Re: Web Traffic forwarding, PF and NC
Hello, On Sat, 23 Feb 2008, elaconta.com Webmaster wrote: Greetings ...snip... rdr on $ext_if proto tcp from any to 192.168.1.121 port 80 - 127.0.0.1 port 5000 ...snip I'm running OpenBSD 3.9 (i386) on both machines. why not rdr directly to your internal webserver instead of 127.0.0.1? OpenBSD 3.9 is quite old but rdr should work quite well. I use this since OpenBSD 3.4 Regards Stefan Kell
Re: Big stack HUGE coredump
Hello,
just curious: what problem do you want to correct? 8GB coredump is surely
a big file but so is ulimit -s 32768. This ulimit means 32768 x 1024 bytes
for stack as you probably know and this is the exact amount which is shown
in the coredump (33.554.432 = 32768x1024).
Regards
Stefan Kell
On Sat, 23 Feb 2008, Alexander Nasonov wrote:
Hi,
If I set a core limit to unlimited and a stack limit to 32768,
then run a program with indefinite recursion, the system would
generate 8G coredump file.
Here we go:
$ uname -a
OpenBSD obx1000 4.2 GENERIC#375 i386
$ ulimit -a
time(cpu-seconds)unlimited
file(blocks) unlimited
coredump(blocks) unlimited
data(kbytes) 524288
stack(kbytes)4096
lockedmem(kbytes)166296
memory(kbytes) 497556
nofiles(descriptors) 128
processes64
$ cat -n x.c
1 void recursive(int i) { recursive(i+1); }
2 int main() { recursive(0); }
3
$ gcc x.c -o x
$ ./x
Segmentation fault (core dumped)
$ ls -lsh x.core
230176 -rw--- 1 alnsn wheel 112M Feb 23 12:35 x.core
$ ulimit -s 32768
$ ./x
Wait 7-8 minutes
$ ./x
Segmentation fault (core dumped)
$ ls -lsh x.core
16809024 -rw--- 1 alnsn wheel 8.0G Feb 23 12:45 x.core
I wrote a program that shows all core segments written to the core file.
Each line after a header has the following format:
CORE_STACK coreseg.c_size @ coreseg.c_addr
nseg=507
text=4096
data=12288
stack=33554432
CORE_CPU180 @ 0x0
CORE_DATA 12288 @ 0x224f7000
CORE_DATA 4096 @ 0x224fc000
CORE_DATA 135168 @ 0x224fd000
CORE_DATA 4096 @ 0x26f34000
CORE_DATA 8192 @ 0x26f36000
CORE_DATA 4096 @ 0x3c001000
CORE_DATA 4096 @ 0x3c003000
CORE_DATA 4096 @ 0x884fe000
CORE_STACK 991232 @ 0xcdbfe000
CORE_STACK 1056768 @ 0xcdbfe000
CORE_STACK 1122304 @ 0xcdbfe000
... 492 CORE_STACK lines @ 0xcdbfe000 ...
CORE_STACK 33431552 @ 0xcdbfe000
CORE_STACK 33497088 @ 0xcdbfe000
CORE_STACK 33554432 @ 0xcdbfe000
So, first 991232 bytes at 0xcdbfe000 had been written to the core file
496 times, 65536 bytes at 0xcdbfe000+991232 - 495 times and so on.
Analysis of uvm_coredump in uvm/uvm_unix.cc revealed that
1.1 (art26-Feb-99):if (start = (vaddr_t)vm-vm_max saddr) {
1.29 (martin 01-Sep-07):start = trunc_page(USRSTACK - ptoa(vm-vm_ssize));
which is pretty old code
annotate -r 1.28
1.3 (mickey 20-Jul-99):start = trunc_page(USRSTACK - ctob(vm-vm_ssize));
BTW, there is file size check in coredump() but I don't think
that uvm_coredump behavior was taken into account.
The patch below is checking a limit as it is writing to the file.
It doesn't help in my case because I set a limit to unlimited but
it could be useful until a better patch is available.
The patch is for -stable:
Index: uvm/uvm_unix.c
===
RCS file: /cvs/src/sys/uvm/uvm_unix.c,v
retrieving revision 1.28
diff -u -r1.28 uvm_unix.c
--- uvm/uvm_unix.c 11 Apr 2007 12:51:51 - 1.28
+++ uvm/uvm_unix.c 23 Feb 2008 13:41:45 -
@@ -190,6 +190,7 @@
struct coreseg cseg;
off_t offset;
int flag, error = 0;
+ rlim_t rlim = p-p_rlimit[RLIMIT_CORE].rlim_cur;
offset = chdr-c_hdrsize + chdr-c_seghdrsize + chdr-c_cpusize;
@@ -244,6 +245,9 @@
cseg.c_addr = start;
cseg.c_size = end - start;
+ if(offset rlim - chdr-c_seghdrsize)
+ return (EFBIG);
+
error = vn_rdwr(UIO_WRITE, vp,
(caddr_t)cseg, chdr-c_seghdrsize,
offset, UIO_SYSSPACE,
@@ -256,6 +260,9 @@
break;
offset += chdr-c_seghdrsize;
+ if(rlim cseg.c_size || offset rlim - cseg.c_size)
+ return (EFBIG);
+
error = vn_rdwr(UIO_WRITE, vp,
(caddr_t)(u_long)cseg.c_addr, (int)cseg.c_size,
offset, UIO_USERSPACE,
--
Alexander Nasonov
Re: Web Traffic forwarding, PF and NC
Hello, On Sat, 23 Feb 2008, Stuart Henderson wrote: On 2008-02-23, Stefan Kell [EMAIL PROTECTED] wrote: Hello, On Sat, 23 Feb 2008, elaconta.com Webmaster wrote: Greetings ...snip... rdr on $ext_if proto tcp from any to 192.168.1.121 port 80 - 127.0.0.1 port 5000 ...snip I'm running OpenBSD 3.9 (i386) on both machines. why not rdr directly to your internal webserver instead of 127.0.0.1? OpenBSD 3.9 is quite old but rdr should work quite well. I use this since OpenBSD 3.4 Because the return packets will go straight to the cable modem and won't get un-rdr'ed (i.e. have the original addresses put back on them). You could do this if a) .126 is configured to use .121 as gateway rather than using the cable modem as gateway, and b) there aren't any ICMP redirects affecting things (either they aren't generated, or any which are generated are ignored). It's a bit of a messy setup though, be sure to document it... Other possibilities are to put the webserver on a different subnet and either double-NAT, or add a static route to this on the cable modem. Or one could use a proxy which can write the original address into an HTTP header, and have the webserver log that rather than the packet's source address. You are right, of course, but I assumed that the OpenBSD machine is acting as a router and has two interfaces so that no other machine is connected directly to the cable modem. If this assumption is wrong than it would not work. Regards Stefan Kell
Re: Web Traffic forwarding, PF and NC
Hello, On Sat, 23 Feb 2008, elaconta.com Webmaster wrote: Stefan Kell wrote: Hello, On Sat, 23 Feb 2008, elaconta.com Webmaster wrote: Greetings ...snip... rdr on $ext_if proto tcp from any to 192.168.1.121 port 80 - 127.0.0.1 port 5000 ...snip I'm running OpenBSD 3.9 (i386) on both machines. why not rdr directly to your internal webserver instead of 127.0.0.1? OpenBSD 3.9 is quite old but rdr should work quite well. I use this since OpenBSD 3.4 Regards Stefan Kell Hi I've tried the following configuration but it yields no effect, i.e. when someone tries to view a web page from the outside the web page isn't served. Maybe something is wrong with the config: #--- ext_if=rl1 rdr on $ext_if proto tcp from any to 192.168.1.121 port 80 - 192.168.1.126 port 80 pass out on $ext_if inet all keep state pass in on $ext_if inet all keep state #--- is the OpenBSD machine acting as a router? Or ist the webserver directly connected to the cable modem? Then it cannot work as Stuart Henderson has explained. My setup would use the machine as a router and different subnets and also nat on the external interface. Regards Stefan Kell
Re: Web Traffic forwarding, PF and NC
Hello, Original-Nachricht Datum: Sat, 23 Feb 2008 21:29:06 + Von: elaconta.com Webmaster [EMAIL PROTECTED] An: Stefan Kell [EMAIL PROTECTED] CC: misc@openbsd.org Betreff: Re: Web Traffic forwarding, PF and NC Stefan Kell wrote: Hello, On Sat, 23 Feb 2008, elaconta.com Webmaster wrote: Stefan Kell wrote: Hello, On Sat, 23 Feb 2008, elaconta.com Webmaster wrote: Greetings ...snip... rdr on $ext_if proto tcp from any to 192.168.1.121 port 80 - 127.0.0.1 port 5000 ...snip I'm running OpenBSD 3.9 (i386) on both machines. why not rdr directly to your internal webserver instead of 127.0.0.1? OpenBSD 3.9 is quite old but rdr should work quite well. I use this since OpenBSD 3.4 Regards Stefan Kell Hi I've tried the following configuration but it yields no effect, i.e. when someone tries to view a web page from the outside the web page isn't served. Maybe something is wrong with the config: #--- ext_if=rl1 rdr on $ext_if proto tcp from any to 192.168.1.121 port 80 - 192.168.1.126 port 80 pass out on $ext_if inet all keep state pass in on $ext_if inet all keep state #--- is the OpenBSD machine acting as a router? Or ist the webserver directly connected to the cable modem? Then it cannot work as Stuart Henderson has explained. My setup would use the machine as a router and different subnets and also nat on the external interface. Regards Stefan Kell The webserver (192.168.1.126) is directly connected to the cable modem, as is the 192.168.1.121 server. What service(s) would i need to run on 192.168.1.121 to make it useable as a gateway (router) to 192.168.1.126? Would just: # *sysctl net.inet.ip.forwarding=1* enable it as a router? I would also need some other service, right? Sorry for any noobness. You need two network interfaces on your OpenBSD machine, different subnets physically: one for cable modem and external interface on OpenBSD, one for your internal network. sysctl is necessary as you have written and you need a nat rule in pf.conf. There are a lot of instructions flowing around in the internet which show you how to do it. Regards Stefan Kell
