Re: 4.3-stable panics on a Soekris net-5501

> Today I was dumping files from a wd0 disk to a mountpoint on sd0 disk > (external USB). I "accidently" unplugged the power cable of sd0 disk and That is generally considered the proper / pragmatic behavior. FreeBSD Foundation is sponsoring development to change this behavior to to some sort of

Transport Mode ipsec(4) and inet6(4) gre(4) (WAS: isakmpd + gre crashing)

006, at 4:41 PM, Brian A. Seklecki wrote: But as soon as I start an scp from Perspex to Soekris, Perspex reboots after a few hundred kb. Unfortunately, Perspex is in a datacenter and I do not have console access to it to see what the heck is happening at that exact moment. I don't recall.

Re: Transport Mode ipsec(4) and inet6(4) gre(4)

I haven't looked if we have support, but gre(4) w/ ipv6 address and stf(4) seem to be best options out there for secure v6 tunnels. That sounds... bizarre. According to ipv6book.ca, M. Blanchet. It's a good read, except OpenBSD/NetBSD are neglected (probably becase of the stf(4)/6to4(4) ab

sudo 1.6.9p20 patch in OPENBSD_4_3 and OPENBSD_4_4

All: Do we want to slip this into presently supported branches containing 1.6.9p17? It's a quick patch: http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21&r2=1.160.2.22&only_with_tag=SUDO_1_6_9 I tested it on -rOPENBSD_4_3. Just be sure to nuke the version string. $ more sudo_

Re: logging smtp connections

On Sat, 2009-05-02 at 05:06 -0500, Robson Caetano wrote: > Hi > > I would like to log From:, To: and Subject: fields of > every SMTP connection to my internal SMTP server > that is passed by the openbsd firewall. > You're better off doing that within your MTA. Courier has a Big Brother feature:

Re: unable to redirect port 443 from the internet to an internal server

On Wed, 2009-06-10 at 09:24 -0700, Journey Man wrote: > Yet another rule that redirects port 1443 to port 443 works: Try tcpdump: % sudo tcpdump -i $ext_if 'port 443' Then try to re-create the TCP socket from a 3rd party remote host. See if the syn packet comes in. If not, then your ISP could

Re: Multiple IPSec-tunnels and load balancing

On Tue, 2009-06-30 at 11:15 +0200, u...@o3si.de wrote: > Is it possible to load balance / failover the traffic over IPSec? If > so, > should I use GIF for load balancing / routing? That's what Cisco DMVPN is, as far as I can tell. Was just reading about it. You're talking about GRE tunnels to tw

Re: Performance problem with CF card on AMD CS5536 IDE

> pciide0 at pci0 dev 15 function 2 "AMD CS5536 IDE" rev 0x01: DMA, channel 0 > wired to compatibility, channel 1 wired to compatibility > > wd0 at pciide0 channel 0 drive 0: > wd0: 1-sector PIO, LBA, 1983MB, 4062240 sectors > wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 > pciide0: channe

Re: Server trouble shooting

> Since I can't connect > successfully via ssh is there anything else I could be doing remotely? ...you could be researching a Lights-out-Management solution for your server (Dell DRAC, Sun LOM). Best all-around solution is a PC-Weasel (realweasel.com) connected to the system next to it (Or a R

Re: OpenBSD 4.2 hardware recommendation

On Sat, 3 Nov 2007, Martin Schrvder wrote: > > You don't need one computer with two discs and two psus; instead get > two systems and use carp to get HA. Also 2GB for a firewall is > overkill. Spend the money on the NICs instead. If he's going to be doing local processing of pcap(4) data into som

Re: OpenBSD 4.2 hardware recommendation

If he's going to be doing local processing of pcap(4) data into some pcap(3), of course, is what I meant >:}

Re: OS not seeing all RAM (1GiB less)

On Mon, 2007-11-12 at 22:40 -0500, C Thala wrote: > What would cause an 4.1 machine running on a Dell PowerEdge 1950 to see only > 3,220,439,040 bytes of RAM as opposed to the 4GB that it really has > (confirmed by BIOS)? A little something-something called PAE. You're probably running 4.1/i386?

