  >
>  >
>  >  here's the ifconfig output:
>  >  ath0: flags=8863 mtu 
> 1500
>  > lladdr 00:1d:0f:af:98:88
>  > groups: wlan
>  > media: IEEE802.11 autoselect mode 11b hostap
>  > status: active
>  > ieee80211: nwid con chan 11 bssid 00:1d:0f:af:98:88 nwkey stoke
>  > none
>  > inet6 fe80::21d:fff:feaf:9888%ath0 prefixlen 64 scopeid 0x4
>  > inet 10.50.90.1 netmask 0xff00 broadcast 10.255.255.255
>  >
>  >
>  >  and here an excerpt from dmesg:
>  >  ath0 at pci0 dev 12 function 0 "Atheros AR2413" rev 0x01: irq 9
>  >  ath0: AR2413 7.8 phy 4.5 rf 5.6, FCC2A*, address 00:1d:0f:af:98:88
>  >
>  >  Platform is an Alix2c3, which works very well except from this issue.
>  >
>  >  Any ideas?
>  >  Should I provide some additional logs/infos?
>  >
>  >
>
>  I'm having the exact same issue(s), system completely locks up.
>
>  Be it ALIX, WRAP or PC with Atheros wireless cards. I don't have any
>  others to test but Mini-PCI and PCI have both done it.
>
>  Would like to hear more too.
>
>  Thx!
>

BTW, I forgot to mention that I'm running 4.2-stable (February) and
using GENERIC.

Re: ath0 - not reachable - system hangs

[Richard Daemon]

On Mon, Mar 10, 2008 at 5:16 PM, Dirk Mast <[EMAIL PROTECTED]> wrote:
> Hello,
>
>  I use a Atheros Mini-PCI Card, which I brought up with the following command
>  (via the Book of pf):
>
>  sudo ifconfig ath0 up mediaopt hostap mode 11b chan 11 nwid pla nwkey pladoh
>
>  sudo ifconfig ath0 10.50.90.1
>
>
>  I then can't find the AP, even when standing a few centimeters away.
>
>  (Not when using OpenBSD, and not when using Backtrack w/ Kismet)
>
>  That's the first issue (not working is bad..) but when I then
>  change the ath0 setup anyhow with ifconfig,
>  like ifconfig ath0 down or change the IP, the whole box hangs:
>  - doesn't answer to pings
>  - stops forwarding packets
>  - is not reachable anymore on all interfaces
>
>
>  here's the ifconfig output:
>  ath0: flags=8863 mtu 1500
> lladdr 00:1d:0f:af:98:88
> groups: wlan
> media: IEEE802.11 autoselect mode 11b hostap
> status: active
> ieee80211: nwid con chan 11 bssid 00:1d:0f:af:98:88 nwkey stoke
> none
> inet6 fe80::21d:fff:feaf:9888%ath0 prefixlen 64 scopeid 0x4
> inet 10.50.90.1 netmask 0xff00 broadcast 10.255.255.255
>
>
>  and here an excerpt from dmesg:
>  ath0 at pci0 dev 12 function 0 "Atheros AR2413" rev 0x01: irq 9
>  ath0: AR2413 7.8 phy 4.5 rf 5.6, FCC2A*, address 00:1d:0f:af:98:88
>
>  Platform is an Alix2c3, which works very well except from this issue.
>
>  Any ideas?
>  Should I provide some additional logs/infos?
>
>

I'm having the exact same issue(s), system completely locks up.

Be it ALIX, WRAP or PC with Atheros wireless cards. I don't have any
others to test but Mini-PCI and PCI have both done it.

Would like to hear more too.

Thx!

Re: Nvidia binary display drivers compat. w/ OpenBSD?

[Richard Daemon]

On Fri, Mar 7, 2008 at 10:25 PM, Anon Y. Mous <[EMAIL PROTECTED]> wrote:
> Is there anyone who has had success using the Linux or
>  FreeBSD Nvidia binary graphics drivers with OpenBSD
>  i386
>  4.x?
>
>  X.org Version 7.0 or greater is required.
>
>
>  URL: http://www.nvidia.com/object/unix.html
>
>  I am running a Dell Inspirion 6400 notebook with:
>
>  Intel Core 2 Duo (Merom) T7200 @ 2.00 GHz w/ 4.0 MB
>  L2 on-die cache.
>
>  2.0 GB Non-ECC RAM @ 667 MHz FSB speed.
>
>  1680x1050 w/ 32bpp TFT LCD (native res.) WSXGA+
>  (widescreen aspect-ratio)
>
>  Intel 3945ABG 802.11.x wireless adapter.
>
>  Nvidia GeForce Go 7300 (shared memory) w/ 256 MB
>  (128/128).
>
>  I will install OpenBSD 4.x i386 if I can test that the
>
>  Nvidia display drivers work with OpenBSD.
>
>  I cannot get  to recognize the 1680x1050
>  resolution on my system. The max. resolution it sees
>  is:
>
>  1280x1024

I'm running 4.2-stable, using an Nvidia 8800GT, PCI-X (not GTX or GTS)
with 22" Samsung LCD @ 1680x1050 no problems, but I was only able to
get higher than 1280x1024 after I cvs'd an update provided by msf@
that I believe has since been committed to 4.3. Have you tried 4.3
just to see if there's been a change? If not, hopefully someone can
come up with a solution.

Have you tried without creating a custom conf file? After the change I
downloaded, the auto detection worked out of the box for me.

Re: OfficeJet sharing with WinXP

[Richard Daemon]

On Sat, Mar 8, 2008 at 12:59 AM, Predrag Punosevac
<[EMAIL PROTECTED]> wrote:
>
> Edward F. Ahlsen-Girard wrote:
>  > Has anybody had success with network printing from 4.2 (i386) to an HP
>  > OfficeJet 5510v (or similar) attached to an XP Pro workstation?  I
>  > hope to avoid trying all combinations of printing systems.  I'm
>  > pushing 50 and I might not live long enough to finish.
>  >
>  I do not have the same printer but I just checked specifications for
>  you. It speaks
>  proprietary Lightweight Imaging Device Interface Language and it does
>  not speak IPP or LPD internet printing protocols. That means that you
>  can not connect printer directly to network.
>
>  The good news is that the printer is supported by HPIJS driver which is
>  among 4.2 release packages
>  so should work without problem when directly connected to OpenBSD box. I
>  could walk you through with
>  installation and configuration.
>
>  Theoretically you can even unlock full functionality by HPLIP means
>  scanning, fax and PC initiated copying  (this is new package for 4.3)
>  although I have not been able to configure HPLIP properly on OpenBSD so
>  far. I am playing with it as we speak.
>
>  After you configure printer on OpenBSD box you may use  Samba to print
>  from your Windows box to the same printer i.e. OpenBSD box would act as
>  a printer server for Windows client. I have configured Samba once in my
>  life out of pure curiosity so you are better of asking somebody else for
>  help with that.
>
>  Can you make XP box act as a printer server for OpenBSD client is beyond
>  my knowledge and you should ask about that part somebody who actually
>  used Windows in her/his life.
>
>  Cheers,
>  Predrag
>
>

HPLIP is part of OpenBSD or port / pkg?

Re: OpenBSD storage server

[Richard Daemon]

On Thu, Mar 6, 2008 at 4:31 PM, bofh <[EMAIL PROTECTED]> wrote:
> On Thu, Mar 6, 2008 at 3:42 PM, Stuart Henderson <[EMAIL PROTECTED]>
>  wrote:
>
>
>  > On 2008-03-06, RS <[EMAIL PROTECTED]> wrote:
>  >
>
> > > I'll be using a cheap Athlon X2 / 1GB / Gig ethernet / mATX board to
>  > > complete the setup. I will definitely use OpenBSD's RAIDCtl for RAID 1
>  > > instead of the crappy on-board chips motherboard makers ship nowadays.
>  >
>  > The on-board RAID on cheap boards is typically software RAID with
>  > BIOS assistance to help it boot and as you probably know isn't supported
>  > here at all.
>  >
>
>  The bigger question is - exactly what do you want?  If this is an inside the
>  house box, not running pf, etc, I would seriously consider opensolaris.  ZFS
>  is incredibly easy to set up, and serves nfs/samba pretty easily.  raidz is
>  pretty good.

On an OpenBSD mailing list you're recommending OpenSolaris?

Why not at least FreeBSD with ZFS? ;-)

Re: floppy.fs

[Richard Daemon]

On Wed, Mar 5, 2008 at 3:44 PM, Paul Greidanus
<[EMAIL PROTECTED]> wrote:
>
> Richard Daemon wrote:
>  > On Wed, Mar 5, 2008 at 11:58 AM, Stuart Henderson <[EMAIL PROTECTED]> 
> wrote:
>  >
>  >> On 2008-03-05, Giancarlo Razzolini <[EMAIL PROTECTED]> wrote:
>  >>  >   I do the installation using a pen drive, not a 
> floppy,
>  >>  > so it would be nice if there was another image, suited for a pen drive
>  >>  > or other things bigger than floppy.
>  >>
>  >>  Just do an OS installation to the pen drive then you can boot from it
>  >>  and run bsd.rd. You can also copy the installation tgz files to it,
>  >>  if you would like to install on machines without a working network.
>  >>
>  >>  I pretty much exclusively use netboot of some kind these days though,
>  >>  pxeboot(8) is super easy on OpenBSD...
>  >>
>  >
>  > Speaking of which, is there a way or any plans to add the option to
>  > install from a tftpd itself rather than pxebooting - pull down the
>  > pxeboot and bsd.rd files over tftp then install from ftp, http, etc.?
>  >
>  >
>  I'm confused.. pxeboot/bsd.rd requires a tftp server, so you are booting
>  from tftp already.  Do you want to install the system from tftpboot,
>  i.e. base.tgz?  tftp is error prone, and bad for large files, so you
>  almost need http/ftp to do large files.  And it's easy to setup ftp.

That's exactly what I was curious on.
I assume it's error prone because it does it over UDP only?

I agree, it's very easy to set up ftp and what not, was just curious.
I've installed from pxeboot'ing a few times on various systems like
Soekris, WRAP, ALIX and others.
That's why I was thinking if there would be such an option for those
times when you need to pxeboot to install but don't run http/ftp on
the install server.
No big deal and I know there's many other ways to install on such systems...

Thanks for the responses.

Re: floppy.fs

[Richard Daemon]

On Wed, Mar 5, 2008 at 11:58 AM, Stuart Henderson <[EMAIL PROTECTED]> wrote:
> On 2008-03-05, Giancarlo Razzolini <[EMAIL PROTECTED]> wrote:
>  >   I do the installation using a pen drive, not a floppy,
>  > so it would be nice if there was another image, suited for a pen drive
>  > or other things bigger than floppy.
>
>  Just do an OS installation to the pen drive then you can boot from it
>  and run bsd.rd. You can also copy the installation tgz files to it,
>  if you would like to install on machines without a working network.
>
>  I pretty much exclusively use netboot of some kind these days though,
>  pxeboot(8) is super easy on OpenBSD...

Speaking of which, is there a way or any plans to add the option to
install from a tftpd itself rather than pxebooting - pull down the
pxeboot and bsd.rd files over tftp then install from ftp, http, etc.?

Just curious.

Re: Nfsen and php problems...?

[Richard Daemon]

Looks exactly like what I had, Tasmanian Devil's suggestion fixed it:

I changed the short_open_tag=Off to On:
"short_open_tag = On" in the php.ini.

Also, are you doing this in a chroot apache? If so, try with 'httpd
-u' instead to see if that fixes it (outside the chroot). I haven't
tried to get it working while running the httpd in a chroot myself yet
so that could another cause to it as I've also seen.

If not, might be something with the path somewhere, perhaps nfsen.conf?

Hope this helps.

