Is there chennel bonding for network cards

[dagrichards]

Does open BSD support Trunking as Sun calls it, or Etherchannel as Cisco calls 
it.

Or aggregating seperate Ethernet cards to increase bandwidth and provide 
rendundancy as I call it ?

I have seen the queston asked on  the list but never answered.

Migration to PF - some questions

[Travis H.]

>>In pf nat rules also the first match wins
>>
>>__but__
>>
>>in pf filter rules the __last__ match wins.
>>
>>In fact that is the one thing I don't like in pf, but to have a "first
>>match win" you can use the magic word quick in all your pass and block
>>rules. (e.g "pass in quick")

>And thereby end up with yards of quick rules that can catch you later.

Ah, but the matching engine doesn't have to traverse the whole rule
list that way.  Unless pf is doing something really tricky, every
packet will have to traverse every firewall rule without use of
quicks.  On a complicated, busy firewall setup, this might have a
noticable performance impact.

>You should think of it this way:
>Default security is best with block everything and then pass what
>selected few things you need.
>So:
>block all
>pass in on $int_if from $safe1 to $ok2 keep state
>pass in on $ext_if from any to $ext_if port ssh keep state

I agree, with the added use of quick on each of the pass rules.

In fact, you can probably use quick on virtually every rule other than
that default without any loss of expressiveness.  Thanks to negations,
having two different precedences is largely unnecessary (previously
you'd have to pass nonquick for some set of packets, then block again
for some subset to get the same effect as a negation).

It's probably not necessary, and I may offend purists by my
performance optimizations, but I actually have this as my first rule:

pass quick on lo0

I also find it useful to use the following rule right after "default deny":

block return on $lan_if

I do have some questions about pf though.  How come you can only
modify source IP/ports outbound, and destination IP/ports inbound?
Why not the other two alternatives?

I also don't see why NAT should necessarily occur before the filtering
rules.  It makes more sense to my intuition to have the order in the
pf.conf control the order of operations, but I admit implementation
issues may make this less elegant.

Also, I find supporting $macros in pf.conf a little crufty.  Why not
just do something like this:

#! /bin/sh
lan_if=xl1
wan_if=ex0
pfctl -f /dev/stdin <-
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B

Re: Is there chennel bonding for network cards

[Darren Tucker]

On Sat, Oct 01, 2005 at 08:18:14AM +, [EMAIL PROTECTED] wrote:
> Does open BSD support Trunking as Sun calls it, or Etherchannel as
> Cisco calls it.  Or aggregating seperate Ethernet cards to increase
> bandwidth and provide rendundancy as I call it ?

Yes, trunk(4).  It's in 3.8.

http://www.openbsd.org/cgi-bin/man.cgi?query=trunk&sektion=4

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Re: Migration to PF - some questions

[Rod.. Whitworth]

On Sat, 1 Oct 2005 04:43:40 -0500, Travis H. wrote:

>>>In pf nat rules also the first match wins
>>>
>>>__but__
>>>
>>>in pf filter rules the __last__ match wins.
>>>
>>>In fact that is the one thing I don't like in pf, but to have a "first
>>>match win" you can use the magic word quick in all your pass and block
>>>rules. (e.g "pass in quick")
>
>>And thereby end up with yards of quick rules that can catch you later.
>
>Ah, but the matching engine doesn't have to traverse the whole rule
>list that way.  Unless pf is doing something really tricky, every
>packet will have to traverse every firewall rule without use of
>quicks.  On a complicated, busy firewall setup, this might have a
>noticable performance impact.
>
>>You should think of it this way:
>>Default security is best with block everything and then pass what
>>selected few things you need.
>>So:
>>block all
>>pass in on $int_if from $safe1 to $ok2 keep state
>>pass in on $ext_if from any to $ext_if port ssh keep state
>
>I agree, with the added use of quick on each of the pass rules.
>
>In fact, you can probably use quick on virtually every rule other than
>that default without any loss of expressiveness.  Thanks to negations,
>having two different precedences is largely unnecessary (previously
>you'd have to pass nonquick for some set of packets, then block again
>for some subset to get the same effect as a 
negation).

And right there you demonstrated that you haven't thought it through.
Or else you are trolling because it goes like this:


Block everything
Pass in from anywhere to webserver port http keep state
Pass in from anywhere to mailserver port smtp keep state
Pass in from LAN to anywhere port http or https keep state
===

Now where do I have to add another block? First match wins = it is
already there.

For the benefit of beginners who thought this guy had a point let's
cast it another way.

Party time:

Nobody can come into my house
The musos can come
The beautiful babes can enter
My best buddies can come
The caterers can bring food
The grogshop can deliver beer


Where did I need to add a block in quick dummies rule following that to
keep out trolls?

>
>It's probably not necessary, and I may offend purists by my
>performance optimizations, but I actually have this as my first rule:
>
>pass quick on lo0
Jeez, that's original. I think I saw that (or its equivalent in the
pf.conf examples.)
Yep,  I did. Hell it was even quick.
>
>I also find it useful to use the following rule right after "default deny":
>
>block return on $lan_if

Hey, read the default pf.conf:

block in is rule one. Your rule is redundant.
You can set the policy for blocks to drop or return.
You get to choose and it can be an intelligent choice if you are smart
enough to know what the differences are.

>
>I do have some questions about pf though.  How come you can only
>modify source IP/ports outbound, and destination IP/ports inbound?
>Why not the other two alternatives?
>
>I also don't see why NAT should necessarily occur before the filtering
>rules.  It makes more sense to my intuition to have the order in the
>pf.conf control the order of operations, but I admit implementation
>issues may make this less elegant.

You are a master of several things. The politest one is understatement.
When trolling the other is bator, you just  it was baiter.
>
>Also, I find supporting $macros in pf.conf a little crufty.  Why not
>just do something like this:
>
>#! /bin/sh
>lan_if=xl1
>wan_if=ex0
>pfctl -f /dev/stdin block all
>pass quick in on $lan_if all keep state
>pass in quick on $wan_if from any to $wan_if proto tcp port = 22 keep state
>[...]
>EOM
>
Run commands to do firewalling? iptables is your scene, is it?

>That way, you have the full expressive power of the shell, including
>command substitution, arithmetic substitution, variable substitution,
>trimming suffixes and prefixes, and all kinds of shell magic.  It
>doesn't replace lists or tables of course.  But you can easily do
>conditional inclusion of rules, and that's useful for cases like DHCP.
> The interface comes up with IP 0.0.0.0/0, which I think means it will
>accept any packet as destined for this interface, no matter what the
>destination IP.  I only allow in replies from my ISP's DHCP server
>during this stage, and only those destined to 255.255.255.255 (I don't
>want rogue servers answering my DHCP requests, which are sent via
>local broadcast (hence to all my neighbors).  It was also pretty
>useful before things supported the (interface) notation for looking up
>IP addresses each time.

Sad misunderstanding demonstrated there.

>
>That having been said, pf is way cool.  Keep up the good work.

That having been said, it says you are trolling again. Wanker.

Back to Linux, baby.

>From the land "down under": Australia.
Do we look  from up over?

Do NOT CC me - I am subscribed to the list.
Replies to the sender address will fail except from the list-server.

compaq evo t20

[Bachman Kharazmi]

We have a few evo t20 at school that are unused so I planned to take
one home and prepare it for diskless.

I've had diskless working flawless with a generic pc as terminal and
obsd as terminal server.

But these t20's seem made for WinXP so there's something in the flash
that tries to boot winxp.
I try to use same kernel I used for the generic pc term, that is a
default kernel with support for root/swap on nfs.

The evo boots (PXE) and get a ip from my dhcpd, but when it comes to
boot>and just start exec the kernel It freeze. it look something
like:

>>OpenBSD/i386 PXEBOOT 1.02
booting tftp:/bsd 4807268-   (and here it freeze)

and from here I'am out of ideas
Anyone who've had this t20s booting with a obsd kernel or has a clue
what I shall try next?

thx
/bkw
--
##
BKW - Bachman Kharazmi
bahkha AT gmail DOT com
uin: #24089491
SWEDEN
##

Re: Is there chennel bonding for network cards

[Jens Teglhus Møller]

Does open BSD support Trunking as Sun calls it, or Etherchannel as 
Cisco calls it.


Or aggregating seperate Ethernet cards to increase bandwidth and 
provide rendundancy as I call it ?


I have seen the queston asked on  the list but never answered.


trunk(4) will be in 3.8.