Re: snmpd on current

On Wed, 21 Nov 2007, Insan Praja SW wrote: Date: Wed, 21 Nov 2007 18:45:47 +0700 From: Insan Praja SW <[EMAIL PROTECTED]> To: "misc@openbsd.org" Subject: snmpd on current Hi all, I'm currently running 4.2-current and installing net-snmp-5.4.1 from ports (updated). Something is wrong, when I ru

Re: Site-to-site IPSec VPN between OpenBSD and Cisco PIX 515E

On Thu, 22 Nov 2007, Shohrukh Shoyoqubov wrote: Date: Thu, 22 Nov 2007 09:46:54 +0500 From: Shohrukh Shoyoqubov <[EMAIL PROTECTED]> To: misc@openbsd.org Subject: Re: Site-to-site IPSec VPN between OpenBSD and Cisco PIX 515E From which machine do I have to do "ping -I A.B.C.D E.F.G.H" pf has d

Update RAIDFrame-Enabled ISO for 4.2

Updated diff, ISO image, build instructions. http://people.collaborativefusion.com/~seklecki/obsd_wRAIDFrame.html Note: There's a small problem with my regex in install.sub that prevents scanning of RAIDFrame boot lines in dmesg.boot. The work-around from the bsd.rd shell is to: $ export MD

Re: VPN Concentrator

On Fri, 30 Nov 2007, Khalid Schofield wrote: Hi, I'd like to make a VPN Concentrator using openbsd. I want users to be able to authenticate using usernames and passwords and to either nat the users or give them an ip from our main dhcp server via a bridge. That's a tall order. In Cisco-land a

Re: pflog filling up /var mount every 2-3 days!

On Fri, 30 Nov 2007, Jake Conk wrote: Hello, I have my /var partitioned out to be 150mb which I thought was a You're probably getting a lot of log hits on a "default block log all" at the end of your rules. You can prevent a lot of crud by doing "block quicks" w/o log statements for the fo

Re: no 4.2-stable package updates??

7;m not supposed to use 4.2 stable system > > with current ports. > > Personnaly, I use -current (base+packages) everywhere. > But this is just me. > -- Brian A. Seklecki <[EMAIL PROTECTED]> Collaborative Fusion, Inc. IMPORTANT: This message contains confidential information

Re: no 4.2-stable package updates??

> > critical patches, and those should be pulled into 4.2-stable. > > Unfortunately, it isn't that easy. Some updates imply updates of > depending ports (e.g. poppler and evince), which may imply further > updates of dependencies. So you'll end up with -current -- more or > less, including more up

Re: Had a strange problem with CARP preemption

On Thu, 2007-12-20 at 15:31 +1100, Dave Harrison wrote: > Because carp doesn't log it's state changes etc, I've been writing the Over Christmas, I may backport the FreeBSD carp(4) logging improvements and submit them with kernel/5512. ~BAS

Re: Trouble Installing OpenBSD 4.2 stable

On Fri, 2007-12-28 at 17:16 -0600, Alan Hamlett wrote: > Currently running OpenBSD i386 3.8 with one 20GB IDE drive at wd0a and > one 250gb IDE drive all partitioned for bsd. > > Trying to install OpenBSD i386 4.2 from install42.iso by trading the > 250gb drive for a cd-rom drive. > > I keep gett

Re: vlan configuration: off-topic

> maybe > > > and *BSD vlan(1) wont transmit VLAN 1 as tagged (per spec) Correct -- Thank you. I misspoke. It _will_ transmit it tagged as VLAN1 (if vlan1 interface is defined), but whether the receiving VLAN1 interface on the PowerConnect can ever receive is anyone's guess. I suppose it de

Re: vlan configuration: off-topic

On Sun, 2008-01-20 at 00:11 +, Mike wrote: > Hey Brian, > > I read your post about removing dell switches from your network. > > Just curious which models are you referring to? PowerConnect 27xx Managed "Entry-Level". Everything else is a re-branded Cisco with a crippled ISO version. ~BAS