On Mon, Mar 3, 2008 at 4:21 PM, Balgaa <[EMAIL PROTECTED]> wrote:
> hello,
>
>  I have problem similiar but it says about permission.
>  ERROR: nfsend connect() error: Permission denied!
>
> ERROR: nfsend - connection failed!!
>  ERROR: Can not initialize globals!
>
>  Is there anything wrong with directory or file permission?
>
>
>
>
>
>  Richard Daemon wrote:
>  >
>  > Hi,
>  >
>  > I'm really stumped on this and any help would be greatly appreciated.
>  >
>  > When trying to load the nfsen/nfsen.php page I get:
>  >
>  > ERROR: nfsend connect() error: No such file or directory!
>  > ERROR: nfsend - connection failed!!
>  > ERROR: Can not initialize globals!
>  >
>  > I'm sure I have it configured properly and started properly as the
>  > documentation states, I've read over and over and over again...
>  >
>  > I've used the default ./etc/nfsen-dist.conf > ./etc/nfsen.conf (tried
>  > with and without changing HTMLDIR)
>  >
>  > I'm running httpd -u (non-chroot), php enabled, configured in
>  > httpd.conf and tested ok - httpd chrooted works less, for now.
>  >
>  > I did the mkdir /data then ran the ./install.pl etc/nfsen.conf
>  >
>  > Started it with: ./nfsen start and it starts ok.
>  >
>  > in nfsen.conf I tried with /var/www/nfsen and /var/www/htdocs/nfsen
>  > (same results)...
>  >
>  > %sources = (
>  > #'upstream1'=> { 'port'=> '9995', 'col' => '#ff',
>  > 'type' => 'netflow' },
>  > 'slacker'=> { 'port'=> '9995', 'col' => '#ff', 'type'
>  > => 'netflow' },
>  > #'peer1'=> { 'port'=> '9996', 'col' => '#ff' },
>  > );
>  >
>  > Then when I try http://slacker/nfsen/nfsen.php I get:
>  >
>  > ERROR: nfsend connect() error: No such file or directory!
>  > ERROR: nfsend - connection failed!!
>  > ERROR: Can not initialize globals!in red.
>  >
>  > pfflowd -d -n 192.168.0.10 running from remote host.
>  >
>  > I tried 1.3 and 1.3b, including nfsen -r live.
>  >
>  > I also get this in /var/log/messages:
>  > Feb 16 22:50:15 slacker nfsen[689]: Error reading channel stat
>  > information. Missing key 'first'
>  >
>  > $ netstat -anf inet |grep 995
>  > udp0  0  *.9995 *.*
>  >
>  > Running OpenBSD 4.2-stable.
>  >
>  > Did I miss anything? Am I doing something wrong?
>  >
>  > Any help is greatly appreciated!
>  >
>  >
>  >
>
>  --
>  View this message in context: 
> http://www.nabble.com/Nfsen-and-php-problems...--tp15526200p15814259.html
>  Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: named dhcpd network problems after update

[Richard Daemon]

On Wed, Feb 27, 2008 at 7:38 PM, xSAPPYx <[EMAIL PROTECTED]> wrote:
> Heya misc:
>
>  Base dhcpd and named are failing to start after an update. I'm really
>  confused at this point. Other daemons are working fine and I can't see
>  anything else 'wrong' with the system. Any thoughts at all would be
>  greatly appreciated.
>
>  This was a 4.2-release system. I followed the standard process (build
>  kernel, reboot, build userland). I've done it twice now figuring I
>  screwed something up (which i still believe)
>
>  I updated my source tree with:
>  cvs -d$CVSROOT update -rOPENBSD_4_2 -Pd src
>  cvs -d$CVSROOT update -rOPENBSD_4_2 -Pd ports
>
>
>  Here is a snippit of /var/log/messages during bootup:
>  Feb 27 15:54:49 vash named[21321]: starting BIND 9.3.4
>  Feb 27 15:54:50 vash named[21321]:
>  /usr/src/usr.sbin/bind/lib/isc/unix/ifiter_getifaddrs.c:107:
>  INSIST(ifa != 0L) failed
>  Feb 27 15:54:50 vash named[21321]: exiting (due to assertion failure)
>  Feb 27 15:54:51 vash savecore: no core dump
>  Feb 27 15:54:52 vash dhcpd: Can't listen on bge0 - it has no IP address.
>  Feb 27 15:54:52 vash dhcpd: No interfaces to listen on.
>  Feb 27 15:54:52 vash dhcpd: exiting.
>  Feb 27 15:54:54 vash squid[3353]: Squid Parent: child process 19826 started
>
>
>  Trying to start named and dhcpd manually we get:
>
>  root:/root/scripts:8# named -f -g -d7
>  Starting privilege seperation
>  27-Feb-2008 16:32:47.378 starting BIND 9.3.4 -f -g -d7
>  27-Feb-2008 16:32:47.381 loading configuration from '/etc/named.conf'
>  27-Feb-2008 16:32:47.397 set maximum stack size to 33554432: success
>  27-Feb-2008 16:32:47.397 set maximum data size to 1073741824: success
>  27-Feb-2008 16:32:47.397 set maximum core size to 9223372036854775807: 
> success
>  27-Feb-2008 16:32:47.397 set maximum open files to 1024: success
>  27-Feb-2008 16:32:47.397
>  /usr/src/usr.sbin/bind/lib/isc/unix/ifiter_getifaddrs.c:107:
>  INSIST(ifa != 0L) failed
>  27-Feb-2008 16:32:47.397 exiting (due to assertion failure)
>
>  root:/root/scripts:9# dhcpd -d -f
>  No interfaces to listen on.
>  exiting.
>  root:/root/scripts:10#
>
>
>  Random pieces of possibly useful output follow
>
>  root:/root/scripts:7# ifconfig -a
>  lo0: flags=8049 mtu 33168
> groups: lo
> inet 127.0.0.1 netmask 0xff00
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
>  bge0: flags=8843 mtu 1500
> lladdr 00:0a:e4:26:dd:30
> description: Internal to my cube
> media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
> status: active
> inet 192.168.24.5 netmask 0xff00 broadcast 192.168.24.255
> inet6 fe80::20a:e4ff:fe26:dd30%bge0 prefixlen 64 scopeid 0x1
>  em0: flags=8843 mtu 1500
> lladdr 00:11:0a:60:0d:82
> description: Lans Scare Me
> groups: egress
> media: Ethernet autoselect (100baseTX full-duplex)
> status: active
> inet 10.100.7.38 netmask 0xff00 broadcast 10.100.7.255
> inet6 fe80::211:aff:fe60:d82%em0 prefixlen 64 scopeid 0x2
>  em1: flags=8802 mtu 1500
> lladdr 00:11:0a:60:0d:83
> media: Ethernet autoselect (none)
> status: no carrier
>  enc0: flags=0<> mtu 1536
>  pflog0: flags=141 mtu 33168
> groups: pflog
>
>
>  root:/root/scripts:3# uname -a
>  OpenBSD vash.copart.com 4.2 GENERIC#2 amd64
>
>
>  root:/root/scripts:5# cat /var/run/dmesg.boot
>  OpenBSD 4.2-stable (GENERIC) #2: Wed Feb 27 14:31:04 PST 2008
> [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC
>  real mem = 1609551872 (1534MB)
>  avail mem = 1549684736 (1477MB)
>  mainbus0 at root
>  bios0 at mainbus0: SMBIOS rev. 2.33 @ 0xefeb0 (37 entries)
>  bios0: vendor Sun Microsystems version "R01-B5 S1" date 09/29/2006
>  bios0: Sun Microsystems W1100z/2100z
>  acpi at mainbus0 not configured
>  cpu0 at mainbus0: (uniprocessor)
>  cpu0: AMD Opteron(tm) Processor 144, 1795.14 MHz
>  cpu0: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3
>  DNOW
>  cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB
>  64b/line 16-way L2 cache
>  cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
>  cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
>  cpu0: AMD errata 86, 89, 97, 104 present, BIOS upgrade may be required
>  pci0 at mainbus0 bus 0: configuration mode 1
>  ppb0 at pci0 dev 6 function 0 "AMD 8111 PCI-PCI" rev 0x07
>  pci1 at ppb0 bus 1
>  ohci0 at pci1 dev 0 function 0 "AMD 8111 USB" rev 0x0b: irq 11,
>  version 1.0, legacy support
>  ohci1 at pci1 dev 0 function 1 "AMD 8111 USB" rev 0x0b: irq 11,
>  version 1.0, legacy support
>  ohci2 at pci1 dev 3 function 0 "NEC USB" rev 0x43: irq 10, version
>  1.0, legacy support
>  ohci3 at pci1 dev 3 function 1 "NEC USB" rev 0x43: irq 11, version
>  1.0, legacy support
>  ehci0 at pci1 dev 3 function 2 "NEC USB" 

Re: OpenBSD Strange Problem

[Richard Daemon]

On Wed, Feb 27, 2008 at 9:51 PM, Wong Peter <[EMAIL PROTECTED]> wrote:
> Hello all respect network administrator, i have set up a openbsd gateway but
>  the wireless connection(gateway) is not detected by client but before this
>  is ok. Can see it widnows but now cannot. I don't know what wrong with it.
>  I sure my configuration is ok because i didn't edit it.
>  Another problem now is when oot up to process starting network, previously i
>  did not need to enter ctrl + C to proceeed to DHCP request for rl0 but now i
>  need that. I alos don't know what wrong.
>  Third problem is from openbsd canno ping to LAN client ip but client can
>  ping to openbsd.
>  I try router add 176.16.10.11(destination) 176.16.10.1(gateway) return file
>  exists. If this routing is exists, then should be no problem but who come
>  cannot ping from openbsd to client.
>
>  My Version of openbsd is 4.1
>
>  I hope you can help me out. becuase my hair has drop until no more hair.
>
>
>  If you all need extra information or configuration, please let me know.
>
>
>  A billion thanks for your help
>
>  --
>  Linux
>
>

Sounds like something with your pf.conf. Try allowing everything
in/out just to test and be sure pf is enabled...

Re: trunk failover without failing back to master port

[Richard Daemon]

On Sun, Feb 24, 2008 at 9:33 AM, Vijay Sankar <[EMAIL PROTECTED]> wrote:
> Good day,
>
>  I have two interfaces -- nfe0 on switch0 and nfe1 on switch1 are part of
>  trunk0. Trunk failover from nfe0 to nfe1 works  very well. No problems if
>  switch 0 goes offline -- traffic goes through switch1 flawlessly. Once
>  switch0 comes back online, traffic is disrupted for about 30 seconds.
>
>  I would like traffic to continue through switch1 after switch0 is back online
>  (or at least have a delay of 30 or 45 seconds before failing back to the
>  master) and don't know how to do this. Is this possible? Should I be using
>  ifstated for this in addition to trunk?
>
>  Please let me know of any clues to resolving this.
>
>  Thanks very much,
>
>  Vijay
>
>
>  --
>  Vijay Sankar, M.Eng., P.Eng.
>  President & CEO
>  ForeTell Technologies Limited
>  59 Flamingo Avenue, Winnipeg, MB Canada R3J 0X6
>  Phone: +1 204 885 9535, E-Mail: [EMAIL PROTECTED]
>
>

Hi Vijay,

I don't know if anyone responded to you on this but I am very curious
to know myself as well...
Personally, I haven't used trunk(4) too much yet so I might not be of much help.

My guess would be either something with the rules (with regards to
keeping state or finding a way to sync the states) unless that 30
seconds is normal???
But to me that seems odd to have that long of a disruption, 30 seconds, ouch.

The other option you said was to delay it 30-45 seconds.
For that, then I would personally think that ifstated would or could
do the trick, but maybe someone else can give better feedback than me
on this whole issue?

Also, could it be caused by something with the switches layer 2 cache
timeout period or something to that effect? Just a thought.

Regards,

Richard

Re: ham,Re: ham,Re: Monitoring Bandwidth Usage, based on ports, service, client, etc.

[Richard Daemon]

On Sat, Feb 16, 2008 at 1:59 PM, Simon Slaytor <[EMAIL PROTECTED]> wrote:
> Sorry Richard, should have mentioned the RRD voodoo, hopefully Peter has
>  set you on the right track.
>
>  I never really liked the 'rough' graphs produced by the version of RRD
>  Graph available from the packages collection. I've downloaded the latest
>  1.2.6 port version from openports.se and compiled and built this. I then
>  tweak nfsen adding the RRD 'slope' and anti alias features, not exactly
>  accurate but very pretty!

What tweaks did you do as a tweak or is 1.2.6 worth the change alone?

TIA!

Re: There's something about OpenBSD...

[Richard Daemon]

On Thu, Feb 21, 2008 at 2:30 PM, Jason Dixon <[EMAIL PROTECTED]> wrote:
> On Feb 21, 2008, at 1:40 PM, Nick Holland wrote:
>
>  > Mayuresh Kathe wrote:
>  >> What is it about OpenBSD that I can't resist it?
>  >>
>
> > yeah, I've been doing some things with Solaris for work, it's stunned
>  > me that an OS can take most of DVD...and still be missing what I would
>  > call absolute basics that OpenBSD has on an install that fits in half
>  > of a CD.  I know, deep down, Solaris is a very good OS, and inspires a
>  > lot of the work OpenBSD developers do, but man, it's got user
>  > interface
>  > "features" that were fixed in MS-DOS and CP/M decades ago, and What
>  > The
>  > Heck do you put on an entire DVD when it doesn't even have a C
>  > compiler
>  > or some very basic management tools...
>
>
>  Sun Microsystems Inc.   SunOS 5.10  Generic January 2005
>  -bash-3.00$ grep -r foo *
>  grep: illegal option -- r
>  Usage: grep -hblcnsviw pattern file . . .
>
>
>  Enough said.
>
>  ---
>  Jason Dixon
>  DixonGroup Consulting
>  http://www.dixongroup.net
>
>

Did you mean -R?