Re: Sending mail from external firewall to external mail server (behind firewall)
Hello, Original-Nachricht Datum: Tue, 19 Feb 2008 22:36:20 -0600 Von: Albert Chin [EMAIL PROTECTED] An: misc@openbsd.org Betreff: Sending mail from external firewall to external mail server (behind firewall) ... snip... rdr pass log on $ext_if inet proto tcp from any to $mail_ip \ port = smtp - $emma_gw From the Internet, if I telnet 67.95.107.111 25, everything works. But, on hammer: hammer% telnet 67.95.107.111 25 Trying 67.95.107.111... telnet: connect to address 67.95.107.111: Connection refused ... snip ... see man pf.conf, especially paragraph Translation rules apply only to packets that pass through the specified interface,... Regards Stefan Kell
Re: Question about Implementing authpf, squid and ldap authentication....
Hi, On Wed, 20 Feb 2008, Brian Shackelford wrote: I have been working on and actually making progress for writing a client for windows that will authenticate a user to authpf upon login thereby granting access to the network based on rules setup for each user/group. In addition we would love to be able to somehow transparently authenticate that user to the squid firewall tied back to the Active Directory on our network using LDAP. Just wondering if anyone has approached/done something like this already in the hopes of saving some time developing it. there was a discussion on openbsd-misc some days ago, see http://thread.gmane.org/gmane.os.openbsd.misc/138273;, for LDAP and squid. Regarding authpf: I would not do this because you have the choice between organizing and handling many users and passwords on your openbsd firewall or only a few or one users and passwords and then you have probably no security. If possible I would not allow direct access to the internet but only via squid. regards Stefan Kell
Re: Sending mail from external firewall to external mail server (behind firewall)
Hello, On Wed, 20 Feb 2008, Albert Chin wrote: On Wed, Feb 20, 2008 at 08:55:44AM +0100, Stefan Kell wrote: Original-Nachricht Datum: Tue, 19 Feb 2008 22:36:20 -0600 Von: Albert Chin [EMAIL PROTECTED] An: misc@openbsd.org Betreff: Sending mail from external firewall to external mail server (behind firewall) ... snip... rdr pass log on $ext_if inet proto tcp from any to $mail_ip \ port = smtp - $emma_gw From the Internet, if I telnet 67.95.107.111 25, everything works. But, on hammer: hammer% telnet 67.95.107.111 25 Trying 67.95.107.111... telnet: connect to address 67.95.107.111: Connection refused ... snip ... see man pf.conf, especially paragraph Translation rules apply only to packets that pass through the specified interface,... Thanks. I've changed my pf rule from: rdr pass log on $ext_if inet proto tcp from any to $mail_ip \ port = smtp - $emma_gw to: rdr pass log inet proto tcp from any to $mail_ip \ port = smtp - $emma_gw This certainly helps for hosts on the local network. But, the issue with telnet 67.95.107.111 25 not working on hammer remains. BTW, we are running OpenBSD 4.0 on x86. Have a look at the pf-FAQ, see http://www.openbsd.org/faq/pf/rdr.html;. Your problem is discussed there. I think you cannot test redirection on the firewall itself because the packets won't reach the redirection stuff in pf. Regards Stefan Kell
Re: need some help with base httpd
Hello, On Mon, 18 Feb 2008, Zbigniew Baniewski wrote: On Mon, Feb 18, 2008 at 08:50:34PM +1300, Richard Toohey wrote: After spending the weekend testing this every which way and searching the net and archives to no avail, [..] [..] From the manual ... ^^ [..] So it would suggest that you CANNOT use Include within Directory? See, System Administrator? Remember: #v+ OpenBSD is an OS developed by very intelligent THINKING people with its sole target audience being other THINKING persons. For the thousands of lusers too lazy to use an option already made available by the native tools -- there are thousands of flavors of Linux, at least one of which will do things consistent with your desires. For the totally ^^^ illiterate lusers who cannot even read the docs to find the said option ^^^ -- there is always Windoze whose stated goal is to save the users from ^^ themselves. #v- ...if you knew the above (one THINKING man said it today) - you could save your weekend. -- pozdrawiam / regards Zbigniew Baniewski Bullshit, think for yourself, it has nothing to do with OpenBSD or Linux or Windoze. Reason is simply that Include can include a whole directory full of config files and therefore each of these included files has to be complete regarding to configurations and options. Otherwise in which order should these files be included? Regards Stefan Kell
Re: need some help with base httpd
Hello, On Mon, 18 Feb 2008, System Administrator wrote: After spending the weekend testing this every which way and searching the net and archives to no avail, I need a few more eyes to help determine whether this is a bug, a feature, or some minor stupidity on my part... First the environment: OpenBSD 4.2-stable (GENERIC) #1: Fri Feb 1 02:28:33 EST 2008 - kernel patched and rebuilt by meticulously following the FAQ on performing CVS patch-branch update and rebuild. - using base httpd with no additional packages. Now, the problem: I need to secure a few distinct directories on this server, and to simplify config file maintenance decided to put the common directives into a file to be 'Include'd - reproduced further below. Here is an example of such an 'Include' in the main httpd.conf: Directory /var/www/cgi-bin AllowOverride None Options None Include conf/admins.conf /Directory This does not work as expected because Include wants complete configuration files because you can include a whole directory or some files with wildcards. Therefore each of these files has to be complete in itself say one complete directory definition. Otherwise there would be numerous problems with sorting these files and so on. I cannot see this well explained in the documentation but you can see it easily in the source of httpd. Regards Stefan Kell
Re: ports.openbsd.nu
Thank's a lot! This is good to know! Stefan Original-Nachricht Datum: Sun, 10 Feb 2008 14:07:23 + (UTC) Von: Fredrik Carlsson [EMAIL PROTECTED] An: misc@openbsd.org Betreff: Re: ports.openbsd.nu Edd Barrett vext01 at gmail.com writes: hey, what happened to ports.openbsd.nu?. The owner forgot to renew it and I can't reach him, so the site has moved to http://openports.se Regards Fredrik Carlsson
Re: WAP setup problems
Hello, On Wed, 6 Feb 2008, Brian Richardson wrote: Stefan Kell wrote: some other questions: why a bridge and why not simple router with pf? What is your bridge configuration? vr0 is internal interface. ral0 is wireless interface. brconfig bridge0 add ral0 brconfig bridge0 add vr0 brconfig bridge0 rulefile /etc/bridge0.rules /etc/bridge0.rules: pass in on ral0 src 11:de:ad:be:ef:11 pass out on vr0 dst 11:de:ad:be:ef:11 block in/out on ral0 As to why the bridge? I'm not aware of any other way to use MAC filtering to limit access to the external interface. Regards, Brian I am not sure if I understand all of your intentions but I think you should use only one subnet for your whole network. Then dhcpd can assign addresses without problems amd the bridge will separate the wireless lan from the rest. I don't think this is a very secure solution and I would prefer to use authpf and no bridge. Regards Stefan Kell
Re: WAP setup problems