/jtm

Re: Is there chennel bonding for network cards

[Marc Espie]

On Sat, Oct 01, 2005 at 12:17:11PM +0200, Jens Teglhus Mxller wrote:
> >Does open BSD support Trunking as Sun calls it, or Etherchannel as 
> >Cisco calls it.
> >
> >Or aggregating seperate Ethernet cards to increase bandwidth and 
> >provide rendundancy as I call it ?
> >
> >I have seen the queston asked on  the list but never answered.
> 
> trunk(4) will be in 3.8.

Basic trunking, yep (round-robin). Reyk is working on failover and other
modes for these.

So, yes, the future is bright. Don't expect a lot of functionality out of
3.8... bandwidth increase.

OpenBSD MetaStore

[Szechuan Death]

The MetaStore is at this point essentially complete, save for content.
There are links on the page to assist in populating it.  There are
about 20 pieces of hardware featured on this:  IT NEEDS MORE.
I have received several bits and pieces of information, but to make
this more useful, I need even more information.  Go to the following
link, browse what's there, and provide information about what stuff
you know is out there that works with OpenBSD.  I've provided the
resource, people: you need to help me fill it.

http://www.sdeath.net/obsdstore

Who runs the OpenBSD website?  Can this be moved there?  (I can send the
various bits and pieces of code for perusal - it's a relatively quick
hack, but not particularly unclean or unsafe.)  Failing that, can it
be linked to from there?  Inquiring minds want to know.

--
(c) 2005 Unscathed Haze via Central Plexus <[EMAIL PROTECTED]>
I am Chaos.  I am alive, and I tell you that you are Free.  -Eris
Big Brother is watching you.  Learn to become Invisible.
| Your message must be this wide to ride the Internet. |

Re: Migration to PF - some questions

[Stuart Henderson]

--On 01 October 2005 04:43 -0500, Travis H. wrote:


Ah, but the matching engine doesn't have to traverse the whole rule
list that way.  Unless pf is doing something really tricky, every
packet will have to traverse every firewall rule without use of
quicks.


huh? "Before any rules are evaluated, the filter checks whether the 
packet matches any state. If it does, the packet is passed without 
evaluation of any rules." - pf.conf(5)

Re: Migration to PF - some questions

[Travis H.]

> huh? "Before any rules are evaluated, the filter checks whether the
> packet matches any state. If it does, the packet is passed without
> evaluation of any rules." - pf.conf(5)

Yeah, I neglected stateful matching.  I should have said that every
packet that has to run the gauntlet of rules, has to run all of them. 
Subsequent reading of the PF FAQ confirms that there's no deep
evaluation-reordering magic going on, that quick rules really are
faster.
--
http://www.lightconsulting.com/~travis/  -><-
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B

Re: Migration to PF - some questions

[Stuart Henderson]

--On 01 October 2005 08:50 -0500, Travis H. wrote:


huh? "Before any rules are evaluated, the filter checks whether the
packet matches any state. If it does, the packet is passed without
evaluation of any rules." - pf.conf(5)


Yeah, I neglected stateful matching.  I should have said that every
packet that has to run the gauntlet of rules, has to run all of them.
Subsequent reading of the PF FAQ confirms that there's no deep
evaluation-reordering magic going on, that quick rules really are
faster.


See pfctl(8) -o option for details about the magic.

Re: Migration to PF - some questions

[Moritz Grimm]

Travis H. wrote:

Yeah, I neglected stateful matching.  I should have said that every
packet that has to run the gauntlet of rules, has to run all of them. 


Not necessarily. Search for "pf" and "skip-steps", something that isn't 
documented much inside OpenBSD, because it is always on and being done 
for you. Also, the `-o' parameter to pfctl(8) might be of interest.



Moritz

PF story, happy ending.

[Diana Eichert]

I helped a friend setup a firewall environment years ago in front of his
web business, first it was on IPF(back when OpenBSD shipped w/IPF), then
PF.  Amazingly he's managed to keep his business up, running and growing
through the dot-bomb period, but I digress.

Once I configured PF on his network several years ago it's required very
little interaction, then out of the blue yesterday he calls to say the
firewall has failed and he had to bypass it!  What I say?  I'm pretty sure
it hasn't failed.  So I tell him I'll connect into the firewall system
remotely via a gateway I have there for emergencies so I can see what's
really going on.

Once connected I ask him to put the firwall back inline, initially he's
pretty skeptical about doing that, since everything is "working" just fine
without the firewall it CAN'T be a problem with any of the other systems
on his network.  I convince him it's worth his while to let me
troubleshoot some and he agrees.  When he places it back inline I
realize the state table is getting full within 1-20 seconds and most of
the states getting created look like junk, LOTS of fragmented
packets.  What the &*%^?  A quick view of the current rules usage shows
the tcp packets originating from the inside are exhausting the state
table.  I have some strict host and port based rules incoming, but I'd
setup global outgoing tcp,udp and icmp rules with keep state.  I get him
to disconnect one system at a time on the inside and voila, there's the
culprit, a Windows domain controller.  Once that system is disconnected
everything goes back to normal.  Turns out that morning they'd rebooted
the system shortly before the "firewall failed", hmmm, geez now that
would've been a piece of information I'd like to have had when I started
my troubleshooting process.

So now my buddy, realizing it was one of his Windows systems, becomes very
contrite and apologizes for interupting me at the office.

diana

K3B - FreeBSD binaries

[[EMAIL PROTECTED]]

Hi

With the risk of making a complete fool of myself..

Is it possible 
to get K3B running on OpenBSD 3.7?

I am running KDE as the desktop, I 
have tried to install K3B from source without succes. Make fails with 
errors.

Having no prior experience in using FreeBSD binaries, I read 
the compat_freebsd man and installed the freebsd libs. I got the K3B 
binary and unpacked into /emul/freebsd..

Doing /emul/freebsd/bin/k3b 
ofcourse wont work, but is this the normal to run a FreeBSD binary? To 
simply run the file?

I tried installing other FreeBSD binaries to see 
the result but it's the same, I am getting "Abort trap".

Please have 
patience with me if I have missed something or are doing it all wrong.

Kindly,
Marcus

Re: Migration to PF - some questions

[Tobias Weingartner]

On Saturday, October 1, "Travis H." wrote:
> 
> Yeah, I neglected stateful matching.  I should have said that every
> packet that has to run the gauntlet of rules, has to run all of them. 
> Subsequent reading of the PF FAQ confirms that there's no deep
> evaluation-reordering magic going on, that quick rules really are
> faster.

There are various optimizations going on, in particular, skip-steps
is one that has proven to be effective... :)

--Toby.

Re: K3B - FreeBSD binaries

[Marc Espie]

On Sat, Oct 01, 2005 at 05:32:23PM +0200, [EMAIL PROTECTED] wrote:
> Hi
> 
> With the risk of making a complete fool of myself..
> 
> Is it possible 
> to get K3B running on OpenBSD 3.7?
> 
> I am running KDE as the desktop, I 
> have tried to install K3B from source without succes. Make fails with 
> errors.
> 
> Having no prior experience in using FreeBSD binaries, I read 
> the compat_freebsd man and installed the freebsd libs. I got the K3B 
> binary and unpacked into /emul/freebsd..
> 
> Doing /emul/freebsd/bin/k3b 
> ofcourse wont work, but is this the normal to run a FreeBSD binary? To 
> simply run the file?
> 
> I tried installing other FreeBSD binaries to see 
> the result but it's the same, I am getting "Abort trap".
> 
> Please have 
> patience with me if I have missed something or are doing it all wrong.

After having read through k3b, and having a partial port, I'm quite
certain the FreeBSD port won't work 100%.

The part that accesses disks directly has got some extensive code that
uses FreeBSD's CAM support. I don't see our emulation layer coping with
that.

Re: PF story, happy ending.

[Mike Hernandez]

On 10/1/05, Diana Eichert <[EMAIL PROTECTED]> wrote:
> I helped a friend setup a firewall environment years ago in front of his
> web business, first it was on IPF(back when OpenBSD shipped w/IPF), then
> PF.  Amazingly he's managed to keep his business up, running and growing
> through the dot-bomb period, but I digress.

Great story ;) I'm just wondering what version the firewall is
running, and if it's an old version, have you considered upgrading?
Would there be any benefit to upgrading? (I suppose that last question
is what I'm really wondering about)

Mike

Re: K3B - FreeBSD binaries

[[EMAIL PROTECTED]]

Hi Marc and thanks!

