protected domain for tap for vmm vms
Hello, I was checking bridge's protected domains and I'm curious how to add VMM VM's tap into a VMM switch/bridge protected domain. It seems it's not implemented yet. I wanted to achieve this: - multiple VMM VMs in same switch/bridge - VMs cannot talk to each other inside the bridge hence protected domain - VMs can access uplink via bridge's vether Jiri
Re: asm avr
On Thu, 22 Sep 2011 23:20:19 +0800 igor denisov wrote: > Hello there, > > I installed avr-binutils and tried to use it on some code and > something strange happened. When I tried to compile code it appeared > that the m16def.inc had a bad syntacs the file is from ATMEL site. > > What I did wrong? You posted to bad list. OMG we will be again spammed with your silly mails :( jirib
Re: BSD Day 2011
On Fri, 9 Sep 2011 11:13:43 +0200 Henning Brauer wrote: > * Tomas Bodzar [2011-09-08 18:33]: > > Are some of the devs attending or no one invited? > > http://www.bsdday.eu/2011 > > first time I personally hear about this at all. Lua and FreeBSD and neologism, lol. jirib
Re: essential reading for beginning OpenBSD users
On Tue, 6 Sep 2011 10:27:22 -0400 Daniel Villarreal wrote: > I consider the following to be essential reading for beginning OpenBSD > users... > > "Absolute FreeBSD, 2nd Edition information" by Michael W. Lucas... > http://www.nostarch.com/abs_bsd2.htm > > Don't forget the "Book of PF, 2nd Edition" by Peter N.M. Hansteen ... > http://nostarch.com/pf2.htm > > Over the years I've spent a lot of money on O'Reilly GNU/Linux books, > but the 1st ed. versions of the above books astound me with their > clarity in explaining very technical concepts in an > easy-to-understand manner. I never before considered technical > computer writing to be elegantly handled, but combined with the man > pages, the documentation is simply superb. Usually I wouldn't even > consider buying a newer version of a computer book I already have, > but I will be buying the second editions of said books when I can. > > Thanks for your efforts! > Daniel Villarreal > > On Tue, Sep 6, 2011 at 7:12 AM, Amit Kulkarni > wrote: > > > Lucas is bringing out a 2nd edition of absolute openbsd, which i am > > gonna buy I consider the best: man afterboot man hier :DD jirib
Re: Most secure Operating-System?
On Mon, 5 Sep 2011 23:55:52 +1000 Alec Taylor wrote: > Good evening, > > What's the most secure operating system? > > /me is thinking OpenBSD > > Features required: > TCP/IP Suite with IPv4 and IPv6 (yeah, I know, big security loss by > incorporating Internet access!) > GUI > Web-server (with HTTPS capabilities) > LDAP+-Kerberos server for User auth > CAS or similar for SSO > Radius or (preferably) Diameter support > Java support > WINE compatible > Multithreaded > Multi-processor capable > Wide architecture support (x86, x64, mainframes) > > If my project proposal is successful, I will be implementing this > system to replace a Windows environment at one of the largest banks in > the country. > Do NOT smoke that sh1t too much, or if you wanted to be funny you are not. jirib
Re: dump/restore - individual file
On Sun, 21 Aug 2011 18:22:15 -0500 Stefan Johnson wrote: > > # restore -xf root.dump './etc/pf.conf' > > restore: ./etc: File exists > > You have not read any tapes yet. > > Unless you know which volume your file(s) are on you should start > > with the last volume and work towards the first. > > Specify next volume #: > > > > And here I'm failing, why volume? > > > > Thank you for tips. > > > > jirib > > > > > I believe restore with -x flag always asks for which volume, even if > it is just a dump to a file. Just tell it to use volume 1 (type 1 > then hit enter.) > > Also, I notice in your dump example, you dumped the raw device. > You can just tell it to use "/" instead, and it will dump just fine > as well. Hi, it would be nice if `restore' would know if