4.9 build problems

[Илья Шипицин]

server is 4.9/amd64
source is CVS/4.9


cd /usr/src
make build

is it ok that system cannot build itself from source ?

building shared object objc library
ranlib libobjc_pic.a
building shared objc library (version 5.0)
cc -shared -fpic  -o libobjc.so.5.0  `lorder archive.so class.so
encoding.so gc.so hash.so init.so linking.so misc.so nil_method.so
NXConstStr.so Object.so objects.so Protocol.so sarray.so selector.so
sendmsg.so thr.so thr-objc.so exception.so|tsort -q`
=== libstdc++-v3
c++ -O2 -pipe -g -DIN_GLIBCPP_V3 -DHAVE_CONFIG_H
-I/usr/src/gnu/lib/libstdc++-v3/../libstdc++-v3/
-I/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/libsupc++
-I/usr/src/gnu/lib/libstdc++-v3/../../gcc/gcc
-I/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
-I/usr/src/gnu/lib/libstdc++-v3/../../gcc/gcc/gcc/include
-I/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
-I/usr/src/gnu/lib/libstdc++-v3/../libiberty/include -I.
-frandom-seed=RepeatabilityConsideredGood -DIN_GLIBCPP_V3
-DHAVE_CONFIG_H -I/usr/src/gnu/lib/libstdc++-v3
-I/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/libsupc++
-I/usr/src/gnu/lib/libstdc++-v3/../../gcc/gcc
-I/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
-I/usr/src/gnu/lib/libstdc++-v3/../../gcc/gcc/gcc/include
-I/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
-I/usr/src/gnu/lib/libstdc++-v3/../libiberty/include -I.
-frandom-seed=RepeatabilityConsideredGood  -fno-implicit-templates
-ffunction-sections -fdata-sections  -Wno-deprecated
-fno-implicit-templates -ffunction-sections -fdata-sections
-Wno-deprecated  -idirafter /home/dest/usr/include/g++  -nostdinc
-idirafter /home/dest/usr/include -c
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_allocator.cc
-o bitmap_allocator.o
In file included from
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/bitmap_allocator.h:37,
 from
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_allocator.cc:30:
/home/dest/usr/include/g++/cstddef:50:28: error: bits/c++config.h: No
such file or directory
In file included from
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/bitmap_allocator.h:43,
 from
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_allocator.cc:30:
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/concurrence.h:41:24:
error: bits/gthr.h: No such file or directory
In file included from
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/bitmap_allocator.h:37,
 from
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_allocator.cc:30:
/home/dest/usr/include/g++/cstddef:53: error: expected constructor,
destructor, or type conversion before '(' token
/home/dest/usr/include/g++/cstddef:58: error: '_GLIBCXX_END_NAMESPACE'
does not name a type
In file included from
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/bitmap_allocator.h:38,
 from
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_allocator.cc:30:
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/functexcept.h:93:
error: '_GLIBCXX_END_NAMESPACE' does not name a type
In file included from /home/dest/usr/include/g++/utility:66,
 from
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/bitmap_allocator.h:39,
 from
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_allocator.cc:30:
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/stl_relops.h:136:
error: '_GLIBCXX_END_NAMESPACE' does not name a type
In file included from /home/dest/usr/include/g++/utility:67,
 from
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/bitmap_allocator.h:39,
 from
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_allocator.cc:30:
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/stl_pair.h:94:
error: template with C linkage
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/stl_pair.h:96:
error: expected ',' or '...' before '' token
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/stl_pair.h:96:
error: 'bool operator==(int)' must have an argument of class or
enumerated type
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/stl_pair.h:100:
error: template with C linkage
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/stl_pair.h:102:
error: expected ',' or '...' before '' token
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/stl_pair.h:102:
error: 'bool operator(int)' must have an argument of class or
enumerated type
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/stl_pair.h:107:
error: template with C linkage
/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/stl_pair.h:109:
error: expected ',' or '...' before '' token

Re: 4.9 build problems

[Christer Solskogen]

On Mon, Oct 10, 2011 at 8:39 AM, PP;QQ P(P8P?P8QP8P=
chipits...@gmail.com wrote:
 server is 4.9/amd64
 source is CVS/4.9


 cd /usr/src
 make build

 is it ok that system cannot build itself from source ?

No. But it's also not okay to not read the documentation on the subject.


--
chs,

Re: smtpd and virtuals

[Gilles Chehade]

On Sat, Oct 08, 2011 at 02:40:04PM +0300, Henri Kemppainen wrote:

 [...]
 
 There's something odd about virtuals; though the code I'm running is no
 longer current (5.0-BETA, to be precise).  Here's what makemap.8 says:
 Virtual domains are kept in maps.  To create single virtual address,
 add ``u...@example.com user'' to the virtual map.  To handle all mail
 destined to any user at example.com, add ``@example.com user'' to the
 virtual map.
 
