howto using openbsd fdisk because my slice not detek from linux?

2009-01-20 Thread my mail
i have buy new ata hdd, and for the first, i try to install openbsd 4.4. i have 
succes make partition using openbsd fdisk because i don't want use all of disk 
into openbsd, i can boot into openbsd after installation complete

but when i try to install linux as secon OS, why this slice not detek by linux 
fdisk?



İŞ ELBİSELERİNDE KALİTE UYGUN FİYATA

2009-01-20 Thread OĞUZ İŞ ELBİSELERİ
]^ Elbiselerinde, Kis Kampanyamiz Basladi.

  Bizim icin musteri memnuniyeti herseyden once gelir.

Sizlerle de calismaktan mutluluk duyariz.

oguz is elbiseleri



KISLIK SWEATSHORT(CEP NAKISLI) : 11.00YTL

IS ONLUGU ALPAKA -GABARDIN(CEP NAKISLI ) : 13.00YTL

PANTOLON GABARDIN : 12.00 YTL

IS AYAKKABISI (ÇELIK BURUNLU) : 20.00YTL


ASKILI TULUM GABARDIN ( NAKISLI ) : 17.00YTL


FOSFORLU YELEK : 6.50 YTL

SAPKA PAMUK (TEK RENK BASKILI) : 2.50YTL






LUTFEN DAHA DETAYLI BILGI ICIN BIZI ARAYINIZ


]shak TASKIRAN

Tel :0212 324 02 66

Fax: :0212 281 67 58

GSM :0533 685 54 60


MA]L :-oguzisgi...@gmail.com



REFERANSLARIMIZDAN BAZILARI

MUDO MAGAZALARI

KOSKA HELVACISI

SNOWY MARKETLERI

SARIYER MARKETLERI

HAPPY CENTER MARKETLERI

ALPARK MARKETLER]

TATLICI TOMBAK

PIRLANTA BAKL]YAT





KEB]R SÜR ÜRÜNLER]

YORSAN

DANET

OZLEM ET

KEBIR SUT

SEYIDOGLU

GRIPIN

HISAR ÇATAL KA^IK

KALE KILIT

AFYON MERMER



Re: Sending email in Apache chroot?

2009-01-20 Thread Sunnz
So in summary, the following was done:

- Setup sendmail such as the sendmail that came with OpenBSD or use
some other agent like Postfix such that you can do a `dmesg | mail -s
"Sony VAIO 505R laptop, apm works OK" dm...@openbsd.org` on the
command line.

- Install femail-chroot from package, this places a binary called
femail in /var/www/bin/

- Change sendmain_path in php.ini. This defaults to "sendmail -t -i".
Change it to "/bin/femail -t -i"

- cp /bin/ksh /var/www/bin/; cp /bin/sh /var/www/bin/;
"femail itself does not use or need sh. whatever invokes it might need
it.", Henning Brauer.



Re: Sending email in Apache chroot?

2009-01-20 Thread Sunnz
2009/1/21 Amitabh Kant :
> Hi
>
> See if this link is of any use to you.
>
> http://kerneltrap.org/mailarchive/openbsd-misc/2007/10/15/343352/thread
>
>
> With regards
>
> Amitabh
>

Oh thank you very much this has solved the final piece of the
puzzle!!! It all works now!! Thanks again!!



-- 
This e-mail may be confidential. You may not copy, forward or use any
part. Note that all disclaimers on the Internet are of zero legal
effectiveness however.
http://www.goldmark.org/jeff/stupid-disclaimers/



Re: Sending email in Apache chroot?

2009-01-20 Thread Amitabh Kant
Hi

See if this link is of any use to you.

http://kerneltrap.org/mailarchive/openbsd-misc/2007/10/15/343352/thread


With regards

Amitabh



Re: Sending email in Apache chroot?

2009-01-20 Thread Sunnz
2009/1/21 Sunnz :
> 2009/1/21 Henning Brauer :
>> * Sunnz  [2009-01-20 17:48]:
>>> Ok so I have copied /etc/resolv.conf to /var/www/etc/...
>>>
>>> Now it says:
>>>
>>> femail: rcpt to chr...@civicquire.net refused by server
>>
>> "refused by server" not enough of a hint?
>>
>
> Ok my mistake, I mis-spelt the e-mail address. (DOH!)
>
> So this command works now:
>
> chroot -g www -u www /var/www/ /bin/femail -v -t -i m...@myaddress.com
>
> However it still doesn't work from within Apache/PHP... I even called
> phpinfo() in a PHP script and examined what sendmail_path it set to,
> it is indeed /bin/femail -t -i...
>

Ok I noticed that the mail() function in PHP returns false, so it has
something to do with PHP itself I guess? However I were not able to
get PHP to print out any errors, so I am lost again here...
display_errors is On in php.ini...

-- 
This e-mail may be confidential. You may not copy, forward or use any
part. Note that all disclaimers on the Internet are of zero legal
effectiveness however.
http://www.goldmark.org/jeff/stupid-disclaimers/



Re: Sending email in Apache chroot?

2009-01-20 Thread Sunnz
2009/1/21 Henning Brauer :
> * Sunnz  [2009-01-20 17:48]:
>> Ok so I have copied /etc/resolv.conf to /var/www/etc/...
>>
>> Now it says:
>>
>> femail: rcpt to chr...@civicquire.net refused by server
>
> "refused by server" not enough of a hint?
>

Ok my mistake, I mis-spelt the e-mail address. (DOH!)

So this command works now:

chroot -g www -u www /var/www/ /bin/femail -v -t -i m...@myaddress.com

However it still doesn't work from within Apache/PHP... I even called
phpinfo() in a PHP script and examined what sendmail_path it set to,
it is indeed /bin/femail -t -i...

-- 
This e-mail may be confidential. You may not copy, forward or use any
part. Note that all disclaimers on the Internet are of zero legal
effectiveness however.
http://www.goldmark.org/jeff/stupid-disclaimers/



Re: Sending email in Apache chroot?

2009-01-20 Thread Sunnz
2009/1/21 Henning Brauer :
> * Sunnz  [2009-01-20 17:48]:
>> Ok so I have copied /etc/resolv.conf to /var/www/etc/...
>>
>> Now it says:
>>
>> femail: rcpt to chr...@civicquire.net refused by server
>
> "refused by server" not enough of a hint?
>

Well the same address and everything worked without chroot, so I am
not sure what is needed inside of the chroot to make this work.

-- 
This e-mail may be confidential. You may not copy, forward or use any
part. Note that all disclaimers on the Internet are of zero legal
effectiveness however.
http://www.goldmark.org/jeff/stupid-disclaimers/



Re: Router ping one way only

2009-01-20 Thread Martin Toft
It just looks like your Vista laptop does not reply to ICMP requests for
some reason. As this is a Windows specific problem, I will not try to
solve it. Your tcpdump shows that the laptop uses the router perfectly
fine as a gateway to reach the world, i.e. if the laptop responded with
an ICMP reply, the reply would end up the right place.

Martin



Re: Problem with pptp

2009-01-20 Thread Gull Labs
and when I can't connect daemon log is like:

Jan 21 02:50:26 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(139)
state = Opened
Jan 21 02:50:26 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(139)
state = Opened
Jan 21 02:50:27 gullabs ppp[7913]: tun0: IPCP: deflink: Error: Unexpected
IPCP in phase Authenticate (ignored)
Jan 21 02:50:35 gullabs last message repeated 4 times
Jan 21 02:50:36 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(140)
state = Opened
Jan 21 02:50:36 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(140)
state = Opened
Jan 21 02:50:46 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(141)
state = Opened
Jan 21 02:50:46 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(141)
state = Opened
Jan 21 02:50:56 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(142)
state = Opened
Jan 21 02:50:56 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(142)
state = Opened
Jan 21 02:50:57 gullabs ppp[7913]: tun0: IPCP: deflink: Error: Unexpected
IPCP in phase Authenticate (ignored)
Jan 21 02:51:05 gullabs last message repeated 4 times

2009/1/21 Mukhitdinov Manzur 

> and when I can't connect daemon log is like:
>
> Jan 21 02:50:26 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(139)
> state = Opened
> Jan 21 02:50:26 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(139)
> state = Opened
> Jan 21 02:50:27 gullabs ppp[7913]: tun0: IPCP: deflink: Error: Unexpected
> IPCP in phase Authenticate (ignored)
> Jan 21 02:50:35 gullabs last message repeated 4 times
> Jan 21 02:50:36 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(140)
> state = Opened
> Jan 21 02:50:36 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(140)
> state = Opened
> Jan 21 02:50:46 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(141)
> state = Opened
> Jan 21 02:50:46 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(141)
> state = Opened
> Jan 21 02:50:56 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(142)
> state = Opened
> Jan 21 02:50:56 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(142)
> state = Opened
> Jan 21 02:50:57 gullabs ppp[7913]: tun0: IPCP: deflink: Error: Unexpected
> IPCP in phase Authenticate (ignored)
> Jan 21 02:51:05 gullabs last message repeated 4 times
>
> 2009/1/21 Gull Labs 
>
> Hi! I've Openbsd 4.4 with default kernel and connection to Internet by
>> pptp. Problem is sometimes it connects but sometimes doesn't. But in most
>> cases when it connects it pings any host with message:
>>
>> ping: sendto: No buffer space available
>> ping: wrote ya.ru 64 chars, ret=-1
>>
>> Here some files:
>>
>> 1. hostname.fxp0
>>
>> dhcp NONE NONE NONE
>> !route add -host vpn.provider.net 10.129.0.17
>> !route add 85.21/16 10.129.0.17
>> !route add 195.14.32/19 10.129.0.17
>> !route add 10/8 10.129.0.17
>>
>> 2. hostname.tun0
>>
>> !/usr/sbin/ppp -ddial corbina >/dev/null 2>&1
>>
>> 3. ppp.conf
>>
>> default:
>> set log Phase Chat LCP IPCP CCP tun command
>> disable ipv6cp
>> corbina:
>> set device "!/usr/sbin/pptp vpn.provider.net --nolaunchpppd"
>> set timeout 0
>> set authname 
>> set authkey 
>> set login
>> set ifaddr 85.81.225.18 10.129.0.17/0
>> add! default HISADDR
>>
>> 4. /var/log/daemon
>>
>> Jan 20 23:29:48 gullabs ppp[17136]: tun0: Chat: deflink: Redial timer
>> expired.
>> Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: Connected!
>> Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: opening -> dial
>> Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: dial -> carrier
>> Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: carrier -> login
>>
>> Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: login -> lcp
>> Jan 20 23:29:48 gullabs ppp[17136]: tun0: LCP: FSM: Using "deflink" as a
>> transport
>> Jan 20 23:29:48 gullabs ppp[17136]: tun0: LCP: deflink: State change
>> Initial --> Closed
>> Jan 20 23:29:48 gullabs ppp[17136]: tun0: LCP: deflink: State change
>> Closed --> Stopped
>> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: deflink: LayerStart
>> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22)
>> state = Stopped
>> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP:  ACFCOMP[2]
>> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP:  PROTOCOMP[2]
>> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP:  ACCMAP[6] 0x
>> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP:  MRU[4] 1500
>> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP:  MAGICNUM[6] 0x02bcea78
>> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: deflink: State change
>> Stopped --> Req-Sent
>> Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22)
>> state = Req-Sent
>> Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP:  ACFCOMP[2]
>> Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP:  PROTOCOMP[2]
>> Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP:  ACCMAP[6] 0x
>> Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP:  MRU[4] 1500
>> Jan 20 23:29:52 gullabs ppp[17136]: tun0:

Re: Problem with pptp

2009-01-20 Thread Mukhitdinov Manzur
and when I can't connect daemon log is like:

Jan 21 02:50:26 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(139)
state = Opened
Jan 21 02:50:26 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(139)
state = Opened
Jan 21 02:50:27 gullabs ppp[7913]: tun0: IPCP: deflink: Error: Unexpected
IPCP in phase Authenticate (ignored)
Jan 21 02:50:35 gullabs last message repeated 4 times
Jan 21 02:50:36 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(140)
state = Opened
Jan 21 02:50:36 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(140)
state = Opened
Jan 21 02:50:46 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(141)
state = Opened
Jan 21 02:50:46 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(141)
state = Opened
Jan 21 02:50:56 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(142)
state = Opened
Jan 21 02:50:56 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(142)
state = Opened
Jan 21 02:50:57 gullabs ppp[7913]: tun0: IPCP: deflink: Error: Unexpected
IPCP in phase Authenticate (ignored)
Jan 21 02:51:05 gullabs last message repeated 4 times

2009/1/21 Gull Labs 

> Hi! I've Openbsd 4.4 with default kernel and connection to Internet by
> pptp. Problem is sometimes it connects but sometimes doesn't. But in most
> cases when it connects it pings any host with message:
>
> ping: sendto: No buffer space available
> ping: wrote ya.ru 64 chars, ret=-1
>
> Here some files:
>
> 1. hostname.fxp0
>
> dhcp NONE NONE NONE
> !route add -host vpn.provider.net 10.129.0.17
> !route add 85.21/16 10.129.0.17
> !route add 195.14.32/19 10.129.0.17
> !route add 10/8 10.129.0.17
>
> 2. hostname.tun0
>
> !/usr/sbin/ppp -ddial corbina >/dev/null 2>&1
>
> 3. ppp.conf
>
> default:
> set log Phase Chat LCP IPCP CCP tun command
> disable ipv6cp
> corbina:
> set device "!/usr/sbin/pptp vpn.provider.net --nolaunchpppd"
> set timeout 0
> set authname 
> set authkey 
> set login
> set ifaddr 85.81.225.18 10.129.0.17/0
> add! default HISADDR
>
> 4. /var/log/daemon
>
> Jan 20 23:29:48 gullabs ppp[17136]: tun0: Chat: deflink: Redial timer
> expired.
> Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: Connected!
> Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: opening -> dial
> Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: dial -> carrier
> Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: carrier -> login
> Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: login -> lcp
> Jan 20 23:29:48 gullabs ppp[17136]: tun0: LCP: FSM: Using "deflink" as a
> transport
> Jan 20 23:29:48 gullabs ppp[17136]: tun0: LCP: deflink: State change
> Initial --> Closed
> Jan 20 23:29:48 gullabs ppp[17136]: tun0: LCP: deflink: State change Closed
> --> Stopped
> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: deflink: LayerStart
> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22)
> state = Stopped
> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP:  ACFCOMP[2]
> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP:  PROTOCOMP[2]
> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP:  ACCMAP[6] 0x
> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP:  MRU[4] 1500
> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP:  MAGICNUM[6] 0x02bcea78
> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: deflink: State change
> Stopped --> Req-Sent
> Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22)
> state = Req-Sent
> Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP:  ACFCOMP[2]
> Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP:  PROTOCOMP[2]
> Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP:  ACCMAP[6] 0x
> Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP:  MRU[4] 1500
> Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP:  MAGICNUM[6] 0x02bcea78
> Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22)
> state = Req-Sent
> Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP:  ACFCOMP[2]
> Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP:  PROTOCOMP[2]
> Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP:  ACCMAP[6] 0x
> Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP:  MRU[4] 1500
> Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP:  MAGICNUM[6] 0x02bcea78
> Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22)
> state = Req-Sent
> Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP:  ACFCOMP[2]
> Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP:  PROTOCOMP[2]
> Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP:  ACCMAP[6] 0x
> Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP:  MRU[4] 1500
> Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP:  MAGICNUM[6] 0x02bcea78
> Jan 20 23:30:01 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22)
> state = Req-Sent
> Jan 20 23:30:01 gullabs ppp[17136]: tun0: LCP:  ACFCOMP[2]
> Jan 20 23:30:01 gullabs ppp[17136]: tun0: LCP:  PROTOCOMP[2]
> Jan 20 23:30:01 gullabs ppp[17136]: tun0: LCP:  ACCMAP[6] 0x
> Jan 20 23:30:01 gullabs ppp[17136]: tun0: LCP:  MRU[4] 1500
> Jan 20 23:30:0

Re: Router ping one way only

2009-01-20 Thread duxbuz
I have a lot of info here, but first, seems I cannot ping the Vista client
from the router. Firewall is off... but no ping response. I will post the
tcpdump of this first cause it maybe waht was mentioned earlier is
happening, then i have other info requested.

Jan 21 00:27:58.595813 rule 1/(match) pass out on em0: 172.16.0.254 >
172.16.0.6: icmp: echo request
Jan 21 00:28:21.823488 rule 0/(match) pass in on em0: 172.16.0.6.1948 >
212.58.250.36.443: udp 16
Jan 21 00:28:21.823504 rule 1/(match) pass out on em0: 172.16.0.6.1948 >
212.58.250.36.443: udp 16
Jan 21 00:28:59.005518 rule 0/(match) pass in on em0: 172.16.0.6.62210 >
212.23.3.100.53:[|domain]
Jan 21 00:28:59.005533 rule 1/(match) pass out on em0: 172.16.0.6.62210 >
212.23.3.100.53:[|domain]
Jan 21 00:28:59.007138 rule 0/(match) pass in on em0: 172.16.0.6.63700 >
216.239.59.100.80: [|tcp] (DF)
Jan 21 00:28:59.007149 rule 1/(match) pass out on em0: 172.16.0.6.63700 >
216.239.59.100.80: [|tcp] (DF)
Jan 21 00:28:59.042267 rule 0/(match) pass in on em0: 172.16.0.6.63701 >
212.23.3.98.110: [|tcp] (DF)
Jan 21 00:28:59.042279 rule 1/(match) pass out on em0: 172.16.0.6.63701 >
212.23.3.98.110: [|tcp] (DF)


Router Info:

# route -n show -inet
Routing tables

Internet:
DestinationGatewayFlagsRefs  UseMtu 
Interface
default172.16.0.1 UGS 1 3373  -   em0
127/8  127.0.0.1  UGRS00  33208   lo0
127.0.0.1  127.0.0.1  UH  00  33208   lo0
172.16.0/24link#4 UC  20  -   em0
172.16.0.1 00:19:e8:ea:5a:0c  UHLc10  -   em0
172.16.0.6 00:1c:bf:0e:af:26  UHLc2  322  -   em0
192.168.0/24   link#3 UC  10  -   rl0
192.168.0.10   00:e0:00:9b:07:c3  UHLc1   48  -   rl0
224/4  127.0.0.1  URS 00  33208   lo0


# pfctl -sr
pass in log all flags S/SA keep state
pass out log all flags S/SA keep state

# pfctl -sn
#


 ifconfig

rl0: flags=8843 mtu 1500
lladdr 00:08:54:36:16:a0
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::208:54ff:fe36:16a0%rl0 prefixlen 64 scopeid 0x3
inet 192.168.0.254 netmask 0xff00 broadcast 192.168.0.255
em0: flags=8843 mtu 1500
lladdr 00:12:3f:35:e6:2d
groups: egress
media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
status: active
inet6 fe80::212:3fff:fe35:e62d%em0 prefixlen 64 scopeid 0x4
inet 172.16.0.254 netmask 0xff00 broadcast 172.16.0.255
enc0: flags=0<> mtu 1536
pflog0: flags=141 mtu 33208
groups: pflog



Ubuntu Info:

laptop:~$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse
Iface
192.168.0.0 0.0.0.0 255.255.255.0   U 0  00 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000   00 eth0
0.0.0.0 192.168.0.254   0.0.0.0 UG0  00 eth0


Vista laptop Info:

IPv4 Route Table
===
Active Routes:
Network DestinationNetmask  Gateway   Interface  Metric
  0.0.0.0  0.0.0.0 172.16.0.254   172.16.0.6286
127.0.0.0255.0.0.0 On-link 127.0.0.1306
127.0.0.1  255.255.255.255 On-link 127.0.0.1306
  127.255.255.255  255.255.255.255 On-link 127.0.0.1306
   172.16.0.0255.255.255.0 On-link172.16.0.6286
   172.16.0.6  255.255.255.255 On-link172.16.0.6286
 172.16.0.255  255.255.255.255 On-link172.16.0.6286
224.0.0.0240.0.0.0 On-link 127.0.0.1306
224.0.0.0240.0.0.0 On-link172.16.0.6286
  255.255.255.255  255.255.255.255 On-link 127.0.0.1306
  255.255.255.255  255.255.255.255 On-link172.16.0.6286
===
Persistent Routes:
  Network Address  Netmask  Gateway Address  Metric
  0.0.0.0  0.0.0.0 172.16.0.254  Default 
  0.0.0.0  0.0.0.0192.168.0.254  Default 



There is a lot there! 



Martin Toft-2 wrote:
> 
> On Tue, Jan 20, 2009 at 02:25:33PM -0800, duxbuz wrote:
>> Thanks for reply. Both of you.
> 
> No problem. I think it will be easy to point out the problem, if you
> post more details:
> 
> - ifconfig, 'route -n show -inet', 'pfctl -sr' and 'pfctl -sn' on the
>   router.
> - ifconfig and 'route -n' on the Ubuntu machine.
> - Something like the above on the Windows machine(s).
> 
> Check that you haven't made a typo somewhere wrt. the 172.16.x.y
> addresses and associated netmasks.

Re: OpenBSD 4.4 pf+vlan+bridge problem

2009-01-20 Thread Key Aavoja

Quoting Stuart Henderson :


On 2009-01-20, Key Aavoja  wrote:

Wouldn't it be better to not use the bridge and use (multicast-)routing
and pf to solve your problem?


Multicast routing with "dvrmpd" is tested with pf, does not work. the
same thing happens, if streamX is allowed to pass out on vlanX and
streamY is allowed to pass out on vlanY, result is pretty similar:
vlanX outputs both streams (streamX, streamY) and the same thing with
vlanY.


if you get rid of the bridge and change it for a routed setup with
igmpproxy (it's in packages), does that do what you're looking for?


pf is not 100% percent multicast compat.?


see the last couple of paragraphs of my earlier post about that -
fine when it's routed, some limitations as a bridge.



Thanks, I read and now I understand completely.

Btw. test with dvrmpd was without a bridge, but pf filtering on "out"
@ vlans had same results as with bridge. Using a igmpproxy in my setup
is not a option because equipments expecting a stream are sometimes
"far away" in network topology and cannot be sure, that igmp-join is
always received.

Anyway for others who are googling multicast & bridge topics:
I found a "workaround".

Use Linux 2.6 kernel + vlan + bridge + ebtables.
Net setup will be the same, all what you need to add on your own script is:

#!/bin/bash

#default policy to drop everything (no matter which protocol).
ebtables -P FORWARD DROP

#flush existing rules.
ebtables -F

#now the exceptions
ebtables -A FORWARD -i eth0.1100 -o eth1.1101 -p IPv4 --ip-dst
239.16.1.1 -j ACCEPT
ebtables -A FORWARD -i eth0.1100 -o eth1.1102 -p IPv4 --ip-dst
239.16.1.2 -j ACCEPT
ebtables -A FORWARD -i eth0.1100 -o eth1.1103 -p IPv4 --ip-dst
239.16.1.3 -j ACCEPT

/etc/init.d/ebtables save && echo "ebtables: rules updated!"

Thats all what you need to do!

Machine with two broadcom interfaces (not so good as intel) , 2GHz
xeon (dual core)
has acceptable performance: load: 0.00, cpu:0%, interrupts:eth0=6800;
eth1=4300 90Mbit/s is the traffic on eth1 and pkt/s=8000

* This setup is giving a gaurantee, that no SpanningTree and other
messages does not travel between interfaces, and vlans are staying
still "separated"


Key



Re: Router ping one way only

2009-01-20 Thread Andres Genovez
Hi check firewall settings and also you can do a Traceroute to the problem
machine.

