Re: installing symux, can't load libraries
On Thu, 5 Aug 2010 15:30:18 -0600 David Hardy wrote: > I'm trying to install symux, and when I try and run it I get: > > /usr/local/libexec/symux: can't load library 'libfontconfig.so.6.0' > > i have installed xbase47.tgz (it wasn't installed originally), and the > library is there in /usr/X11R6/lib and I have run 'ldconfig /usr/X11R6/lib'. > I have also added that to shlib_dirs in rc.conf and rebooted. > > odd thing is if I run 'ldconfig /usr/X11R6/lib' and then try symux, I get > "can't load library 'librrd.so.3.0'". If I run "ldconfig /usr/local/lib", I > get the original "can't load library 'libfontconfig.so.6.0'" if I run > "ldconfig /usr/X11R6/lib /usr/local/lib" i get "can't load library > 'libfontconfig.so.6.0'". > > I know it's something simple, but I'm tearing my hear out with this. I'm > thinking it has something to do wit the fact that I de-selected xbase47.tgz > when I originally installed the OS. Any ideas? > > thanks > > david > I think you need libfontconfig.so.*, libfontconfig.a libfontconfig.la, libfreetype_pic.a, libfreetype_pic.a, libfreetype.so.* copying out of xbase47.tgz to the local system. I may have missed something, let me know and I'll check further, but you were certainly on the right lines. Be warned rrd (i think it's that part) requires shell and you may have to do some jigory pokery to keep yourself happy with the security/chroot setup.
Re: CARP + PF
Oh I see, so carp_up would be when its acting as master and carp_down for when its acting as a backup? Stu --- On Thu, 5/8/10, Claer wrote: From: Claer Subject: Re: CARP + PF To: misc@openbsd.org Date: Thursday, 5 August, 2010, 16:59 On Thu, Aug 05 2010 at 50:12, Z Wing wrote: [...] > The question I have is how do I get dhclient working with the cable modem, > given that the IP address is dynamic? dhclient doesn't work when the carp > interface is in INIT mode and I'm not sure how to get carp to "share" the IP > address between the 2 boxes. I presume that this must be possible to do as I > am sure others would want to do it too. > > What would the best way of doing this be? My criteria is: > > - 1 cable modem with an IP assigned by my provider via DHCP > - 1 dsl modem with statically assigned IPs > - 2 boxes running OpenBSD, 1 master and 1 backup. If the master goes down, the > backup takes over the master's duties and routes traffic through the cable > modem and dsl modem according to my routing/firewall rules [which I am happy > with - basically load balancing through various NAT rules] > > I'd appreciate any comments or advice I wouldn't use carp for the Internet connections but for the LAN interfaces. For establishing Internet connections, one can use ifstated using the CARP state of the lan interface. You'll end up with a simple state machine (in pseudo language): carp init : if carp.up state carp_up if carp.down state carp_down carp_up : start dhclient, pppoe on dsl pfctl -f if carp.down state carp_down carp_down : stop dhclient, pppoe if carp.up state carp_up
wssh et al exit codes in ksh.kshrc
Hi,
I like getting the correct exitcodes from my call to ssh when running
through wssh.
If found useful could be applied to the other w...'s too.
-Mischa
Index: ksh.kshrc
===
RCS file: /cvs/src/etc/ksh.kshrc,v
retrieving revision 1.14
diff -u -r1.14 ksh.kshrc
--- ksh.kshrc 7 Aug 2009 09:05:24 - 1.14
+++ ksh.kshrc 6 Aug 2010 10:44:27 -
@@ -103,8 +103,10 @@
wssh ()
{
"ssh" "$@"
+ typeset r=$?
eval istripe
eval stripe
+ return $r
}
wtelnet ()
{
Re: apachectl graceful on a running chrooted apache on 4.7 stops it the first time and starts with the new configuration only when specified a second time
On Fri, Aug 6, 2010 at 6:23 AM, Kevin Chadwick wrote: > > Sorry, just noticed the subject and looked closer, are you sure it does > restart. Cos that second logs looks like a start after a stop. > > I guess the first restart failed but it did stop and the second restart > failed but it did start. I remember some discussion about changing the > script so maybe that's why or maybe it has always done that?. I'll > compare them later, but I'm sure someone will know why. > Result of first apachectl graceful is running apache stops. Do another apachectl graceful the stopped apache starts with the config changes :-) hope you got it clear? thanks --Siju
Re: wssh et al exit codes in ksh.kshrc
On Fri, Aug 06, 2010 at 12:48:03PM +0200, md+openbsd_m...@mailq.de wrote: | Hi, | | I like getting the correct exitcodes from my call to ssh when running | through wssh. | | If found useful could be applied to the other w...'s too. Was already applied to the other w...'s by otto@ in April. See [1]. Upgrade to -current now or wait for 4.8. Paul 'WEiRD' de Weerd [1]: http://www.openbsd.org/cgi-bin/cvsweb/src/etc/ksh.kshrc.diff?r1=1.14;r2=1.15 -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Re: wssh et al exit codes in ksh.kshrc
Already fixed in -current (since Mon Apr 26 09:04:15 2010 UTC) Cheers, David On Fri, Aug 6, 2010 at 12:48 PM, wrote: > Hi, > > I like getting the correct exitcodes from my call to ssh when running > through wssh. > > If found useful could be applied to the other w...'s too.
Re: UTF-8
On Thu, Aug 05, 2010 at 12:49:07PM +, Matthew Szudzik wrote: > On Wed, Aug 04, 2010 at 01:36:17PM -0700, Matthew Dempsky wrote: > > Is there any useful documentation that explains how you're supposed to > > write C code and what's changed under the i18n New World Order? From > > your message, it sounds like we're going to have to rewrite nearly all > > of our user-space code... > > Not only does switching to unicode require a lot of work, but it > requires perpetual, unending work. Unicode has the foolish goal of > including all known characters, so every time a country invents a new > currency symbol, for example, the unicode fonts (such as DejaVu) must be > updated to include the symbol and the C library has to be updated to > recognize that the symbol is printable, and so on. It requires constant > maintenance. So what ? human languages are complicated. It's great that finally, some large proportion of humanity is not ignored. Your view is so narrow-minded, this is mind-boggling. Do you realize that almost 1 billion people live in India ? and more than that in China ? Do you think there is proper support for the languages of those people outside of unicode ? (hint: even there, it's tough. If you have time, check the logs of qt, see all the fixes about accents and other diacritics marks in languages you may never have heard off... which often are the native tongues of 10s of MILLIONS of people in the world). > But it's even worse, because unicode also violates the principle > (established by Alan Turing in 1936) that any two characters should be > humanly distinguishable "at a glance". This has led to the invention of > punycode for translating unicode strings into humanly distinguishable > ASCII strings. But then why did we switch from ASCII to unicode in the > first place? Stay in your backwaters county, redneck. Anyways, you're a troll, and you're not really relevant. Rest assured that OpenBSD developers are interested in better i18n support. It goes slow, because it's a tough problem, and yeah, we don't want to create security issues, and yeah, we have to be really, really careful about a lot of things. Don't like it ? feel free to leave. Ou, si tu prifhres, va te faire voir ailleurs... ;-)
NAT OpenVPN clients on internal network
Dear list members
I've got a small problem with my obenbsd based vpn gateway.
There are 2 physical interfaces (vr0 <- wan, vr1 <- lan) and the openvpn
tunnel interface (tun0)
VPN clients have an ip address assigned out of the range 10.176.3.0/24,
LAN clients out of the range 10.176.0.0/23.
Now I'd like to NAT the VPN clients to the LAN address of the gateway
(10.176.0.1) (There are clients in the network whitout a default gateway
and I do not want to add the 10.176.3.0/24 route to every device in the
network).
