How to find available wifi access points?
Hi, Happily running a laptop on OpenBSD - but I am a first time wifi-er. I have no trouble connecting to a _known_ SSID, but I would like to find out which wifi networks are within my reach. I did man/search archives but no luck there - I've seen monitoring mode - can set my card to it, which seems a good direction towards my goal. But I simply not have a clue what to do next... ? All I need to be able to do is see what networks are available when out and about, nothing more. Obviously I am not the only user with this wish - so I am probably missing something extremely obvious :-( (Running 4.5 snapshot with onboard iwi0 - but also have external rum0 and ral0 cards available). Thanks! Matt
Re: How to find available wifi access points?
On Fri, Mar 20, 2009 at 08:12:45AM +0100, Matt wrote: Hi, All I need to be able to do is see what networks are available when out and about, nothing more. Obviously I am not the only user with this wish - so I am probably missing something extremely obvious :-( (Running 4.5 snapshot with onboard iwi0 - but also have external rum0 and ral0 cards available). For recent snapshots it `scan' argument to ifconfig(8) try: ifconfig iwi0 scan
Re: Xorg on ASRock i945GZ problem
On Mar 19, 2009 5:13pm, Evgeniy Sudyr eject.in...@gmail.com wrote: Hi, all I have problem with Xorg on -current. Card is supported (as I see) but X not startx :(. vesabios0 at mainbus0: version 3.0, Intel Corporation Intel(r) 82945G Chipset Family Graphics Controller vesabios0: VESA mode 0160: attributes vesabios0: VESA mode 0161: attributes vesabios0: VESA mode 0162: attributes vesabios0: VESA mode 0163: attributes vesabios0: VESA mode 0164: attributes vesabios0: VESA mode 0165: attributes vesabios0: VESA mode 0166: attributes vesabios0: VESA mode 0167: attributes vesabios0: VESA mode 0168: attributes vesabios0: VESA mode 013c: attributes 009b, 1920x1440 8bbp Packed pixel vesabios0: VESA mode 014d: attributes 009b, 1920x1440 16bbp Direct Color vesabios0: VESA mode 015c: attributes vesabios0: VESA mode 013a: attributes 009b, 1600x1200 8bbp Packed pixel vesabios0: VESA mode 014b: attributes 009b, 1600x1200 16bbp Direct Color vesabios0: VESA mode 015a: attributes 009b, 1600x1200 32bbp Direct Color vesabios0: VESA mode 0107: attributes 009b, 1280x1024 8bbp Packed pixel vesabios0: VESA mode 011a: attributes 009b, 1280x1024 16bbp Direct Color vesabios0: VESA mode 011b: attributes 009b, 1280x1024 32bbp Direct Color vesabios0: VESA mode 0105: attributes 009b, 1024x768 8bbp Packed pixel vesabios0: VESA mode 0117: attributes 009b, 1024x768 16bbp Direct Color vesabios0: VESA mode 0118: attributes 009b, 1024x768 32bbp Direct Color vesabios0: VESA mode 0112: attributes 009b, 640x480 32bbp Direct Color vesabios0: VESA mode 0114: attributes 009b, 800x600 16bbp Direct Color vesabios0: VESA mode 0115: attributes 009b, 800x600 32bbp Direct Color vesabios0: VESA mode 0101: attributes 009b, 640x480 8bbp Packed pixel vesabios0: VESA mode 0103: attributes 009b, 800x600 8bbp Packed pixel vesabios0: VESA mode 0111: attributes 009b, 640x480 16bbp Direct Color You're not running GENERIC, since I see vesabios active here. This is the problem. Try with a true GENERIC kernel.
Re: How to find available wifi access points?
Matt wrote: Hi, Happily running a laptop on OpenBSD - but I am a first time wifi-er. I have no trouble connecting to a _known_ SSID, but I would like to find out which wifi networks are within my reach. ifconfig iwn0 chan man ifconfig: [...] chan [n] Set the channel (radio frequency) to be used for IEEE 802.11-based wireless network interfaces to n. With no channel specified, show the results of an access point scan. Somewhat hard to find, but there it is.