Maybe 2 same Ips???

2009/1/20 Jason Dixon 

> On Tue, Jan 20, 2009 at 02:25:33PM -0800, duxbuz wrote:
> > Thanks for reply. Both of you.
> >
> > I pinged from client to router, on both routers interfaces 172.16.0.254
> and
> > 192.168.0.254.
> >
> > # tcpdump -n -e -ttt -i pflog0
> > tcpdump: listening on pflog0, link-type PFLOG
> > Jan 20 23:10:58.644031 rule 0/(match) pass in on rl0: 192.168.0.10 >
> > 192.168.0.254: icmp: echo request (DF)
> > Jan 20 23:11:06.977914 rule 0/(match) pass in on rl0: 192.168.0.10 >
> > 172.16.0.254: icmp: echo request (DF)
> > Jan 20 23:11:20.879285 rule 0/(match) pass in on em0: 172.16.0.6.1948 >
> > 212.58.250.36.443: udp 16
> > Jan 20 23:11:20.879301 rule 1/(match) pass out on em0: 172.16.0.6.1948 >
> > 212.58.250.36.443: udp 16
> >
> > Going back to what Martin said, I can ping to either  client, on either
> > subnet, from router. I can even ping through router from 172 subnet to
> 192
> > subnet, just not the other way. And it doesn't look like there are any
> rules
> > in the Iptables ruleset.
>
> It smells of routing.  Check the tables on each client and see if
> they're going through a different gateway than you expect.
>
> --
> Jason Dixon
> DixonGroup Consulting
> http://www.dixongroup.net/
>
>


--
Atentamente

Andris Genovez Tobar / Departamento Tecnico
COMERCIAL SALVADOR PACHECO MORA S.A. / DESDE 1945
SPM TECNOLOGIAS
Cuenca, Luis Cordero 9-70 y Gran Colombia
Av. 27 de Febrero y Jacinto Flores
Telifono. 593-7-2842388 ext 103
Fax. 593-7-2842388 ext 120
Celular 593-97670874
  593-96816996 Alegro
Mail: ageno...@cspmsa.com
Viaje: andresgeno...@gmail.com
www.cspmsa.com
www.crice.org



Re: Router ping one way only

2009-01-20 Thread Martin Toft
On Tue, Jan 20, 2009 at 02:25:33PM -0800, duxbuz wrote:
> Thanks for reply. Both of you.

No problem. I think it will be easy to point out the problem, if you
post more details:

- ifconfig, 'route -n show -inet', 'pfctl -sr' and 'pfctl -sn' on the
  router.
- ifconfig and 'route -n' on the Ubuntu machine.
- Something like the above on the Windows machine(s).

Check that you haven't made a typo somewhere wrt. the 172.16.x.y
addresses and associated netmasks.

Martin



Re: Router ping one way only

2009-01-20 Thread Jason Dixon
On Tue, Jan 20, 2009 at 02:25:33PM -0800, duxbuz wrote:
> Thanks for reply. Both of you.
> 
> I pinged from client to router, on both routers interfaces 172.16.0.254 and
> 192.168.0.254.
> 
> # tcpdump -n -e -ttt -i pflog0
> tcpdump: listening on pflog0, link-type PFLOG
> Jan 20 23:10:58.644031 rule 0/(match) pass in on rl0: 192.168.0.10 >
> 192.168.0.254: icmp: echo request (DF)
> Jan 20 23:11:06.977914 rule 0/(match) pass in on rl0: 192.168.0.10 >
> 172.16.0.254: icmp: echo request (DF)
> Jan 20 23:11:20.879285 rule 0/(match) pass in on em0: 172.16.0.6.1948 >
> 212.58.250.36.443: udp 16
> Jan 20 23:11:20.879301 rule 1/(match) pass out on em0: 172.16.0.6.1948 >
> 212.58.250.36.443: udp 16
> 
> Going back to what Martin said, I can ping to either  client, on either
> subnet, from router. I can even ping through router from 172 subnet to 192
> subnet, just not the other way. And it doesn't look like there are any rules
> in the Iptables ruleset.

It smells of routing.  Check the tables on each client and see if
they're going through a different gateway than you expect.

-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/



Re: Router ping one way only

2009-01-20 Thread duxbuz
Thanks for reply. Both of you.

I pinged from client to router, on both routers interfaces 172.16.0.254 and
192.168.0.254.

# tcpdump -n -e -ttt -i pflog0
tcpdump: listening on pflog0, link-type PFLOG
Jan 20 23:10:58.644031 rule 0/(match) pass in on rl0: 192.168.0.10 >
192.168.0.254: icmp: echo request (DF)
Jan 20 23:11:06.977914 rule 0/(match) pass in on rl0: 192.168.0.10 >
172.16.0.254: icmp: echo request (DF)
Jan 20 23:11:20.879285 rule 0/(match) pass in on em0: 172.16.0.6.1948 >
212.58.250.36.443: udp 16
Jan 20 23:11:20.879301 rule 1/(match) pass out on em0: 172.16.0.6.1948 >
212.58.250.36.443: udp 16

Going back to what Martin said, I can ping to either  client, on either
subnet, from router. I can even ping through router from 172 subnet to 192
subnet, just not the other way. And it doesn't look like there are any rules
in the Iptables ruleset.

Does it look like what you suggested it might be Christiano?

Thanks.


Christiano Farina Haesbaert wrote:
> 
> First try to make a ping from client--->server, then call tcpdump icmp on
> the server and check the source address reaching it, make sure that the
> source ip is the client's IP.
> 
>  I bet some node of your network is doing NAT, and the server is
> responding
> the ICMP packets to the equipment doing the nat, not the machine issuing
> the
> ping.
> 
> Best regards
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Router-ping-one-way-only-tp21569634p21573037.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.



Re: Sending email in Apache chroot?

2009-01-20 Thread Chris Bennett

I use mini-sendmail-chroot.
Works fine.

I use the following script to get all needed stuff inside chroot:


#!/bin/sh
mkdir -p /var/www/usr/lib

cp /usr/lib/libm.so.* /var/www/usr/lib
cp /usr/lib/libssl.so.* /var/www/usr/lib
cp /usr/lib/libcrypto.so.* /var/www/usr/lib
cp /usr/lib/libc.so.* /var/www/usr/lib
cp /usr/lib/libz.so.* /var/www/usr/lib  #not sure if needed --Chris

mkdir -p /var/www/usr/libexec
cp /usr/libexec/ld.so /var/www/usr/libexec

mkdir -p /var/www/usr/sbin
cp /usr/sbin/suexec /var/www/usr/sbin
chmod 4755 /usr/sbin/suexec
chmod 4755 /var/www/usr/sbin/suexec

mkdir -p /var/www/etc/
cp /etc/group /var/www/etc/
cp /etc/localtime /var/www/etc/
cp /etc/login.conf /var/www/etc/
cp /etc/passwd /var/www/etc/
cp /etc/pwd.db /var/www/etc/
cp /etc/protocols /var/www/etc/
cp /var/run/ld.so.hints /var/www/var/run/ld.so.hints  #not sure if 
needed --Chris


mkdir -p /var/www/usr/share
cp -R /usr/share/nls /var/www/usr/share

mkdir -p /var/www/usr/bin
#cp /usr/bin/perl /var/www/usr/bin/
#cp /usr/bin/perl5.* /var/www/usr/bin/
cp /usr/bin/whereis /var/www/usr/bin/
cp /usr/bin/perldoc /var/www/usr/bin/
cp /usr/bin/man /var/www/usr/bin/
cp /usr/bin/gzip /var/www/usr/bin/
cp /usr/bin/gunzip /var/www/usr/bin/

mkdir -p /var/www/bin
cp /var/www/bin/mini_sendmail /var/www/usr/sbin/sendmail  #install 
mini_sendmail_chroot pkg first --Chris


mkdir -p /var/www/usr/etc
cp /usr/etc/services /var/www/usr/etc/


cp /usr/lib/libperl.so.* /var/www/usr/lib/
cp /usr/lib/libutil.so.* /var/www/usr/lib/

cp /etc/resolv.conf /var/www/etc/
cp /etc/services /var/www/etc/
# mkdir -p /var/www/usr/libdata /var/www/usr/local
cp -R /usr/lib/apache /var/www/usr/lib/
#cp -R /usr/libdata/perl5 /var/www/usr/libdata/
# mkdir -p /var/www/usr/local/libdata
#cp -R /usr/local/libdata/perl5 /var/www/usr/local/libdata/
mkdir -p /var/www/usr/share
cp -R /usr/share/zoneinfo /var/www/usr/share/

mkdir -p /var/www/usr/local/lib
cp -R /usr/local/lib/ /var/www/usr/local/   #mysql access from chroot 
for mwforum. May have too much added --Chris


Any comments on anything I should add extra or remove are welcome.


Sunnz wrote:

I have set up mail and femail and they both works, just not in a chroot.

Basically I can do `mail m...@myaddress.com` or `/var/www/bin/femail
m...@myaddress.com` and both of then successfully sent an email to
myself.

But it doesn't work with Apache in the chroot. I was using a PHP script.

femail-chroot is installed by pkg_add -iv femail-chroot.

I also tried the following:

`chroot -g www -u www / /var/www/bin/femail -t -i m...@myaddress.com` works, but

`chroot -g www -u www /var/www/ /bin/femail -t -i m...@myaddress.com`
doesn't work, it says:

femail: non-recoverable failure in name resolution

I run out of ideas now, what needs to be done?




Re: OpenBSD 4.4 load balance outgoing

2009-01-20 Thread Stuart Henderson
On 2009-01-20, u...@o3si.de  wrote:
> as the FAQ http://www.openbsd.org/faq/faq6.html#Multipath states:
>
> "It's worth noting that if an interface used by a multipath route goes
> down (i.e., loses carrier), the kernel will still try to forward
> packets using the route that points to that interface.

the FAQ refers to 4.4 (i.e. the last released version), but I'm
pretty sure this particular thing (link down resulting in blackhole)
is not a problem in -current.

you may still have a need for some other way to kill the route if
the link stays up but the nexthop is down, though.

> So use ifstated to check the link of the interface and populate the
> routing table accordingly.

as an alternative to ifstated, you could take default routes from
OSPF if your environment allows. (ospfd is ECMP capable).



Re: sandisk cruzer usb pen-drives with hotplugd

2009-01-20 Thread Fred Crowson
On Tue, Jan 20, 2009 at 8:46 PM, frantisek holop  wrote:
> hmm, on Tue, Jan 20, 2009 at 03:20:53PM -0500, Brynet said that
>> http://www.u3.com/uninstall/
>
> thanks for the tip, the cd* device is gone :]
> i wish i knew that before.
>
> anyone knows how this utility works?
> i really thoght this was hw based!
>
> and can anyone still with the U3 stuff reproduce
> the machine crashes i have been seeing with hotplugd
> but not able to reproduce every time?
>
> -f

Hi,

I have a similar usb flash drive but in a Welly Die Cast VW Van,
which causes hotplugd to hard lock my X41.

Jan 20 21:15:59 x41 /bsd: cd1 at scsibus2 targ 1 lun 0:  SCSI2 5/cdrom removable
Jan 20 21:15:59 x41 /bsd: sd1 at scsibus2 targ 1 lun 1:  SCSI2 0/direct removable
Jan 20 21:15:59 x41 /bsd: sd1: 998MB, 127 cyl, 255 head, 63 sec, 512
bytes/sec, 2045288 sec total

When I try to look at the geometry of the cd part of the flash drive I get:
x41:fred ~> sudo fdisk cd1
Password:
fdisk: DIOCGDINFO: Input/output error
fdisk: Can't get disk geometry, please use [-chs] to specify.

