Re: 3.7 problem: replacing xdm with kdm
On Thu, Aug 11, 2005 at 11:20:49AM -0500, Dave Feustel wrote: On Thursday 11 August 2005 10:37, Bernd Schoeller wrote: You might want to check out http://www.openbsdsupport.org/KDM.html Thanks for the pointer. I remember reading it a while ago, but I had forgotten about it since then. I found that point 6 in that writeup doesn't work for me, possibly because of a problem with kdm not knowing about BSD-style authorization. KDM from packages worked for me after a few tweaks to how it gets started up. Also need to run kdm pre-config script. STFA for full answers. -- stephen
Re: YENTA compliant PCI-PCMCIA adapters?
On Tue, Aug 02, 2005 at 01:53:07PM -0700, Greg Thomas wrote: Does anyone know if the RICOH R5C485 chipset is YENTA compliant and/or will work with OpenBSD/i386? I haven't found a definitive answer Googling. I have a Senao 802.11b card I'd like to use in a desktop PC. Yes, works out of the box. Bought one from ebay for a Netgear MA401 802.11b card. -- stephen
Re: openbsd rpc/xdr
On Wed, Jul 27, 2005 at 10:55:51AM -0300, Gustavo Rios wrote: I did not meant alternatives to RPC approach? i mean alternatives to the standard implementation code of rpc. I don't feel like considering (as you self said) garbage like corba, rx, rxml-rpc I am considering rpc/xdr but a different code implementation. There are several layers of api to ONC RPC. I suggest you read a book like the O'Reilly kangaroo book, Power programming with RPC. Sun Microsystems gave away the rpc code, so I'd guess most implementations are based on their code. -- stephen
Re: carp failover on DSL and Cable connection?
On Mon, Jul 25, 2005 at 08:57:06PM -0700, Jonathan Walther wrote: You could run ospfd (or quagga) on each host. (You'll need to use gif or gre tunnels to give a multicast capable link over the vpns). Make the dsl tunnel the lower cost route and ospf will change the routing tables to use the other link if it goes down. When it comes back up, ospfd will switch the routing table back to the lower cost route. I use precisely this method to provide a backup to a 100Mb WAN link using ipsec/adsl. Thank you Stephen! This is exactly what I was looking for. One question; does this solution drop any connections during the change of the routing table? For my application, that isn't a problem, but it is Nothing is explicitly dropped, but the behaviour depends on how long you set the router dead time to and how the application behaves. The default dead time is 40sec, but I use 10secs in my setup. TCP/IP is able to handle some packet loss and routing table changes without dropping connections. -- stephen
Re: carp failover on DSL and Cable connection?
On Sun, Jul 24, 2005 at 10:37:29PM -0700, Jonathan Walther wrote: I've read the carp manpage, but am not clear if carp is able to help in the following scenario: A box at a high availability colo site forwards some traffic to a company LAN using a VPN. There are two VPN connections it could route packets through, one going through the LAN's Cable connection, the other through its DSL connection. Both VPN's connect to the same end host on the other side of the two connections. If the DSL connection goes down, I want all connections and traffic to be shunted to the Cable connection. I control both ends of the VPN, which are OpenBSD Soekris boxes. Is this possible out of the box and supported by OpenBSD, or is it the wrong approach to trying to keep packets getting into the LAN when one of the external connections fail? You could run ospfd (or quagga) on each host. (You'll need to use gif or gre tunnels to give a multicast capable link over the vpns). Make the dsl tunnel the lower cost route and ospf will change the routing tables to use the other link if it goes down. When it comes back up, ospfd will switch the routing table back to the lower cost route. I use precisely this method to provide a backup to a 100Mb WAN link using ipsec/adsl. Actually, for something as simple as this you could probably get away with writing a script to change the routing table when some condition occurs, like failure of a ping over the dsl link, but using ospf is a neater way to do it. -- stephen
Re: carp failover question
On Thu, Jul 21, 2005 at 11:19:52PM -0400, stan wrote: At hte moment I'm having trouble getting failover to ork, when I fail one of the side (internal or external). The xarp manpage sasy that if I have net.inet.carp.preeempt set, and I do ifconfig carp0 down on the master, both sudes should swithch. I'm not seeing that. Try downing the physical interfaces or pulling the cables. hostname.pfsyanc0 up syncif fxp1 hostname.pfsync0 up syncdev fxp1 show us output of sysctl -a | egrep 'carp|forward' and ifconfig -- stephen
