Re: Privoxy lockups
On Fri, Feb 17, 2006 at 08:38:32PM +0100, Michael Frost wrote: Using OpenBSD-v3.8 and v3.9-BETA on i386 together with tor, privoxy stops working alfways after a few minutes up to a few hours. 'Stop working' means either the privoxy process isn't running anymore (so it needs to be restarted) or the process is running but no data stream is managed by privoxy (seen with tcpdump). The trouble maker is definitely privoxy and not tor. Is there anybody out here who can confirm this? Do you know a workaround to handle these lockups? for me, privoxy hangs soon after i try doing any connection through it. i could ``fix'' the problem by enabling ``single-threaded'' in /etc/privoxy/config, so it's apparently a threads issue Juha
Re: slow downloads to gateway
bw_test_512MB:ETA: 1:08 101.21/512.00 MB6.03 MB/s I increased the value to 10 thanks /bkw On 18/02/06, Melameth, Daniel D. [EMAIL PROTECTED] wrote: Bachman Kharazmi wrote: I'm running obsd 3.8 release on my gateway. Two xl nics are installed. The GW does NAT which works very well, All downloads from internet=hosts behind the gw with local IPs goes really fast. But from internet to the GW's harddisk is ~20% of what the LAN hosts speed are through the GW. I know the harddrive on the gw isn't the bottleneck. Are there anything else I should check? You don't really define what slow is, but you might want to try increasing net.inet.tcp.recvspace to start. -- ## BKW - Bachman Kharazmi bahkha AT gmail DOT com uin: #24089491 SWEDEN ##
Workaround if your broadcom nic timed out when disabling ethernet mac
i have EXACTLY the same issue on one of Samsung's notebook. you need to UNPLUG power cord from your PC/notebook BEFORE booting into OpenBSD/NetBSD. see here http://mail-index.netbsd.org/netbsd-bugs/2004/03/25/0005.html Bryan Brake wrote: This annoyance started when I bought a brand-new Dell Inspiron 9300. It comes with a Broadcom 4401 Ethernet NIC. The NIC appeared to initialize, but when I tried to set the interface to UP, the following error message occurs: bce0: timed out when disabling ethernet mac bce0: timed out writing pkt filter ctl bce0: timed out writing pkt filter ctl bce0: timed out writing pkt filter ctl bce0: timed out writing pkt filter ctl bce0: timed out writing pkt filter ctl bce0: timed out writing pkt filter ctl I updated to the latest snapshot (15 Feb), with no luck. I stumbled upon this workaround by accident, as I was angry... I posted my problem to BSDforums, (http://www.bsdforums.com/forums/showthread.php?t=39110) but received no answer, so I am posting this to the list, so that until it is fixed, this can be used as a work around. My system was setup for the NIC to catch an IP via dhcp, so when I get: bce0: no link I logged in and do a quick ifconfig bce0 bce0: flags=8a43UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST mtu 1500 lladdr xx:xx:xx:xx:xx:xx media: Ethernet autoselect (none) status: no carrier inet6 :::::%bce0 prefixlen 64 scopeid 0x1 no carrier, huh? Well, I just used this nic and cable to access my home network on windows XP, so it's not a hardware issue, or a cable issue.
strange ipv6 routing issue
