howto using openbsd fdisk because my slice not detek from linux?
i have buy new ata hdd, and for the first, i try to install openbsd 4.4. i have succes make partition using openbsd fdisk because i don't want use all of disk into openbsd, i can boot into openbsd after installation complete but when i try to install linux as secon OS, why this slice not detek by linux fdisk?
İŞ ELBİSELERİNDE KALİTE UYGUN FİYATA
]^ Elbiselerinde, Kis Kampanyamiz Basladi. Bizim icin musteri memnuniyeti herseyden once gelir. Sizlerle de calismaktan mutluluk duyariz. oguz is elbiseleri KISLIK SWEATSHORT(CEP NAKISLI) : 11.00YTL IS ONLUGU ALPAKA -GABARDIN(CEP NAKISLI ) : 13.00YTL PANTOLON GABARDIN : 12.00 YTL IS AYAKKABISI (ÇELIK BURUNLU) : 20.00YTL ASKILI TULUM GABARDIN ( NAKISLI ) : 17.00YTL FOSFORLU YELEK : 6.50 YTL SAPKA PAMUK (TEK RENK BASKILI) : 2.50YTL LUTFEN DAHA DETAYLI BILGI ICIN BIZI ARAYINIZ ]shak TASKIRAN Tel :0212 324 02 66 Fax: :0212 281 67 58 GSM :0533 685 54 60 MA]L :-oguzisgi...@gmail.com REFERANSLARIMIZDAN BAZILARI MUDO MAGAZALARI KOSKA HELVACISI SNOWY MARKETLERI SARIYER MARKETLERI HAPPY CENTER MARKETLERI ALPARK MARKETLER] TATLICI TOMBAK PIRLANTA BAKL]YAT KEB]R SÜR ÜRÜNLER] YORSAN DANET OZLEM ET KEBIR SUT SEYIDOGLU GRIPIN HISAR ÇATAL KA^IK KALE KILIT AFYON MERMER
Re: Sending email in Apache chroot?
So in summary, the following was done: - Setup sendmail such as the sendmail that came with OpenBSD or use some other agent like Postfix such that you can do a `dmesg | mail -s "Sony VAIO 505R laptop, apm works OK" dm...@openbsd.org` on the command line. - Install femail-chroot from package, this places a binary called femail in /var/www/bin/ - Change sendmain_path in php.ini. This defaults to "sendmail -t -i". Change it to "/bin/femail -t -i" - cp /bin/ksh /var/www/bin/; cp /bin/sh /var/www/bin/; "femail itself does not use or need sh. whatever invokes it might need it.", Henning Brauer.
Re: Sending email in Apache chroot?
2009/1/21 Amitabh Kant : > Hi > > See if this link is of any use to you. > > http://kerneltrap.org/mailarchive/openbsd-misc/2007/10/15/343352/thread > > > With regards > > Amitabh > Oh thank you very much this has solved the final piece of the puzzle!!! It all works now!! Thanks again!! -- This e-mail may be confidential. You may not copy, forward or use any part. Note that all disclaimers on the Internet are of zero legal effectiveness however. http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Sending email in Apache chroot?
Hi See if this link is of any use to you. http://kerneltrap.org/mailarchive/openbsd-misc/2007/10/15/343352/thread With regards Amitabh
Re: Sending email in Apache chroot?
2009/1/21 Sunnz : > 2009/1/21 Henning Brauer : >> * Sunnz [2009-01-20 17:48]: >>> Ok so I have copied /etc/resolv.conf to /var/www/etc/... >>> >>> Now it says: >>> >>> femail: rcpt to chr...@civicquire.net refused by server >> >> "refused by server" not enough of a hint? >> > > Ok my mistake, I mis-spelt the e-mail address. (DOH!) > > So this command works now: > > chroot -g www -u www /var/www/ /bin/femail -v -t -i m...@myaddress.com > > However it still doesn't work from within Apache/PHP... I even called > phpinfo() in a PHP script and examined what sendmail_path it set to, > it is indeed /bin/femail -t -i... > Ok I noticed that the mail() function in PHP returns false, so it has something to do with PHP itself I guess? However I were not able to get PHP to print out any errors, so I am lost again here... display_errors is On in php.ini... -- This e-mail may be confidential. You may not copy, forward or use any part. Note that all disclaimers on the Internet are of zero legal effectiveness however. http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Sending email in Apache chroot?
2009/1/21 Henning Brauer : > * Sunnz [2009-01-20 17:48]: >> Ok so I have copied /etc/resolv.conf to /var/www/etc/... >> >> Now it says: >> >> femail: rcpt to chr...@civicquire.net refused by server > > "refused by server" not enough of a hint? > Ok my mistake, I mis-spelt the e-mail address. (DOH!) So this command works now: chroot -g www -u www /var/www/ /bin/femail -v -t -i m...@myaddress.com However it still doesn't work from within Apache/PHP... I even called phpinfo() in a PHP script and examined what sendmail_path it set to, it is indeed /bin/femail -t -i... -- This e-mail may be confidential. You may not copy, forward or use any part. Note that all disclaimers on the Internet are of zero legal effectiveness however. http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Sending email in Apache chroot?
2009/1/21 Henning Brauer : > * Sunnz [2009-01-20 17:48]: >> Ok so I have copied /etc/resolv.conf to /var/www/etc/... >> >> Now it says: >> >> femail: rcpt to chr...@civicquire.net refused by server > > "refused by server" not enough of a hint? > Well the same address and everything worked without chroot, so I am not sure what is needed inside of the chroot to make this work. -- This e-mail may be confidential. You may not copy, forward or use any part. Note that all disclaimers on the Internet are of zero legal effectiveness however. http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Router ping one way only
It just looks like your Vista laptop does not reply to ICMP requests for some reason. As this is a Windows specific problem, I will not try to solve it. Your tcpdump shows that the laptop uses the router perfectly fine as a gateway to reach the world, i.e. if the laptop responded with an ICMP reply, the reply would end up the right place. Martin
Re: Problem with pptp
and when I can't connect daemon log is like: Jan 21 02:50:26 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(139) state = Opened Jan 21 02:50:26 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(139) state = Opened Jan 21 02:50:27 gullabs ppp[7913]: tun0: IPCP: deflink: Error: Unexpected IPCP in phase Authenticate (ignored) Jan 21 02:50:35 gullabs last message repeated 4 times Jan 21 02:50:36 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(140) state = Opened Jan 21 02:50:36 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(140) state = Opened Jan 21 02:50:46 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(141) state = Opened Jan 21 02:50:46 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(141) state = Opened Jan 21 02:50:56 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(142) state = Opened Jan 21 02:50:56 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(142) state = Opened Jan 21 02:50:57 gullabs ppp[7913]: tun0: IPCP: deflink: Error: Unexpected IPCP in phase Authenticate (ignored) Jan 21 02:51:05 gullabs last message repeated 4 times 2009/1/21 Mukhitdinov Manzur > and when I can't connect daemon log is like: > > Jan 21 02:50:26 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(139) > state = Opened > Jan 21 02:50:26 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(139) > state = Opened > Jan 21 02:50:27 gullabs ppp[7913]: tun0: IPCP: deflink: Error: Unexpected > IPCP in phase Authenticate (ignored) > Jan 21 02:50:35 gullabs last message repeated 4 times > Jan 21 02:50:36 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(140) > state = Opened > Jan 21 02:50:36 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(140) > state = Opened > Jan 21 02:50:46 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(141) > state = Opened > Jan 21 02:50:46 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(141) > state = Opened > Jan 21 02:50:56 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(142) > state = Opened > Jan 21 02:50:56 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(142) > state = Opened > Jan 21 02:50:57 gullabs ppp[7913]: tun0: IPCP: deflink: Error: Unexpected > IPCP in phase Authenticate (ignored) > Jan 21 02:51:05 gullabs last message repeated 4 times > > 2009/1/21 Gull Labs > > Hi! I've Openbsd 4.4 with default kernel and connection to Internet by >> pptp. Problem is sometimes it connects but sometimes doesn't. But in most >> cases when it connects it pings any host with message: >> >> ping: sendto: No buffer space available >> ping: wrote ya.ru 64 chars, ret=-1 >> >> Here some files: >> >> 1. hostname.fxp0 >> >> dhcp NONE NONE NONE >> !route add -host vpn.provider.net 10.129.0.17 >> !route add 85.21/16 10.129.0.17 >> !route add 195.14.32/19 10.129.0.17 >> !route add 10/8 10.129.0.17 >> >> 2. hostname.tun0 >> >> !/usr/sbin/ppp -ddial corbina >/dev/null 2>&1 >> >> 3. ppp.conf >> >> default: >> set log Phase Chat LCP IPCP CCP tun command >> disable ipv6cp >> corbina: >> set device "!/usr/sbin/pptp vpn.provider.net --nolaunchpppd" >> set timeout 0 >> set authname >> set authkey >> set login >> set ifaddr 85.81.225.18 10.129.0.17/0 >> add! default HISADDR >> >> 4. /var/log/daemon >> >> Jan 20 23:29:48 gullabs ppp[17136]: tun0: Chat: deflink: Redial timer >> expired. >> Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: Connected! >> Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: opening -> dial >> Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: dial -> carrier >> Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: carrier -> login >> >> Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: login -> lcp >> Jan 20 23:29:48 gullabs ppp[17136]: tun0: LCP: FSM: Using "deflink" as a >> transport >> Jan 20 23:29:48 gullabs ppp[17136]: tun0: LCP: deflink: State change >> Initial --> Closed >> Jan 20 23:29:48 gullabs ppp[17136]: tun0: LCP: deflink: State change >> Closed --> Stopped >> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: deflink: LayerStart >> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22) >> state = Stopped >> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: ACFCOMP[2] >> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: PROTOCOMP[2] >> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: ACCMAP[6] 0x >> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: MRU[4] 1500 >> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: MAGICNUM[6] 0x02bcea78 >> Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: deflink: State change >> Stopped --> Req-Sent >> Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22) >> state = Req-Sent >> Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP: ACFCOMP[2] >> Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP: PROTOCOMP[2] >> Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP: ACCMAP[6] 0x >> Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP: MRU[4] 1500 >> Jan 20 23:29:52 gullabs ppp[17136]: tun0:
Re: Problem with pptp
and when I can't connect daemon log is like: Jan 21 02:50:26 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(139) state = Opened Jan 21 02:50:26 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(139) state = Opened Jan 21 02:50:27 gullabs ppp[7913]: tun0: IPCP: deflink: Error: Unexpected IPCP in phase Authenticate (ignored) Jan 21 02:50:35 gullabs last message repeated 4 times Jan 21 02:50:36 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(140) state = Opened Jan 21 02:50:36 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(140) state = Opened Jan 21 02:50:46 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(141) state = Opened Jan 21 02:50:46 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(141) state = Opened Jan 21 02:50:56 gullabs ppp[7913]: tun0: LCP: deflink: RecvEchoRequest(142) state = Opened Jan 21 02:50:56 gullabs ppp[7913]: tun0: LCP: deflink: SendEchoReply(142) state = Opened Jan 21 02:50:57 gullabs ppp[7913]: tun0: IPCP: deflink: Error: Unexpected IPCP in phase Authenticate (ignored) Jan 21 02:51:05 gullabs last message repeated 4 times 2009/1/21 Gull Labs > Hi! I've Openbsd 4.4 with default kernel and connection to Internet by > pptp. Problem is sometimes it connects but sometimes doesn't. But in most > cases when it connects it pings any host with message: > > ping: sendto: No buffer space available > ping: wrote ya.ru 64 chars, ret=-1 > > Here some files: > > 1. hostname.fxp0 > > dhcp NONE NONE NONE > !route add -host vpn.provider.net 10.129.0.17 > !route add 85.21/16 10.129.0.17 > !route add 195.14.32/19 10.129.0.17 > !route add 10/8 10.129.0.17 > > 2. hostname.tun0 > > !/usr/sbin/ppp -ddial corbina >/dev/null 2>&1 > > 3. ppp.conf > > default: > set log Phase Chat LCP IPCP CCP tun command > disable ipv6cp > corbina: > set device "!/usr/sbin/pptp vpn.provider.net --nolaunchpppd" > set timeout 0 > set authname > set authkey > set login > set ifaddr 85.81.225.18 10.129.0.17/0 > add! default HISADDR > > 4. /var/log/daemon > > Jan 20 23:29:48 gullabs ppp[17136]: tun0: Chat: deflink: Redial timer > expired. > Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: Connected! > Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: opening -> dial > Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: dial -> carrier > Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: carrier -> login > Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: login -> lcp > Jan 20 23:29:48 gullabs ppp[17136]: tun0: LCP: FSM: Using "deflink" as a > transport > Jan 20 23:29:48 gullabs ppp[17136]: tun0: LCP: deflink: State change > Initial --> Closed > Jan 20 23:29:48 gullabs ppp[17136]: tun0: LCP: deflink: State change Closed > --> Stopped > Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: deflink: LayerStart > Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22) > state = Stopped > Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: ACFCOMP[2] > Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: PROTOCOMP[2] > Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: ACCMAP[6] 0x > Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: MRU[4] 1500 > Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: MAGICNUM[6] 0x02bcea78 > Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: deflink: State change > Stopped --> Req-Sent > Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22) > state = Req-Sent > Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP: ACFCOMP[2] > Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP: PROTOCOMP[2] > Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP: ACCMAP[6] 0x > Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP: MRU[4] 1500 > Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP: MAGICNUM[6] 0x02bcea78 > Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22) > state = Req-Sent > Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP: ACFCOMP[2] > Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP: PROTOCOMP[2] > Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP: ACCMAP[6] 0x > Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP: MRU[4] 1500 > Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP: MAGICNUM[6] 0x02bcea78 > Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22) > state = Req-Sent > Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP: ACFCOMP[2] > Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP: PROTOCOMP[2] > Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP: ACCMAP[6] 0x > Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP: MRU[4] 1500 > Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP: MAGICNUM[6] 0x02bcea78 > Jan 20 23:30:01 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22) > state = Req-Sent > Jan 20 23:30:01 gullabs ppp[17136]: tun0: LCP: ACFCOMP[2] > Jan 20 23:30:01 gullabs ppp[17136]: tun0: LCP: PROTOCOMP[2] > Jan 20 23:30:01 gullabs ppp[17136]: tun0: LCP: ACCMAP[6] 0x > Jan 20 23:30:01 gullabs ppp[17136]: tun0: LCP: MRU[4] 1500 > Jan 20 23:30:0
Re: Router ping one way only
I have a lot of info here, but first, seems I cannot ping the Vista client from the router. Firewall is off... but no ping response. I will post the tcpdump of this first cause it maybe waht was mentioned earlier is happening, then i have other info requested. Jan 21 00:27:58.595813 rule 1/(match) pass out on em0: 172.16.0.254 > 172.16.0.6: icmp: echo request Jan 21 00:28:21.823488 rule 0/(match) pass in on em0: 172.16.0.6.1948 > 212.58.250.36.443: udp 16 Jan 21 00:28:21.823504 rule 1/(match) pass out on em0: 172.16.0.6.1948 > 212.58.250.36.443: udp 16 Jan 21 00:28:59.005518 rule 0/(match) pass in on em0: 172.16.0.6.62210 > 212.23.3.100.53:[|domain] Jan 21 00:28:59.005533 rule 1/(match) pass out on em0: 172.16.0.6.62210 > 212.23.3.100.53:[|domain] Jan 21 00:28:59.007138 rule 0/(match) pass in on em0: 172.16.0.6.63700 > 216.239.59.100.80: [|tcp] (DF) Jan 21 00:28:59.007149 rule 1/(match) pass out on em0: 172.16.0.6.63700 > 216.239.59.100.80: [|tcp] (DF) Jan 21 00:28:59.042267 rule 0/(match) pass in on em0: 172.16.0.6.63701 > 212.23.3.98.110: [|tcp] (DF) Jan 21 00:28:59.042279 rule 1/(match) pass out on em0: 172.16.0.6.63701 > 212.23.3.98.110: [|tcp] (DF) Router Info: # route -n show -inet Routing tables Internet: DestinationGatewayFlagsRefs UseMtu Interface default172.16.0.1 UGS 1 3373 - em0 127/8 127.0.0.1 UGRS00 33208 lo0 127.0.0.1 127.0.0.1 UH 00 33208 lo0 172.16.0/24link#4 UC 20 - em0 172.16.0.1 00:19:e8:ea:5a:0c UHLc10 - em0 172.16.0.6 00:1c:bf:0e:af:26 UHLc2 322 - em0 192.168.0/24 link#3 UC 10 - rl0 192.168.0.10 00:e0:00:9b:07:c3 UHLc1 48 - rl0 224/4 127.0.0.1 URS 00 33208 lo0 # pfctl -sr pass in log all flags S/SA keep state pass out log all flags S/SA keep state # pfctl -sn # ifconfig rl0: flags=8843 mtu 1500 lladdr 00:08:54:36:16:a0 media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::208:54ff:fe36:16a0%rl0 prefixlen 64 scopeid 0x3 inet 192.168.0.254 netmask 0xff00 broadcast 192.168.0.255 em0: flags=8843 mtu 1500 lladdr 00:12:3f:35:e6:2d groups: egress media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) status: active inet6 fe80::212:3fff:fe35:e62d%em0 prefixlen 64 scopeid 0x4 inet 172.16.0.254 netmask 0xff00 broadcast 172.16.0.255 enc0: flags=0<> mtu 1536 pflog0: flags=141 mtu 33208 groups: pflog Ubuntu Info: laptop:~$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 00 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 00 eth0 0.0.0.0 192.168.0.254 0.0.0.0 UG0 00 eth0 Vista laptop Info: IPv4 Route Table === Active Routes: Network DestinationNetmask Gateway Interface Metric 0.0.0.0 0.0.0.0 172.16.0.254 172.16.0.6286 127.0.0.0255.0.0.0 On-link 127.0.0.1306 127.0.0.1 255.255.255.255 On-link 127.0.0.1306 127.255.255.255 255.255.255.255 On-link 127.0.0.1306 172.16.0.0255.255.255.0 On-link172.16.0.6286 172.16.0.6 255.255.255.255 On-link172.16.0.6286 172.16.0.255 255.255.255.255 On-link172.16.0.6286 224.0.0.0240.0.0.0 On-link 127.0.0.1306 224.0.0.0240.0.0.0 On-link172.16.0.6286 255.255.255.255 255.255.255.255 On-link 127.0.0.1306 255.255.255.255 255.255.255.255 On-link172.16.0.6286 === Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 172.16.0.254 Default 0.0.0.0 0.0.0.0192.168.0.254 Default There is a lot there! Martin Toft-2 wrote: > > On Tue, Jan 20, 2009 at 02:25:33PM -0800, duxbuz wrote: >> Thanks for reply. Both of you. > > No problem. I think it will be easy to point out the problem, if you > post more details: > > - ifconfig, 'route -n show -inet', 'pfctl -sr' and 'pfctl -sn' on the > router. > - ifconfig and 'route -n' on the Ubuntu machine. > - Something like the above on the Windows machine(s). > > Check that you haven't made a typo somewhere wrt. the 172.16.x.y > addresses and associated netmasks.