it is restoring from a file or from a tape. Even `-s 1' doesn't supress prompting for volume number. This is from AIX man page: -s SeekBackup Specifies the backup to seek and restore on a multiple-backup tape archive. The -s flag is only applicable when the archive is written to a tape device. To use the -s flag properly, a no-rewind-on-close and no-retension-on-open tape device, such as /dev/rmt0.1 or /dev/rmt0.5, must be specified. If the -s flag is specified with a rewind tape device, the restore command displays an error message and exits with a nonzero return code. If a no-rewind tape device is used and the -s flag is not specified, a default value of -s 1 is used. The value of the SeekBackup parameter must be in the range of 1 to 100 inclusive. It is necessary to use a no-rewind-on-close, no-retension-on-open tape device because of the behavior of the -s flag. The value specified with -s is relative to the position of the tapes read/write head and not to an archives position on the tape. For example, to restore the first, second, and fourth backups from a multiple-backup tape archive, the respective values for the -s flag would be -s 1, -s 1, and -s 2. I cannot do C so I cannot send a diff :( jirib
dump/restore - individual file
hello, i use `restore' command quite often to restore individual files but not on OpenBSD but AIX. I'm trying to do the same on OpenBSD but I'm failing, how to do that on OpenBSD? Imagine you `dump' a FS and then you need to recover some files. # df -h / Filesystem SizeUsed Avail Capacity Mounted on /dev/sd0a 96.4M 69.9M 21.7M76%/ # dump -0af /tmp/root.dump /dev/rsd0a DUMP: Date of this level 0 dump: Sun Aug 21 22:13:45 2011 DUMP: Date of last level 0 dump: the epoch DUMP: Dumping /dev/rsd0a to /tmp/root.dump DUMP: mapping (Pass I) [regular files] DUMP: mapping (Pass II) [directories] DUMP: estimated 72646 tape blocks. DUMP: Volume 1 started at: Sun Aug 21 22:13:45 2011 DUMP: dumping (Pass III) [directories] DUMP: dumping (Pass IV) [regular files] DUMP: 73963 tape blocks on 1 volume DUMP: Date of this level 0 dump: Sun Aug 21 22:13:45 2011 DUMP: Volume 1 completed at: Sun Aug 21 22:13:59 2011 DUMP: Volume 1 took 0:00:14 DUMP: Volume 1 transfer rate: 5283 KB/s DUMP: Date this dump completed: Sun Aug 21 22:13:59 2011 DUMP: Average transfer rate: 5283 KB/s DUMP: Closing /tmp/root.dump DUMP: DUMP IS DONE # restore -tf root.dump | egrep "\./etc/pf\.conf$" Level 0 dump of an unlisted file system on t400.example.com:/dev/rsd0a Label: none 3789 ./etc/pf.conf # restore -xf root.dump './etc/pf.conf' restore: ./etc: File exists You have not read any tapes yet. Unless you know which volume your file(s) are on you should start with the last volume and work towards the first. Specify next volume #: And here I'm failing, why volume? Thank you for tips. jirib
eSATA, SATA port multiplier, storage chasis and OpenBSD
Hello all, I was google for a external storage chasis as cheap alternative to expensive SANs - http://www.addonics.com/products/raid_system/rack_overview.asp What is the support status of eSATA/SATA port multiplier? I have never used this technology but as I understand it it means that with one cable you can see multiple disks... Addonics offer even RAID but I looks like fake/soft raid. Do you use any external storage chasis which are dumb - it means no SAN software and this fancy expensive stuff? jirib
Re: Debugging an app running in compat_linux
On Tue, 26 Jul 2011 19:41:24 -0400 Ted Unangst wrote: > On Tue, Jul 26, 2011, jirib wrote: > > I'm trying to make running ATTclient (basically it is some programs > > for authentication, the network [vpn] setup is similar to vpnc). > > > > After I start one of its daemon the system is completelly blocked - > > stucked. No error, no kernel panic, nothing happens after pressing > > any key. > > > > Any tips how could I do some debugging? > > The first thing to try would be another version. You don't mention > which version you're running now, so all I can suggest is not that > one. Hello, using latest -current snapshot of course ;) And the ugly app is ftp://ftp.attglobal.net/pub/custom/ibm_linux/agnclient-1.0-2.0.1.3003.i386.rpm I will try some ooold version then. jirib
