Guidance for booting NanoPi R6S?
Given that it appears that R6S https://www.mail-archive.com/ports@openbsd.org/msg123717.html and R6C support https://www.mail-archive.com/ports@openbsd.org/msg124138.html are in the ports version of uboot, I was interested in trying to make it work. Unfortunately, I'm not having any luck via the trial and error method, so was hoping someone could provide pointers. The R6S commit suggests erasing eMMC, but I haven't yet worked out how to do that. I put the current arm64 install snapshot on an SD card and powered the R6S on. Per the R6S wiki I should be able to get the serial console running at 150 bps, but it pretty consistently returns garbage. I've also brute forced my way up popular speeds from 9600 onward and no luck, either. I'm using an Ada Fruit adapter in case that matters: https://www.adafruit.com/product/954 I then tried HDMI and it boots from the Linux on eMMC and displays video, but no sign of the SD card. I can easily boot DietPi from SD, which confirms the default boot order. I'm assuming that something about the snapshot image isn't right, and I have no idea how to proceed. Is there any documentation for how I can become unstuck? It would also be interesting to know if this hardware is expected to be supported in 7.6 and I just need to wait a bit. Thanks for any suggestions. s.
Re: Firewall setup
May I suggest relaying these more basic questions to @rookies mail-list? I think it would be great if we could have this channel reactivated, dedicated to help folks like Karel learn how to navigate more basic stuff, and keep misc@ for intermediary / advanced users inquiries. On Wed, 17 Apr 2024 at 1:30 AM Daniel Ouellet wrote: > > On 4/16/24 10:27 AM, Karel Lucas wrote: > > First and most importantly, I would like to apologize to anyone who was > > disturbed by my conversation. It is not my intention to offend people. I > > may be curt, but that's not because it's in my character. In daily life > > I work with electronics and computers and am much less familiar with > > networks. I don't need this knowledge for what I do in daily life. It is > > therefore difficult for me to estimate what is important to link back to > > this mailing list. So if I am curt, please try to remember that it is > > not intentional, but a matter of lack of knowledge. Again, I don't want > > to hurt anyone. > > Hi Karel, > > I think you may be missing the point that everyone try to explained to > you. OpenBSD is a mailing list that have very think skin compare to any > others. You need to be very rude to offend people here unless you are > one that fell you have rights to other people free times. > > You got some VERY knowledgeable people answering you. If I was you I > would fell lucky for their time, believe me. I have been on this list > from OpenBSD 2.7. A few decades ago... > > Now you say you don't have the network know how to do this, sure > everyone start somewhere. You say you don't needs this either in your > daily job and keep asking others to point you at the page in the PF > book, etc. > > Remember they are NOT the one in needs to know, you are, so make the > effort please. Many will hold your hands gladly IF you show willingness > to do your share. > > Even the site have basic start example here: > > https://www.openbsd.org/faq/pf/index.html > > And even some of them could be simple too, but they are provided as > example to show what's possible. Up to the reader to start there and go > where they want too... > > Now to the point, it was told to you to start simple and explained what > you want to do. > > Here you say you have no special needs, etc. > > So why in gods name would you want to do a bridge setup? > > KISS principle apply! > > And it was asked as well to explained your setup. NOT what you think it > should be or how it is connected, what interface does what, etc. > > What do you want to do, plain and simple. > > Here you say that "The internal network consists mainly of regular > clients, so no email, web or name servers", so no needs for bridge, or > DMZ, etc. > > Also looks like you use private IP's so yes NAT is needed obviously. > > Now if you want multiple networks, WHY? > > Any reason for it? I see none if you don't have hosting services. > > You say it could be possible, sure it can, I can have multiple vlan and > domains routing, configure a specific IPMI DMZ for my servers > configuration, add ssh keys for wireless access with time base access > and limit, and kids restrictions, etc. But I wouldn't do that until I > get my basin system going and know why. > > Amy be I don't have kids so why do that part of the setup, but may be I > have wireless and friends coming over and they obviously all/may be want > fast internet access on my wireless, but I don't what them to have > access to ANY of my devices from their phones that might compromise my > network, so I would have a guess wireless access to to outside world > ONLY. But if I have no friends, then why would I want that? Etc... > > Sure may be you have wireless that you want to isolate from others hard > wire computers, etc. You have NAS, may be you want to isolate it form > wireless, or some specific computers, kids access restricted may be, etc. > > But no where did you ever describe what is it that you want... > > May be before you start building a house, you need to know what you want > in it, etc. > > Same thing here. > > Start