Re: OpenBSD 4.4 pf+vlan+bridge problem
Quoting Stuart Henderson : On 2009-01-20, Key Aavoja wrote: Wouldn't it be better to not use the bridge and use (multicast-)routing and pf to solve your problem? Multicast routing with "dvrmpd" is tested with pf, does not work. the same thing happens, if streamX is allowed to pass out on vlanX and streamY is allowed to pass out on vlanY, result is pretty similar: vlanX outputs both streams (streamX, streamY) and the same thing with vlanY. if you get rid of the bridge and change it for a routed setup with igmpproxy (it's in packages), does that do what you're looking for? pf is not 100% percent multicast compat.? see the last couple of paragraphs of my earlier post about that - fine when it's routed, some limitations as a bridge. Thanks, I read and now I understand completely. Btw. test with dvrmpd was without a bridge, but pf filtering on "out" @ vlans had same results as with bridge. Using a igmpproxy in my setup is not a option because equipments expecting a stream are sometimes "far away" in network topology and cannot be sure, that igmp-join is always received. Anyway for others who are googling multicast & bridge topics: I found a "workaround". Use Linux 2.6 kernel + vlan + bridge + ebtables. Net setup will be the same, all what you need to add on your own script is: #!/bin/bash #default policy to drop everything (no matter which protocol). ebtables -P FORWARD DROP #flush existing rules. ebtables -F #now the exceptions ebtables -A FORWARD -i eth0.1100 -o eth1.1101 -p IPv4 --ip-dst 239.16.1.1 -j ACCEPT ebtables -A FORWARD -i eth0.1100 -o eth1.1102 -p IPv4 --ip-dst 239.16.1.2 -j ACCEPT ebtables -A FORWARD -i eth0.1100 -o eth1.1103 -p IPv4 --ip-dst 239.16.1.3 -j ACCEPT /etc/init.d/ebtables save && echo "ebtables: rules updated!" Thats all what you need to do! Machine with two broadcom interfaces (not so good as intel) , 2GHz xeon (dual core) has acceptable performance: load: 0.00, cpu:0%, interrupts:eth0=6800; eth1=4300 90Mbit/s is the traffic on eth1 and pkt/s=8000 * This setup is giving a gaurantee, that no SpanningTree and other messages does not travel between interfaces, and vlans are staying still "separated" Key
Re: Router ping one way only
Hi check firewall settings and also you can do a Traceroute to the problem machine. Maybe 2 same Ips??? 2009/1/20 Jason Dixon > On Tue, Jan 20, 2009 at 02:25:33PM -0800, duxbuz wrote: > > Thanks for reply. Both of you. > > > > I pinged from client to router, on both routers interfaces 172.16.0.254 > and > > 192.168.0.254. > > > > # tcpdump -n -e -ttt -i pflog0 > > tcpdump: listening on pflog0, link-type PFLOG > > Jan 20 23:10:58.644031 rule 0/(match) pass in on rl0: 192.168.0.10 > > > 192.168.0.254: icmp: echo request (DF) > > Jan 20 23:11:06.977914 rule 0/(match) pass in on rl0: 192.168.0.10 > > > 172.16.0.254: icmp: echo request (DF) > > Jan 20 23:11:20.879285 rule 0/(match) pass in on em0: 172.16.0.6.1948 > > > 212.58.250.36.443: udp 16 > > Jan 20 23:11:20.879301 rule 1/(match) pass out on em0: 172.16.0.6.1948 > > > 212.58.250.36.443: udp 16 > > > > Going back to what Martin said, I can ping to either client, on either > > subnet, from router. I can even ping through router from 172 subnet to > 192 > > subnet, just not the other way. And it doesn't look like there are any > rules > > in the Iptables ruleset. > > It smells of routing. Check the tables on each client and see if > they're going through a different gateway than you expect. > > -- > Jason Dixon > DixonGroup Consulting > http://www.dixongroup.net/ > > -- Atentamente Andris Genovez Tobar / Departamento Tecnico COMERCIAL SALVADOR PACHECO MORA S.A. / DESDE 1945 SPM TECNOLOGIAS Cuenca, Luis Cordero 9-70 y Gran Colombia Av. 27 de Febrero y Jacinto Flores Telifono. 593-7-2842388 ext 103 Fax. 593-7-2842388 ext 120 Celular 593-97670874 593-96816996 Alegro Mail: ageno...@cspmsa.com Viaje: andresgeno...@gmail.com www.cspmsa.com www.crice.org
Re: Router ping one way only
On Tue, Jan 20, 2009 at 02:25:33PM -0800, duxbuz wrote: > Thanks for reply. Both of you. No problem. I think it will be easy to point out the problem, if you post more details: - ifconfig, 'route -n show -inet', 'pfctl -sr' and 'pfctl -sn' on the router. - ifconfig and 'route -n' on the Ubuntu machine. - Something like the above on the Windows machine(s). Check that you haven't made a typo somewhere wrt. the 172.16.x.y addresses and associated netmasks. Martin
Re: Router ping one way only
On Tue, Jan 20, 2009 at 02:25:33PM -0800, duxbuz wrote: > Thanks for reply. Both of you. > > I pinged from client to router, on both routers interfaces 172.16.0.254 and > 192.168.0.254. > > # tcpdump -n -e -ttt -i pflog0 > tcpdump: listening on pflog0, link-type PFLOG > Jan 20 23:10:58.644031 rule 0/(match) pass in on rl0: 192.168.0.10 > > 192.168.0.254: icmp: echo request (DF) > Jan 20 23:11:06.977914 rule 0/(match) pass in on rl0: 192.168.0.10 > > 172.16.0.254: icmp: echo request (DF) > Jan 20 23:11:20.879285 rule 0/(match) pass in on em0: 172.16.0.6.1948 > > 212.58.250.36.443: udp 16 > Jan 20 23:11:20.879301 rule 1/(match) pass out on em0: 172.16.0.6.1948 > > 212.58.250.36.443: udp 16 > > Going back to what Martin said, I can ping to either client, on either > subnet, from router. I can even ping through router from 172 subnet to 192 > subnet, just not the other way. And it doesn't look like there are any rules > in the Iptables ruleset. It smells of routing. Check the tables on each client and see if they're going through a different gateway than you expect. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
Re: Router ping one way only
Thanks for reply. Both of you. I pinged from client to router, on both routers interfaces 172.16.0.254 and 192.168.0.254. # tcpdump -n -e -ttt -i pflog0 tcpdump: listening on pflog0, link-type PFLOG Jan 20 23:10:58.644031 rule 0/(match) pass in on rl0: 192.168.0.10 > 192.168.0.254: icmp: echo request (DF) Jan 20 23:11:06.977914 rule 0/(match) pass in on rl0: 192.168.0.10 > 172.16.0.254: icmp: echo request (DF) Jan 20 23:11:20.879285 rule 0/(match) pass in on em0: 172.16.0.6.1948 > 212.58.250.36.443: udp 16 Jan 20 23:11:20.879301 rule 1/(match) pass out on em0: 172.16.0.6.1948 > 212.58.250.36.443: udp 16 Going back to what Martin said, I can ping to either client, on either subnet, from router. I can even ping through router from 172 subnet to 192 subnet, just not the other way. And it doesn't look like there are any rules in the Iptables ruleset. Does it look like what you suggested it might be Christiano? Thanks. Christiano Farina Haesbaert wrote: > > First try to make a ping from client--->server, then call tcpdump icmp on > the server and check the source address reaching it, make sure that the > source ip is the client's IP. > > I bet some node of your network is doing NAT, and the server is > responding > the ICMP packets to the equipment doing the nat, not the machine issuing > the > ping. > > Best regards > > > -- View this message in context: http://www.nabble.com/Router-ping-one-way-only-tp21569634p21573037.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Sending email in Apache chroot?
I use mini-sendmail-chroot. Works fine. I use the following script to get all needed stuff inside chroot: #!/bin/sh mkdir -p /var/www/usr/lib cp /usr/lib/libm.so.* /var/www/usr/lib cp /usr/lib/libssl.so.* /var/www/usr/lib cp /usr/lib/libcrypto.so.* /var/www/usr/lib cp /usr/lib/libc.so.* /var/www/usr/lib cp /usr/lib/libz.so.* /var/www/usr/lib #not sure if needed --Chris mkdir -p /var/www/usr/libexec cp /usr/libexec/ld.so /var/www/usr/libexec mkdir -p /var/www/usr/sbin cp /usr/sbin/suexec /var/www/usr/sbin chmod 4755 /usr/sbin/suexec chmod 4755 /var/www/usr/sbin/suexec mkdir -p /var/www/etc/ cp /etc/group /var/www/etc/ cp /etc/localtime /var/www/etc/ cp /etc/login.conf /var/www/etc/ cp /etc/passwd /var/www/etc/ cp /etc/pwd.db /var/www/etc/ cp /etc/protocols /var/www/etc/ cp /var/run/ld.so.hints /var/www/var/run/ld.so.hints #not sure if needed --Chris mkdir -p /var/www/usr/share cp -R /usr/share/nls /var/www/usr/share mkdir -p /var/www/usr/bin #cp /usr/bin/perl /var/www/usr/bin/ #cp /usr/bin/perl5.* /var/www/usr/bin/ cp /usr/bin/whereis /var/www/usr/bin/ cp /usr/bin/perldoc /var/www/usr/bin/ cp /usr/bin/man /var/www/usr/bin/ cp /usr/bin/gzip /var/www/usr/bin/ cp /usr/bin/gunzip /var/www/usr/bin/ mkdir -p /var/www/bin cp /var/www/bin/mini_sendmail /var/www/usr/sbin/sendmail #install mini_sendmail_chroot pkg first --Chris mkdir -p /var/www/usr/etc cp /usr/etc/services /var/www/usr/etc/ cp /usr/lib/libperl.so.* /var/www/usr/lib/ cp /usr/lib/libutil.so.* /var/www/usr/lib/ cp /etc/resolv.conf /var/www/etc/ cp /etc/services /var/www/etc/ # mkdir -p /var/www/usr/libdata /var/www/usr/local cp -R /usr/lib/apache /var/www/usr/lib/ #cp -R /usr/libdata/perl5 /var/www/usr/libdata/ # mkdir -p /var/www/usr/local/libdata #cp -R /usr/local/libdata/perl5 /var/www/usr/local/libdata/ mkdir -p /var/www/usr/share cp -R /usr/share/zoneinfo /var/www/usr/share/ mkdir -p /var/www/usr/local/lib cp -R /usr/local/lib/ /var/www/usr/local/ #mysql access from chroot for mwforum. May have too much added --Chris Any comments on anything I should add extra or remove are welcome. Sunnz wrote: I have set up mail and femail and they both works, just not in a chroot. Basically I can do `mail m...@myaddress.com` or `/var/www/bin/femail m...@myaddress.com` and both of then successfully sent an email to myself. But it doesn't work with Apache in the chroot. I was using a PHP script. femail-chroot is installed by pkg_add -iv femail-chroot. I also tried the following: `chroot -g www -u www / /var/www/bin/femail -t -i m...@myaddress.com` works, but `chroot -g www -u www /var/www/ /bin/femail -t -i m...@myaddress.com` doesn't work, it says: femail: non-recoverable failure in name resolution I run out of ideas now, what needs to be done?
Re: OpenBSD 4.4 load balance outgoing
On 2009-01-20, u...@o3si.de wrote: > as the FAQ http://www.openbsd.org/faq/faq6.html#Multipath states: > > "It's worth noting that if an interface used by a multipath route goes > down (i.e., loses carrier), the kernel will still try to forward > packets using the route that points to that interface. the FAQ refers to 4.4 (i.e. the last released version), but I'm pretty sure this particular thing (link down resulting in blackhole) is not a problem in -current. you may still have a need for some other way to kill the route if the link stays up but the nexthop is down, though. > So use ifstated to check the link of the interface and populate the > routing table accordingly. as an alternative to ifstated, you could take default routes from OSPF if your environment allows. (ospfd is ECMP capable).