Debugging an app running in compat_linux
Hello, I'm trying to make running ATTclient (basically it is some programs for authentication, the network [vpn] setup is similar to vpnc). After I start one of its daemon the system is completelly blocked - stucked. No error, no kernel panic, nothing happens after pressing any key. Any tips how could I do some debugging? Thank you. jirib
Re: openbsd 4.9 based UTM
On Tue, 19 Jul 2011 12:41:40 +0200 Otto Moerbeek wrote: > On Tue, Jul 19, 2011 at 11:34:48AM +0100, citoyen citoyen wrote: > > > Hi, > > I'm about starting a project of building my own High secure UTM > > based on the last openbsd flower 4.9, > > i can do all system and network configs needed by myself but I'm > > wondering what language to use in order to get > > my UTM configurable from a web browser. > > any pointers or help are welcome. > > > > Thanks in advance. > > What IS an UTM? Marketing :) First start with good design, see for example series about tunneling from corporate network on undeadly.org jirib
Re: Anyone know of an smtp-proxy (or other mechanism) for routing mail to different IMAP servers depending recipient address?
On Thu, 7 Jul 2011 13:42:00 -0400 IT Guy wrote: > Hi all, > > I'm in the process of migrating our company from a certain > proprietary mail system to a new OpenBSD mailserver (IMAP + Postfix). > > I'd like to be able to migrate our users one at a time rather than do > the whole company in one fell swoop. > > Does anyone know of a good/easy way to conditionally route incoming > mail based on the envelope recipient address? (Basically I want > migrated users to start getting their mail from the new box, while > the other users continue to connect to the old server) > > I looked in the ports tree and didn't see an smtp proxy per se. Also > the relayd manpage seemed relevant but I've never used that daemon > before and thus am not sure. > > I'm a newbie in this area, so any suggestions/guidance would be > greatly appreciated. > > Thanks in advance. > > :-) > > Dre Never tried myself but... http://anfi.homeunix.org/sendmail/smarttab.html jirib
Re: How does OpenBSD compare to Ubuntu Server?
On Thu, 7 Jul 2011 09:02:08 -0400 Juan Miscaro wrote: > Was wondering what advantages OpenBSD has over a progressive Linux > distribution such as Ubuntu (Server edition). Are you kidding? Ubuntu? Where installed daemons are running by default, where there is no command to disable shitty upstart daemons? I installed once mysql on Ubuntu, just to check something, i disabled that ugly symlinks in rcX.d via update-rc.d and it was after reboot running -- well bloody hell, it has also upstart script, OMFG! jirib
Re: Citrix ICAclient hangs whole PC with latest i386 PC
On Tue, 12 Apr 2011 05:36:50 +0200 Tomas Bodzar wrote: > Hi, > > will try ktrace and log output of Citrix too. Yesterday when I saw > that crash word in output of last I thought that maybe I can enter > ddb. Will test that today and you can expect outputs. Anyway no need > to worry about it right now, you have holidays and I have "workaround" - use java version, it works quite OK, example: java -cp ./JICAEngN.jar com.citrix.JICA -httpbrowseraddress:x.x.250.111 -initialprogram:#WIN2KAPPS -username:x -address:WIN2KAPPS -launcher:Custom -desiredvres:768 -desiredhres:1024 -password:x -end:terminate jirib
Re: DUID's and fstab