I'm about to see in the U3 software will work on it.

Fred



Re: OpenBSD 4.4 pf+vlan+bridge problem

2009-01-20 Thread Stuart Henderson
On 2009-01-20, Key Aavoja  wrote:
>> Wouldn't it be better to not use the bridge and use (multicast-)routing
>> and pf to solve your problem?
>
> Multicast routing with "dvrmpd" is tested with pf, does not work. the
> same thing happens, if streamX is allowed to pass out on vlanX and
> streamY is allowed to pass out on vlanY, result is pretty similar:
> vlanX outputs both streams (streamX, streamY) and the same thing with
> vlanY.

if you get rid of the bridge and change it for a routed setup with
igmpproxy (it's in packages), does that do what you're looking for?

> pf is not 100% percent multicast compat.?

see the last couple of paragraphs of my earlier post about that -
fine when it's routed, some limitations as a bridge.



Re: Issue with the keep state statment

2009-01-20 Thread Stuart Henderson
On 2009-01-20, TeXitoi  wrote:
> "Rioux, Christophe"  writes:
>
>> => the 2 other rules will be no more used because of the keep state
>> 
>> What is the alternativ to remake some like before the migration ?

looks like you could probably use some reply-to on incoming
connections, instead of route-to on outgoing ones.

> no state, see pf.conf(5)

that will most likely break sites which use TCP window scaling.



Re: sandisk cruzer usb pen-drives with hotplugd

2009-01-20 Thread Brynet
> thanks for the tip, the cd* device is gone :]
> i wish i knew that before.

No problem, I'm glad it worked for you. :-)

> anyone knows how this utility works?

I'm not entirely sure, but I'd like to know.. perhaps someone with the
relevant skills can reverse engineer the utility and create something
for OpenBSD.

> i really thoght this was hw based!

That was my initial thought.. but clearly the firmware is programmable.

> and can anyone still with the U3 stuff reproduce
> the machine crashes i have been seeing with hotplugd
> but not able to reproduce every time?

Unfortunately I can't help you with that, but I know someone who owns
a similiar device.. AFAIK he hasn't removed U3 from it yet.

-Brynet



Re: Gilles : Call for Donations...

2009-01-20 Thread Gilles Chehade
On Tue, Jan 20, 2009 at 08:59:27PM +0530, Mayuresh Kathe wrote:
> In case the community hasn't already noticed or been made aware of.
> Gilles requires funds (900 Euro) to buy himself a decent desktop computer.
> Gilles initiated and works on the new SMTPd code.
> 
> To cross check, his site is at http://www.poolp.org/~gilles/
> 
> Please donate via paypal: gil...@poolp.org
> 

Wow, someone actually noticed ;-)

Gilles

-- 
Gilles Chehade
http://www.poolp.org/~gilles/
Please, contribute to my happiness ;)
 http://www.openbsd.org/want.html



Need help with OpenBGP 4.4

2009-01-20 Thread Marc Runkel
Hello,

We've recently begun testing using OpenBSD 4.4 with OpenBGP in our datacenter.
Our initial tests have uncovered an odd issue we hope you all can help us
with.  I've included our configs and relevant information below.

The summary of our issue is this:

1.) Upon starting bgpd the session between the two routers goes to established
and updates are passed.
2.) Keepalives aren't passed beyond the first exchange.
3.) After some time, the session goes to IDLE on both routers.
4.) The session tears down if we either issue a bgpctl command (like show
summary or show neighbors) or wait 240 seconds after the initial connect.
5.) The routers then reestablish connections but they drop again.
6.) The exact same setup works fine with OpenBGP 4.3.

Here's what we've found.  If we modify session.c at line 405 (timeout = 240;
/* loop every 240s at least */) to some number lower than our holdtime, it
works.   Adding debugging code to the code after that line shows us that the
code doesn't get processed again after the intial setup unless the timeout
value is reached or some bgpctl statement is excecuted.

We've replicated this error in two different test environments.  The error
causes sessions to be torn down anytime a 4.4 bgpd is used. (ie 4.4 -> 4.4 and
4.4 -> 4.3).

Please let me know if you need any additional information from me.

Thanks so much,

Marc Runkel
Technical Operations Manger
Untangle, Inc.


The two machines in question are dcrouter1 and bgptest2:

dcrouter1:/etc/bgpd.conf

#macros
# XO Peer
XOpeer="65.46.252.33"

# global configuration
AS 21634
router-id 65.46.252.34
log updates
network 64.2.3.0/24
holdtime min 3
holdtime 90

# neighbors and peers
neighbor $XOpeer {
remote-as   2828
descr   XO Upstream
local-address   65.46.252.34
multihop2
}


# filter out prefixes longer than 24 or shorter than 8 bits
deny from any
allow from any inet prefixlen 8 - 24

# do not accept a default route
deny from any prefix 0.0.0.0/0


# We're in test mode, so we gotta let the test networks in (192.168.0.0/16).

# filter bogus networks
deny from any prefix 10.0.0.0/8 prefixlen >= 8
deny from any prefix 172.16.0.0/12 prefixlen >= 12
#deny from any prefix 192.168.0.0/16 prefixlen >= 16
deny from any prefix 169.254.0.0/16 prefixlen >= 16
deny from any prefix 192.0.2.0/24 prefixlen >= 24
deny from any prefix 224.0.0.0/4 prefixlen >= 4
deny from any prefix 240.0.0.0/4 prefixlen >= 4

-- END --
dcrouter1:/etc/hostname.em0

inet 65.46.252.34 255.255.255.252 65.46.252.35 description "XO WAN"

-- END --
dcrouter1:/var/log/daemon.log (bgpd only)

Jan 20 11:19:51 dcrouter1 bgpd[24217]: startup
Jan 20 11:19:51 dcrouter1 bgpd[14770]: route decision engine ready
Jan 20 11:19:52 dcrouter1 bgpd[5962]: listening on 0.0.0.0
Jan 20 11:19:52 dcrouter1 bgpd[5962]: listening on ::
Jan 20 11:19:52 dcrouter1 bgpd[5962]: session engine ready
Jan 20 11:19:52 dcrouter1 bgpd[5962]: neighbor 65.46.252.33 (XO Upstream):
state change None -> Idle, reason: None
Jan 20 11:19:52 dcrouter1 bgpd[5962]: neighbor 65.46.252.33 (XO Upstream):
state change Idle -> Connect, reason: Start
Jan 20 11:19:52 dcrouter1 bgpd[5962]: neighbor 65.46.252.33 (XO Upstream):
socket error: Connection refused
Jan 20 11:19:52 dcrouter1 bgpd[5962]: neighbor 65.46.252.33 (XO Upstream):
state change Connect -> Active, reason: Connection open failed
Jan 20 11:19:56 dcrouter1 bgpd[5962]: neighbor 65.46.252.33 (XO Upstream):
state change Active -> OpenSent, reason: Connection opened
Jan 20 11:19:56 dcrouter1 bgpd[5962]: neighbor 65.46.252.33 (XO Upstream):
state change OpenSent -> OpenConfirm, reason: OPEN message received
Jan 20 11:19:56 dcrouter1 bgpd[5962]: neighbor 65.46.252.33 (XO Upstream):
state change OpenConfirm -> Established, reason: KEEPALIVE message received
Jan 20 11:19:56 dcrouter1 bgpd[14770]: neighbor 65.46.252.33 (XO Upstream)
AS2828: update 192.168.42.0/24 via 65.46.252.33
Jan 20 11:19:56 dcrouter1 bgpd[24217]: nexthop 65.46.252.33 now valid:
directly connected
Jan 20 11:20:44 dcrouter1 bgpd[5962]: neighbor 65.46.252.33 (XO Upstream):
received notification: HoldTimer expired, unknown subcode 0
Jan 20 11:20:44 dcrouter1 bgpd[5962]: neighbor 65.46.252.33 (XO Upstream):
state change Established -> Idle, reason: NOTIFICATION received

-- END --
dcrouter1:tcpdump -vvns1500 -i em0 port 179

tcpdump: listening on em0, link-type EN10MB
11:19:52.537633 65.46.252.34.48310 > 65.46.252.33.179: S [tcp sum ok]
164215:164215(0) win 16384  (DF) [tos 0xc0] (ttl 2, id 23223, len 64)
11:19:52.537747 65.46.252.33.179 > 65.46.252.34.48310: R [tcp sum ok] 0:0(0)
ack 164216 win 0 (DF) (ttl 64, id 40395, len 40)11:19:56.759172
65.46.252.33.1985 > 65.46.252.34.179: S [tcp sum ok] 2516427034:2516427034(0)
win 16384  (DF) [tos 0xc0] (ttl 2, id 61323, len 64)
11:19:56.759201 65.46.252.34.179 > 65.46.252.33.1985: S [tcp sum ok]
2812695705:2812695705(0) a

Re: Router ping one way only

2009-01-20 Thread Christiano Farina Haesbaert
First try to make a ping from client--->server, then call tcpdump icmp on
the server and check the source address reaching it, make sure that the
source ip is the client's IP.

 I bet some node of your network is doing NAT, and the server is responding
the ICMP packets to the equipment doing the nat, not the machine issuing the
ping.

Best regards



Problem with pptp

2009-01-20 Thread Gull Labs
Hi! I've Openbsd 4.4 with default kernel and connection to Internet by pptp.
Problem is sometimes it connects but sometimes doesn't. But in most cases
when it connects it pings any host with message:

ping: sendto: No buffer space available
ping: wrote ya.ru 64 chars, ret=-1

Here some files:

1. hostname.fxp0

dhcp NONE NONE NONE
!route add -host vpn.provider.net 10.129.0.17
!route add 85.21/16 10.129.0.17
!route add 195.14.32/19 10.129.0.17
!route add 10/8 10.129.0.17

2. hostname.tun0

!/usr/sbin/ppp -ddial corbina >/dev/null 2>&1

3. ppp.conf

default:
set log Phase Chat LCP IPCP CCP tun command
disable ipv6cp
corbina:
set device "!/usr/sbin/pptp vpn.provider.net --nolaunchpppd"
set timeout 0
set authname 
set authkey 
set login
set ifaddr 85.81.225.18 10.129.0.17/0
add! default HISADDR