Re: make release errors

[Richard Daemon]

On Wed, Feb 20, 2008 at 8:11 PM, Richard Daemon
<[EMAIL PROTECTED]> wrote:
>
> On Wed, Feb 20, 2008 at 6:26 PM, Chris Smith <[EMAIL PROTECTED]> wrote:
>  > Hello,
>  >
>  >  Trying to do a "make release" apparently without success:
>  >  =
>  >  cp /usr/dest/snapshot/*BOOT* /usr/rel
>  >  cp: /usr/dest/snapshot/*BOOT*: No such file or directory
>  >  *** Error code 1 (ignored)
>  >  cp /usr/dest/snapshot/cd*.iso /usr/rel
>  >  cp /usr/dest/snapshot/Packages /usr/rel
>  >  cp: /usr/dest/snapshot/Packages: No such file or directory
>  >  *** Error code 1 (ignored)
>  >  cp /usr/dest/snapshot/INSTALL.* /usr/rel
>  >  cp /usr/dest/snapshot/*.fs /usr/dest/snapshot/*.fs.gz /usr/rel
>  >  cp: /usr/dest/snapshot/*.fs.gz: No such file or directory
>  >  *** Error code 1 (ignored)
>  >  cd /usr/rel;  md5 *bsd!(*.gz) *boot* cdbr *BOOT* INSTALL.* Packages *.fs
>  >  *.iso *.gz *.tgz > MD5
>  >  md5: cannot open *BOOT*: No such file or directory
>  >  md5: cannot open Packages: No such file or directory
>  >  md5: cannot open *.gz: No such file or directory
>  >  cd /usr/rel && sort -o MD5 MD5
>  >  =
>  >
>  >  System started as a clean install from the 2/17/08 snapshot and upgraded
>  >  to -current before doing "make release". I followed the instructions
>  >  at: http://openbsd.org/faq/faq5.html#Release
>  >
>  >  What did I miss?
>  >
>  >  Thank you,
>  >  --
>  >  Chris
>  >
>  >
>
>  Probably because the steps -> test -d ${DESTDIR} && mv ${DESTDIR}
>  ${DESTDIR}.old && rm -rf ${DESTDIR}.old &
>
>  Skip that part or better yet, don't rm -rf until you're fully finished
>  everything... Especially if you want to make a full release(8) with X
>  sets too then you'll have OpenBSD in ${DESTDIR}.old and Xenocara in
>  ${DESTDIR}, if memory serves me correctly. It's kinda misleading and
>  the same goes with release(8).
>
>  Just my $0.02, hope this helps.
>

whoops, i meant lower in the FAQ:

# test -d ${DESTDIR} && mv ${DESTDIR} ${DESTDIR}- && \
 rm -rf ${DESTDIR}- &

Re: make release errors

[Richard Daemon]

On Wed, Feb 20, 2008 at 6:26 PM, Chris Smith <[EMAIL PROTECTED]> wrote:
> Hello,
>
>  Trying to do a "make release" apparently without success:
>  =
>  cp /usr/dest/snapshot/*BOOT* /usr/rel
>  cp: /usr/dest/snapshot/*BOOT*: No such file or directory
>  *** Error code 1 (ignored)
>  cp /usr/dest/snapshot/cd*.iso /usr/rel
>  cp /usr/dest/snapshot/Packages /usr/rel
>  cp: /usr/dest/snapshot/Packages: No such file or directory
>  *** Error code 1 (ignored)
>  cp /usr/dest/snapshot/INSTALL.* /usr/rel
>  cp /usr/dest/snapshot/*.fs /usr/dest/snapshot/*.fs.gz /usr/rel
>  cp: /usr/dest/snapshot/*.fs.gz: No such file or directory
>  *** Error code 1 (ignored)
>  cd /usr/rel;  md5 *bsd!(*.gz) *boot* cdbr *BOOT* INSTALL.* Packages *.fs
>  *.iso *.gz *.tgz > MD5
>  md5: cannot open *BOOT*: No such file or directory
>  md5: cannot open Packages: No such file or directory
>  md5: cannot open *.gz: No such file or directory
>  cd /usr/rel && sort -o MD5 MD5
>  =
>
>  System started as a clean install from the 2/17/08 snapshot and upgraded
>  to -current before doing "make release". I followed the instructions
>  at: http://openbsd.org/faq/faq5.html#Release
>
>  What did I miss?
>
>  Thank you,
>  --
>  Chris
>
>

Probably because the steps -> test -d ${DESTDIR} && mv ${DESTDIR}
${DESTDIR}.old && rm -rf ${DESTDIR}.old &

Skip that part or better yet, don't rm -rf until you're fully finished
everything... Especially if you want to make a full release(8) with X
sets too then you'll have OpenBSD in ${DESTDIR}.old and Xenocara in
${DESTDIR}, if memory serves me correctly. It's kinda misleading and
the same goes with release(8).

Just my $0.02, hope this helps.

Re: Nfsen and php problems...?

[Richard Daemon]

On Feb 18, 2008 3:48 AM, Tasmanian Devil <[EMAIL PROTECTED]> wrote:
> Hello!
>
> > lookup.php at least gives a yellow page and also allows me to see it's
> > source, unlike the others:
> >
> >  > /* This file was automatically created by the NfSen install.pl script */
>
> This and especially the empty pages sound like you've "short_open_tag
> = Off" in your /var/www/conf/php.ini. From that file:
>
> ; Allow the  tags are recognized.
> ; NOTE: Using short tags should be avoided when developing applications or
> ; libraries that are meant for redistribution, or deployment on PHP
> ; servers which are not under your control, because short tags may not
> ; be supported on the target server. For portable, redistributable code,
> ; be sure not to use short tags.
> short_open_tag = Off
>
> So if my guess is right, you should either fix the php files or set
> "short_open_tag = On".
>
> Tas.
>

Sweet!!! That was it! Thank you! :-)

I used the stock php.ini-recommended > php.ini with minor
modifications, with this option staying at the default.

The pages now display, but not sure yet if the graphs are updating but
the flows are updating properly with nfcapd. Will test some more after
working tonight.

Thanks guys!

Re: Nfsen and php problems...?

[Richard Daemon]

On Feb 17, 2008 7:15 AM, Peter Haag <[EMAIL PROTECTED]> wrote:
>
>
> --On February 17, 2008 11:28:42 AM +0100 Peter Haag <[EMAIL PROTECTED]> wrote:
>
> |
> |
> | --On February 16, 2008 11:20:29 PM -0500 Richard Daemon <[EMAIL PROTECTED]> 
> wrote:
> |
> | | Hi,
> | |
> | | I'm really stumped on this and any help would be greatly appreciated.
> | |
> | | When trying to load the nfsen/nfsen.php page I get:
> | |
> | | ERROR: nfsend connect() error: No such file or directory!
> | | ERROR: nfsend - connection failed!!
> | | ERROR: Can not initialize globals!
> |
> | The bachend and the frontend communicat over a UNIX socket, which is defined
> | in nfsen.conf:
> |
> | #
> | # nfsend communication socket
> | # $COMMSOCKET = "$PIDDIR/nfsen.comm";
> |
> | The default location in in the NfSen POD dir, but can be adjusted as
> | required. The socket is owned by $USER in group $WWWGROUP with
> | mode 0660. Depending on what mount flags your volume has, the group
> | group seamed not be honoured be the OS and the group daemon is used instead.
> | If so, you need either to change the socket group to $WWWGROUP, or make sure
> | the socket has mode 0666 ( actually not a very good idea ).
> | I've not yet figured out, why the group settings are not honoured by the OS.
>
> To follow up: apply this patch:
>
> --- /data/nfsen/libexec/Nfcomm.pm.orig  Sun Feb 17 13:12:15 2008
> +++ /data/nfsen/libexec/Nfcomm.pm   Sun Feb 17 13:12:20 2008
> @@ -753,6 +753,7 @@
> return undef;
> }
> chmod 0660, $socket_path;
> +   chown $NfConf::UID, $NfConf::GID, $socket_path;
>
> } else {
> # TCP Internet socket
>
>
>
> |
> | Hope this help.
> |
> | - Peter

Well, I tried all your suggestions including patching it. Same
results... (on version 1.3b...)

Maybe I'm missing a step or something in apache not configured
correctly, I'm just not sure anymore...
It's driving me nuts not being able to get it working; is it something
obvious I'm overlooking?

Other php pages load (symon, etc.) so php works ok for some things. I
installed pear-Net-Socket as well and enabled sockets in httpd
(started with httpd -u).
The other pages don't load anything at all, just blank, except two:

pic.php and rrdgraph.php return with errors:
The image "http://slacker/nfsen/pic.php"; cannot be displayed, because
it contains errors.
The image "http://slacker/nfsen/rrdgraph.php"; cannot be displayed,
because it contains errors.

lookup.php at least gives a yellow page and also allows me to see it's
source, unlike the others:





Lookup: ''









Could it have something to do with the --enable-nfprofile problem
encountered originally where I had to setenv the LDFLAGS?

Might you have some examples of a related httpd.conf for nfsen,
required pkg's, nfsen hierarchy on OpenBSD or anything else that may
help resolve this or if it's something I'm doing wrong?

Did I miss anything?

Thanks for all the help!

Nfsen and php problems...?

[Richard Daemon]

Hi,

I'm really stumped on this and any help would be greatly appreciated.

When trying to load the nfsen/nfsen.php page I get:

ERROR: nfsend connect() error: No such file or directory!
ERROR: nfsend - connection failed!!
ERROR: Can not initialize globals!

I'm sure I have it configured properly and started properly as the
documentation states, I've read over and over and over again...

I've used the default ./etc/nfsen-dist.conf > ./etc/nfsen.conf (tried
with and without changing HTMLDIR)

I'm running httpd -u (non-chroot), php enabled, configured in
httpd.conf and tested ok - httpd chrooted works less, for now.

I did the mkdir /data then ran the ./install.pl etc/nfsen.conf

Started it with: ./nfsen start and it starts ok.

in nfsen.conf I tried with /var/www/nfsen and /var/www/htdocs/nfsen
(same results)...

%sources = (
#'upstream1'=> { 'port'=> '9995', 'col' => '#ff',
'type' => 'netflow' },
'slacker'=> { 'port'=> '9995', 'col' => '#ff', 'type'
=> 'netflow' },
#'peer1'=> { 'port'=> '9996', 'col' => '#ff' },
);

Then when I try http://slacker/nfsen/nfsen.php I get:

ERROR: nfsend connect() error: No such file or directory!
ERROR: nfsend - connection failed!!
ERROR: Can not initialize globals!in red.

pfflowd -d -n 192.168.0.10 running from remote host.

I tried 1.3 and 1.3b, including nfsen -r live.

I also get this in /var/log/messages:
Feb 16 22:50:15 slacker nfsen[689]: Error reading channel stat
information. Missing key 'first'

$ netstat -anf inet |grep 995
udp0  0  *.9995 *.*

Running OpenBSD 4.2-stable.

Did I miss anything? Am I doing something wrong?

Any help is greatly appreciated!

Re: ham,Re: ham,Re: Monitoring Bandwidth Usage, based on ports, service, client, etc.

[Richard Daemon]

Thanks Simon!

He did get me on the right track, but tracking the required Perl Modules and
each subsequent Dependencies for nfsen is a lengthy process... Unless
there's a better way than manually downloading each one and their subsequent
dependencies...?

On Feb 16, 2008 1:59 PM, Simon Slaytor <[EMAIL PROTECTED]> wrote:

> Sorry Richard, should have mentioned the RRD voodoo, hopefully Peter has
> set you on the right track.
>
> I never really liked the 'rough' graphs produced by the version of RRD
> Graph available from the packages collection. I've downloaded the latest
> 1.2.6 port version from openports.se and compiled and built this. I then
> tweak nfsen adding the RRD 'slope' and anti alias features, not exactly
> accurate but very pretty!
>
>
> Peter Haag wrote:
> >
> >
> > --On February 16, 2008 2:36:33 AM -0500 Richard Daemon
> > <[EMAIL PROTECTED]> wrote:
> >
> > | How did you get --enable-nfprofile working?
> > |
> > | I tried with --with-rrdpath=/usr/local where /usr/local/lib/ has:
> > |
> > | /usr/local/lib/librrd.a
> > | /usr/local/lib/librrd.la
> > | /usr/local/lib/librrd.so.0.0
> >
> > RRD is a bit picky especially under OpenBSD. So
> > In your shell (C-shell ex.) set:
> >
> > setenv LDFLAGS '-L/usr/local/lib -L/usr/X11R6/lib'
> >
> > rerun ./configure
> >
> > Enjoy
> >
> >- Peter
> >
> > |
> > | Yet I get this error:
> > | configure: error: Can not link librrd. Please specify
> --with-rrdpath=..
> > | configure failed!
> > | ...
> > | Using nfsen 1.3 (latest -stable) and nfdump 1.5.6.
> > |
> > | I'm not sure what else to try.
> > |
> > | Now if only someone could make this BSD licensed software as a port.
> > :-)
> >
> >
> > It's on my todo list, as soon as time allows.
> >
> >
> > |
> > | On Fri, Feb 15, 2008 at 5:07 PM, Simon Slaytor <[EMAIL PROTECTED]>
> > wrote:
> > |
> > | > Yes I have four high availability 4.2 firewalls, 8 boxes in total
> all
> > | > sending data to a single nfsen backend which is running on a
> > dedicated
> > | > OBSD 4.2 box. All dependent apps/tools are available from ports,
> > simply
> > | > enable apache in non chroot mode then just compile up the two apps
> > from
> > | > src.
> > | >
> > | > Richard Daemon wrote:
> > | > >
> > | > >
> > | > > On Fri, Feb 15, 2008 at 11:17 AM, Simon Slaytor <[EMAIL PROTECTED]
> > | > > <mailto:[EMAIL PROTECTED]>> wrote:
> > | > >
> > | > > It would take a bit more setting up but what about pfflowd
> from
> > | > > ports/packages and nfdump/nfsen?
> > | > >
> > | > > I use this at work for tracking exactly what's flowing
> > through our
> > | > > firewalls i.e. which protocols by who'm to where etc.
> > | > >
> > | > > Sounds like exactly what your after.
> > | > >
> > | > > http://nfsen.sourceforge.net/
> > | > >
> > | > >
> > | > > Wow, now this looks good!
> > | > >
> > | > > You have it working with OpenBSD firewalls using pfflowd for
> > | > > nfdump/nfsen or are you using nfdump/nfsen with netflows from
> other
> > | > > infrastructure systems?
> > |
> >
> >
> >
> > --
> > Peter Haag
> >
> > .

Re: ham,Re: Monitoring Bandwidth Usage, based on ports, service, client, etc.

[Richard Daemon]

Hi Peter,

Thanks for the help!
It worked for the most part - it didn't find rrd.h after that, in
/usr/local/include, so I copied it to /usr/include and the ./configure then
worked.