I thought that this is an easy task to accomplish but I do not get the
nat tun0->vr1 working:
My pf configuration is:
wan_if = "vr0"
lan_if = "vr1"
vpn_if = "tun0"
lan_net = $lan_if:network
vpn_net = "10.176.3.0/24"
pass quick on lo0
block return log on $wan_if all
pass out on $wan_if proto icmp all keep state
pass on $wan_if inet proto icmp all icmp-type 8 code 0
pass out on $wan_if proto udp all keep state
pass in on $wan_if proto udp from any to any port { 53 123 1194 }
pass out on $wan_if proto tcp all modulate state
pass in on $wan_if proto tcp from any to any port { 22 64321 }
match out on $wan_if from ($lan_net) nat-to ($wan_if:0)
match out on $lan_if from $vpn_net nat-to ($lan_if:0)
tcpdump:
tcpdump -i vr1
'icmp'
tcpdump: listening on vr1, link-type EN10MB
15:34:30.524786 10.176.3.6 > 10.176.0.4: icmp: echo request (DF)
15:34:31.520010 10.176.3.6 > 10.176.0.4: icmp: echo request (DF)
15:34:32.515313 10.176.3.6 > 10.176.0.4: icmp: echo request (DF)
Anyone an idea what i miss?
regards andre
Seks partneri arayan bayanlar bu adreste - 8878xs706x6438
Erotizm elitdostlar' da yaE anD1r... Size C6zel, gizli, sD1nD1rsD1z iliE kiler kurmak, arkadaE , partner bulmak, fantazilerinizi yaE amak, seks hayatD1nD1za renk katmak veya cinsel konularda rahatC'a konuE mak, bilgilenmek, iC'in TC
Re: UTF-8
> Rest assured that OpenBSD developers are interested in better i18n support. > It goes slow, because it's a tough problem, and yeah, we don't want to > create security issues, and yeah, we have to be really, really careful about > a lot of things. > I'd hope everyone is interested in better i18n support but I certainly don't envy your task. The best luck to anyone involved
Re: UTF-8
On Friday 06 August 2010 07:31:45 Marc Espie wrote: > On Thu, Aug 05, 2010 at 12:49:07PM +, Matthew Szudzik wrote: > > On Wed, Aug 04, 2010 at 01:36:17PM -0700, Matthew Dempsky wrote: > > > Is there any useful documentation that explains how you're supposed to > > > write C code and what's changed under the i18n New World Order? From > > > your message, it sounds like we're going to have to rewrite nearly all > > > of our user-space code... > > > > Not only does switching to unicode require a lot of work, but it > > requires perpetual, unending work. Unicode has the foolish goal of > > including all known characters, so every time a country invents a new > > currency symbol, for example, the unicode fonts (such as DejaVu) must be > > updated to include the symbol and the C library has to be updated to > > recognize that the symbol is printable, and so on. It requires constant > > maintenance. > > So what ? human languages are complicated. It's great that finally, some > large proportion of humanity is not ignored. > > Your view is so narrow-minded, this is mind-boggling. > > Do you realize that almost 1 billion people live in India ? and more than > that in China ? Do you think there is proper support for the languages of > those people outside of unicode ? (hint: even there, it's tough. If you > have time, check the logs of qt, see all the fixes about accents and other > diacritics marks in languages you may never have heard off... which often > are the native tongues of 10s of MILLIONS of people in the world). > > > But it's even worse, because unicode also violates the principle > > (established by Alan Turing in 1936) that any two characters should be > > humanly distinguishable "at a glance". This has led to the invention of > > punycode for translating unicode strings into humanly distinguishable > > ASCII strings. But then why did we switch from ASCII to unicode in the > > first place? > > Stay in your backwaters county, redneck. > > Anyways, you're a troll, and you're not really relevant. > > Rest assured that OpenBSD developers are interested in better i18n support. > It goes slow, because it's a tough problem, and yeah, we don't want to > create security issues, and yeah, we have to be really, really careful > about a lot of things. > > Don't like it ? feel free to leave. > > Ou, si tu prifhres, va te faire voir ailleurs... ;-) Thank you Marc. I started to write something twice but I devolved into much less useful language, talking about this. I'm going to keep this handy, for future such conversations, see if I can expand it a bit. I begin to think that this is uniquely an American thing, not understanding about the rest of the world and computer usage. Despite the added complexity it's a wonderful thing, making computers mold to people rather than the other way. -- STeve Andre' Disease Control Warden Dept. of Political Science Michigan State University A day without Windows is like a day without a nuclear incident.
How much disk space should be maintained for /usr/obj
Hi, How much space should i put for a separated partition , mounted on /usr/obj , is 4 GiB more or less ? Thanks
Re: installing symux, can't load libraries
Something is really screwy here...libfontconfig.so.* and libfreetype.* are already there - and even copying them to /usr/lib doesn't help. ldconfig -m doesn't help. ldconfig -r even lists it: 40:-lfontconfig.6.0 => /usr/lib/libfontconfig.so.6.0 and ldconfig -R /usr/X11R6/lib adds all the libs in that directory just fine. but still: /usr/local/libexec/symux: can't load library 'libfontconfig.so.6.0' I wonder if it can't load not because it can't find it, but for some other reason - but I'd think it would give a different error. david On Thu, Aug 5, 2010 at 6:50 PM, wrote: > Hi, > > Try ldconfig -m > > -m Merge the result of the scan of the directories given as > arguments into the existing hints file. > > www.compumundohypermegared.org > > -Original Message- > From: David Hardy > Sender: owner-m...@openbsd.orgdate: Thu, 5 Aug 2010 15:30:18 > To: > Subject: installing symux, can't load libraries > > I'm trying to install symux, and when I try and run it I get: > > /usr/local/libexec/symux: can't load library 'libfontconfig.so.6.0' > > i have installed xbase47.tgz (it wasn't installed originally), and the > library is there in /usr/X11R6/lib and I have run 'ldconfig > /usr/X11R6/lib'. > I have also added that to shlib_dirs in rc.conf and rebooted. > > odd thing is if I run 'ldconfig /usr/X11R6/lib' and then try symux, I get > "can't load library 'librrd.so.3.0'". If I run "ldconfig /usr/local/lib", I > get the original "can't load library 'libfontconfig.so.6.0'" if I run > "ldconfig /usr/X11R6/lib /usr/local/lib" i get "can't load library > 'libfontconfig.so.6.0'". > > I know it's something simple, but I'm tearing my hear out with this. I'm > thinking it has something to do wit the fact that I de-selected xbase47.tgz > when I originally installed the OS. Any ideas? > > thanks > > david
Re: dhcp and bridge problem
I did some more research. I don't think I find something useful. I'm attaching pcap files from each interface when Ethernet broadcast is working and the it stop to work. You can see arp who has messages, they also stop to work around 14:18:24. I think the whole problem is because of 00:e0:4c:4c:40:91 machine which sends arp who-has every two seconds, if I unplug this machine from switch everything is working fine (I'm not able to break the bridge). If someone is interested in more details about this strange bug please contact me off the list. On Fri, Aug 06, 2010 at 01:34:05AM +0100, Mikolaj Kucharski wrote: > No, sorry, false alarm. It stopped to work again. After rebooting one of > the virtual machines none of the machines on the bridge (when using > Ethernet broadcast) is able to get the lease again. You can get lease > only when you plug the calbe where the dhcpd(8) is running (on sis0). > > Fedora, the vm host, is bridging VMs with physical network card. > > > openbsd [ bridge0 ( sis0 sis1 sis2 sis3 ) ] --- cable from sis3 to switch --| > fedora [ virbr0 ( eth0 vnet0 ) ] ecable from eth0 to switch ---| > > > > I'm puzzled with that, don't even know how to troubleshoot this. Any one > is willing to help me? :/ > > > OpenBSD 4.8-beta (GENERIC) #87: Wed Aug 4 20:16:06 MDT 2010 > dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC > > > > References > 1. http://marc.info/?l=openbsd-misc&m=128088020301868&w=2 -- best regards q# [demime 1.01d removed an attachment of type application/x-tar-gz]
Escort Bayanlar Bu Sitede - 3168gb3997g728
Erotizm elitdostlar' da yaC>anC=r... Size C6zel, gizli, sC=nC=rsC=z iliC>kiler kurmak, arkadaC>, partner bulmak, fantazilerinizi yaC>amak, seks hayatC=nC=za renk katmak veya cinsel konularda rahatC'a konuC>mak, bilgilenmek, iC'in TCi olmayan site elitdostlar' a siz de C iC'in TC=klayC=n
Re: How much disk space should be maintained for /usr/obj
On 08/06/10 18:38, Aaron Lewis wrote: > Hi, > How much space should i put for a separated partition , mounted on > /usr/obj , is 4 GiB more or less ? > > Thanks 4GB is significantly bigger than any platform I've seen needs. 2GB is sufficient for just about everything now (that's from memory, not actually looking in the last week or two). However, odds are, you have 4GB to spare, so go ahead, use it. Nick;.