small and then go from there. > > Why? Doing incremental setup help understand your setup and why you do it. > > Then down the line when you make changes or want to add something to it, > when your pf configuration is clean, you will know where to add it and > what it does. > > Look to me that if your setup have NO special needs, no hosting services > that needs to be reach form the Internet, then only thing you need is a > VERY simple NAT setup, on two interfaces and that's it. > > It's not because you have 4 interfaces that you need to use 4 interfaces... > > Start be defining what is it that you want and FORGET ABOUT interface 1, > and then 2 for admin, and 3 for nas, etc. > > What is it that you want to do and go from there. > > Define your needs and then address them ONE by ONE. > > Fix one, test and then go to the next one. > > And FORGET ABOUT BRIDGE SETUP PLEASE!!! > > You have absolutely
Re: Firewall setup
On 4/16/24 10:27 AM, Karel Lucas wrote: First and most importantly, I would like to apologize to anyone who was disturbed by my conversation. It is not my intention to offend people. I may be curt, but that's not because it's in my character. In daily life I work with electronics and computers and am much less familiar with networks. I don't need this knowledge for what I do in daily life. It is therefore difficult for me to estimate what is important to link back to this mailing list. So if I am curt, please try to remember that it is not intentional, but a matter of lack of knowledge. Again, I don't want to hurt anyone. Hi Karel, I think you may be missing the point that everyone try to explained to you. OpenBSD is a mailing list that have very think skin compare to any others. You need to be very rude to offend people here unless you are one that fell you have rights to other people free times. You got some VERY knowledgeable people answering you. If I was you I would fell lucky for their time, believe me. I have been on this list from OpenBSD 2.7. A few decades ago... Now you say you don't have the network know how to do this, sure everyone start somewhere. You say you don't needs this either in your daily job and keep asking others to point you at the page in the PF book, etc. Remember they are NOT the one in needs to know, you are, so make the effort please. Many will hold your hands gladly IF you show willingness to do your share. Even the site have basic start example here: https://www.openbsd.org/faq/pf/index.html And even some of them could be simple too, but they are provided as example to show what's possible. Up to the reader to start there and go where they want too... Now to the point, it was told to you to start simple and explained what you want to do. Here you say you have no special needs, etc. So why in gods name would you want to do a bridge setup? KISS principle apply! And it was asked as well to explained your setup. NOT what you think it should be or how it is connected, what interface does what, etc. What do you want to do, plain and simple. Here you say that "The internal network consists mainly of regular clients, so no email, web or name servers", so no needs for bridge, or DMZ, etc. Also looks like you use private IP's so yes NAT is needed obviously. Now if you want multiple networks, WHY? Any reason for it? I see none if you don't have hosting services. You say it could be possible, sure it can, I can have multiple vlan and domains routing, configure a specific IPMI DMZ for my servers configuration, add ssh keys for wireless access with time base access and limit, and kids restrictions, etc. But I wouldn't do that until I get my basin system going and know why. Amy be I don't have kids so why do that part of the setup, but may be I have wireless and friends coming over and they obviously all/may be want fast internet access on my wireless, but I don't what them to have access to ANY of my devices from their phones that might compromise my network, so I would have a guess wireless access to to outside world ONLY. But if I have no friends, then why would I want that? Etc... Sure may be you have wireless that you want to isolate from others hard wire computers, etc. You have NAS, may be you want to isolate it form wireless, or some specific computers, kids access restricted may be, etc. But no where did you ever describe what is it that you want... May be before you start building a house, you need to know what you want in it, etc. Same thing here. Start small and then go from there. Why? Doing incremental setup help understand your setup and why you do it. Then down the line when you make changes or want to add something to it, when your pf configuration is clean, you will know where to add it and what it does. Look to me that if your setup have NO special needs, no hosting services that needs to be reach form the Internet, then only thing you need is a VERY simple NAT setup, on two interfaces and that's it. It's not because you have 4 interfaces that you need to use 4 interfaces... Start be defining what is it that you want and FORGET ABOUT interface 1, and then 2 for admin, and 3 for nas, etc. What is it that you want to do and go from there. Define your needs and then address them ONE by ONE. Fix one, test and then go to the next one. And FORGET ABOUT BRIDGE SETUP PLEASE!!! You have absolutely NO need for this with what you say so far in any of your communications. Example of thinking. I see you try to use MANY macros, do you really need that? It's suppose to be to make things simpler to understand and cleaner to read, not more complex. The key of a decent firewall is first to know what is it that you want to do and look to me you still do not know that yet. I would even say and said for many decades, a good firewall NOT only stop incoming traffic, but also