Is there a way to compile nfsen without the use or requirement of
Mail::Header and Mail::Internet & related dependencies if I have no plans on
emailing the alerts?

Regards

On Feb 16, 2008 10:33 AM, Peter Haag <[EMAIL PROTECTED]> wrote:

>
>
> --On February 16, 2008 2:36:33 AM -0500 Richard Daemon <
> [EMAIL PROTECTED]> wrote:
>
> | How did you get --enable-nfprofile working?
> |
> | I tried with --with-rrdpath=/usr/local where /usr/local/lib/ has:
> |
> | /usr/local/lib/librrd.a
> | /usr/local/lib/librrd.la
> | /usr/local/lib/librrd.so.0.0
>
> RRD is a bit picky especially under OpenBSD. So
> In your shell (C-shell ex.) set:
>
> setenv LDFLAGS '-L/usr/local/lib -L/usr/X11R6/lib'
>
> rerun ./configure
>
> Enjoy
>
>- Peter
>
> |
> | Yet I get this error:
> | configure: error: Can not link librrd. Please specify --with-rrdpath=..
> | configure failed!
> | ...
> | Using nfsen 1.3 (latest -stable) and nfdump 1.5.6.
> |
> | I'm not sure what else to try.
> |
> | Now if only someone could make this BSD licensed software as a port. :-)
>
>
> It's on my todo list, as soon as time allows.
>
>
> |
> | On Fri, Feb 15, 2008 at 5:07 PM, Simon Slaytor <[EMAIL PROTECTED]> wrote:
> |
> | > Yes I have four high availability 4.2 firewalls, 8 boxes in total all
> | > sending data to a single nfsen backend which is running on a dedicated
> | > OBSD 4.2 box. All dependent apps/tools are available from ports,
> simply
> | > enable apache in non chroot mode then just compile up the two apps
> from
> | > src.
> | >
> | > Richard Daemon wrote:
> | > >
> | > >
> | > > On Fri, Feb 15, 2008 at 11:17 AM, Simon Slaytor <[EMAIL PROTECTED]
> | > > <mailto:[EMAIL PROTECTED]>> wrote:
> | > >
> | > > It would take a bit more setting up but what about pfflowd from
> | > > ports/packages and nfdump/nfsen?
> | > >
> | > > I use this at work for tracking exactly what's flowing through
> our
> | > > firewalls i.e. which protocols by who'm to where etc.
> | > >
> | > > Sounds like exactly what your after.
> | > >
> | > > http://nfsen.sourceforge.net/
> | > >
> | > >
> | > > Wow, now this looks good!
> | > >
> | > > You have it working with OpenBSD firewalls using pfflowd for
> | > > nfdump/nfsen or are you using nfdump/nfsen with netflows from other
> | > > infrastructure systems?
> |
>
>
>
> --
> Peter Haag

Re: ham,Re: Monitoring Bandwidth Usage, based on ports, service, client, etc.

[Richard Daemon]

How did you get --enable-nfprofile working?

I tried with --with-rrdpath=/usr/local where /usr/local/lib/ has:

/usr/local/lib/librrd.a
/usr/local/lib/librrd.la
/usr/local/lib/librrd.so.0.0

Yet I get this error:
configure: error: Can not link librrd. Please specify --with-rrdpath=..
configure failed!
...
Using nfsen 1.3 (latest -stable) and nfdump 1.5.6.

I'm not sure what else to try.

Now if only someone could make this BSD licensed software as a port. :-)

On Fri, Feb 15, 2008 at 5:07 PM, Simon Slaytor <[EMAIL PROTECTED]> wrote:

> Yes I have four high availability 4.2 firewalls, 8 boxes in total all
> sending data to a single nfsen backend which is running on a dedicated
> OBSD 4.2 box. All dependent apps/tools are available from ports, simply
> enable apache in non chroot mode then just compile up the two apps from
> src.
>
> Richard Daemon wrote:
> >
> >
> > On Fri, Feb 15, 2008 at 11:17 AM, Simon Slaytor <[EMAIL PROTECTED]
> > <mailto:[EMAIL PROTECTED]>> wrote:
> >
> > It would take a bit more setting up but what about pfflowd from
> > ports/packages and nfdump/nfsen?
> >
> > I use this at work for tracking exactly what's flowing through our
> > firewalls i.e. which protocols by who'm to where etc.
> >
> > Sounds like exactly what your after.
> >
> > http://nfsen.sourceforge.net/
> >
> >
> > Wow, now this looks good!
> >
> > You have it working with OpenBSD firewalls using pfflowd for
> > nfdump/nfsen or are you using nfdump/nfsen with netflows from other
> > infrastructure systems?

Re: PF will not allow incoming DNS

[Richard Daemon]

On Fri, Feb 15, 2008 at 7:38 PM, pezking <[EMAIL PROTECTED]> wrote:

> Hello,
>
> I am very new to OpenBSD, but have been using FreeBSD with ipfilter
> for years now.I think I have discovered somewhat of an anomaly. After
> careful review of my rules and subsequent testing, I cannot seem to
> allow port 53 to pass to my tinydns server (hosted on FreeBSD) on the
> inside of my network. What makes this interesting, is that every other
> port defined by the "services" macro, is open.
> I am able to access the internet from my network, so dnscache is doing its
> job properly.
>
> I am really scratching my head over this one, any help is appreciated,
> and thanks in advance!
>
> I'm using OpenBSD 4.2. Here is my pf.rules file:
>
> # Network interfaces
> internal = "rl1"
> external = "rl0"
>
> # Services
> server = "*IP Removed for Privacy*"
> services = "{ 22, 80, 443, 25, 143, 53 }"
>
> # Non-routable IP numbers
> nonroutable = "{ 192.168.0.0/16, 127.0.0.0/8, 172.16.0.0/12,
> 10.0.0.0/8,
>0.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, 204.152.64.0/23,
> 224.0.0.0/3,
>255.255.255.255/32 }"
>
> # Fix fragmented packets
> scrub in all
>
> # Create two packet queues: one for regular traffic, another for
> # high priority: TCP ACKs and packets with ToS 'lowdelay'
> altq on $external priq bandwidth 125Kb queue { highpri_q, default_q }
> queue highpri_q priority 7
> queue default_q priority 1 priq(default)
>
> # NAT
>
> # nat: packets going out through dc0 with source addr 192.168.1.0/24
> # will get translated as coming from our external address. State is
> # created for such packets, and incoming packets will be redirected to
> # the internal address.
> rdr on $external inet proto tcp to port $services -> $server
> rdr on $external inet proto udp to port 53 -> $server
>
> # NAT: rule for the inside network
> nat on $external from 192.168.1.0/24 to any -> $external
>
> 
>
> # Don't bug loopback
> pass out quick on lo0 from any to any
> pass in quick on lo0 from any to any
>
> # Don't bother the inside interface either
> pass out quick on $internal from any to any
> pass in quick on $internal from any to any
>
> #
>
> #  Block any inherently bad packets coming in from the outside world.
> #  These include ICMP redirect packets and IP fragments so short the
> #  filtering rules won't be able to examine the whole UDP/TCP header.
> block in log quick on $external inet proto icmp from any to any icmp-
> type redir
>
> #  Block any IP spoofing atempts.
> block in quick on $external from $nonroutable to any
>
> #  Don't allow non-routable packets
> block out quick on $external from any to $nonroutable
>
> #
>
> #  The normal filtering rules
>
> #  ICMP: allow incoming ping and traceroute only
> pass in quick on $external inet proto icmp from any to any icmp-type
> { \
>echorep, echoreq, timex, unreach }
> block in log quick on $external inet proto icmp from any to any
>
> #  TCP: Allow services incoming. Only match
> #  SYN packets, and allow the state table to handle the rest of the
> #  connection. ACKs and ToS "lowdelay" are given priority.
> pass in quick on $external inet proto tcp from any to $server port
> $services \
> flags S/SA keep state queue (default_q, highpri_q)
>
> # UDP: allow DNS since I run a public nameserver (remove if you
> don't!)
> pass in quick on $external inet proto udp from any to $server port 53
> keep state
>
> # Everyone is allowed to send UDP and ICMP out
> pass out quick on $external inet proto udp all keep state
> pass out quick on $external inet proto icmp from any to any keep state
>
> #
>
> #  Allow packets coming in as replies to connections so we keep state
> pass out quick on $external inet proto tcp from any to any \
> flags S/SA keep state queue (default_q, highpri_q)
> pass out quick on $external inet proto udp from any to any keep state
> pass out quick on $external inet proto icmp from any to any keep state
>
> #
> #  End of rules. Block everything to all ports, all protocols and
> return
> #  RST (TCP) or ICMP/port-unreachable (UDP).
> block return-rst in log quick on $external inet proto tcp from any to
> any
> block return-icmp in log quick on $external inet proto udp from any to
> any
> block in quick on $external all
>
>
Are you sure you're testing from a remote location with destination
x.x.x.xudp:53 and not destination
x.x.x.x -> tcp:53?
Try allowing tcp as well, to verify this. Another thing to check is to log
and check the logs.

In other words, how you're testing might be trying with TCP instead of UDP -
because you're blocking everything else.

I would also suggest using 'set block-policy return' (if using OpenBSD 4.

Re: Monitoring Bandwidth Usage, based on ports, service, client, etc.

[Richard Daemon]

On Fri, Feb 15, 2008 at 3:24 PM, Juan Miscaro <[EMAIL PROTECTED]> wrote:

>
> --- Richard Daemon <[EMAIL PROTECTED]> wrote:
>
> > Hi all,
> >
> > Does anyone know how I can go about monitoring bandwidth usage based
> > on
> > ports (or service) and maybe client as well?
>
> Maybe just write a shell script that parses pfctl label output.  That's
> what I did.
>
> /juan
>
>
> Sounds nifty!

Have you considered making an article for undeadly.org? :-)

Re: ham,Re: Monitoring Bandwidth Usage, based on ports, service, client, etc.

[Richard Daemon]

Very nice! I'll try to get it working here, then maybe test in the chroot
too.

Good stuff!

On Fri, Feb 15, 2008 at 5:07 PM, Simon Slaytor <[EMAIL PROTECTED]> wrote:

> Yes I have four high availability 4.2 firewalls, 8 boxes in total all
> sending data to a single nfsen backend which is running on a dedicated
> OBSD 4.2 box. All dependent apps/tools are available from ports, simply
> enable apache in non chroot mode then just compile up the two apps from
> src.
>
> Richard Daemon wrote:
> >
> >
> > On Fri, Feb 15, 2008 at 11:17 AM, Simon Slaytor <[EMAIL PROTECTED]
> > <mailto:[EMAIL PROTECTED]>> wrote:
> >
> > It would take a bit more setting up but what about pfflowd from
> > ports/packages and nfdump/nfsen?
> >
> > I use this at work for tracking exactly what's flowing through our
> > firewalls i.e. which protocols by who'm to where etc.
> >
> > Sounds like exactly what your after.
> >
> > http://nfsen.sourceforge.net/
> >
> >
> > Wow, now this looks good!
> >
> > You have it working with OpenBSD firewalls using pfflowd for
> > nfdump/nfsen or are you using nfdump/nfsen with netflows from other
> > infrastructure systems?

Re: IPs on screened network can't see their public IPs

[Richard Daemon]

On Fri, Feb 15, 2008 at 11:19 PM, Jose H. <[EMAIL PROTECTED]> wrote:

> Hi,
>
> I have a screened network with nat+rdr
>
> Using nat I have some like this
> nat on $ext_if from $int_server1 to port smtp -> $ext_server1
>
> Using rdr I have:
> rdr on $ext_if proto tcp to $ext_sever1 port smtp -> $int_server1
>
> And then:
> pass inet proto tcp to { $int_server1, $ext_server1 } port smtp keep
> state
>
> I also have:
> pass inet proto tcp from $int_net to $ext_if:network keep state
>
>
> The only problem is that the internal servers can't connect to the
> external IPs
> for example:
>
> from $int_server3 to $ext_server1 on smtp
>
> Any help appreciated !
>
> --
> Write to be understood, speak to be heard, read to grow.
>
>
This reason is very well explained in the newest OpenBSD PF book by Peter N.
M. Hansteen (The Book of PF) :-).

I highly recommend it as a great complement to the PF FAQ.

Re: Monitoring Bandwidth Usage, based on ports, service, client, etc.

[Richard Daemon]

On Fri, Feb 15, 2008 at 11:17 AM, Simon Slaytor <[EMAIL PROTECTED]> wrote:

> It would take a bit more setting up but what about pfflowd from
> ports/packages and nfdump/nfsen?
>
> I use this at work for tracking exactly what's flowing through our
> firewalls i.e. which protocols by who'm to where etc.
>
> Sounds like exactly what your after.
>
> http://nfsen.sourceforge.net/
>
>
Wow, now this looks good!

You have it working with OpenBSD firewalls using pfflowd for nfdump/nfsen or
are you using nfdump/nfsen with netflows from other infrastructure systems?

Monitoring Bandwidth Usage, based on ports, service, client, etc.

[Richard Daemon]

Hi all,

Does anyone know how I can go about monitoring bandwidth usage based on
ports (or service) and maybe client as well?
I have checked and tried both pfstat and symon and they're both great at
what they do, but not fully what I'm looking to do.

As for Cacti, I will be trying to get working this weekend in the chroot as
there's no port yet, unfortunately, but I don't think it will quite do what
I'm seeking either.

In other words, what I'm looking to do is mainly to monitor and graph the
average (baseline) bandwidth usage for a few systems and to know what ports
are mostly used (ftp, http, https, ssh, etc.) and how much bandwidth they
consume or need, on average.