Hello, Original-Nachricht Datum: Tue, 05 Feb 2008 18:55:43 -0700 Von: Brian Richardson [EMAIL PROTECTED] An: Stefan Kell [EMAIL PROTECTED] CC: misc@openbsd.org Betreff: Re: WAP setup problems Stefan Kell wrote: Did you try using one shared-network with two different subnets? You can find an example within man dhcpd.conf. Yes, I did, with the same effect. Brian some other questions: why a bridge and why not simple router with pf? What is your bridge configuration? Regards Stefan Kell
Re: WAP setup problems
Hi,
On Mon, 4 Feb 2008, Brian Richardson wrote:
...snip...
My dhcpd.conf is as follows:
--
shared-network LOCAL-NET {
option domain-name example.org;
option domain-name-servers 192.168.1.1;
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
range 192.168.1.32 192.168.1.127;
}
host laptop {
hardware ethernet 00:de:ad:be:ef:00;
fixed-address 192.168.1.10;
}
}
shared-network WIRELESS-NET {
option domain-name example.org;
option domain-name-servers 192.168.1.1;
subnet 192.168.2.0 netmask 255.255.255.0 {
option routers 192.168.2.1;
range 192.168.2.32 192.168.2.127;
}
host laptop-wireless {
hardware ethernet 11:de:ad:be:ef:11;
fixed-address 192.168.2.10;
}
}
--
snup
Did you try using one shared-network with two different subnets? You can
find an example within man dhcpd.conf.
Regards
Stefan Kell
Re: dhcp error message
Hello, On Thu, 31 Jan 2008, Jim M wrote: my /var/log/messages file is filled over and over with the line (obviously the date/time varies) Jan 31 20:17:00 balrog dhclient: send_fallback: No route to host The machine is a firewall and has no graphic capabilities. It is a dhcp client to get my the IP address for the home network and a dhcp server for all the machines in the house. What does this error message mean? The firewall works fine as the default router for all the wired Ethernet machines in the house. But, I have laptop with built in 802.11 and a PCMCIA card as well. When I use the PCMCIA card, everything works fine. With the built in 802.11, however, it connects to the WAP, but does not get an IP address from the firewall. I can't figure out why the difference and would appreciate any advice on how to troubleshoot this. Thanks Jim dhclient does not have any message with send_fallback but dhcpd has. You did write down the correct message? If dhcpd writes this message than it could be that you didn't specify the interface on which dhcpd should listen. Of course it should not listen on your external interface, see man dhcpd. Is your PCMCIA card wired or wireless? Regards Stefan Kell
Re: dhcp error message
Hello, On Sat, 2 Feb 2008, Richard Daemon wrote: On Feb 2, 2008 2:49 PM, Stefan Kell [EMAIL PROTECTED] wrote: Hello, On Fri, 1 Feb 2008, Jim M wrote: Sorry I wasn't clear. What my mind was thinking wasn't coming across. I hope this helps. I have a firewall that runs on a Sun Ultra 5. It is a dhcp client on the WAN side and a dhcp server inside the house. The firewall connects to a switch that has several things connected to it including other computers (running various operating systems), switches that service other parts of the house and a Linksys wireless G access point. I have a company HP laptop that runs Windows XP. The laptop has a built in 802.11 capability and a PCMCIA card. The card works fine, but the built in will get through the WAP fine, but won't get an IP address from the firewall. Is there some log file where I can look for error messages to try to troubleshoot this. Thanks again, and I hope this helps explain things. Original Message Subject: Re: dhcp error message From: Joachim Schipper [EMAIL PROTECTED] Date: Fri, February 01, 2008 8:46 am To: Jim M [EMAIL PROTECTED] On Thu, Jan 31, 2008 at 07:38:26PM -0700, Jim M wrote: my /var/log/messages file is filled over and over with the line (obviously the date/time varies) Jan 31 20:17:00 balrog dhclient: send_fallback: No route to host The machine is a firewall and has no graphic capabilities. It is a dhcp client to get my the IP address for the home network and a dhcp server for all the machines in the house. What does this error message mean? The firewall works fine as the default router for all the wired Ethernet machines in the house. But, I have laptop with built in 802.11 and a PCMCIA card as well. When I use the PCMCIA card, everything works fine. With the built in 802.11, however, it connects to the WAP, but does not get an IP address from the firewall. I can't figure out why the difference and would appreciate any advice on how to troubleshoot this. I'm not certain this is useful, but that *is* the message you get if pf blocks a packet. However, dhclient does some unusual stuff to be able to send packets even when the interface is down, and usually bypasses pf because of that. Otherwise, it's not really clear to me which host is which and which host is doing what, so I'm afraid I can't really help you. A little clarification sent to the list might be useful here. Joachim that is a classic: dhcp uses UDP broadcasts which usually are not forwarded, your AP is not your dhcp-server and so the dhcp request will reach the AP but not your firewall. Three solutions: dhcp relay agent on your AP (if possible) or configure your AP to forward broadcasts or use a dhcp server on your AP with a different IP range. Try any search machine with dhcp relay and you will find answers. Regards Stefan Kell What I don't get is why does the PCMCIA wireless work ok and not the onboard? I assume the PCMCIA also gets it's IP from the AP. The OP didn't write that so I assumed PCMCIA ist wired. Regards Stefan Kell
Re: dhcp error message
Hello, On Fri, 1 Feb 2008, Jim M wrote: Sorry I wasn't clear. What my mind was thinking wasn't coming across. I hope this helps. I have a firewall that runs on a Sun Ultra 5. It is a dhcp client on the WAN side and a dhcp server inside the house. The firewall connects to a switch that has several things connected to it including other computers (running various operating systems), switches that service other parts of the house and a Linksys wireless G access point. I have a company HP laptop that runs Windows XP. The laptop has a built in 802.11 capability and a PCMCIA card. The card works fine, but the built in will get through the WAP fine, but won't get an IP address from the firewall. Is there some log file where I can look for error messages to try to troubleshoot this. Thanks again, and I hope this helps explain things. Original Message Subject: Re: dhcp error message From: Joachim Schipper [EMAIL PROTECTED] Date: Fri, February 01, 2008 8:46 am To: Jim M [EMAIL PROTECTED] On Thu, Jan 31, 2008 at 07:38:26PM -0700, Jim M wrote: my /var/log/messages file is filled over and over with the line (obviously the date/time varies) Jan 31 20:17:00 balrog dhclient: send_fallback: No route to host The machine is a firewall and has no graphic capabilities. It is a dhcp client to get my the IP address for the home network and a dhcp server for all the machines in the house. What does this error message mean? The firewall works fine as the default router for all the wired Ethernet machines in the house. But, I have laptop with built in 802.11 and a PCMCIA card as well. When I use the PCMCIA card, everything works fine. With the built in 802.11, however, it connects to the WAP, but does not get an IP address from the firewall. I can't figure out why the difference and would appreciate any advice on how to troubleshoot this. I'm not certain this is useful, but that *is* the message you get if pf blocks a packet. However, dhclient does some unusual stuff to be able to send packets even when the interface is down, and usually bypasses pf because of that. Otherwise, it's not really clear to me which host is which and which host is doing what, so I'm afraid I can't really help you. A little clarification sent to the list might be useful here. Joachim that is a classic: dhcp uses UDP broadcasts which usually are not forwarded, your AP is not your dhcp-server and so the dhcp request will reach the AP but not your firewall. Three solutions: dhcp relay agent on your AP (if possible) or configure your AP to forward broadcasts or use a dhcp server on your AP with a different IP range. Try any search machine with dhcp relay and you will find answers. Regards Stefan Kell
Re: [squid-users] Squid.conf deleting host...