Re: Remote syslog

syslog-ng + transport mode IPSec (or tunnel, if you have infrastructure on either end). use pf(4) to ensure that only IPSec peers can write. ~BAS On Tue, 2008-02-19 at 21:42 -0700, Steve B wrote: > and whether you are doing it over SSH or IPSEC? I have looked at > various

Re: Projector/external monitor not working on OpenBSD 4.2-current on Thinkpad X60

read the man page i810(4): Option "MonitorLayout" "anystr" Allow different monitor configurations. e.g. "CRT,LFP" will configure a CRT on Pipe A and an LFP on Pipe B. Regardless of the primary headsb pipe it is always configured as ",". Additionall

Re: libc.so.39.3

It would be in the base.tgz in release 3.9 You may have upgraded and an old binary may be linked against the old version. Try making a symlink. On Sat, 2008-02-23 at 14:07 -0500, Jay Hart wrote: > On base OpenBSD 4.2. > > What package should I install to get the above library? > > Thanks, > >

Re: libc.so.39.3

On Sat, 2008-02-23 at 12:30 -0700, Theo de Raadt wrote: > No, do not make a symbolic link. Right, for the record and mail archives, a symlink would only be a temp solution and is not guaranteed (likely even) to solve the problem. Obviously, Jay is not working on in a production environment, other

Re: Watching the prgress of dd if=drive1 of=drive2

On Sat, 2008-02-23 at 12:15 -0800, Jon wrote: > I'm using dd to clone a drive. How can I watch the progress of this or > see the transfer rate in real time? > http://www.openbsd.org/cgi-bin/cvsweb/src/bin/dd/dd.c?rev=1.15&content-type=text/x-cvsweb-markup main(int argc, char *argv[])

Re: openbsd router hardware

On Sun, 2008-03-02 at 09:04 +0100, Joerg Zinke wrote: > This will be my first VIA Board, will see how it works... That's great news. I run some VIA -- not at all bad. But they've still got a long way to go before they re-earn the community's trust. A decade of problems doesn't just go away over

Re: openbsd router hardware

On Wed, 2008-03-05 at 09:55 -0800, Joe wrote: > Perhaps you got a bad board in your past? I've had 10 years of bad VIA chipsets (pciide(4), etc.) Anyone who has been on the lists for a few years knows the same old story. "Results 1-10 of about 3,170 for bsd VIA ATA dma error" ~BAS

Re: PF and application level firewall

gt; that purpose? > > > > Thanks, > > > > > > Rami > -- Brian A. Seklecki <[EMAIL PROTECTED]> Collaborative Fusion, Inc. IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this me

Re: Vlan tagging and Carp

On Wed, 2008-03-26 at 09:32 -0400, G 0kita wrote: > Hello all! I'm having some trouble with getting an OpenBSD box to properly > tag packets via 802.1Q. > I'm setting up an OpenBSD4.2 router pulling data off a trunk port on a Cisco > 2960 switch. I can see the packets traverse the stack upwards b

Re: Vlan tagging and Carp

On Wed, 2008-03-26 at 10:01 -0400, G 0kita wrote: --- Nah, a /29 is the smallest WAN space you can use for a CARP <-> CARP (or HSRP/VRRP) Ethernet WAN transport. If you have that budget and business need, then you can afford the hardware and IP space. Remember, you can always use _RFC1918 privat

OpenBSD 4.0/i386 w/ raid(4) ISO (-stable w/ RAIDFrame)

ources. Tags: -r "OPENBSD_4_0", -D "11/06/06 10:58:26 EST". http://people.collaborativefusion.com/~seklecki/openbsd_4.0_stableUpdate_wRAIDFrame.iso SHA1: b7e33764ab96e1a2db0d125d07e9628367680858 Size: 175331328 -- Brian A. Seklecki <[EMAIL PROTECTED]> Collaborative Fusion,

Re: OpenBSD 4.0/i386 w/ raid(4) ISO (-stable w/ RAIDFrame)

On Wed, 13 Dec 2006, Brian A. Seklecki wrote: > All: > BTW, it is far from optimal, but the following BRE works: DKDEVS=$(scan_dmesg "${MDDKDEVS:-/^\(rai\)*[sw]*d[0-9][0-9]* /s/ .*//p}") ...because saying: "may contain one \(rai\)* or more, but not either, and (or?)...