Re: addon to website faq
I'm hesitant to provide detailed guidance in the use of Linux-based solutions, as verifying they still work release after release (of OpenBSD and all the various linux distributions and all the hosting options) just won't happen by me, and I'll never hear from you again after it is committed. I'm also a bit dubious about anything which involves qemu as a solution, as I've seen too many people immediately jump on using qemu when much easier and simpler ways of doing the same thing exist (i.e., "use another computer"). This may be appropriate in this case, or maybe not, your outline was full of qemu-isms and such that I'm not familiar with. Yes, it is a neat project, but it is too often treated as the solution in search of a problem. Keep in mind, the goal here is to install OpenBSD on a remote machine which has Linux on it, not to become a qemu expert, and I'd also suggest not assuming someone is a Linux expert. Very brief links to well-maintained external sites would probably be more appropriate. Directions should be very "understanding" based, not "type this and don't ask why". Note that we already have 4.13, which I think is a more appropriate location than faq9.html (this is about "how do I install", not "how is this different from other Unix-like OSs"). Nick. On 08/05/10 08:11, Matthew Gladkikh wrote: > Aha ok what about incorporating both of this solutions in FAQ? - the way I > described is absolutely native and easy - works on most linux systems as QEMU > and it's VNC is working fine by default - and installation is absolutely > straightforward as described in FAQ - the only things need to be fixed later - > virtual - the names of hdd device and virtual network interface to real ones. > This is really simple but there is no info on this on the net. > > There are really not so many OpenBSD hosting providers on the planet but most > good ones do not object if owner will setup OpenBSD himself. > > Lets write both "dd" and "qemu" way in FAQ, aha? > > Cheers, > Mot > > On Aug 5, 2010, at 3:53 PM, Olivier Mehani wrote: > >> On Thu, Aug 05, 2010 at 01:31:41PM +0400, Matthew Gladkikh wrote: >>> Hello, I would like to add some usefull tip to >>> http://www.openbsd.org/faq/faq9.html >>> It is how to convert existing linux machine to openbsd on hosting > providers >>> that do not provide openbsd support but do provide rescue mode. >>> It is simple like starting obsd install in qemu (in rescue cd mode), > accessing >>> it via vnc, installing, fixing /etc/fstab /etc/hostname.if and rebooting > whole >>> server to openbsd system. >>> Is it interesting addon? >> >> The situation seems to be more and more frequent. However, the qemu then > VNC >> solution may ne be the most effcient. >> >> I recently had that problem and use Yaifo [0] which, provided one >> already working OpenBSD system (or a quick install thereoy in your >> favorite VM), can build an install image from the source which has the >> install script running over SSH. >> >> You then just have to dd that image at the beginning of the disk of the >> target machine using its rescue mode. When you have rebooted, you only >> need to SSH into that machine and proceed through a completely standard >> installation. >> >> [0] http://erdelynet.com/tech/yaifo/yaifo-4-7-beta/ >> >> -- >> Olivier Mehani >> PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE F5F9 F012 A6E2 98C6 6655
Re: installing symux, can't load libraries
On Fri, 6 Aug 2010 09:00:11 -0600 David Hardy wrote: > Something is really screwy here...libfontconfig.so.* and libfreetype.* are > already there - and even copying them to /usr/lib doesn't help. ldconfig -m > doesn't help. ldconfig -r even lists it: > > 40:-lfontconfig.6.0 => /usr/lib/libfontconfig.so.6.0 > > and ldconfig -R /usr/X11R6/lib adds all the libs in that directory just > fine. > > but still: > > > /usr/local/libexec/symux: can't load library 'libfontconfig.so.6.0' > > I wonder if it can't load not because it can't find it, but for some other > reason - but I'd think it would give a different error. > > david > > On Thu, Aug 5, 2010 at 6:50 PM, wrote: > > > Hi, > > > > Try ldconfig -m > > > > -m Merge the result of the scan of the directories given as > > arguments into the existing hints file. > > > > www.compumundohypermegared.org > > > > -Original Message- > > From: David Hardy > > Sender: owner-m...@openbsd.orgdate: Thu, 5 Aug 2010 15:30:18 > > To: > > Subject: installing symux, can't load libraries > > > > I'm trying to install symux, and when I try and run it I get: > > > > /usr/local/libexec/symux: can't load library 'libfontconfig.so.6.0' > > > > i have installed xbase47.tgz (it wasn't installed originally), and the > > library is there in /usr/X11R6/lib and I have run 'ldconfig > > /usr/X11R6/lib'. > > I have also added that to shlib_dirs in rc.conf and rebooted. > > > > odd thing is if I run 'ldconfig /usr/X11R6/lib' and then try symux, I get > > "can't load library 'librrd.so.3.0'". If I run "ldconfig /usr/local/lib", I > > get the original "can't load library 'libfontconfig.so.6.0'" if I run > > "ldconfig /usr/X11R6/lib /usr/local/lib" i get "can't load library > > 'libfontconfig.so.6.0'". > > > > I know it's something simple, but I'm tearing my hear out with this. I'm > > thinking it has something to do wit the fact that I de-selected xbase47.tgz > > when I originally installed the OS. Any ideas? > > > > thanks > > > > david > I'm trying to remember and/or look into what I did a while back, when I first responded I didn't realise you had since installed xbase, sorry. Try running it with /bin/systrace -A in front and see if the created policy gives an insight. Maybe it wants libs in another place like the chroot or something. I'll look more closely at my setup and scripts if that doesn't throw any light on it.
Niagra NIC Cards
Greetings Folks, I wanted to ask if anyone on the list has tried using one of the Niagra NIC Cards on OpenBSD? any success/failure to it? http://www.interfacemasters.com/products/network_interface_card_with_bypass.h tml any help/comment would be awesomely appreciated. manythanks, -B -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
qmail and the maildir-uniq.patch
Does anyone know if the following patch is a good idea for OpenBSD or simply never needed no matter how many mails you process. http://vorlon.cwru.edu/~tmb2/qmail-1.03/qmail-1.03-maildir-uniq.patch which does the following Some operating systems quickly recycle PIDs, which can lead to collisions between Maildir-style filenames, which must be unique and non-repeatable within one second. This patch is just a means of updating qmail-local to use the format of the revised Maildir protocol, available at: http://cr.yp.to/proto/maildir.html It uses four unique identifiers: * inode number of the file written to Maildir/tmp * device number of the file written to Maildir/tmp * time in microseconds * the PID of the writing process
Re: addon to website faq
On Fri, 06 Aug 2010 12:14:09 -0400 Nick Holland wrote: > I'm also a bit dubious about anything which involves qemu as a solution, > as I've seen too many people immediately jump on using qemu when much > easier and simpler ways of doing the same thing exist (i.e., "use > another computer"). Kernel Virtual Machine maybe a more reliable/leaner option but even that did/does? have a problem since 4.6 requiring mpbios be disabled with boot -c.