Hello Sherwood, On Wed, 30 Jan 2008, Sherwood Botsford wrote: Now, the problem: In accessing any web page, say http://some.domain.com/path/to/file.html squid replies with a bad URL message saying that it can't retrieve /path/to/file.html. The http:// prefix and the domain name are stripped out. ...snip Relevant section of pf.conf. Pixel should be 'any' but this version limits the problem to a single host. All other hosts are non-proxied. $lan is the internal interface. # squid redirection rdr on $lan inet proto tcp from pixel to any \ port www - 127.0.0.1 port 3128 pass in quick on $lan inet proto tcp from any to 127.0.0.1 \ port 3128 keep state #label web You obviously try to install a transparent proxy. This works only if your WEB-clients use http-protocol 1.1. Notably Microsoft Internet Explorer uses http 1.0 which does not send the hostname in the GET request. This leads to your symptoms. A transparent proxy is probably not a good idea, better is to enter the proxy definition in the browser preferences or use automatic proxy detection via WPAD. More on this via Google or your preferred search engine, looking for ie wpad.dat or similiar. One additional note: there is a known problem with Microsoft internet explorer, it might use wpad.da as filename. Regards Stefan Kell
Re: : booting openbsd on eee without cd-rom
Hello, On Thu, 31 Jan 2008, frantisek holop wrote: hmm, on Thu, Jan 31, 2008 at 02:26:17PM +0100, Raimo Niskanen said that Since you probably will need the install sets as well, I have posted a compressed filesystem image of size 199864838 bytes at http://www.erlang.org/~raimo/OpenBSD/snapshots/i386/hd.fs.gz It contains the same as install42.iso snapshot Jan 29. will try asap, thanks a lot. otherwise i'll ask the Andre chap with the usb install to post an image :))) i guess it wouldnt be really hard to provide these images along with the cd/floppy boot images, what's the official stance on this by the devs? as the subnotebook business gona explode after the eee's success this will be a really handy thing to do i think... I made some experiments booting the eee with following results: - installing OpenBSD to USB-stick on an other machine and then boot ist on the eee works. Release 4.2 has some problems with ethernet, -current might be better. - Using flashboot and dding Generic-rd.image from http://tilde.se to an USB-stick works but init-script inside this kernel has some problem with fsck. But this is an easy method for you to get a bootable USB-stick with only Linux running on the eee. - The eee CAN boot via PXE if you enable this option in the bios. This might be the most easy solution if you have the PXE-infrastructure. I will try a current snapshot and see how well this works in the next days. So in principle you don't need special images somewhere for download, it is all there already. Regards Stefan Kell
Re: booting openbsd on eee without cd-rom
Hello, On Wed, 30 Jan 2008, frantisek holop wrote: hmm, on Tue, Jan 29, 2008 at 11:21:40AM -0500, Nick Holland said that frantisek holop wrote: hmm, on Tue, Jan 29, 2008 at 09:45:27AM -0500, Nick Holland said that (short version: just do a normal install to the flash disk) how do i boot bsd.rd to make an install to the flash disk? chicken egg. i dont have an usb cdrom, nor floppy disk. only usb media. i need to create a bootable usb media... -f see the referenced thread... Prep the install device on another machine. Other machine just needs should have been clearer probably... i am on the road. there is no other machine... all i have is the eee and the internet and the usb media. my understanding of the boot process process for i386 tells me, all i need is ia bootsector from someone who already has an openbsd bootable usb media and the instructions which bytes to change based on what :) (where is boot(8) on my usb media) see man installboot and man biosboot: you can't do this easily because installboot will patch biosboot for the locationinfo of boot. And you don't have this information beforehand. OR something like the zaurus process... install a linux package and can run bsd.rd directly from linux. i think this one is becoming more and more needed for i386 too, in this world of floppyless, cdromless devices... a little utility that can run bsd.rd from linux/dos... but it would be cheaper to just prep it on another machine. :) i definitely agree. but if someone is so intimate with the boot sector code that can give me this info, saves a lot of hassle for me. thats why i wrote to the list, maybe someone really is... (some people will say dd the floppy image onto the flash device, but the functionality of that depends upon your BIOS's USB boot code. i havent tried this one yet, but just for the kicks i tried cd42.iso an that of course didnt work. dd floppy image does boot on the eee, but biosboot stops with ERR M. Installing OpenBSD to an USB stick definitly works. One other solution might be flashboot, see http://www.mindrot.org/projects/flashboot/;. There are binary images available at http://tilde.se/flashboot/;. zcat GENERIC-RD.image | dd of=/dev/sd0 under Linux on the eee should give you a bootable USB-Stick (/dev/sd0 as an example). But I didn't try this myself. Anyway, OpenBSD will boot but ethernet does not work: The wired adapter is not suppoerted, and the wireless driver reports an error and does not work :-( Regards Stefan Kell
Re: : booting openbsd on eee without cd-rom