>After having read through k3b, and having a 
partial port, I'm quite
>certain the FreeBSD port won't work 100%.

>The part that accesses disks directly has got some extensive code that
>uses FreeBSD's CAM support. I don't see our emulation layer coping 
with
>that.

Ok, but other than that, doing 
/emul/freebsd/bin/programname, is that the right way to start a FreeBSD 
binary?

Does anyone know of an alternative to K3B which will burn 
DVD's?

Amazon.com Inquiry

[Amazon]

Dear Amazon member, 



Due to concerns we have for the safety and integrity of the Amazon community we 
have issued this warning. 



Per the User Agreement, Section 9, we may immediately issue a warning, 
temporarily suspend, indefinitely suspend or terminate your membership and 
refuse to provide our services to you if we believe that your actions may cause 
financial loss or legal liability for you, our users or us. We may also take 
these actions if we are unable to verify or authenticate any information you 
provide to us. 



Please follow the link below: 



http://www.amazon.com.encrypted-inquiry.cn?/exec/obidos



and update your account information. 



We apreciate your support and understanding, as we work together to keep Amazon 
market a safe place to trade. 



Thank you for your attention on this serious matter.



Regards,

Amazon Safety Department





NOTE: This message was sent to you by an automated e-mail system. Please don't 
reply to it. Amazon treats your personal information with the utmost care, and 
our Privacy Policy is designed to protect you and your information.

Re: PF story, happy ending.

[Diana Eichert]

On Sat, 1 Oct 2005, Mike Hernandez wrote:
SNIP
> Great story ;) I'm just wondering what version the firewall is
> running, and if it's an old version, have you considered upgrading?
> Would there be any benefit to upgrading? (I suppose that last question
> is what I'm really wondering about)
>
> Mike

Mike and all

We have 4 Alpha system up and running at their office for transparent FW,
DNS and a NAT system, "OpenBSD 3.3-current (GENERIC) #23: Fri Jun 20
21:03:18 MDT 2003".  There has been no problems with these machines
besides the death of aging components on the Alpha systems.  I got him to
pickup qty. 6 of them from a local facility that shutdown an Alpha
cluster.  I chose Alpha's 'cause even if there was a root exploit against
OpenBSD most script kiddies wouldn't have Alpha binaries laying around.

He purchased a couple of Soekris boxes last Spring but I didn't get around
to bringing them up 'cause my softball season started. :-) (I play about
100 games in a 5 month period every year)  I've been helping this guy out
for free for the last 5 years.  First because he couldn't afford my labor
rate, second 'cause I'm no longer a consultant and don't want to be called
at my day job office.  Softball season ends next weekend and I'm going to
bring 3.8 up on the Soekrises as redundant firewalls.  So yes, we're
looking forward to getting 3.8 up and running.

diana
PS I'm going to miss the Alpha's.

Re: PF story, happy ending.

[ed]

On Sat, 1 Oct 2005 09:05:47 -0600 (MDT)
Diana Eichert <[EMAIL PROTECTED]> wrote:

> So now my buddy, realizing it was one of his Windows systems, becomes
> very contrite and apologizes for interupting me at the office.

I beg to differ, as nice as it is to know the windows box caused the
many states, its the firewall admins fault for not increasing the state
limit. A small limit is good, so you know something has created many
states, but even so, the reason the firewall failed to pass traffic was
the state limit, not because the windows box had anything to do with it.

-- 
Regards, Ed http://www.usenix.org.uk - http://irc.is-cool.net 
~
~
:wq

Re: K3B - FreeBSD binaries

[Marc Espie]

On Sat, Oct 01, 2005 at 06:41:31PM +0200, [EMAIL PROTECTED] wrote:
> Does anyone know of an alternative to K3B which will burn 
> DVD's?

dvd+rw-tools doesn't have any gui, but it does burn dvd.
In fact, it's what k3b uses to burn dvd.

It works (more or less) under OpenBSD, I've burnt quite a few DVDs with
it. I seem to have an issue with the end marker on them, but I don't
know whether it comes from the software, the OS, the DVD-writer, or
the DVD-reader on the machin I use to further test them.

And I think Jacob Meuser is working on DVD authoring tools...

Re: PF story, happy ending.

[Diana Eichert]

On Sat, 1 Oct 2005, ed wrote:

> On Sat, 1 Oct 2005 09:05:47 -0600 (MDT)
> Diana Eichert <[EMAIL PROTECTED]> wrote:
>
> > So now my buddy, realizing it was one of his Windows systems, becomes
> > very contrite and apologizes for interupting me at the office.
>
> I beg to differ, as nice as it is to know the windows box caused the
> many states, its the firewall admins fault for not increasing the state
> limit. A small limit is good, so you know something has created many
> states, but even so, the reason the firewall failed to pass traffic was
> the state limit, not because the windows box had anything to do with it.

HaHaHa, you're such a dreeb.  Try reading the story next time, but I'll
give you a quick synopsis for the reading impaired.

1. FW, running for LONG time, no problems
2. 1 day it quits "working"
3. a look reveals lots of wierd entries in state table, almost as if
there's a bad NIC on outside.
4. Closer look reveals the state table is filling up in 2-20 seconds, I
repeat this FW has been running for almost 3 years, no problems
5. Oops, we find a Windows system that is spewing wierd fragments to the
outside world.
6. Oh geez, it's a domain controller, it shouldn't be talking outside it's
own local network, hmmm I wonder why, perhaps it was compromised?  I don't
care, I'm not the Windows admin, but it shouldn't be doing what it's
doing.
7. remove bad (BadBadBadBadBad) Windows box from network and everything
back to normal, now state table entries stabilize at 30% of limit.

So Dweeb, what you recommend is upping the state table so we can increase
the amount of crap that's leaking out from the Windows system?  Brilliant,
next time there's a Windows worm polluting the network I'll just think
"Wow, it's not a Windows problem, I just need to buy hardware that can
handle greater traffic."

you're funny

diana

Netgear WG311 and ath driver on amd64.

[Brian McKerr]

Hello all,

I went  and bought a netgear WG311 PCI 54g (Wg311GE) card the other day 
to put in my firewall. I intended to use this is as an access point for 
a WLAN. This card is listed in the support hardware section on the 
openbsd website under i386 but not amd64.


Anyways, I grabbed the latest 3.8 snapshot, dated 28th Sept and 
installed it on my amd64 machine. Dmesg here;


OpenBSD 3.8-current (GENERIC) #266: Wed Sep 28 00:11:41 MDT 2005
   [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 1072492544 (1047356K)
avail mem = 908439552 (887148K)
using 22937 buffers containing 107458560 bytes (104940K) of memory
mainbus0 (root)
cpu0 at mainbus0: (uniprocessor)
cpu0: AMD Athlon(tm) 64 Processor 3200+, 2002.82 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 
64b/line 16-way L2 cache

cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 "VIA K8HTB Host" rev 0x01
ppb0 at pci0 dev 1 function 0 "VIA K8HTB AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 vendor "Nvidia", unknown product 0x0342 
rev 0xa1

wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"VIA VT6306 FireWire" rev 0x80 at pci0 dev 7 function 0 not configured
pciide0 at pci0 dev 8 function 0 "Promise PDC20378" rev 0x02: DMA
pciide0: using irq 5 for native-PCI interrupt
skc0 at pci0 dev 10 function 0 "Marvell SKv2" rev 0x13: irq 10
skc0: Marvell Yukon Lite rev. A3 (0x7)
sk0 at skc0 port A: address 00:0e:a6:87:e9:1a
eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5
"Texas Instruments ACX111" rev 0x00 at pci0 dev 12 function 0 not configured
pciide1 at pci0 dev 15 function 0 "VIA VT8237 SATA" rev 0x80: DMA
pciide1: using irq 10 for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
wd1 at pciide1 channel 1 drive 0: 
wd1: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd1(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5
pciide2 at pci0 dev 15 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, 
channel 0 configured to compatibility, channel 1 configured to compatibility

atapiscsi0 at pciide2 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 
5/cdrom removable