Re: carp failover question
On Fri, Jul 22, 2005 at 09:30:07AM -0400, stan wrote: fxp0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 address: 00:90:27:43:79:0e media: Ethernet autoselect (10baseT) status: active inet 205.159.77.11 netmask 0xff00 broadcast 205.159.77.255 inet6 fe80::290:27ff:fe43:790e%fxp0 prefixlen 64 scopeid 0x1 fxp1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 address: 00:a0:c9:de:a3:19 media: Ethernet autoselect (10baseT) status: active inet 192.168.254.253 netmask 0xff00 broadcast 192.168.254.255 inet6 fe80::2a0:c9ff:fede:a319%fxp1 prefixlen 64 scopeid 0x2 fxp2: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 address: 00:a0:c9:71:16:2e media: Ethernet autoselect (10baseT) status: active inet 170.85.106.253 netmask 0xff80 broadcast 170.85.106.255 inet6 fe80::2a0:c9ff:fe71:162e%fxp2 prefixlen 64 scopeid 0x3 Why are your fxps on 10baseT? Are you using hubs instead of switches? Can't you use an x-over for pfsync? So, this leaves 2 questions. 1. The docs say that bringing down the carp interface, should force a failover, is this wrong? I would have thought that downing the physical interfaces is a more realistic test. Pulling cables is good too. 2. If I want to hook in other things (eg mail) on failover, should I build and usef ifstaed, or is there a better way? Ifstated may work, but perhaps pen is worth looking at http://siag.nu/pen/ -- stephen
Re: starting kde on boot
On Thu, Jul 21, 2005 at 05:04:49PM +0100, Edd Barrett wrote:
#based on a solution posted by S.Marley
echo -n ' kdm'; (sleep 5; /usr/local/bin/kdm ${kdm_flags})
Don't do that. Use /etc/ttys if thats the effect you want.
Any good reason not to? I posted the a solution using ttys too, but both
required a sleep.
To the OP: run genkdmconf
--
stephen
Re: starting kde on boot
On Thu, Jul 21, 2005 at 08:03:49PM +0100, Edd Barrett wrote: On 21/07/05, Stephen Marley [EMAIL PROTECTED] wrote: they do? I use xdm and I didnt use a sleep. Maybe its a kdm issue? Yes, it's a kdm specific issue. It seems all gettys need to be spawned before kdm kicks in otherwise the keyboard doesn't work correctly or the X server shows up on the wrong console. -- stephen
Re: keyboard issue kdm
STFA. I had the same problem and posted 2 solutions recently. -- stephen On Wed, Jul 20, 2005 at 09:49:51AM -0500, Qv6 wrote: Folks: Just installed OBSD and trying to use kde with kdm as login. On the kdm screen, the mouse works, but the keyboard will not. I have tried several keyboards with no result. On the other hand, when I boot into xdm, no problem there - both mouse and keyboard works and I can log into the system. I already have an OBSD server and firewall running, but this is my first stab at an OBSD desktop.
Re: getting dhclient to update bind forwarders IPs
On Tue, Jul 12, 2005 at 09:38:43AM -0400, Will H. Backman wrote: For the other part, if you're running your own nameserver, why would you want to use forwarders at all? The use of forwarders is a good thing. It reduces the load on the root servers, and your DNS server gets to use closer servers that may already have the answer. Actually, in most circumstances the use of forwarders is considered a bad thing by many DNS experts. See USENET comp.protocols.dns.bind for the arguments. -- stephen
Re: Exceed XDMCP dispaly manager
On Mon, Jul 04, 2005 at 10:46:29PM +1000, Ioan Nemes wrote: Greetings, Is anybody using Exceed display manager to connect headless OpenBSD Not Exceed, but I have used Xmanager http://www.netsarang.com/ for this sort of thing. -- stephen
Re: Hidden restore space on laptop drives
On Tue, Jul 05, 2005 at 08:31:31AM +1000, Rod.. Whitworth wrote: Does anybody here know how the space is hidden and how to unhide/rehide it so as to do what I want? Blue button-setup utility-Security-IBM Predesktop Area-Disabled -- stephen
Re: Problem starting kdm from /etc/rc.local
On Tue, Jun 28, 2005 at 06:21:03PM +0100, Stephen Marley wrote:
Firstly, I have no problems starting kdm from the command line or
starting xdm from /etc/rc. However, if I start kdm from /etc/rc.local it
won't take any keyboard input and I don't get text when I attempt switch
virtual consoles (ctl-alt-del works to shutdown though).
It seems init needs to spawn all the getty processes before kdm starts.