Re: sandisk cruzer usb pen-drives with hotplugd
On Tue, Jan 20, 2009 at 8:46 PM, frantisek holop wrote: > hmm, on Tue, Jan 20, 2009 at 03:20:53PM -0500, Brynet said that >> http://www.u3.com/uninstall/ > > thanks for the tip, the cd* device is gone :] > i wish i knew that before. > > anyone knows how this utility works? > i really thoght this was hw based! > > and can anyone still with the U3 stuff reproduce > the machine crashes i have been seeing with hotplugd > but not able to reproduce every time? > > -f Hi, I have a similar usb flash drive but in a Welly Die Cast VW Van, which causes hotplugd to hard lock my X41. Jan 20 21:15:59 x41 /bsd: cd1 at scsibus2 targ 1 lun 0: SCSI2 5/cdrom removable Jan 20 21:15:59 x41 /bsd: sd1 at scsibus2 targ 1 lun 1: SCSI2 0/direct removable Jan 20 21:15:59 x41 /bsd: sd1: 998MB, 127 cyl, 255 head, 63 sec, 512 bytes/sec, 2045288 sec total When I try to look at the geometry of the cd part of the flash drive I get: x41:fred ~> sudo fdisk cd1 Password: fdisk: DIOCGDINFO: Input/output error fdisk: Can't get disk geometry, please use [-chs] to specify. I'm about to see in the U3 software will work on it. Fred
Re: OpenBSD 4.4 pf+vlan+bridge problem
On 2009-01-20, Key Aavoja wrote: >> Wouldn't it be better to not use the bridge and use (multicast-)routing >> and pf to solve your problem? > > Multicast routing with "dvrmpd" is tested with pf, does not work. the > same thing happens, if streamX is allowed to pass out on vlanX and > streamY is allowed to pass out on vlanY, result is pretty similar: > vlanX outputs both streams (streamX, streamY) and the same thing with > vlanY. if you get rid of the bridge and change it for a routed setup with igmpproxy (it's in packages), does that do what you're looking for? > pf is not 100% percent multicast compat.? see the last couple of paragraphs of my earlier post about that - fine when it's routed, some limitations as a bridge.
Re: Issue with the keep state statment
On 2009-01-20, TeXitoi wrote: > "Rioux, Christophe" writes: > >> => the 2 other rules will be no more used because of the keep state >> >> What is the alternativ to remake some like before the migration ? looks like you could probably use some reply-to on incoming connections, instead of route-to on outgoing ones. > no state, see pf.conf(5) that will most likely break sites which use TCP window scaling.
Re: sandisk cruzer usb pen-drives with hotplugd
> thanks for the tip, the cd* device is gone :] > i wish i knew that before. No problem, I'm glad it worked for you. :-) > anyone knows how this utility works? I'm not entirely sure, but I'd like to know.. perhaps someone with the relevant skills can reverse engineer the utility and create something for OpenBSD. > i really thoght this was hw based! That was my initial thought.. but clearly the firmware is programmable. > and can anyone still with the U3 stuff reproduce > the machine crashes i have been seeing with hotplugd > but not able to reproduce every time? Unfortunately I can't help you with that, but I know someone who owns a similiar device.. AFAIK he hasn't removed U3 from it yet. -Brynet
Re: Gilles : Call for Donations...
On Tue, Jan 20, 2009 at 08:59:27PM +0530, Mayuresh Kathe wrote: > In case the community hasn't already noticed or been made aware of. > Gilles requires funds (900 Euro) to buy himself a decent desktop computer. > Gilles initiated and works on the new SMTPd code. > > To cross check, his site is at http://www.poolp.org/~gilles/ > > Please donate via paypal: gil...@poolp.org > Wow, someone actually noticed ;-) Gilles -- Gilles Chehade http://www.poolp.org/~gilles/ Please, contribute to my happiness ;) http://www.openbsd.org/want.html
Need help with OpenBGP 4.4
Hello, We've recently begun testing using OpenBSD 4.4 with OpenBGP in our datacenter. Our initial tests have uncovered an odd issue we hope you all can help us with. I've included our configs and relevant information below. The summary of our issue is this: 1.) Upon starting bgpd the session between the two routers goes to established and updates are passed. 2.) Keepalives aren't passed beyond the first exchange. 3.) After some time, the session goes to IDLE on both routers. 4.) The session tears down if we either issue a bgpctl command (like show summary or show neighbors) or wait 240 seconds after the initial connect. 5.) The routers then reestablish connections but they drop again. 6.) The exact same setup works fine with OpenBGP 4.3. Here's what we've found. If we modify session.c at line 405 (timeout = 240; /* loop every 240s at least */) to some number lower than our holdtime, it works. Adding debugging code to the code after that line shows us that the code doesn't get processed again after the intial setup unless the timeout value is reached or some bgpctl statement is excecuted. We've replicated this error in two different test environments. The error causes sessions to be torn down anytime a 4.4 bgpd is used. (ie 4.4 -> 4.4 and 4.4 -> 4.3). Please let me know if you need any additional information from me. Thanks so much, Marc Runkel Technical Operations Manger Untangle, Inc. The two machines in question are dcrouter1 and bgptest2: dcrouter1:/etc/bgpd.conf #macros # XO Peer XOpeer="65.46.252.33" # global configuration AS 21634 router-id 65.46.252.34 log updates network 64.2.3.0/24 holdtime min 3 holdtime 90 # neighbors and peers neighbor $XOpeer { remote-as 2828 descr XO Upstream local-address 65.46.252.34 multihop2 } # filter out prefixes longer than 24 or shorter than 8 bits deny from any allow from any inet prefixlen 8 - 24 # do not accept a default route deny from any prefix 0.0.0.0/0 # We're in test mode, so we gotta let the test networks in (192.168.0.0/16). # filter bogus networks deny from any prefix 10.0.0.0/8 prefixlen >= 8 deny from any prefix 172.16.0.0/12 prefixlen >= 12 #deny from any prefix 192.168.0.0/16 prefixlen >= 16 deny from any prefix 169.254.0.0/16 prefixlen >= 16 deny from any prefix 192.0.2.0/24 prefixlen >= 24 deny from any prefix 224.0.0.0/4 prefixlen >= 4 deny from any prefix 240.0.0.0/4 prefixlen >= 4 -- END -- dcrouter1:/etc/hostname.em0 inet 65.46.252.34 255.255.255.252 65.46.252.35 description "XO WAN" -- END -- dcrouter1:/var/log/daemon.log (bgpd only) Jan 20 11:19:51 dcrouter1 bgpd[24217]: startup Jan 20 11:19:51 dcrouter1 bgpd[14770]: route decision engine ready Jan 20 11:19:52 dcrouter1 bgpd[5962]: listening on 0.0.0.0 Jan 20 11:19:52 dcrouter1 bgpd[5962]: listening on :: Jan 20 11:19:52 dcrouter1 bgpd[5962]: session engine ready Jan 20 11:19:52 dcrouter1 bgpd[5962]: neighbor 65.46.252.33 (XO Upstream): state change None -> Idle, reason: None Jan 20 11:19:52 dcrouter1 bgpd[5962]: neighbor 65.46.252.33 (XO Upstream): state change Idle -> Connect, reason: Start Jan 20 11:19:52 dcrouter1 bgpd[5962]: neighbor 65.46.252.33 (XO Upstream): socket error: Connection refused Jan 20 11:19:52 dcrouter1 bgpd[5962]: neighbor 65.46.252.33 (XO Upstream): state change Connect -> Active, reason: Connection open failed Jan 20 11:19:56 dcrouter1 bgpd[5962]: neighbor 65.46.252.33 (XO Upstream): state change Active -> OpenSent, reason: Connection opened Jan 20 11:19:56 dcrouter1 bgpd[5962]: neighbor 65.46.252.33 (XO Upstream): state change OpenSent -> OpenConfirm, reason: OPEN message received Jan 20 11:19:56 dcrouter1 bgpd[5962]: neighbor 65.46.252.33 (XO Upstream): state change OpenConfirm -> Established, reason: KEEPALIVE message received Jan 20 11:19:56 dcrouter1 bgpd[14770]: neighbor 65.46.252.33 (XO Upstream) AS2828: update 192.168.42.0/24 via 65.46.252.33 Jan 20 11:19:56 dcrouter1 bgpd[24217]: nexthop 65.46.252.33 now valid: directly connected Jan 20 11:20:44 dcrouter1 bgpd[5962]: neighbor 65.46.252.33 (XO Upstream): received notification: HoldTimer expired, unknown subcode 0 Jan 20 11:20:44 dcrouter1 bgpd[5962]: neighbor 65.46.252.33 (XO Upstream): state change Established -> Idle, reason: NOTIFICATION received -- END -- dcrouter1:tcpdump -vvns1500 -i em0 port 179 tcpdump: listening on em0, link-type EN10MB 11:19:52.537633 65.46.252.34.48310 > 65.46.252.33.179: S [tcp sum ok] 164215:164215(0) win 16384 (DF) [tos 0xc0] (ttl 2, id 23223, len 64) 11:19:52.537747 65.46.252.33.179 > 65.46.252.34.48310: R [tcp sum ok] 0:0(0) ack 164216 win 0 (DF) (ttl 64, id 40395, len 40)11:19:56.759172 65.46.252.33.1985 > 65.46.252.34.179: S [tcp sum ok] 2516427034:2516427034(0) win 16384 (DF) [tos 0xc0] (ttl 2, id 61323, len 64) 11:19:56.759201 65.46.252.34.179 > 65.46.252.33.1985: S [tcp sum ok] 2812695705:2812695705(0) a
Re: Router ping one way only
First try to make a ping from client--->server, then call tcpdump icmp on the server and check the source address reaching it, make sure that the source ip is the client's IP. I bet some node of your network is doing NAT, and the server is responding the ICMP packets to the equipment doing the nat, not the machine issuing the ping. Best regards
Problem with pptp