cd0(pciide2:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide2: channel 1 disabled (no drives)
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x81: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x81: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x81: irq 10
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 16 function 3 "VIA VT83C572 USB" rev 0x81: irq 10
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 16 function 4 "VIA VT6202 USB" rev 0x86: irq 5
usb4 at ehci0: USB revision 2.0
uhub4 at usb4
uhub4: VIA EHCI root hub, rev 2.00/1.00, addr 1
uhub4: 8 ports with 8 removable, self powered
pcib0 at pci0 dev 17 function 0 "VIA VT8237 ISA" rev 0x00
auvia0 at pci0 dev 17 function 5 "VIA VT8233 AC97" rev 0x60: irq 5
ac97: codec id 0x41445370 (Analog Devices AD1980)
ac97: codec features headphone, 20 bit DAC, No 3D Stereo
audio0 at auvia0
pchb1 at pci0 dev 24 function 0 "AMD AMD64 HyperTransport" rev 0x00
pchb2 at pci0 dev 24 function 1 "AMD AMD64 Address Map" rev 0x00
pchb3 at pci0 dev 24 function 2 "AMD AMD64 DRAM Cfg" rev 0x00
pchb4 at pci0 dev 24 function 3 "AMD AMD64 Misc Cfg" rev 0x00
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
sysbeep0 at pcppi0
lm0 at isa0 port 0x290/8: W83697HF
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
wd0: no disk label
dkcsum: wd0 matches BIOS drive 0x80
dkcsum: wd1 matches BIOS drive 0x81
root on wd1a
rootdev=0x10 rrootdev=0x310 rawdev=0x312
uhidev0 at uhub1 port 2 configuration 1 interface 0
uhidev0: Microsoft Microsoft 3-Button Mouse with IntelliEye(TM

Re: Load Balancing

[Brian A. Seklecki]

So have him send the message pre-formatted to the list? HTML?

How about just draw the diagram using ports/graphics/dia/* and export to
PNG, post the URL?

~BAS

On Fri, 2005-09-30 at 10:01, J.C. Roberts wrote:
> On Fri, 30 Sep 2005 18:35:16 +0530, Manpreet Singh Nehra
> <[EMAIL PROTECTED]> wrote:
> 
> >
> >   
> >DHCP |  |  172.31.1.1  
> > 
> >   |  |
> >  rl0 | |
> >   ---
> > |  OpenBSD   |  
> >    
> >| |
> > DHCP|  |  172.31.2.1  
> >   | |
> >   |  |
> >   rl1| |   192.168.1.0/24
> >   ---
> > | 
> >192.168.1.3|   
> >    
> >| | rl4
> >  DHCP   |  |  172.31.3.1  
> >   | |
> >   |  |
> >   rl2| |   
> >   ---
> > |   Firewall |
> >    
> >| |
> >DHCP |  |  172.31.4.1  
> >   | |
> >   |  |
> >rl3
> >   ---
> >
> 
> I suggest you learn to use a "fixed pitch font" for email,
> particularly for ascii-drawings, rather than forcing everyone to play
> a pointless game of "guess the magic font" so they can read your post.
> 
> JCR

3.8 Snapshot with 'ath' based card.

[OpenBSD Admin]

Hello all,

I went  and bought a netgear WG311 PCI 54g (Wg311GE) card the other day 
to put in my firewall. I intended to use this is as an access point for 
a WLAN. This card is listed in the support hardware section on the 
openbsd website under i386 but not amd64.


Anyways, I grabbed the latest 3.8 snapshot, dated 28th Sept and 
installed it on my amd64 machine. Dmesg here;


OpenBSD 3.8-current (GENERIC) #266: Wed Sep 28 00:11:41 MDT 2005
  [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 1072492544 (1047356K)
avail mem = 908439552 (887148K)
using 22937 buffers containing 107458560 bytes (104940K) of memory
mainbus0 (root)
cpu0 at mainbus0: (uniprocessor)
cpu0: AMD Athlon(tm) 64 Processor 3200+, 2002.82 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW 

cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 
64b/line 16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully 
associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully 
associative

pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 "VIA K8HTB Host" rev 0x01
ppb0 at pci0 dev 1 function 0 "VIA K8HTB AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 vendor "Nvidia", unknown product 0x0342 
rev 0xa1

wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"VIA VT6306 FireWire" rev 0x80 at pci0 dev 7 function 0 not configured
pciide0 at pci0 dev 8 function 0 "Promise PDC20378" rev 0x02: DMA
pciide0: using irq 5 for native-PCI interrupt
skc0 at pci0 dev 10 function 0 "Marvell SKv2" rev 0x13: irq 10
skc0: Marvell Yukon Lite rev. A3 (0x7)
sk0 at skc0 port A: address 00:0e:a6:87:e9:1a
eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5
"Texas Instruments ACX111" rev 0x00 at pci0 dev 12 function 0 not 
configured

pciide1 at pci0 dev 15 function 0 "VIA VT8237 SATA" rev 0x80: DMA
pciide1: using irq 10 for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
wd1 at pciide1 channel 1 drive 0: 
wd1: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd1(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5
pciide2 at pci0 dev 15 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, 
channel 0 configured to compatibility, channel 1 configured to 
compatibility

atapiscsi0 at pciide2 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 
5/cdrom removable

cd0(pciide2:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide2: channel 1 disabled (no drives)
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x81: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x81: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x81: irq 10
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 16 function 3 "VIA VT83C572 USB" rev 0x81: irq 10
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 16 function 4 "VIA VT6202 USB" rev 0x86: irq 5
usb4 at ehci0: USB revision 2.0
uhub4 at usb4
uhub4: VIA EHCI root hub, rev 2.00/1.00, addr 1
uhub4: 8 ports with 8 removable, self powered
pcib0 at pci0 dev 17 function 0 "VIA VT8237 ISA" rev 0x00
auvia0 at pci0 dev 17 function 5 "VIA VT8233 AC97" rev 0x60: irq 5
ac97: codec id 0x41445370 (Analog Devices AD1980)
ac97: codec features headphone, 20 bit DAC, No 3D Stereo
audio0 at auvia0
pchb1 at pci0 dev 24 function 0 "AMD AMD64 HyperTransport" rev 0x00
pchb2 at pci0 dev 24 function 1 "AMD AMD64 Address Map" rev 0x00
pchb3 at pci0 dev 24 function 2 "AMD AMD64 DRAM Cfg" rev 0x00
pchb4 at pci0 dev 24 function 3 "AMD AMD64 Misc Cfg" rev 0x00
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
sysbeep0 at pcppi0
lm0 at isa0 port 0x290/8: W83697HF
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
wd0: no disk label
dkcsum: wd0 matches BIOS drive 0x80
dkcsum: wd1 matches BIOS drive 0x81
root on wd1a
rootdev=0x10 rrootdev=0x310 rawdev=0x312
uhidev0 at uhub1 port 2 configuration 1 interface 0
uhidev0: Microsoft Microsoft 3-Button Mouse with Intelli

Re: ntop

[Brian A. Seklecki]

What platform are you on? Are you compiling it from source?  

It works just fine in 3.7/i386.

Just:

bash-3.00# cd /usr/ports/net/ntop && make install clean


If you insist on source, try looking at /usr/ports/net/ntop/patches/*

Try reading about Ports in the FAQ.

~BAS

On Thu, 2005-09-29 at 12:43, B4nsh33 wrote:
> Hi, im trying to install ntop 3.1 on openbsd 3.7, it doesnt compile, 
> reading the archives i learned its an unsupported application.
> Is there any workaround o should i look for another package?, i really 
> like the ntop's full feature set and i would prefer use it.
> 
> ---
> thanks

Re: Netgear WG311 and ath driver on amd64.

[Stuart Henderson]

--On 02 October 2005 06:07 +1000, Brian McKerr wrote:


"Texas Instruments ACX111" rev 0x00 at pci0 dev 12 function 0 not
configured


That's not an ath, they've changed the chipset to TI (non-open, 
unfortunately). Unfortunately wireless chipsets change often, TI and 
Marvell are appearing from vendors formerly using Atheros and Ralink.

Re: Load Balancing

[J.C. Roberts]

On Sat, 01 Oct 2005 15:22:18 -0400, "Brian A. Seklecki"
<[EMAIL PROTECTED]> wrote:

>So have him send the message pre-formatted to the list? HTML?
>
>How about just draw the diagram using ports/graphics/dia/* and export to
>PNG, post the URL?
>
>~BAS

No. When a fixed pitch font is used to create the ascii-graphic, the
result is readable just about anywhere -even a terminal. Since the
size/with of each character is constant, the result is still readable
(i.e. the alignment is correct) with any other fixed pitch font.

JCR

PPPoE troubles.

[Marcos Vinicius Buzo]

Hi all, I Am a new OpenBSD user and I am trying to set up a home router with
OpenBSD, but I am having some troubles with pppoe.
I live in Brazil and my connection is an ADSL link with Telefonica. My
ip/gateway are both set dynamically.