 [...]
 
 I added some debug printfs, and they show that map_stdio_lookup is called
 with key=virtual.domain.  There is no such key, and the mail is rejected.
 Out of curiosity, I added a matching line to virtual just to see what
 happens:
 virtual.domain  duclare
 somebody@virtual.domain duclare
 
 [...]

 I hope Gilles can tell whether this is a documentation bug or code bug.  Or
 maybe I just missed something obvious (such as a sufficiently recent
 snapshot) :-). 
 

Hi,

This is actually a feature, not a bug ;-)

At RCPT time, smtpd needs to take a decision based on the domain itself before 
it
starts looking at user-parts and take individual decisions.

If the map has a key for the domain, then that lookup can be done efficiently 
for
backends that have indexes of some kind. If the map doesn't, then smtpd will 
have
to loop through all keys, comparing their domain parts, until one key matches.

A few months ago, when we only supported the db(3) backend, makemap had some 
code
to automagically insert a domain key if you had a virtual entry for a domain. 
But
now that we support various backends, this can't be done anymore as there is 
just
no way of doing it for the stdio(3) (plaintext) backend.

This behavior is not specific to OpenSMTPD, at least Postfix has the same need 
of
a domain key as you can observe from man virtual(5):

   
   Without this entry, mail is rejected
   with  relay  access  denied, or bounces with mail loops
   back to myself.
   


Gilles

-- 
Gilles Chehade

http://www.poolp.org/http://u.poolp.org/~gilles/

spamd.black pfctl

[pavel pocheptsov]

hello misc.
I have spamd before mail server. and it's work nice with liberal setting like 
this:
spamd_flags=-v -l 127.0.0.1 -G 10:4:864 -h mail.server

pf.conf:
table spamd-white persist
table spamd-bypass file /etc/mail/spamd.bypass
table spamd-black file /etc/mail/spamd.black
match in on $ext_if_a inet proto tcp from { spamd-bypass, spamd-white } to 
$ext_if_a port { smtp, smtps } rdr-to mail
match in on $ext_if_a inet proto tcp from { !spamd-bypass, !spamd-white } 
to $ext_if_a port { smtp, smtps } tag MAIL_A rdr-to 127.0.0.1 port spamd
block in log quick on { $ext_if_a, $ext_if_b } from { bruteforce, private, 
spamd-black } to any
pass in on $ext_if_a inet proto tcp from any to mail port { smtp, smtps } 
synproxy state reply-to ($ext_if_a $ext_gw_a)
pass in quick reply-to ($ext_if_a $ext_gw_a) tagged MAIL_A

Periodically I receive mail from spammers throuch spamd and antispam setting on 
mail server.
Then I copy-paste IP-adress of spam-sender from field Received to
spam.txt file on router and do something like this:

#cat spam.txt | uniq | sort  /etc/mail/spamd.black
or
#sort -u spam.txt  /etc/mail/spamd.black
and
#pfctl -f /etc/pf.conf

but I won't want to reload all rules. In best way I want to add in pf 
spamd-black table
only new IP, that I past in the top of spam.txt file.
Also I try to use
pfctl -t spamd-black -T flush
pfctl -t spamd-black -T add -f /etc/mail/spamd.black
to do not touch all pf.conf, but I think when spamd.black table will have big 
size,
the better way is add a new IP in table without reloading or loading big table.

Re: smtpd and virtuals

[Gilles Chehade]

On Mon, Oct 10, 2011 at 12:11:28PM +0200, Gilles Chehade wrote:
 
 [...]
 

I forgot to mention that this also allows you to very easily disable a
virtual domain by simply commenting / uncommenting the domain key

Gilles

-- 
Gilles Chehade

http://www.poolp.org/http://u.poolp.org/~gilles/

Re: 4.9 build problems

[Stuart Henderson]

You polluted your source directory by building without 'make obj'.
Simplest is to wipe it, make a fresh checkout, and this time follow
section 5.3.5 from http://www.openbsd.org/faq/faq5.html


On 2011-10-10,  ??? chipits...@gmail.com wrote:
 server is 4.9/amd64
 source is CVS/4.9


 cd /usr/src
 make build

 is it ok that system cannot build itself from source ?