Re: xxkb in 4.8-BETA
On Mon, 2 Aug 2010 14:08:24 +0300, Gregory Edigarov wrote: > Hello, > > > There is a trouble switching keyboard maps in 4.8-BETA: > Section "InputDevice" > Identifier "Keyboard0" > Driver "kbd" > Option "XkbModel" "pc105" > Option "XkbLayout" "us,ru" > Option "XkbOptions" > "grp_led:scroll,grp:ctrl_shift_toggle" EndSection > strange, but this only adds only "us" layout, so I've put > > setxkbmap -layout us,ru > > into my .xsession file, and after that everithing works fine. > > A week or so ago, I upgraded to a snapshot and had this same problem, in X log, it would write ... [266813.036] (**) Mouse0: (accel) acceleration threshold: 4 [266813.037] (**) Option "CoreKeyboard" [266813.037] (**) Keyboard0: always reports core events [266813.037] (**) Option "Protocol" "standard" [266813.037] (**) Keyboard0: Protocol: standard *** [266813.037] (--) Keyboard0: using wscons layout us *** [266813.037] (**) Option "XkbRules" "xorg" [266813.037] (**) Keyboard0: XkbRules: "xorg" [266813.037] (**) Option "XkbModel" "pc104" [266813.037] (**) Keyboard0: XkbModel: "pc104" [266813.037] (**) Option "XkbLayout" "us" [266813.037] (**) Keyboard0: XkbLayout: "us" [266813.037] (**) Option "XkbVariant" ",winkeys" ... While I had Option "XkbLayout" "lv,ru" in my xorg.conf... So I checked out the latest /usr/xenocara, compiled it and the problem was already gone.
Re: qmail and the maildir-uniq.patch
On Fri, Aug 6, 2010 at 11:06 AM, Kevin Chadwick wrote: > Does anyone know if the following patch is a good idea for OpenBSD or > simply never needed no matter how many mails you process. > > http://vorlon.cwru.edu/~tmb2/qmail-1.03/qmail-1.03-maildir-uniq.patch I would not use that patch. There are some sloppy mistakes (e.g., not correctly mangling hostnames to spec), so it makes me nervous whether or not the author made sure the fntmptph and fnnewtph buffers are large enough for his new string formats. They're certainly not if an attacker controlled what gethostname(3) returns, but that's a bit of a stretch...
Re: How much disk space should be maintained for /usr/obj
Subject:From: Nick Holland Date: 2010-08-06 15:49:46 > On 08/06/10 18:38, Aaron Lewis wrote: > > Hi, > > How much space should i put for a separated partition , mounted on > > /usr/obj , is 4 GiB more or less ? > > > > Thanks > > 4GB is significantly bigger than any platform I've seen needs. > 2GB is sufficient for just about everything now (that's from memory, not > actually looking in the last week or two). However, odds are, you have > 4GB to spare, so go ahead, use it. > > Nick;. IIRC, 2GB was not sufficient when I tried to build Java on i386. -- Ed Ahlsen-Girard, Contractor (EITC) AFSOC/A6OK email: "edward.ahlsen-girard@hurlburt.af.mil" 850-884-2414 DSN: 579-2414
Re: How much disk space should be maintained for /usr/obj
On Fri, Aug 06, 2010 at 12:18:06PM -0500, Ahlsen-Girard, Edward F CTR USAF AFSOC AFSOC/A6OK wrote: > Nick Holland wrote: > > On 08/06/10 18:38, Aaron Lewis wrote: > > > How much space should i put for a separated partition, mounted on > > > /usr/obj, is 4 GiB more or less ? > > > > 4GB is significantly bigger than any platform I've seen needs. 2GB > > is sufficient for just about everything now (that's from memory, not > > actually looking in the last week or two). However, odds are, you > > have 4GB to spare, so go ahead, use it. > > IIRC, 2GB was not sufficient when I tried to build Java on i386. 2GB is not necessarily enough for monster ports like OpenOffice, but /usr/obj is for building the system... Joachim -- TFMotD: yacc (1) - an LALR(1) parser generator
Re: addon to website faq
On Fri, Aug 06, 2010 at 06:19:07PM +0100, Kevin Chadwick wrote: > On Fri, 06 Aug 2010 12:14:09 -0400 > Nick Holland wrote: > > > I'm also a bit dubious about anything which involves qemu as a solution, > > as I've seen too many people immediately jump on using qemu when much > > easier and simpler ways of doing the same thing exist (i.e., "use > > another computer"). > > Kernel Virtual Machine maybe a more reliable/leaner option but even that > did/does? have a problem since 4.6 requiring mpbios be disabled with > boot -c. You don't want to rely on KVM - that'd mean that people need to get their Linux machine updated and setup before they can install OpenBSD. *Most* people who want to run OpenBSD on a server will have a local install lying around... Joachim
weird video(4)/uvideo(4) behaviour on suspend/resume
Hi,
I got an issue with video(4)/uvideo(4). If,
during bootup or at any point in time after
that, I move the lid of my notebook I get
the following messages:
video0 detached
uvideo0 detached
and the webcam stops working.
This is for quite some time now and I thought of
it as an hardware issue and my fault as it came
after I opened the machine to exchange my wireless
card.
But, after I played a bit with suspend and resume,
I encountered this on resume:
uvideo0 at uhub0
port 5 configuration 1 interface 0 "Sonix Technology Co., Ltd. USB 2.0 Camera"
rev 2.00/1.00 addr 2
video0 at uvideo0
and the webcam is working again.
Important: I did not touch or move the lid after
the detachment messages above!
This works reliably. If I move the lid again
it detaches and I can suspend/resume to get
it back again. It does not come back without
suspend/resume though.
I did not file a bug report through sendbug(1)
yet as I am still not confident that this is
not a hardware issue.
Any ideas or thoughts on this?