Hello, On Wed, 30 Jan 2008, Raimo Niskanen wrote: On Tue, Jan 29, 2008 at 10:31:28PM -0500, Richard Daemon wrote: ... But of course you have boot -a at the boot prompt for selecting the root device. And I want to try the same the next days :-) Regards Stefan Kell That brings up another question, hopefully there's an answer... rather than having to do boot -a (even from boot.conf) and be present to hit enter during root device selection, is there an easy way to tell it, yes, choose the default it sees after this? Not that I am certain it would solve your problem completely, but I would love having a boot(8) prompt command boot [image [root] [-acds]] and set root [value] It would then also be possible to set it in /etc/boot.conf. But as far as I know it is a missing feature. And I do not think the kernel is able to get root device as an argument (yet). Another not as good and still missing feature would be to be able to set root device from boot_config(8). ie: if I do a full install on a USB flash, boot up normal, it panics into ddb mode because of root device as wd0 when it should be sd0. If I do boot -a, it asks for default of sd0 rather than wd0 but expects manual intervention, such as pressing enter. Is there a way to bypass this other than recompile a new, custom kernel? The Generic kernel on i386 tries hard to find the correct boot device and assumes the the rootfilesystem is on partition a on this device. So if your kernel and boot files are on the USB-stick, the kernel should not panic but use sd0a as rootfilesystem. Regards Stefan Kell
Re: : booting openbsd on eee without cd-rom
Thanks for that info, I will check how -current works on the eee, if I got some time for this. Regards Stefan Kell Original-Nachricht Datum: Wed, 30 Jan 2008 16:46:22 + Von: Stuart Henderson [EMAIL PROTECTED] An: misc@openbsd.org Betreff: Re: : booting openbsd on eee without cd-rom On 2008/01/30 15:26, Dennis Davis wrote: wireless driver reports an error and does not work is short on detail. It might just be that non-free firmware needs installing (eg the firmware for the iwi driver) to get it to work. people with Eee PC need to test -current snapshots, the wd/wdc changes which are in them (not yet committed) will affect you (hopefully to your advantage, there should be much lower cpu use during disk activity). http://marc.info/?l=openbsd-techm=120159790520579w=2
Re: : booting openbsd on eee without cd-rom
Hello Denis, Original-Nachricht Datum: Wed, 30 Jan 2008 15:26:17 + (GMT) Von: Dennis Davis [EMAIL PROTECTED] An: misc@openbsd.org Betreff: Re: : booting openbsd on eee without cd-rom On Wed, 30 Jan 2008, Raimo Niskanen wrote: From: Raimo Niskanen [EMAIL PROTECTED] To: misc@openbsd.org Date: Wed, 30 Jan 2008 15:50:30 +0100 Subject: Re: : booting openbsd on eee without cd-rom ... Anyway, OpenBSD will boot but ethernet does not work: The wired adapter is not suppoerted, and the wireless driver reports an error and does not work :-( Then one could create such a bootable image and throw in the file sets too, that is: most of the /4.2/i386 download directory except install42.iso, but the size would be about 250 MByte. If the ethernet adapters does not work, what is the use? wireless driver reports an error and does not work is short on detail. It might just be that non-free firmware needs installing (eg the firmware for the iwi driver) to get it to work. -- Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK [EMAIL PROTECTED] Phone: +44 1225 386101 Of course this is way too short, but I wanted to check the archives beforehand wether I did make a stupid error somewhere. Wireless is an ath-device which does not need non-free firmware AFAIK. Regards Stefan Kell
Re: : booting openbsd on eee without cd-rom
Original-Nachricht Datum: Wed, 30 Jan 2008 15:50:30 +0100 Von: Raimo Niskanen [EMAIL PROTECTED] An: misc@openbsd.org Betreff: Re: : booting openbsd on eee without cd-rom On Wed, Jan 30, 2008 at 03:29:46PM +0100, Stefan Kell wrote: Hello, On Wed, 30 Jan 2008, frantisek holop wrote: hmm, on Tue, Jan 29, 2008 at 11:21:40AM -0500, Nick Holland said that frantisek holop wrote: hmm, on Tue, Jan 29, 2008 at 09:45:27AM -0500, Nick Holland said that (short version: just do a normal install to the flash disk) how do i boot bsd.rd to make an install to the flash disk? chicken egg. i dont have an usb cdrom, nor floppy disk. only usb media. i need to create a bootable usb media... -f see the referenced thread... Prep the install device on another machine. Other machine just needs should have been clearer probably... i am on the road. there is no other machine... all i have is the eee and the internet and the usb media. my understanding of the boot process process for i386 tells me, all i need is ia bootsector from someone who already has an openbsd bootable usb media and the instructions which bytes to change based on what :) (where is boot(8) on my usb media) see man installboot and man biosboot: you can't do this easily because installboot will patch biosboot for the locationinfo of boot. And you don't have this information beforehand. OR something like the zaurus process... install a linux package and can run bsd.rd directly from linux. i think this one is becoming more and more needed for i386 too, in this world of floppyless, cdromless devices... a little utility that can run bsd.rd from linux/dos... but it would be cheaper to just prep it on another machine. :) i definitely agree. but if someone is so intimate with the boot sector code that can give me this info, saves a lot of hassle for me. thats why i wrote to the list, maybe someone really is... (some people will say dd the floppy image onto the flash device, but the functionality of that depends upon your BIOS's USB boot code. i havent tried this one yet, but just for the kicks i tried cd42.iso an that of course didnt work. dd floppy image does boot on the eee, but biosboot stops with ERR M. Installing OpenBSD to an USB stick definitly works. One other solution might be flashboot, see http://www.mindrot.org/projects/flashboot/;. There are binary images available at http://tilde.se/flashboot/;. zcat GENERIC-RD.image | dd of=/dev/sd0 under Linux on the eee should give you a bootable USB-Stick (/dev/sd0 as an example). But I didn't try this myself. Anyway, OpenBSD will boot but ethernet does not work: The wired adapter is not suppoerted, and the wireless driver reports an error and does not work :-( Then one could create such a bootable image and throw in the file sets too, that is: most of the /4.2/i386 download directory except install42.iso, but the size would be about 250 MByte. If the ethernet adapters does not work, what is the use? To get this nice little thingy working, of course.