 building shared object objc library
 ranlib libobjc_pic.a
 building shared objc library (version 5.0)
 cc -shared -fpic  -o libobjc.so.5.0  `lorder archive.so class.so
 encoding.so gc.so hash.so init.so linking.so misc.so nil_method.so
 NXConstStr.so Object.so objects.so Protocol.so sarray.so selector.so
 sendmsg.so thr.so thr-objc.so exception.so|tsort -q`
=== libstdc++-v3
 c++ -O2 -pipe -g -DIN_GLIBCPP_V3 -DHAVE_CONFIG_H
 -I/usr/src/gnu/lib/libstdc++-v3/../libstdc++-v3/
 -I/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/libsupc++
 -I/usr/src/gnu/lib/libstdc++-v3/../../gcc/gcc
 -I/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
 -I/usr/src/gnu/lib/libstdc++-v3/../../gcc/gcc/gcc/include
 -I/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
 -I/usr/src/gnu/lib/libstdc++-v3/../libiberty/include -I.
 -frandom-seed=RepeatabilityConsideredGood -DIN_GLIBCPP_V3
 -DHAVE_CONFIG_H -I/usr/src/gnu/lib/libstdc++-v3
 -I/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/libsupc++
 -I/usr/src/gnu/lib/libstdc++-v3/../../gcc/gcc
 -I/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
 -I/usr/src/gnu/lib/libstdc++-v3/../../gcc/gcc/gcc/include
 -I/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
 -I/usr/src/gnu/lib/libstdc++-v3/../libiberty/include -I.
 -frandom-seed=RepeatabilityConsideredGood  -fno-implicit-templates
 -ffunction-sections -fdata-sections  -Wno-deprecated
 -fno-implicit-templates -ffunction-sections -fdata-sections
 -Wno-deprecated  -idirafter /home/dest/usr/include/g++  -nostdinc
 -idirafter /home/dest/usr/include -c
 /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_allocator.cc
 -o bitmap_allocator.o
 In file included from
 /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/bitmap_allocator.h:37,
  from
 /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_allocator.cc:30:
 /home/dest/usr/include/g++/cstddef:50:28: error: bits/c++config.h: No
 such file or directory
 In file included from
 /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/bitmap_allocator.h:43,
  from
 /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_allocator.cc:30:
 /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/concurrence.h:41:24:
 error: bits/gthr.h: No such file or directory
 In file included from
 /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/bitmap_allocator.h:37,
  from
 /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_allocator.cc:30:
 /home/dest/usr/include/g++/cstddef:53: error: expected constructor,
 destructor, or type conversion before '(' token
 /home/dest/usr/include/g++/cstddef:58: error: '_GLIBCXX_END_NAMESPACE'
 does not name a type
 In file included from
 /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/bitmap_allocator.h:38,
  from
 /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_allocator.cc:30:
 /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/functexcept.h:93:
 error: '_GLIBCXX_END_NAMESPACE' does not name a type
 In file included from /home/dest/usr/include/g++/utility:66,
  from
 /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/bitmap_allocator.h:39,
  from
 /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_allocator.cc:30:
 /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/stl_relops.h:136:
 error: '_GLIBCXX_END_NAMESPACE' does not name a type
 In file included from /home/dest/usr/include/g++/utility:67,
  from
 /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/bitmap_allocator.h:39,
  from
 /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_allocator.cc:30:
 /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/stl_pair.h:94:
 error: template with C linkage
 /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/stl_pair.h:96:
 error: expected ',' or '...' before '' token
 /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/stl_pair.h:96:
 error: 'bool operator==(int)' must have an argument of class or
 enumerated type
 /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/stl_pair.h:100:
 error: template with C linkage
 /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/stl_pair.h:102:
 error: expected ',' or '...' before '' token
 /usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/stl_pair.h:102:
 error: 'bool operator(int)' must have an argument of 

Re: 4.9 build problems

[Илья Шипицин]

DESTDIR was the reason of mess.
unset DESTDIR solved the problem

2011/10/10 Stuart Henderson s...@spacehopper.org:
 You polluted your source directory by building without 'make obj'.
 Simplest is to wipe it, make a fresh checkout, and this time follow
 section 5.3.5 from http://www.openbsd.org/faq/faq5.html


 On 2011-10-10,  ??? chipits...@gmail.com wrote:
 server is 4.9/amd64
 source is CVS/4.9


 cd /usr/src
 make build

 is it ok that system cannot build itself from source ?

 building shared object objc library
 ranlib libobjc_pic.a
 building shared objc library (version 5.0)
 cc -shared -fpic  -o libobjc.so.5.0  `lorder archive.so class.so
 encoding.so gc.so hash.so init.so linking.so misc.so nil_method.so
 NXConstStr.so Object.so objects.so Protocol.so sarray.so selector.so
 sendmsg.so thr.so thr-objc.so exception.so|tsort -q`
=== libstdc++-v3
 c++ -O2 -pipe -g -DIN_GLIBCPP_V3 -DHAVE_CONFIG_H
 -I/usr/src/gnu/lib/libstdc++-v3/../libstdc++-v3/
 -I/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/libsupc++
 -I/usr/src/gnu/lib/libstdc++-v3/../../gcc/gcc
 -I/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
 -I/usr/src/gnu/lib/libstdc++-v3/../../gcc/gcc/gcc/include
 -I/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
 -I/usr/src/gnu/lib/libstdc++-v3/../libiberty/include -I.
 -frandom-seed=RepeatabilityConsideredGood -DIN_GLIBCPP_V3
 -DHAVE_CONFIG_H -I/usr/src/gnu/lib/libstdc++-v3
 -I/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/libsupc++
 -I/usr/src/gnu/lib/libstdc++-v3/../../gcc/gcc
 -I/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
 -I/usr/src/gnu/lib/libstdc++-v3/../../gcc/gcc/gcc/include
 -I/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
 -I/usr/src/gnu/lib/libstdc++-v3/../libiberty/include -I.
 -frandom-seed=RepeatabilityConsideredGood  -fno-implicit-templates
 -ffunction-sections -fdata-sections  -Wno-deprecated
 -fno-implicit-templates -ffunction-sections -fdata-sections
 -Wno-deprecated  -idirafter /home/dest/usr/include/g++  -nostdinc
 -idirafter /home/dest/usr/include -c