Re: openbsd 4.0 snmpd core dumps with vlan interface number higher as 9

) if i destroy vlan10 it works again. the core dump is here http://www.tbits.org/snmpd.core.gz Have everyone an idea ? Thx Thomas l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "...from back in the heady days when &quo

nagios check_carp for OpenBSD carp(4)

and one interface in a SLAVE state; all other are in that state. Perhaps 4.0 features such as interface groups and multi-routing tables will change that. Other ideas? -- Brian A. Seklecki <[EMAIL PROTECTED]> Collaborative Fusion, Inc.

Master ${SKIPDIR} manifest

Is anyone maintaining a ${SKIPDIR} manifest? A master list of source directories, organized logically by subsystem? Something to match the variety of make.conf(5)/mk.conf(5) knobs in other systems? l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http

Re: searching a good MRTG/SNMP configuration

0:45:05 (MSK) l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "...from back in the heady days when "helpdesk" meant nothing, "diskquota" meant everything, and lives could be bought and sold for a couple of pages of laser printout - and frequently were."

Re: External 250Gb USB Disk with three FAT32 partitions, device not configured

sdX device (except of sd0 with are the device of the external usb box that runs ok) is Device not configured. A lot of thanks -- Angel Sancho Alvarez l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "...from back in the heady da

Re: Speedtouch modem and PPPoA

On Mon, 5 Feb 2007, Luca wrote: Hi all, I installed for the first time the Speedtouch 330, compiled the source code (http://speedtouch.sourceforge.net/index.php?/index.en.html), installed the firmware...launched the script...it takes about 10 minutes to bring up the tun0 interface and get a vali

mk.conf(5) note about ${SKIPDIR}

>:} I'll sendbug(1) l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/

Re: SSH client (putty) hangs after name/password login

I tried the above (see link) but still it won't work... Does the privsep sshd(8) process spawn on the server? Does that spawn a login shell of the associated user? pstree(8) will show. Also, fire up debugging levels? #LogLevel INFO -> DEBUG, DEBUG1, DEBUG3 etc. ~BAS help ! re

Re: SSH client (putty) hangs after name/password login

Hello Brian, Not quite sure what you mean with pstree...don't know the command and no 'man pstree' on my 3.8 system..? It's in the psmisc/ package Note that I no problems logging into the system while on the local network (doing this via a PC that I remotely manage). When I do a SSH session (

Re: SSH client (putty) hangs after name/password login

On Tue, 6 Feb 2007, forums wrote: Hello, That was my first guess as well...For that reason I set the option UseDNS NO Yea. When DNS times occur, the login process never completes. In fact, before the prompt appears the timeour occurs. AS

Master ${SKIPDIR} manifest (fwd)

nsive) attempt reduces build sizes: # du -hs /usr/obj/ /usr/destdir /usr/releasedir/ 475M/usr/obj/ 243M/usr/destdir 104M/usr/releasedir/ (Down from the usual 850m+ obj/, etc.) ~BAS -- Forwarded message -- Date: Mon, 5 Feb 2007 01:06:07 -0500 (EST) From: Brian A. Seklecki &l

Re: Mbufs tunning

On Fri, 2007-03-16 at 18:30 -0300, Gustavo Rios wrote: > Dear gentleman, > > when i execute some command on my server box, i got a complain about > not enough buffer available. For instance. > > $ rusers > rusers: can't send broadcast packet: No buffer space available > $ netstat(8) -m gives som

Re: sshd configure howto

>From an architecture standpoint, It wouldn't be within the mandate of sshd(8) anyway. You'd accomplish this using some userland resource quota enforcement policy (max number of processes, max instances of a shell). Hell you could do it in /etc/profile or ~/.cshrc I don't know of one OTTMH, bu

[EMAIL PROTECTED] list archives in file format?