Here are 2 solutions:
1. Let /etc/rc finish before kdm starts and wait for spawning of gettys.
/etc/rc.local:
if [ X${kdm_flags} != XNO ]; then
echo -n ' kdm'; (sleep 5; /usr/local/bin/kdm ${kdm_flags})
fi
2. Let init start kdm and make sure gettys have spawned first. (Without
the sleep, kdm ends up on ttyC1 and that getty would need to be switched
off too). /etc/ttys:
ttyC4 /usr/local/bin/kdm -nodaemon unknown on window=/bin/sleep 2
--
stephen
Problem starting kdm from /etc/rc.local
Firstly, I have no problems starting kdm from the command line or starting xdm from /etc/rc. However, if I start kdm from /etc/rc.local it won't take any keyboard input and I don't get text when I attempt switch virtual consoles (ctl-alt-del works to shutdown though). I get a some sort of corruption in the form of a thin horizontal line near the top of the screen when I attempt to switch virtual consoles. Also when I shutdown with ctrl-alt-del the text from the boot up sequence is corrupted (repeated chars llliiikeee ttthiisss). I see these clues in /var/log/Xorg.log: (EE) KbdOn: tcsetattr: Inappropriate ioctl for device (EE) xf86OpenSerial: Cannot open device /dev/wsmouse broken pipe (EE) KbdOn: tcsetattr: Inappropriate ioctl for device These aren't there when I start kdm from a shell prompt. The mouse does function however. I am using a recent snapshot (Jun 20). Any ideas? -- stephen
Re: SH programming
On Sun, Jun 26, 2005 at 09:32:36PM -0400, Ted Unangst wrote: On Sun, 26 Jun 2005, Peter Bako wrote: #!/bin/sh month=$1 day=$2 year=$3 dayscount=$(expr ($year - 1900) * 365) echo $dayscount exit This will generate a syntax error: `$year' unexpected error. I have tried all sorts of variations and I am not getting it!!! HELP!!! man sh says arithmetic expressions take double parens: dayscount=$((($year - 1900) * 365)) don't forget about leap years. Traditional Bourne shell doesn't have arithmetic substitutions so it would be done with expr like this: dayscount=$(expr $(expr $year - 1900) \* 365) or even: dayscount=`expr \`expr $year - 1900\` \* 365` This only matters if your script needs to be portable. -- stephen
Re: log watching
On Thu, Jun 23, 2005 at 01:09:07PM +0800, Uwe Dippel wrote: Yes, I did 'make search' in /usr/ports. And now I ask about your experiences: which one is recommended, respectively not so suitable for a smaller server directly connected to the Internet ? LogWatch works just fine on openbsd. -- stephen
Re: Proxy arp needed for NAT?
On Mon, Jun 20, 2005 at 04:23:51PM -0700, Michael Favinsky wrote: I was reading through the pf documentation and found the following example of NATing several internal IP addresses to two external IP addresses: nat on $ext_if inet from any to any - 192.0.2.4/31 source-hash Let's say the external IP address of my firewall is 192.0.2.1. Do I need to configure proxy ARP entries on my external interface for 192.0.2.4 and 192.0.2.5, or is this something pf takes care of automagically? Pf doesn't handle that, but adding aliases to your outside interface for 192.0.2.4 and 192.0.2.5 will make it answer the arp request for those addresses. See hostname.if(5). -- stephen
Re: How do we disable console output temporarily.
On Sat, Jun 18, 2005 at 02:47:03PM -0700, John Draper wrote: But the pkill syslogd seems a reasonable thing to do, but how do I set it back again? One other problem I have is my ps don't work, but that problem is going to be fixed in my next scheduled upgrade. If ps doesn't work, there's a good chance pkill won't either. (Perhaps you just need to run kvm_mkdb and dev_mkdb to get ps working again?) Try instead (copy and paste would be easiest): kill `cat /var/run/syslogd.pid` If the box runs named (dns nameserver), restart syslogd as: syslogd -a /var/empty/dev/log -a /var/named/dev/log otherwise it's just: syslogd -a /var/empty/dev/log -- stephen
Re: Upgrade to 3.7 and VPN no longer works
On Sun, Jun 19, 2005 at 01:34:06PM +1000, Dave Harrison wrote: I just upgraded my firewall to 3.7, but I've found my VPN is now not working. I keep seeing NAT detected messages, but both machines have real IPs so it doesn't make sense. The client machine is a 3.6 install, and the server machine was a 3.4 machine which I used the media CD to upgrade. I've also checked out the latest src tree and recompiled both the kernel and the binaries on the newly installed 3.7 machine, but same problem persists. I _have_ just found that if I allow port 4500 through on both machines, the VPN sets itself up correctly and works. But I don't want to use NAT-T ... anyone got any ideas ? is this a simple conf problem ? help ? Have you tried the -T option to isakmpd? -- stephen
Re: Upgrade to 3.7 and VPN no longer works
On Sun, Jun 19, 2005 at 02:16:24PM +1000, Dave Harrison wrote: Stephen Marley wrote: Have you tried the -T option to isakmpd? Seems like the option I want ... but I can't see it in the man page on either my 3.6 or 3.7 machines, and isakmpd won't accept -T as a flag on either machine. Is that something that's only available in -current ? I guess so. I don't have any 3.7 machines: just 3.6 and current. I have tried it on a couple of machines here and it seems to do what you want. Try a snapshot. -current is very stable and is continuously improving. -- stephen
Re: Theo gave an interview to Forbes Mag. about Linux
On Fri, Jun 17, 2005 at 04:48:31PM +0200, J. Lievisse Adriaanse wrote: Theo gave an interview to Forbes Magazine, in which he stated: It's terrible, De Raadt says. Everyone is using it, and they don't realize how bad it is. And the Linux people will just stick with it and add to it rather than stepping back and saying, 'This is garbage and we should fix it.' Heh. Theo never did pull his punches. I suppose there's now a war going on in /. ? :) -- stephen
Re: OSPFd over IPSEC (enc)?