/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_allocator.cc
 -o bitmap_allocator.o
 In file included from

/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/bitmap_alloc
ator.h:37,
  from

/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_allocator.cc:
30:
 /home/dest/usr/include/g++/cstddef:50:28: error: bits/c++config.h: No
 such file or directory
 In file included from

/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/bitmap_alloc
ator.h:43,
  from

/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_allocator.cc:
30:

/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/concurrence.
h:41:24:
 error: bits/gthr.h: No such file or directory
 In file included from

/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/bitmap_alloc
ator.h:37,
  from

/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_allocator.cc:
30:
 /home/dest/usr/include/g++/cstddef:53: error: expected constructor,
 destructor, or type conversion before '(' token
 /home/dest/usr/include/g++/cstddef:58: error: '_GLIBCXX_END_NAMESPACE'
 does not name a type
 In file included from

/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/bitmap_alloc
ator.h:38,
  from

/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_allocator.cc:
30:

/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/functexcept
.h:93:
 error: '_GLIBCXX_END_NAMESPACE' does not name a type
 In file included from /home/dest/usr/include/g++/utility:66,
  from

/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/bitmap_alloc
ator.h:39,
  from

/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_allocator.cc:
30:

/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/stl_relops.
h:136:
 error: '_GLIBCXX_END_NAMESPACE' does not name a type
 In file included from /home/dest/usr/include/g++/utility:67,
  from

/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/bitmap_alloc
ator.h:39,
  from

/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_allocator.cc:
30:

/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/stl_pair.h:
94:
 error: template with C linkage

/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/stl_pair.h:
96:
 error: expected ',' or '...' before '' token

/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/stl_pair.h:
96:
 error: 'bool operator==(int)' must have an argument of class or
 enumerated type

/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/stl_pair.h:
100:
 error: template with C linkage

/usr/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits/stl_pair.h:
102:
 error: expected ',' or '...' before '' 

Re: The OpenBSD user community needs to shake things up

[Steven]

* Loganaden Velvindron logana...@gmail.com [111009 12:45]:

Fellow OpenBSD users,

I've noticed a disturbing trend: Very few users are testing
patches that developers/contributors are posting.


You raised some good points.  Thanks for the reminder to help out
the devs. :-)

--
W. Steven Schneider  w.steven.schnei...@ualberta.net

Re: spamd.black pfctl

[Boudewijn Dijkstra]

Op Mon, 10 Oct 2011 12:12:23 +0200 schreef pavel pocheptsov  
lilit-aibo...@mail.ru:

hello misc.
I have spamd before mail server. and it's work nice with liberal setting  
like this:

spamd_flags=-v -l 127.0.0.1 -G 10:4:864 -h mail.server

pf.conf:
[...]
block in log quick on { $ext_if_a, $ext_if_b } from { bruteforce,  
private, spamd-black } to any

[...]

but I won't want to reload all rules. In best way I want to add in pf  
spamd-black table

only new IP, that I past in the top of spam.txt file.
[...]


I also employ a manual blacklist, but I import it through spamd.conf(5).   
This way, the entries are not blocked by pf, but enter spamd's tarpit.   
This will keep the spammer's machine busy and delay the delivery of other  
spam.



--
Gemaakt met Opera's revolutionaire e-mailprogramma:  
http://www.opera.com/mail/

(Remove the obvious prefix to reply.)

Help setting up a PF NAT gateway

[Stefan Midjich]

Simplest of things but I'm failing miserably.

$ sudo cat /etc/hostname.vic2 # External NIC with static public IPv4 address
inet 50.50.50.59 255.255.255.0 50.50.50.255

$ sudo cat /etc/hostname.vic3 # Internal NIC used as gateway by two
machines on same network
inet 10.221.181.10 255.255.255.0 10.221.181.255

For troubleshooting I have removed the block all rule, to confirm that
it is in fact my NAT related rules that don't work.

These are my first and only NAT rules. The other rules work fine and
are just to allow SSH to my management interface and ICMP response
from the external IP and from the internal gateway IP. Besides I've
removed the block all so the other rules don't matter much now.

match out on vic2 inet from 10.221.181.0/24 to any nat-to (vic2) round-robin
pass inet from 10.221.181.0/24 to any flags S/SA keep state

With tcpdump I can see packets going to vic3, but no further.