Here's my /etc/hostname.pppoe0 file:

pppoedev rl1
!/sbin/ifconfig rl1 up
!/usr/sbin/spppcontrol -v \$if myauthproto=pap myauthname="
[EMAIL PROTECTED]" \
myauthkey=mypass
!/sbin/ifconfig \$if inet 0.0.0.0  0.0.0.1
netmask 0x
!/sbin/route add default 0.0.0.1 
up

So, it connects and set the ip, but it gets no gateway:


pppoe0: flags=8851 mtu 1492
dev: rl1 state: session
sid: 0x8081 PADI retries: 1 PADR retries: 0 time: 0:0:51
inet 200.158.156.121  --> 0.0.0.1
netmask 0x
inet6 fe80::2e0:7dff:fe88:678d%pppoe0 -> prefixlen 64 scopeid 0x7

The netstat -nr command shows me:

Destination Gateway Flags Refs Use Mtu Interface
0.0.0.1  0.0.0.0  UH 0 0 - pppoe0


I have also tried to get pppoe working with userland pppoe, but I've got the
same problem, except I could ping only the ip
200.207.254.248
.

Here's my old router running debian linux ifconfig result:

ppp0 Link encap:Point-to-Point Protocol
inet addr:200.158.157.XXX P-t-P:200.207.254.248 Mask:
255.255.255.255 
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:4529 errors:0 dropped:0 overruns:0 frame:0
TX packets:3096 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:5122479 (4.8 MiB) TX bytes:285811 (279.1 KiB)

Does anybody here live in Brazil and use the adsl link from telefonica and
can get it working with OpenBSD/pppoe ?
Does anybody know what this "error" could be ?

Thanks in advance,

Marcos Vinmcius Buzo

Re: Netgear WG311 and ath driver on amd64.

[OpenBSD Admin]

Stuart Henderson wrote:


--On 02 October 2005 06:07 +1000, Brian McKerr wrote:


"Texas Instruments ACX111" rev 0x00 at pci0 dev 12 function 0 not
configured



That's not an ath, they've changed the chipset to TI (non-open, 
unfortunately). Unfortunately wireless chipsets change often, TI and 
Marvell are appearing from vendors formerly using Atheros and Ralink.



Bastards.


I'll have to take it back then.

Any ideas why/if the ath stuff is missing from the amd64 port ?


Thanks Stuart

getting usb networking up on the Zaurus

[Chuck Robey]

I want to get usb to usb networking up on the Zaurus running OpenBSD (a 
snap from about a week ago).  I wish to get it to communicate to the 
FreeBSD box that is sitting next to it.


When I :reboot: the Zaurus back to Linux, FreeBSD immediately sees a new 
cdce0 device, and I could communicate, but the device crawls back into 
it's hole when I boot back into OpenBSD.  I need to know how to get a 
cdce active, I *think* (I guess I could be wrong here)


Thanks for any help!

Re: 3.8 Snapshot with 'ath' based card.

[Darrin Chandler]

I went through the same process. I swapped it for a LinkSys, which had 
the revision number on the box (yes, it matters for chipset). It comes 
up as supported, but I haven't been able to get it to work yet. I'm not 
sure, but I may have a PCI version less than 2.2 and that's listed at a 
problem for the ral driver. Best of luck to you!


OpenBSD Admin wrote:


Hello all,

I went  and bought a netgear WG311 PCI 54g (Wg311GE) card the other 
day to put in my firewall. I intended to use this is as an access 
point for a WLAN. This card is listed in the support hardware section 
on the openbsd website under i386 but not amd64.


Anyways, I grabbed the latest 3.8 snapshot, dated 28th Sept and 
installed it on my amd64 machine. Dmesg here;


OpenBSD 3.8-current (GENERIC) #266: Wed Sep 28 00:11:41 MDT 2005
  [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 1072492544 (1047356K)
avail mem = 908439552 (887148K)
using 22937 buffers containing 107458560 bytes (104940K) of memory
mainbus0 (root)
cpu0 at mainbus0: (uniprocessor)
cpu0: AMD Athlon(tm) 64 Processor 3200+, 2002.82 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW 

cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 
64b/line 16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully 
associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully 
associative

pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 "VIA K8HTB Host" rev 0x01
ppb0 at pci0 dev 1 function 0 "VIA K8HTB AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 vendor "Nvidia", unknown product 0x0342 
rev 0xa1

wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"VIA VT6306 FireWire" rev 0x80 at pci0 dev 7 function 0 not configured
pciide0 at pci0 dev 8 function 0 "Promise PDC20378" rev 0x02: DMA
pciide0: using irq 5 for native-PCI interrupt
skc0 at pci0 dev 10 function 0 "Marvell SKv2" rev 0x13: irq 10
skc0: Marvell Yukon Lite rev. A3 (0x7)
sk0 at skc0 port A: address 00:0e:a6:87:e9:1a
eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5
"Texas Instruments ACX111" rev 0x00 at pci0 dev 12 function 0 not 
configured

pciide1 at pci0 dev 15 function 0 "VIA VT8237 SATA" rev 0x80: DMA
pciide1: using irq 10 for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
wd1 at pciide1 channel 1 drive 0: 
wd1: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd1(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5
pciide2 at pci0 dev 15 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, 
channel 0 configured to compatibility, channel 1 configured to 
compatibility

atapiscsi0 at pciide2 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 
5/cdrom removable

cd0(pciide2:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide2: channel 1 disabled (no drives)
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x81: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x81: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x81: irq 10
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 16 function 3 "VIA VT83C572 USB" rev 0x81: irq 10
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 16 function 4 "VIA VT6202 USB" rev 0x86: irq 5
usb4 at ehci0: USB revision 2.0
uhub4 at usb4
uhub4: VIA EHCI root hub, rev 2.00/1.00, addr 1
uhub4: 8 ports with 8 removable, self powered
pcib0 at pci0 dev 17 function 0 "VIA VT8237 ISA" rev 0x00
auvia0 at pci0 dev 17 function 5 "VIA VT8233 AC97" rev 0x60: irq 5
ac97: codec id 0x41445370 (Analog Devices AD1980)
ac97: codec features headphone, 20 bit DAC, No 3D Stereo
audio0 at auvia0
pchb1 at pci0 dev 24 function 0 "AMD AMD64 HyperTransport" rev 0x00
pchb2 at pci0 dev 24 function 1 "AMD AMD64 Address Map" rev 0x00
pchb3 at pci0 dev 24 function 2 "AMD AMD64 DRAM Cfg" rev 0x00
pchb4 at pci0 dev 24 function 3 "AMD AMD64 Misc Cfg" rev 0x00
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
sysbeep0 at pcppi0
lm0 at isa0 po

Re: getting usb networking up on the Zaurus

[Dale Rahn]

On Sat, Oct 01, 2005 at 05:03:48PM -0400, Chuck Robey wrote:
> I want to get usb to usb networking up on the Zaurus running OpenBSD (a 
> snap from about a week ago).  I wish to get it to communicate to the 
> FreeBSD box that is sitting next to it.
> 
> When I :reboot: the Zaurus back to Linux, FreeBSD immediately sees a new 
> cdce0 device, and I could communicate, but the device crawls back into 
> it's hole when I boot back into OpenBSD.  I need to know how to get a 
> cdce active, I *think* (I guess I could be wrong here)
> 
> Thanks for any help!
> 

Sorry, usb client mode is not supported in OpenBSD at this time.
Only usb host mode is supported see usb(4) for list.
The hardware supports usb on-the-go, but OpenBSD doesn't have a driver
for it yet.

Dale Rahn   [EMAIL PROTECTED]

Geode GX1

[Bachman Kharazmi]

When I try to boot a Geode GX1 with generic kernel it freeze here:
>>OpenBSD/i386 PXEBOOT 1.02
booting tftp:/bsd 4807268-   (and here it freeze)

I've tried bsd.rd both from the 3.7 and 3.8 dir without any luck, am I
missing any support in kernel?

/bkw
--
##
BKW - Bachman Kharazmi
bahkha AT gmail DOT com
uin: #24089491
SWEDEN
##

Re: PPPoE troubles.

[Pedro Martelletto]

Hi Marcos,

I never used PPPoE myself, but let me try to help you out...

On Sat, Oct 01, 2005 at 05:36:24PM -0300, Marcos Vinicius Buzo wrote:
> I live in Brazil and my connection is an ADSL link with Telefonica.