On Thu, Jun 16, 2005 at 12:51:53PM -0700, Michael Favinsky wrote: Can two 3.7 servers running OSPFd talk OSPF to each other over an IPSEC tunnel, or worded in another way, an enc interface? I have two sites with a WAN link and I want to use the Internet (VPN) as a backup route. The concept is that under normal circumstances, the OSPF routing table would have valid routes between the two sites over both the VPN and WAN links. If the WAN link failed, there'd still be a valid route between the two sites over VPN. I have exactly this situation working with a gre tunnel over ipsec (using isakmpd). I'm not sure if it will work with enc as ospf needs multicast ability, which I don't believe is supported by straight ipsec. (I could well be wrong here). Openbsd's ospfd (beautiful work from Esben Norby and Claudio Jeker) is ideal for this, although it is still work in progress. Zebra (quagga from packages or ports) also works well, but its configuration and operation is ugly in comparison to the native daemon. Let me know if you want any help with the configs. -- stephen
Re: Carp and Single ADSL
On Fri, Jun 17, 2005 at 10:13:21PM +1000, Brian McKerr wrote:
Hello,
I've just purchased 2 shiny new firewall boxes that I plan to have
running with CARP. I've read the man pages and Ryan McBrides
documentation and it all seems fairly straightforward, the hard part for
me seems to be the physical network side of things. I've searched the
archives and google and couldn't find anything specifically dealing with
my scenario (with the possible exception of Stephen Marley - who I think
does something similar to what I want to do).
Yes, just for the hell of it, my home firewall runs carp on a couple of
old dell pcs. (Although, seeing my latest leccy bill I should invest in
something low powered!)
I have a /29 for my PPPoA asdl so I route, and I'm not familiar with how
a bridged set up like yours all hangs together. Nevertheless, I guess
you should be able to get things working with just 1 IP thanks to 3.7's
addressless carpdev feature. (Don't these dev guys think of everything?
Thanks Ryan!). Your MAC address isn't checked by your ISP is it? That
could be a problem. Anyway, I'll describe my set up so you have
something to refer to.
My adsl router is of the cheap and nasty 1 port type, so I blagged a
little 5 port switch from work for the perimeter network. I guess you'll
need to plug your modem into a switch too. It all looks like this:
+ FW1 ---+
ASDL---Switchx Switch --- lan
+ FW2 ---+
(x is a crossover cable for pfsync).
So you need 3 nics on your firewalls at the least. 1 for outside, 1 for
inside, and 1 for pfsync. You don't assign an IP to your outside
physical interfaces (unless you have spare); the CARP outside interface
gets the (shared) external IP address.
Since you'll be doing nat, you can assign addresses to the inside
physical addresses. (You'll need these addresses for administration, but
it is the CARP inside address which is used by the lan for its default
route).
Here are some configs from my actual firewalls. Note that I have some
servers so I use binat instead of rdr to access them because I have
spare IPs. The aliases on the outside carp interface are so the firewall
answers arp requests for the servers. I have a wireless network and
other stuff behind the lan so there are some extra routes defined.
# cat /etc/hostname.carp0 (the inside i/f)
inet 192.168.67.1 255.255.255.0 NONE vhid 1 pass snorky
!route add -net 192.168.68.0/24 192.168.67.3 (other networks)
!route add -net 192.168.69.0/24 192.168.67.3
# cat /etc/hostname.carp1 (the outside i/f)
inet xxx.xxx.xx.101 255.255.255.248 NONE vhid 2 carpdev xl1 pass snorky
inet alias xxx.xxx.xx.97 255.255.255.255 NONE (for proxy arp)
inet alias xxx.xxx.xx.98 255.255.255.255 NONE
# cat /etc/hostname.pfsync0
up syncdev vr0
# cat /etc/hostname.vr0 (pfsync crossover cable)
inet 10.0.0.254 255.255.255.0 NONE
/etc/hostname.xl0 (inside physical)
inet 192.168.67.254 255.255.255.0 NONE
# cat /etc/hostname.xl1 (outside physical)
up
The other firewall is identical except it uses .253 for pfsync and
inside physical i/fs.