With block all commented out I can fully test the network around and
everything is working just fine, I can nc -kl 50.50.50.59 65535 and
connect to that port from anywhere on the internet. I just can't
connect out from the private network through the gateway. The systems
in the private network have 10.221.181.10 as their default gateway.

I even have the Book of PF 2nd edition here but it's of no use, the
rules are mostly from there. Just for troubleshooting I can also nc
-kl 10.221.181.10 65535 on the gateway and connect to that port from
the private network machines without issues.

So please tell me, what am I missing in this nat-to rule?

--


Med vdnliga hdlsningar / With kind regards

Stefan Midjich

Re: The OpenBSD user community needs to shake things up

[Marc Espie]

On Sun, Oct 09, 2011 at 09:10:16PM +, Alexey E. Suslikov wrote:
 Loganaden Velvindron loganaden at gmail.com writes:
 
  
  If we don't shake things up, things will not change ! Running -current and
  testing diffs _helps_ OpenBSD development significantly.
 
 The problem, IMO, how process is organized.
 
 Mailing lists are not designed for commenting and reviewing
 diffs. Patches simply gets forgotten and than reinvented. We
 have *number* of oh, I forgot to ok. Isn't it because of
 people receive *tons* of mail nowadays?

Nah, mailing-lists work just fine. It's just a question of being
organized.

In most cases, it's like a football game. Spectator sport, pass the
chips, and oh ? actually save that diff somewhere, try it out and
report back to the list/the corresponding developer ? no way, too
much work !

So, get off your lazy asses, and start trying out stuff (not speaking
for you, Alexey, just speaking for our user community in general)

For crying out loud, it's not as if interesting *technical* threads kill
those mailing-lists. When there's too much tech chatter going on, then
we can worry about better tools.

Don't blame the tools. Blame the *people* who don't test.

Re: Help setting up a PF NAT gateway

[Christiano F. Haesbaert]

On 10 October 2011 12:38, Stefan Midjich sweh...@gmail.com wrote:
 Simplest of things but I'm failing miserably.

 $ sudo cat /etc/hostname.vic2 # External NIC with static public IPv4 address
 inet 50.50.50.59 255.255.255.0 50.50.50.255

 $ sudo cat /etc/hostname.vic3 # Internal NIC used as gateway by two
 machines on same network
 inet 10.221.181.10 255.255.255.0 10.221.181.255

 For troubleshooting I have removed the block all rule, to confirm that
 it is in fact my NAT related rules that don't work.

 These are my first and only NAT rules. The other rules work fine and
 are just to allow SSH to my management interface and ICMP response
 from the external IP and from the internal gateway IP. Besides I've
 removed the block all so the other rules don't matter much now.

 match out on vic2 inet from 10.221.181.0/24 to any nat-to (vic2) round-robin
 pass inet from 10.221.181.0/24 to any flags S/SA keep state

 With tcpdump I can see packets going to vic3, but no further.

 With block all commented out I can fully test the network around and
 everything is working just fine, I can nc -kl 50.50.50.59 65535 and
 connect to that port from anywhere on the internet. I just can't
 connect out from the private network through the gateway. The systems
 in the private network have 10.221.181.10 as their default gateway.

 I even have the Book of PF 2nd edition here but it's of no use, the
 rules are mostly from there. Just for troubleshooting I can also nc
 -kl 10.221.181.10 65535 on the gateway and connect to that port from
 the private network machines without issues.

 So please tell me, what am I missing in this nat-to rule?


Hi, can you paste your pf.conf ?
The output of ifconfig would be good too.

New project

[Ludo Smissaert]

Hi,

A Call Center in the Netherlands starts a new project and likes to host
it under OpenBSD / PostgreSQL.

I am writing software for it, but could maybe get some help in setting
up the infrastructure. If anybody is interested I would love to know this.

Please contact me off-list and only if you are experienced in running
and maintaining an OpenBSD infrastructure for a mid-range company.

Regards,
Ludo Smissaert

Re: Help setting up a PF NAT gateway

[pavel pocheptsov]

match out on vic2 inet from 10.221.181.0/24 to any nat-to (vic2) round-robin
in what reason you paste round-robin?
also you need
pass in on $local_if from $localnet to any
pass out on $ext_if from $localnet to any


10 PP:QQP1QQ 2011, 19:42 PQ Stefan Midjich sweh...@gmail.com:
 
 
  
  
Simplest of things but I'm failing miserably.

$ sudo cat /etc/hostname.vic2 # External NIC with static public IPv4 address
inet 50.50.50.59 255.255.255.0 50.50.50.255

$ sudo cat /etc/hostname.vic3 # Internal NIC used as gateway by two
machines on same network
inet 10.221.181.10 255.255.255.0 10.221.181.255

For troubleshooting I have removed the block all rule, to confirm that
it is in fact my NAT related rules that don't work.