Hello list, I'm playing with IPv6 in 3.8 and came up to this strange problem. My IPv6 connectivity is given by a broker (xs26.net) and I have set up a gif interface to use it (gif0): /etc/hostname.gif0 contains: tunnel SIS0IPv4 BROKERIPv4 inet6 IPv6PREFIX::1 !route add -inet6 default IPv6PREFIX::1 gif0: flags=8151UP,POINTOPOINT,RUNNING,PROMISC,MULTICAST mtu 1500 groups: gif physical address inet SIS0IPv4 -- BROKERIPv4 inet6 fe80::202:6fff:fe21:ea79%gif0 - prefixlen 64 scopeid 0x8 inet6 IPv6PREFIX::1 - prefixlen 64 The funny thing is that I _can_ ping a given machine. [EMAIL PROTECTED]:~$ ping6 DISTANTHOSTNAME PING6(56=40+8+8 bytes) IPv6PREFIX::1 -- DISTANTHOSTIPv6 16 bytes from DISTANTHOSTIPv6, icmp_seq=0 hlim=53 time=207.974 ms 16 bytes from DISTANTHOSTIPv6, icmp_seq=1 hlim=53 time=176.176 ms 16 bytes from DISTANTHOSTIPv6, icmp_seq=2 hlim=53 time=241.964 ms 16 bytes from DISTANTHOSTIPv6, icmp_seq=3 hlim=53 time=253.56 ms ^C --- zorglub.ssji.net ping6 statistics --- 4 packets transmitted, 4 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 176.176/219.918/253.560/30.306 ms but I get a no route to host when trying to ssh to it [EMAIL PROTECTED]:~$ ssh -v6 DISTANTHOSTNAME OpenSSH_4.1, OpenSSL 0.9.7g 11 Apr 2005 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to DISTANTHOSTNAME [DISTANTHOSTIPv6] port 22. debug1: connect to address DISTANTHOSTIPv6 port 22: No route to host ssh: connect to host DISTANTHOSTNAME port 22: No route to host (/etc/ssh/ssh_config reads $OpenBSD: ssh_config,v 1.20 2005/01/28 09:45:53 dtucker Exp $ and has not been modified) To be even weirder, the machines behind the router, which get IPv6 in the same prefix manage to ssh to the very same host using IPv6 through the router. Does somebody have some ideas/solutions about this problem ? Useful information (note the illegal prefix len in the output of route for ::/4, which seems to be what default resolves to when route -add'ing) [EMAIL PROTECTED]:~$ uname -a OpenBSD mudrublic.narf.ssji.net 3.8 GENERIC#224 i386 [EMAIL PROTECTED]:~$ route -n show -inet6 Routing tables Internet6: DestinationGatewayFlagsRefs UseMtu Interface route: illegal prefixlen ::/4 IPv6PREFIX::1 UGS 0 1591 - gif0 ::1::1UH 0 0 33224 lo0 IPv6PREFIX::/64link#8 UC 0 0 - gif0 IPv6PREFIX::1 link#8 UHLc0 12 - lo0 IPv6PREFIX:100::/64link#3 UC 0 0 - sis1 IPv6PREFIX:100::1 00:00:24:c4:22:5d UHLc0 0 - lo0 IPv6PREFIX:101::/64link#1 UC 0 0 - ath0 IPv6PREFIX:101::1 00:02:6f:21:ea:79 UHLc0 0 - lo0 IPv6PREFIX:101:211:95ff:febb:812f 00:11:95:bb:81:2f UHLc 0 1857 - ath0 IPv6PREFIX:101:230:65ff:fe0f:2795 00:30:65:0f:27:95 UHLc 02 - ath0 fe80::%ath0/64 link#1 UC 0 0 - ath0 fe80::202:6fff:fe21:ea79%ath0 00:02:6f:21:ea:79 UHLc0 0 - lo0 fe80::211:95ff:febb:812f%ath0 00:11:95:bb:81:2f UHLc0 109 - ath0 fe80::230:65ff:fe0f:2795%ath0 00:30:65:0f:27:95 UHLc0 4 - ath0 fe80::%sis0/64 link#2 UC 0 0 - sis0 fe80::%sis1/64 link#3 UC 0 0 - sis1 fe80::%lo0/64 fe80::1%lo0U 0 0 - lo0 fe80::%gif0link#8 UHLc0 0 - gif0 fe80::%gif0/64 link#8 UC 0 0 - gif0 fe80::202:6fff:fe21:ea79%gif0 link#8 UHLc0 0 - lo0 fe80::260:8ff:fe34:275f%gif0 link#8 UHLc0 606 - gif0 ff01::/32 ::1UC 0 0 - lo0 ff02::%ath0/32 link#1 UC 0 0 - ath0 ff02::%sis0/32 link#2 UC 0 0 - sis0 ff02::%sis1/32 link#3 UC 0 0 - sis1 ff02::%lo0/32 ::1UC 0 0 - lo0 ff02::%gif0/32 link#8 UC 0 0 - gif0 dmesg not included as it does not seem to be relevant for this problem, correct me if I'm wrong (; thanks -- Olivier Mehani [EMAIL
Re: strange ipv6 routing issue
On Sat, Feb 18, 2006 at 12:57:05PM +0100, Olivier Mehani wrote: Hello list, I'm playing with IPv6 in 3.8 and came up to this strange problem. My IPv6 connectivity is given by a broker (xs26.net) and I have set up a gif interface to use it (gif0): /etc/hostname.gif0 contains: tunnel SIS0IPv4 BROKERIPv4 inet6 IPv6PREFIX::1 !route add -inet6 default IPv6PREFIX::1 gif0: flags=8151UP,POINTOPOINT,RUNNING,PROMISC,MULTICAST mtu 1500 groups: gif physical address inet SIS0IPv4 -- BROKERIPv4 inet6 fe80::202:6fff:fe21:ea79%gif0 - prefixlen 64 scopeid 0x8 inet6 IPv6PREFIX::1 - prefixlen 64 The funny thing is that I _can_ ping a given machine. [EMAIL PROTECTED]:~$ ping6 DISTANTHOSTNAME