Re: ixl driver very poor network performance
Dear Gábor, I have a hint. My question is if iperf uses a single IP address pair. If it is so, then there is a chance that only two CPU cores (one core per direction) process all the interrupts. You can easily check my hypothesis. During the iperf test, you should execute a top command and check the load of every single CPU. If only two of them have interrupt load, and they are 100% utilized, then this is the root cause of the issue. Otherwise my hypothesis is refuted. If my hypothesis is confirmed, then the underlying issue is that the RSS implemented in OpenBSD in a way that the hash function used to distribute the interrupts among the CPU cores only includes the IP addresses and it does not include the port numbers. Best regards, Gábor On 4/16/2024 8:22 PM, Szél Gábor wrote: Dear @misc! We have several more complex networks where openbsd is the router. Structure of the network: * OpenBSD redundant routers - two OpenBSD - CARP - pfsync - LACP trunks for LAN (2x 10Gbit) (1 side switch #1, 2 side switch #2 + VPC ) use OpenBSD aggr device * Cisco Nexus 3K switch-es - VPC (2x40Gbit) - redundant LACP links (1 side switch #1, 2 side switch #2 + VPC ) * many VLANs * PF default block all trafic, and allowed traffic only * the servers connected usually 2x10Gbit LACP *hardware:* * we updated this system in one place to OpenBSD 7.4 hardware: Dell PE 640 (2x Xeon Gold 6134 CPU, 64Gb RAM, Intel X710 network cards) * we migrated the settings from the previous system (OpenBSD 7.0) the previous hardware was different! (2x Xeon E5-2650, 64Gb RAM, Intel X520 network cards) *Problem:* After upgrade with hardware change, we have very poor network performance!! Example: A simple veeam backup restore that goes through the openbsd router hangs the network completely (very big lag) In this case, the SSH connection on the router is have lag! But OpenBSD dont have high CPU usage. If i make simple iperf speed test from OpenBSD to other server (all device have 10Gbit LACP link): [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 171 MBytes 1.44 Gbits/sec [ 5] 1.00-2.00 sec 313 MBytes 2.63 Gbits/sec [ 5] 2.00-3.00 sec 398 MBytes 3.34 Gbits/sec [ 5] 3.00-4.00 sec 384 MBytes 3.22 Gbits/sec [ 5] 4.00-5.00 sec 419 MBytes 3.51 Gbits/sec [ 5] 5.00-6.00 sec 376 MBytes 3.16 Gbits/sec [ 5] 6.00-7.00 sec 325 MBytes 2.73 Gbits/sec [ 5] 7.00-8.00 sec 337 MBytes 2.82 Gbits/sec [ 5] 8.00-9.00 sec 339 MBytes 2.85 Gbits/sec [ 5] 9.00-10.00 sec 332 MBytes 2.78 Gbits/sec [ 5] 10.00-10.19 sec 62.5 MBytes 2.75 Gbits/sec Between other devices, servers, etc ... , the speed is perfectly fine (stable 9-10 Gbits/sec) Only routed performace is very-very slow. if I make a speed test between two OpenBSDs (master router, backup router) Better value but not perfect: [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 740 MBytes 6.20 Gbits/sec [ 5] 1.00-2.00 sec 781 MBytes 6.55 Gbits/sec [ 5] 2.00-3.00 sec 784 MBytes 6.58 Gbits/sec [ 5] 3.00-4.00 sec 783 MBytes 6.57 Gbits/sec [ 5] 4.00-5.00 sec 786 MBytes 6.59 Gbits/sec [ 5] 5.00-6.00 sec 796 MBytes 6.68 Gbits/sec [ 5] 6.00-7.00 sec 779 MBytes 6.54 Gbits/sec [ 5] 7.00-8.00 sec 774 MBytes 6.49 Gbits/sec [ 5] 8.00-9.00 sec 780 MBytes 6.55 Gbits/sec [ 5] 9.00-10.00 sec 786 MBytes 6.59 Gbits/sec [ 5] 10.00-10.00 sec 640 KBytes 10.2 Gbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate [ 5] 0.00-10.00 sec 7.61 GBytes 6.54 Gbits/sec receiver PF have ~2000 rules, but If i disabled PF on tested OpenBSD router, nothing changes. we've run out of ideas, what would be worth watching? -- Regards Gábor Szél email:gabor.s...@wantax.eu
ixl driver very poor network performance
Dear @misc! We have several more complex networks where openbsd is the router. Structure of the network: * OpenBSD redundant routers - two OpenBSD - CARP - pfsync - LACP trunks for LAN (2x 10Gbit) (1 side switch #1, 2 side switch #2 + VPC ) use OpenBSD aggr device * Cisco Nexus 3K switch-es - VPC (2x40Gbit) - redundant LACP links (1 side switch #1, 2 side switch #2 + VPC ) * many VLANs * PF default block all trafic, and allowed traffic only * the servers connected usually 2x10Gbit LACP *hardware:* * we updated this system in one place to OpenBSD 7.4 hardware: Dell PE 640 (2x Xeon Gold 6134 CPU, 64Gb RAM, Intel X710 network cards) * we migrated the settings from the previous system (OpenBSD 7.0) the previous hardware was different! (2x Xeon E5-2650, 64Gb RAM, Intel X520 network cards) *Problem:* After upgrade with hardware change, we have very poor network performance!! Example: A simple veeam backup restore that goes through the openbsd router hangs the network completely (very big lag) In this case, the SSH connection on the router is have lag! But OpenBSD dont have high CPU usage. If i make simple iperf speed test from OpenBSD to other server (all device have 10Gbit LACP link): [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 171 MBytes 1.44 Gbits/sec [ 5] 1.00-2.00 sec 313 MBytes 2.63 Gbits/sec [ 5] 2.00-3.00 sec 398 MBytes 3.34 Gbits/sec [ 5] 3.00-4.00 sec 384 MBytes 3.22 Gbits/sec [ 5] 4.00-5.00 sec 419 MBytes 3.51 Gbits/sec [ 5] 5.00-6.00 sec 376 MBytes 3.16 Gbits/sec [ 5] 6.00-7.00 sec 325 MBytes 2.73 Gbits/sec [ 5] 7.00-8.00 sec 337 MBytes 2.82 Gbits/sec [ 5] 8.00-9.00 sec 339 MBytes 2.85 Gbits/sec [ 5] 9.00-10.00 sec 332 MBytes 2.78 Gbits/sec [ 5] 10.00-10.19 sec 62.5 MBytes 2.75 Gbits/sec Between other devices, servers, etc ... , the speed is perfectly fine (stable 9-10 Gbits/sec) Only routed performace is very-very slow. if I make a speed test between two OpenBSDs (master router, backup router) Better value but not perfect: [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 740 MBytes 6.20 Gbits/sec [ 5] 1.00-2.00 sec 781 MBytes 6.55 Gbits/sec [ 5] 2.00-3.00 sec 784 MBytes 6.58 Gbits/sec [ 5] 3.00-4.00 sec 783 MBytes 6.57 Gbits/sec [ 5] 4.00-5.00 sec 786 MBytes 6.59 Gbits/sec [ 5] 5.00-6.00 sec 796 MBytes 6.68 Gbits/sec [ 5] 6.00-7.00 sec 779 MBytes 6.54 Gbits/sec [ 5] 7.00-8.00 sec 774 MBytes 6.49 Gbits/sec [ 5] 8.00-9.00 sec 780 MBytes 6.55 Gbits/sec [ 5] 9.00-10.00 sec 786 MBytes 6.59 Gbits/sec [ 5] 10.00-10.00 sec 640 KBytes 10.2 Gbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate [ 5] 0.00-10.00 sec 7.61 GBytes 6.54 Gbits/sec receiver PF have ~2000 rules, but If i disabled PF on tested OpenBSD router, nothing changes. we've run out of ideas, what would be worth watching? -- Regards Gábor Szél email:gabor.s...@wantax.eu
Re: Issue with pf route-to and routing tables
On Mon, 15 Apr 2024, at 21:33, Thomas wrote: > Hi all, > > I'm greatly enjoying OpenBSD and have it on most of my devices as I try > to set up my "perfect lab". I would like some feedback / thoughts about > one behaviour which I don't quite get. > > I have a VM for the world facing side of my network. I have a wireguard > network to link it up to a home router and other devices. My wireguard > traffic is coming onto my VM through wg0. > > On my home router, I'm redirecting all wifi traffic to wg0 using the > routing tables like so: > default192.168.0.1 wg0 > IP_VM IP_Gatewaybse0 > 192.168.0.1 wg0 wg0 > > And natting outbound traffic on wg0 like so: > pass out on wg0 from $int_if:network nat-to wg0 > > I wanted to try out using route-to on my VM instead of using different > rdomain or just to try something else. I have another wireguard tunnel, > wg1 to relay my internal traffic further. > > I did not touch the routing tables at all and have something like: > pass in on wg0 inet from wg0:network to !wg0:network route-to wg1 > pass out on wg1 nat-to wg1 > > Works like a charm. Now what I don't get is that for troubleshooting > purposes, I needed to send some traffic to the world on my VM (instead > of onward through wg1) and I initially tried: > pass in log on wg0 inet from wg0:network to !wg0:network route-to vio0 > pass out log on $vio0 nat-to $vio0 > > Routing tables: > default IP_Gateway vio0 > _Gateway MAC_Gateway vio0 > > But this does not work. Removing "route-to vio0" does work, eg. > pass in log on wg0 inet from wg0:network to !wg0:network #route-to vio0 > pass out log on vio0 nat-to vio0 Never mind, I forgot to check this mailing list and read that I needed to put the source address on this line: pass in log on wg0 inet from wg0:network to !wg0:network route-to IP_GATEWAY I suppose that then the oddity is that this works with wg1 and may be a corner case of the wireguard interface as it's assigned xxx.xxx.xxx.xxx/32 by the VPN provider and so destination address = source address? One side question as I consider using rdomain. man 4 rdomain gives as an example: A pf.conf(5) snippet to block incoming port 80, and nat-to and move to rtable 0 on interface em1: block in on rdomain 4 proto tcp to any port 80 match out on rdomain 4 to !$internal_net nat-to (em1) rtable 0 Should it not be "match in" in the 2nd line? man 5 pf.conf reads: rtable number Used to select an alternate routing table for the routing lookup. Only effective before the route lookup happened, i.e. when filtering inbound. Or does it work because it's a match statement? Thanks all,
Re: [Raspberry Pi 4] Installing OpenBSD 7.5 with difficulty
On Tue, Apr 16, 2024 at 06:08:13PM +0200, Peter J. Philipp wrote: > On Tue, Apr 16, 2024 at 04:35:23PM +0100, Polarian wrote: > > > Does anyone have any suggestions on what I could try? > OpenBSD 7.5-current (GENERIC.MP) #11: Thu Apr 11 17:03:03 MDT 2024 > dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP Oops that was the wrong dmesg: -pjp OpenBSD 7.5-current (GENERIC.MP) #11: Thu Apr 11 17:03:03 MDT 2024 dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP real mem = 8432803840 (8042MB) avail mem = 8131481600 (7754MB) random: good seed from bootblocks mainbus0 at root: ACPI psci0 at mainbus0: PSCI 1.1, SMCCC 1.2 efi0 at mainbus0: UEFI 2.7 efi0: https://github.com/pftf/RPi4 rev 0x1 smbios0 at efi0: SMBIOS 3.3.0 smbios0: vendor https://github.com/pftf/RPi4 version "UEFI Firmware v1.21" date 11/13/2020 smbios0: Raspberry Pi Foundation Raspberry Pi 4 Model B cpu0 at mainbus0 mpidr 0: ARM Cortex-A72 r0p3 cpu0: 48KB 64b/line 3-way L1 PIPT I-cache, 32KB 64b/line 2-way L1 D-cache cpu0: 1024KB 64b/line 16-way L2 cache cpu0: CRC32,ASID16 cpu1 at mainbus0 mpidr 1: ARM Cortex-A72 r0p3 cpu1: 48KB 64b/line 3-way L1 PIPT I-cache, 32KB 64b/line 2-way L1 D-cache cpu1: 1024KB 64b/line 16-way L2 cache cpu2 at mainbus0 mpidr 2: ARM Cortex-A72 r0p3 cpu2: 48KB 64b/line 3-way L1 PIPT