Does anyone have a personal archive that they can export via MUA and share? Is there a way to ask Majordomo for it (playing with the 'get' command now) I'm doing some number crunching and analysis and I'd like a few year-long data sample. TIA, l8* -lav

Re: OpenBGPD MIB

n you give me some links or tell the way you do such things ? > > > > ps. yeah, I know I can write my own, but I hope not to be > > Christopher Columbus :) > > dirty hack would be net-snmpd and lots of 'exec' OIDS > -- Brian A. Seklecki <[EMAIL PROTECTE

Re: GRE over IPsec

I ran into some kernel panics (watchdog reset) with GRE + ESP/Transport (or ESP+GRE) back in the day. It was related to MTU assumptions etc. There was a sendbug(8) related to it. Google "seklecki gre ipsec openbsd" http://archives.neohapsis.com/archives/openbsd/2006-01/0623.html etc... On Su

Re: Widescreen flat panel

xinit -- -logverbose 9 -verbose 9 && send the EDID info? Try a liveCD that that has the 'nvidia' binary driver and see if they have support yet, it may be a simple hack. ~BAS On Sat, 2007-03-31 at 18:46 +0200, Eric Dillenseger wrote: > Hi, > > I just bought a 22 inches 16/10 flat panel. > Saddl

Re: Widescreen flat panel

DDC/EDID can be a killjoy. I want to say that there was an Option "NoEDID" "true" ~~BAS On Sat, 2007-03-31 at 21:09 +0200, Eric Dillenseger wrote: > (II) NV(0): Supported VESA Video Modes: > (II) NV(0): [EMAIL PROTECTED] > (II) NV(0): [EMAIL PROTECTED] > (II) NV(0): [EMAIL PROTECTED] > (II) NV(

Re: Ralink pci on spark64?

It would help to see the dmesg(8) output of the card on a supported platform. Do you mean ral(4)? Many PCI drivers will just-work. ~BAS On Sat, 2007-03-31 at 16:12 +0200, Maxim Belooussov wrote: > Hi, > > I plan to turn my Sun Ultra 10 into a firewall/access point using a > supported Ralink PCI

Re: lsi logic sparc64 config?

megarc(8) has been ported to some non-Linux platforms. MegaCli runs in emulation mode in others (dirty dirty hack). The best bet is a bio(4) interface or a hardware raid that has a non-BIOS/proprietary CLI management interface. ~BAS On Sat, 2007-03-31 at 14:37 +1000, David Gwynne wrote: > On 31

Re: 4 port router card

omething I need to change to get openbsd to recognize > the additional ports. > > I've read that there may be problems with 'older' computers. I have > this > in a PIII - perhaps that would qualify as 'older' ? > -- Brian A. Seklecki <[EMAIL PROTECTED]>

Re: 4 port router card

http://xorg.freedesktop.org/archive/X11R6.8.0/doc/scanpci.1.html On Mon, 2007-04-30 at 14:14 -0400, Bret Lambert wrote: > On Mon, 2007-04-30 at 14:03 -0400, Brian A. Seklecki wrote: > > Full lspci(8) / pciconf(8) and dmesg(8) output would help us answer the > > question.

Re: dual g4 needed for hackathon

0200, Mark Kettenis wrote: > the Calgary or Edmonton area that can loan us a dual g4 machine end -- Brian A. Seklecki <[EMAIL PROTECTED]> Collaborative Fusion, Inc. IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of thi

Re: pf state limits

ht be and how I can monitor the system to see where I'm at in relationship to the max (if there's no hard number, I'm guessing the number depends on hardware and other system options that affect kernel memory). --Bill l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA)

Re: PF keep state does'nt like Mandriva2007

(Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "Guilty? Yeah. But he knows it. I mean, you're guilty. You just don't know it. So who's really in jail?" ~James Maynard Keenan

Re: About pf states

l see that they deal with this by a global "pass out keep state" rule. Try adding this to your ruleset after your "block in log all" If you were to argue that pf.conf(5) is unclear on this point, especially where it it says By default, packets coming in and out of any in