PING6(56=40+8+8 bytes) IPv6PREFIX::1 -- DISTANTHOSTIPv6 16 bytes from DISTANTHOSTIPv6, icmp_seq=0 hlim=53 time=207.974 ms 16 bytes from DISTANTHOSTIPv6, icmp_seq=1 hlim=53 time=176.176 ms 16 bytes from DISTANTHOSTIPv6, icmp_seq=2 hlim=53 time=241.964 ms 16 bytes from DISTANTHOSTIPv6, icmp_seq=3 hlim=53 time=253.56 ms ^C --- zorglub.ssji.net ping6 statistics --- 4 packets transmitted, 4 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 176.176/219.918/253.560/30.306 ms but I get a no route to host when trying to ssh to it [EMAIL PROTECTED]:~$ ssh -v6 DISTANTHOSTNAME OpenSSH_4.1, OpenSSL 0.9.7g 11 Apr 2005 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to DISTANTHOSTNAME [DISTANTHOSTIPv6] port 22. debug1: connect to address DISTANTHOSTIPv6 port 22: No route to host ssh: connect to host DISTANTHOSTNAME port 22: No route to host (/etc/ssh/ssh_config reads $OpenBSD: ssh_config,v 1.20 2005/01/28 09:45:53 dtucker Exp $ and has not been modified) To be even weirder, the machines behind the router, which get IPv6 in the same prefix manage to ssh to the very same host using IPv6 through the router. Does somebody have some ideas/solutions about this problem ? Useful information (note the illegal prefix len in the output of route for ::/4, which seems to be what default resolves to when route -add'ing) [EMAIL PROTECTED]:~$ uname -a OpenBSD mudrublic.narf.ssji.net 3.8 GENERIC#224 i386 [EMAIL PROTECTED]:~$ route -n show -inet6 Routing tables Internet6: DestinationGatewayFlags Refs UseMtu Interface route: illegal prefixlen ::/4 IPv6PREFIX::1 UGS 0 1591 - gif0 ::1::1UH 0 0 33224 lo0 IPv6PREFIX::/64link#8 UC 0 0 - gif0 IPv6PREFIX::1 link#8 UHLc0 12 - lo0 IPv6PREFIX:100::/64link#3 UC 0 0 - sis1 IPv6PREFIX:100::1 00:00:24:c4:22:5d UHLc0 0 - lo0 IPv6PREFIX:101::/64link#1 UC 0 0 - ath0 IPv6PREFIX:101::1 00:02:6f:21:ea:79 UHLc0 0 - lo0 IPv6PREFIX:101:211:95ff:febb:812f 00:11:95:bb:81:2f UHLc 0 1857 - ath0 IPv6PREFIX:101:230:65ff:fe0f:2795 00:30:65:0f:27:95 UHLc 02 - ath0 fe80::%ath0/64 link#1 UC 0 0 - ath0 fe80::202:6fff:fe21:ea79%ath0 00:02:6f:21:ea:79 UHLc 0 0 - lo0 fe80::211:95ff:febb:812f%ath0 00:11:95:bb:81:2f UHLc 0 109 - ath0 fe80::230:65ff:fe0f:2795%ath0 00:30:65:0f:27:95 UHLc 0 4 - ath0 fe80::%sis0/64 link#2 UC 0 0 - sis0 fe80::%sis1/64 link#3 UC 0 0 - sis1 fe80::%lo0/64 fe80::1%lo0U0 0 - lo0 fe80::%gif0link#8 UHLc 0 0 - gif0 fe80::%gif0/64 link#8 UC 0 0 - gif0 fe80::202:6fff:fe21:ea79%gif0 link#8 UHLc 0 0 - lo0 fe80::260:8ff:fe34:275f%gif0 link#8 UHLc 0 606 - gif0 ff01::/32 ::1UC 0 0 - lo0 ff02::%ath0/32 link#1 UC 0 0 - ath0 ff02::%sis0/32 link#2 UC 0 0 - sis0 ff02::%sis1/32 link#3 UC 0 0 - sis1 ff02::%lo0/32 ::1UC 0 0 - lo0 ff02::%gif0/32
Re: slow downloads to gateway
By the way, when I now have a proper download speed, I have to ask why the default vaule of net.inet.tcp.recvspace is set so low? I have a 100MBit inet connection so it was little confusing with my earlier bandwidth limitation. /bkw On 18/02/06, Bachman Kharazmi [EMAIL PROTECTED] wrote: bw_test_512MB:ETA: 1:08 101.21/512.00 MB6.03 MB/s I increased the value to 10 thanks /bkw On 18/02/06, Melameth, Daniel D. [EMAIL PROTECTED] wrote: Bachman Kharazmi wrote: I'm running obsd 3.8 release on my gateway. Two xl nics are installed. The GW does NAT which works very well, All downloads from internet=hosts behind the gw with local IPs goes really fast. But from internet to the GW's harddisk is ~20% of what the LAN hosts speed are through the GW. I know the harddrive on the gw isn't the bottleneck. Are there anything else I should check? You don't really define what slow is, but you might want to try increasing net.inet.tcp.recvspace to start.