Then you probably live somewhere in the state of Sao Paulo :-)

> !/sbin/ifconfig \$if inet 0.0.0.0 0.0.0.1 netmask 0x
> !/sbin/route add default 0.0.0.1

Why are you doing this? You're setting your gateway to 0.0.0.1.

> The netstat -nr command shows me:
>
> Destination Gateway Flags Refs Use Mtu Interface
> 0.0.0.1 0.0.0.0 UH 0 0 - pppoe0

Which matches the set of ifconfig + route commands that you used, no?

> Does anybody here live in Brazil and use the adsl link from telefonica and
> can get it working with OpenBSD/pppoe ?

No. I've a friend who uses PPPoE for Velox. Shall you have more trouble
and I will put you in touch with him.

-p.

Re: PPPoE troubles.

[Jason McIntyre]

On Sat, Oct 01, 2005 at 07:04:47PM -0300, Pedro Martelletto wrote:
> 
> > !/sbin/ifconfig \$if inet 0.0.0.0 0.0.0.1 netmask 0x
> > !/sbin/route add default 0.0.0.1
> 
> Why are you doing this? You're setting your gateway to 0.0.0.1.
> 

it is correct for this scenario - pppoe(4) explains why.
jmc

Re: PPPoE troubles.

[Marcos Vinicius Buzo]

Yes Pedro, I live in the state of Sao Paulo. I used that configuration
because is how the man 4 pppoe is telling i should do, these adresses should
be replaced with the adresses I would receive from my ISP.

 A typical */etc/hostname.pppoe0* file looks like this:

   pppoedev ne0
   !/sbin/ifconfig ne0 up
   !/usr/sbin/spppcontrol \$if myauthproto=pap myauthname=testcaller
\
   myauthkey=donttell
   !/sbin/ifconfig \$if inet 0.0.0.0  0.0.0.1
 netmask 0x
   !/sbin/route add default 0.0.0.1 
   up

 Since this is a PPP interface, the addresses assigned to the interface
 may change during PPP negotiation.  There is no fine grained control
 available for deciding which addresses are acceptable and which are not.
 For the local side and the remote address there is exactly one choice:
 hard coded address or wildcard.  If a real address is assigned to one
 side of the connection, PPP negotiation will only agree to exactly this
 address.  If one side is wildcarded, every address suggested by the peer
 will be accepted.

 To wildcard the local address set it to 0.0.0.0 ;
to wildcard the remote
 address set it to 0.0.0.1 .


I would like to talk to your friend to know what he is doing to get pppoe
working,

Thanks in advance man..


On 10/1/05, Pedro Martelletto <[EMAIL PROTECTED]> wrote:
>
> Hi Marcos,
>
> I never used PPPoE myself, but let me try to help you out...
>
> On Sat, Oct 01, 2005 at 05:36:24PM -0300, Marcos Vinicius Buzo wrote:
> > I live in Brazil and my connection is an ADSL link with Telefonica.
>
> Then you probably live somewhere in the state of Sao Paulo :-)
>
> > !/sbin/ifconfig \$if inet 0.0.0.0 
0.0.0.1netmask 0x
> > !/sbin/route add default 0.0.0.1 
>
> Why are you doing this? You're setting your gateway to
0.0.0.1
> .
>
> > The netstat -nr command shows me:
> >
> > Destination Gateway Flags Refs Use Mtu Interface
> > 0.0.0.1  0.0.0.0  UH 0 0 - pppoe0
>
> Which matches the set of ifconfig + route commands that you used, no?
>
> > Does anybody here live in Brazil and use the adsl link from telefonica
> and
> > can get it working with OpenBSD/pppoe ?
>
> No. I've a friend who uses PPPoE for Velox. Shall you have more trouble
> and I will put you in touch with him.
>
> -p.

Linux expo - London

[ed]

Hello,

Is OpenBSD doing anything at the linux conference and expo this week at
the London Olympia?

-- 
Regards, Ed http://www.openbsdhacker.com

Webmail recommendations?

[Chris]

Hello

I want to setup a OBSD box for my email server.  It will service
probably about 2 dozen people, but It could conceivably double or more
over the next year or two.

I was wondering if anyone had any recommendations for an mta, and for a
webmail program that is easy to use and fully featured for users who are
not so computer savvy.

I am pretty comfortable with Sendmail, but I hear a lot of people are
moving more toward postfix (which I know nothing about).

I am at a loss for a good web interface.

Anyone care to make any recommendations?

Thank you.


Chris

Re: PPPoE troubles.

[Pedro Martelletto]

On Sat, Oct 01, 2005 at 07:23:55PM -0300, Marcos Vinicius Buzo wrote:
> Yes Pedro, I live in the state of Sao Paulo. I used that configuration
> because is how the man 4 pppoe is telling i should do, these adresses should
> be replaced with the adresses I would receive from my ISP.

Oh, so never mind. :-)

Anyway, does the PPPoE code yield any kind of log? If so, have you tried
digging through it to find anything interesting?

> I would like to talk to your friend to know what he is doing to get pppoe
> working,

Sure, please get in touch with Luiz Gustavo <[EMAIL PROTECTED]>, and if
you get it to work, then please post the solution in the list, so future
users can find it in the archives.

-p.

Re: PPPoE troubles.

[Pedro Martelletto]

On Sat, Oct 01, 2005 at 07:04:47PM -0300, Pedro Martelletto wrote:
> On Sat, Oct 01, 2005 at 05:36:24PM -0300, Marcos Vinicius Buzo wrote:
> > Does anybody here live in Brazil and use the adsl link from telefonica and
> > can get it working with OpenBSD/pppoe ?
> 
> No. I've a friend who uses PPPoE for Velox. Shall you have more trouble
> and I will put you in touch with him.
> 
> -p.

Actually, I was wrong. I know some guy in Sao Paulo who uses the ADSL
services provided by Telefonica with OpenBSD and userland PPPoE.

These are the settings he's using:

pppoe:
   set device "!/usr/sbin/pppoe -i INTERFACE"
   set mtu max 1492
   set mru max 1492
   set speed sync
   disable acfcomp protocomp
   deny acfcomp
   set authname "[EMAIL PROTECTED]"
   set authkey "senha"
   add! default HISADDR
   enable dns

-p.

Serial Weather Station

[Marc MAURICE]

Hi everybody,

I have a laptop at home which is an old dell latitude xpi p133 st. I use 
it as a small server, running OpenBSD 3.7. I would like to have my 
weather station connected to the laptop, serving the weather via http.


The weather station is a WS3600, racorded to the server via a serial cable.

The program I use to retrieve the info from the station is open3600 
(http://open3600.fast-mail.nl).


To make it work under openbsd, I edited /etc/ttys and changed the line : 
tty00  "/usr/libexec/getty std.9600"   unknown off


to :
tty00   nonenetwork on local

As open3600 is not available in binary form for OpenBSD, I compiled it. 
I then configured it to retrieve the info from /dev/tty00.


Now when I launch the retrieval of the information, the command takes 30 
seconds before outputing the result.
Each time I execute the command, it takes about 30 seconds, and 
sometimes the output is right, sometimes it is totally wrong, indicating 
0 values. I would say I have 50% chance to get the good parameters.


The problem is not hardware, because I tried the command under Debian on 
the same machine, and it retrieves the information with no problem, in 
less than 2 seconds.


I think the problem is the configuration of the serial port under 
OpenBSD, but my knowledge in serial devices is rather limited.


I ran 'stty -af /dev/tty00' under OpenBSD and 'stty -aF /dev/ttyS0' 
under Debian and see the modes are a bit differents, but I did not 
manage to change modes under OpenBSD.


'stty -af /dev/tty00' under OpenBSD:

speed 9600 baud; 0 rows; 0 columns;
lflags: icanon isig iexten echo echoe -echok echoke -echonl echoctl
   -echoprt -altwerase -noflsh -tostop -flusho -pendin -nokerninfo 
-extproc -xcase

iflags: -istrip icrnl -inlcr -igncr -iuclc ixon -ixoff ixany imaxbel
   -ignbrk brkint -inpck -ignpar -parmrk
oflags: opost onlcr -ocrnl -onocr -onlret -olcuc oxtabs -onoeot
cflags: cread cs8 -parenb -parodd hupcl clocal -cstopb -crtscts -mdmbuf 
cchars: discard = ^O; dsusp = ^Y; eof = ^D; eol = ;
   eol2 = ; erase = ^?; intr = ^C; kill = ^U; lnext = ^V; 
min = 1; quit = ^\; reprint = ^R; start = ^Q; status = ; stop = 
^S; susp = ^Z; time = 0; werase = ^W;


'stty -aF /dev/ttyS0' under Debian:

speed 9600 baud; rows 0; columns 0; line = 0;
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = ; 
eol2 = ; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R;

werase = ^W; lnext = ^V; flush = ^O; min = 1; time = 0;
-parenb -parodd cs8 hupcl -cstopb cread clocal -crtscts
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon 
-ixoff -iuclc -ixany -imaxbel
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 
vt0 ff0
isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop 
-echoprt echoctl echoke


I don't even know if the problem comes from here.