Re: How to find available wifi access points?
man ifconfig: chan [n] Set the channel (radio frequency) to be used for IEEE 802.11-based wireless network interfaces to n. With no channel specified, show the results of an access point scan. In Host AP mode, this will dump the list of known nodes without scanning. Frank On 03/20/09 10:12, Matt wrote: Hi, Happily running a laptop on OpenBSD - but I am a first time wifi-er. I have no trouble connecting to a _known_ SSID, but I would like to find out which wifi networks are within my reach. I did man/search archives but no luck there - I've seen monitoring mode - can set my card to it, which seems a good direction towards my goal. But I simply not have a clue what to do next... ? All I need to be able to do is see what networks are available when out and about, nothing more. Obviously I am not the only user with this wish - so I am probably missing something extremely obvious :-( (Running 4.5 snapshot with onboard iwi0 - but also have external rum0 and ral0 cards available). Thanks! Matt
Re: openbsd in virtualization
Markus Hennecke schrieb: Guido Tschakert wrote: the question is: do you use the vmware-tools from server 2.0 and if you do so, how did you manage it? No, we are running server 1.0.8 for our OpenBSD vmware installations. We have some laptops with our Windows client software that needs fast access to a database on an OpenBSD server. All setup for evaluation of the whole packet. So we need the ability to gracefully shutdown the vm if the laptop is powered down. The vm must start when the laptop is started. It is a setup for users with low skills on computers (medical personel mostly), so the ability to start and shut down a vm is not something I can expect. OpenBSD 4.4 or newer will run happily with the vmware server 2.0, but no automatic shutdown is a real show stopper. Kind regards Markus Hello Markus, as I wrote earlier, you can use VmServer 2.0 with the old tools. Shutdown works well. I have the feeling that 2.0 is faster then 1.0 (except the management interface which can be very annoying), but I have no measurements ;-) guido
Re: PF and CLamAV Integration - how to do it?
Hi, Any pointers and/or info would be greatly appreciated by this newbie. Thanks and best regards, :-) Sarah If you want, you may try also http://comixwall.org/ . It's OpenBSD based IDS-like tool to provide complex antivirus, firewall with security, monitoring capabilities and quite nice web-based GUI for local networks. After some tweaks it works like a charm ;) -- Kamil Monticolo
Re: How to find available wifi access points?
Thank you all - that worked (both 'chan' and 'scan'). Now that I actually know what to search for I found lots of good info... *blush* For those thinking regexp / awk / automation - see: http://undeadly.org/cgi?action=articlesid=20071224164233 http://thenixplace.net/doku.php?id=openbsd_wifi_profiles Thanks again, Matt
Re: Problem with interface in promiscuous mode
On 2009/03/19 23:58, Mail Lists wrote: Did you see what sort of packets they are? Broadcast or multicast or something? I'm wondering why they would even hit your machine otherwise. They are multicast packets that are going to 224.0.1.24 which according to this: http://www.iana.org/assignments/multicast-addresses/ is for microsoft-ds. Is there perhaps something in this that lets me tell the administrator of the offending box what's going on since the network admin seems unwilling or unable to to so? Maybe they can try turning off WINS. Or maybe the network admin can filter out the multicast destination MAC, if my working-out is right this should be 01:00:5e:00:01:18, but you can check with tcpdump -e. If they happen to use HP switches Henning wrote an article which has a config example: http://bulabula.org/carp-and-stp-meet-switch-security.html Anyways -this isn't really openbsd related any longer. Apologies if this is turning into noise. dragging this back on topic, the above article is also useful if you want to prevent carp traffic on certain switch-ports. :-)
Re: How to find available wifi access points?
On 2009-03-20, Matt open...@women-at-work.org wrote: Thank you all - that worked (both 'chan' and 'scan'). you should use scan, chan does something else now.
Re: How to find available wifi access points?