dmesg:
OpenBSD 4.8-beta (GENERIC.MP) #302: Tue Aug 3 22:21:59 MDT 2010
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Atom(TM) CPU N270 @ 1.60GHz ("GenuineIntel" 686-class) 1.60 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,xTPR,PDCM,MOVBE
real mem = 1060163584 (1011MB)
avail mem = 1032839168 (984MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 05/09/08, SMBIOS rev. 2.4 @ 0xe8e70 (32
entries)
bios0: vendor Acer version "v0.3114" date 05/09/2008
bios0: Acer AOA150
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT HPET APIC MCFG ASF! SLIC BOOT
acpi0: wakeup devices P32_(S4) UHC1(S3) UHC2(S3) UHC3(S3) UHC4(S3) ECHI(S3)
EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) AZAL(S0) MODM(S0)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 133MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Atom(TM) CPU N270 @ 1.60GHz ("GenuineIntel" 686-class) 1.60 GHz
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,xTPR,PDCM,MOVBE
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 4
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 4 (P32_)
acpiprt2 at acpi0: bus 1 (EXP1)
acpiprt3 at acpi0: bus 2 (EXP2)
acpiprt4 at acpi0: bus -1 (EXP3)
acpiprt5 at acpi0: bus 3 (EXP4)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: LID0
acpibtn2 at acpi0: SLPB
acpibat0 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpivideo0 at acpi0: OVGA
acpivout0 at acpivideo0: CRT1
acpivout1 at acpivideo0: DTV1
acpivout2 at acpivideo0: DFP1
acpivout3 at acpivideo0: LCD_
acpivout4 at acpivideo0: DTV2
acpivout5 at acpivideo0: DFP2
bios0: ROM list: 0xc/0xec00! 0xcf000/0x1000
cpu0: Enhanced SpeedStep 1597 MHz: speeds: 1600, 1333, 1066, 800 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82945GME Host" rev 0x03
vga1 at pci0 dev 2 function 0 "Intel 82945GME Video" rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0x4000, size 0x1000
inteldrm0 at vga1: apic 4 int 16 (irq 11)
drm0 at inteldrm0
"Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured
azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: apic 4 int
16 (irq 11)
azalia0: codecs: Realtek ALC268
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: apic 4 int 16
(irq 255)
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: apic 4 int 17
(irq 255)
pci2 at ppb1 bus 2
re0 at pci2 dev 0 function 0 "Realtek 8101E" rev 0x02: RTL8102EL (0x2480), apic
4 int 17 (irq 11), address 00:1e:68:ab:b0:0b
rlphy0 at re0 phy 7: RTL8201L 10/100 PHY, rev. 1
ppb2 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: apic 4 int 19
(irq 255)
pci3 at ppb2 bus 3
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 4 int 16
(irq 11)
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 4 int 17
(irq 11)
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: apic 4 int 18
(irq 11)
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: apic 4 int 19
(irq 11)
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: apic 4 int 16
(irq 11)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb3 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe2
pci4 at ppb3 bus 4
ichpcib0 at pci0 dev 31 function 0 "Intel
Re: weird video(4)/uvideo(4) behaviour on suspend/resume
> video0 detached > uvideo0 detached The intent is for all USB devices to detach. They get powered off, and we cannot maintain their state. They come back up, and we reattach them. > But, after I played a bit with suspend and resume, > I encountered this on resume: > > uvideo0 at uhub0 > port 5 configuration 1 interface 0 "Sonix Technology Co., Ltd. USB 2.0 > Camera" rev 2.00/1.00 addr 2 > video0 at uvideo0 Of course. > Important: I did not touch or move the lid after > the detachment messages above! > > This works reliably. If I move the lid again > it detaches and I can suspend/resume to get > it back again. It does not come back without > suspend/resume though. Sounds like a problem with your machine.
Re: Question about suspend+resume & X11-application buggy-ness
On 2 August 2010 00:47, Theo de Raadt wrote: > > Suspend and resumes are completely invisible, except that time makes > an uncomfortable jump forward. Processes are not made aware in any > way. There is no API to sense the transition (at this time). > What kind of approach would an API take, another socket type, like AF_ROUTE ? What about a new signal, if the default was to ignore, it wouldn't break signal semantics, although I agree that having a new signal may be too aggressive. I could benefit from such API, in mdns, if you know that you're about to lose connectivity you should issue a cache flush on your records, therefore it would be nice to receive an event such "about to suspend". I got my hands full right now but it seems like a nice thing to code in future.
Re: Question about suspend+resume & X11-application buggy-ness
On Fri, Aug 6, 2010 at 5:01 PM, Christiano F. Haesbaert wrote: > On 2 August 2010 00:47, Theo de Raadt wrote: >> >> Suspend and resumes are completely invisible, except that time makes >> an uncomfortable jump forward. Processes are not made aware in any >> way. There is no API to sense the transition (at this time). >> > > What kind of approach would an API take, another socket type, like AF_ROUTE ? > > What about a new signal, if the default was to ignore, it wouldn't > break signal semantics, although I agree that having a new signal may > be too aggressive. > > I could benefit from such API, in mdns, if you know that you're about > to lose connectivity you should issue a cache flush on your records, > therefore it would be nice to receive an event such "about to > suspend". > > I got my hands full right now but it seems like a nice thing to code in > future. echo pkill -SIGOMG poniesd >> /etc/apm/suspend
Re: Question about suspend+resume & X11-application buggy-ness
On 6 August 2010 18:14, Ted Unangst wrote: > On Fri, Aug 6, 2010 at 5:01 PM, Christiano F. Haesbaert > wrote: >> On 2 August 2010 00:47, Theo de Raadt wrote: >>> >>> Suspend and resumes are completely invisible, except that time makes >>> an uncomfortable jump forward. Processes are not made aware in any >>> way. There is no API to sense the transition (at this time). >>> >> >> What kind of approach would an API take, another socket type, like AF_ROUTE ? >> >> What about a new signal, if the default was to ignore, it wouldn't >> break signal semantics, although I agree that having a new signal may >> be too aggressive. >> >> I could benefit from such API, in mdns, if you know that you're about >> to lose connectivity you should issue a cache flush on your records, >> therefore it would be nice to receive an event such "about to >> suspend". >> >> I got my hands full right now but it seems like a nice thing to code in >> future. > > echo pkill -SIGOMG poniesd >> /etc/apm/suspend > Sweet, disregard my previous post.
Glitches with (some?) X apps
Hi, With macppc snapshot install from Aug 3rd I was able to, once again, run firefox (v 3.6.8). But there are some drawing glitches in the UI. The Gimp port finally finished building and it too is demonstrating similar artifacts. They resemble the color shifts one would see when using apps that install their own colormap, but not quite. I'm not certain if this is an X issue or if the problem is at a higher level in the app or the toolkit (gtk+2). I don't run many X apps, the few others (wmapm, xv image viewer, xpdf) have much simpler UI interfaces and don't show issues. I placed three screen shots demonstrating the "glitch" over here: http://sidster.com/scratch/glitch/ With firefox and gmail interface as an example, you see the outline of check-boxes aren't drawn. If I roll-over them with the pointer they redraw but once the pointer is moved away they disappear. But if I check one of them (as shown), the outline for that check-box and all check-boxes below it remain drawn. Also included are dmesg[1], X log and conf. Any ideas as to the cause? I am assuming no one is having issues with -current and associated ports on other platforms. I'm just not sure how many others use macppc -current on a daily basis. Thanks, --patrick [1] Possibly not relevant, but it's my first time seeing this: attempting to restore vector in use vecproc 0 veccpu 6b0ff0
Re: NAT OpenVPN clients on internal network
"match" isn't an operation by itself. it sets options which "stick" to
packets and are applied by the _next pass rule that matches that packet_.
if there is no following pass rule to match that packet, nothing happens.
On 2010-08-06, Andre Keller wrote:
> Dear list members
>
> I've got a small problem with my obenbsd based vpn gateway.
>
> There are 2 physical interfaces (vr0 <- wan, vr1 <- lan) and the openvpn
> tunnel interface (tun0)
>
> VPN clients have an ip address assigned out of the range 10.176.3.0/24,
> LAN clients out of the range 10.176.0.0/23.
>
>
> Now I'd like to NAT the VPN clients to the LAN address of the gateway
> (10.176.0.1) (There are clients in the network whitout a default gateway
> and I do not want to add the 10.176.3.0/24 route to every device in the
> network).
>
> I thought that this is an easy task to accomplish but I do not get the
> nat tun0->vr1 working:
>
> My pf configuration is:
> wan_if = "vr0"
> lan_if = "vr1"
> vpn_if = "tun0"
> lan_net = $lan_if:network
> vpn_net = "10.176.3.0/24"
> pass quick on lo0
> block return log on $wan_if all
> pass out on $wan_if proto icmp all keep state
> pass on $wan_if inet proto icmp all icmp-type 8 code 0
> pass out on $wan_if proto udp all keep state
> pass in on $wan_if proto udp from any to any port { 53 123 1194 }
> pass out on $wan_if proto tcp all modulate state
> pass in on $wan_if proto tcp from any to any port { 22 64321 }
> match out on $wan_if from ($lan_net) nat-to ($wan_if:0)
> match out on $lan_if from $vpn_net nat-to ($lan_if:0)
>
> tcpdump:
> tcpdump -i vr1
> 'icmp'
> tcpdump: listening on vr1, link-type EN10MB
> 15:34:30.524786 10.176.3.6 > 10.176.0.4: icmp: echo request (DF)
> 15:34:31.520010 10.176.3.6 > 10.176.0.4: icmp: echo request (DF)
> 15:34:32.515313 10.176.3.6 > 10.176.0.4: icmp: echo request (DF)
>
>
> Anyone an idea what i miss?