Re: slow downloads to gateway
I'm certain someone will correct me if I'm wrong, but the current setting is optimized for low latency networks, like LANs, and reduces kernel memory consumption. Also, your use of a value of a million, is overly high and might lead to problems--experiment and use the lowest value that meets your needs. For more information, google for bandwidth delay product. Bachman Kharazmi wrote: By the way, when I now have a proper download speed, I have to ask why the default vaule of net.inet.tcp.recvspace is set so low? I have a 100MBit inet connection so it was little confusing with my earlier bandwidth limitation. /bkw On 18/02/06, Bachman Kharazmi [EMAIL PROTECTED] wrote: bw_test_512MB:ETA: 1:08 101.21/512.00 MB 6.03 MB/s I increased the value to 10 thanks /bkw On 18/02/06, Melameth, Daniel D. [EMAIL PROTECTED] wrote: Bachman Kharazmi wrote: I'm running obsd 3.8 release on my gateway. Two xl nics are installed. The GW does NAT which works very well, All downloads from internet=hosts behind the gw with local IPs goes really fast. But from internet to the GW's harddisk is ~20% of what the LAN hosts speed are through the GW. I know the harddrive on the gw isn't the bottleneck. Are there anything else I should check? You don't really define what slow is, but you might want to try increasing net.inet.tcp.recvspace to start.
Utilisation of free memory as disc cache: tweaking is required?
Hello, I have a box with 512MB of RAM, which is running a snapshot from 2006-02-13. The box does not get used much, so most of the RAM stays still, i.e. not used by the userland. I am now quite surprised why OpenBSD does not use all of this RAM for disc cache etc. After rebooting the system, I took some measurements from the root console (where only one other user was logged in, who ran a `top` every once in a while). In the fragment of my session below, you can see that running identical `find /usr/src/sys/ -name *.[ch] | xargs grep qwertyuiop` command does not seem to utilise any disc cache before the kernel option gets modified. After we increase kern.maxvnodes by a factor of 16, we immediately get huge benefits of running identical 'find .. grep ..' command the second time etc. Before tweaking kern.maxvnodes: free memory after 'find .. grep ..' is around 368MB repeated 'find .. grep ..' always take as much as 14 seconds After tweaking kern.maxvnodes: free memory after 'find .. grep ..' is around 338MB repeated 'find .. grep ..' take as little as 3,9 seconds My question is thus: Is there a reason no algorithm is used to automatically modify kernel variables such as kern.maxvnodes to efficiently account free memory for disc cache? Here is the session log: tvc# idate 2006-02-18T13:36:22Z tvc# sysctl kern kern.ostype=OpenBSD kern.osrelease=3.9 kern.osrevision=200605 kern.version=OpenBSD 3.9-beta (GENERIC) #601: Sun Feb 12 21:39:52 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC kern.maxvnodes=1310 kern.maxproc=532 kern.maxfiles=1772 kern.argmax=262144 kern.securelevel=1 kern.hostname=tvc.home.const.name kern.hostid=0 kern.clockrate=tick = 1, tickadj = 40, hz = 100, profhz = 1024, stathz = 128 kern.posix1version=199009 kern.ngroups=16 kern.job_control=1 kern.saved_ids=1 kern.boottime=Sat Feb 18 13:33:45 2006 kern.domainname= kern.maxpartitions=16 kern.rawpartition=2 kern.osversion=GENERIC#601 kern.somaxconn=128 kern.sominconn=80 kern.usermount=0 kern.random=29769 533248 0 28232 5 1032 0 0 0 0 0 0 10775 8441 0 23 8411 1 7 18 35 71 104 156 211 220 218 114 121 114 78 62 95 90 134 155 185 117 45 4 3 1 0 0 0 3 2 0 0 8408 0 81 1335 951 0 0 0 0 0 1369 12780 16079 0 0 kern.nosuidcoredump=1 kern.fsync=1 kern.sysvmsg=1 kern.sysvsem=1 kern.sysvshm=1 kern.arandom=151420742 kern.msgbufsize=16364 kern.malloc.buckets=16,32,64,128,256,512,1024,2048,4096,8192,16384,32768,65536,131072,262144,524288 kern.malloc.bucket.16=(calls = 25540 total_allocated = 3584 total_free = 743 elements = 256 high watermark = 1280 could_free = 0) kern.malloc.bucket.32=(calls = 4861 total_allocated = 1280 total_free = 145 elements = 128 high