I-cache, 32KB 64b/line 2-way L1 D-cache cpu2: 1024KB 64b/line 16-way L2 cache cpu3 at mainbus0 mpidr 3: ARM Cortex-A72 r0p3 cpu3: 48KB 64b/line 3-way L1 PIPT I-cache, 32KB 64b/line 2-way L1 D-cache cpu3: 1024KB 64b/line 16-way L2 cache apm0 at mainbus0 ampintc0 at mainbus0 nirq 256, ncpu 4 ipi: 0, 1, 2: "interrupt-controller" agtimer0 at mainbus0: 54000 kHz acpi0 at mainbus0: ACPI 6.3 acpi0: sleep states acpi0: tables DSDT FACP CSRT DBG2 GTDT IORT APIC PPTT SSDT BGRT acpi0: wakeup devices acpiiort0 at acpi0 "BCM2849" at acpi0 not configured "BCM2835" at acpi0 not configured "BCM2854" at acpi0 not configured "ACPI0004" at acpi0 not configured xhci0 at acpi0 XHC0 addr 0x6/0x1000 irq 175, xHCI 1.0 usb0 at xhci0: USB revision 3.0 uhub0 at usb0 configuration 1 interface 0 "Generic xHCI root hub" rev 3.00/1.00 addr 1 "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0004" at acpi0 not configured "BCM2848" at acpi0 not configured "BCM2850" at acpi0 not configured "BCM2856" at acpi0 not configured "BCM2845" at acpi0 not configured "BCM2841" at acpi0 not configured "BCM2841" at acpi0 not configured "BCM2838" at acpi0 not configured "BCM2839" at acpi0 not configured "BCM2844" at acpi0 not configured pluart0 at acpi0 URT0 addr 0xfe201000/0x1000 irq 153 "BCM2836" at acpi0 not configured "BCM2EA6" at acpi0 not configured "MSFT8000" at acpi0 not configured sdhc0 at acpi0 SDC1 addr 0xfe30/0x100 irq 158 sdhc0: base clock frequency unknown "BCM2855" at acpi0 not configured bse0 at acpi0 ETH0 addr 0xfd58/0x1 irq 189: address dc:a6:32:cc:db:a7 brgphy0 at bse0 phy 1: BCM54210E 10/100/1000baseT PHY, rev. 2 "PNP0C06" at acpi0 not configured "PNP0C0B" at acpi0 not configured acpitz0 at acpi0: critical temperature is 90 degC acpipwrres0 at acpi0: PFAN, resource for FAN0 uhub1 at uhub0 port 1 configuration 1 interface 0 "VIA Labs USB2.0 Hub" rev 2.10/4.21 addr 2 uhidev0 at uhub1 port 3 configuration 1 interface 0 "American Power Conversion Back-UPS CS 650 FW:817.v9.I USB FW:v9" rev 1.10/0.06 addr 3 uhidev0: iclass 3/0, 98 report ids upd0 at uhidev0 uhid0 at uhidev0 reportid 1: input=0, output=0, feature=1 uhid1 at uhidev0 reportid 2: input=0, output=0, feature=1 uhid2 at uhidev0 reportid 3: input=0, output=0, feature=1 uhid3 at uhidev0 reportid 4: input=0, output=0, feature=1 uhid4 at uhidev0 reportid 5: input=0, output=0, feature=1 uhid5 at uhidev0 reportid 6: input=0, output=0, feature=2 uhid6 at uhidev0 reportid 8: input=0, output=0, feature=2 uhid7 at uhidev0 reportid 9: input=0, output=0, feature=2 uhid8 at uhidev0 reportid 10: input=0, output=0, feature=2 uhid9 at uhidev0 reportid 11: input=0, output=0, feature=2 uhid10 at uhidev0 reportid 12: input=1, output=0, feature=1 uhid11 at uhidev0 reportid 13: input=2, output=0, feature=2 uhid12 at uhidev0 reportid 14: input=0, output=0, feature=2 uhid13 at uhidev0 reportid 15: input=0, output=0, feature=1 uhid14 at uhidev0 reportid 16: input=0, output=0, feature=2 uhid15 at uhidev0 reportid 17: input=0, output=0, feature=1 uhid16 at uhidev0 reportid 18: input=0, output=0, feature=2 uhid17 at uhidev0 reportid 19: input=0, output=0, feature=3 uhid18 at uhidev0 reportid 20: input=0, output=0, feature=1 uhid19 at uhidev0 reportid 21: input=0, output=0, feature=2 uhid20 at uhidev0 reportid 22: input=1, output=0, feature=1 uhid21 at uhidev0 reportid 23: input=0, output=0, feature=1 uhid22 at uhidev0 reportid 24: input=0, output=0, feature=2 uhid23 at uhidev0 reportid 25: input=0, output=0, feature=2 uhid24 at uhidev0 reportid 26: input=0, output=0, feature=2
Re: Firewall setup
This is my dmesg, if anyone is interested: OpenBSD 7.4 (GENERIC.MP) #3: Wed Feb 28 06:23:33 MST 2024 r...@syspatch-74-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4047122432 (3859MB) avail mem = 3904729088 (3723MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.3 @ 0x74c77000 (117 entries) bios0: vendor American Megatrends International, LLC. version "JK4LV105" date 08/31/2022 bios0: Default string Default string efi0 at bios0: UEFI 2.7 efi0: American Megatrends rev 0x50013 acpi0 at bios0: ACPI 6.2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP MCFG FIDT SSDT SSDT SSDT HPET APIC PRAM SSDT SSDT NHLT LPIT SSDT SSDT DBGP DBG2 DMAR SSDT TPM2 WSMT FPDT acpi0: wakeup devices PEGP(S4) PEGP(S4) PEGP(S4) PEGP(S4) SIO1(S3) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) RP06(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 acpimcfg0: addr 0xc000, bus 0-255 acpihpet0 at acpi0: 1920 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Celeron(R) N5105 @ 2.00GHz, 2893.74 MHz, 06-9c-00, patch 2424 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SMEP,ERMS,RDSEED,SMAP,CLFLUSHOPT,CLWB,PT,SHA,UMIP,WAITPKG,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,MISC_PKG_CT,ENERGY_FILT,FB_CLEAR,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 64b/line 12-way L2 cache, 4MB 64b/line 16-way L3 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 38MHz cpu0: mwait min=64, max=64, C-substates=0.2.0.2.2.1.