>
> regards andre
Re: installing symux, can't load libraries
On 2010-08-05, David Hardy wrote: > I'm trying to install symux, and when I try and run it I get: > > /usr/local/libexec/symux: can't load library 'libfontconfig.so.6.0' > > i have installed xbase47.tgz (it wasn't installed originally), and the > library is there in /usr/X11R6/lib and I have run 'ldconfig /usr/X11R6/lib'. > I have also added that to shlib_dirs in rc.conf and rebooted. remove it from shlib_dirs and try rebooting again. > odd thing is if I run 'ldconfig /usr/X11R6/lib' and then try symux, I get this (no -m) discards the other directories from the cache. > "can't load library 'librrd.so.3.0'". If I run "ldconfig /usr/local/lib", I > get the original "can't load library 'libfontconfig.so.6.0'" if I run > "ldconfig /usr/X11R6/lib /usr/local/lib" i get "can't load library > 'libfontconfig.so.6.0'". > > I know it's something simple, but I'm tearing my hear out with this. I'm > thinking it has something to do wit the fact that I de-selected xbase47.tgz > when I originally installed the OS. Any ideas? http://www.openbsd.org/faq/faq4.html#AddFileSet
Re: No VLAN Tag seen by switch on CARP interface on VLAN interface
It's not for nothing that we ask for the dmesg. http://www.openbsd.org/report.html Save pastebin for chat, inline is better in emails.. On 2010-08-05, Steve Johnson wrote: > Hi, > > I had written below some details on the problem that I was seeing, and I > was doing a bit more investigating and did a port monitor on our > switches on the OBSD relative interface, as well as some TCP dumps on > the OBSD box. > > The dump on the OBSD box shows that ARP replies include 802.1Q traffic > for ARP replies of both the real VLAN interface IP address, as well as > the CARP interface on that VLAN interface. > > However, the port monitor of the switch only shows the ARP reply from > the real interface as having the 802.1Q information, and is not seeing > any 802.1Q information for the ARP reply of the CARP interface. > > I've again added the full traces in a pastebin, to not overcrowd the > email, but feel free to let me know if it's not viewed as a good > practice :-) > http://pastebin.com/mS8U1KXe > > Would anyone have a clue as to why I would see this behaviour or what I > could do to correct it? I'm pretty sure that this would be the reason > why ARP replies are not getting to the requesting system. > > Thanks again, > Steve > > > On 08/03/2010 12:57 PM, Steve Johnson wrote: >> Hi, >> >> I have an issue with setting up CARP interfaces for VLAN system >> interfaces. For some reason, the CARP interface is unreachable from any >> host except the MASTER node, and it seems like the ARP requests are not >> reaching the destination hosts, yet they are sent by the OBSD systems, >> on both the VLAN interface, and the real interface with a vid tag on the >> proper VLAN ID. The switches do have the the MAC address in their ARP >> tables though. The weird thing is that the same setup creates no issues >> whatsoever for all CARP interfaces bound to physical interfaces, and not >> to VLAN interfaces. Here is a drilldown of the situation: >> >> - PF is disabled >> - All systems (including both nodes) can reach the VLAN interface IP >> addresses >> - All CARP interfaces are part of a secondary group >> - CARP demotes, system reboots and shutting interfaces all properly >> switch the CARP master and backup for the whole group >> - A CARP master/backup switch properly updates the MAC address table in >> the switches >> - All systems can reach the CARP interface IPs for CARP interfaces set >> on non-VLAN interfaces >> - No system (except the system that is the CARP MASTER) can reach the >> CARP interface IPs that are set on VLAN interfaces >> >> Below are configuration details, tcpdumps and logs that detail the setup. >> http://pastebin.com/hbwrKmVr >> >> Any idea as to what could be causing this would be appreciated! >> >> Thanks, >> Steve Johnson
Re: NAT OpenVPN clients on internal network
2010/8/6 Andre Keller :
> Dear list members
>
> I've got a small problem with my obenbsd based vpn gateway.
>
> There are 2 physical interfaces (vr0 <- wan, vr1 <- lan) and the openvpn
> tunnel interface (tun0)
>
> VPN clients have an ip address assigned out of the range 10.176.3.0/24,
> LAN clients out of the range 10.176.0.0/23.
>
>
> Now I'd like to NAT the VPN clients to the LAN address of the gateway
> (10.176.0.1) (There are clients in the network whitout a default gateway
> and I do not want to add the 10.176.3.0/24 route to every device in the
> network).
>
> I thought that this is an easy task to accomplish but I do not get the
> nat tun0->vr1 working:
>
> My pf configuration is:
> wan_if = "vr0"
> lan_if = "vr1"
> vpn_if = "tun0"
> lan_net = $lan_if:network
> vpn_net = "10.176.3.0/24"
> pass quick on lo0
> block return log on $wan_if all
> pass out on $wan_if proto icmp all keep state
> pass on $wan_if inet proto icmp all icmp-type 8 code 0
> pass out on $wan_if proto udp all keep state
> pass in on $wan_if proto udp from any to any port { 53 123 1194 }
> pass out on $wan_if proto tcp all modulate state
> pass in on $wan_if proto tcp from any to any port { 22 64321 }
> match out on $wan_if from ($lan_net) nat-to ($wan_if:0)
> match out on $lan_if from $vpn_net nat-to ($lan_if:0)
>
> tcpdump:
> tcpdump -i vr1
> 'icmp'
> tcpdump: listening on vr1, link-type EN10MB
> 15:34:30.524786 10.176.3.6 > 10.176.0.4: icmp: echo request (DF)
> 15:34:31.520010 10.176.3.6 > 10.176.0.4: icmp: echo request (DF)
> 15:34:32.515313 10.176.3.6 > 10.176.0.4: icmp: echo request (DF)
>
>
> Anyone an idea what i miss?
>
> regards andre
>
>
I have the same problem, the glorious Packet data networks, "route"
all the private networks trought them.
--
Atentamente
Andris Genovez Tobar / Sistemas
Elastix ECE - Linux LPI-1 - Novell CLA - Apple ACMT
http://www.cspmsa.com
ageno...@cspmsa.com
Jabber: bitfr...@asgard.crice.org
Comunidad: http://www.crice.org
Re: NAT OpenVPN clients on internal network
Hi Stuart
now I feel really stupid...
Thank you! Problem solved...
Regards andre
Am 07.08.2010 00:18, schrieb Stuart Henderson:
> "match" isn't an operation by itself. it sets options which "stick" to
> packets and are applied by the _next pass rule that matches that packet_.
>
> if there is no following pass rule to match that packet, nothing happens.
>
>
> On 2010-08-06, Andre Keller wrote:
>
>> Dear list members
>>
>> I've got a small problem with my obenbsd based vpn gateway.
>>
>> There are 2 physical interfaces (vr0 <- wan, vr1 <- lan) and the openvpn
>> tunnel interface (tun0)
>>
>> VPN clients have an ip address assigned out of the range 10.176.3.0/24,
>> LAN clients out of the range 10.176.0.0/23.
>>
>>
>> Now I'd like to NAT the VPN clients to the LAN address of the gateway
>> (10.176.0.1) (There are clients in the network whitout a default gateway
>> and I do not want to add the 10.176.3.0/24 route to every device in the
>> network).