watermark = 640 could_free = 0) kern.malloc.bucket.64=(calls = 2479 total_allocated = 640 total_free = 90 elements = 64 high watermark = 320 could_free = 0) kern.malloc.bucket.128=(calls = 881 total_allocated = 320 total_free = 41 elements = 32 high watermark = 160 could_free = 0) kern.malloc.bucket.256=(calls = 615 total_allocated = 192 total_free = 12 elements = 16 high watermark = 80 could_free = 0) kern.malloc.bucket.512=(calls = 382 total_allocated = 112 total_free = 13 elements = 8 high watermark = 40 could_free = 0) kern.malloc.bucket.1024=(calls = 1247 total_allocated = 232 total_free = 4 elements = 4 high watermark = 20 could_free = 0) kern.malloc.bucket.2048=(calls = 102 total_allocated = 92 total_free = 1 elements = 2 high watermark = 10 could_free = 0) kern.malloc.bucket.4096=(calls = 229 total_allocated = 33 total_free = 1 elements = 1 high watermark = 5 could_free = 0) kern.malloc.bucket.8192=(calls = 10 total_allocated = 10 total_free = 0 elements = 1 high watermark = 5 could_free = 0) kern.malloc.bucket.16384=(calls = 1 total_allocated = 1 total_free = 0 elements = 1 high watermark = 5 could_free = 0) kern.malloc.bucket.32768=(calls = 1 total_allocated = 1 total_free = 0 elements = 1 high watermark = 5 could_free = 0) kern.malloc.bucket.65536=(calls = 2 total_allocated = 2 total_free = 0 elements = 1 high watermark = 5 could_free = 0) kern.malloc.bucket.131072=(calls = 0 total_allocated = 0 total_free = 0 elements = 1 high watermark = 5 could_free = 0) kern.malloc.bucket.262144=(calls = 0 total_allocated = 0 total_free = 0 elements = 1 high watermark = 5 could_free = 0) kern.malloc.bucket.524288=(calls = 0 total_allocated = 0 total_free = 0 elements = 1 high watermark = 5 could_free = 0)
Problem using Nslookup through VPN link
I have two 3.8 (GENERIC) IPSec VPN gateways using ISAKMP transforms for negotiation. No complicated PF rules, everything is wide open between networks. I can access and negotiate every protocol except when I call an nslookup request from one side to a W2K3 server on the other. I receive timeouts and server not available. A quick telnet (ip) 53 returns a response. I can ping, tracert/traceroute, and map drives between networks. Tcpdump shows outbound domain requests from one side, tcpdump on the destination shows no domain requests coming in. No restrictions or ACL security implemented in AD that would prevent a lookup for a local zone. Finally, I have additional Ipsec peers in the same 3.8 (GENERIC) VPN gateway that have Sonicwall peers. From these links, I can run nslookups between the networks without issue. Very strange, any ideas? Thanks -T
Re: nat, pf, and ftp
David Higgs wrote: After reading the man pages for pf.conf and ftp-proxy, it's not 100% clear to me how I should go about supporting ftp. I have a basic 2-nic obsd box doing nat for my internal network, and run ftp-proxy with the -n flag. The relevant portions of my pf.conf are shown below: Don't forget the pf faq! Lots of good stuff there, and some simple, commented examples (yes, with ftp). -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
anoncvs as root or user?
Hi Do I checkout source via anoncvs as root or as user? Erwin -- Telefonieren Sie schon oder sparen Sie noch? NEU: GMX Phone_Flat http://www.gmx.net/de/go/telefonie
Re: pix firewall question
pix isn't so easy as openbsd :-| rdr from outside: global (outside) 1 interface nat (inside) 1 INTERNALPC 255.255.255.255 static (inside,outside) tcp EXTERNALIP smtp INTERNALPC smtp netmask 255.255.255.255 Thomas On Sat, 2006-02-18 at 13:13 -0500, Rod Dorman wrote: On Saturday, February 18, 2006, 12:26:58, [EMAIL PROTECTED] wrote: Hi there. I am a long time user of openbsd and ipf/pf. I just got stuck with the task of managing some pix firewalls for the next eight weeks until they can get someone else. Could somebody reply to me off list? I just need to do some simple redirects. Simple in openbsd, that is, but I can't figure out how to do it on the pix. Never used a PIX so I can't directly answer ya but have you browsed the comp.dcom.sys.cisco archive?