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Celeron(R) N5105 @ 2.00GHz, 2893.74 MHz, 06-9c-00, patch 2424 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SMEP,ERMS,RDSEED,SMAP,CLFLUSHOPT,CLWB,PT,SHA,UMIP,WAITPKG,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,MISC_PKG_CT,ENERGY_FILT,FB_CLEAR,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 64b/line 12-way L2 cache, 4MB 64b/line 16-way L3 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Celeron(R) N5105 @ 2.00GHz, 2793.96 MHz, 06-9c-00, patch 2424 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SMEP,ERMS,RDSEED,SMAP,CLFLUSHOPT,CLWB,PT,SHA,UMIP,WAITPKG,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,MISC_PKG_CT,ENERGY_FILT,FB_CLEAR,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu2: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 64b/line 12-way L2 cache, 4MB 64b/line 16-way L3 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Celeron(R) N5105 @ 2.00GHz, 2793.95 MHz, 06-9c-00, patch 2424 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SMEP,ERMS,RDSEED,SMAP,CLFLUSHOPT,CLWB,PT,SHA,UMIP,WAITPKG,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,MISC_PKG_CT,ENERGY_FILT,FB_CLEAR,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu3: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 64b/line 12-way L2 cache, 4MB 64b/line 16-way L3 cache cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins acpiprt0 at acpi0: bus 0 (PC00) acpiprt1 at acpi0: bus -1 (RP01) acpiprt2 at acpi0: bus -1 (RP02) acpiprt3 at acpi0: bus 1 (RP03) acpiprt4 at acpi0: bus -1 (RP04) acpiprt5 at acpi0: bus 2 (RP05) acpiprt6 at acpi0: bus 3 (RP06) acpiprt7 at acpi0: bus 4 (RP07) acpiprt8 at acpi0: bus 5 (RP08) acpiprt9 at acpi0: bus -1 (RP09) acpiprt10 at acpi0: bus -1 (RP10) acpiprt11 at acpi0: bus -1 (RP11) acpiprt12 at
Re: [Raspberry Pi 4] Installing OpenBSD 7.5 with difficulty
On Tue, Apr 16, 2024 at 04:35:23PM +0100, Polarian wrote: > Does anyone have any suggestions on what I could try? Hi, I too have a RPI 4b that is currently my workstation. Near the time of release I was building my own base and packages, which was right near the times of the ld.so changes, things stopped working. For a while I was X11 forwarding browsers to this because everything else failed. I finally gave up, and installed a snapshot and packages from cdn. Right now everything seems to work great. My status report for you, -pjp PS: I'll share a dmesg (from /var/run/dmesg.boot) below my signature: -- my associated domains: callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de OpenBSD 7.5-current (GENERIC.MP) #11: Thu Apr 11 17:03:03 MDT 2024 dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP real mem = 4185792512 (3991MB) avail mem = 3971813376 (3787MB) random: good seed from bootblocks mainbus0 at root: ACPI psci0 at mainbus0: PSCI 1.0, SMCCC 1.1 efi0 at mainbus0: UEFI 2.7 efi0: EDK II rev 0x1 smbios0 at efi0: SMBIOS 3.0.0 smbios0: vendor Hetzner version "2017" date 11/11/2017 smbios0: Hetzner vServer cpu0 at mainbus0 mpidr 0: ARM Neoverse N1 r3p1 cpu0: 64KB 64b/line 4-way L1 PIPT I-cache, 64KB 64b/line 4-way L1 D-cache cpu0: 1024KB 64b/line 8-way L2 cache cpu0: DP,RDM,Atomic,CRC32,SHA2,SHA1,AES+PMULL,LRCPC,DPB,ASID16,PAN+ATS1E1,LO,HPDS,VH,HAFDBS,CSV3,CSV2,SSBS+MSR cpu1 at mainbus0 mpidr 1: ARM Neoverse N1 r3p1 cpu1: 64KB 64b/line 4-way L1 PIPT I-cache, 64KB 64b/line 4-way L1 D-cache cpu1: 1024KB 64b/line 8-way L2 cache apm0 at mainbus0 agintc0 at mainbus0 shift 4:4 nirq 288 nredist 2 ipi: 0, 1, 2: "interrupt-controller" agintcmsi0 at agintc0 agtimer0 at mainbus0: 25000 kHz acpi0 at mainbus0: ACPI 5.1 acpi0: sleep states acpi0: tables DSDT FACP APIC GTDT MCFG SPCR DBG2 IORT BGRT acpi0: wakeup devices acpimcfg0 at acpi0 acpimcfg0: addr 0x401000, bus 0-255 acpiiort0 at acpi0 "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured pluart0 at acpi0 COM0 addr 0x900/0x1000 irq 33 pluart0: console "LNRO0015" at acpi0 not configured "LNRO0015" at acpi0 not configured "QEMU0002" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured acpipci0 at acpi0 PCI0 pci0 at acpipci0 "Red Hat Host" rev 0x00 at pci0 dev 0 function 0 not configured virtio0 at pci0 dev 1 function 0 "Qumranet Virtio 1.x GPU" rev 0x01 viogpu0 at virtio0: 1024x768, 32bpp wsdisplay0 at viogpu0 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) virtio0: msix per-VQ ppb0 at pci0 dev 2 function 0 "Red Hat PCIE" rev 0x00: irq 37 pci1 at ppb0 bus 1 virtio1 at pci1 dev 0 function 0 "Qumranet Virtio 1.x Network" rev 0x01 vio0 at virtio1: address 96:00:02:1f:61:38 virtio1: msix shared ppb1 at pci0 dev 2 function 1 "Red Hat PCIE" rev 0x00: irq 37 pci2 at ppb1 bus 2 xhci0 at pci2 dev 0 function 0 "Red Hat xHCI" rev 0x01: msix, xHCI 0.0 usb0 at xhci0: USB revision 3.0 uhub0 at usb0 configuration 1 interface 0 "Red Hat xHCI root hub" rev 3.00/1.00 addr 1 ppb2 at pci0 dev 2 function 2 "Red Hat PCIE" rev 0x00: irq 37 pci3 at ppb2 bus 3 virtio2 at pci3 dev 0 function 0 "Qumranet Virtio 1.x Console" rev 0x01 virtio2: no matching child driver; not configured ppb3 at pci0 dev 2 function 3 "Red Hat PCIE" rev 0x00: irq 37 pci4 at ppb3 bus 4 virtio3 at pci4 dev 0 function 0 "Qumranet Virtio 1.x Memory Balloon" rev 0x01 viomb0 at virtio3 virtio3: irq 37 ppb4 at pci0 dev 2 function 4 "Red Hat PCIE" rev 0x00: irq 37 pci5 at ppb4 bus 5 virtio4 at pci5 dev 0 function 0 "Qumranet Virtio 1.x RNG" rev 0x01 viornd0 at virtio4 virtio4: irq 37 ppb5 at pci0 dev 2 function 5 "Red Hat PCIE" rev 0x00: irq 37 pci6 at ppb5 bus 6 virtio5 at pci6 dev 0 function 0 "Qumranet Virtio 1.x SCSI" rev 0x01 vioscsi0 at virtio5: qsize 128 scsibus0 at vioscsi0: 255 targets cd0 at scsibus0 targ 0 lun 0: removable sd0 at
Re: Firewall setup