>>
>> I thought that this is an easy task to accomplish but I do not get the
>> nat tun0->vr1 working:
>>
>> My pf configuration is:
>> wan_if = "vr0"
>> lan_if = "vr1"
>> vpn_if = "tun0"
>> lan_net = $lan_if:network
>> vpn_net = "10.176.3.0/24"
>> pass quick on lo0
>> block return log on $wan_if all
>> pass out on $wan_if proto icmp all keep state
>> pass on $wan_if inet proto icmp all icmp-type 8 code 0
>> pass out on $wan_if proto udp all keep state
>> pass in on $wan_if proto udp from any to any port { 53 123 1194 }
>> pass out on $wan_if proto tcp all modulate state
>> pass in on $wan_if proto tcp from any to any port { 22 64321 }
>> match out on $wan_if from ($lan_net) nat-to ($wan_if:0)
>> match out on $lan_if from $vpn_net nat-to ($lan_if:0)
>>
>> tcpdump:
>> tcpdump -i vr1
>> 'icmp'
>> tcpdump: listening on vr1, link-type EN10MB
>> 15:34:30.524786 10.176.3.6 > 10.176.0.4: icmp: echo request (DF)
>> 15:34:31.520010 10.176.3.6 > 10.176.0.4: icmp: echo request (DF)
>> 15:34:32.515313 10.176.3.6 > 10.176.0.4: icmp: echo request (DF)
>>
>>
>> Anyone an idea what i miss?
>>
>> regards andre
Re: How much disk space should be maintained for /usr/obj
On Fri, 6 Aug 2010 21:35:58 +0200 Joachim Schipper wrote: > On Fri, Aug 06, 2010 at 12:18:06PM -0500, Ahlsen-Girard, Edward F CTR > USAF AFSOC AFSOC/A6OK wrote: > > Nick Holland wrote: > > > On 08/06/10 18:38, Aaron Lewis wrote: > > > > How much space should i put for a separated partition, mounted > > > > on /usr/obj, is 4 GiB more or less ? > > > > > > 4GB is significantly bigger than any platform I've seen needs. > > > 2GB is sufficient for just about everything now (that's from > > > memory, not actually looking in the last week or two). However, > > > odds are, you have 4GB to spare, so go ahead, use it. > > > > IIRC, 2GB was not sufficient when I tried to build Java on i386. > > 2GB is not necessarily enough for monster ports like OpenOffice, but > /usr/obj is for building the system... > > Joachim > IIRC ports use /usr/ports/pobj, don't they? jirib
[SOLVE] How much disk space should be maintained for /usr/obj
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thanks for All of your help ! As i only need some basic desktop tolz , 4GiB must be enough for the moment. - -- Best Regards, Aaron Lewis - PGP: 0x4A6D32A0 FingerPrint EA63 26B2 6C52 72EA A4A5 EB6B BDFE 35B0 4A6D 32A0 irc: A4R0NL3WI5 on freenode Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxcqgIACgkQvf41sEptMqAaEwCgkHf/J4Jres4gE2XXZpTW4UlF VVIAn3/JGyP4l7ca8OWmp69e1hsLVwbG =Dk4E -END PGP SIGNATURE-
Re: Most barebones pf.conf
Thanks all for the help, got some good ideas from the discussion. Peter -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Peter Hessler Sent: Thursday, August 05, 2010 2:49 AM To: Olivier Mehani Cc: Robert; misc@openbsd.org Subject: Re: Most barebones pf.conf On 2010 Aug 05 (Thu) at 10:42:21 +1000 (+1000), Olivier Mehani wrote: :=== pf.conf === :match out on egress from (ingress:network) to any nat-to (egress) :pass all :== You can simplify this even more: pass out from !(egress) nat-to (egress:0) the 'egress' group is added to any interface that has a default route. The '(egress:0)' syntax will have it chose the first IP address on that interface, dynamically chasing any IP address change (think dhcp). -- Everything is controlled by a small evil group to which, unfortunately, no one we know belongs.
How to Downgrade from 4.7 to 4.6
Have one connection that I just can't get 4.7 to work with even with the most minimal pf.conf I get erratic and slow results. How would I go about downgrading from 4.7 to 4.6? Peter
Re: How to Downgrade from 4.7 to 4.6
Ok, thanks. Peter -Original Message- From: STeve Andre' [mailto:and...@msu.edu] Sent: Friday, August 06, 2010 8:18 PM To: misc@openbsd.org Cc: Peter Merritt Subject: Re: How to Downgrade from 4.7 to 4.6 On Friday 06 August 2010 22:19:24 Peter Merritt wrote: > Have one connection that I just can't get 4.7 to work with even with > the most minimal pf.conf I get erratic and slow results. How would I > go about downgrading from 4.7 to 4.6? > > Peter Reinstall. After saving /etc and whatever else config stuff, you can install far faster than picking around and fixing things. I've done it to see how hard it was. Installing is more civilized. -- STeve Andre' Disease Control Warden Dept. of Political Science Michigan State University A day without Windows is like a day without a nuclear incident.
Thinkpad R400 works fine , dmesg attached
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
X11 , wireless works great. so for apm.
OpenBSD 4.7 (GENERIC.MP) #449: Wed Mar 17 20:55:07 MDT 2010
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz ("GenuineIntel"
686-class) 2 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR
real mem = 2103734272 (2006MB)
avail mem = 2029584384 (1935MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 10/30/08, BIOS32 rev. 0 @ 0xfdc80,
SMBIOS rev. 2.4 @ 0xe0010 (74 entries)
bios0: vendor LENOVO version "7UET50WW (1.20 )" date 10/30/2008
bios0: LENOVO 2784A18
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET SLIC BOOT ASF! SSDT
TCPA DMAR SSDT SSDT SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) UART(S3) IGBE(S4) EXP0(S4)
EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB3(S3) USB5(S3)
EHC0(S3) EHC1(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz ("GenuineIntel"
686-class) 2 GHz
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 2, remapped to apid 1
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus -1 (EXP2)
acpiprt5 at acpi0: bus 5 (EXP3)
acpiprt6 at acpi0: bus 13 (EXP4)
acpiprt7 at acpi0: bus 21 (PCI1)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpipwrres0 at acpi0: PUBS
acpitz0 at acpi0: critical temperature 127 degC
acpitz1 at acpi0: critical temperature 100 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model "42T4652" serial 3473 type LION oem "SONY"
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
acpidock0 at acpi0: GDCK not docked (0)
bios0: ROM list: 0xc/0x1 0xd/0x1000 0xd1000/0x1000
0xd2000/0x1000 0xde000/0x1800! 0xe/0x1
cpu0: Enhanced SpeedStep 1996 MHz: speeds: 2001, 2000, 1600, 1200, 800 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel GM45 Host" rev 0x07
ppb0 at pci0 dev 1 function 0 "Intel GM45 PCIE" rev 0x07: apic 1 int 16
(irq 11)
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Mobility Radeon HD 3400" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"Intel GM45 HECI" rev 0x07 at pci0 dev 3 function 0 not configured
em0 at pci0 dev 25 function 0 "Intel ICH9 IGP M AMT" rev 0x03: apic 1
int 20 (irq 11), address 00:21:86:a3:0c:84
uhci0 at pci0 dev 26 function 0 "Intel 82801I USB" rev 0x03: apic 1 int
20 (irq 11)
uhci1 at pci0 dev 26 function 1 "Intel 82801I USB" rev 0x03: apic 1 int
21 (irq 11)
uhci2 at pci0 dev 26 function 2 "Intel 82801I USB" rev 0x03: apic 1 int
22 (irq 11)
ehci0 at pci0 dev 26 function 7 "Intel 82801I USB" rev 0x03: apic 1 int
23 (irq 11)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 "Intel 82801I HD Audio" rev 0x03: apic
1 int 17 (irq 11)
azalia0: codecs: Conexant CX20561, Conexant/0x2c06, using Conexant CX20561
audio0 at azalia0
ppb1 at pci0 dev 28 function 0 "Intel 82801I PCIE" rev 0x03: apic 1 int
20 (irq 11)
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 1 "Intel 82801I PCIE" rev 0x03: apic 1 int
21 (irq 11)
pci3 at ppb2 bus 3
iwn0 at pci3 dev 0 function 0 "Intel WiFi Link 5100" rev 0x00: apic 1