Re: Crash after halt -p (i386, current of feb. 5th)
For the archives: Tried again with sysctl machdep.apmhalt=1, same game :-/ # halt -p /etc/rc.shutdown in progress... /etc/rc.shutdown complete. syncing disks... done Attempting to power down... apm0: APM set power state: unrecognized device ID (9) uvm_fault(0xd6930298, 0x8000, 0, 1) - e kernel: page fault trap, code=0 Stopped at trap+0x15f: movzbl 0(%edx),%eax ddb ps PID PPID PGRPUID S FLAGS WAIT COMMAND *31535 1 31535 0 7 0x4006 halt 12 0 0 0 30x100204 crypto_wa crypto 11 0 0 0 30x100204 aiodoned aiodoned 10 0 0 0 30x100204 syncer update 9 0 0 0 30x100204 cleanercleaner 8 0 0 0 30x100204 reaper reaper 7 0 0 0 30x100204 pgdaemon pagedaemon 6 0 0 0 30x100204 pftm pfpurge 5 0 0 0 30x100204 usbtsk usbtask 4 0 0 0 30x100204 usbevt usb0 3 0 0 0 30x100204 apmev apm0 2 0 0 0 30x100204 kmallockmthread 1 0 1 0 3 0x4084 wait init 0 -1 0 0 3 0x80204 scheduler swapper ddb trace trap() at trap+0x15f --- trap (number 4) --- 0x893d: ddb
Re: nat, pf, and ftp
I'm beginning to wonder if I'm being dense and missing something brutally simple. I've looked at the pf FAQ, payed special attention to the FTP section, and even used identical configuration without success. The problem is that with passive mode, the client is actively attempting to connect to the server. Port numbers on either end cannot be predicted, and the block all rule denies the outgoing connection since the client is in $untrusted. Any further ideas? --david On 2/18/06, Darrin Chandler [EMAIL PROTECTED] wrote: David Higgs wrote: After reading the man pages for pf.conf and ftp-proxy, it's not 100% clear to me how I should go about supporting ftp. I have a basic 2-nic obsd box doing nat for my internal network, and run ftp-proxy with the -n flag. The relevant portions of my pf.conf are shown below: Don't forget the pf faq! Lots of good stuff there, and some simple, commented examples (yes, with ftp). -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: nat, pf, and ftp
On 2006/02/18 16:12, David Higgs wrote: The problem is that with passive mode, the client is actively attempting to connect to the server. Port numbers on either end cannot be predicted Well, that depends somewhat on your ftp server. Most modern ones allow you to restrict the range of ports used.
Re: nat, pf, and ftp
On 2006-02-18 16:12:39 -0500, David Higgs wrote: Any further ideas? Check the example. It uses ftp-proxy(8) Best Martin PS: http://en.wikipedia.org/wiki/Top-posting -- http://www.tm.oneiros.de
Problems with ath wireless card
Hey all, I have having trouble getting my Atheros based WG311T Netgear wireless card to work. I have ruled out bad signal strength thus far, and the driver seems to be working. Dmesg (STABLE-branch GENERIC 3.8): ath0 at pci3 dev 7 function 0 Atheros AR5212 rev 0x01: irq 10 ath0: AR5212 7.9 phy 4.5 rf2112 5.6 rf2112 5.6, FCC1A, address 00:0f:b5:fd:28:f1 scanpci data: pci bus 0x0003 cardnum 0x07 function 0x00: vendor 0x168c device 0x0013 Device unknown hostname.ath0: inet 192.168.0.57 255.255.255.0 NONE media autoselect \ nwid Halo nwkey 0xwebhexkey chan 11 wephexkey is a 26-digit hexadecimal WEP key. Running 'route flush; sh -x /etc/netstart' gets me with nothing that works. All the settings seem fine when I do an 'ifconfig -a' but the status still says that there is no network. I notice that it alternates media and mode between (DS11) and (DS11 mode 11b) constantly. I have a working resolv.conf file as well as /etc/mygate configured correctly. I have also tried manually doing these settings with ifconfig (as per the ath(4) man page), but that made no difference. The only other seemingly noteworth thing is that my dmesg is littered with the following entry: arp: attempt to add entry for 192.168.0.1 on ath0 by 00:09:5b:ff:6f:54 on em0 Is there anyone out there who has had a similar problem or who knows what I can do to fix this? Searching online gave me little in the way of results that I could understand or that seemed relevant. -- Aaron Hsu [EMAIL PROTECTED] Jabber: [EMAIL PROTECTED] http://www.sacrificumdeo.net Extend beyond the Mortal . . . . They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. - Benjamin Franklin
Re: Error making devel/jdk
On 2/18/06, Aaron Hsu [EMAIL PROTECTED] wrote: I'm trying to get the Java plugin for my browsers (Opera and Firefox), and from what I can tell from the documentation, this is done by installing the jdk package. The documentation I read said that only the 1.3 and 1.4 version have plugins for browsers, so I chose 1.4. Doing a make after installing the requisite files to /usr/ports/distfiles gives: bad class file: /usr/ports/devel/jdk/1.4/w-jdk-1.4.2p3/control/build/ \ bsd-i586/classes/javax/swing/JList.class illegal start of class file Please remove or make sure it appears in the correct subdirectory of the classpath. JList list, ^ 1 error Could someone explain this to me, as well as how to fix it? did 1.3 build successfully? to get to jdk 1.5 I had to build the following packages first: jdk-linux-1.3.1_15.tgz jdk-1.4.2p2.tgz In that order. It's been a while, but my understanding is that each version needs the previous version as a prerequisite to build. are you using 3.8 ports tree? 3.9? -current? -stable? If you want help, post a more descriptive log of the build process you did as well as the error.