I was confused by this a few days ago. I guess I should keep track of all cvs commits. Floor On Mar 20, 2009 10:20 AM, Stuart Henderson s...@spacehopper.org wrote: On 2009-03-20, Matt open...@women-at-work.org wrote: Thank you all - that worked (both 'chan' an... you should use scan, chan does something else now.
Re: PF and CLamAV Integration - how to do it?
--- Marc Balmer [Thu, Mar 19, 2009 at 07:36:18PM +0100]: --- Am 19.03.2009 um 15:27 schrieb Protocol Six Consulting: Hi, I was wondering if anyone here knows how to integrate the PF firewall with ClamAV. smtp-vilter, which is in ports, does that, i started paying attention to this thread because i've been interested in setting up clamav for sometime. i noticed that there's a clamav-milter(8) that gets installed as part of the clamav package. is the general consensus of those in the know to use smtp-vilter instead of clamav-milter for these purposes?
prioritizing carp interfaces
Hi list, I have a theoretical question regarding a CARP cluster and many CARP interfaces Assume we have a firewall comprising of two notes, each with 4 or more interfaces and only one uplink to the internet. The Cluster is in master/backup mode How does CARP behaves when on the master node two unimportantly interfaces fail and on the backup node only the uplink interface fails? Does CARP failover to the backup node and as consequence the whole network will be disconnected from the internet? In my mind one solution to avoid this situation is to rate the CARP interfaces. For example a more important interface gets a higher rate than a less important interface. Probably the ifstated deamon and the demotion counter are the topics to get around with this. Does anybody have experiences demotion couter and ifstated? Thanks in advance. Joerg -- Dipl.-Ing. (FH) Joerg Streckfuss, Phone: +49 40 808077-631 DFN-CERT Services GmbH, https://www.dfn-cert.de/, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737 Sachsenstra_e 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
Re: prioritizing carp interfaces
Hi list, I have a theoretical question regarding a CARP cluster and many CARP interfaces Assume we have a firewall comprising of two notes, each with 4 or more interfaces and only one uplink to the internet. The Cluster is in master/backup mode How does CARP behaves when on the master node two unimportantly interfaces fail and on the backup node only the uplink interface fails? Does CARP failover to the backup node and as consequence the whole network will be disconnected from the internet? In my mind one solution to avoid this situation is to rate the CARP interfaces. For example a more important interface gets a higher rate than a less important interface. Probably the ifstated deamon and the demotion counter are the topics to get around with this. Does anybody have experiences demotion couter and ifstated? Thanks in advance. Well, looks interesting, but I didn't try it. It maybe too complicated, when redundancy need to be as simply as possible. Instead of this, you can just add another node(s), this is the safest solution, I think. -- Kamil Monticolo
Re: prioritizing carp interfaces
Well, looks interesting, but I didn't try it. It maybe too complicated, when redundancy need to be as simply as possible. Instead of this, you can just add another node(s), this is the safest solution, I think. Well, another node implies two nodes for redundancy. And two independant firewall clusters means two independent rulsets to manage. I think i will try ifstated with a finite state machine based on ping test and demotion counter. -- Dipl.-Ing. (FH) Joerg Streckfuss, Phone: +49 40 808077-631 DFN-CERT Services GmbH, https://www.dfn-cert.de/, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737 Sachsenstra_e 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
Re: 4.5-beta - x61s - headphones silent and no way to get the music loud :)
On Thu, Mar 05, 2009 at 11:31:53PM +0100, Sebastian Rother wrote: After updating to 4.5-beta I noticed that my headphones are very very silent and I don't find a way to turn them luder somehow. I raised any setting, even those who where no even supposed to turn the headphones louder but I wanted to ensure there's no naming issue. The speakers work perfectly! Set inputs.sel6_source=dac. You can make it persistent across reboots by setting it in /etc/mixerctl.conf. I can also hear everything recorded by the microphone. So, play with the varius mute toggles and mute the mic?