Hi! I've Openbsd 4.4 with default kernel and connection to Internet by pptp. Problem is sometimes it connects but sometimes doesn't. But in most cases when it connects it pings any host with message: ping: sendto: No buffer space available ping: wrote ya.ru 64 chars, ret=-1 Here some files: 1. hostname.fxp0 dhcp NONE NONE NONE !route add -host vpn.provider.net 10.129.0.17 !route add 85.21/16 10.129.0.17 !route add 195.14.32/19 10.129.0.17 !route add 10/8 10.129.0.17 2. hostname.tun0 !/usr/sbin/ppp -ddial corbina >/dev/null 2>&1 3. ppp.conf default: set log Phase Chat LCP IPCP CCP tun command disable ipv6cp corbina: set device "!/usr/sbin/pptp vpn.provider.net --nolaunchpppd" set timeout 0 set authname set authkey set login set ifaddr 85.81.225.18 10.129.0.17/0 add! default HISADDR 4. /var/log/daemon Jan 20 23:29:48 gullabs ppp[17136]: tun0: Chat: deflink: Redial timer expired. Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: Connected! Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: opening -> dial Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: dial -> carrier Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: carrier -> login Jan 20 23:29:48 gullabs ppp[17136]: tun0: Phase: deflink: login -> lcp Jan 20 23:29:48 gullabs ppp[17136]: tun0: LCP: FSM: Using "deflink" as a transport Jan 20 23:29:48 gullabs ppp[17136]: tun0: LCP: deflink: State change Initial --> Closed Jan 20 23:29:48 gullabs ppp[17136]: tun0: LCP: deflink: State change Closed --> Stopped Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: deflink: LayerStart Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22) state = Stopped Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: ACFCOMP[2] Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: PROTOCOMP[2] Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: ACCMAP[6] 0x Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: MRU[4] 1500 Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: MAGICNUM[6] 0x02bcea78 Jan 20 23:29:49 gullabs ppp[17136]: tun0: LCP: deflink: State change Stopped --> Req-Sent Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22) state = Req-Sent Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP: ACFCOMP[2] Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP: PROTOCOMP[2] Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP: ACCMAP[6] 0x Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP: MRU[4] 1500 Jan 20 23:29:52 gullabs ppp[17136]: tun0: LCP: MAGICNUM[6] 0x02bcea78 Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22) state = Req-Sent Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP: ACFCOMP[2] Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP: PROTOCOMP[2] Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP: ACCMAP[6] 0x Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP: MRU[4] 1500 Jan 20 23:29:55 gullabs ppp[17136]: tun0: LCP: MAGICNUM[6] 0x02bcea78 Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22) state = Req-Sent Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP: ACFCOMP[2] Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP: PROTOCOMP[2] Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP: ACCMAP[6] 0x Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP: MRU[4] 1500 Jan 20 23:29:58 gullabs ppp[17136]: tun0: LCP: MAGICNUM[6] 0x02bcea78 Jan 20 23:30:01 gullabs ppp[17136]: tun0: LCP: deflink: SendConfigReq(22) state = Req-Sent Jan 20 23:30:01 gullabs ppp[17136]: tun0: LCP: ACFCOMP[2] Jan 20 23:30:01 gullabs ppp[17136]: tun0: LCP: PROTOCOMP[2] Jan 20 23:30:01 gullabs ppp[17136]: tun0: LCP: ACCMAP[6] 0x Jan 20 23:30:01 gullabs ppp[17136]: tun0: LCP: MRU[4] 1500 Jan 20 23:30:01 gullabs ppp[17136]: tun0: LCP: MAGICNUM[6] 0x02bcea78 Jan 20 23:30:04 gullabs ppp[17136]: tun0: LCP: deflink: LayerFinish Jan 20 23:30:04 gullabs ppp[17136]: tun0: LCP: deflink: State change Req-Sent --> Stopped Jan 20 23:30:04 gullabs ppp[17136]: tun0: LCP: deflink: State change Stopped --> Closed Jan 20 23:30:04 gullabs ppp[17136]: tun0: LCP: deflink: State change Closed --> Initial Jan 20 23:30:04 gullabs ppp[17136]: tun0: Phase: deflink: Disconnected! Jan 20 23:30:04 gullabs ppp[17136]: tun0: Phase: deflink: lcp -> logout Jan 20 23:30:04 gullabs ppp[17136]: tun0: Phase: deflink: logout -> hangup Jan 20 23:30:04 gullabs ppp[17136]: tun0: Phase: deflink: Disconnected! Jan 20 23:30:04 gullabs ppp[17136]: tun0: Phase: deflink: Connect time: 16 secs: 0 octets in, 270 octets out Jan 20 23:30:04 gullabs ppp[17136]: tun0: Phase: deflink: 102 packets in, 3629 packets out Jan 20 23:30:04 gullabs ppp[17136]: tun0: Phase: total 16 bytes/sec, peak 21 bytes/sec on Tue Jan 20 23:29:52 2009 Jan 20 23:30:04 gullabs ppp[17136]: tun0: Phase: deflink: HUPing 25768 Jan 20 23:30:04 gullabs ppp[17136]: tun0: Phase: deflink: hangup -> opening Jan 20 23:30:04 gullabs ppp[17136]: tun0: Phase: deflink: Enter pause (3) for redialing. Thanks
Re: Issue with the keep state statment
"Rioux, Christophe" writes: > => the 2 other rules will be no more used because of the keep state > > What is the alternativ to remake some like before the migration ? no state, see pf.conf(5) -- Guillaume Pinot http://www.irccyn.ec-nantes.fr/~pinot/ ``Computers are good at following instructions, but not at reading your mind.'' -- Donald E. Knuth, the TeXbook () ASCII ribbon campaign -- Against HTML e-mail /\ http://www.asciiribbon.org -- Against proprietary attachments
Re: sandisk cruzer usb pen-drives with hotplugd
hmm, on Tue, Jan 20, 2009 at 03:20:53PM -0500, Brynet said that > http://www.u3.com/uninstall/ thanks for the tip, the cd* device is gone :] i wish i knew that before. anyone knows how this utility works? i really thoght this was hw based! and can anyone still with the U3 stuff reproduce the machine crashes i have been seeing with hotplugd but not able to reproduce every time? -f -- when in doubt stop thinking and all doubt will go away.
Re: sandisk cruzer usb pen-drives with hotplugd
It's hard to find a USB drive that doesn't have that U3 nonsense, you'll need to find a friend that has a Windows or Mac system to get rid of it. http://www.u3.com/uninstall/ -Brynet
Re: sandisk cruzer usb pen-drives with hotplugd
here's the dmesg for this cruzer: umass2 at uhub0 port 4 configuration 1 interface 0 "SanDisk Corporation U3 Cruzer Micro" rev 2.00/0.10 addr 4 umass2: using SCSI over Bulk-Only scsibus2 at umass2: 2 targets, initiator 0 sd2 at scsibus2 targ 1 lun 0: SCSI2 0/direct removable sd2: 3912MB, 512 bytes/sec, 8013453 sec total cd0 at scsibus2 targ 1 lun 1: SCSI2 5/cdrom removable this of course is not only openbsd specific, it shows up as two options also in the boot selector on both my notebooks that can boot off of usb devices. on my eeepc cd* is 2nd after sd* in the boot menu, on my msi notebook the other way around... $ sudo fdisk cd0 Disk: cd0 geometry: 36/1/100 [3584 2048-byte Sectors] Offset: 0 Signature: 0x0 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] --- 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused $ sudo disklabel cd0 # /dev/rcd0c: type: SCSI disk: U3 System label: flags: bytes/sector: 2048 sectors/track: 100 tracks/cylinder: 1 sectors/cylinder: 100 cylinders: 36 total sectors: 3584 rpm: 300 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 3 partitions: #size offset fstype [fsize bsize cpg] a: 35840 ISO9660 c: 35840 ISO9660 looks like a definite abomination... why does disklabel say 3 partitions? -f -- every silver lining has a cloud.
Re: Router ping one way only
What happens when you ping from the OpenBSD router? Does any of the other equipment reply? The Ubuntu machine's firewall settings can be seen by running 'sudo iptables -L -v -n'. Are you sure it doesn't block incoming ICMP requests? Martin
Re: OpenBSD 4.4 pf+vlan+bridge problem
Quoting Stuart Henderson : On 2009-01-20, Guido Tschakert wrote: first thing: I do not have any experience with multicast traffic. But what you have build seems very strange to me. First you use vlan to separate the networks an then you put them alltogether with a bridge. I do not see the use of the vlans. It can indeed be useful to do this, even without multicast traffic in the equation. You might want to filter traffic between machines in the same subnet, and this is a way you can do it. Key Aavoja schrieb: PF config: block out on bnx1 all block out on vlan1100 all block out on vlan1101 all block out on vlan1102 all block out on vlan1103 all block out on vlan1104 all block out on vlan1105 all block out on vlan1106 all block out on vlan1107 all block out on vlan1108 all pass out quick on vlan1101 proto udp from any to 239.16.1.1 pass out quick on vlan1102 proto udp from any to 239.16.1.2 pass out quick on vlan1103 proto udp from any to 239.16.1.3 Wishful thinking, what the result should be: All multicast streams are available on vlan1100 and recieved via "bnx0/vlan1100". Bridge should stream the multicast packets to what ever vlan - its the place where pf should help. Stream: 239.16.1.1 should be available only on vlan1101, and 239.16.1.2 avialable on vlan1102 and so on. . Real Result: Stream 239.16.1.1 is available on all three vlans: 11101,1102,1103 - same thing happens with other two streams (239.16.1.2, 239.16.1.3) It's really weird what's going on or did I understood something wrong and configuration is not correct? you should check the simple things first. - is PF enabled? pfctl -si PF is enabled, btw removing the last three rules the whole mcast traffic is diabled - for testing I have 10 streams as input but trying to allow only three. - is the ruleset loaded correctly? pfctl -sr yes this command shows that all rules are loaded - does it correctly block ordinary non-multicast traffic between the vlans? if you did indeed include your whole PF config in your email, only that particular multicast traffic should pass between the vlans, everything else should be blocked. I pasted here 100% of pf config, this non-multicast traffic needs to be tested, tomorrow I will do that. you might have already done this, but if you did, you should have mentioned in your email what you checked. with a routed (not bridged) environment, PF is able to control multicast traffic in either direction (I just tried). from my reading of if_bridge.c, on a bridge, pf filtering for multicast frames only happens _inbound_. multicast frames sent _out_ through a bridge are not subject to the outbound PF filter rules. bridge MAC filter rules _are_ applied outbound for multicast frames, I haven't tested but I think that will give you a way you can restrict this traffic.