Re: PF set state-policy

ur ruleset explicitly denies outgoing packets on the interface then in my understanding these will be dropped. Tim -- Darksun rising over blood red sea l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "Guilty? Yeah. But he k

Re: keep state in pf

intruding packet trying to hijack the transfer. This is not substantiated at all though. Has anyone else experienced this problem or seen documentation on it? If there is no documentation, I'm going to submit it as a bug. Thanks... -Lawren l8* -lava (Brian A. Seklecki - Pittsburgh, PA, US

Re: Media Proxy In OpenBSD

> Regards, > Demuel > -- Brian A. Seklecki <[EMAIL PROTECTED]> Collaborative Fusion, Inc. IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual

Re: OpenBSD router playing up

s this seem like something else?? Any advice would be greatly appreciated! Post your dmesg, the contents of /etc/pf.conf and your BGP configuration file. Doing so will not solve your issue but it will give other members of the list more information about your setup. l8* -lava (Brian A. Seklec

Kernel MINIROOTSIZE > 8192 = No Boot

ed it on an AMD Athalon, an AMD Geode, and a VMWare machine. l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "Guilty? Yeah. But he knows it. I mean, you're guilty. You just don't know it. So who's really in j

Re: Kernel MINIROOTSIZE > 8192 = No Boot

e bsd-appliance project. I've tested it on an AMD Athalon, an AMD Geode, and a VMWare machine. l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "Guilty? Yeah. But he knows it. I mean, you're guilty. You just don&#x

Re: AMD64 raid setup SATA - dmesg error/warning

onnecting to wsdisplay0 uhidev1 at uhub0 port 5 configuration 1 interface 1 uhidev1: Logitech Logitech USB Keyboard, rev 1.10/15.00, addr 2, iclass 3/0 uhidev1: 3 report ids uhid0 at uhidev1 reportid 1: input=2, output=0, feature=0 uhid1 at uhidev1 reportid 2: input=1, output=0, feature=0 ums0 at u

Re: Kernel MINIROOTSIZE > 8192 = No Boot

Just recompiled with: #define NKPTP_MIN 8 #define NKPTP_MAX 191 Same result. Thank you though. We'll revisit it in the future when the money is available? ~BAS On Thu, 7 Jun 2007, mickey wrote: On Wed, Jun 06, 2007 at 01:39:47PM -0400, Brian A. Seklecki wrote: Th

Re: Problem installing 4.1/sparc64 on Sun Blade 100

Could it be memory ? hard disk ? Box has a 256mb + 512mb , and i don't know a way to test this memory without os on the box. Smth like memconf There should be a memtest_obp_sparc whatever -- there's already one for the OBP platform on the Apple PowerPC platform. Most Sun shops have everythi

Re: Kernel MINIROOTSIZE > 8192 = No Boot

It works; free beer on me for all on me ... (Columbia maybe) Thanks again, ~BAS On Thu, 7 Jun 2007, mickey wrote: On Thu, Jun 07, 2007 at 11:52:24AM -0400, Brian A. Seklecki wrote: Just recompiled with: #define NKPTP_MIN 8 #define NKPTP_MAX 191 Same result. Thank you

Re: Sometime NAT, sometimes NOT?

On Fri, 8 Jun 2007, Geraerts Andy wrote: We have an OpenBSD firewall running for a while now. Since a few days we encounter some sort of selective natting. I try to ping a host, I get reply, and 2 minutes later I try to ping the same host and I dont get replies. So despite the state being c

Re: MINIROOTSIZE query

time l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "Guilty? Yeah. But he knows it. I mean, you're guilty. You just don't know it. So who's really in jail?" ~James Maynard Keenan

Re: RAIDFrame root autoconfig fails in -current

On Mon, 11 Jun 2007, Otto Moerbeek wrote: Please contact krw@, he has been searching testers for RAIDframe root autoconfig on [EMAIL PROTECTED] There's even a diff posted there, iirc. I'm your point-man there. A while back I wrote 3 pages of technical detritus on making it work in 3.9/4.0.