4. /var/log/daemon

Jan 20 23:29:48 gullabs ppp[17136]: tun0: Chat: deflink: Redial timer
expired.
Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: Connected!
Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: opening -> dial
Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: dial -> carrier
Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: carrier -> login
Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: login -> lcp
Jan 20 23:29:48 gullabs ppp[17136]: tun0: LCP: FSM: Using "deflink" as a
transport
Jan 20 23:29:48 gullabs ppp[17136]: tun0: LCP: deflink: State change Initial
--> Closed
Jan 20 23:29:48 gullabs ppp[17136]: tun0: LCP: deflink: State change Closed
--> Stopped
Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: deflink: LayerStart
Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22)
state = Stopped
Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP:  ACFCOMP[2]
Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP:  PROTOCOMP[2]
Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP:  ACCMAP[6] 0x
Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP:  MRU[4] 1500
Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP:  MAGICNUM[6] 0x02bcea78
Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: deflink: State change Stopped
--> Req-Sent
Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22)
state = Req-Sent
Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP:  ACFCOMP[2]
Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP:  PROTOCOMP[2]
Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP:  ACCMAP[6] 0x
Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP:  MRU[4] 1500
Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP:  MAGICNUM[6] 0x02bcea78
Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22)
state = Req-Sent
Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP:  ACFCOMP[2]
Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP:  PROTOCOMP[2]
Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP:  ACCMAP[6] 0x
Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP:  MRU[4] 1500
Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP:  MAGICNUM[6] 0x02bcea78
Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22)
state = Req-Sent
Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP:  ACFCOMP[2]
Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP:  PROTOCOMP[2]
Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP:  ACCMAP[6] 0x
Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP:  MRU[4] 1500
Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP:  MAGICNUM[6] 0x02bcea78
Jan 20 23:30:01 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22)
state = Req-Sent
Jan 20 23:30:01 gullabs ppp[17136]: tun0: LCP:  ACFCOMP[2]
Jan 20 23:30:01 gullabs ppp[17136]: tun0: LCP:  PROTOCOMP[2]
Jan 20 23:30:01 gullabs ppp[17136]: tun0: LCP:  ACCMAP[6] 0x
Jan 20 23:30:01 gullabs ppp[17136]: tun0: LCP:  MRU[4] 1500
Jan 20 23:30:01 gullabs ppp[17136]: tun0: LCP:  MAGICNUM[6] 0x02bcea78
Jan 20 23:30:04 gullabs ppp[17136]: tun0: LCP: deflink: LayerFinish
Jan 20 23:30:04 gullabs ppp[17136]: tun0: LCP: deflink: State change
Req-Sent --> Stopped
Jan 20 23:30:04 gullabs ppp[17136]: tun0: LCP: deflink: State change Stopped
--> Closed
Jan 20 23:30:04 gullabs ppp[17136]: tun0: LCP: deflink: State change Closed
--> Initial
Jan 20 23:30:04 gullabs ppp[17136]: tun0: Phase: deflink: Disconnected!
Jan 20 23:30:04 gullabs ppp[17136]: tun0: Phase: deflink: lcp -> logout
Jan 20 23:30:04 gullabs ppp[17136]: tun0: Phase: deflink: logout -> hangup
Jan 20 23:30:04 gullabs ppp[17136]: tun0: Phase: deflink: Disconnected!
Jan 20 23:30:04 gullabs ppp[17136]: tun0: Phase: deflink: Connect time: 16
secs: 0 octets in, 270 octets out
Jan 20 23:30:04 gullabs ppp[17136]: tun0: Phase: deflink: 102 packets in,
3629 packets out
Jan 20 23:30:04 gullabs ppp[17136]: tun0: Phase:  total 16 bytes/sec, peak
21 bytes/sec on Tue Jan 20 23:29:52 2009
Jan 20 23:30:04 gullabs ppp[17136]: tun0: Phase: deflink: HUPing 25768
Jan 20 23:30:04 gullabs ppp[17136]: tun0: Phase: deflink: hangup -> opening
Jan 20 23:30:04 gullabs ppp[17136]: tun0: Phase: deflink: Enter pause (3)
for redialing.

Thanks



Re: Issue with the keep state statment

2009-01-20 Thread TeXitoi
"Rioux, Christophe"  writes:

> => the 2 other rules will be no more used because of the keep state
> 
> What is the alternativ to remake some like before the migration ?

no state, see pf.conf(5)

-- 
Guillaume Pinot  http://www.irccyn.ec-nantes.fr/~pinot/

``Computers are good at following instructions, but not at reading your
mind.'' -- Donald E. Knuth, the TeXbook

()  ASCII ribbon campaign  -- Against HTML e-mail 
/\  http://www.asciiribbon.org -- Against proprietary attachments



Re: sandisk cruzer usb pen-drives with hotplugd

2009-01-20 Thread frantisek holop
hmm, on Tue, Jan 20, 2009 at 03:20:53PM -0500, Brynet said that
> http://www.u3.com/uninstall/

thanks for the tip, the cd* device is gone :]
i wish i knew that before.  

anyone knows how this utility works?
i really thoght this was hw based!

and can anyone still with the U3 stuff reproduce
the machine crashes i have been seeing with hotplugd
but not able to reproduce every time?

-f
-- 
when in doubt stop thinking and all doubt will go away.



Re: sandisk cruzer usb pen-drives with hotplugd

2009-01-20 Thread Brynet
It's hard to find a USB drive that doesn't have that U3 nonsense,
you'll need to find a friend that has a Windows or Mac system to get
rid of it.

http://www.u3.com/uninstall/

-Brynet



Re: sandisk cruzer usb pen-drives with hotplugd

2009-01-20 Thread frantisek holop
here's the dmesg for this cruzer:

umass2 at uhub0 port 4 configuration 1 interface 0 "SanDisk Corporation U3 
Cruzer Micro" rev 2.00/0.10 addr 4
umass2: using SCSI over Bulk-Only
scsibus2 at umass2: 2 targets, initiator 0
sd2 at scsibus2 targ 1 lun 0:  SCSI2 0/direct 
removable
sd2: 3912MB, 512 bytes/sec, 8013453 sec total
cd0 at scsibus2 targ 1 lun 1:  SCSI2 5/cdrom 
removable


this of course is not only openbsd specific, it shows up as
two options also in the boot selector on both my notebooks
that can boot off of usb devices.  on my eeepc cd* is 2nd
after sd* in the boot menu, on my msi notebook the other
way around...

$ sudo fdisk cd0
Disk: cd0   geometry: 36/1/100 [3584 2048-byte Sectors]
Offset: 0   Signature: 0x0
Starting Ending LBA Info:
 #: id  C   H   S -  C   H   S [   start:size ]
---
 0: 00  0   0   0 -  0   0   0 [   0:   0 ] unused
 1: 00  0   0   0 -  0   0   0 [   0:   0 ] unused
 2: 00  0   0   0 -  0   0   0 [   0:   0 ] unused
 3: 00  0   0   0 -  0   0   0 [   0:   0 ] unused

$ sudo disklabel cd0
# /dev/rcd0c:
type: SCSI
disk: U3 System
label:
flags:
bytes/sector: 2048
sectors/track: 100
tracks/cylinder: 1
sectors/cylinder: 100
cylinders: 36
total sectors: 3584
rpm: 300
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0   # microseconds
track-to-track seek: 0  # microseconds
drivedata: 0

3 partitions:
#size   offset  fstype [fsize bsize  cpg]
  a: 35840 ISO9660
  c: 35840 ISO9660


looks like a definite abomination...
why does disklabel say 3 partitions?

-f
-- 
every silver lining has a cloud.



Re: Router ping one way only

2009-01-20 Thread Martin Toft
What happens when you ping from the OpenBSD router? Does any of the
other equipment reply?

The Ubuntu machine's firewall settings can be seen by running 'sudo
iptables -L -v -n'. Are you sure it doesn't block incoming ICMP
requests?

Martin



Re: OpenBSD 4.4 pf+vlan+bridge problem

2009-01-20 Thread Key Aavoja

Quoting Stuart Henderson :


On 2009-01-20, Guido Tschakert  wrote:

first thing: I do not have any experience with multicast traffic.
But what you have build seems very strange to me. First you use vlan to
separate the networks an then you put them alltogether with a bridge.
I do not see the use of the vlans.


It can indeed be useful to do this, even without multicast traffic
in the equation. You might want to filter traffic between machines in
the same subnet, and this is a way you can do it.


Key Aavoja schrieb:

PF config:

block out on bnx1 all
block out on vlan1100 all
block out on vlan1101 all
block out on vlan1102 all
block out on vlan1103 all
block out on vlan1104 all
block out on vlan1105 all
block out on vlan1106 all
block out on vlan1107 all
block out on vlan1108 all
pass out quick on vlan1101 proto udp from any to 239.16.1.1
pass out quick on vlan1102 proto udp from any to 239.16.1.2
pass out quick on vlan1103 proto udp from any to 239.16.1.3

Wishful thinking, what the result should be:

All multicast streams are available on vlan1100 and recieved via
"bnx0/vlan1100". Bridge should stream the multicast packets to what
ever vlan - its the place where pf should help. Stream: 239.16.1.1
should be available only on vlan1101, and 239.16.1.2 avialable on
vlan1102 and so on.
.

Real Result:
Stream 239.16.1.1 is available on all three vlans: 11101,1102,1103 -
same thing happens with other two streams (239.16.1.2, 239.16.1.3)

It's really weird what's going on or did I understood something wrong
and configuration is not correct?


you should check the simple things first.

- is PF enabled? pfctl -si

PF is enabled, btw removing the last three rules the whole mcast
traffic is diabled - for testing I have 10 streams as input but trying
to allow only three.


- is the ruleset loaded correctly? pfctl -sr

yes this command shows that all rules are loaded


- does it correctly block ordinary non-multicast traffic between
the vlans? if you did indeed include your whole PF config in your
email, only that particular multicast traffic should pass between
the vlans, everything else should be blocked.


I pasted here 100% of pf config, this non-multicast traffic needs to
be tested, tomorrow I will do that.


you might have already done this, but if you did, you should have
mentioned in your email what you checked.

with a routed (not bridged) environment, PF is able to control
multicast traffic in either direction (I just tried).

from my reading of if_bridge.c, on a bridge, pf filtering for
multicast frames only happens _inbound_. multicast frames sent
_out_ through a bridge are not subject to the outbound PF filter
rules.

bridge MAC filter rules _are_ applied outbound for multicast
frames, I haven't tested but I think that will give you a way
you can restrict this traffic.




Router ping one way only

2009-01-20 Thread duxbuz
I have had to repost this due to formatting on last post.

Hi, 

I have an openbsd router running pf. Using a 'pass all' rule set. 


pass in log all keep state 
pass out log all keep state 


I manage to ping one way! But not the other. 


I originally had a wireless laptop running vista on 172.0.0.6, trying 
to ping Server 2003 on 192.168.0.4. 


default Gateways set in both these machines to: 


 Laptop: 172.16.0.254 (router em0) 


 Server 2003: 192.168.0.254 (router rl0) 


I thought it was the Server preventing pings even though windows 
firewall service was off, so tried a Ubuntu machine, same 


problem. 


Output from pinging from laptop to ubuntu: 


# tcpdump -n -e -ttt -i pflog0 
tcpdump: listening on pflog0, link-type PFLOG 
Jan 20 09:00:34.514535 rule 0/(match) pass in on em0: 172.16.0.6 > 
192.168.0.10: icmp: echo request 
Jan 20 09:00:34.514551 rule 1/(match) pass out on rl0: 172.16.0.6 > 
192.168.0.10: icmp: echo request 
^C 
2 packets received by filter 
0 packets dropped by kernel 


This ping does not work from linux ubuntu to laptop: 


# tcpdump -n -e -ttt -i pflog0 
tcpdump: listening on pflog0, link-type PFLOG 
Jan 20 09:00:46.735139 rule 0/(match) pass in on rl0: 192.168.0.10 > 
172.16.0.6: icmp: echo request (DF) 
Jan 20 09:00:46.735156 rule 1/(match) pass out on em0: 192.168.0.10 > 
172.16.0.6: icmp: echo request (DF) 
^C 
2 packets received by filter 
0 packets dropped by kernel 


I wonder if it is a static route issue on the client? 


Or is it a static route issue on the router? 


I added "route add default gw 192.168.0.254" on ubuntu and also "route 
add -net 172.16.0.0 mask 255.255.255.0 gw 192.168.0.254" 


Not sure what I am doing wrong. 


Can anyone help me? 


Thanks 


my net diagram: 


clients(laptop wireless) <->172.16.0.0 /24<--- hub ---> 
openbsd router < hub > 192.168.0.0 /24-- client 
(ubuntu or server 2003) 



-- 
View this message in context: 
http://www.nabble.com/Router-ping-one-way-only-tp21569634p21569634.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.



Re: OpenBSD 4.4 pf+vlan+bridge problem

2009-01-20 Thread Key Aavoja

Quoting Guido Tschakert :


Key Aavoja schrieb:

Hello,


Hello,

first thing: I do not have any experience with multicast traffic.
But what you have build seems very strange to me. First you use vlan to
separate the networks an then you put them alltogether with a bridge.
I do not see the use of the vlans.