Router ping one way only
I have had to repost this due to formatting on last post. Hi, I have an openbsd router running pf. Using a 'pass all' rule set. pass in log all keep state pass out log all keep state I manage to ping one way! But not the other. I originally had a wireless laptop running vista on 172.0.0.6, trying to ping Server 2003 on 192.168.0.4. default Gateways set in both these machines to: Laptop: 172.16.0.254 (router em0) Server 2003: 192.168.0.254 (router rl0) I thought it was the Server preventing pings even though windows firewall service was off, so tried a Ubuntu machine, same problem. Output from pinging from laptop to ubuntu: # tcpdump -n -e -ttt -i pflog0 tcpdump: listening on pflog0, link-type PFLOG Jan 20 09:00:34.514535 rule 0/(match) pass in on em0: 172.16.0.6 > 192.168.0.10: icmp: echo request Jan 20 09:00:34.514551 rule 1/(match) pass out on rl0: 172.16.0.6 > 192.168.0.10: icmp: echo request ^C 2 packets received by filter 0 packets dropped by kernel This ping does not work from linux ubuntu to laptop: # tcpdump -n -e -ttt -i pflog0 tcpdump: listening on pflog0, link-type PFLOG Jan 20 09:00:46.735139 rule 0/(match) pass in on rl0: 192.168.0.10 > 172.16.0.6: icmp: echo request (DF) Jan 20 09:00:46.735156 rule 1/(match) pass out on em0: 192.168.0.10 > 172.16.0.6: icmp: echo request (DF) ^C 2 packets received by filter 0 packets dropped by kernel I wonder if it is a static route issue on the client? Or is it a static route issue on the router? I added "route add default gw 192.168.0.254" on ubuntu and also "route add -net 172.16.0.0 mask 255.255.255.0 gw 192.168.0.254" Not sure what I am doing wrong. Can anyone help me? Thanks my net diagram: clients(laptop wireless) <->172.16.0.0 /24<--- hub ---> openbsd router < hub > 192.168.0.0 /24-- client (ubuntu or server 2003) -- View this message in context: http://www.nabble.com/Router-ping-one-way-only-tp21569634p21569634.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: OpenBSD 4.4 pf+vlan+bridge problem
Quoting Guido Tschakert : Key Aavoja schrieb: Hello, Hello, first thing: I do not have any experience with multicast traffic. But what you have build seems very strange to me. First you use vlan to separate the networks an then you put them alltogether with a bridge. I do not see the use of the vlans. Its needed because all those streams are already on one vlan, but its really needed to "extract" address based. Its the best way to put different streams on different vlans (using cisco switch is not a very good idea for this task, because some limitations, but its out of current topic). Wouldn't it be better to not use the bridge and use (multicast-)routing and pf to solve your problem? Multicast routing with "dvrmpd" is tested with pf, does not work. the same thing happens, if streamX is allowed to pass out on vlanX and streamY is allowed to pass out on vlanY, result is pretty similar: vlanX outputs both streams (streamX, streamY) and the same thing with vlanY. pf is not 100% percent multicast compat.? As I said, I have no experience with multicast traffic, but that is how I would start digging. guido I have a problem with pf+bridge+vlan (multicast traffic) and I googled a lot, read the manuals and so on - no help. Finally I posted on wrong place :( sorry. Hopefully this time I'm writing to right place. Following setup is made for multicast traffic separation from one lan to multiple vlans. Setup: Two physical interfaces bnx0 bnx1 interfaces bnx0 and bnx1 has vlans: bnx0 vlan1100 bnx1 vlan1101 vlan1102 vlan1103 vlan1104 vlan1105 vlan1106 vlan1107 vlan1108 Bridge setup: bridge0 has all vlans as bridge members (vlan1100, vlan1101 ... vlan1108) PF config: block out on bnx1 all block out on vlan1100 all block out on vlan1101 all block out on vlan1102 all block out on vlan1103 all block out on vlan1104 all block out on vlan1105 all block out on vlan1106 all block out on vlan1107 all block out on vlan1108 all pass out quick on vlan1101 proto udp from any to 239.16.1.1 pass out quick on vlan1102 proto udp from any to 239.16.1.2 pass out quick on vlan1103 proto udp from any to 239.16.1.3 Wishful thinking, what the result should be: All multicast streams are available on vlan1100 and recieved via "bnx0/vlan1100". Bridge should stream the multicast packets to what ever vlan - its the place where pf should help. Stream: 239.16.1.1 should be available only on vlan1101, and 239.16.1.2 avialable on vlan1102 and so on. . Real Result: Stream 239.16.1.1 is available on all three vlans: 11101,1102,1103 - same thing happens with other two streams (239.16.1.2, 239.16.1.3) It's really weird what's going on or did I understood something wrong and configuration is not correct? Thank you. -
Re: sandisk cruzer usb pen-drives with hotplugd
On Tue, 20 Jan 2009 18:37:11 +0100 frantisek holop wrote: > hi there, > > the sandisk cruzer line of pen-drives (i have a 4G) > are U3 smart pen-drives that have a hidden partition > or whatever it is: www.u3.com . > > in openbsd it comes up as cd* besides the sd* part. > i had no luck mounting it or using it in any way. > IIRC in windows it comes up as a separate drive letter. > > in some cases after inserting this pen-drive it > makes hotplugd run in circles and if left there > it brings down the whole machine. > > has anybody experinced something similar? > i imagine it's quite a common pen-drive. > > -f U3... Yes, too many sticks have that "feature". First step after unpacking it is to erase the U3 stuff. They have a prog for that on their site. * After that its just a plain drive and you even get some megs of extra space. As i dont use those drives with U3 still on it, i have no idea why OpenBSD might get hickups. - Robert (* Windows software, usually not too hard to find one can use for that once of wipe. Also a chance to lecture ppl on turing off autorun.)
Re: Sending email in Apache chroot?
* Sunnz [2009-01-20 17:48]: > Ok so I have copied /etc/resolv.conf to /var/www/etc/... > > Now it says: > > femail: rcpt to chr...@civicquire.net refused by server "refused by server" not enough of a hint? -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: Annoying sounds with auvia and mpd
On Tue, Jan 20, 2009 at 11:08:30AM +, Jacob Meuser wrote: > sorry for the delay. can you see if this fixes the problem? > > something of a guess, but the addition of S/PDIF support is the only > change that fits the timeline of when it was working and when > the problem started. (and if you look at ac97.c just a few lines down > from this patch, you'll see the XXX-is-this-right? comment I added > when bringing in S/PDIF support from NetBSD ...) Yep, I see the comment, and I agree that it sure sounds like something that could cause the problem that I experience. My off-list reply to Jacob: Hi and thanks for remembering me :-) Unfortunately, it does not fix the problem. I'm still able to reproduce the faulty situation (high pitched noise together with the music, continueing after the music has been stopped) using mpd and mplayer. Martin
sandisk cruzer usb pen-drives with hotplugd
hi there, the sandisk cruzer line of pen-drives (i have a 4G) are U3 smart pen-drives that have a hidden partition or whatever it is: www.u3.com . in openbsd it comes up as cd* besides the sd* part. i had no luck mounting it or using it in any way. IIRC in windows it comes up as a separate drive letter. in some cases after inserting this pen-drive it makes hotplugd run in circles and if left there it brings down the whole machine. has anybody experinced something similar? i imagine it's quite a common pen-drive. -f -- dum spiro spero -- as long as i breathe i hope
Re: OpenBSD 4.4 load balance outgoing
> Hi, > > I need a help to configure an openBSD server to load balance and > failover internet connection. > I have 2 connections to the internet. > I followed http://www.openbsd.org/faq/pf/pools.html#outgoing but i > didn4t get it working. > I added both routes with: > route add -mpath default 200.162.41.33 > route add -mpath default 189.57.43.1 > > > > > My confs are: > > # cat sysctl.conf |grep inet > net.inet.ip.forwarding=1# 1=Permit forwarding (routing) of > IPv4 packets > net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of > IPv4 multicast packets > net.inet.ip.multipath=1 # 1=Enable IP multipath routing > #net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of > IPv6 packets > #net.inet6.ip6.mforwarding=1# 1=Permit forwarding (routing) of > IPv6 multicast packets > #net.inet6.ip6.multipath=1 # 1=Enable IPv6 multipath routing > #net.inet6.ip6.accept_rtadv=1 # 1=Permit IPv6 autoconf (forwarding > must be 0) > #net.inet.tcp.rfc1323=0 # 0=Disable TCP RFC1323 extensions > (for if tcp is slow) > #net.inet.tcp.rfc3390=0 # 0=Disable RFC3390 for TCP window > increasing #net.inet.esp.enable=0 # 0=Disable the ESP IPsec > protocol #net.inet.ah.enable=0 # 0=Disable the AH IPsec > protocol #net.inet.esp.udpencap=0# 0=Disable ESP-in-UDP > encapsulation #net.inet.ipcomp.enable=1 # 1=Enable the IPCOMP > protocol #net.inet.etherip.allow=1 # 1=Enable the > Ethernet-over-IP protocol #net.inet.tcp.ecn=1 # 1=Enable > the TCP ECN extension net.inet.carp.preempt=1 # 1=Enable carp(4) > preemption net.inet.carp.log=1 # 1=Enable logging of > carp(4) packets #net.inet.ip.mtudisc=0 # 0=Disable tcp mtu > discovery # > > # cat /etc/mygate > # > > # cat /etc/pf.conf > lan_net = "10.10.20.0/24" > int_if = "vic0" > ext_if1 = "vic2" > ext_if2 = "vic3" > ext_gw1 = "189.57.43.1" > ext_gw2 = "200.162.41.33" > > # nat outgoing connections on each internet interface > nat on $ext_if1 from $lan_net to any -> ($ext_if1) > nat on $ext_if2 from $lan_net to any -> ($ext_if2) > > # default deny > #block in from any to any > #block out from any to any > > # pass all outgoing packets on internal interface > pass out on $int_if from any to $lan_net > # pass in quick any packets destined for the gateway itself > pass in quick on $int_if from $lan_net to $int_if > # load balance outgoing tcp traffic from internal network. > pass in on $int_if route-to \ > { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ > proto tcp from $lan_net to any flags S/SA modulate state > # load balance outgoing udp and icmp traffic from internal network > pass in on $int_if route-to \ > { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ > proto { udp, icmp } from $lan_net to any keep state > > # general "pass out" rules for external interfaces > pass out on $ext_if1 proto tcp from any to any flags S/SA modulate > state pass out on $ext_if1 proto { udp, icmp } from any to any keep > state pass out on $ext_if2 proto tcp from any to any flags S/SA > modulate state pass out on $ext_if2 proto { udp, icmp } from any to > any keep state > > # route packets from any IPs on $ext_if1 to $ext_gw1 and the same for > # $ext_if2 and $ext_gw2 > pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any > pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any > # > > I am able to surf at internet from my 10.10.20.0/24 machines, but > when i turn off vic3 my users lost connection. > It seems it4s using as default route the route i added first. > > Help me plz. Hi, as the FAQ http://www.openbsd.org/faq/faq6.html#Multipath states: "It's worth noting that if an interface used by a multipath route goes down (i.e., loses carrier), the kernel will still try to forward packets using the route that points to that interface. This traffic will of course be blackholed and end up going nowhere. It's highly recommended to use ifstated(8) to check for unavailable interfaces and adjust the routing table accordingly." So use ifstated to check the link of the interface and populate the routing table accordingly. Regards Uwe
Re: Sending email in Apache chroot?
Sunnz wrote: I also tried the following: `chroot -g www -u www / /var/www/bin/femail -t -i m...@myaddress.com` works, but Setting the chroot to '/'? I don't think that does anything. `chroot -g www -u www /var/www/ /bin/femail -t -i m...@myaddress.com` doesn't work, it says: femail: non-recoverable failure in name resolution I run out of ideas now, what needs to be done? What files might be used in name resolution on the system, that aren't in /var/www? Maybe... /etc/resolv.conf? -- Matthew Weigel hacker unique & idempot . ent
Re: OpenBSD 4.4 load balance outgoing
On Tue, Jan 20, 2009 at 03:04:36PM -0200, Ricardo Augusto de Souza wrote: > Hi, > > I need a help to configure an openBSD server to load balance and failover > internet connection. > I have 2 connections to the internet. > I followed http://www.openbsd.org/faq/pf/pools.html#outgoing but i didn4t get > it working. > I added both routes with: > route add -mpath default 200.162.41.33 > route add -mpath default 189.57.43.1 > > There was a nasty bug in the multipath code that got fixed a few weeks ago. If possible try -current. -- :wq Claudio
Re: Sending email in Apache chroot?