Re: pix firewall question
At the risk of sounding like I'm a regular on this list, RTFM. OR look at other examples in the PIX config. On 2/18/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi there. I am a long time user of openbsd and ipf/pf. I just got stuck with the task of managing some pix firewalls for the next eight weeks until they can get someone else. Could somebody reply to me off list? I just need to do some simple redirects. Simple in openbsd, that is, but I can't figure out how to do it on the pix. --ja --
Re: Feb 13 X snapshot
Re! Keyboard does not work in Feb 15 snapshot too. Actually it work on my laptop, but not on my desktop. On desktop I'm having the same error: KbdOn: tcsetattr: Operation not supported Complete X.log: (--) checkDevMem: using aperture driver /dev/xf86 (--) Using wscons driver in pcvt compatibility mode (version 3.32) (WW) GARTInit: AGPIOC_INFO failed (Device not configured) X Window System Version 6.9.0 (for OpenBSD) Release Date: 21 December 2005 X Protocol Version 11, Revision 0, Release 6.9 Build Operating System: OpenBSD 3.9 i386 [ELF] Current Operating System: OpenBSD cerberus.home.unixconn.com 3.9 GENERIC#601 i386 Build Date: 13 February 2006 Before reporting problems, check http://wiki.X.Org to make sure that you have the latest version. Module Loader present Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. (==) Log file: /var/log/Xorg.0.log, Time: Sat Feb 18 16:13:20 2006 (==) Using config file: /etc/X11/xorg.conf (==) ServerLayout X.org Layout (**) |--Screen Screen 1 (0) (**) | |--Monitor LG (**) | |--Device nvidia (**) |--Input Device Mouse1 (**) |--Input Device Keyboard1 (WW) The directory /usr/local/lib/X11/fonts/xcyrillic/75dpi does not exist. Entry deleted from font path. (WW) The directory /usr/local/lib/X11/fonts/xcyrillic/misc does not exist. Entry deleted from font path. (WW) The directory /usr/local/lib/X11/fonts/xcyrillic/100dpi does not exist. Entry deleted from font path. (**) FontPath set to /usr/X11R6/lib/X11/fonts/misc,/usr/X11R6/lib/X11/fonts/75dpi:unscaled, /usr/X11R6/lib/X11/fonts/100dpi:unscaled,/usr/X11R6/lib/X11/fonts/Type1,/usr/X11R6/lib/X11/fonts/cyrillic,/home/en/artwiz_se,/usr/local/share/fonts (**) RgbPath set to /usr/X11R6/lib/X11/rgb (==) ModulePath set to /usr/X11R6/lib/modules (II) Module ABI versions: X.Org ANSI C Emulation: 0.2 X.Org Video Driver: 0.8 X.Org XInput driver : 0.5 X.Org Server Extension : 0.2 X.Org Font Renderer : 0.4 (II) Loader running on openbsd (II) LoadModule: bitmap (II) Loading /usr/X11R6/lib/modules/fonts/libbitmap.so (II) Module bitmap: vendor=X.Org Foundation compiled for 6.9.0, module version = 1.0.0 Module class: X.Org Font Renderer ABI class: X.Org Font Renderer, version 0.4 (II) Loading font Bitmap (II) LoadModule: pcidata (II) Loading /usr/X11R6/lib/modules/libpcidata.so (II) Module pcidata: vendor=X.Org Foundation compiled for 6.9.0, module version = 1.0.0 ABI class: X.Org Video Driver, version 0.8 (II) PCI: Probing config type using method 1 (II) PCI: Config type is 1 (II) PCI: stages = 0x03, oldVal1 = 0x, mode1Res1 = 0x8000 (II) PCI: PCI scan (all values are in hex) (II) PCI: 00:00:0: chip 1039,0648 card 1043,8086 rev 11 class 06,00,00 hdr 80 (II) PCI: 00:01:0: chip 1039,0003 card , rev 00 class 06,04,00 hdr 01 (II) PCI: 00:02:0: chip 1039,0963 card , rev 25 class 06,01,00 hdr 80 (II) PCI: 00:02:5: chip 1039,5518 card 1043,8087 rev 00 class 01,01,8a hdr 00 (II) PCI: 00:02:7: chip 1039,7012 card 1043,80b0 rev a0 class 04,01,00 hdr 00 (II) PCI: 00:03:0: chip 1039,7001 card 1043,8087 rev 0f class 0c,03,10 hdr 80 (II) PCI: 00:03:1: chip 1039,7001 card 1043,8087 rev 0f class 0c,03,10 hdr 00 (II) PCI: 00:03:2: chip 1039,7002 card 1043,8087 rev 00 class 0c,03,20 hdr 00 (II) PCI: 00:04:0: chip 1039,0900 card 1043,80a7 rev 91 class 02,00,00 hdr 00 (II) PCI: 00:09:0: chip 8086,1229 card 8086,0001 rev 02 class 02,00,00 hdr 00 (II) PCI: 00:0a:0: chip 8086,1229 card 8086,0001 rev 02 class 02,00,00 hdr 00 (II) PCI: 01:00:0: chip 10de,0322 card 10b0,041b rev a1 class 03,00,00 