My asdl router is xxx.xxx.xx.102 so I have /etc/mygate containing this
address for the firewall's default route. I guess you don't need this
since you're bridging.
Pf uses the physical i/f, so my config refers to xl1 for filtering the
outside i/f. Here's a snippet of my pf.conf (I need to upgrade and start
using the cool new i/f groups stuff).
int = xl0
ext = xl1
loop = lo0
pfsync = vr0
despina = 192.168.67.2 # A couple of servers
nereid = 192.168.67.3
..
set loginterface $ext
set block-policy drop # I know return is better netizenship
set skip on $loop
scrub out on $ext no-df max-mss 1452# pmtu disc problem avoidance
scrub on $ext reassemble tcp random-id
binat on $ext from $despina to any - xxx.xxx.xx.97
binat on $ext from $nereid to any - xxx.xxx.xx.98
nat on $ext from $int/16 to any - xxx.xxx.xx.101 # All 192.168 nat'd
block log
antispoof log quick for {$ext $int}
pass quick on $int
pass quick on $pfsync proto pfsync
pass quick on $ext proto carp keep state
..
I also have these in sysctl.conf:
net.inet.ip.forwarding=1
net.inet.carp.allow=1 # enable CARP (default is on)
net.inet.carp.preempt=1 # failover all interfaces together
net.inet.carp.log=1 # log carp errors
I think that's about it. I hope it works out for you. Have fun!
--
stephen
Re: VPN Remote Services Connetivity
On Fri, Jun 17, 2005 at 11:29:03AM -0500, dontek wrote: I have just configured a VPN tunnel between two OpenBSD firewalls / gateways following the VPN man page nearly word-for-word. All is working well... mostly: On either end, on machines behind the firewall, I can connect to any service on any machine on the remote end. However, if I am on the the firewall machines themselves, I can ping machines on the remote end, but service connection fails. for instance, I can ssh to a box on the remote end from a machine behind the firewall, but if i attempt to ssh to the same remote box from the firewall itself, i get a connection refused. This is true on both ends. Are there additional rules I need to put into pf for this type of connectivity? What am I missing? I'll guess that the ping works because you're using ping -I to specify the source address as an internal lan address. However your ssh will have the firewall's external address as its source address and it will not get encapsulated since there are no flows defined for gateway to network, only network to network. You could define additional SAs for the gateway to network connections, but I think just adding a route pointing to your inside interface will work. For example, if your gateway's internal address is 192.168.1.1 and the remote network is 10.10.10.0/24, on the gateway run: route add 10.10.10/24 192.168.1.1 -- stephen
Re: Theo gave an interview to Forbes Mag. about Linux
On Fri, Jun 17, 2005 at 10:42:36AM -0600, Abraham Al-Saleh wrote: I'm actually curious as to the apparent change of stance between interviews. In the last two interviews I've read, you've made it clear that you've never used it, and had no comment. Am I missing something? Just curious. You can read about all the security holes and bugs on various websites without ever having used the system. Knowing of bugs and holes is not enough to comment on comparative functionality: you'd really need to use both OSes; however, it is sufficient for recognizing 'garbage'. -- stephen
Re: VPN Remote Services Connetivity
On Fri, Jun 17, 2005 at 02:17:08PM -0500, dontek wrote: Actually, I am just doing a vanilla ping, no source address option. When you say flows, do you mean pf flows (rules)? IPSec flows. Sort of like routes. Read vpn(8) again and see netstat -rnfencap for flows and netstat -rnfinet for normal IP (v4) routes. I tried adding pass rules from gateway(s) to network(s) and back, similar to the network to network passes on enc0, but this did not solve the problem. There is nothing in your ipsec config that says encrypt gateway to network, only network to network. I don't think you understand this part. Adding rules to pf won't suddenly make the kernel encrypt this traffic. Adding the static routes indeed worked, however, I would still like to understand this better and get it working via pf and not have to add the routes. Pf is the wrong tool to fix this. There is nothing wrong with static routes. Add them to /etc/hostname.if to make them persist over a reboot. See hostname.if(5). Adding the route works because it means the internal interface's IP address is used as the source address, and the kernel knows to encrypt this traffic. Without it, you'll have the default route interface's IP as source (the external IP), and because there is no ipsec flow defined for this case, the kernel will not encrypt this traffic. It's good that you want to understand this. Use tcpdump(8) to see the traffic passing through each interface (including enc0). Log all your pf blocked traffic and use tcpdump to look at the pf logs. That the ping worked without specifying a source address is puzzling, but tcpdump might reveal what's actually happening. -- stephen
Re: SCSI Autoloaders - Does tar/dump change the tape if needed?