On Wed, 21 Jan 2009, Sunnz wrote: > I have set up mail and femail and they both works, just not in a chroot. > Remember that the chroot must provide *ALL* services required by the app, including things like DNS. Is your resolv.conf present in /etc of your chroot? Can you chroot from the command line and use network services? Lee
OpenBSD 4.4 load balance outgoing
Hi, I need a help to configure an openBSD server to load balance and failover internet connection. I have 2 connections to the internet. I followed http://www.openbsd.org/faq/pf/pools.html#outgoing but i didn4t get it working. I added both routes with: route add -mpath default 200.162.41.33 route add -mpath default 189.57.43.1 My confs are: # cat sysctl.conf |grep inet net.inet.ip.forwarding=1# 1=Permit forwarding (routing) of IPv4 packets net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of IPv4 multicast packets net.inet.ip.multipath=1 # 1=Enable IP multipath routing #net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of IPv6 packets #net.inet6.ip6.mforwarding=1# 1=Permit forwarding (routing) of IPv6 multicast packets #net.inet6.ip6.multipath=1 # 1=Enable IPv6 multipath routing #net.inet6.ip6.accept_rtadv=1 # 1=Permit IPv6 autoconf (forwarding must be 0) #net.inet.tcp.rfc1323=0 # 0=Disable TCP RFC1323 extensions (for if tcp is slow) #net.inet.tcp.rfc3390=0 # 0=Disable RFC3390 for TCP window increasing #net.inet.esp.enable=0 # 0=Disable the ESP IPsec protocol #net.inet.ah.enable=0 # 0=Disable the AH IPsec protocol #net.inet.esp.udpencap=0# 0=Disable ESP-in-UDP encapsulation #net.inet.ipcomp.enable=1 # 1=Enable the IPCOMP protocol #net.inet.etherip.allow=1 # 1=Enable the Ethernet-over-IP protocol #net.inet.tcp.ecn=1 # 1=Enable the TCP ECN extension net.inet.carp.preempt=1 # 1=Enable carp(4) preemption net.inet.carp.log=1 # 1=Enable logging of carp(4) packets #net.inet.ip.mtudisc=0 # 0=Disable tcp mtu discovery # # cat /etc/mygate # # cat /etc/pf.conf lan_net = "10.10.20.0/24" int_if = "vic0" ext_if1 = "vic2" ext_if2 = "vic3" ext_gw1 = "189.57.43.1" ext_gw2 = "200.162.41.33" # nat outgoing connections on each internet interface nat on $ext_if1 from $lan_net to any -> ($ext_if1) nat on $ext_if2 from $lan_net to any -> ($ext_if2) # default deny #block in from any to any #block out from any to any # pass all outgoing packets on internal interface pass out on $int_if from any to $lan_net # pass in quick any packets destined for the gateway itself pass in quick on $int_if from $lan_net to $int_if # load balance outgoing tcp traffic from internal network. pass in on $int_if route-to \ { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto tcp from $lan_net to any flags S/SA modulate state # load balance outgoing udp and icmp traffic from internal network pass in on $int_if route-to \ { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto { udp, icmp } from $lan_net to any keep state # general "pass out" rules for external interfaces pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state pass out on $ext_if1 proto { udp, icmp } from any to any keep state pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state pass out on $ext_if2 proto { udp, icmp } from any to any keep state # route packets from any IPs on $ext_if1 to $ext_gw1 and the same for # $ext_if2 and $ext_gw2 pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any # I am able to surf at internet from my 10.10.20.0/24 machines, but when i turn off vic3 my users lost connection. It seems it4s using as default route the route i added first. Help me plz. OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 3.20GHz ("GenuineIntel" 686-class) 3.24 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,DS-CPL real mem = 536375296 (511MB) avail mem = 510218240 (486MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 04/17/06, BIOS32 rev. 0 @ 0xfd880, SMBIOS rev. 2.31 @ 0xe0010 (45 entries) bios0: vendor Phoenix Technologies LTD version "6.00" date 04/17/2006 bios0: VMware, Inc. VMware Virtual Platform apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries) pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371FB ISA" rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1000 0xca000/0x1000 0xcb000/0x1000 0xdc000/0x4000! 0xe/0x4000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01 ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x01 pci1 at ppb0 bus 1 piixpcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08 pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA,
Re: Sending email in Apache chroot?
2009/1/21 Sunnz : > > I am also trying mini-sendmail-chroot. > > `chroot -g www -u www /var/www/ /bin/mini_sendmail -t -i m...@myaddress.com` > > Does actually work but in PHP still doesn't. And I have updated > sendmail_path in php.ini. > Err this is so weird... now it doesn't work any more even on the command line, mini_sendmail now says /bin/mini_sendmail: unexpected response 550 to RCPT TO command when I run that command. -- This e-mail may be confidential. You may not copy, forward or use any part. Note that all disclaimers on the Internet are of zero legal effectiveness however. http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Sending email in Apache chroot?
2009/1/21 Joe Barnett : > > Many moons ago I had the same situation with mini-sendmail-chroot. > Installing mail (?) and sh in the chroot seemed to clear everything > up--though I am not sure if that is the optimal solution. I am also trying mini-sendmail-chroot. `chroot -g www -u www /var/www/ /bin/mini_sendmail -t -i m...@myaddress.com` Does actually work but in PHP still doesn't. And I have updated sendmail_path in php.ini. -- This e-mail may be confidential. You may not copy, forward or use any part. Note that all disclaimers on the Internet are of zero legal effectiveness however. http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Sending email in Apache chroot?
Ok so I have copied /etc/resolv.conf to /var/www/etc/... Now it says: femail: rcpt to chr...@civicquire.net refused by server
Re: Sending email in Apache chroot?
Sunnz wrote: > I have set up mail and femail and they both works, just not in a chroot. > > Basically I can do `mail m...@myaddress.com` or `/var/www/bin/femail > m...@myaddress.com` and both of then successfully sent an email to > myself. > > But it doesn't work with Apache in the chroot. I was using a PHP script. > > femail-chroot is installed by pkg_add -iv femail-chroot. > > I also tried the following: > > `chroot -g www -u www / /var/www/bin/femail -t -i m...@myaddress.com` works, > but > > `chroot -g www -u www /var/www/ /bin/femail -t -i m...@myaddress.com` > doesn't work, it says: > > femail: non-recoverable failure in name resolution > > I run out of ideas now, what needs to be done? > Many moons ago I had the same situation with mini-sendmail-chroot. Installing mail (?) and sh in the chroot seemed to clear everything up--though I am not sure if that is the optimal solution. -- Joe Barnett joe.barn...@mr72.com http://www.mr72.com/ 623.670.1326
Re: Sending email in Apache chroot?
On Wed, 21 Jan 2009 03:10:07 +1100 Sunnz wrote: > I have set up mail and femail and they both works, just not in a > chroot. > > Basically I can do `mail m...@myaddress.com` or `/var/www/bin/femail > m...@myaddress.com` and both of then successfully sent an email to > myself. > > But it doesn't work with Apache in the chroot. I was using a PHP > script. > > femail-chroot is installed by pkg_add -iv femail-chroot. > > I also tried the following: > > `chroot -g www -u www / /var/www/bin/femail -t -i m...@myaddress.com` > works, but > > `chroot -g www -u www /var/www/ /bin/femail -t -i m...@myaddress.com` > doesn't work, it says: > > femail: non-recoverable failure in name resolution > > I run out of ideas now, what needs to be done? > Missing /var/www/etc/resolv.conf ? - Robert
Sending email in Apache chroot?
I have set up mail and femail and they both works, just not in a chroot. Basically I can do `mail m...@myaddress.com` or `/var/www/bin/femail m...@myaddress.com` and both of then successfully sent an email to myself. But it doesn't work with Apache in the chroot. I was using a PHP script. femail-chroot is installed by pkg_add -iv femail-chroot. I also tried the following: `chroot -g www -u www / /var/www/bin/femail -t -i m...@myaddress.com` works, but `chroot -g www -u www /var/www/ /bin/femail -t -i m...@myaddress.com` doesn't work, it says: femail: non-recoverable failure in name resolution I run out of ideas now, what needs to be done? -- This e-mail may be confidential. You may not copy, forward or use any part. Note that all disclaimers on the Internet are of zero legal effectiveness however. http://www.goldmark.org/jeff/stupid-disclaimers/
Gilles : Call for Donations...