Its needed because all those streams are already on one vlan, but its
really needed to "extract" address based. Its the best way to put
different streams on different vlans (using cisco switch is not a very
good idea for this task, because some limitations, but its out of
current topic).



Wouldn't it be better to not use the bridge and use (multicast-)routing
and pf to solve your problem?


Multicast routing with "dvrmpd" is tested with pf, does not work. the
same thing happens, if streamX is allowed to pass out on vlanX and
streamY is allowed to pass out on vlanY, result is pretty similar:
vlanX outputs both streams (streamX, streamY) and the same thing with
vlanY. pf is not 100% percent multicast compat.?


As I said, I have no experience with multicast traffic, but that is how
I would start digging.

guido


I have a problem with pf+bridge+vlan (multicast traffic) and I googled
a lot, read the manuals and so on - no help. Finally I posted on wrong
place :( sorry.

Hopefully this time I'm writing to right place.


Following setup is made for multicast traffic separation from one lan
to multiple vlans.

Setup:

Two physical interfaces

bnx0
bnx1

interfaces bnx0 and bnx1 has vlans:

bnx0
vlan1100
bnx1
vlan1101
vlan1102
vlan1103
vlan1104
vlan1105
vlan1106
vlan1107
vlan1108

Bridge setup: bridge0 has all vlans as bridge members (vlan1100,
vlan1101 ... vlan1108)

PF config:

block out on bnx1 all
block out on vlan1100 all
block out on vlan1101 all
block out on vlan1102 all
block out on vlan1103 all
block out on vlan1104 all
block out on vlan1105 all
block out on vlan1106 all
block out on vlan1107 all
block out on vlan1108 all
pass out quick on vlan1101 proto udp from any to 239.16.1.1
pass out quick on vlan1102 proto udp from any to 239.16.1.2
pass out quick on vlan1103 proto udp from any to 239.16.1.3

Wishful thinking, what the result should be:

All multicast streams are available on vlan1100 and recieved via
"bnx0/vlan1100". Bridge should stream the multicast packets to what
ever vlan - its the place where pf should help. Stream: 239.16.1.1
should be available only on vlan1101, and 239.16.1.2 avialable on
vlan1102 and so on.
.

Real Result:
Stream 239.16.1.1 is available on all three vlans: 11101,1102,1103 -
same thing happens with other two streams (239.16.1.2, 239.16.1.3)

It's really weird what's going on or did I understood something wrong
and configuration is not correct?

Thank you.




-




Re: sandisk cruzer usb pen-drives with hotplugd

2009-01-20 Thread Robert
On Tue, 20 Jan 2009 18:37:11 +0100
frantisek holop  wrote:

> hi there,
> 
> the sandisk cruzer line of pen-drives (i have a 4G)
> are U3 smart pen-drives that have a hidden partition
> or whatever it is: www.u3.com .
> 
> in openbsd it comes up as cd* besides the sd* part.
> i had no luck mounting it or using it in any way.
> IIRC in windows it comes up as a separate drive letter.
> 
> in some cases after inserting this pen-drive it
> makes hotplugd run in circles and if left there
> it brings down the whole machine.
> 
> has anybody experinced something similar?
> i imagine it's quite a common pen-drive.
> 
> -f

U3... Yes, too many sticks have that "feature".
First step after unpacking it is to erase the U3 stuff.
They have a prog for that on their site. *
After that its just a plain drive and you even get some megs of extra
space.

As i dont use those drives with U3 still on it, i have no idea why
OpenBSD might get hickups.

- Robert

(* Windows software, usually not too hard to find one can use for that
once of wipe. Also a chance to lecture ppl on turing off autorun.)



Re: Sending email in Apache chroot?

2009-01-20 Thread Henning Brauer
* Sunnz  [2009-01-20 17:48]:
> Ok so I have copied /etc/resolv.conf to /var/www/etc/...
> 
> Now it says:
> 
> femail: rcpt to chr...@civicquire.net refused by server

"refused by server" not enough of a hint?

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam



Re: Annoying sounds with auvia and mpd

2009-01-20 Thread Martin Toft
On Tue, Jan 20, 2009 at 11:08:30AM +, Jacob Meuser wrote:
> sorry for the delay.  can you see if this fixes the problem?
> 
> something of a guess, but the addition of S/PDIF support is the only
> change that fits the timeline of when it was working and when
> the problem started.  (and if you look at ac97.c just a few lines down
> from this patch, you'll see the XXX-is-this-right? comment I added
> when bringing in S/PDIF support from NetBSD ...)

Yep, I see the comment, and I agree that it sure sounds like something
that could cause the problem that I experience.

My off-list reply to Jacob:

Hi and thanks for remembering me :-)

Unfortunately, it does not fix the problem. I'm still able to reproduce
the faulty situation (high pitched noise together with the music,
continueing after the music has been stopped) using mpd and mplayer.

Martin



sandisk cruzer usb pen-drives with hotplugd

2009-01-20 Thread frantisek holop
hi there,

the sandisk cruzer line of pen-drives (i have a 4G)
are U3 smart pen-drives that have a hidden partition
or whatever it is: www.u3.com .

in openbsd it comes up as cd* besides the sd* part.
i had no luck mounting it or using it in any way.
IIRC in windows it comes up as a separate drive letter.

in some cases after inserting this pen-drive it
makes hotplugd run in circles and if left there
it brings down the whole machine.

has anybody experinced something similar?
i imagine it's quite a common pen-drive.

-f
-- 
dum spiro spero --  as long as i breathe i hope



Re: OpenBSD 4.4 load balance outgoing

2009-01-20 Thread uw
> Hi,
> 
> I need a help to configure an openBSD server to load balance and
> failover internet connection.
> I have 2 connections to the internet.
> I followed http://www.openbsd.org/faq/pf/pools.html#outgoing but i
> didn4t get it working.
> I added both routes with:
> route add -mpath default 200.162.41.33
> route add -mpath default 189.57.43.1
> 
> 
> 
> 
> My confs are:
> 
> # cat sysctl.conf |grep inet
> net.inet.ip.forwarding=1# 1=Permit forwarding (routing) of
> IPv4 packets
> net.inet.ip.mforwarding=1   # 1=Permit forwarding (routing) of
> IPv4 multicast packets
> net.inet.ip.multipath=1 # 1=Enable IP multipath routing
> #net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of
> IPv6 packets
> #net.inet6.ip6.mforwarding=1# 1=Permit forwarding (routing) of
> IPv6 multicast packets
> #net.inet6.ip6.multipath=1  # 1=Enable IPv6 multipath routing
> #net.inet6.ip6.accept_rtadv=1   # 1=Permit IPv6 autoconf (forwarding
> must be 0)
> #net.inet.tcp.rfc1323=0 # 0=Disable TCP RFC1323 extensions
> (for if tcp is slow)
> #net.inet.tcp.rfc3390=0 # 0=Disable RFC3390 for TCP window
> increasing #net.inet.esp.enable=0  # 0=Disable the ESP IPsec
> protocol #net.inet.ah.enable=0   # 0=Disable the AH IPsec
> protocol #net.inet.esp.udpencap=0# 0=Disable ESP-in-UDP
> encapsulation #net.inet.ipcomp.enable=1   # 1=Enable the IPCOMP
> protocol #net.inet.etherip.allow=1   # 1=Enable the
> Ethernet-over-IP protocol #net.inet.tcp.ecn=1 # 1=Enable
> the TCP ECN extension net.inet.carp.preempt=1 # 1=Enable carp(4)
> preemption net.inet.carp.log=1 # 1=Enable logging of
> carp(4) packets #net.inet.ip.mtudisc=0  # 0=Disable tcp mtu
> discovery #
> 
> # cat /etc/mygate
> #
> 
> # cat /etc/pf.conf
> lan_net = "10.10.20.0/24"
> int_if  = "vic0"
> ext_if1 = "vic2"
> ext_if2 = "vic3"
> ext_gw1 = "189.57.43.1"
> ext_gw2 = "200.162.41.33"
> 
> #  nat outgoing connections on each internet interface
> nat on $ext_if1 from $lan_net to any -> ($ext_if1)
> nat on $ext_if2 from $lan_net to any -> ($ext_if2)
> 
> #  default deny
> #block in  from any to any
> #block out from any to any
> 
> #  pass all outgoing packets on internal interface
> pass out on $int_if from any to $lan_net
> #  pass in quick any packets destined for the gateway itself
> pass in quick on $int_if from $lan_net to $int_if
> #  load balance outgoing tcp traffic from internal network.
> pass in on $int_if route-to \
> { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
> proto tcp from $lan_net to any flags S/SA modulate state
> #  load balance outgoing udp and icmp traffic from internal network
> pass in on $int_if route-to \
> { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
> proto { udp, icmp } from $lan_net to any keep state
> 
> #  general "pass out" rules for external interfaces
> pass out on $ext_if1 proto tcp from any to any flags S/SA modulate
> state pass out on $ext_if1 proto { udp, icmp } from any to any keep
> state pass out on $ext_if2 proto tcp from any to any flags S/SA
> modulate state pass out on $ext_if2 proto { udp, icmp } from any to
> any keep state
> 
> #  route packets from any IPs on $ext_if1 to $ext_gw1 and the same for
> #  $ext_if2 and $ext_gw2
> pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
> pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
> #
> 
> I am able to surf at internet from my 10.10.20.0/24 machines, but
> when i turn off vic3 my users lost connection.
> It seems it4s using as default route the route  i added first.
> 
> Help me plz.

Hi,

as the FAQ http://www.openbsd.org/faq/faq6.html#Multipath states:

"It's worth noting that if an interface used by a multipath route goes
down (i.e., loses carrier), the kernel will still try to forward
packets using the route that points to that interface. This traffic
will of course be blackholed and end up going nowhere. It's highly
recommended to use ifstated(8) to check for unavailable interfaces and
adjust the routing table accordingly."

So use ifstated to check the link of the interface and populate the
routing table accordingly.

Regards Uwe



Re: Sending email in Apache chroot?

2009-01-20 Thread Matthew Weigel

Sunnz wrote:


I also tried the following:

`chroot -g www -u www / /var/www/bin/femail -t -i m...@myaddress.com` works, but


Setting the chroot to '/'?  I don't think that does anything.


`chroot -g www -u www /var/www/ /bin/femail -t -i m...@myaddress.com`
doesn't work, it says:

femail: non-recoverable failure in name resolution

I run out of ideas now, what needs to be done?


What files might be used in name resolution on the system, that aren't 
in /var/www?  Maybe... /etc/resolv.conf?

--
 Matthew Weigel
 hacker
 unique & idempot . ent



Re: OpenBSD 4.4 load balance outgoing

2009-01-20 Thread Claudio Jeker
On Tue, Jan 20, 2009 at 03:04:36PM -0200, Ricardo Augusto de Souza wrote:
> Hi,
> 
> I need a help to configure an openBSD server to load balance and failover
> internet connection.
> I have 2 connections to the internet.
> I followed http://www.openbsd.org/faq/pf/pools.html#outgoing but i didn4t get
> it working.
> I added both routes with:
> route add -mpath default 200.162.41.33
> route add -mpath default 189.57.43.1
> 
> 

There was a nasty bug in the multipath code that got fixed a few weeks
ago. If possible try -current.

-- 
:wq Claudio



Re: Sending email in Apache chroot?

2009-01-20 Thread L. V. Lammert
On Wed, 21 Jan 2009, Sunnz wrote:

> I have set up mail and femail and they both works, just not in a chroot.
>
Remember that the chroot must provide *ALL* services required by the app,
including things like DNS.

Is your resolv.conf present in /etc of your chroot?

Can you chroot from the command line and use network services?