On Wed, Jun 15, 2005 at 03:55:19AM +0200, [EMAIL PROTECTED] wrote: Hello, I know that I could change tapes by hand using a SCSI-Autoloader but will tar/dump do it if they notice the current tape is full? It's maybe a lame question but I found no answer in all the manuals and I think about a Autoloader (and old ofcourse) as backupsolution for my data. In my experience, tar and dump don't. However, a long time ago I wrote some backup scripts, based around dump, that used 'mt rewoffl' to unmount the current tape and mount the next on a simple dat autoloader. There also exists the chio command for controlling medium changers. Perhaps you can build a useful script that avoids hitting end-of-tape, and inserts this mt/chio command at the right time. Maybe hacking the dump source is another option. I'd guess other backup software, such as amanda from ports, can handle autoloaders/changers, but I have no experience of amanda myself. -- stephen
Re: Is /dev on mfs possible?
On Sat, Jun 11, 2005 at 11:27:55AM -0400, Jason Crawford wrote: What would be the biggest advantage of having /dev on mfs if it already does exist on disk? You can then mount / (which contains the original /dev) read-only. -- stephen
Re: STABLE to go
On Fri, Jun 10, 2005 at 03:40:05PM -0700, Romero Leite wrote: Hi misc@, I would like to find an easy and fast way to bring client machines (same arch) STABLE without any compilation (if fastest). I thought of using a fast machine where I would keep STABLE. Then, Whenever needed I would burn a CD with a copy of the stable kernel and a .tgz of the /usr/obj, take this to the client's site, untar everything there and then (or even) use make build. Would these steps be enough? Would there be a better (=faster) way? Build -stable on a fast machine then cut a cd from the end result of using release(8). Just tar xpf xxx.tgz on the root of each client machine. You could also use rsync (with an an appropriate exclude list) to do it over a network. -- stephen
Re: Can't find package!!!
On Fri, Jun 10, 2005 at 07:40:17PM -0300, Joco Salvatti wrote: Hi all, I'd recorded all the packages from the OpenBSD's 3.7 repository into four CDs and copied the files to my computer, at home. The first wired thing I've noticed was that all the file names were uppercase. Does anyone know why? Second, I had a problem when I ran pkg_add package name. It displayed the error message: Can't find package. What was the problem? Your technique for compiling the cd is flawed. Build a .iso using mkhybrid with the correct options (-L -J for example) or find some other way to keep stuff lowercase. -- stephen
Re: relationship passwd file - homedir(s)
On Fri, Jun 10, 2005 at 01:00:54AM +0800, Uwe Dippel wrote: On Thu, 09 Jun 2005 14:16:48 +0100, Stephen Marley wrote: Still astonished that there is no command available on OpenBSD to sync passwd and user directories. I'm more astonished that you're administering Unix machines without the ability to put together a trivial shell script. How funny you are ! - Does asking for a usual routine imply that I couldn't have done it on my own; though surely less elegantly than Hannah ? Is any question 'do we have' in future a reason to post: How dare you ask. Can you not write it yourself ? But maybe you are so much more clever and write *everything* yourself from scratch without even looking around if it exists ? I for one am utmost grateful to have been helped so tremendously by three people who were willing to share their ideas and experiences; though I hadn't expected more than a 'yes, exists' or 'no, don't have. You'll have to script yourself.' Get over yourself. You have a fantastic box of tools at your disposal. Learn to use them and you'll be a better administrator for it. Maybe this will help you understand the Unix Way. http://www.linuxlots.com/~dunne/unix-philosophy.html -- [EMAIL PROTECTED]
Re: i don't *mean* to be stupid. it just happens. need a refresher...
On Wed, Jun 08, 2005 at 08:19:58AM -0400, Rick Barter wrote: I've obviously spent too much time away from the console lately. I am looking for a package and can't, for the life of me, remember how to find them. For packages, you'll usually find the file 'index.txt' in the appropriate package directory on your mirror listing the available packages. Download it and use grep. It isn't hard to write a wrapper script for pkg_add which downloads this file (if your local copy is too old), searches for the name or pattern you specify on the command line, offers you a choice if there's more than one match (possibly using pkg_info to retrieve a detailed descripton), and then installs your chosen package from the site you specify in PKG_PATH with sudo pkg_add. In fact, you could probably knock up a patch pkg_add to provide such a feature itself. If anyone does this, be sure to post it here :) -- [EMAIL PROTECTED]
CARP and isakmpd ipsec
Is there a way to make a pair of carp hosts to renegotiate with an existing ipsec peer when a new carp master is elected? I tried it once and it didn't work out. -- [EMAIL PROTECTED]
Re: lladdr in ipconfig - what's the story?