In case the community hasn't already noticed or been made aware of. Gilles requires funds (900 Euro) to buy himself a decent desktop computer. Gilles initiated and works on the new SMTPd code. To cross check, his site is at http://www.poolp.org/~gilles/ Please donate via paypal: gil...@poolp.org ~Mayuresh http://mayuresh.kathe.in/
Re: Router pf one way ping
On Tue, Jan 20, 2009 at 01:59:52PM +, someone wrote: > > Rules? You mean this? > > >pass in log all keep state > >pass out log all keep state > > Formatting got screwed up when i posted Seriously, trim your From: address. And your formatting is still terrible. I couldn't read most of your original post or your off-list reply. I was going to ask you to post the rest of your information (sysctl settings, ifconfig, etc) but I don't think I'll be able to read it anyways. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
Re: Router pf one way ping
On Tue, Jan 20, 2009 at 11:21:37AM +, someone wrote: > Hi, > I have an openbsd router running pf. Using a 'pass all' rule set. > pass in log all keep state pass out log all keep state > I manage to ping one way! But not the other. > I originally had a wireless laptop running vista on 172.0.0.6, trying to ping > Server 2003 on 192.168.0.4. > default Gateways set in both these machines to: > Laptop: 172.16.0.254 (router em0) > Server 2003: 192.168.0.254 (router rl0) > > I thought it was the Server preventing pings even though windows firewall > service was off, so tried a Ubuntu machine, same > problem. ... snip useless stuff ... > Can anyone help me? Possibly, when you post your ruleset. P.S. And trim your From: line. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
Issue with the keep state statment
Hi I read in the manual, that since the 4.1 version, the keep state rule is automatically set to keep state. Before migrating to 4.4, I had the 3.9 and with following configuration: Internet1 | OpenBsd (Internal)| --- Server Internet2 | On the interface of the internet1 I have the ! default route !; but some traffic coming from every where in the world is coming from Internet2 interface to the server So I had in my pf.conf following configuration: pass in on internet2from any to server port NNN pass in on internal from any to server port NNN pass out on internal route-to (If2 internelGW2) from server port NNNto any pass out on internet2 from If2port NNNto any With the migration to 4.4 the result is: pass in on internet2from any to server port NNN keep state pass in on internal from any to server port NNN keep state => the 2 other rules will be no more used because of the keep state What is the alternativ to remake some like before the migration ? Thanks for reply Christophe
Re: net5501 crypto driver
1.15 should just work fine in stable. -m On Tue, Jan 20, 2009 at 12:19:34PM +0100, Christoph Leser wrote: > As described in > http://kerneltrap.org/mailarchive/openbsd-misc/2008/9/22/3364064 > there is a problem with the driver for the AMD Geode LX series processor > security block for openBSD 4.4 ( glxsb.c ). > > This has been fixed in version 1.15 of this file, but this fix has not > been committed to 4.4. stable ( still on 1.14 ). > > Is it ok to use 1.15 with 4.4 stable or do I have to switch to current > inorder to use this patch. > > Regards > > Christoph
Re: OpenBSD 4.4 pf+vlan+bridge problem
On 2009-01-20, Guido Tschakert wrote: > first thing: I do not have any experience with multicast traffic. > But what you have build seems very strange to me. First you use vlan to > separate the networks an then you put them alltogether with a bridge. > I do not see the use of the vlans. It can indeed be useful to do this, even without multicast traffic in the equation. You might want to filter traffic between machines in the same subnet, and this is a way you can do it. > Key Aavoja schrieb: >> PF config: >> >> block out on bnx1 all >> block out on vlan1100 all >> block out on vlan1101 all >> block out on vlan1102 all >> block out on vlan1103 all >> block out on vlan1104 all >> block out on vlan1105 all >> block out on vlan1106 all >> block out on vlan1107 all >> block out on vlan1108 all >> pass out quick on vlan1101 proto udp from any to 239.16.1.1 >> pass out quick on vlan1102 proto udp from any to 239.16.1.2 >> pass out quick on vlan1103 proto udp from any to 239.16.1.3 >> >> Wishful thinking, what the result should be: >> >> All multicast streams are available on vlan1100 and recieved via >> "bnx0/vlan1100". Bridge should stream the multicast packets to what >> ever vlan - its the place where pf should help. Stream: 239.16.1.1 >> should be available only on vlan1101, and 239.16.1.2 avialable on >> vlan1102 and so on. >> . >> >> Real Result: >> Stream 239.16.1.1 is available on all three vlans: 11101,1102,1103 - >> same thing happens with other two streams (239.16.1.2, 239.16.1.3) >> >> It's really weird what's going on or did I understood something wrong >> and configuration is not correct? you should check the simple things first. - is PF enabled? pfctl -si - is the ruleset loaded correctly? pfctl -sr - does it correctly block ordinary non-multicast traffic between the vlans? if you did indeed include your whole PF config in your email, only that particular multicast traffic should pass between the vlans, everything else should be blocked. you might have already done this, but if you did, you should have mentioned in your email what you checked. with a routed (not bridged) environment, PF is able to control multicast traffic in either direction (I just tried). from my reading of if_bridge.c, on a bridge, pf filtering for multicast frames only happens _inbound_. multicast frames sent _out_ through a bridge are not subject to the outbound PF filter rules. bridge MAC filter rules _are_ applied outbound for multicast frames, I haven't tested but I think that will give you a way you can restrict this traffic.
Router pf one way ping
Hi, I have an openbsd router running pf. Using a 'pass all' rule set. pass in log all keep state pass out log all keep state I manage to ping one way! But not the other. I originally had a wireless laptop running vista on 172.0.0.6, trying to ping Server 2003 on 192.168.0.4. default Gateways set in both these machines to: Laptop: 172.16.0.254 (router em0) Server 2003: 192.168.0.254 (router rl0) I thought it was the Server preventing pings even though windows firewall service was off, so tried a Ubuntu machine, same problem. Output from pinging from laptop to ubuntu: # tcpdump -n -e -ttt -i pflog0 tcpdump: listening on pflog0, link-type PFLOG Jan 20 09:00:34.514535 rule 0/(match) pass in on em0: 172.16.0.6 > 192.168.0.10: icmp: echo request Jan 20 09:00:34.514551 rule 1/(match) pass out on rl0: 172.16.0.6 > 192.168.0.10: icmp: echo request 2 packets received by filter 0 packets dropped by kernel This ping does not work from linux ubuntu to laptop: # tcpdump -n -e -ttt -i pflog0 tcpdump: listening on pflog0, link-type PFLOG Jan 20 09:00:46.735139 rule 0/(match) pass in on rl0: 192.168.0.10 > 172.16.0.6: icmp: echo request (DF) Jan 20 09:00:46.735156 rule 1/(match) pass out on em0: 192.168.0.10 > 172.16.0.6: icmp: echo request (DF) 2 packets received by filter 0 packets dropped by kernel I wonder if it is a static route issue on the client? Or is it a static route issue on the router? I added "route add default gw 192.168.0.254" on ubuntu and also "route add -net 172.16.0.0 mask 255.255.255.0 gw 192.168.0.254" Not sure what I am doing wrong. Can anyone help me? Thanks my net diagram: clients(laptop wireless) <->172.16.0.0 /24<--- hub ---> openbsd router < hub > 192.168.0.0 /24-- client (ubuntu or server 2003) _ Imagine a life without walls. See the possibilities http://clk.atdmt.com/UKM/go/122465943/direct/01/
net5501 crypto driver
As described in http://kerneltrap.org/mailarchive/openbsd-misc/2008/9/22/3364064 there is a problem with the driver for the AMD Geode LX series processor security block for openBSD 4.4 ( glxsb.c ). This has been fixed in version 1.15 of this file, but this fix has not been committed to 4.4. stable ( still on 1.14 ). Is it ok to use 1.15 with 4.4 stable or do I have to switch to current inorder to use this patch. Regards Christoph
Re: Annoying sounds with auvia and mpd
On Sun, Dec 14, 2008 at 06:09:24PM +0100, Martin Toft wrote: > A small follow-up: > > The problem only occurs when opening the audio device. If I queue a > number of tracks in mpd's playlist and let it play, then it does not > suddenly start making noise from one track to the next. It only happens > when I manually start a track (and only sometimes). I suspect that mpd > does not close the audio device between tracks if it is playing from its > playlist, and that is probably why the problem does not occur in that > setting. > > Martin > sorry for the delay. can you see if this fixes the problem? something of a guess, but the addition of S/PDIF support is the only change that fits the timeline of when it was working and when the problem started. (and if you look at ac97.c just a few lines down from this patch, you'll see the XXX-is-this-right? comment I added when bringing in S/PDIF support from NetBSD ...) -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org Index: ac97.c === RCS file: /home2/cvs/OpenBSD/src/sys/dev/ic/ac97.c,v retrieving revision 1.70 diff -u -r1.70 ac97.c --- ac97.c 23 Oct 2008 21:50:01 - 1.70 +++ ac97.c 19 Jan 2009 10:07:44 - @@ -878,6 +878,13 @@ as->ac97_clock = AC97_STANDARD_CLOCK; ac97_read(as, AC97_REG_EXT_AUDIO_ID, &as->ext_id); + + /* This VIA codec doesn't like the way we enable S/PDIF, so +* pretend it doesn't have S/PDIF capabilities. +*/ + if (id == 56494182) + as->ext_id &= ~(AC97_EXT_AUDIO_SPDIF); + if (as->ext_id & (AC97_EXT_AUDIO_VRA | AC97_EXT_AUDIO_DRA | AC97_EXT_AUDIO_SPDIF | AC97_EXT_AUDIO_VRM | AC97_EXT_AUDIO_CDAC | AC97_EXT_AUDIO_SDAC
Re: Port ZFS to OpenBSD
On Mon, Jan 19, 2009 at 08:45:05PM -0800, Joe S wrote: > It's clear there will be no ZFS in OpenBSD. It's not a priority of the > developers. "ZFS-like" functionality could be added to softraid. This would be more realistic. -- Best Regards Edd Barrett (Freelance software developer / technical writer / open-source developer) http://students.dec.bmth.ac.uk/ebarrett
Re: OpenBSD 4.4 pf+vlan+bridge problem
Key Aavoja schrieb: > Hello, > Hello, first thing: I do not have any experience with multicast traffic. But what you have build seems very strange to me. First you use vlan to separate the networks an then you put them alltogether with a bridge. I do not see the use of the vlans. Wouldn't it be better to not use the bridge and use (multicast-)routing and pf to solve your problem? As I said, I have no experience with multicast traffic, but that is how I would start digging. guido > I have a problem with pf+bridge+vlan (multicast traffic) and I googled > a lot, read the manuals and so on - no help. Finally I posted on wrong > place :( sorry. > > Hopefully this time I'm writing to right place. > > > Following setup is made for multicast traffic separation from one lan > to multiple vlans. > > Setup: > > Two physical interfaces > > bnx0 > bnx1 > > interfaces bnx0 and bnx1 has vlans: > > bnx0 > vlan1100 > bnx1 > vlan1101 > vlan1102 > vlan1103 > vlan1104 > vlan1105 > vlan1106 > vlan1107 > vlan1108 > > Bridge setup: bridge0 has all vlans as bridge members (vlan1100, > vlan1101 ... vlan1108) > > PF config: > > block out on bnx1 all > block out on vlan1100 all > block out on vlan1101 all > block out on vlan1102 all > block out on vlan1103 all > block out on vlan1104 all > block out on vlan1105 all > block out on vlan1106 all > block out on vlan1107 all > block out on vlan1108 all > pass out quick on vlan1101 proto udp from any to 239.16.1.1 > pass out quick on vlan1102 proto udp from any to 239.16.1.2 > pass out quick on vlan1103 proto udp from any to 239.16.1.3 > > Wishful thinking, what the result should be: > > All multicast streams are available on vlan1100 and recieved via > "bnx0/vlan1100". Bridge should stream the multicast packets to what > ever vlan - its the place where pf should help. Stream: 239.16.1.1 > should be available only on vlan1101, and 239.16.1.2 avialable on > vlan1102 and so on. > . > > Real Result: > Stream 239.16.1.1 is available on all three vlans: 11101,1102,1103 - > same thing happens with other two streams (239.16.1.2, 239.16.1.3) > > It's really weird what's going on or did I understood something wrong > and configuration is not correct? > > Thank you. > -
ser, undefined symbol
Dear list, I've successfully installed the 'ser' package (ser-0.8.10p1) and its dependences with pkg_add, on a 4.4-release. Using a simple config file as described in ser's doc that has been tested on other systems, I get the following kind of errors: # ser D E ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'mem_block' ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'debug' ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'bind_address' ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'log_stderr' ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'port_no' ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'qm_free' ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'insert_new_lump_before' ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'del_lump' ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'dprint' ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'do_action' ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'qm_malloc' ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'parse_headers' ser:/usr/local/lib/ser/modules/rr.so: undefined symbol 'anchor_lump' 0(158) ERROR: load_module: could not open module : Cannot load specified object 0(158) parse error (16,13-46): failed to load module [and so on for each modules] Is there anything I could do to fix that? Thanks for your reply, -AJ ps. sorry to not post on po...@. My mail to majordomo (subscribe) has been greylisted for one hour or so before beeing accepted and then... no news from majordomo for the last 18 hours.