Any help, any reference, any advice is welcomed.

Thanks in advance and sorry for my english

Marc MAURICE

Re: PF story, happy ending.

[ed]

On Sat, 1 Oct 2005 12:27:56 -0600 (MDT)
Diana Eichert <[EMAIL PROTECTED]> wrote:

> So Dweeb, what you recommend is upping the state table so we can
> increase the amount of crap that's leaking out from the Windows
> system?  Brilliant, next time there's a Windows worm polluting the
> network I'll just think "Wow, it's not a Windows problem, I just need
> to buy hardware that can handle greater traffic."

Then by this token we should all set a state limit of 1 state per host,
correct, if there's something using more states it must be compromised.
Nice theory. Why not just block the single host causing the problem,
when you have a high state limit, try shell commands to count the states
used every few minutes and then add the excessive hosts to a table,
rather than choke the network. Oh and don't resort to name calling, it
makes the rest of the post look childish, even if there is content of
technical merit.

-- 
Regards, Ed http://www.usenix.org.uk

Re: Webmail recommendations?

[Roger Neth Jr]

maildroid www.maildroid.org 
 rogern
 John 3:16

 On 10/1/05, Chris <[EMAIL PROTECTED]> wrote:
>
> Hello
>
> I want to setup a OBSD box for my email server. It will service
> probably about 2 dozen people, but It could conceivably double or more
> over the next year or two.
>
> I was wondering if anyone had any recommendations for an mta, and for a
> webmail program that is easy to use and fully featured for users who are
> not so computer savvy.
>
> I am pretty comfortable with Sendmail, but I hear a lot of people are
> moving more toward postfix (which I know nothing about).
>
> I am at a loss for a good web interface.
>
> Anyone care to make any recommendations?
>
> Thank you.
>
>
> Chris

Re: Webmail recommendations?

[C. Bensend]

> I am at a loss for a good web interface.
>
> Anyone care to make any recommendations?

I'm a pretty big fan of SquirrelMail.  It's a web-based IMAP client,
so you'd need an IMAP server as well (I use Courier).  It works just
fine with OpenBSD's chrooted Apache, which is a big plus.

Benny


-- 
"Now, that next spring you find in your garage a creature that
looks like a cross-bred badger and anaconda. A badgerconda."
  -- bash.org

Serial Weather Station

[dooblem]

Hi everybody,

I have a laptop at home which is an old dell latitude xpi p133 st. I use
it as a small server, running OpenBSD 3.7. I would like to have my weather
station connected to the laptop, serving the weather via http.

The weather station is a WS3600, racorded to the server via a serial cable.

The program I use to retrieve the info from the station is open3600
(http://open3600.fast-mail.nl).

To make it work under openbsd, I edited /etc/ttys and changed the line :
tty00  "/usr/libexec/getty std.9600"   unknown off

to :
tty00   nonenetwork on local

As open3600 is not available in binary form for OpenBSD, I compiled it.
I then configured it to retrieve the info from /dev/tty00.

Now when I launch the retrieval of the information, the command takes 30
seconds before outputing the result.
Each time I execute the command, it takes about 30 seconds, and sometimes
the output is right, sometimes it is totally wrong, indicating 0 values.
I would say I have 50% chance to get the good parameters.

The problem is not hardware, because I tried the command under Debian on
the same machine, and it retrieves the information with no problem, in
less than 2 seconds.

I think the problem is the configuration of the serial port under OpenBSD,
but my knowledge in serial devices is rather limited.

I ran 'stty -af /dev/tty00' under OpenBSD and 'stty -aF /dev/ttyS0' under
Debian and see the modes are a bit differents, but I did not manage to
change modes under OpenBSD.

'stty -af /dev/tty00' under OpenBSD:

speed 9600 baud; 0 rows; 0 columns;
lflags: icanon isig iexten echo echoe -echok echoke -echonl echoctl
-echoprt -altwerase -noflsh -tostop -flusho -pendin -nokerninfo
-extproc -xcase
iflags: -istrip icrnl -inlcr -igncr -iuclc ixon -ixoff ixany imaxbel
-ignbrk brkint -inpck -ignpar -parmrk
oflags: opost onlcr -ocrnl -onocr -onlret -olcuc oxtabs -onoeot
cflags: cread cs8 -parenb -parodd hupcl clocal -cstopb -crtscts -mdmbuf
cchars: discard = ^O; dsusp = ^Y; eof = ^D; eol = ;
eol2 = ; erase = ^?; intr = ^C; kill = ^U; lnext = ^V;
min = 1; quit = ^\; reprint = ^R; start = ^Q; status = ;
stop = ^S; susp = ^Z; time = 0; werase = ^W;

'stty -aF /dev/ttyS0' under Debian:

speed 9600 baud; rows 0; columns 0; line = 0;
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = ; eol2
= ; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R;
werase = ^W; lnext = ^V; flush = ^O; min = 1; time = 0;
-parenb -parodd cs8 hupcl -cstopb cread clocal -crtscts
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon
-ixoff -iuclc -ixany -imaxbel
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0
vt0 ff0
isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop
-echoprt echoctl echoke

I don't even know if the problem comes from here.

Any help, any reference, any advice is welcomed.

Thanks in advance and sorry for my english

Marc MAURICE

Re: Serial Weather Station

[Theo de Raadt]

man 4 cua or man 4 tty

Then see the section about cua(4) devices.

And don't use tty's like that.  That is what cua devices are for.
Connecting out.

> I have a laptop at home which is an old dell latitude xpi p133 st. I use
> it as a small server, running OpenBSD 3.7. I would like to have my weather
> station connected to the laptop, serving the weather via http.
> 
> The weather station is a WS3600, racorded to the server via a serial cable.
> 
> The program I use to retrieve the info from the station is open3600
> (http://open3600.fast-mail.nl).
> 
> To make it work under openbsd, I edited /etc/ttys and changed the line :
> tty00  "/usr/libexec/getty std.9600"   unknown off
> 
> to :
> tty00   nonenetwork on local
> 
> As open3600 is not available in binary form for OpenBSD, I compiled it.
> I then configured it to retrieve the info from /dev/tty00.
> 
> Now when I launch the retrieval of the information, the command takes 30
> seconds before outputing the result.
> Each time I execute the command, it takes about 30 seconds, and sometimes
> the output is right, sometimes it is totally wrong, indicating 0 values.
> I would say I have 50% chance to get the good parameters.
> 
> The problem is not hardware, because I tried the command under Debian on
> the same machine, and it retrieves the information with no problem, in
> less than 2 seconds.
> 
> I think the problem is the configuration of the serial port under OpenBSD,
> but my knowledge in serial devices is rather limited.
> 
> I ran 'stty -af /dev/tty00' under OpenBSD and 'stty -aF /dev/ttyS0' under
> Debian and see the modes are a bit differents, but I did not manage to
> change modes under OpenBSD.
> 
> 'stty -af /dev/tty00' under OpenBSD:
> 
> speed 9600 baud; 0 rows; 0 columns;
> lflags: icanon isig iexten echo echoe -echok echoke -echonl echoctl
> -echoprt -altwerase -noflsh -tostop -flusho -pendin -nokerninfo
> -extproc -xcase
> iflags: -istrip icrnl -inlcr -igncr -iuclc ixon -ixoff ixany imaxbel
> -ignbrk brkint -inpck -ignpar -parmrk
> oflags: opost onlcr -ocrnl -onocr -onlret -olcuc oxtabs -onoeot
> cflags: cread cs8 -parenb -parodd hupcl clocal -cstopb -crtscts -mdmbuf
> cchars: discard = ^O; dsusp = ^Y; eof = ^D; eol = ;
> eol2 = ; erase = ^?; intr = ^C; kill = ^U; lnext = ^V;
> min = 1; quit = ^\; reprint = ^R; start = ^Q; status = ;
> stop = ^S; susp = ^Z; time = 0; werase = ^W;
> 
> 'stty -aF /dev/ttyS0' under Debian:
> 
> speed 9600 baud; rows 0; columns 0; line = 0;
> intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = ; eol2
> = ; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R;
> werase = ^W; lnext = ^V; flush = ^O; min = 1; time = 0;
> -parenb -parodd cs8 hupcl -cstopb cread clocal -crtscts
> -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon
> -ixoff -iuclc -ixany -imaxbel
> opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0
> vt0 ff0
> isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop
> -echoprt echoctl echoke
> 
> I don't even know if the problem comes from here.
> 
> Any help, any reference, any advice is welcomed.
> 
> Thanks in advance and sorry for my english
> 
> Marc MAURICE

Re: PF story, happy ending.