These are my first and only NAT rules. The other rules work fine and
are just to allow SSH to my management interface and ICMP response
from the external IP and from the internal gateway IP. Besides I've
removed the block all so the other rules don't matter much now.

match out on vic2 inet from 10.221.181.0/24 to any nat-to (vic2) round-robin
pass inet from 10.221.181.0/24 to any flags S/SA keep state

With tcpdump I can see packets going to vic3, but no further.

With block all commented out I can fully test the network around and
everything is working just fine, I can nc -kl 50.50.50.59 65535 and
connect to that port from anywhere on the internet. I just can't
connect out from the private network through the gateway. The systems
in the private network have 10.221.181.10 as their default gateway.

I even have the Book of PF 2nd edition here but it's of no use, the
rules are mostly from there. Just for troubleshooting I can also nc
-kl 10.221.181.10 65535 on the gateway and connect to that port from
the private network machines without issues.

So please tell me, what am I missing in this nat-to rule?

--


Med vdnliga hdlsningar / With kind regards

Stefan Midjich

Re: Help setting up a PF NAT gateway

[Mark (obsd)]

Hi Stefan,

On Mon, Oct 10, 2011 at 10:38 AM, Stefan Midjich sweh...@gmail.com wrote:

 Simplest of things but I'm failing miserably.

 ...

 With tcpdump I can see packets going to vic3, but no further.


Do you definitely have forwarding enabled?

# sysctl net.inet.ip.forwarding
net.inet.ip.forwarding=1

It that were 0 instead of 1, you'd get your symptoms.  Edit /etc/sysctl.conf
to enable forwarding if you haven't.

Regards,
Mark

Re: smtpd and virtuals

[David Walker]

Hi.

In manXX.tgz (since 4.8) and also on web-cgi, the smtpd.conf(5) man
page references makemap(8) more than once ...
... with explicit instructions to use that man page as a guide when
making db maps and/or understanding the format of plain maps.

The web-cgi page obviously hyperlinks to the other page.

The makemap(8) man page - again in manXX.tgz and also on web-cgi -
contains the following ...

NAME
 makemap - create database maps for sendmail

... and references another associated man page - editmap ...

NAME
 editmap - query and edit records in database maps for sendmail

... both of which reference Sendmail ...
... both of which also reference the sendmail(8) man page ...

These breadcrumbs (implicitly and explicitly) eventually also lead to
looking at the Sendmail README ...

This has been the case for over a year every single time I've looked
at web-cgi and on multiple iterations of base ...
... and I've been trying very hard to exhaust myself there before coming here.

Suffice to say this is not optimum.

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/makemap.8

- smtpd's db maps are incompatible with sendmail's and needs a distinct
makemap utility, this is needed for virtual users support amongst
other things. links to smtpd's aliases.c and only provides a
frontent to parse map descriptions. contains code from pyr@, chl@
and I. Should have also been imported with smtpd.

Etcetera.

I feel ill.

It's somewhat obvious when you do the math between /etc/mailwrapper
and /usr/share/man but not obvious enough apparently ...

On 10/10/2011, Gilles Chehade gil...@poolp.org wrote:
 This behavior is not specific to OpenSMTPD, at least Postfix ...

That came as quite a surprise.

So I go read this ...
http://www.postfix.org/virtual.5.html
... and it's quite different from the OpenBSD man pages ... obviously ...
... but it answers a lot of questions ...
... such as why users who are probably much smarter than me (such as
Henri) struggle to get this going ...
... and more importantly are apparently asking the wrong questions ...

If that's reminiscent of iRobot (Arthur C. Clarke) ... that's exactly
how it feels.
Asking the wrong questions ...

Is this known (AKA are developers installing from source and not seeing this)?

Should this be fixed for some definition of fixed?

If so, what's a good course of action?
- outline it for me, and if I can do, it I will, help me get rid of
some of the disappointment.

If not, what can be done about users who read the man pages and have
issues as a result?
- presumably at some point, Sendmail will no longer be in base, man
pages will get rotated, this will cease to be an issue. In the interim
...

I've apparently wasted a lot of time and enthusiasm on this ...
... but perhaps more importantly I've wasted a opportunities to ask
questions about what's really going on and instead I've been asking
about things that are irrelevant ...
... the real makemap man page is somewhat cryptic to me and I need
to be asking about that.

Best wishes.

Re: Help setting up a PF NAT gateway

[Wesley M.]

Hi,

see my sample, it is well explained.
http://mouedine.net/ruleset49.aspx

All the best,

Wesley MOUEDINE ASSABY
www.mouedine.net


On Mon, 10 Oct 2011 17:38:26 +0200, Stefan Midjich sweh...@gmail.com
wrote:
 Simplest of things but I'm failing miserably.
 