Re: multiple ldap servers with mod_auth_ldap

2007, Thierry Lacoste wrote: Hello, I'm using mod_auth_ldap-1.6.0p3 on OpenBSD 4.1 and I'd like to make it authenticate on 2 ldap servers in case one is down. I fought with the AuthLDAPURL directive but with no success. Any help would be appreciated. Regards, Thierry. l8*

Re: openbsd 3.9, openbsd 4.0 install errors, most likely hardware

u can provide. Thanks! JohnM -- john mendenhall [EMAIL PROTECTED] surf utopia internet services l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "Guilty? Yeah. But he knows it. I mean, you're guilty. You just do

Re: Sometime NAT, sometimes NOT?

confirms that this email message has been swept by Sophos for the presence of computer viruses. __ l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "Guilty? Y

Re: dhcp server with 2 interfaces and 2 different subnets

y allocate 172.16.255 addresses to vr0 and 200.232.140.0 to sk0? Thank you very much. Jeff -- Get a Free E-mail Account at Mail.com! Choose From 100+ Personalized Domains Visit http://www.mail.com today l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spir

Re: pkg_add on macppc stall at end of ftp

rtition properly for the i one. I have to follow step by step the process here: http://marc.info/?l=openbsd-ppc&m=117871289207004&w=2 Meaning trick the disklabel to get it going. Best, Daniel l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spirit

Re: Sometime NAT, sometimes NOT?

Good catch on this guys. We should remember that most modern NAT is PAT, or hybrid NAT+PAT. You should ask your ISP for more space to NAT to (A NAT+PAT hybrid pool). Cisco calls it overloading. Reminds me of a Soundgarden song. ~BAS On Wed, 2007-06-13 at 12:03 +0100, Stuart Henderson wrote:

Re: syslog disabling question

flags=NO in rc.conf(5). ~BAS On Wed, 2007-06-13 at 10:19 +0100, Stuart Henderson wrote: > On 2007/06/13 02:00, Kian Mohageri wrote: > > Is my best option to kill syslogd from rc.local or manually edit /etc/rc? > > How about leaving them both running, and binding syslog-ng

Re: Load balancing with DSR

oudl be ideal. > > It is generally for http layer requests but I don't think apache > re-directs will suffice. > > Cheers, > Linden. > -- Brian A. Seklecki <[EMAIL PROTECTED]> Collaborative Fusion, Inc. IMPORTANT: This message contains confidential informatio

Re: Load balancing with DSR

Such as Distributed computing environments where you have your HAL4 service VIP on the same segment/subnet as your distributed server farm. Or HA databses ~BAS On Wed, 2007-06-13 at 17:49 +0200, Pierre-Yves Ritschard wrote: > best pf network stack cannot solve. -- Brian A. Seklecki <

Re: A question about OpenBSD

but being > > young I am not too sure about the checksum format, md5 tends to rule the > > world these days. > > > > What is it called exactly? > > You mean, in CKSUM? Cyclic redundancy check. See cksum(1). > -- Brian A. Seklecki <[EMAIL PROTECTED]

Re: Load balancing with DSR

2007 at 12:36:33PM -0400, Brian A. Seklecki wrote: > > Such as Distributed computing environments where you have your HAL4 > > service VIP on the same segment/subnet as your distributed server farm. > > > > so they should redesign their network instead of inventing crazy &g

Re: Strange error after upgrade 4.0->4.1

Kuhlman Network Administrator ColoradoVnet.com l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "Guilty? Yeah. But he knows it. I mean, you're guilty. You just don't know it. So who's really in jail?" ~Maynard James Keenan

Re: PF overload table

see the "-x" argument to pfctl(8); try turning up the debugging level to various settings and watch syslog ~BAS On Mon, 2007-06-18 at 13:46 +0200, Alberich de megres wrote: > I'm wandering if there is some way to log when an ip is inserted in a > table? -- Brian A. Sekle

Re: Random crash

heers, jake l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "Guilty? Yeah. But he knows it. I mean, you're guilty. You just don't know it. So who's really in jail?" ~Maynard James Keenan