On Tue, 12 Apr 2011 02:06:51 +0400 Alexander Polakov wrote: > I am probably misunderstanding something, but are DUID's supposed to > be used in place of device filenames in fstab? I suppose they are, > so this looks strange to me: > > % sudo mount f777cc5bbeded528.a > mount: can't find fstab entry for f777cc5bbeded528.a. I was always in believing that one has to define mountpoint for `mount' without specifying device, like `mount /foo'. Eh? jirib
Re: place xenocara compile output into /scratch
On Sat, 09 Apr 2011 02:58:47 -0400 "STeve Andre'" wrote: > On 04/08/11 23:57, Amit Kulkarni wrote: > > hi, > > > > how do i redirect a compile of xenocara to say /scratch? i can do > > that easily for userland using > > > > cd /usr/src/etc&& env DESTDIR=/scratch make distrib-dirs > > > > i don't want to fiddle too much like changing X11BASE X11ETC just a > > simple way to do it. > > > > thanks > Why don't you use script(1) to capture things? That way you never > have to tweak anything. > > --STeve Andre' Or tmux and pipe-pane ;) very nice. jirib
Re: mysql problem
On Fri, 8 Apr 2011 09:52:15 +0200 "Gianluca D'Auri Muscelli" wrote: > Hi, > i'v installed postfix-mysql + mysql-server + courier-imap and > imap-ssl + courier-pop and pop-ssl on OpenBSD 4.8-Stable > > But now i have a problem with vmail and mysql, i'v created the > database for postfix users > Pastebin link of database: http://pastebin.com/70qd43AZ > > And i insert my account into database mail with: > > mysql> INSERT INTO users (login, name, password, maildir) > -> VALUES ('gdrm@my_domain.org', 'Gianluca', ENCRYPT('my_password'), > -> '/my_site.org/gdrm/'); > > > When i connect with mutt: mutt -f > imaps://my_u...@example.com@localhost the password does not match! > Or when i try: sudo -u vmail mutt > -f /var/vmail/mydomain.org/user_name > > I don't know where is the problem, can u help me?? > Tks vvm This is postfix related, not OpenBSD. You are on bad list. jirib
Re: sftp-server logging with chroot in OpenBSD?
On Sun, 27 Mar 2011 21:38:58 +0800 Marcus wrote: > sftp-server logging with chroot in OpenBSD? > > I want to log upload/download information in sftp server I don't know where is your problem but this is how it works for me ;) jirib Match User ChrootDirectory /data/share PasswordAuthentication yes X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp -R -l INFO -f LOCAL0 Match User ChrootDirectory /data/share PasswordAuthentication yes X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp -l INFO -f LOCAL $ ls -l /data/share/dev/log srw-rw-rw- 1 root wheel 0 Mar 26 09:21 /data/share/dev/log= $ sftp @localhost Connected to localhost. sftp> ls drupal ebooks movies musicopenbsd upload video sftp> quit $ tail /var/log/ Dec 22 02:30:39 t400 internal-sftp[24742]: closedir "/disk/0/openbsd" Dec 22 02:30:41 t400 internal-sftp[24742]: opendir "/disk/1/openbsd/cvs" Dec 22 02:30:41 t400 internal-sftp[24742]: closedir "/disk/1/openbsd/cvs" Dec 22 02:30:45 t400 internal-sftp[24742]: opendir "/disk/1/openbsd/cvs/ports" Dec 22 02:30:45 t400 internal-sftp[24742]: closedir "/disk/1/openbsd/cvs/ports" Dec 22 02:30:50 t400 internal-sftp[24742]: session closed for local user from [127.0.0.1] Mar 27 18:52:09 t400 internal-sftp[892]: session opened for local user from [127.0.0.1] Mar 27 18:52:10 t400 internal-sftp[892]: opendir "/pub" Mar 27 18:52:10 t400 internal-sftp[892]: closedir "/pub" Mar 27 18:52:12 t400 internal-sftp[892]: session closed for local user from [127.0.0.1]
Re: pf rdr-to outgoing to local port issues
On Sat, 19 Mar 2011 21:28:09 +0100 Henning Brauer wrote: > > it was working for me - rdr-to outbound to a daemon on the firewall > > itself, but I deleted that virtual machine... > > > >rdr-to is usually applied inbound. If applied > > outbound, rdr-to to a local IP address is not supported. > > > > I would put my hand in fire -- it was working :) I read the manpage > > but I don't get it, how could it work then? > > pretty certain it could not have worked. the rdr-to in this case is > too late and the local/remote decision already taken. Hi, I understand I'm becoming annoying