Re: booting openbsd on eee without cd-rom
Hi, Original-Nachricht Datum: Tue, 29 Jan 2008 14:15:20 -0500 Von: Richard Daemon [EMAIL PROTECTED] An: Nick Holland [EMAIL PROTECTED] CC: misc@openbsd.org Betreff: Re: booting openbsd on eee without cd-rom see recent thread, Install OpenBSD from USB. Don't believe all of of what people said. :) (short version: just do a normal install to the flash disk) Nick. Speaking of which, can a default install on USB Flash work and fully boot a generic bsd kernel ok, or needs to boot bsd.rd or similar? In other words, I can see it being able to boot bsd.rd without a problem, but will it load the root device ok with just /bsd? Might be interesting on the eee, what boot device will be selected. AFAIK the internal disk ist master on the secondary IDE-channel. But of course you have boot -a at the boot prompt for selecting the root device. And I want to try the same the next days :-) Regards Stefan Kell
Re: Not getting much bandwidth through the firewall
Hi, Original-Nachricht Datum: Wed, 28 Mar 2007 20:30:39 -0700 (PDT) Von: Watson Crick [EMAIL PROTECTED] An: misc@openbsd.org Betreff: Not getting much bandwidth through the firewall Hi, I've got OpenBSD 4.0 (release) on a laptop setup up as a router between 2 subnets, and providing internet access through a 3rd nic to a DSL modem. The problem is the bandwidth between the two subnets. I'm only getting a maximum of about 500 KB/s between two 100mbit cards. Top shows ~70% interrupt (~29% idle) while these transfers are going on. I don't know what the bottleneck is in the system. Are the Linksys PCMCIA nics crappy? Did I screw something else up? As a test I turned off pf and did ftp transfers from the OpenBSD machine to/from each subnet, and the bandwidth was still limited to ~500 KB/s, so I don't think it's anything in my pf setup. Thanks There is a big difference in performance between 16bit and 32bit PCMCIA-Cards. From my experience you won't get anything higher as 1000KByte/sec from a 16bit card. I don't know the linksys cards but you should test your setup with two 32bit cards. And this has probably nothing to do with operating systems. Regards Stefan Kell
Re: keyboard lockup, KVM, dual-boot
Hi, On Mon, 26 Feb 2007, Marco Pfatschbacher wrote: On Sun, Feb 25, 2007 at 06:10:43PM +0100, Stefan Kell wrote: Hallo list, I want to use this machine as a dual-boot system together with windows. It is connected to a standard PS2-KVM, no USB-mouse or keyboard. Installation of both Windows and OpenBSD 4.0 from CDs worked without any problems. But now if I boot OpenBSD from harddisk the keyboard is locked at the login prompt. But I can use the keyboard in the BIOS, for the boot-manager, with the standard boot-prompt of OpenBSD and within UKC. So something later in the bootprocess is locking the keyboard. I tried to use X-Windows but there is the problem that the mouse is not responding. Maybe this is related? Any sugestions? Dmesg follows Try a snapshot. mickey commited a fix for this: http://marc.theaimsgroup.com/?l=openbsd-cvsm=117025451820884w=2 good idea, I used snapshot from Feb 25th. This works very well. Regards Stefan Kell
Re: keyboard lockup, KVM, dual-boot
Hello Nick, On Sun, 25 Feb 2007, Nick Holland wrote: Stefan Kell wrote: Hallo list, I want to use this machine as a dual-boot system together with windows. It is connected to a standard PS2-KVM, no USB-mouse or keyboard. Installation of both Windows and OpenBSD 4.0 from CDs worked without any problems. But now if I boot OpenBSD from harddisk the keyboard is locked at the login prompt. But I can use the keyboard in the BIOS, for the boot-manager, with the standard boot-prompt of OpenBSD and within UKC. So something later in the bootprocess is locking the keyboard. I tried to use X-Windows but there is the problem that the mouse is not responding. Maybe this is related? Any sugestions? Dmesg follows It sounds like this: http://www.openbsd.org/faq/faq12.html#i386smouse Some KVM switches work great, some don't. I've got some that work great while they work, but then the KVM switch itself crashes regularly. *sigh* Nick. Regards Stefan Kell OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC (thanks, and yes, I did use this to confirm that you had a mouse attached). I got it reproducible: using UKC does not make any problems but using boot-option -a for selecting the root-device locks the keyboard. Maybe there is a clash between wscons and the kernel reading the keyboard? I tried the snapshot dating Feb 25th and this works well. There is also no problem with the mouse in X-windows, which is not usable in 4.0. Dmesg follows. Regards Stefan Kell OpenBSD 4.1-beta (GENERIC) #1409: Sun Feb 25 14:07:16 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 1.80GHz (GenuineIntel 686-class) 1.80 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR real mem = 535851008 (523292K) avail mem = 481222656 (469944K) using 4278 buffers containing 26918912 bytes (26288K) of memory User Kernel Config UKC timezone timezone = 0, dst = 0 UKC timz\^H \^Hezone -60 timezone = -60, dst = 0 UKC quit Continuing... mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 03/12/03, BIOS32 rev. 0 @ 0xfd760, SMBIOS rev. 2.31 @ 0xf0a40 (65 entries) bios0: FUJITSU SIEMENS SCENIC W300/W600 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd760/0x8a0 pcibios0: PCI BIOS has 14 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801DB LPC rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0x8800 0xc8800/0x1800 0xe/0x4000! acpi at mainbus0 not configured cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82845G/GL rev 0x01 ppb0 at pci0 dev 1 function 0 Intel 82845G/GL/GV/GE/PE AGP rev 0x01 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 Matrox MGA G400/G450 AGP rev 0x85 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x01: irq 9 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x01: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x01: irq 10 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x01: irq 9 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 6 ports with 6 removable, self powered ppb1 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x81 pci2 at ppb1 bus 2 fxp0 at pci2 dev 8 function 0 Intel PRO/100 VE rev 0x81, i82562: irq 11, address 00:30:05:44:ab:72 inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0 mbg0 at pci2 dev 9 function 0 Meinberg Funkuhren PCI32 rev 0x00: firmware PCI32 v2.07 (c) Meinberg 1998, free running on xtal ichpcib0 at pci0 dev 31 function 0 Intel 82801DB LPC rev 0x01 pciide0 at pci0 dev 31 function 1 Intel 82801DB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: SAMSUNG SP0411N wd0: 16-sector PIO, LBA48, 38204MB, 78242976 sectors wd1 at pciide0 channel 0 drive 1: MAXTOR STM3802110A wd1: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: LITE-ON, LTR-48246S, SID4 SCSI0 5/cdrom
Re: keyboard lockup, KVM, dual-boot
Hello Nick, Original-Nachricht Datum: Sun, 25 Feb 2007 21:26:42 -0500 Von: Nick Holland [EMAIL PROTECTED] An: misc misc@openbsd.org CC: Betreff: Re: keyboard lockup, KVM, dual-boot Stefan Kell wrote: Hello Nick, On Sun, 25 Feb 2007, Nick Holland wrote: ... It sounds like this: http://www.openbsd.org/faq/faq12.html#i386smouse Some KVM switches work great, some don't. I've got some that work great while they work, but then the KVM switch itself crashes regularly. *sigh* thank you for the link. I did miss this but have read other pages on the net which mention problems with KVMs. I am still wondering why I was able to install the system without problems. There must be a subtle difference between the installation kernel on the CD and the Generic one which causes the lockup. By the way, the lockup is not happening on each boot. Regards Stefan Kell Actually, IF this is your problem, if you set the KVM to the OpenBSD system and LEAVE IT THERE, OpenBSD would probably work fine. You most likely did this on first install. It's the switching that kills the OpenBSD mouse/keyboard driver... Most likely, you switch it more once OpenBSD is loaded. Nick. Nope, the keyboard is locked even when I carefully do NOT switch the system with the KVM: I boot the machine, select the OS with bootmanager GAG, change timezone in UKC (remember dual boot), OpenBSD boots till the login prompt shows and then the keyboard is locked most of the time. I will try a current snapshot and see if this works better. Regards Stefan Kell