On Tue, Jun 07, 2005 at 10:44:26AM +1000, Steffen Kluge wrote: Can I simply pick the ifconfig binary out of snapshots/i386/base37.tgz, or must I upgrade the whole thing, including packages and ports? If I upgrade, will the installer detect installed packages and attempt to No, you'll need to fully upgrade to -current, but your installed packages and ports will mostly likely work ok since the libraries they depend on will not be removed in the upgrade. However, there may be other changes that could cause breakage, and upgrading everything is the only sure way. This is much less painful that it used to be thanks Mark Espie's great work on the packaging tools. -- [EMAIL PROTECTED]
Re: Problems with CPU/ARCH specific compilation!?
On Sun, Jun 05, 2005 at 05:48:14PM -0500, J Moore wrote: On Fri, Jun 03, 2005 at 12:53:30PM +0200, the unit calling itself Dunceor . wrote: The OpenBSD developers develop the OS for their needs, not everybody else's needs. You know, I've heard that for years... I'd like to know if that's the project's official position. We develop what we need, for fun, in our own time. If you are not a person who matches our needs, of course you are going to be dissapointed. Your assumption is that we do this for people like you. - Theo de Raadt, Feb 2002 http://marc.theaimsgroup.com/?l=openbsd-miscm=101467726525911w=2 -- [EMAIL PROTECTED]
Re: Doble mounted /var using mfs
On Fri, Jun 03, 2005 at 06:52:24PM +0200, Schvberle Daniel wrote: Hi all, I'm runnig 3.7-release on i386 with a 512MB CF card acting as wd0 and I'm having a strange problem with mfs mounted /var. It gets mounted twice, while I have only one mfs /var line in fstab. ... Help please? /etc/rc mounts it too. Easiest fix is to add the 'noauto' option to fstab. -- [EMAIL PROTECTED]
Re: flashdist-20050601 for OpenBSD 3.7
On Thu, Jun 02, 2005 at 09:30:14AM +0200, Rickard Dahlstrand wrote: I'm just taking this opportunity to tell you how much your work is appreciated. Although I have moved on to Damien's Flashboot mainly because of the ramdisk and remote update features, flashdist was what was needed to help me over the threshold. Looking forward to future updates. Just my opinion: but these days, with large (250MB+) CFs so cheap, isn't it a better idea just to do an ordinary minimal install with a Generic kernel and mount the writeable parts of the system with mount_mfs -P? -- [EMAIL PROTECTED]
Re: CARP i/f stuck in INIT when carpdev (dc) comes up
On Fri, May 27, 2005 at 10:04:19PM -0400, Brad wrote: Did this work with a previous release or is this a new setup? I never did try it with anything other than a May -current. There was a recent change to dc wasn't there? When I get back in the office I can try it with something older. -- [EMAIL PROTECTED]
Re: My NIC go to sleep?
On Wed, May 25, 2005 at 09:59:00PM -0400, Nick Holland wrote: [EMAIL PROTECTED] wrote: Hello, I'm a newwbie on OpenBSD and I've installed it on a IBM P100 Computer. I have a Intel 82557 NIC inside. This NIC can be seen as fxp0. My problem is: When I don't use the comuputer during about 5 minutes, my NIC go to sleep and don't want to receive or send any frames. But if I press a key on the keyboard or if I connect by SSH through another NIC,fxp0 works again during about 5 minutes. It is a strange behaviour. ... *cut* I had something similiar with an PC too (but I can't remember if it was also IBM or DELL or whatever). Maybe it sounds crazy but deactivate everything related with power-saving (if your BIOS provides that). The PC I remeber had some problems because of the fucked up BIOS (like my notebook with PCMICA...). Agreed. Some IBM systems of that vintage had power saving modes which went quite beyond the call of duty, turning way too much off way too hard. Your description sounds very much like this. I have an old compaq that was doing the same. Yesterday, I disabled apm0 using 'config -e' and none of the nics has gone to sleep since (but then again, maybe I'm just doing something else different). Worth a try perhaps? (See config(8) on how to modify your kernel's properties without recompiling). -- [EMAIL PROTECTED]
CARP i/f stuck in INIT when carpdev (dc) comes up