Lee



OpenBSD 4.4 load balance outgoing

2009-01-20 Thread Ricardo Augusto de Souza
Hi,

I need a help to configure an openBSD server to load balance and failover
internet connection.
I have 2 connections to the internet.
I followed http://www.openbsd.org/faq/pf/pools.html#outgoing but i didn4t get
it working.
I added both routes with:
route add -mpath default 200.162.41.33
route add -mpath default 189.57.43.1




My confs are:

# cat sysctl.conf |grep inet
net.inet.ip.forwarding=1# 1=Permit forwarding (routing) of IPv4
packets
net.inet.ip.mforwarding=1   # 1=Permit forwarding (routing) of IPv4
multicast packets
net.inet.ip.multipath=1 # 1=Enable IP multipath routing
#net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of IPv6
packets
#net.inet6.ip6.mforwarding=1# 1=Permit forwarding (routing) of IPv6
multicast packets
#net.inet6.ip6.multipath=1  # 1=Enable IPv6 multipath routing
#net.inet6.ip6.accept_rtadv=1   # 1=Permit IPv6 autoconf (forwarding must be
0)
#net.inet.tcp.rfc1323=0 # 0=Disable TCP RFC1323 extensions (for if tcp
is slow)
#net.inet.tcp.rfc3390=0 # 0=Disable RFC3390 for TCP window increasing
#net.inet.esp.enable=0  # 0=Disable the ESP IPsec protocol
#net.inet.ah.enable=0   # 0=Disable the AH IPsec protocol
#net.inet.esp.udpencap=0# 0=Disable ESP-in-UDP encapsulation
#net.inet.ipcomp.enable=1   # 1=Enable the IPCOMP protocol
#net.inet.etherip.allow=1   # 1=Enable the Ethernet-over-IP protocol
#net.inet.tcp.ecn=1 # 1=Enable the TCP ECN extension
net.inet.carp.preempt=1 # 1=Enable carp(4) preemption
net.inet.carp.log=1 # 1=Enable logging of carp(4) packets
#net.inet.ip.mtudisc=0  # 0=Disable tcp mtu discovery
#

# cat /etc/mygate
#

# cat /etc/pf.conf
lan_net = "10.10.20.0/24"
int_if  = "vic0"
ext_if1 = "vic2"
ext_if2 = "vic3"
ext_gw1 = "189.57.43.1"
ext_gw2 = "200.162.41.33"

#  nat outgoing connections on each internet interface
nat on $ext_if1 from $lan_net to any -> ($ext_if1)
nat on $ext_if2 from $lan_net to any -> ($ext_if2)

#  default deny
#block in  from any to any
#block out from any to any

#  pass all outgoing packets on internal interface
pass out on $int_if from any to $lan_net
#  pass in quick any packets destined for the gateway itself
pass in quick on $int_if from $lan_net to $int_if
#  load balance outgoing tcp traffic from internal network.
pass in on $int_if route-to \
{ ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
proto tcp from $lan_net to any flags S/SA modulate state
#  load balance outgoing udp and icmp traffic from internal network
pass in on $int_if route-to \
{ ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
proto { udp, icmp } from $lan_net to any keep state

#  general "pass out" rules for external interfaces
pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to any keep state
pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if2 proto { udp, icmp } from any to any keep state

#  route packets from any IPs on $ext_if1 to $ext_gw1 and the same for
#  $ext_if2 and $ext_gw2
pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
#

I am able to surf at internet from my 10.10.20.0/24 machines, but when i turn
off vic3 my users lost connection.
It seems it4s using as default route the route  i added first.

Help me plz.



OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Xeon(TM) CPU 3.20GHz ("GenuineIntel" 686-class) 3.24 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,DS-CPL
real mem  = 536375296 (511MB)
avail mem = 510218240 (486MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 04/17/06, BIOS32 rev. 0 @ 0xfd880,
SMBIOS rev. 2.31 @ 0xe0010 (45
entries)
bios0: vendor Phoenix Technologies LTD version "6.00" date 04/17/2006
bios0: VMware, Inc. VMware Virtual Platform
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1000 0xca000/0x1000
0xcb000/0x1000 0xdc000/0x4000!
0xe/0x4000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x01
pci1 at ppb0 bus 1
piixpcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA,

Re: Sending email in Apache chroot?

2009-01-20 Thread Sunnz
2009/1/21 Sunnz :
>
> I am also trying mini-sendmail-chroot.
>
> `chroot -g www -u www /var/www/ /bin/mini_sendmail -t -i m...@myaddress.com`
>
> Does actually work but in PHP still doesn't. And I have updated
> sendmail_path in php.ini.
>

Err this is so weird... now it doesn't work any more even on the
command line, mini_sendmail now says /bin/mini_sendmail: unexpected
response 550 to RCPT TO command when I run that command.

-- 
This e-mail may be confidential. You may not copy, forward or use any
part. Note that all disclaimers on the Internet are of zero legal
effectiveness however.
http://www.goldmark.org/jeff/stupid-disclaimers/



Re: Sending email in Apache chroot?

2009-01-20 Thread Sunnz
2009/1/21 Joe Barnett :
>
> Many moons ago I had the same situation with mini-sendmail-chroot.
> Installing mail (?) and sh in the chroot seemed to clear everything
> up--though I am not sure if that is the optimal solution.

I am also trying mini-sendmail-chroot.

`chroot -g www -u www /var/www/ /bin/mini_sendmail -t -i m...@myaddress.com`

Does actually work but in PHP still doesn't. And I have updated
sendmail_path in php.ini.

-- 
This e-mail may be confidential. You may not copy, forward or use any
part. Note that all disclaimers on the Internet are of zero legal
effectiveness however.
http://www.goldmark.org/jeff/stupid-disclaimers/



Re: Sending email in Apache chroot?

2009-01-20 Thread Sunnz
Ok so I have copied /etc/resolv.conf to /var/www/etc/...

Now it says:

femail: rcpt to chr...@civicquire.net refused by server



Re: Sending email in Apache chroot?

2009-01-20 Thread Joe Barnett
Sunnz wrote:
> I have set up mail and femail and they both works, just not in a chroot.
> 
> Basically I can do `mail m...@myaddress.com` or `/var/www/bin/femail
> m...@myaddress.com` and both of then successfully sent an email to
> myself.
> 
> But it doesn't work with Apache in the chroot. I was using a PHP script.
> 
> femail-chroot is installed by pkg_add -iv femail-chroot.
> 
> I also tried the following:
> 
> `chroot -g www -u www / /var/www/bin/femail -t -i m...@myaddress.com` works, 
> but
> 
> `chroot -g www -u www /var/www/ /bin/femail -t -i m...@myaddress.com`
> doesn't work, it says:
> 
> femail: non-recoverable failure in name resolution
> 
> I run out of ideas now, what needs to be done?
> 

Many moons ago I had the same situation with mini-sendmail-chroot.
Installing mail (?) and sh in the chroot seemed to clear everything
up--though I am not sure if that is the optimal solution.
-- 
Joe Barnett
joe.barn...@mr72.com
http://www.mr72.com/
623.670.1326



Re: Sending email in Apache chroot?

2009-01-20 Thread Robert
On Wed, 21 Jan 2009 03:10:07 +1100
Sunnz  wrote:

> I have set up mail and femail and they both works, just not in a
> chroot.
> 
> Basically I can do `mail m...@myaddress.com` or `/var/www/bin/femail
> m...@myaddress.com` and both of then successfully sent an email to
> myself.
> 
> But it doesn't work with Apache in the chroot. I was using a PHP
> script.
> 
> femail-chroot is installed by pkg_add -iv femail-chroot.
> 
> I also tried the following:
> 
> `chroot -g www -u www / /var/www/bin/femail -t -i m...@myaddress.com`
> works, but
> 
> `chroot -g www -u www /var/www/ /bin/femail -t -i m...@myaddress.com`
> doesn't work, it says:
> 
> femail: non-recoverable failure in name resolution
> 
> I run out of ideas now, what needs to be done?
> 


Missing /var/www/etc/resolv.conf ?

- Robert



Sending email in Apache chroot?

2009-01-20 Thread Sunnz
I have set up mail and femail and they both works, just not in a chroot.

Basically I can do `mail m...@myaddress.com` or `/var/www/bin/femail
m...@myaddress.com` and both of then successfully sent an email to
myself.

But it doesn't work with Apache in the chroot. I was using a PHP script.

femail-chroot is installed by pkg_add -iv femail-chroot.

I also tried the following:

`chroot -g www -u www / /var/www/bin/femail -t -i m...@myaddress.com` works, but

`chroot -g www -u www /var/www/ /bin/femail -t -i m...@myaddress.com`
doesn't work, it says:

femail: non-recoverable failure in name resolution

I run out of ideas now, what needs to be done?

-- 
This e-mail may be confidential. You may not copy, forward or use any
part. Note that all disclaimers on the Internet are of zero legal
effectiveness however.
http://www.goldmark.org/jeff/stupid-disclaimers/



Gilles : Call for Donations...

2009-01-20 Thread Mayuresh Kathe
In case the community hasn't already noticed or been made aware of.
Gilles requires funds (900 Euro) to buy himself a decent desktop computer.
Gilles initiated and works on the new SMTPd code.

To cross check, his site is at http://www.poolp.org/~gilles/

Please donate via paypal: gil...@poolp.org

~Mayuresh
http://mayuresh.kathe.in/



Re: Router pf one way ping

2009-01-20 Thread Jason Dixon
On Tue, Jan 20, 2009 at 01:59:52PM +, someone wrote:
> 
> Rules? You mean this?
>  
> >pass in log all keep state 
> >pass out log all keep state
>  
> Formatting got screwed up when i posted

Seriously, trim your From: address.  And your formatting is still
terrible.  I couldn't read most of your original post or your off-list
reply.

I was going to ask you to post the rest of your information (sysctl
settings, ifconfig, etc) but I don't think I'll be able to read it
anyways.

-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/



Re: Router pf one way ping

2009-01-20 Thread Jason Dixon
On Tue, Jan 20, 2009 at 11:21:37AM +, someone wrote:
> Hi,
> I have an openbsd router running pf. Using a 'pass all' rule set.
> pass in log all keep state pass out log all keep state
> I manage to ping one way! But not the other.
> I originally had a wireless laptop running vista on 172.0.0.6, trying to ping
> Server 2003 on 192.168.0.4.
> default Gateways set in both these machines to:
>  Laptop: 172.16.0.254 (router em0)
>  Server 2003: 192.168.0.254 (router rl0)
> 
> I thought it was the Server preventing pings even though windows firewall
> service was off, so tried a Ubuntu machine, same
> problem.

... snip useless stuff ...

> Can anyone help me?

Possibly, when you post your ruleset.

P.S.  And trim your From: line.

-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/



Issue with the keep state statment

2009-01-20 Thread Rioux, Christophe
Hi

I read in the manual, that since the 4.1 version, the keep state rule is
automatically set to keep state.

Before migrating to 4.4, I had the 3.9 and with following configuration:

Internet1 |
OpenBsd  (Internal)| --- Server
Internet2 |

On the interface of the internet1 I have the ! default route !;

but some traffic coming from every where in the world is coming from Internet2
interface to the server

So I had in my pf.conf following configuration:

pass in on internet2from any
to server port NNN
pass in on internal from any
to server port NNN
pass out on internal route-to (If2 internelGW2) from server port NNNto any
pass out on internet2   from If2port 
NNNto any

With the migration to 4.4 the result is:
pass in on internet2from any
to server port NNN  keep state
pass in on internal from any
to server port NNN  keep state
=> the 2 other rules will be no more used because of the keep state

What is the alternativ to remake some like before the migration ?

Thanks for reply

Christophe



Re: net5501 crypto driver

2009-01-20 Thread Markus Friedl
1.15 should just work fine in stable.