 $ sudo cat /etc/hostname.vic2 # External NIC with static public IPv4
 address
 inet 50.50.50.59 255.255.255.0 50.50.50.255
 
 $ sudo cat /etc/hostname.vic3 # Internal NIC used as gateway by two
 machines on same network
 inet 10.221.181.10 255.255.255.0 10.221.181.255
 
 For troubleshooting I have removed the block all rule, to confirm that
 it is in fact my NAT related rules that don't work.
 
 These are my first and only NAT rules. The other rules work fine and
 are just to allow SSH to my management interface and ICMP response
 from the external IP and from the internal gateway IP. Besides I've
 removed the block all so the other rules don't matter much now.
 
 match out on vic2 inet from 10.221.181.0/24 to any nat-to (vic2)
 round-robin
 pass inet from 10.221.181.0/24 to any flags S/SA keep state
 
 With tcpdump I can see packets going to vic3, but no further.
 
 With block all commented out I can fully test the network around and
 everything is working just fine, I can nc -kl 50.50.50.59 65535 and
 connect to that port from anywhere on the internet. I just can't
 connect out from the private network through the gateway. The systems
 in the private network have 10.221.181.10 as their default gateway.
 
 I even have the Book of PF 2nd edition here but it's of no use, the
 rules are mostly from there. Just for troubleshooting I can also nc
 -kl 10.221.181.10 65535 on the gateway and connect to that port from
 the private network machines without issues.
 
 So please tell me, what am I missing in this nat-to rule?
 
 --
 
 
 Med vdnliga hdlsningar / With kind regards
 
 Stefan Midjich

Re: smtpd and virtuals

[David Walker]

Hi Gilles.

If my previous is hostile ... sorry.

Without the context of the makemap man page in src/usr.sbin/smtpd/
there's no correlation between your first and second mails which
creates more confusion.
With that man page, however, pennies start to drop ...
I spent 4= hours glued to my screen reading and drafting before I
understood the full import of what was going on and found some
hopefully constructive questions.

I was angry about various things but that's down to me.
You've done work here.
I haven't.

Best wishes.

Re: Help setting up a PF NAT gateway

[Stefan Midjich]

Yes forwarding is enabled. I have followed the Book of PF 2nd Edition so far.

2011/10/10 Mark (obsd) openbsd-l...@nerdish.us:
 Hi Stefan,

 On Mon, Oct 10, 2011 at 10:38 AM, Stefan Midjich sweh...@gmail.com wrote:

 Simplest of things but I'm failing miserably.

 ...

 With tcpdump I can see packets going to vic3, but no further.


 Do you definitely have forwarding enabled?
 # sysctl net.inet.ip.forwarding
 net.inet.ip.forwarding=1
 It that were 0 instead of 1, you'd get your symptoms.  Edit
/etc/sysctl.conf
 to enable forwarding if you haven't.
 Regards,
 Mark



--


Med vdnliga hdlsningar / With kind regards

Stefan Midjich

Re: Help setting up a PF NAT gateway

[Stefan Midjich]

That was from the output of pfctl -vf /etc/pf.conf so it expands the
rules and adds all that is implied, like keep state for example.

2011/10/10 pavel pocheptsov lilit-aibo...@mail.ru:
 match out on vic2 inet from 10.221.181.0/24 to any nat-to (vic2)
round-robin
 in what reason you paste round-robin?
 also you need
 pass in on $local_if from $localnet to any
 pass out on $ext_if from $localnet to any


 10 PP:QQP1QQ 2011, 19:42 PQ Stefan Midjich sweh...@gmail.com:

 Simplest of things but I'm failing miserably.

 $ sudo cat /etc/hostname.vic2 # External NIC with static public IPv4
address
 inet 50.50.50.59 255.255.255.0 50.50.50.255

 $ sudo cat /etc/hostname.vic3 # Internal NIC used as gateway by two
 machines on same network
 inet 10.221.181.10 255.255.255.0 10.221.181.255

 For troubleshooting I have removed the block all rule, to confirm that
 it is in fact my NAT related rules that don't work.

 These are my first and only NAT rules. The other rules work fine and
 are just to allow SSH to my management interface and ICMP response
 from the external IP and from the internal gateway IP. Besides I've
 removed the block all so the other rules don't matter much now.

 match out on vic2 inet from 10.221.181.0/24 to any nat-to (vic2)
round-robin
 pass inet from 10.221.181.0/24 to any flags S/SA keep state

 With tcpdump I can see packets going to vic3, but no further.

 With block all commented out I can fully test the network around and
 everything is working just fine, I can nc -kl 50.50.50.59 65535 and
 connect to that port from anywhere on the internet. I just can't
 connect out from the private network through the gateway. The systems
 in the private network have 10.221.181.10 as their default gateway.