First and most importantly, I would like to apologize to anyone who was disturbed by my conversation. It is not my intention to offend people. I may be curt, but that's not because it's in my character. In daily life I work with electronics and computers and am much less familiar with networks. I don't need this knowledge for what I do in daily life. It is therefore difficult for me to estimate what is important to link back to this mailing list. So if I am curt, please try to remember that it is not intentional, but a matter of lack of knowledge. Again, I don't want to hurt anyone. Second, the firewall. This is set up as a bridge with the following hardware: https://www.amazon.nl/dp/B0B6J89MXJ?ref=ppx_pop_dt_b_asin_image=1. The Ethernet connections ETH1 ... ETH4 are translated by OpenBSD to igc0 ... igc3. Connection igc0 is the input that goes to the ISDN modem, and igc1 and igc2 are the two outputs that go to the internal network. These two connections are more flexible for the underlying network. This makes it possible to connect two different networks, if desired, albeit with one and the same IP range (192.168.2.0/24), or two different networks, if so configured. So two possibilities (which is best?). So there is no need to use two connections at the same time, although this should be possible. Finally, connection igc3. This is given the IP address 192.168.2.252, because it is intended for remote administration, including upgrades. This connection will therefore not be part of the firewall bridge, and will therefore not appear in pf.conf. The internal network consists mainly of regular clients, so no email, web or name servers. These clients will work with Linux, mac OSX, or OpenBSD, but not Windows, but there will be a small file server or NAS. This file server or NAS is only intended for the clients in the network and has no connection to the internet. For now it is important to get ping and traceroute working properly, after which work on normal internet traffic can be started. What I'm wondering is whether I need NAT for my firewall configuration. This is my plan for my firewall. It seems to me that there are much more difficult configurations than this one. I hope there are still people who are willing to help me. Op 16-04-2024 om 07:24 schreef Peter N. M. Hansteen: I give up. The obviously incomplete, hand edited ifconfig output shows three interfaces that are (or appear to be, judging from the excerpts that we are given) not configured with IP addresses, two of which have a link, while the last does not. For reasons unknown these three are joined in a three-way bridge. >From the tiny crumbs of information you have deigned to reveal to us, it is not at all clear what it is you are trying to achieve. That this configuration does not do anything useful is however no surprise at all. Once you can describe what it is your Rube Goldberg contraption is supposed to do, competent people here might offer some advice on how to make things work properly. Until that happens, I for one will simply ignore anything from that source.
Compilation fails for port ruby-passenger - Openbsd 7.5
out/ruby/ruby-3.2.3-x86_64-openbsd7.5/' && make
compiling
/usr/ports/pobj/passenger-6.0.18-ruby32/gem-tmp/.gem/ruby/3.2/gems/passenger-6.0.18/src/ruby_native_extension/passenger_native_support.c
linking shared-object passenger_native_support.so
rm -r
/usr/ports/pobj/passenger-6.0.18-ruby32/gem-tmp/.gem/ruby/3.2/gems/passenger-6.0.18/bin/passenger-install-*-module
/usr/ports/pobj/passenger-6.0.18-ruby32/gem-tmp/.gem/ruby/3.2/bin/passenger-install-*-module*
mv
/usr/ports/pobj/passenger-6.0.18-ruby32/gem-tmp/.gem/ruby/3.2/gems/passenger-6.0.18/src/.passenger/support-binaries/6.0.18/*
/usr/ports/pobj/passenger-6.0.18-ruby32/gem-tmp/.gem/ruby/3.2/gems/passenger-6.0.18/buildout/support-binaries/
mv:
/usr/ports/pobj/passenger-6.0.18-ruby32/gem-tmp/.gem/ruby/3.2/gems/passenger-6.0.18/src/.passenger/support-binaries/6.0.18/*:
No such file or directory
*** Error 1 in . (Makefile:76 'post-build')
*** Error 2 in . (/usr/ports/infrastructure/mk/bsd.port.mk:3065
'/usr/ports/pobj/passenger-6.0.18-ruby32/.build_done': @cd /usr/ports/www/ru...)
*** Error 2 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2235
'/usr/ports/packages/amd64/all/ruby32-passenger-6.0.18p1.tgz': @cd /usr/port...)
*** Error 2 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2725
'_internal-package': @case X${_DEPENDS_CACHE} in X) _DEPENDS_CACHE=$( mktem...)
*** Error 2 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2704 'package': @:;
cd /usr/ports/www/ruby-passenger && PKGPATH=www/ruby-passenge...)
*** Error 2 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2256
'/var/db/pkg/ruby32-passenger-6.0.18p1/+CONTENTS': @cd /usr/ports/www/ruby-p...)
*** Error 2 in /usr/ports/www/ruby-passenger
(/usr/ports/infrastructure/mk/bsd.port.mk:2704 'install':
@lock=ruby32-passenger-6.0.18p1; exp...)
Even when I create the missing directory
# mkdir
/usr/ports/pobj/passenger-6.0.18-ruby32/gem-tmp/.gem/gems/passenger-6.0.18/src/helper-scripts/download_binaries/.gem.20240416-13679-gf836h
It still fails
===> Building for ruby32-passenger-6.0.18p1
if [ -f /usr/ports/pobj/passenger-6.0.18-ruby32/passenger-6.0.18/.metadata ];
then cd /usr/ports/pobj/passenger-6.0.18-ruby32/passenger-6.0.18 && gzip
.metadata && mv -f .metadata.gz
/usr/ports/pobj/passenger-6.0.18-ruby32/gem-content/metadata.gz; fi; cd
/usr/ports/pobj/passenger-6.0.18-ruby32/passenger-6.0.18 && pax -wz -s
'/.*\.orig\.port$//' -x ustar -o write_opt=nodir .