-m

On Tue, Jan 20, 2009 at 12:19:34PM +0100, Christoph Leser wrote:
> As described in
> http://kerneltrap.org/mailarchive/openbsd-misc/2008/9/22/3364064
> there is a problem with the driver for the AMD Geode LX series processor
> security block for openBSD 4.4 ( glxsb.c ).
> 
> This has been fixed in version 1.15 of this file, but this fix has not
> been committed to 4.4. stable ( still on 1.14 ).
> 
> Is it ok to use 1.15 with 4.4 stable or do I have to switch to current
> inorder to use this patch.
> 
> Regards
> 
> Christoph



Re: OpenBSD 4.4 pf+vlan+bridge problem

2009-01-20 Thread Stuart Henderson
On 2009-01-20, Guido Tschakert  wrote:
> first thing: I do not have any experience with multicast traffic.
> But what you have build seems very strange to me. First you use vlan to
> separate the networks an then you put them alltogether with a bridge.
> I do not see the use of the vlans.

It can indeed be useful to do this, even without multicast traffic
in the equation. You might want to filter traffic between machines in
the same subnet, and this is a way you can do it.

> Key Aavoja schrieb:
>> PF config:
>> 
>> block out on bnx1 all
>> block out on vlan1100 all
>> block out on vlan1101 all
>> block out on vlan1102 all
>> block out on vlan1103 all
>> block out on vlan1104 all
>> block out on vlan1105 all
>> block out on vlan1106 all
>> block out on vlan1107 all
>> block out on vlan1108 all
>> pass out quick on vlan1101 proto udp from any to 239.16.1.1
>> pass out quick on vlan1102 proto udp from any to 239.16.1.2
>> pass out quick on vlan1103 proto udp from any to 239.16.1.3
>> 
>> Wishful thinking, what the result should be:
>> 
>> All multicast streams are available on vlan1100 and recieved via
>> "bnx0/vlan1100". Bridge should stream the multicast packets to what
>> ever vlan - its the place where pf should help. Stream: 239.16.1.1
>> should be available only on vlan1101, and 239.16.1.2 avialable on
>> vlan1102 and so on.
>> .
>> 
>> Real Result:
>> Stream 239.16.1.1 is available on all three vlans: 11101,1102,1103 -
>> same thing happens with other two streams (239.16.1.2, 239.16.1.3)
>> 
>> It's really weird what's going on or did I understood something wrong
>> and configuration is not correct?

you should check the simple things first.

- is PF enabled? pfctl -si
- is the ruleset loaded correctly? pfctl -sr
- does it correctly block ordinary non-multicast traffic between
the vlans? if you did indeed include your whole PF config in your
email, only that particular multicast traffic should pass between
the vlans, everything else should be blocked.

you might have already done this, but if you did, you should have
mentioned in your email what you checked.

with a routed (not bridged) environment, PF is able to control
multicast traffic in either direction (I just tried).

from my reading of if_bridge.c, on a bridge, pf filtering for
multicast frames only happens _inbound_. multicast frames sent
_out_ through a bridge are not subject to the outbound PF filter
rules.

bridge MAC filter rules _are_ applied outbound for multicast
frames, I haven't tested but I think that will give you a way
you can restrict this traffic.



Router pf one way ping

2009-01-20 Thread I smell the pain on the breath..... of the lust and the lonely....
Hi,
I have an openbsd router running pf. Using a 'pass all' rule set.
pass in log all keep state pass out log all keep state
I manage to ping one way! But not the other.
I originally had a wireless laptop running vista on 172.0.0.6, trying to ping
Server 2003 on 192.168.0.4.
default Gateways set in both these machines to:
 Laptop: 172.16.0.254 (router em0)
 Server 2003: 192.168.0.254 (router rl0)

I thought it was the Server preventing pings even though windows firewall
service was off, so tried a Ubuntu machine, same
problem.

Output from pinging from laptop to ubuntu:

# tcpdump -n -e -ttt -i pflog0
tcpdump: listening on pflog0, link-type PFLOG Jan 20 09:00:34.514535 rule
0/(match) pass in on em0: 172.16.0.6 > 192.168.0.10: icmp: echo request Jan 20
09:00:34.514551 rule 1/(match) pass out on rl0: 172.16.0.6 > 192.168.0.10:
icmp: echo request 2 packets received by filter 0 packets dropped by kernel
This ping does not work from linux ubuntu to laptop:
# tcpdump -n -e -ttt -i pflog0 tcpdump: listening on pflog0, link-type PFLOG
Jan 20 09:00:46.735139 rule 0/(match) pass in on rl0: 192.168.0.10 >
172.16.0.6: icmp: echo request (DF) Jan 20 09:00:46.735156 rule 1/(match) pass
out on em0: 192.168.0.10 > 172.16.0.6: icmp: echo request (DF) 2 packets
received by filter 0 packets dropped by kernel
I wonder if it is a static route issue on the client?
Or is it a static route issue on the router?
I added "route add default gw 192.168.0.254" on ubuntu and also "route add
-net 172.16.0.0 mask 255.255.255.0 gw 192.168.0.254"

Not sure what I am doing wrong.

Can anyone help me?

Thanks
my net diagram:
clients(laptop wireless) <->172.16.0.0 /24<--- hub ---> openbsd
router < hub > 192.168.0.0 /24-- client (ubuntu or server
2003)
_
Imagine a life without walls.  See the possibilities
http://clk.atdmt.com/UKM/go/122465943/direct/01/



net5501 crypto driver

2009-01-20 Thread Christoph Leser
As described in
http://kerneltrap.org/mailarchive/openbsd-misc/2008/9/22/3364064
there is a problem with the driver for the AMD Geode LX series processor
security block for openBSD 4.4 ( glxsb.c ).

This has been fixed in version 1.15 of this file, but this fix has not
been committed to 4.4. stable ( still on 1.14 ).

Is it ok to use 1.15 with 4.4 stable or do I have to switch to current
inorder to use this patch.

Regards

Christoph



Re: Annoying sounds with auvia and mpd

2009-01-20 Thread Jacob Meuser
On Sun, Dec 14, 2008 at 06:09:24PM +0100, Martin Toft wrote:
> A small follow-up:
> 
> The problem only occurs when opening the audio device. If I queue a
> number of tracks in mpd's playlist and let it play, then it does not
> suddenly start making noise from one track to the next. It only happens
> when I manually start a track (and only sometimes). I suspect that mpd
> does not close the audio device between tracks if it is playing from its
> playlist, and that is probably why the problem does not occur in that
> setting.
> 
> Martin
> 

sorry for the delay.  can you see if this fixes the problem?

something of a guess, but the addition of S/PDIF support is the only
change that fits the timeline of when it was working and when
the problem started.  (and if you look at ac97.c just a few lines down
from this patch, you'll see the XXX-is-this-right? comment I added
when bringing in S/PDIF support from NetBSD ...)

-- 
jake...@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org

Index: ac97.c
===
RCS file: /home2/cvs/OpenBSD/src/sys/dev/ic/ac97.c,v
retrieving revision 1.70
diff -u -r1.70 ac97.c
--- ac97.c  23 Oct 2008 21:50:01 -  1.70
+++ ac97.c  19 Jan 2009 10:07:44 -
@@ -878,6 +878,13 @@
 
as->ac97_clock = AC97_STANDARD_CLOCK;
ac97_read(as, AC97_REG_EXT_AUDIO_ID, &as->ext_id);
+
+   /* This VIA codec doesn't like the way we enable S/PDIF, so
+* pretend it doesn't have S/PDIF capabilities.
+*/
+   if (id == 56494182)
+   as->ext_id &= ~(AC97_EXT_AUDIO_SPDIF); 
+
if (as->ext_id & (AC97_EXT_AUDIO_VRA | AC97_EXT_AUDIO_DRA
  | AC97_EXT_AUDIO_SPDIF | AC97_EXT_AUDIO_VRM
  | AC97_EXT_AUDIO_CDAC | AC97_EXT_AUDIO_SDAC



Re: Port ZFS to OpenBSD

2009-01-20 Thread Edd Barrett
On Mon, Jan 19, 2009 at 08:45:05PM -0800, Joe S wrote:
> It's clear there will be no ZFS in OpenBSD. It's not a priority of the
> developers.

"ZFS-like" functionality could be added to softraid. This would be more
realistic.
 

-- 

Best Regards

Edd Barrett
(Freelance software developer / technical writer / open-source developer)

http://students.dec.bmth.ac.uk/ebarrett



Re: OpenBSD 4.4 pf+vlan+bridge problem

2009-01-20 Thread Guido Tschakert
Key Aavoja schrieb:
> Hello,
> 
Hello,

first thing: I do not have any experience with multicast traffic.
But what you have build seems very strange to me. First you use vlan to
separate the networks an then you put them alltogether with a bridge.
I do not see the use of the vlans.

Wouldn't it be better to not use the bridge and use (multicast-)routing
and pf to solve your problem?

As I said, I have no experience with multicast traffic, but that is how
I would start digging.

guido

> I have a problem with pf+bridge+vlan (multicast traffic) and I googled
> a lot, read the manuals and so on - no help. Finally I posted on wrong
> place :( sorry.
> 
> Hopefully this time I'm writing to right place.
> 
> 
> Following setup is made for multicast traffic separation from one lan
> to multiple vlans.
> 
> Setup:
> 
> Two physical interfaces
> 
> bnx0
> bnx1
> 
> interfaces bnx0 and bnx1 has vlans:
> 
> bnx0
> vlan1100
> bnx1
> vlan1101
> vlan1102
> vlan1103
> vlan1104
> vlan1105
> vlan1106
> vlan1107
> vlan1108
> 
> Bridge setup: bridge0 has all vlans as bridge members (vlan1100,
> vlan1101 ... vlan1108)
> 
> PF config:
> 
> block out on bnx1 all
> block out on vlan1100 all
> block out on vlan1101 all
> block out on vlan1102 all
> block out on vlan1103 all
> block out on vlan1104 all
> block out on vlan1105 all
> block out on vlan1106 all
> block out on vlan1107 all
> block out on vlan1108 all
> pass out quick on vlan1101 proto udp from any to 239.16.1.1
> pass out quick on vlan1102 proto udp from any to 239.16.1.2
> pass out quick on vlan1103 proto udp from any to 239.16.1.3
> 
> Wishful thinking, what the result should be:
> 
> All multicast streams are available on vlan1100 and recieved via
> "bnx0/vlan1100". Bridge should stream the multicast packets to what
> ever vlan - its the place where pf should help. Stream: 239.16.1.1
> should be available only on vlan1101, and 239.16.1.2 avialable on
> vlan1102 and so on.
> .
> 
> Real Result:
> Stream 239.16.1.1 is available on all three vlans: 11101,1102,1103 -
> same thing happens with other two streams (239.16.1.2, 239.16.1.3)
> 
> It's really weird what's going on or did I understood something wrong
> and configuration is not correct?
> 
> Thank you.
> 


-



ser, undefined symbol

2009-01-20 Thread Antoine Junod
Dear list,

I've successfully installed the 'ser' package (ser-0.8.10p1) and its
dependences with pkg_add, on a 4.4-release.

Using a simple config file as described in ser's doc that has been
tested on other systems, I get the following kind of errors:

# ser D E
ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'mem_block'
ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'debug'
ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'bind_address'
ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'log_stderr'
ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'port_no'
ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'qm_free'
ser:/usr/local/lib/ser/modules/rr.so: undefined symbol
  'insert_new_lump_before'
ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'del_lump'
ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'dprint'
ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'do_action'
ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'qm_malloc'
ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'parse_headers'
ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'anchor_lump'
 0(158) ERROR: load_module: could not open module
 : Cannot load specified object
 0(158) parse error (16,13-46): failed to load module
[and so on for each modules]

Is there anything I could do to fix that?

Thanks for your reply,
-AJ

ps. sorry to not post on po...@. My mail to majordomo (subscribe) has
been greylisted for one hour or so before beeing accepted and
then... no news from majordomo for the last 18 hours.