int 17 (irq 11), MIMO 1T2R, MoW, address 00:21:6b:9b:2d:ec
ppb3 at pci0 dev 28 function 3 "Intel 82801I PCIE" rev 0x03: apic 1 int
23 (irq 11)
pci4 at ppb3 bus 5
ppb4 at pci0 dev 28 function 4 "Intel 82801I PCIE" rev 0x03: apic 1 int
20 (irq 11)
pci5 at ppb4 bus 13
uhci3 at pci0 dev 29 function 0 "Intel 82801I USB" rev 0x03: apic 1 int
16 (irq 11)
uhci4 at pci0 dev 29 function 1 "Intel 82801I USB" rev 0x03: apic 1 int
17 (irq 11)
uhci5 at pci0 dev 29 function 2 "Intel 82801I USB" rev 0x03: apic 1 int
18 (irq 11)
ehci1 at pci0 dev 29 function 7 "Intel 82801I USB" rev 0x03: apic 1 int
19 (irq 11)
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb5 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x93
pci6 at ppb5 bus 21
cbb0 at pci6 dev 0 function 0 "Ricoh 5C476 CardBus" rev 0xba: apic 1 int
16 (irq 11)
"Ricoh 5C832 Firewire" rev 0x04 at pci6 dev 0 function 1 not configured
sdhc0 at pci6 dev 0 function 2 "Ricoh 5C822 SD/MMC" rev 0x21: apic 1
Re: How to Downgrade from 4.7 to 4.6
Considering that 4.7 isn't known to have major, show-stopper bugs in PF like you experience, you may want to consider that there is a bug in some other part of the system like the ethernet driver or some such. If you can try 4.8 snapshots first, and perhaps post your tests, results, and dmesg to the list, then someone can help you narrow down what the actual problem is. Peter Merritt [pwmerr...@weirdwater.org] wrote: > Ok, thanks. > Peter > > -Original Message- > From: STeve Andre' [mailto:and...@msu.edu] > Sent: Friday, August 06, 2010 8:18 PM > To: misc@openbsd.org > Cc: Peter Merritt > Subject: Re: How to Downgrade from 4.7 to 4.6 > > On Friday 06 August 2010 22:19:24 Peter Merritt wrote: > > Have one connection that I just can't get 4.7 to work with even with > > the most minimal pf.conf I get erratic and slow results. How would I > > go about downgrading from 4.7 to 4.6? > > > > Peter > > Reinstall. After saving /etc and whatever else config stuff, you can > install far faster than picking around and fixing things. I've done it > to see how hard it was. Installing is more civilized. > > -- > STeve Andre' > Disease Control Warden > Dept. of Political Science > Michigan State University > > A day without Windows is like a day without a nuclear incident. -- I know nothing except the fact of my ignorance -Socrates
Re: How to Downgrade from 4.7 to 4.6
On Friday 06 August 2010 22:19:24 Peter Merritt wrote: > Have one connection that I just can't get 4.7 to work with even with the > most minimal pf.conf I get erratic and slow results. How would I go > about downgrading from 4.7 to 4.6? > > Peter Reinstall. After saving /etc and whatever else config stuff, you can install far faster than picking around and fixing things. I've done it to see how hard it was. Installing is more civilized. -- STeve Andre' Disease Control Warden Dept. of Political Science Michigan State University A day without Windows is like a day without a nuclear incident.
Re: How to Downgrade from 4.7 to 4.6
On Fri, Aug 6, 2010 at 9:27 PM, Chris Cappuccio wrote: > Considering that 4.7 isn't known to have major, show-stopper bugs in PF like > you experience, you may want to consider that there is a bug in some other > part of the system like the ethernet driver or some such. > > If you can try 4.8 snapshots first, and perhaps post your tests, results, and > dmesg to the list, then someone can help you narrow down what the actual > problem is. Additionally posting what the actual problem is might help as well. -B
Re: How to Downgrade from 4.7 to 4.6
Problem is the same box works fine at another location, same provider. Only dif is static ip, and commercial grade service, runs fine on dhcp and residential service. I have 4.7 running at home and another location just fine. Even waited a few months till I was comfortable with new syntax for pf, and see if any reported any big bugs I may try a snapshot after I back up the present drive. I am at a loss what it is. Peter -Original Message- From: Chris Cappuccio [mailto:ch...@nmedia.net] Sent: Friday, August 06, 2010 9:28 PM To: Peter Merritt Cc: STeve Andre'; misc@openbsd.org Subject: Re: How to Downgrade from 4.7 to 4.6 Considering that 4.7 isn't known to have major, show-stopper bugs in PF like you experience, you may want to consider that there is a bug in some other part of the system like the ethernet driver or some such. If you can try 4.8 snapshots first, and perhaps post your tests, results, and dmesg to the list, then someone can help you narrow down what the actual problem is. Peter Merritt [pwmerr...@weirdwater.org] wrote: > Ok, thanks. > Peter > > -Original Message- > From: STeve Andre' [mailto:and...@msu.edu] > Sent: Friday, August 06, 2010 8:18 PM > To: misc@openbsd.org > Cc: Peter Merritt > Subject: Re: How to Downgrade from 4.7 to 4.6 > > On Friday 06 August 2010 22:19:24 Peter Merritt wrote: > > Have one connection that I just can't get 4.7 to work with even with > > the most minimal pf.conf I get erratic and slow results. How would I > > go about downgrading from 4.7 to 4.6? > > > > Peter > > Reinstall. After saving /etc and whatever else config stuff, you can > install far faster than picking around and fixing things. I've done > it to see how hard it was. Installing is more civilized. > > -- > STeve Andre' > Disease Control Warden > Dept. of Political Science > Michigan State University > > A day without Windows is like a day without a nuclear incident. -- I know nothing except the fact of my ignorance -Socrates
Re: How to Downgrade from 4.7 to 4.6
It acts a firewall to an sbs server, sometimes I can ping out from server, or firewall sometimes I can't. Internet is extremely slow, and can't browse to some sites. Some computers on the lan can connect to internet others can't. Some that can't browse can ping. Some get destination net unreachable while others can ping the same ip just fine. I can ssh in from outside to the firewall. Its very erratic, and useless in its present state. I tested it using the simplest pf.conf, using suggestions from this group. Right now I have a linksys router running dd-wrt which works just fine, but the OBSD firewall did antispam and other duties as well so it is sorely missed. I ran 4.6 and previous versions without hitch, in fact it usually works so well that I hardly remember its there. I thought originally the motherboard not compatible with 4.7, but I have ruled that out, it works fine at an other location and it ran at that location for 24hrs or more with no issues. I also have another MB with the same chipset, proccessor and nics, and it works with that. I am far from being an expert but I have been running obsd since ipf days, this one just baffles me I keep thinking I've missed something, but everything looks right. Peter -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Bryan Irvine Sent: Friday, August 06, 2010 9:40 PM To: misc@openbsd.org Subject: Re: How to Downgrade from 4.7 to 4.6 On Fri, Aug 6, 2010 at 9:27 PM, Chris Cappuccio wrote: > Considering that 4.7 isn't known to have major, show-stopper bugs in PF like you experience, you may want to consider that there is a bug in some other part of the system like the ethernet driver or some such. > > If you can try 4.8 snapshots first, and perhaps post your tests, results, and dmesg to the list, then someone can help you narrow down what the actual problem is. Additionally posting what the actual problem is might help as well. -B