hdr 00 (II) PCI: End of PCI scan (II) Host-to-PCI bridge: (II) Bus 0: bridge is at (0:0:0), (0,0,1), BCTRL: 0x0008 (VGA_EN is set) (II) Bus 0 I/O range: [0] -1 0 0x - 0x (0x1) IX[B] (II) Bus 0 non-prefetchable memory range: [0] -1 0 0x - 0x (0x0) MX[B] (II) Bus 0 prefetchable memory range: [0] -1 0 0x - 0x (0x0) MX[B] (II) PCI-to-PCI bridge: (II) Bus 1: bridge is at (0:1:0), (0,1,1), BCTRL: 0x0008 (VGA_EN is set) (II) Bus 1 non-prefetchable memory range: [0] -1 0 0xe700 - 0xe7ff (0x100) MX[B] (II) Bus 1 prefetchable memory range: [0] -1 0 0xeff0 - 0xfebf (0xed0) MX[B] (II) PCI-to-ISA bridge: (II) Bus -1: bridge is at (0:2:0), (0,-1,-1), BCTRL: 0x0008 (VGA_EN is set) (--) PCI:*(1:0:0) nVidia Corporation NV34 [GeForce FX 5200] rev 161, Mem @ 0xe700/24, 0xf000/27, BIOS @ 0xeffe/17 (II) Addressable bus resource ranges are [0] -1 0 0x - 0x (0x0) MX[B] [1] -1 0 0x - 0x (0x1) IX[B] (II) OS-reported resource ranges: [0] -1 0 0xffe0 -
Redundant Failover Firewalls
I am needing to build two identical failover firewalls with openbsd, pf, pfsync, and carp. So far simple enough, with so many articles and examples available. All of these are using NAT. However, I am needing to use public IP's out of a /25 allocation, without NAT. I have not been able to find any articles or examples that discuss doing this in a routed manner. Two articles on redundant bridging firewalls seem to be workable, but either need expensive switches or have extended failover times of greater than 1 minute. Can anyone point me towards articles or examples of non-nat routing on OpenBSD? -- John Brooks [EMAIL PROTECTED]
Sera Systems no more
Maybe someone else has mentioned this already on the list, I happened to go to Sera Systems site today while looking for some 1U OpenBSD boxes, and I found this: --- After many pleasurable years, we have decided to close SeraSystems and focus on other opportunities. We would like to thank our many customers for your patronage, support, and just being who you are. Questions or comments may be directed to serasystems (-: at :-) protectix.com or directly to our parent company, Protectix, Inc. So long and thanks for all the fish! --- Anyhow they are occasionaly mentioned when people ask about hardware so I figured I'd post it. So long Sera Systems... -Matt-
Re: Sera Systems no more
On Sun, 19 Feb 2006 01:09:21 -0500 (EST), Matthew Closson wrote: Maybe someone else has mentioned this already on the list, I happened to go to Sera Systems site today while looking for some 1U OpenBSD boxes, and I found this: --- After many pleasurable years, we have decided to close SeraSystems and focus on other opportunities. We would like to thank our many customers for your patronage, support, and just being who you are. Questions or comments may be directed to serasystems (-: at :-) protectix.com or directly to our parent company, Protectix, Inc. So long and thanks for all the fish! --- Anyhow they are occasionaly mentioned when people ask about hardware so I figured I'd post it. So long Sera Systems... -Matt- Que Sera Sera .. From the land down under: Australia. Do we look umop apisdn from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.
Error making devel/jdk
I'm trying to get the Java plugin for my browsers (Opera and Firefox), and from what I can tell from the documentation, this is done by installing the jdk package. The documentation I read said that only the 1.3 and 1.4 version have plugins for browsers, so I chose 1.4. Doing a make after installing the requisite files to /usr/ports/distfiles gives: bad class file: /usr/ports/devel/jdk/1.4/w-jdk-1.4.2p3/control/build/ \ bsd-i586/classes/javax/swing/JList.class illegal start of class file Please remove or make sure it appears in the correct subdirectory of the classpath. JList list, ^ 1 error Could someone explain this to me, as well as how to fix it? -- Aaron Hsu [EMAIL PROTECTED] Jabber: [EMAIL PROTECTED] http://www.sacrificumdeo.net Extend beyond the Mortal . . . . They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. - Benjamin Franklin