Re: pf in 4.0 not honoring nat rule with table for vlan tagged interface

arch/replace from "fxp0" to "vlan109", why doesn't pf behave as if using a physical interface? 2. Why the workaround above to get pf working with the vlan tagged interface? Bug in pf? -- albert chin ([EMAIL PROTECTED]) l8* -lava (Brian A. Seklecki - P

CARP interface state change logging patch

int state) { + static const char *carp_states[] = { CARP_STATES }; + CARP_LOG(sc, ("state transition from: %s -> to: %s", carp_states[sc->sc_state], carp_states[state])); if (sc->sc_state == state) return; l8* -lava (Brian A. Seklecki - Pittsbu

Re: [Nagiosplug-devel] nagios check_carp for OpenBSD carp(4)

n Fri, 2006-12-15 at 19:15 -0500, Brian A. Seklecki wrote: > Thoughts? Strategies? Ideas? > --- IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsi

Re: max number of connections through the firewall

firewall run into other problems before it runs out of memory? Will NAT use memory in the scenario described above? -- Florin Andrei http://florin.myip.org/ l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "Guilty? Yeah. B

Re: OBSD 4.1 drops to ddb with cdd0: error 22 on component 0 (and 1 (mirror))

This is the expected behavior for a failure on a CCD component. Try cutting the SATA cable to a live system some time; watch the kernel panic there as well. Suddenly it cant stat() / or read/write from swap. You're playing with fire with CCD anyway: RAID0. The stuff in 4.1 wasn't touched for mo

Re: Kernel MINIROOTSIZE > 8192 = No Boot

s about and has a quick one-line fix such as this. (only to get a "you're not running GENERIC" response) I know there are people out there running embedded environments who were testing 4.1 during -current. ~BAS -- Brian A. Seklecki <[EMAIL PROTECTED]> Collaborative Fusion,

Re: installing jdk-1.5 on 4.1 (i386) error

Try to 'tar tzvf [file]' each member. Do any of them exit with "Unexepected EOF" ? That means that the download never completed that the file is truncated (which leads to the SHA1 and Size mismatch) ~BAS On Sun, 19 Aug 2007, Chris wrote: I downloaded all the packages & put them in /usr/por

Re: RAID1 powerloss - can parity rewrite be safely backgrounded?

raid(4) hasn't been touched in a while (years), so short answer: No. NetBSD is still actively committing to it, though, and has functional background parity recalculation. I understand there is interest in replacing RAIDFrame instead of resynchronizing the subtree. In the mean time, find a

Re: SOLVED? Re: 4.0 -> 4.1 broke ipsec

> Ok, it's running now. The cause was not the move from 4.0 -> 4.1, but > the move from a diskful to a diskless setup: The machine mounts its root > fs via nfs. WHAT?!?!?! What the heck kind of security-minded sanity check would fail based on the underlying VFS? Did you eventually get a PR ope

Re: IDE or SCSI virtual disks for VMWare image?

Any word on the degraded performance of fork operations inside the vmware server guest? Or am I imagining that thread of e-mails? ~BAS On Sat, 2007-07-07 at 10:04 -0500, Todd Pytel wrote: > On Sat, 2007-07-07 at 10:44 -0400, Nick Holland wrote: > > > There's the answer to your question: For you

Re: Config problem of Intel 915GM

Safe to ignore - most i810 devices have duplicate PCI bus entries for the internal and external video. Both are drive by the same logical GPU, though. ~BAS On Sun, 2007-07-01 at 00:21 +0800, Alex Kwan wrote: > Hello! > > When I exit from the X, I got following warning message: > I810: No matchi

Re: RAID1 powerloss - can parity rewrite be safely backgrounded?

> I know it is a lot faster but would that solve the parity problem on > boot completely? 'man bio' doesn't seem to answer that. For a variety of reasons, hardware raid controllers handle ungraceful shutdown better -- onboard batteries for the HBA's RAM/Cache, etc. Hardware RAID almost never goe

  1   2   3   >