keyboard lockup, KVM, dual-boot
Hallo list, I want to use this machine as a dual-boot system together with windows. It is connected to a standard PS2-KVM, no USB-mouse or keyboard. Installation of both Windows and OpenBSD 4.0 from CDs worked without any problems. But now if I boot OpenBSD from harddisk the keyboard is locked at the login prompt. But I can use the keyboard in the BIOS, for the boot-manager, with the standard boot-prompt of OpenBSD and within UKC. So something later in the bootprocess is locking the keyboard. I tried to use X-Windows but there is the problem that the mouse is not responding. Maybe this is related? Any sugestions? Dmesg follows Regards Stefan Kell OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 1.80GHz (GenuineIntel 686-class) 1.80 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID real mem = 535851008 (523292K) avail mem = 480841728 (469572K) using 4256 buffers containing 26894336 bytes (26264K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(6d) BIOS, date 03/12/03, BIOS32 rev. 0 @ 0xfd760, SMBIOS rev. 2.31 @ 0xf0a40 (65 entries) bios0: FUJITSU SIEMENS SCENIC W300/W600 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd760/0x8a0 pcibios0: PCI BIOS has 14 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801DB LPC rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0x8800 0xc8800/0x1800 0xe/0x4000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82845G/GL rev 0x01 ppb0 at pci0 dev 1 function 0 Intel 82845G/GL/GV/GE/PE AGP rev 0x01 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 Matrox MGA G400/G450 AGP rev 0x85 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x01: irq 9 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x01: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x01: irq 10 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x01: irq 9 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 6 ports with 6 removable, self powered ppb1 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x81 pci2 at ppb1 bus 2 fxp0 at pci2 dev 8 function 0 Intel PRO/100 VE rev 0x81, i82562: irq 11, address 00:30:05:44:ab:72 inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0 unknown vendor 0x1360 product 0x0101 (class system subclass miscellaneous, rev 0x00) at pci2 dev 9 function 0 not configured ichpcib0 at pci0 dev 31 function 0 Intel 82801DB LPC rev 0x01 pciide0 at pci0 dev 31 function 1 Intel 82801DB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: SAMSUNG SP0411N wd0: 16-sector PIO, LBA48, 38204MB, 78242976 sectors wd1 at pciide0 channel 0 drive 1: MAXTOR STM3802110A wd1: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: LITE-ON, LTR-48246S, SID4 SCSI0 5/cdrom removable atapiscsi1 at pciide0 channel 1 drive 1 scsibus1 at atapiscsi1: 2 targets cd1 at scsibus1 targ 0 lun 0: HL-DT-ST, DVD-ROM GDR8161B, 0042 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 cd1(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2 ichiic0 at pci0 dev 31 function 3 Intel 82801DB SMBus rev 0x01: irq 5 iic0 at ichiic0 auich0 at pci0 dev 31 function 5 Intel 82801DB AC97 rev 0x01: irq 5, ICH4 AC97 ac97: codec id 0x41445374 (Analog Devices AD1981B) ac97: codec features headphone, 20 bit DAC, No 3D Stereo audio0 at auich0 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq
Re: keyboard lockup, KVM, dual-boot
Hello Nick, On Sun, 25 Feb 2007, Nick Holland wrote: Stefan Kell wrote: Hallo list, I want to use this machine as a dual-boot system together with windows. It is connected to a standard PS2-KVM, no USB-mouse or keyboard. Installation of both Windows and OpenBSD 4.0 from CDs worked without any problems. But now if I boot OpenBSD from harddisk the keyboard is locked at the login prompt. But I can use the keyboard in the BIOS, for the boot-manager, with the standard boot-prompt of OpenBSD and within UKC. So something later in the bootprocess is locking the keyboard. I tried to use X-Windows but there is the problem that the mouse is not responding. Maybe this is related? Any sugestions? Dmesg follows It sounds like this: http://www.openbsd.org/faq/faq12.html#i386smouse Some KVM switches work great, some don't. I've got some that work great while they work, but then the KVM switch itself crashes regularly. *sigh* thank you for the link. I did miss this but have read other pages on the net which mention problems with KVMs. I am still wondering why I was able to install the system without problems. There must be a subtle difference between the installation kernel on the CD and the Generic one which causes the lockup. By the way, the lockup is not happening on each boot. Regards Stefan Kell
XFCE default keybinding missing, why?
Hello, after using OpenBSD on some routers since 3.5, I installe OpenBSD 4.0 on one of my laptops (an IBM Thinkpad A30p). Everything is working fine, no real problem with X configuration, sound is working and so on. I use xfce as window-manager from ports. Xfce has been my standard window-manager on all of my systems for years. Main reason is, it is light-weight and it has alt-tab for switching windows. But not on OpenBSD. After digging around I found that there is a patch in the ports-tree for xfwm, which disables all default keybindings: patch-themes_default_keys_keythemerc No big problem but why is this so? Regards Stefan Kell
Re: Peculiar sshd messages in authlog: Connection closed by {host} repeats
Hi,
On Thu, 10 Aug 2006, Stephen Bosch wrote:
The log messages may be the result of a trojan that tries to infect other
hosts in the network.
Right -- but it still doesn't explain why I would be getting Connection
closed by {host} messages when the host is not even connected.
Thanks,
-Stephen-
I have one host running in my local network which a smiliar OpenSSH
version. It does not log connection attempts only the result after the
protocol handshake. Thus you can only see similiar messages as you sent
in your original message.
So it could be interesting to use tcpdump on fw1 to see what's going
on. Or increase LogLevel in sshd_config to DEBUG, see man sshd_config.
Regards
Stefan Kell
Re: dns query
Hi, Original-Nachricht Datum: Mon, 07 Aug 2006 14:58:52 +0700 Von: riwanlky [EMAIL PROTECTED] An: misc@openbsd.org Betreff: dns query Hi all, I don't know if it is the right place to write about this problem. I am running OpenBSD 3.9, however it seem to me that my OpenBSD box always send a DNS query for: - email sending (from internal and external) I had tried to add in my resolv.conf to use nameserver localhost. So that @mcojaya.com will not go to other DNS server for query. I use /etc/hosts to add 127.0.0.1 mcojaya.com I have problem that when the internet is down, my local users were not able to send email because of DNS query check. - nagios. I use check_ping, and it seem that it will always query DNS for every ip address (host) that I setup to check_ping. I did not modify any inetd.conf Thanks, best regards, riwan have a look at DNSMASQ, which is in ports, I think. Homepage is at http://www.thekelleys.org.uk/dnsmasq/doc.html; and fills probably all your needs. Regards Stefan Kell
Re: Assembly Language Programs
--- Urspr|ngliche Nachricht --- Von: David Terrell [EMAIL PROTECTED] An: Ash Williams [EMAIL PROTECTED] Kopie: misc@openbsd.org Betreff: Re: Assembly Language Programs Datum: Wed, 12 Apr 2006 03:14:33 -0500 On Wed, Apr 12, 2006 at 05:45:30PM +1000, Ash Williams wrote: what I have is #./name #ksh: Operation not permitted Someone knows what is happenig ? I've not done any ASM on OpenBSD although i have a bit of experience with FreeBSD. Have you looked at the syscalls located in /usr/src/sys/kern/syscalls.master - these may differ from the syscalls FreeBSD uses. You're correct. If you really feel like continuing to waste your time with this nonsense, skip to step two which uses the C library to call functions instead of hardcoded sytem call numbers. Hi, and most likely cause of ksh-error message is that the current directory is mounted with noexec option. Thus you cannot start the executable. Regards Stefan Kell
Re: massive memory leak in 3.8-stable samba