By doing this, I can also better adjust my ALTQ rules accordingly.

TIA.

Re: slow network

[Richard Daemon]

On Feb 4, 2008 3:18 PM, GC!bri MC!tC) <[EMAIL PROTECTED]> wrote:

> Mon, 4 Feb 2008 14:10:37 -0600 (CST) -n
> "L. V. Lammert" <[EMAIL PROTECTED]> C-rta:
>
> > On Mon, 4 Feb 2008, [UTF-8] GC!bri MC!tC) wrote:
> >
> > > Hey there!
> > >
> > > I've installed OpenBSD 4.2 on a Compaq DL580 machine and i dunno why
> > > but the initial phase of the network connections are really slow.
> > > The machine is behing a linksys router with fix ip address,
> > > resolv.conf set up correclty. It has an intel pro 100 ethernet
> > > card. PF is disabled. If i try to reach it with ssh from the local
> > > network i have to wait for the password prompt for 30 seconds but
> > > after that the data flow is normal. When i give the netstat command
> > > i only see the columns name and then it halts. Though other
> > > machines on the network can be accessed normally.
> > > Do You know why can this be happening?
> > >
> > > Thank You!
> > >
> > Sounds like your DNS server is not resolving?
> >
> >   Lee
> >
> Then why is it slow on the local network using ip addresses? :)
>
> --
> Gabri Mate
> [EMAIL PROTECTED]
> DUOSOL Bt.
> http://www.duosol.hu
>
> [demime 1.01d removed an attachment of type application/pgp-signature
> which had a name of signature.asc]
>
>
http://cvs.openbsd.org/openssh/faq.html#3.3

Most likely reason when using IP could also be because of 'reverse lookup'
DNS. Confirm with UseDNS no and restart sshd; if so, then either set up DNS
(forward and reverse) or keep that option set.

anyone have a port of cacti?

[Richard Daemon]

anyone have a port of cacti?
www.cacti.net

Re: dhcp error message

[Richard Daemon]

On Feb 2, 2008 2:49 PM, Stefan Kell <[EMAIL PROTECTED]> wrote:

> Hello,
>
> On Fri, 1 Feb 2008, Jim M wrote:
>
> > Sorry I wasn't clear.  What my mind was thinking wasn't coming across.
>  I
> > hope this helps.
> >
> > I have a firewall that runs on a Sun Ultra 5.  It is a dhcp client on
> the
> > WAN side and a dhcp server inside the house.  The firewall connects to a
> > switch that has several things connected to it including other computers
> > (running various operating systems), switches that service other parts
> of
> > the house and a Linksys wireless G access point.
> >
> > I have a company HP laptop that runs Windows XP.  The laptop has a built
> > in 802.11 capability and a PCMCIA card.  The card works fine, but the
> > built in will get through the WAP fine, but won't get an IP address from
> > the firewall.
> >
> > Is there some log file where I can look for error messages to try to
> > troubleshoot this.
> >
> > Thanks again, and I hope this helps explain things.
> >
> >   Original Message 
> >  Subject: Re: dhcp error message
> >  From: Joachim Schipper <[EMAIL PROTECTED]>
> >  Date: Fri, February 01, 2008 8:46 am
> >  To: Jim M <[EMAIL PROTECTED]>
> >
> >  On Thu, Jan 31, 2008 at 07:38:26PM -0700, Jim M wrote:
> >  > my /var/log/messages file is filled over and over with the line
> >  > (obviously the date/time varies)
> >  >
> >  > Jan 31 20:17:00 balrog dhclient: send_fallback: No route to host
> >  >
> >  > The machine is a firewall and has no graphic capabilities. It is a
> >  dhcp
> >  > client to get my the IP address for the home network and a dhcp
> >  server
> >  > for all the machines in the house. What does this error message
> >  mean?
> >  > The firewall works fine as the default router for all the wired
> >  Ethernet
> >  > machines in the house. But, I have laptop with built in 802.11 and
> >  a
> >  > PCMCIA card as well. When I use the PCMCIA card, everything works
> >  fine.
> >  > With the built in 802.11, however, it connects to the WAP, but does
> >  not
> >  > get an IP address from the firewall. I can't figure out why the
> >  > difference and would appreciate any advice on how to troubleshoot
> >  this.
> >
> >  I'm not certain this is useful, but that *is* the message you get if
> >  pf
> >  blocks a packet. However, dhclient does some unusual stuff to be able
> >  to
> >  send packets even when the interface is down, and usually bypasses pf
> >  because of that.
> >
> >  Otherwise, it's not really clear to me which host is which and which
> >  host is doing what, so I'm afraid I can't really help you. A little
> >  clarification sent to the list might be useful here.
> >
> >  Joachim
> >
>
> that is a classic: dhcp uses UDP broadcasts which usually are not
> forwarded, your AP is not your dhcp-server and so the dhcp request will
> reach the AP but not your firewall.
>
> Three solutions: dhcp relay agent on your AP (if possible) or configure
> your AP to forward broadcasts or use a dhcp server on your AP with a
> different IP range.
>
> Try any search machine with "dhcp relay" and you will find answers.
>
> Regards
>
> Stefan Kell
>
> What I don't get is why does the PCMCIA wireless work ok and not the
onboard? I assume the PCMCIA also gets it's IP from the AP.

ntop -w disabled due to security issues...?

[Richard Daemon]

Is there a way to still use this, locally or in a more secure manner or by
some other means with the same results as would be with -w working?

TIA.

Re: solaris 10. 'most' secure OS?

[Richard Daemon]

On Feb 1, 2008 5:14 PM, badeguruji <[EMAIL PROTECTED]> wrote:

> From Sun's own mouth:
>
> ..."Solaris 10 OS, the most secure OS worldwide holding 176 records"...
>
> is that so?
>
> 
> ~~aapka kalyan ho~~
>
>

Doesn't MS say the same thing for Vista?

Re: : booting openbsd on eee without cd-rom

[Richard Daemon]

On Feb 1, 2008 3:29 AM, Andre Naehring <[EMAIL PROTECTED]> wrote:

> On Thu, 31 Jan 2008, Richard Daemon wrote:
>
> > If you do test with standard release, please let me know the results,
> > especially if it's on a standard PC - I'm out of systems to test with...
> :-(
>
> Here it comes, the following dmesg is again from eee, installed an
> original 4.2 from cd on the usb stick.
> While trying to use the ethernet, it didn't work, I was unable to see
> the interface. According to the manual of the lii, this driver will be
> new in 4.3, so it's nice that the driver in the snapshot is already
> working.
>
> The wireless is identified as ath0 again but setting it up freezes the
> eee. This didn't happen with the snapshot, but there I was unable to set
> it, too (hardware reset...).
>
> Short description for you, I booted the 4.2 install cd i386 in a vmware
> workstation and chose sd1 as install destination. Created the same as
> with the snapshot and rebooted again. Mount the stick an changed again
> in /etc/fstab from sd1a to sd0a an the 4.2 booted on the eee.
>
> So if you want to use OpenBSD on the eee, you should take the actual
> snapshot, maybe there will be some changes according to the wireless
> driver. If someone needs tests with changed drivers or anything, I can
> take a snapshot each week an try again if the wireless starts working.
>
> Oh yes, the dmesg... (original 4.2 CD-release)
>
>
> OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007
> [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: Intel(R) Celeron(R) M processor 900MHz ("GenuineIntel" 686-class)
> 631 MHz
> cpu0:
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF
> real mem  = 527527936 (503MB)
> avail mem = 502427648 (479MB)
> mainbus0 at root
> bios0 at mainbus0: AT/286+ BIOS, date 01/04/08, BIOS32 rev. 0 @ 0xf0010,
> SMBIOS rev. 2.5 @ 0xf06c0 (37 entries)
> bios0: vendor American Megatrends Inc. version "0703   " date 01/04/2008
> bios0: ASUSTeK Computer INC. 701
> apm0 at bios0: Power Management spec V1.2
> apm0: AC on, battery charge unknown
> apm0: flags 30102 dobusy 0 doidle 1
> pcibios0 at bios0: rev 3.0 @ 0xf/0x1
> pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf76b0/176 (9 entries)
> pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801FB LPC" rev 0x00)
> pcibios0: PCI bus #5 is the last bus
> bios0: ROM list: 0xc/0xf800!
> cpu0 at mainbus0
> pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
> pchb0 at pci0 dev 0 function 0 "Intel 82915GM/PM/GMS Host" rev 0x04
> vga1 at pci0 dev 2 function 0 "Intel 82915GM/GMS Video" rev 0x04: aperture
> at 0xd000, size 0x1000
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> "Intel 82915GM/GMS Video" rev 0x04 at pci0 dev 2 function 1 not configured
> azalia0 at pci0 dev 27 function 0 "Intel 82801FB HD Audio" rev 0x04: irq 5
> azalia0: host: High Definition Audio rev. 1.0
> azalia0: codec: Realtek/0x0662 (rev. 1.1), HDA version 1.0
> audio0 at azalia0
> ppb0 at pci0 dev 28 function 0 "Intel 82801FB PCIE" rev 0x04
> pci1 at ppb0 bus 4
> ppb1 at pci0 dev 28 function 1 "Intel 82801FB PCIE" rev 0x04
> pci2 at ppb1 bus 3
> vendor "Attansic Technology", unknown product 0x2048 (class network
> subclass ethernet, rev 0xa0) at pci2 dev 0 function 0 not configured
> ppb2 at pci0 dev 28 function 2 "Intel 82801FB PCIE" rev 0x04
> pci3 at ppb2 bus 1
> ath0 at pci3 dev 0 function 0 "Atheros AR5424" rev 0x01: irq 10
> ath0: AR5424 14.2 phy 7.0 rf 0.0, WOR0W, address 00:15:af:75:d9:e0
> uhci0 at pci0 dev 29 function 0 "Intel 82801FB USB" rev 0x04: irq 3
> uhci1 at pci0 dev 29 function 1 "Intel 82801FB USB" rev 0x04: irq 7
> uhci2 at pci0 dev 29 function 2 "Intel 82801FB USB" rev 0x04: irq 10
> uhci3 at pci0 dev 29 function 3 "Intel 82801FB USB" rev 0x04: irq 5
> ehci0 at pci0 dev 29 function 7 "Intel 82801FB USB" rev 0x04: irq 3
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1
> ppb3 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xd4
> pci4 at ppb3 bus 5
> ichpcib0 at pci0 dev 31 function 0 "Intel 82801FBM LPC" rev 0x04: PM
> disabled
> pciide0 at pci0 dev 31 function 2 "Intel 82801FBM SATA" rev 0x04: DMA,
> channel 0 wired to compatibility, channel 1 wired to compatibility
> wd0 at pciide0 channel 1 drive 0: 
> wd0: 1-sector PIO, LBA, 3815MB, 7815024 sectors
> wd0(pciide0:1:0)

Re: dhcp error message

[Richard Daemon]

On Jan 31, 2008 9:38 PM, Jim M <[EMAIL PROTECTED]> wrote:

> my /var/log/messages file is filled over and over with the line
> (obviously the date/time varies)
>
> Jan 31 20:17:00 balrog dhclient: send_fallback: No route to host
>
> The machine is a firewall and has no graphic capabilities.  It is a dhcp
> client to get my the IP address for the home network and a dhcp server
> for all the machines in the house.  What does this error message mean?
> The firewall works fine as the default router for all the wired Ethernet
> machines in the house.  But, I have laptop with built in 802.11 and a
> PCMCIA card as well.  When I use the PCMCIA card, everything works fine.
> With the built in 802.11, however, it connects to the WAP, but does not
> get an IP address from the firewall.  I can't figure out why the
> difference and would appreciate any advice on how to troubleshoot this.
> Thanks
>
> Jim
>
>
If I understand you correctly, you mean the firewall is a dhcp client on the
external side, dhcp server on the internal and serving as a WAP for the
wireless systems, but the laptop doesn't connect to it via the built in
Wireless NIC and only with the PCMCIA one. The laptop and firewall are both
OpenBSD?

Re: CARP & PPPo

[Richard Daemon]

On Jan 31, 2008 9:24 PM, Steven Surdock <[EMAIL PROTECTED]> wrote:

> Richard Daemon wrote:
> > On Jan 31, 2008 8:36 PM, Sevan / Venture37
> > <[EMAIL PROTECTED]> wrote:
> >
> >>
> >> I definitely would be!
> > I don't have my ISP that does PPPoE anymore, so I have no way to test
> > it...
>
> Carp on pppoe doesn't really make sense, unless I'm missing something.
> For fun, I tried it a while back
> (http://marc.info/?l=openbsd-misc&m=113940624732259&w=2).  I suspect the
> "solution" to a redundant firewall cluster with a pppoe interface will
> involve ifstated.
>
> -Steve S.
>

I'm not sure what doesn't make sense?
The thing is, some people just want the redundancy regardless of protocol.
:-)

Re: CARP & PPPo

[Richard Daemon]

On Jan 31, 2008 8:58 PM, Vijay Sankar <[EMAIL PROTECTED]> wrote:

> On January 31, 2008 07:30:32 pm Richard Daemon wrote:
> > On Jan 31, 2008 7:32 PM, Sevan / Venture37 <[EMAIL PROTECTED]>
> wrote:
> > > Is it possible to have a 2 node firewall using carp & be able to use
> > > pppoe?
> > > so if one node dies the other one picks up the & reinitiates the
> > > connection
> > > for example.
> > >
> > >
> > >
> > > Sevan / Venture37
> > > _
> > > Free games, great prizes - get gaming at Gamesbox.
> > > http://www.searchgamesbox.com
> >
> > Yes.
> >
> > I don't know how it would work in the sense of the 'conventional' way. I
> do
> > it with dynamic IP's, which even have MAC address reservations and works
> > good for me... I'm considering posting an undeadly.org article on it
> with
> > my scripts on how I do it, just not sure if anyone would be interested?
>
> I would be very interested in reading such an article or if appropriate,
> helping write one. I have two PPPoE connections -- one with static
> addresses
> and framed routes and another with dynamic IP -- and will be happy to help
> in
> any way I can.
>
> --
> Vijay Sankar, M.Eng., P.Eng.
> President & CEO
> ForeTell Technologies Limited
> 59 Flamingo Avenue, Winnipeg, MB Canada R3J 0X6
> Phone: +1 204 885 9535, E-Mail: [EMAIL PROTECTED]


Wow, thank you for the offer!