>/usr/ports/pobj/passenger-6.0.18-ruby32/gem-content/data.tar.gz; cd
/usr/ports/pobj/passenger-6.0.18-ruby32/gem-content && tar -cf
/usr/ports/pobj/passenger-6.0.18-ruby32/passenger-6.0.18.gem *.gz; mkdir -p
/usr/ports/pobj/passenger-6.0.18-ruby32/gem-tmp/.gem; env -i
PORTSDIR="/usr/ports" LIBTOOL="/usr/bin/libtool"
PATH='/usr/ports/pobj/passenger-6.0.18-ruby32/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11R6/bin'
PREFIX='/usr/local' LOCALBASE='/usr/local' X11BASE='/usr/X11R6' CFLAGS='-O2
-pipe' TRUEPREFIX='/usr/local' DESTDIR=''
HOME='/passenger-6.0.18_writes_to_HOME' PICFLAG="-fpic" BINGRP=bin BINOWN=root
BINMODE=755 NONBINMODE=644 DIRMODE=755 INSTALL_COPY=-c INSTALL_STRIP=-s
MANGRP=bin MANOWN=root MANMODE=644
BSD_INSTALL_PROGRAM="/usr/ports/pobj/passenger-6.0.18-ruby32/bin/install -c -s
-m 755"
BSD_INSTALL_SCRIPT="/usr/ports/pobj/passenger-6.0.18-ruby32/bin/install -c -m
755" BSD_INSTALL_DATA="/usr/ports/pobj/passenger-6.0.18-ruby32/bin/install -c
-m 644" BSD_INSTALL_MAN="/usr/ports/pobj/passenger-6.0.18-ruby32/bin/install
-c -m 644"
BSD_INSTALL_PROGRAM_DIR="/usr/ports/pobj/passenger-6.0.18-ruby32/bin/install -d
-m 755"
BSD_INSTALL_SCRIPT_DIR="/usr/ports/pobj/passenger-6.0.18-ruby32/bin/install -d
-m 755"
BSD_INSTALL_DATA_DIR="/usr/ports/pobj/passenger-6.0.18-ruby32/bin/install -d -m
755" BSD_INSTALL_MAN_DIR="/usr/ports/pobj/passenger-6.0.18-ruby32/bin/install
-d -m 755" HOME=`dirname /usr/ports/pobj/passenger-6.0.18-ruby32/gem-tmp/.gem`
GEM_HOME=/usr/ports/pobj/passenger-6.0.18-ruby32/gem-tmp/.gem make="make V=1"
/usr/local/bin/gem32 install --local -N --no-force --verbose --backtrace
--user-install /usr/ports/pobj/passenger-6.0.18-ruby32/passenger-6.0.18.gem --
ERROR: Error installing
/usr/ports/pobj/passenger-6.0.18-ruby32/passenger-6.0.18.gem:
ERROR: Failed to build gem native extension.
No such file or directory @ dir_s_mkdir -
/usr/ports/pobj/passenger-6.0.18-ruby32/gem-tmp/.gem/gems/passenger-6.0.18/src/helper-scripts/download_binaries/.gem.20240416-20236-oa3op9
Gem files will remain installed in
/usr/ports/pobj/passenger-6.0.18-ruby32/gem-tmp/.gem/gems/passenger-6.0.18 for
inspection.
Results logged to
/usr/ports/pobj/passenger-6.0.18-ruby32/gem-tmp/.gem/extensions/x86_64-openbsd/3.2/passenger-6.0.18/gem_make.out
*** Error 1 in . (/usr/ports/lang/ruby/ruby.port.mk:23
Re: Firewall setup
On Tue, Apr 16, 2024 at 12:01:38AM +0200, Karel Lucas wrote: > > Op 15-04-2024 om 22:20 schreef Peter N. M. Hansteen: > > On Mon, Apr 15, 2024 at 10:09:31PM +0200, Karel Lucas wrote: > > > This gives the following error messages when booting: > > > no IP address found for igc1:network > > > /etc/pf.conf:41: could not parse host specification > > > no IP address found for igc2:network > > > /etc/pf.conf:42: could not parse host specification > > This sounds to me like those interfaces either do not exist or > > have not been correctly configured. > > > > Are those interfaces configured, as in do they have IP addresses? > > > > the output of ifconfig igc1 and ifconfig igc2 will show you. > > > Output from ifconfig igc0: > igc0: flags=8b43 > mtu 1500 > lladdr 7c:2b:e1:13:dd:f4 > index 1 priority 0 llprio 3 > media: Ethernet autoselect (1000baseT full-duplex) > sratus: active > > Output from ifconfig igc1: > igc1: flags=8b43 > mtu 1500 > lladdr 7c:2b:e1:13:dd:f5 > index 2 priority 0 llprio 3 > media: Ethernet autoselect (1000baseT full-duplex) > sratus: active > > Output from ifconfig igc2: > igc2: flags=8b43 > mtu 1500 > lladdr 7c:2b:e1:13:dd:f6 > index 3 priority 0 llprio 3 > media: Ethernet autoselect (none) > status: no carrier > > /etc/hostname.bridge0: > add igc0 add igc1 add igc2 blocknonip igc0 blocknonip igc1 blocknonip igc2 > up > > /etc/hostname.igc0: > up > > /etc/hostname.igc1: > up > > /etc/hostname.igc2: > up > Either Stuart is right, and you are trying to put up some weird firewall, or Diana is right, and you are way out of your depth and need to learn some of the basics of IPv4 networking. Or they are both right. Any other way, Peter is also right: you have been giving us information piecemeal, and not only this doesn't help you to solve your problems, it can be frustrating for the rest of us, because you've (involuntarily) been wasting our time, chasing the wrong problem. Your issues seem to be broader than just configuring PF. Incidentally, this is also an example on why copying/pasting stuff into your machine is often a bad idea. You need to understand what you are putting in there, bit by bit. Otherwise either it will fail immediately (as in your case) or it will fail later on the first time you try to tweak it. And with a firewall being key in network security, you'll really want to get it right. There is no harm in not knowing things, no one is born knowing what a routing table is, we've all had to start somewhere (I hope you don't find this patronizing, that's really not the point). And, as you've just seen, despite this mailing list having a reputation of being unfriendly, you've got plenty of people willing to help. There are just a few steps you need to take _on your own_ first. Peter's book is great for PF, as is the PF user's guide [1]. For the networking bits you can also take a look at the respective chapters on Michael W. Lucas' "Absolute OpenBSD" [2]. Palmer and Nazario's "Secure architectures with OpenBSD" also helped me a lot with system administration in general, back in the day. Others might have other suggestions, I'm sure there's a ton of stuff out there. [1] https://www.openbsd.org/faq/pf/index.html [2] https://www.michaelwlucas.com/os/ao2e --