Hi, Mitja: did you check the samba-logfiles? You could try to increase the loglevel and see, what smbd is doing. I always find these logfiles very helpful. Regards Stefan Kell --- Urspr|ngliche Nachricht --- Von: Per-Olov Sjvholm [EMAIL PROTECTED] An: Mitja Muenih [EMAIL PROTECTED] Kopie: misc@openbsd.org Betreff: Re: massive memory leak in 3.8-stable samba Datum: Mon, 6 Mar 2006 18:17:06 +0100 On Saturday 04 March 2006 10.59, you wrote: Hi! One of my production machines (3.8-stable) has suddenly started panicing every couple of hours. I found out that the culprit is smbd, eating through memory like there's no tomorrow (approx. 10Mb / minute! ). Can't figure out what has triggered it, nothing changed on the machine lately and there is only one active w2k client, writing a 2.5kB file every 15 seconds or so. I'd be glad of any assistance, even pointing out any stupid mistakes I have made, because this is driving me nuts. -- load averages: 0.42, 0.87, 1.71 10:45:59 23 processes: 22 idle, 1 on processor CPU states: 0.0% user, 0.0% nice, 0.0% system, 0.2% interrupt, 99.8% idle Memory: Real: 290M/338M act/tot Free: 160M Swap: 2372K/256M used/tot PID USERNAME PRI NICE SIZE RES STATEWAIT TIMECPU COMMAND 30693 Guest 20 284M 284M sleepselect 0:24 0.44% smbd -- load averages: 0.28, 0.56, 1.35 10:50:14 23 processes: 22 idle, 1 on processor CPU states: 0.0% user, 0.0% nice, 0.0% system, 0.2% interrupt, 99.8% idle Memory: Real: 348M/397M act/tot Free: 101M Swap: 2372K/256M used/tot PID USERNAME PRI NICE SIZE RES STATEWAIT TIMECPU COMMAND 30693 Guest 20 342M 342M sleepselect 0:29 1.03% smbd - # smbstatus Samba version 3.0.13 PID Username Group Machine --- Service pid machine Connected at --- MC 30693 x Sat Mar 4 10:23:13 2006 IPC$ 13147 x Sat Mar 4 10:41:57 2006 Locked files: PidDenyMode Access R/WOplock Name -- 30693 DENY_NONE 0x2019f RDWR EXCLUSIVE+BATCH /var/shared/AB/gdat/ini/G_dat.ini Sat Mar 4 10:43:59 2006 The kernel is (full dmesg at the end) OpenBSD 3.8-stable (GENERIC.RAID) #1: Sat Mar 4 01:45:40 CET 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.RAID (previously had a -stable built on Jan 3 2006, same symptoms) # pkg_info |grep samba samba-3.0.13p0 SMB and CIFS client and server for UNIX samba-docs-3.0.20b documentation and examples for samba (binary package from ftp.kd85.com, tried also to build it from ports and even MFC'd the latest version, 3.0.31b - no change) # cat /etc/samba/smb.conf [global] dos charset = CP852 workgroup = STIL server string = x map to guest = Bad User passdb backend = tdbsam passwd program = /usr/bin/passwd %u log file = /var/log/smbd.%m max log size = 50 mangle prefix = 6 add user script = useradd -d /var/empty -s /sbin/nologin %u add group script = groupadd '%g' add machine script = useradd -d /var/empty -s /sbin/nologin -g machines %u logon script = logon.bat logon path = \\%L\profile\%U\profile logon drive = z: logon home = \\%L\%U domain logons = Yes domain master = Yes dns proxy = No wins support = Yes ldap ssl = no load printers = no ..snip.. [AB] path = /var/shared/AB read only = No guest ok = Yes Regards, Mitja --- OpenBSD 3.8-stable (GENERIC.RAID) #1: Sat Mar 4 01:45:40 CET 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.RAID RTC BIOS diagnostic error 18memory_size,fixed_disk cpu0: Intel(R) Pentium(R) 4 CPU 3.20GHz (GenuineIntel 686-class) 3.20 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFL U SH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,CNXT-ID real mem = 535883776 (523324K) avail mem = 481636352 (470348K) using 4278 buffers containing 26898432 bytes (26268K) of memory RTC BIOS diagnostic error 18memory_size,fixed_disk mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 01/15/04, BIOS32 rev. 0 @ 0xffe90 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfeae0/160 (8 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801EB/ER
Re: windows - pf - inet - pf - ftpd [not working]
--- Urspr|ngliche Nachricht --- Von: Price, Joe [EMAIL PROTECTED] An: misc@openbsd.org Betreff: windows - pf - inet - pf - ftpd [not working] Datum: Thu, 19 Jan 2006 17:36:02 -0500 I have a problem that when a Windows client tries to connect to this ftp site, windows explorer returns 'The operation timed out'. The setup is, windows box behind a openbsd PF (NAT enabled) through the public internet to another openbsd PF (NAT enabled) which has a rdr rule to redirect to another openbsd machine behind it running ftpd. I'm assuming the problem exists on one of the firewalls, or both.. Is this something that ftp-proxy can fix? I know the ftp works because I can connect to it form the far end's openbsd box, just seems that I can't go through two NATs of PFs or something like that. Any help is appreciated. Thanks! Have you tried passive ftp-mode in Windows explorer: extras -internet options - extended Regards Stefan Kell
Re: How to debug something like this?
Hi, first: I am not a specialist for jabberd. On Sun, 22 May 2005, Wijnand Wiersma wrote: I use jabberd 1.4.3.1 and switched the aim/icq/msn transports to python based transports. There is a newer version available, see http://article.gmane.org/gmane.network.jabber.admin/24646; Jabberd itself is compiled exactly the same way and uses the same configuration. For some reason jabberd sometimes eats 50% CPU and the loadavg goes up to 16. ktrace did not reveal something usefull, systat and top did not tell me much either. Do you have some output from ktrace? Or is this output empty when the process is looping? I suspect that you should have some output because otherwise you should have 100% CPU (or is this a multiprocessor system with SMP-kernel?) How can I find what is causing this? If would use option -D for generating debugging output. If this gives no clue than I would recompile with symbols and use profiling to get an idea what's going on. Regards Stefan Kell
Re: How to debug something like this?
Hi, On Mon, 23 May 2005, Wijnand Wiersma wrote: It just happened again, so I was wrong about the nic. Here is a part of the ktrace of jabberd at a busy moment. Not much to see, this scrolls over my screen very fast. [...snip...] 9519 jabberd CALL select(0x1b,0x3c032d10,0x3c032c90,0x3c032c10,0x3c032a58) 9519 jabberd RET select 0 [...snip...] 9519 jabberd CALL read(0x4,0x3c032d90,0x80) 9519 jabberd RET read -1 errno 35 Resource temporarily unavailable that's an easy one: jabberd makes an select call, which returns 0 (timeout) and starts a read on a file descriptor which has probably been used in the read-fd-set for select. And this read gives error 35 which is correct as the select has timed out. Details are in man 2 select, man read and man 2 intro. This is a programming error. Now the difficult part: jabberd does not make the select call by itself but uses GNU-pth also called portable-threads. Somewhere inside this beast there must be the culprit but I don't have the time or patience to look into this unless I know the version of pth which you have been using. Regards Stefan Kell
Re: How to debug something like this?
Hi, On Mon, 23 May 2005, Wijnand Wiersma wrote: Hi Stefan, thanks for your reply. 2005/5/23, Stefan Kell [EMAIL PROTECTED]: [...snip...] 9519 jabberd CALL select(0x1b,0x3c032d10,0x3c032c90,0x3c032c10,0x3c032a58) 9519 jabberd RET select 0 [...snip...] 9519 jabberd CALL read(0x4,0x3c032d90,0x80) 9519 jabberd RET read -1 errno 35 Resource temporarily unavailable that's an easy one: jabberd makes an select call, which returns 0 (timeout) and starts a read on a file descriptor which has probably been used in the read-fd-set for select. And this read gives error 35 which is correct as the select has timed out. Details are in man 2 select, man read and man 2 intro. This is a programming error. For you this is easy :-) Should I raise the openfiles-cur for jabber? Don't know, I am not the specialist for jabber :-( Now the difficult part: jabberd does not make the select call by itself but uses GNU-pth also called portable-threads. Somewhere inside this beast there must be the culprit but I don't have the time or patience to look into this unless I know the version of pth which you have been using. pth-1.4.1 from the 3.7-RELEASE ports. ports or packages? I have looked at the pth-code and it seems to me that jabberd might loop if it has absolutely nothing to do. Than pth might start to simply poll which is cpu intensive. But someone else with better knowledge about the changes between OpenBSD 3.5 and 3.7 should have a look at it. Sorry for not more help Stefan Kell