Help would be great, it's mostly the article, howto or presentation that I'm
not sure how to format yet...

I have most of it already done, but I think it could be better presented.
It's not fully on the website yet and ways on improving the scripts too,
would be great from anyone. It just needs a few mods for PPPoE, but the
working concept and model is in place and fully functional here.

How's the weather in Winnipeg? :-) I'm in Montreal.

Re: CARP & PPPo

[Richard Daemon]

On Jan 31, 2008 8:36 PM, Sevan / Venture37 <[EMAIL PROTECTED]> wrote:

>
> > Yes.
> >
> > I don't know how it would work in the sense of the 'conventional' way. I
> do
> > it with dynamic IP's, which even have MAC address reservations and works
> > good for me... I'm considering posting an undeadly.org article on it
> with my
> > scripts on how I do it, just not sure if anyone would be interested?
> >
>
> I definitely would be!
I don't have my ISP that does PPPoE anymore, so I have no way to test it...

Is there something specific you're looking to do with CARP?

I *assume* the only thing that wouldn't work properly would be the [pfsync]
porition (assuming your IP changes on each reconnect?). If that is the case,
then in that sense, you could still have redundant Firewall & NAT, etc. in
the event one goes down or you shut-down for maintenance, etc. and the other
will just kick in and continue routing, filtering, etc. without any user
intervention...

Re: CARP & PPPo

[Richard Daemon]

On Jan 31, 2008 7:32 PM, Sevan / Venture37 <[EMAIL PROTECTED]> wrote:

> Is it possible to have a 2 node firewall using carp & be able to use
> pppoe?
> so if one node dies the other one picks up the & reinitiates the
> connection
> for example.
>
>
>
> Sevan / Venture37
> _
> Free games, great prizes - get gaming at Gamesbox.
> http://www.searchgamesbox.com
>
>
Yes.

I don't know how it would work in the sense of the 'conventional' way. I do
it with dynamic IP's, which even have MAC address reservations and works
good for me... I'm considering posting an undeadly.org article on it with my
scripts on how I do it, just not sure if anyone would be interested?

Re: OT:what can be done about attackers/crackers

[Richard Daemon]

On Jan 31, 2008 4:30 PM, Lord Sporkton <[EMAIL PROTECTED]> wrote:

> very soon i am getting some static ips for my cable home connections,
> currently i have 1 dynamic ip.
>
> Im using pf to block ssh brute force attempts and its working
> splendedly. however now i have this pf table full of ips and nice logs
> indicating hack attempts via ssh not to mention other services they
> are trying to breach. since i have all these nice logs and data, what
> can i do about it, other than blocking it. my main concern is that of
> someone DoSing my connection which will only be 2up and wont support
> any sort of a planned DoS will lag and congest with to much "evil"
> traffic.
>
> i have "some" experiance with abuse departments i know the usual first
> step is to report to a provider however i also know many providers are
> unresponsive, so what can i do beyond that?
>
> any opinions welcome, thank you
> --
> -Lawrence
>
> Just curious, what's the reason(s) you're getting 2 static, instead of 1
dynamic? Just curious...

Re: : booting openbsd on eee without cd-rom

[Richard Daemon]

On Jan 31, 2008 8:29 AM, Andre Naehring <[EMAIL PROTECTED]> wrote:

> On Thu, 31 Jan 2008, Richard Daemon wrote:
>
> > Did you have to do boot> boot -a to get it to boot properly off of sd0a,
> > recompile kernel or something else?
> >
> > When I try, I never get it to see "root on sd0a swap on sd0b dump on
> sd0b"
> > by itself, at least without boot -a or a kernel recompile...
> >
> > By chance, have you tried the same with non -current - just wondering if
> it
> > boots and detects ok with root on sd0a?
> >
>
> Okay, this is what I did. Got the snapshot from ftp2.de.openbsd.org and
> booted a pc with the iso image mounted. I used the complete stick for
> OpenBSD, creating 827mb for / and 128m for swap (a & b).
> Installed the whole set (except game*) on my 1gb usb stick (which was sd1
> during install) and rebooted
> the pc. After that I mounted the stick and edited fstab and changed sd1a
> to sd0a.
>
> Took the stick, told the eee to boot from usb and the snapshot was up
> and running. Tried to access web and ssh via the integrated lii0
> ethernet, it worked. Starting up X, using startx with no config file, it
> came up and runs. Nice.
>
> So, there was no need to recompile the kernel in the snapshot from the
> ftp mentioned above.
>
> If you are interested, I can take an original 4.2 and install it on the
> stick tomorrow and can than post the dmesg.
>
> --
>
> andre
>

If you can, so long as it's not trouble for you that would be great!

For me, it's on two standard PCs (i386 & AMD64 x2) that I've been having
these weird issues with booting from USB after installing to sd0a, where it
goes into ddb> unless I do the boot -a (or recompile kernel accordingly) and
only then it sees the proper "root on sd0a", rather than trying "root wd0a".


I didn't do a swap, but from the man pages should just exit with a >= 1 code
and I wouldn't think that would be the cause.

If you do test with standard release, please let me know the results,
especially if it's on a standard PC - I'm out of systems to test with... :-(

Thank you very much!

Re: : booting openbsd on eee without cd-rom

[Richard Daemon]

On Jan 31, 2008 5:02 AM, Andre Naehring <[EMAIL PROTECTED]> wrote:

> On Wed, 30 Jan 2008, Stuart Henderson wrote:
>
> > On 2008/01/30 15:26, Dennis Davis wrote:
> >>
> >> "wireless driver reports an error and does not work" is short on
> >> detail.  It might just be that non-free firmware needs installing
> >> (eg the firmware for the iwi driver) to get it to work.
> >
> > people with Eee PC need to test -current snapshots, the wd/wdc
> > changes which are in them (not yet committed) will affect you
> > (hopefully to your advantage, there should be much lower cpu
> > use during disk activity).
>
> So, installed current from Jan 28 on an usb stick and booted. Ethernet
> works fine on the eee, but the wireless always reports
>
> ath0: unable to reset hardware; hal status 4096
>
> when I want to set something.
>
> according to the manpage, this should not happen.
>
> dmesg follows...
>
> OpenBSD 4.2-current (GENERIC) #652: Mon Jan 28 14:04:36 MST 2008
> [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: Intel(R) Celeron(R) M processor 900MHz ("GenuineIntel"
> 686-class) 631 MHz
> cpu0:
>
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF
> real mem  = 527527936 (503MB)
> avail mem = 502153216 (478MB)
> mainbus0 at root
> bios0 at mainbus0: AT/286+ BIOS, date 01/04/08, BIOS32 rev. 0 @
> 0xf0010, SMBIOS rev. 2.5 @ 0xf06c0 (37 entries)
> bios0: vendor American Megatrends Inc. version "0703" date
> 01/04/2008
> bios0: ASUSTeK Computer INC. 701
> apm0 at bios0: Power Management spec V1.2
> apm0: AC on, battery charge unknown
> acpi at bios0 function 0x0 not configured
> pcibios0 at bios0: rev 3.0 @ 0xf/0x1
> pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf76b0/176 (9 entries)
> pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801FB LPC" rev
> 0x00)
> pcibios0: PCI bus #5 is the last bus
> bios0: ROM list: 0xc/0xf800!
> cpu0 at mainbus0
> pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
> pchb0 at pci0 dev 0 function 0 "Intel 82915GM Host" rev 0x04
> agp0 at pchb0: aperture at 0xd000, size 0x1000
> vga1 at pci0 dev 2 function 0 "Intel 82915GM Video" rev 0x04
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> "Intel 82915GM Video" rev 0x04 at pci0 dev 2 function 1 not
> configured
> azalia0 at pci0 dev 27 function 0 "Intel 82801FB HD Audio" rev 0x04:
> irq 5
> azalia0: codec[s]: Realtek/0x0662
> audio0 at azalia0
> ppb0 at pci0 dev 28 function 0 "Intel 82801FB PCIE" rev 0x04: irq 5
> pci1 at ppb0 bus 4
> ppb1 at pci0 dev 28 function 1 "Intel 82801FB PCIE" rev 0x04: irq 11
> pci2 at ppb1 bus 3
> lii0 at pci2 dev 0 function 0 "Attansic Technology L2" rev 0xa0: irq
> 11, address 00:1e:8c:b9:38:d8
> ukphy0 at lii0 phy 1: Generic IEEE 802.3u media interface, rev. 2:
> OUI 0x001374, model 0x0002
> ppb2 at pci0 dev 28 function 2 "Intel 82801FB PCIE" rev 0x04: irq 10
> pci3 at ppb2 bus 1
> ath0 at pci3 dev 0 function 0 "Atheros AR5424" rev 0x01: irq 10
> ath0: AR5424 14.2 phy 7.0 rf 0.0, WOR0W, address 00:15:af:75:d9:e0
> uhci0 at pci0 dev 29 function 0 "Intel 82801FB USB" rev 0x04: irq 3
> uhci1 at pci0 dev 29 function 1 "Intel 82801FB USB" rev 0x04: irq 7
> uhci2 at pci0 dev 29 function 2 "Intel 82801FB USB" rev 0x04: irq 10
> uhci3 at pci0 dev 29 function 3 "Intel 82801FB USB" rev 0x04: irq 5
> ehci0 at pci0 dev 29 function 7 "Intel 82801FB USB" rev 0x04: irq 3
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> ppb3 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xd4
> pci4 at ppb3 bus 5
> ichpcib0 at pci0 dev 31 function 0 "Intel 82801FBM LPC" rev 0x04: PM
> disabled
> pciide0 at pci0 dev 31 function 2 "Intel 82801FBM SATA" rev 0x04:
> DMA, channel 0 wired to compatibility, channel 1 wired to
> compatibility
> wd0 at pciide0 channel 1 drive 0: 
> wd0: 1-sector PIO, LBA, 3815MB, 7815024 sectors
> wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 4
> ichiic0 at pci0 dev 31 function 3 "Intel 82801FB SMBus" rev 0x04:
> irq 7
> iic0 at ichiic0
> spdmem0 at iic0 addr 0x50: 512MB DDR2 SDRAM non-parity PC2-5300CL5
> SO-DIMM
> usb1 at uhci0: USB revision 1.0
> uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb2 at uhci1: USB revision 1.0
> uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb3 at uhci2: USB revision 1.0
> uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb4 at uhci3: USB revision 1.0
> uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> isa0 at ichpcib0
> isadma0 at isa0
> pckbc0 at isa0 port 0x60/5
> pckbd0 at pckbc0 (kbd slot)
> pck

Re: booting openbsd on eee without cd-rom

[Richard Daemon]

On Jan 30, 2008 9:29 AM, Stefan Kell <[EMAIL PROTECTED]> wrote:

> Hello,
>
> On Wed, 30 Jan 2008, frantisek holop wrote:
>
> > hmm, on Tue, Jan 29, 2008 at 11:21:40AM -0500, Nick Holland said that
> >> frantisek holop wrote:
> >>> hmm, on Tue, Jan 29, 2008 at 09:45:27AM -0500, Nick Holland said that
>  (short version: just do a normal install to the flash disk)
> >>>
> >>> how do i boot bsd.rd to make an install to the flash disk?
> >>> chicken egg.  i dont have an usb cdrom, nor floppy disk.
> >>> only usb media.  i need to create a bootable usb media...
> >>>
> >>> -f
> >>
> >> see the referenced thread...
> >>
> >> Prep the install device on another machine.  Other machine just needs
> >
> > should have been clearer probably...
> > i am on the road.  there is no other machine...
> > all i have is the eee and the internet and the usb media.
> >
> >
> > my understanding of the boot process process for i386 tells me,
> > all i need is ia bootsector from someone who already has an openbsd
> > bootable usb media and the instructions which bytes to change
> > based on what :) (where is boot(8) on my usb media)
> >
>
> see man installboot and man biosboot: you can't do this easily because
> installboot will patch biosboot for the locationinfo of boot. And you
> don't
> have this information beforehand.
>
> > OR
> >
> > something like the zaurus process...  install a linux package
> > and can run bsd.rd directly from linux.  i think this one is
> > becoming more and more needed for i386 too, in this world of
> > floppyless, cdromless devices...  a little utility that
> > can run bsd.rd from linux/dos...
> >
> >> but it would be cheaper to just prep it on another machine. :)
> >
> > i definitely agree.  but if someone is so intimate with the
> > boot sector code that can give me this info, saves a lot of
> > hassle for me.  thats why i wrote to the list, maybe someone
> > really is...
> >
> >
> >> (some people will say dd the floppy image onto the flash device, but
> >> the functionality of that depends upon your BIOS's USB boot code.
> >
> > i havent tried this one yet, but just for the kicks i tried
> > cd42.iso an that of course didnt work.
>
> dd floppy image does boot on the eee, but biosboot stops with "ERR M".
> Installing OpenBSD to an USB stick definitly works. One other solution
> might be
> "flashboot", see "http://www.mindrot.org/projects/flashboot/";. There are
> binary
> images available at "http://tilde.se/flashboot/";. "zcat GENERIC-RD.image |
> dd
> of=/dev/sd0" under Linux on the eee should give you a bootable USB-Stick
> (/dev/sd0 as an example). But I didn't try this myself.
>
> Anyway, OpenBSD will boot but ethernet does not work: The wired adapter is
> not
> suppoerted, and the wireless driver reports an error and does not work :-(
>
> Regards
>
> Stefan Kell
>
> Does the system support PXE booting? I don't believe it matters (for PXE
booting that is) if it's not supported by OpenBSD. If so, then maybe you
could PXE boot and install OpenBSD onto the USB media that way?