Re: Install freezes on macppc
On Fri, 20 Mar 2009 10:35:00 -0400 (EDT) Daniel Barowy m...@barowy.net wrote: I just reinstalled the MacOS on the machine (10.5), and that runs OK. I haven't tried any other OSes, but I suppose I could. Anyway, here's my dmesg. Anyone have any suggestions, or things I could try to get some kind of debug info back? As time allows I've recently been working on getting OpenBSD running on an (unsupported) PowerMacintosh G3 Beige in spite of it's infamously buggy firmware. I am not real familiar with apple product names and nicknames, so your description of G4 Sawtooth doesn't mentally register. None the less, it is still one of the older new-world macs (i.e. new-world == G4 or better). The fact you've had MacOS 10.5 on there means you've had the Apple BootX (i.e. the BootX part of Darwin, not the BootX of linux) do it's firmware patching magic to your NVRAM. Yes, OpenFirmware can be patched and this is done by saving the patches (written in Forth) into the NVRAM of the system. There are two ways that Apple does it's magic firmware patching; (1) using the BootX part of Darwin, and (2) an application for MacOS 9.x and earlier called System Disk. Swapping hard drives or disk controllers would have no effect on what, if any, patches were stored in your NVRAM. The only way to get rid of the patches is by doing a Parameter RAM (PRAM) reset via Opt-Cmd-P-R on boot. Booting into MacOS is known to re-patch the firmware, but I'm unsure of the exact MacOS versions that do this. Needless to say, getting an operating system to play nice with firmware that is in an unknown patch state is a major pain in the ass. The first thing you should try is getting the OpenBSD 4.5-current ISO since your issue may have been fixed since 4.4-Release was completed in Sep 08. # ftp ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/macppc/install45.iso # cdio tao install45.iso If you're unable to install with the current ISO, you can try resetting your PRAM via Opt-Cmd-P-R and see if you have any better luck with the mystery firmware patches removed. Since you're OpenFirmware has a working ELF loader, it's at least version 3.0 or better. If your system has OpenFirmware version 3.0 you need to be very careful when messing with the firmware settings. Due a bug in these systems, it is possible to actually over-write the firmware itself, resulting in a serious mess. -- J.C. Roberts
Re: PF Seems To Reload Its Default Rules Unexpectedly
* J.C. Roberts list-...@designtools.org [2009-03-10 02:03]: The smart answer for an ISP is moving to IPv6 that is about the least smart thing anybody could do. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
graphic card support
Hi, I have a problem to select right graphic cards for my OpenBSD systems. At the first machine I want to use 2 screens in dualhead mode. At the second machine I need a graphic card with 3D-acceleration. I have no idea where i could find information which card or chipset support this features. Are there a list of graphic-chips where i could see which chipsets support the DRI/DRM-feature under OpenBSD? Did the support depends in the xorg-driver or at the OpenBSD kernel implementation of DRI? thanks a lot, Jan
Re: PF Seems To Reload Its Default Rules Unexpectedly
* J.C. Roberts list-...@designtools.org [2009-03-09 10:06]: On Sun, 8 Mar 2009 16:01:57 -0700 Hilco Wijbenga hilco.wijbe...@gmail.com wrote: I have pf running on my firewall box and I'm experiencing some strange behaviour. After several hours (this may even be 24 hours) of functioning normally, pf seems to reload its default rules which means that from that point on all traffic is blocked. A simple pfctl -f /etc/pf.conf fixes the problem but it is very annoying. ummm... no. Think about it for a moment. The default rules *are* stored in /etc/pf.conf debatable, there is a default ruleset in /etc/rc loaded early before the real pf.conf is loaded. but unless someone manually runs rc there is no way that could be loaded. technically, the default ruleset is pass, everything else has to be sent to the kernel by pfctl. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: Install freezes on macppc
Hi J.C., Thanks for the post... if any, patches were stored in your NVRAM. The only way to get rid of the patches is by doing a Parameter RAM (PRAM) reset via Opt-Cmd-P-R on boot. Booting into MacOS is known to re-patch the firmware, but I'm I did a PRAM reset, and indeed, the boot console looked different. It was more like the blocky, low-res console that you see on i386 instead of the hi-res one I saw before, so your procedure at least cleared out the display size setting. However, booting and installing from the 4.4-RELEASE CD did not change anything. It still freezes part-way through the install. Needless to say, getting an operating system to play nice with firmware that is in an unknown patch state is a major pain in the ass. The first thing you should try is getting the OpenBSD 4.5-current ISO since your issue may have been fixed since 4.4-Release was completed in Sep 08. I also downloaded this and booted from it. Same problem-- this time it froze while setting up the disk, so it seems like we're still in the same boat. BTW, here's more information on the machine: http://lowendmac.com/ppc/sawtooth-power-mac-g4-agp.html Any other suggestions? Are there any boot-time options that I could try? Thanks again, Dan
ripd [re]distribute default
Greetings, I'm using ripd to distribute a default route, but I noticed the redistribute command is more of an originate. I'd like ripd to distribute a default route, if one exists in the FIB. It seems to send the default whether one exists in the FIB or not. Any suggestions? Thanks. -Steve S.