I have some boxes with dc (quad Znyx), xl and some virtual gre interfaces. Using CARP with dc's as the carpdev, the carp i/f sticks in INIT state when I take the physical i/f down and up. I need to ifconfig up the carp i/f itself to get it to return to MASTER state. However, with the xl and gre interfaces, the carp device returns to MASTER when I bring the carpdev back up, which is what I'd expect. Is there something about these dc's (or these old pcs) that makes them difficult for CARP? OpenBSD 3.7-current (GENERIC) #126: Sun May 15 18:52:44 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium/MMX (GenuineIntel 586-class) 199 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX cpu0: F00F bug workaround installed real mem = 133804032 (130668K) avail mem = 115552256 (112844K) using 1658 buffers containing 6791168 bytes (6632K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 08/27/97, BIOS32 rev. 0 @ 0xffe90 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc7b0/128 (6 entries) pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82439TX System rev 0x01 pcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x01 pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: Maxtor 83240D4 wd0: 16-sector PIO, LBA, 3089MB, 6328125 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: NEC, CD-ROM DRIVE:288, 3.04 SCSI0 5/cdrom re movable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 uhci0 at pci0 dev 7 function 2 Intel 82371AB USB rev 0x01: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered Intel 82371AB Power Mgmt rev 0x01 at pci0 dev 7 function 3 not configured ppb0 at pci0 dev 14 function 0 DEC 21152 PCI-PCI rev 0x03 pci1 at ppb0 bus 1 dc0 at pci1 dev 4 function 0 DEC 21142/3 rev 0x41: irq 11, address 00:c0:9 5:e2:bd:90 dcphy0 at dc0 phy 31: internal PHY dc1 at pci1 dev 5 function 0 DEC 21142/3 rev 0x41: irq 11, address 00:c0:9 5:e2:bd:91 dcphy1 at dc1 phy 31: internal PHY dc2 at pci1 dev 6 function 0 DEC 21142/3 rev 0x41: irq 11, address 00:c0:9 5:e2:bd:92 dcphy2 at dc2 phy 31: internal PHY dc3 at pci1 dev 7 function 0 DEC 21142/3 rev 0x41: irq 9, address 00:c0:95 :e2:bd:93 dcphy3 at dc3 phy 31: internal PHY xl0 at pci0 dev 15 function 0 3Com 3c905B 100Base-TX rev 0x30: irq 9, addr ess 00:04:76:1a:19:cb exphy0 at xl0 phy 24: 3Com internal media interface vga1 at pci0 dev 16 function 0 S3 Trio64V2/DX rev 0x16 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 sysbeep0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec isapnp0 at isa0 port 0x279: read port 0x203 sb1 at isapnp0 Creative ViBRA16X PnP, CTL0043, , Audio port 0x220/16,0x330 /2,0x388/4 irq 5 drq 1,3: dsp v4.16 midi1 at sb1: SB MPU-401 UART audio0 at sb1 opl0 at sb1: model OPL3 midi2 at opl0: SB Yamaha OPL3 joy0 at isapnp0 Creative ViBRA16X PnP, CTL7005, PNPB02F, Game port 0x201/1 biomask fd45 netmask ff45 ttymask ffc7 pctr: 586-class performance counters and user-level cycle counter enabled dkcsum: wd0 matched BIOS disk 80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 -- [EMAIL PROTECTED]
Re: OBSD 3.7 ports -- mysql
On Wed, May 25, 2005 at 01:25:48PM +1200, Russell Fulton wrote: Hi Folks, I've just installed mysql from the ports on my 3.7 system. All went well (I did not see any errors) but so far as I can see only the client stuff was installed. The server is there in the ports tree under /usr/local/libexec/mysqld but it is not installed. Nor does there appear to be a start up script or safe-mysqld. Any ideas? This exact example is documented in the ports man page. Basically, the server portion is a subpackage. -- [EMAIL PROTECTED]
Re: making ospfd populate the inet routes on two hosts
192.168.7.17 show neighbor - ID Pri State DeadTime Address Interface 192.168.7.180 2-WAY/DROTHER 00:00:30 192.168.7.18fxp1 192.168.7.18 show neighbor - ID Pri State DeadTime Address Interface 192.168.7.170 2-WAY/DROTHER 00:00:35 192.168.7.17em0 it seems like they can see each other ok and have ospf-ness between them, but nothing happens? Your routers are stuck in 2-way because you don't specify a router-priority in their configs (the default was 0 until recently). This, and redistribute not actually doing anything were only fixed recently (around May 12). Download a recent snapshot. -- [EMAIL PROTECTED]
Re: help /w syntax? the creation of vlan interfaces and subsequent automatic routes
On Thu, May 12, 2005 at 04:01:03PM -0600, Whyzzi wrote: # cat /etc/ifconfig.vlan2 inet 10.117.254.2 255.255.255.248 vlan 2 vlandev fxp0 ^ Insert the word netmask. -- [EMAIL PROTECTED]