Re: : booting openbsd on eee without cd-rom

[Richard Daemon]

On Jan 30, 2008 9:35 AM, Stefan Kell <[EMAIL PROTECTED]> wrote:

> Hello,
>
> On Wed, 30 Jan 2008, Raimo Niskanen wrote:
>
> > On Tue, Jan 29, 2008 at 10:31:28PM -0500, Richard Daemon wrote:
> >> ...
> >>>
> >>> But of course you have "boot -a" at the boot prompt for selecting the
> root
> >>> device. And I want to try the same the next days :-)
> >>>
> >>> Regards
> >>>
> >>> Stefan Kell
> >>>
> >>
> >> That brings up another question, hopefully there's an answer... rather
> than
> >> having to do boot -a (even from boot.conf) and be present to hit
> 
> >> during root device selection, is there an easy way to tell it, yes,
> choose
> >> the default it sees after this?
> >>
> >
> > Not that I am certain it would solve your problem completely,
> > but I would love having a boot(8) prompt command
> >   boot [image [root] [-acds]]
> > and
> >   set root [value]
> > It would then also be possible to set it in /etc/boot.conf.
> >
> > But as far as I know it is a missing feature. And I
> > do not think the kernel is able to get root device
> > as an argument (yet).
> >
> > Another not as good and still missing feature would be
> > to be able to set root device from boot_config(8).
> >
> >
> >
> >> ie: if I do a full install on a USB flash, boot up normal, it panics
> into
> >> ddb> mode because of root device as wd0 when it should be sd0. If I do
> boot
> >> -a, it asks for default of sd0 rather than wd0 but expects manual
> >> intervention, such as pressing . Is there a way to bypass this
> other
> >> than recompile a new, custom kernel?
> >>
>
> The Generic kernel on i386 tries hard to find the correct boot device and
> assumes the the rootfilesystem is on partition "a" on this device. So if
> your kernel and boot files are on the USB-stick, the kernel should not
> panic but use sd0a as rootfilesystem.
>
> Regards
>
> Stefan Kell
>
> That's what I tried as a test, installed 4.2-RELEASE (even 4.2-STABLE via
release(8)) and previous versions, all using GENERIC kernel.

As a test, I install OpenBSD onto the USB Flash, using the whole device
(sd0a) as /.
Set the BIOS to boot off of USB, the install completes ok, then after the
initial reboot, during bootup, it panics into ddb> mode and a few lines
above, it shows "root device on wd0a" rather than sd0a.

When I do a boot -a, it detects the proper root device and works ok this
way, but of course requires the manual intervention of having to press
 or to be physically at the console.

I've tried with boot sd0a:/bsd, boot hd0a:/bsd, etc. still no luck unless I
do a boot -a.

Is there a way to save the dmesg once in ddb> to a file on floppy or USB?

On this system, I have OpenBSD running on a HD as well - and the other weird
thing I noticed is that when I boot -a in order to properly boot off of the
USB device, it sees it's own dmesg and a pre-pended dmesg of the OpenBSD
install on the local HDD. Is the problem some how inter-related with already
having an install on a local drive, on the same system?

Re: booting openbsd on eee without cd-rom

[Richard Daemon]

On Jan 30, 2008 7:16 AM, frantisek holop <[EMAIL PROTECTED]> wrote:

> hmm, on Tue, Jan 29, 2008 at 11:21:40AM -0500, Nick Holland said that
> > frantisek holop wrote:
> > >hmm, on Tue, Jan 29, 2008 at 09:45:27AM -0500, Nick Holland said that
> > >>(short version: just do a normal install to the flash disk)
> > >
> > >how do i boot bsd.rd to make an install to the flash disk?
> > >chicken egg.  i dont have an usb cdrom, nor floppy disk.
> > >only usb media.  i need to create a bootable usb media...
> > >
> > >-f
> >
> > see the referenced thread...
> >
> > Prep the install device on another machine.  Other machine just needs
>
> should have been clearer probably...
> i am on the road.  there is no other machine...
> all i have is the eee and the internet and the usb media.
>
>
> my understanding of the boot process process for i386 tells me,
> all i need is ia bootsector from someone who already has an openbsd
> bootable usb media and the instructions which bytes to change
> based on what :) (where is boot(8) on my usb media)
>
> OR
>
> something like the zaurus process...  install a linux package
> and can run bsd.rd directly from linux.  i think this one is
> becoming more and more needed for i386 too, in this world of
> floppyless, cdromless devices...  a little utility that
> can run bsd.rd from linux/dos...
>
> > but it would be cheaper to just prep it on another machine. :)
>
> i definitely agree.  but if someone is so intimate with the
> boot sector code that can give me this info, saves a lot of
> hassle for me.  thats why i wrote to the list, maybe someone
> really is...
>
>
> > (some people will say dd the floppy image onto the flash device, but
> > the functionality of that depends upon your BIOS's USB boot code.
>
> i havent tried this one yet, but just for the kicks i tried
> cd42.iso an that of course didnt work.
>
> -f
> --
> recursive, adj.; see recursive
>
> Have you tried cdbr instead of cd42.iso?

What about PXE Booting?

Re: booting openbsd on eee without cd-rom

[Richard Daemon]

...
>
> But of course you have "boot -a" at the boot prompt for selecting the root
> device. And I want to try the same the next days :-)
>
> Regards
>
> Stefan Kell
>

That brings up another question, hopefully there's an answer... rather than
having to do boot -a (even from boot.conf) and be present to hit 
during root device selection, is there an easy way to tell it, yes, choose
the default it sees after this?

ie: if I do a full install on a USB flash, boot up normal, it panics into
ddb> mode because of root device as wd0 when it should be sd0. If I do boot
-a, it asks for default of sd0 rather than wd0 but expects manual
intervention, such as pressing . Is there a way to bypass this other
than recompile a new, custom kernel?

TIA.

Re: booting openbsd on eee without cd-rom

[Richard Daemon]

> see recent thread, "Install OpenBSD from USB".
> Don't believe all of of what people said. :)
>
> (short version: just do a normal install to the flash disk)
>
> Nick.
>
> Speaking of which, can a default install on USB Flash work and fully boot
a generic bsd kernel ok, or needs to boot bsd.rd or similar?

In other words, I can see it being able to boot bsd.rd without a problem,
but will it load the root device ok with just /bsd?

Re: Petition to VIA

[Richard Daemon]

On Jan 28, 2008 5:11 AM, <[EMAIL PROTECTED]> wrote:

> Hi everybody,
>
> I don't know if it's known but there's a online petition for VIA.
> Hopefully some people sign up and name also OpenBSD (in the
> "optional"-section).
>
> It's about VIAs policy with docs/drivers and the lies they spread (about
> "supporting Opensouce").
>
> Link:
> http://www.petitiononline.com/vialinux/petition.html
>
> Kind regards,
> Sebastian
>
>
Interesting, I didn't think many Linux developers cared about things like
this so long as they happily sign NDA's, use BLOB's or accept vendor binary
drivers that should never make it's way to OSS.

Re: spamd, CARP and relayd

[Richard Daemon]

On Jan 23, 2008 12:56 PM, elpinguim <[EMAIL PROTECTED]> wrote:

> On 1/23/08, Urban Hillebrand <[EMAIL PROTECTED]> wrote:
> > Hi list,
> >
> > I am thinking about putting thow OpenBSD boxes running spamd, CARP and
> > relayd in front of our primary MXes. I want to use them for greylisting
> > and tarpitting only (RBLs are not an option for us, as we are using a
> more
> > conservative approach on our postfix servers with policyd-weight - a
> host
> > has to be on at least 2 blacklists before dropping the connection).
> >
> > (1) We usually have 200.000 - 300.000 SMTP-connections a day, with peaks
> > of ~500.000 during outbreaks. Do you have any suggestions about HW
> sizing
> > for the OpenBSD box? It would be very helpful if you could share your HW
> > configuration and some numbers about the volume handled.
> >
> > (2) I plan to use CARP for failover, and relayd (hoststated) for
> spraying
> > SMTP-connections to our postfix servers. Those servers use different
> > interfaces for incoming and outgoing connections. Is it possible to use
> > CARP & relayd to service both "sides" of our SMTP servers (using 2 CARP
> > cluster addresses)?
> >
> > (3) I found several hints in the archives that some people believed to
> > have problems with spamd and SMTP servers using address verification,
> open
> > relay checkers, and some broken SMTP software. Does any of this still
> pose
> > a problem for you?
> >
> >
> > Any insights are really appreciated.
> >
> > Thanks in advance
> > -Urban
> >
> >
>
> Urban,
>
> Bob Beck's presentation on spamd & pf should provide some useful insight
> as to how you could deploy a similar setup.  I found the presentation(s) to
> be quite helpful a few years ago.
>
> http://www.ualberta.ca/~beck/nycbug06/
>
> Kind regards,
> Luis
>
> I also recommend Peter N.M Hansteen's book, 'The Book of PF' from nostarch
(orderable from OpenBSD.org), just the chapter on spamd alone would benefit
you a lot for this!

If I recall, he even talks about Bob Beck's presentation too. Great book,
well worth it every cent and I would have to say it's a must have for just
about anyone.

OpenCVS?

[Richard Daemon]

Hi,

Just wondering what the status of OpenCVS is. Is it still being actively
worked on more or on the back burner for now?

Just curious to know.

TIA.

Re: mount_mfs change of behaviour regarding -i (inode density) on 4.2

[Richard Daemon]

On Jan 20, 2008 5:51 AM, SchC6berle DC!niel <[EMAIL PROTECTED]>
wrote:

> > From: Richard Daemon [mailto:[EMAIL PROTECTED]
> >
> > On Jan 19, 2008 8:31 PM, Schvberle Daniel
> > <[EMAIL PROTECTED]> wrote:
> >
> >
> >   Hi all!
> >
> >   I've just upgraded my firewall from OpenBSD 4.0 to
> > 4.2-stable and ran
> >   into a small problem regarding mount_mfs. I solved it,
> > but in case
> >   anybody else runs into it, here's something for the archives.
> >
> >   I run the box from a 512MB CF and, originally, with very limited
> >   memory. The /var, tmp and /dev are mount_mfs and during
> > the upgrade I
> >   had trobule with mounting /dev.
> >
> >   I used to mount /dev with the following line:
> >
> >   swap /dev mfs rw,-P=/proto/dev,-s=700,-i=256 0 0
> >
> >   It seems that sometime after 4.1 was released (probably
> > during ffs2
> >   development) mount_mfs was changed in such a way that
> > it doesn't allow
> >   very high density for inodes. This resulted in
> > mount_mfs failing on
> >   replicating the /dev and me getting a readonly /dev,
> > which resulted
> >   in a box that I couldn't login into remotly (with ssh).
> > Luckily you I
> >   could still issue commands with winscp or login
> > locally. After couple
> >   of tests I concluded that mount_mfs simply ignores
> > density settings
> >   lower than 1024, so I changed the /dev to settings to
> > the following
> >   line:
> >
> >   swap /dev mfs rw,-P=/proto/dev,-s=4000,-i=1024 0 0
> >
> >   Now everything is ok, I'm happy and sice CF is in a new
> > box with lots
> >   of memory I'm not trying to squeeze every byte out of it.
> >
> >   Maybe this maximal density could be documented somehow?
> > I glanced at
> >   the mkfs.c and saw that, in theory, it should warn the user when
> >   reducing the density but I never got a warning during my tests.
> >
> >   dmesg in case anybody needs it:
>
> 
>
> >
> > Wow, very weird that you post this. I just noticed the exact
> > same thing yesterday too. Upgraded from 4.0-stable to
> > 4.2-stable on a WRAP (pcengines.ch) box with my 512M CF and
> > /dev entries failing as well. My previous inode settings used to be:
> >
> > swap /dev mfs rw,-P=/.devtmp,-s=1200,-i=128 0 0 but that
> > crapped out in 4.2.
> >
> > I changed it to -s=3072, -i=128 just to get it fully working
> > properly and I haven't looked into it further yet, but
> > wondering if I'm better off maybe trying higher inode (like
> > yours) but lower MFS size such as -s=1024 because I'm limited
> > in memory (128M total). Other than that, is an MFS /dev size
> > bigger than 1M even needed? I'd really like to reduce as much
> > as possible.
> >
> > Thanks for the post!
> >
> > I'm new to this mailing list and so far, it's great!
>
> No, I don't think you'd ever need a /dev this big, but in order to
> get the needed number of inodes you have to push the size up.
> Your line is ok, but maybe you should put i=1024 instead of i=128,
> so you know what the real values are - that's what it's using anyway
> With 128MB you really shouldn'y worry. I was concerned because I had
> only 32MB or 48MB. mount_mfs doesn't really use the memory untill
> it's needed, so you could make, say 100GB mfs on a box with 128MB of
> RAM and it would work as long as you've got memory to hold the
> files. Regardnig /dev, you really don't need much as it's a small
> filesystem, but sometimes you can get real files in there. This is
> what happend once to my lil' box (I had a _real_ /dev/null) and it
> crapped out because it ran out of memory. After that I reduced the
> /dev as much as I could, I didn't want another local DoS to happen.
> I have 512MB now and couldn't care less if /dev is 0.1 or 1 MB,
> and with 128MB you shouldn't either, especially since it gets
> allocated only if really needed by the files.
>
> Thank you very much for the reply! Much appreciate your suggestions and
advice.