Re: PF Seems To Reload Its Default Rules Unexpectedly
Is your external IP on DHCP? I doubt it's pf that's changing. -Bryan On Sun, Mar 8, 2009 at 4:01 PM, Hilco Wijbenga hilco.wijbe...@gmail.com wrote: Hi all, I have pf running on my firewall box and I'm experiencing some strange behaviour. After several hours (this may even be 24 hours) of functioning normally, pf seems to reload its default rules which means that from that point on all traffic is blocked. A simple pfctl -f /etc/pf.conf fixes the problem but it is very annoying. I don't see anything relevant in /var/log/pflog or /var/log/messages but I'm not sure what I am looking for so I may have missed something. Do you have any idea why this is happening? Do you have any tips for debugging this? I'm running a stock OpenBSD 4.4. Cheers, Hilco
Re: PF and CLamAV Integration - how to do it?
On 2009-03-20, jmc j...@cosmicnetworks.net wrote: --- Marc Balmer [Thu, Mar 19, 2009 at 07:36:18PM +0100]: --- Am 19.03.2009 um 15:27 schrieb Protocol Six Consulting: Hi, I was wondering if anyone here knows how to integrate the PF firewall with ClamAV. smtp-vilter, which is in ports, does that, i started paying attention to this thread because i've been interested in setting up clamav for sometime. i noticed that there's a clamav-milter(8) that gets installed as part of the clamav package. is the general consensus of those in the know to use smtp-vilter instead of clamav-milter for these purposes? I'd suggest smtp-vilter or MailScanner, both work well for me.
Re: Problem with interface in promiscuous mode
On 3/20/2009 12:59 PM, (private) HKS wrote: On Wed, Mar 18, 2009 at 8:49 PM, Mail Listsmail-li...@peachnet.com wrote: On Wed, Mar 18, 2009 at 12:33 PM, (private) HKShks.priv...@gmail.com wrote: On Wed, Mar 18, 2009 at 12:12 PM, Mail Listsmail-li...@peachnet.com wrote: Hello all, I'm have some issues setting up a bridge. We recently co-located a router in a data canter. The machine is a a soekris 5501 running openbsd4.4. The interfaces use the vr drivers. A machine belonging to someone in our cabinet is sending out about 10 packets/second of udp traffic on port 42. When I try to put my primary interface into bridge mode my machine locks up. I'm assuming this is because it can't handle the amount of packets flowing past the interface. Could anyone indicate whether or not this could indeed be the problem or if I'm completely off base here. The admin at the data center seems to think my box should be able to handle that amount of traffic just fine. The problem is not as pronounced when PF is disabled. The machine still crawls to a virtual standstill but I can at least do a ctrl-c on a tcpdump to stop it. The only way to get back at the command line when PF is enabled is to unplug the ethernet cable. When I DO a tcpdump I get millions of the following: 23:25:10.082217 00:0b:db:93:fb:70 01:00:5e:00:01:18 0800 60: 74.255.56.30.42 224.0.1.24.42: udp 16 Cancelling the dump it reports for instance 20 packets received by filter 198000 packets dropped by kernel I can provide more details on the box if needed but I would just like some advice on what I can do about this. Is there a way to ignore all packets coming from a certain MAC address on layer 2? Is there anyway possible that this is 'legitimate' traffic? Is there any other way to create a filtering bridge without putting interfaces into promiscuous mode? Thanks for any advice, would really appreciate it. Steve This PR may be related: http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yesnumbers=6072 Try setting up a blackhole route for multicast addresses, see if that settles things down a bit. On another note, I'd be blown away to see a Soekris 5501 handle 100k packets/second without eating shit. Their NICs are Terrible (capital T), and