[Bob Beck]

If I had a dollar for every time some mouth breathing twit did 
that here well, I could at least buy some very good bottles of wine.

Upgrade the firewall to use the state limits and the overload
table, then filter the overload table and rdr web connections from it
to a web page that says basically "you have a virus you fucktard. fix it 
and it'll work again." put a cron job that flushes the overload table
every few hours - or if you're really clever make a button on the web
page they can poke to remove their machine from the table - if they do it
before they clean the machine they just go right back in.

-Bob

* Diana Eichert <[EMAIL PROTECTED]> [2005-10-01 09:31]:
> I helped a friend setup a firewall environment years ago in front of his
> web business, first it was on IPF(back when OpenBSD shipped w/IPF), then
> PF.  Amazingly he's managed to keep his business up, running and growing
> through the dot-bomb period, but I digress.
> 
> Once I configured PF on his network several years ago it's required very
> little interaction, then out of the blue yesterday he calls to say the
> firewall has failed and he had to bypass it!  What I say?  I'm pretty sure
> it hasn't failed.  So I tell him I'll connect into the firewall system
> remotely via a gateway I have there for emergencies so I can see what's
> really going on.
> 
> Once connected I ask him to put the firwall back inline, initially he's
> pretty skeptical about doing that, since everything is "working" just fine
> without the firewall it CAN'T be a problem with any of the other systems
> on his network.  I convince him it's worth his while to let me
> troubleshoot some and he agrees.  When he places it back inline I
> realize the state table is getting full within 1-20 seconds and most of
> the states getting created look like junk, LOTS of fragmented
> packets.  What the &*%^?  A quick view of the current rules usage shows
> the tcp packets originating from the inside are exhausting the state
> table.  I have some strict host and port based rules incoming, but I'd
> setup global outgoing tcp,udp and icmp rules with keep state.  I get him
> to disconnect one system at a time on the inside and voila, there's the
> culprit, a Windows domain controller.  Once that system is disconnected
> everything goes back to normal.  Turns out that morning they'd rebooted
> the system shortly before the "firewall failed", hmmm, geez now that
> would've been a piece of information I'd like to have had when I started
> my troubleshooting process.
> 
> So now my buddy, realizing it was one of his Windows systems, becomes very
> contrite and apologizes for interupting me at the office.
> 
> diana
> 

-- 
Bob Beck   Computing and Network Services
[EMAIL PROTECTED]   University of Alberta
True Evil hides its real intentions in its street address.

Re: PF story, happy ending.

[Diana Eichert]

On Sun, 2 Oct 2005, ed wrote:
SNIP
> rather than choke the network. Oh and don't resort to name calling, it
> makes the rest of the post look childish, even if there is content of
> technical merit.

Oh, but see I like name calling against misogynous men, 'cause in your
eyes all women probably appear childish. ;-)  That's ok, I've been dealing
with your kind for almost 50 years

Somehow I didn't think I needed to put the entire diagnostic process in
writing.  For some reason I assumed people would get the gist of what I
spoke, in fact most did, but some people are less intelligent than others.

g.day

diana

Re: PF story, happy ending.

[Diana Eichert]

On Sat, 1 Oct 2005, Bob Beck wrote:

>
>   If I had a dollar for every time some mouth breathing twit did
> that here well, I could at least buy some very good bottles of wine.
>
>   Upgrade the firewall to use the state limits and the overload
> table, then filter the overload table and rdr web connections from it
> to a web page that says basically "you have a virus you fucktard. fix it
> and it'll work again." put a cron job that flushes the overload table
> every few hours - or if you're really clever make a button on the web
> page they can poke to remove their machine from the table - if they do it
> before they clean the machine they just go right back in.
>
>   -Bob

Hi Bob

We're in the process of upgrading to 3.8, have the hardware, now have the
time.  There aren't any users on the system, it's a Windows domain
controller.  Why it was there I don't know, in fact they didn't seem that
concerned about pulling it off the network.  I thought about adding a cron
job to flush the state table and or increasing the state table max value,
but it was such an egregious (for Ed that means "conspicuously and
outrageously bad or reprehensible") problem.  Filling up the stock state
table setting in 2 seconds meant I needed to troubleshoot and fix the
problem now.  Seeing all the fragments in the state table really concerned
me also, in fact that's all that was filling up the state table.  I've
seen the same problem at my day job on our network and it's never been a
good thing.

Hope things are going well for you,

diana

Re: PPPoE troubles.

[Marcos Vinicius Buzo]

Thanks for all your replies.
I will test the userland pppoe too. I solved my problem, I just removed a
clean /etc/mygate file, and it worked fine using the pppoe kernel
implementation. It is really normal to have a 0.0.0.1
gateway, it worked very fine.

Thanks again :)

[]s

On 10/1/05, Pedro Martelletto <[EMAIL PROTECTED]> wrote:
>
> On Sat, Oct 01, 2005 at 07:04:47PM -0300, Pedro Martelletto wrote:
> > On Sat, Oct 01, 2005 at 05:36:24PM -0300, Marcos Vinicius Buzo wrote:
> > > Does anybody here live in Brazil and use the adsl link from telefonica
> and
> > > can get it working with OpenBSD/pppoe ?
> >
> > No. I've a friend who uses PPPoE for Velox. Shall you have more trouble
> > and I will put you in touch with him.
> >
> > -p.
>
> Actually, I was wrong. I know some guy in Sao Paulo who uses the ADSL
> services provided by Telefonica with OpenBSD and userland PPPoE.
>
> These are the settings he's using:
>
> pppoe:
> set device "!/usr/sbin/pppoe -i INTERFACE"
> set mtu max 1492
> set mru max 1492
> set speed sync
> disable acfcomp protocomp
> deny acfcomp
> set authname "[EMAIL PROTECTED]"
> set authkey "senha"
> add! default HISADDR
> enable dns
>
> -p.

OpenBSD and KDE printing

[coolzone]

Hi

During my printer testing the last couple of days I have been running some few
tests.

I have made a test machine (i386) running OpenBSD 3.7 with KDE and all it's
application. 

During this test I found that every single program, started from within KDE,
crashes when I use the print option from (in most cases) the file menu.

Kprinter crashes too.

This is with or without any cups service running.

I know this kind of question is unpopular, but I am going to ask it anyway...

Does anyone on the list run OpenBSD 3.7 with KDE where the print option works?
It doesn't matter if there actually is a printer installed, I just need to
know if it crashes. If it doesn't crash - is it possible to start Kprinter?

Thanks and cheers, 
Rico.

Re: Ports question

[J Moore]

On Fri, Sep 30, 2005 at 03:12:33AM +0100, the unit calling itself Stuart 
Henderson wrote:
> --On 29 September 2005 20:36 -0500, J Moore wrote:
> 
> >Can someone tell me if and when  the clamav in the -stable tree is
> >going to have the security flaw  patched?
> 
> On Wednesday just gone.
> 
> 

I get the following errors when trying to make clamav v0.87 from the 
-stable ports tree:

server-th.o(.text+0x98a): In function `acceptloop_th':
: undefined reference to `cl_dup'
collect2: ld returned 1 exit status
*** Error code 1

Stop in /usr/ports/security/clamav/w-clamav-0.87/clamav-0.87/clamd (line 
322 of Makefile).
*** Error code 1

Stop in /usr/ports/security/clamav/w-clamav-0.87/clamav-0.87 (line 368 
of Makefile).
*** Error code 1

Stop in /usr/ports/security/clamav/w-clamav-0.87/clamav-0.87 (line 227 
of Makefile).
*** Error code 1

Stop in /usr/ports/security/clamav (line 1769 of 
/usr/ports/infrastructure/mk/bsd.port.mk).