Re: watchdog sysctl missing?

[Richard Daemon]

On Jan 19, 2008 1:42 PM, Constantine A. Murenin <[EMAIL PROTECTED]> wrote:

> On 19/01/2008, Richard Daemon <[EMAIL PROTECTED]> wrote:
> > Running 4.2-stable (Jan 13).
> >
> > sysctl:
> > kern.watchdog.auto
> > kern.watchdog.period
> >
> > These sysctl's are no longer available? I didn't notice if it's just in
> this
> > build or something changed in 4.1 or 4.2, but I know 4.0 has it and the
> man
> > page now even references these sysctl's.
> >
> > Is it just me or am I missing something???
>
> These sysctl values are available only when at least one hardware
> watchdog driver is attached.
>
> C.
>

Makes sense, thanks for the reply!

Re: mount_mfs change of behaviour regarding -i (inode density) on 4.2

[Richard Daemon]

On Jan 19, 2008 8:31 PM, SchC6berle DC!niel <[EMAIL PROTECTED]>
wrote:

> Hi all!
>
> I've just upgraded my firewall from OpenBSD 4.0 to 4.2-stable and ran
> into a small problem regarding mount_mfs. I solved it, but in case
> anybody else runs into it, here's something for the archives.
>
> I run the box from a 512MB CF and, originally, with very limited
> memory. The /var, tmp and /dev are mount_mfs and during the upgrade I
> had trobule with mounting /dev.
>
> I used to mount /dev with the following line:
>
> swap /dev mfs rw,-P=/proto/dev,-s=700,-i=256 0 0
>
> It seems that sometime after 4.1 was released (probably during ffs2
> development) mount_mfs was changed in such a way that it doesn't allow
> very high density for inodes. This resulted in mount_mfs failing on
> replicating the /dev and me getting a readonly /dev, which resulted
> in a box that I couldn't login into remotly (with ssh). Luckily you I
> could still issue commands with winscp or login locally. After couple
> of tests I concluded that mount_mfs simply ignores density settings
> lower than 1024, so I changed the /dev to settings to the following
> line:
>
> swap /dev mfs rw,-P=/proto/dev,-s=4000,-i=1024 0 0
>
> Now everything is ok, I'm happy and sice CF is in a new box with lots
> of memory I'm not trying to squeeze every byte out of it.
>
> Maybe this maximal density could be documented somehow? I glanced at
> the mkfs.c and saw that, in theory, it should warn the user when
> reducing the density but I never got a warning during my tests.
>
> dmesg in case anybody needs it:
>
> OpenBSD 4.2-stable (SQUID_DISKD) #7: Fri Jan 18 21:11:32 CET 2008
>[EMAIL PROTECTED]
> :/usr/src/sys/arch/i386/compile/SQUID_DISK
> D
> cpu0: Intel(R) Pentium(R) 4 CPU 2.66GHz ("GenuineIntel" 686-class) 3.02GHz
> cpu0:
>
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR
> real mem  = 2146988032 (2047MB)
> avail mem = 2068254720 (1972MB)
> mainbus0 at root
> bios0 at mainbus0: AT/286+ BIOS, date 07/11/03, BIOS32 rev. 0 @ 0xfb210,
> SMBIOS rev. 2.2 @ 0xf0800 (34 entries)
> bios0: vendor Phoenix Technologies, LTD version "6.00 PG" date 07/11/2003
> bios0: http://www.abit.com.tw/ BE7-S/BE7-G/BE7-B (Intel i845PE-ICH4)
> apm0 at bios0: Power Management spec V1.2
> apm0: AC on, battery charge unknown
> apm0: flags 70102 dobusy 1 doidle 1
> pcibios0 at bios0: rev 2.1 @ 0xf/0xdf84
> pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdeb0/192 (10 entries)
> pcibios0: PCI Exclusive IRQs: 5 7 9 10 11
> pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371SB ISA" rev 0x00)
> pcibios0: PCI bus #2 is the last bus
> bios0: ROM list: 0xc/0xd000 0xd/0x8000!
> cpu0 at mainbus0
> pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
> pchb0 at pci0 dev 0 function 0 "Intel 82845G/GL" rev 0x02
> ppb0 at pci0 dev 1 function 0 "Intel 82845G/GL/GV/GE/PE AGP" rev 0x02
> pci1 at ppb0 bus 1
> vga1 at pci1 dev 0 function 0 "ATI Radeon 9500 Pro" rev 0x00
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> "ATI Radeon 9500 Pro Sec" rev 0x00 at pci1 dev 0 function 1 not configured
> uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x02: irq 5
> uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x02: irq 7
> uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x02: irq 11
> ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x02: irq 10
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1
> ppb1 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x82
> pci2 at ppb1 bus 2
> skc0 at pci2 dev 3 function 0 "D-Link Systems DGE-530T A1" rev 0x11, Yukon
> (0x1): irq 10
> sk0 at skc0 port A: address 00:13:46:64:e1:ef
> eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 3
> pciide0 at pci2 dev 14 function 0 "CMD Technology SiI3112 SATA" rev 0x02:
> DMA
> pciide0: using irq 11 for native-PCI interrupt
> ichpcib0 at pci0 dev 31 function 0 "Intel 82801DB LPC" rev 0x02: 24-bit
> timer
> at 3579545Hz
> pciide1 at pci0 dev 31 function 1 "Intel 82801DB IDE" rev 0x02: DMA,
> channel 0
> configured to compatibility, channel 1 configured to compatibility
> wd0 at pciide1 channel 0 drive 0: 
> wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors
> wd1 at pciide1 channel 0 drive 1: 
> wd1: 16-sector PIO, LBA48, 117800MB, 241254720 sectors
> wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
> wd1(pciide1:0:1): using PIO mode 4, Ultra-DMA mode 5
> wd2 at pciide1 channel 1 drive 0: 
> wd2: 16-sector PIO, LBA48, 117246MB, 240121728 sectors
> wd2(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5
> ichiic0 at pci0 dev 31 function 3 "Intel 82801DB SMBus" rev 0x02: irq 9
> iic0 at ichiic0
> usb1 at uhci0: USB revision 1.0
> uhub1 at usb1: Intel UHCI root hub, rev 1.00/1.00, addr 1
> usb2 at uhci1: USB revision 1.0
> uhub2 at usb2: Intel UHCI root hub, rev 1.00/1.00, addr 1
> usb3 at uh

watchdog sysctl missing?

[Richard Daemon]

Running 4.2-stable (Jan 13).

sysctl:
kern.watchdog.auto
kern.watchdog.period

These sysctl's are no longer available? I didn't notice if it's just in this
build or something changed in 4.1 or 4.2, but I know 4.0 has it and the man
page now even references these sysctl's.

Is it just me or am I missing something???

Re: building a kernel for net4801 from dmassage

[Richard Daemon]

On Jan 16, 2008 12:20 PM, Nick Holland <[EMAIL PROTECTED]> wrote:

> Richard Daemon wrote:
> ...
> > As for others saying 'why re-compile GENERIC', well, GENERIC is awesome
> in
> > itself and there is no need generally. But I think the reason for some
> > people is that they too like tweaking /usr/src/sys/conf/GENERIC &
> > /usr/src/sys/arch/$ARCH/conf/GENERIC to remove any un-needed options
> that
> > they don't use or need or even for changing root device.
>
> remove a few toes, while you are at it.
>
> > Speeds up boot times,
>
> Take the time you spend crafting a custom kernel (including all screwups)
> Divide by the number of reboots during the life of that kernel to find out
> how much of a speed improvement you have to accomplish to justify this.
> Now, laugh at this argument.
>

I don't know about you, but I've never had a problem taking out the proper
bloat.

>
> > smaller kernel size,
>
> why?  6M kernel, 64M machine.  You now make it a 4M kernel.  You have
> saved 3% of your RAM.  And accomplished...what?


You miss the point. I won't re-write it for you though.

>
>
> If you have reason to try to run OpenBSD on a 16M or 12M machine,
> yes, you have some serious trimming to do.  And you better know
> what the heck you are doing.  But systems on the curb on trash
> day are typically 32M or more now, so this is a pointless quest.
>
> > slightly less ram wasted
>
> RAM is not usually something in short supply these days.
>
> > and could even potentially secure the
> > system more in some cases.
>
> more likely to destabilize it and insecure it.


Quite the contrary if you look what's in the sys/conf kernel.
Take a look some time and tell me what would or could make it more
'insecure'.


>
>
> I don't even like setting the terminal speed in boot.conf.  I'd much
> rather just set the terminal speed of the device in question to be the
> default of the OS in question, which in this case is 9600bps.  That
> way, when you reinstall it, you don't forget to edit that parameter
> and cause yourself problems.
>
> Remember: the goal is NOT to get the thing running, the goal is to
> KEEP it running (i.e., maintainable) throughout its life cycle.
>
> Nick.

Re: building a kernel for net4801 from dmassage

[Richard Daemon]

On Jan 16, 2008 9:42 AM, Piotrek Kapczuk <[EMAIL PROTECTED]> wrote:

> 2008/1/16, Henning Brauer <[EMAIL PROTECTED]>:
> > * Piotrek Kapczuk <[EMAIL PROTECTED]> [2008-01-16 14:18]:
> > > Didn't  know it is exactly the same as options.  I found it in
> > > flashboot. I'll look more in to other flashboot customisations. Thanks
> > > for pointing this out.
> >
> > flash boot and teh like are obsolete ways to complicate your life.
>
> Let me disagree with you.
> Actually it's fantastic to have one system image which you can deploy
> on dozen of firewalls remotely.
>
> Upgrade procedure from 4.1 to 4.2 ?
> scp bsd [EMAIL PROTECTED]:/
> ssh [EMAIL PROTECTED] "reboot"
>
> Total downtime = reboot time.
>
> Also, everything is on ramdisk so stupid users or power outages
> doesn't concern you. Routers reboot and work unattended.
>
>
> --
> Regards
> Piotr Kapczuk
>
> Just curious, scp bsd means just scp'ing the kernel and not 4.2_userlandtoo?

Why not just make a full -release or -stable release(8), pxeboot, install
it, (g4u the CF card if needed) and simply run everything in MFS with the CF
/ as read-only?
It's actually very easy to do all this.

As for others saying 'why re-compile GENERIC', well, GENERIC is awesome in
itself and there is no need generally. But I think the reason for some
people is that they too like tweaking /usr/src/sys/conf/GENERIC &
/usr/src/sys/arch/$ARCH/conf/GENERIC to remove any un-needed options that
they don't use or need or even for changing root device. Speeds up boot
times, smaller kernel size, slightly less ram wasted and could even
potentially secure the system more in some cases.

Re: building a kernel for net4801 from dmassage

[Richard Daemon]

On Jan 15, 2008 11:34 AM, Lars NoodC)n <[EMAIL PROTECTED]> wrote:

> What is recommended for using a second machine to compile a kernel for
> the soekris?
>
> I would like to build a streamlined kernel to run on a net4801.  I'm
> running into problems though.
>
> 'make depend' runs without error, but then 'make' comes up with many
> errors like the following:
>agp_ali.o(.data+0x14): undefined reference
>to `agp_generic_enable'
>
> agp appears to be video, which should not be present in soekris (right?)
>
> Here are the steps I am taking:
>
> On Soekris net4801:
>  $ scp compilorama:/usr/src/sys/arch/i386/conf/GENERIC ./GENERIC
>  $ dmassage -s GENERIC >SMALLKERNEL
>  $ scp ./SMALLKERNEL compilorama:/usr/src/sys/arch/i386/conf/SMALLKERNEL
>
>
> On larger unit with compiler, /usr/src/, etc:
>  # cd /usr/src/sys/arch/i386/conf
>  # /usr/sbin/config SMALLKERNEL
>  # cd /usr/src/sys/arch/i386/compile/SMALLKERNEL
>  # make clean
>  # make depend
>  # make
>
> Regards,
> -Lars
>
> Are you compiling from i386 or amd64, or other? Is it -current, -stable or
-release that you're compiling?

Personally, I just run 4.2-stable on my Soekris & Wrap boxes as well as my
USB Flash devices and other things, in an MFS.
Custom kernel, just to make it tighter/leaner.

Unless the problem is caused by dmassage, have you tried without?

compilorama, i like the name. :-)

NVidia 8800GT (not GTS or GTX) and X @ 1680x1050 not fully working?

[Richard Daemon]

Hi,

Has anyone been able to get X (xenocara?) working properly with an nvidia
8800GT (not GTS or GTX).

It worked right out of the box with my 8600GTS but so far, not the 8800GT.

Would it help if I include any logs or anything specific or any
recommendations as to what I can try to get full support working?

TIA!