the low-powered CPU is quickly overwhelmed by interrupts. -HKS Thanks, I will try this when I'm next able to drive down there as I've effectively cut myself off doing exactly what I shouldn't have. I'm not sure I get why routing these packets to a blackhole would be any easier on the CPU though. Would something like this work? route add IPOFOFFENDINGMACHINE 127.0.0.1 -blackhole Thanks for the advice! Oh, I missed the question you asked about why it would be easier. The PR explains some of that, but I've observed that when multicast traffic enters an interface in promiscuous mode, if net.inet.ip.forwarding=1, the host will attempt to route those packets. This can create a loop where traffic is repeatedly replicated until the box is paralyzed. I knocked down a couple 5501s in discovering this problem. I don't know that this is what you're seeing, but 100k multicast packets/sec from a single host sounds an awful lot like a traffic replication loop. -HKS OK, I understand. If that were the case I should be able to turn off forwarding and the bulk of the problem would disappear? I tried this and this wasn't the case. I tried the blackhole too - route add IP 127.0.0.1 -blackhole and it didn't make any apparent difference. I guess that leads me to believe that these packets are all original packets coming from this IP? What exactly does the OS do when it receives a multicast packet? Does the packet get passed all the way down the network stack and back out? (when in promiscuous mode I suppose). If so why can't you simply tell the stack not to do this for specific packets? I'm sure there's a real reason why this isn't possible I'm just trying to get a grasp on what's hapenning. Anyways, thanks for all the help, really appreciate it. I think I've pretty much given up on this situation and am going to approach this on a physical level (move to a different cabinet probably). I'm mostly pursuing this for my own edification I suppose. Thanks, Steve
Re: PF and CLamAV Integration - how to do it?
On Friday 20 March 2009 11:15:05 jmc wrote: i started paying attention to this thread because i've been interested in setting up clamav for sometime. i noticed that there's a clamav-milter(8) that gets installed as part of the clamav package. is the general consensus of those in the know to use smtp-vilter instead of clamav-milter for these purposes? Yes, because there are no developers recommending clamav-milter. I'm not sure it matters, you only catch some bank phish, not much benefit for the effort expended.
Re: PF and CLamAV Integration - how to do it?
On Sat, 21 Mar 2009 01:35:57 +, Pedro la Peu wrote: I'm not sure it matters, you only catch some bank phish, not much benefit for the effort expended. Unless you have some tasty poker chips to serve with them ;-) *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ /earth: write failed, file system is full cp: /earth/creatures: No space left on device
Re: PF and CLamAV Integration - how to do it?
--- Pedro la Peu [Sat, Mar 21, 2009 at 01:35:57AM +]: --- On Friday 20 March 2009 11:15:05 jmc wrote: i started paying attention to this thread because i've been interested in setting up clamav for sometime. i noticed that there's a clamav-milter(8) that gets installed as part of the clamav package. is the general consensus of those in the know to use smtp-vilter instead of clamav-milter for these purposes? Yes, because there are no developers recommending clamav-milter. yep, that's good enough for me. i only paused to ask becuase i had not yet dealt with the milter end of my anti-virus subsystem. after installing smtp-vilter and reading the dox, it became clear it's the package i need to be using... i now have it up and running with the clamav backend only. still reading up on the rest of the possibilities.