but it worked, but maybe I was on drugs... Unfortunatelly no evidence in hand now :) I tested like this: * ssh -D remotehost * redsocks listening on 127.0.0.1:12345 and redirecting to 127.0.0.1: * pf redirecting www to 127.0.0.1:12345 * lynx ipid.shat.net Finally I saw in lynx IP of remote ssh socks5 tunnel. Any idea how to redirect outgoing traffic to local port? Would this be hard to add such funcionality into PF? (I don't like such comparisons but it can be done on other OS.) This feature would be handy to people doing system-wide socksifying (I already saw apps which spawned another apps and thus it was not socksified), or people who want to run almost everything via Tor or similar anonymizing networks -- I think it's better to socksify Tor traffic on OS level because one can misconfigure his application). Thank you for help! jirib
Re: pf rdr-to outgoing to local port issues
On Fri, 25 Feb 2011 10:21:20 +0100 Henning Brauer wrote: > * william dunand [2011-02-25 05:26]: > > > pass out log(matches) quick inet proto tcp from any to > > > 89.176.141.250 port = www rdr-to 127.0.0.1 port 8080 > > I think rdr-to is meant to be use on inbound rules. > > we allow rdr-to outbound too now. it has caveats, and - surprise! - > they are described in the manpage. > this example hits a caveat. > Hi, it was working for me - rdr-to outbound to a daemon on the firewall itself, but I deleted that virtual machine... rdr-to is usually applied inbound. If applied outbound, rdr-to to a local IP address is not supported. I would put my hand in fire -- it was working :) I read the manpage but I don't get it, how could it work then? Thanks for help. jirib
Re: full disk encryption & google chrome on OpenBSD!
On Fri, 18 Mar 2011 09:11:26 -0500 Marco Peereboom wrote: > On Fri, Mar 18, 2011 at 07:02:58AM -0700, johhny_at_poland77 wrote: > > So our point is, if there is a good method to encrypt the full disk > > [like with dm-crypt/AES/under Linux], and we could have an > > up-to-date google chrome browser on OpenBSD, then it could be a > > very very good operating system for daily use! Dear community! Can > > someone please post small and compact [pointed] howtos, how to > > install an OpenBSD with full disk encryption, and how can we > > install google chrome on it? It's very important! Thank you in > > anticipation! > > It isn't important at all for me so I have no idea what you are > talking about. > > And if you use chrome why would you bother encrypting your disk > anyway? Nobody has mentioned that it is impossible to have full disk encryption right now -- one has to have root fs - / - unencrypted. But let's see... there was a commit to add detection of softraid into boot loader. jirib
Re: syslog - log program output to its own file
On Mon, 14 Mar 2011 13:07:02 +1300 Paul M wrote: > I have a program who's output I want to log exclusively to it's own > file. > Which is to say I dont want any of it's output appearing in the > system logs. > > Reading the syslog man pages this doesn't seem possible: > If I put > !!myprog > *.* /path/to/logfile > localX, check manpage. i would go with rsyslog seems better. jirib
Re: Chrooting users the right way
[EMAIL PROTECTED] wrote: Hi I am setting up a new OpenBSD machine in which I want to chroot users. I don't want to use any of the patching solutions to OpenSSH but want to implement a real system chroot solution so any user, who is chrooted, is jailed even if he logs in manually. I have tried to find articles on this, but haven't been succesfull. Does anyone know of a good tutorial on how to do this on OpenBSD? Best and kind regards. Rico Secada. Hi, just try to use combination of directives of sshd_config (Match & ForceCommand) and your own made script-wrapper for systrace... Something like this: sshd_config ForceCommand /path/to/systrace-wrapper systrace-wrapper: /bin/systrace -a /usr/libexec/sftp-server