 I even have the Book of PF 2nd edition here but it's of no use, the
 rules are mostly from there. Just for troubleshooting I can also nc
 -kl 10.221.181.10 65535 on the gateway and connect to that port from
 the private network machines without issues.

 So please tell me, what am I missing in this nat-to rule?

 --


 Med vdnliga hdlsningar / With kind regards

 Stefan Midjich





--


Med vC$nliga hC$lsningar / With kind regards

Stefan Midjich

Re: Help setting up a PF NAT gateway

[Stefan Midjich]

ManagementIF = vic0
PFsyncIF = vic1
LocalIF = lo0
ManagementPorts = { 1022, 22 }
UDPManagementPorts = { domain }
ICMPTypes = { echorep, echoreq, unreach }
set skip on { lo0 vic1 }
OutIF = vic2
InIF = vic3
pass quick on vic0 inet proto tcp from any to any port = 1022 flags
S/SA keep state label PassMGMTSSH
pass quick on vic0 inet proto tcp from any to any port = ssh flags
S/SA keep state label PassMGMTSSH
pass on vic0 proto udp from any to any port = domain keep state label
PassMGMTDNS
pass on vic0 inet proto icmp all icmp-type echorep keep state label
PassMGMTICMP
pass on vic0 inet proto icmp all icmp-type echoreq keep state label
PassMGMTICMP
pass on vic0 inet proto icmp all icmp-type unreach keep state label
PassMGMTICMP
pass quick on vic2 proto carp all keep state label PassCarp
pass quick on vic3 proto carp all keep state label PassCarp
pass quick inet proto icmp from any to 50.50.50.0/24 icmp-type echoreq
keep state label PingOut
pass quick inet proto icmp from any to 50.50.50.0/24 icmp-type echorep
keep state label PingOut
pass quick inet proto icmp from any to 50.50.50.0/24 icmp-type unreach
keep state label PingOut
pass quick inet proto icmp from 10.221.181.0/24 to 10.221.181.10
icmp-type echoreq keep state label PingIn
pass quick inet proto icmp from 10.221.181.0/24 to 10.221.181.10
icmp-type echorep keep state label PingIn
pass quick inet proto icmp from 10.221.181.0/24 to 10.221.181.10
icmp-type unreach keep state label PingIn
match in on vic3 inet from 10.221.181.0/24 to any label NATOut
nat-to (vic2) round-robin
pass inet from 10.221.181.0/24 to any flags S/SA keep state

vic2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:50X
priority: 0
groups: egress
media: Ethernet autoselect
status: active
inet 50.50.50.59 netmask 0xff00 broadcast 50.50.50.255
inet6 fe80::250:56ff:fe8e:63%vic2 prefixlen 64 scopeid 0x3
vic3: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:50:X
priority: 0
media: Ethernet autoselect
status: active
inet 10.221.181.10 netmask 0xff00 broadcast 10.221.181.255
inet6 fe80::250:56ff:fe8e:64%vic3 prefixlen 64 scopeid 0x4

Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
default50.50.50.1  UGS0   80 - 8 vic2
10/8   10.220.100.1   UGS2 2869 - 8 vic0
10.90.100/24   link#2 UC 10 - 4 vic1
10.90.100.10   X:00:62  UHLc   02 - 4 lo0
10.220.100/24  link#1 UC 30 - 4 vic0
10.220.100.1   X07:ac:00  UHLc   10 - 4 vic0
10.220.100.10  X:49:16  UHLc   0  489 - 4 vic0
10.220.100.209 X:26:05  UHLc   1 5010 - 4 vic0
10.221.181/24  link#4 UC 00 - 4 vic3
127/8  127.0.0.1  UGRS   00 33160 8 lo0
127.0.0.1  127.0.0.1  UH 10 33160 4 lo0
50.50.50/24 link#3 UC 30 - 4 vic2
50.50.50.1  Xf:d4:20  UHLc   10 - 4 vic2
50.50.50.6  X81:86:b6  UHLc   00 - 4 vic2
50.50.50.7  XX:50:87:14  UHLc   00 - 4 vic2
224/4  127.0.0.1  URS00 33160 8 lo0

Please note that I have removed public ip-address and other private details.

2011/10/10 Christiano F. Haesbaert haesba...@haesbaert.org:
 On 10 October 2011 12:38, Stefan Midjich sweh...@gmail.com wrote:
 Simplest of things but I'm failing miserably.

 $ sudo cat /etc/hostname.vic2 # External NIC with static public IPv4
address
 inet 50.50.50.59 255.255.255.0 50.50.50.255

 $ sudo cat /etc/hostname.vic3 # Internal NIC used as gateway by two
 machines on same network
 inet 10.221.181.10 255.255.255.0 10.221.181.255

 For troubleshooting I have removed the block all rule, to confirm that
 it is in fact my NAT related rules that don't work.

 These are my first and only NAT rules. The other rules work fine and
 are just to allow SSH to my management interface and ICMP response
 from the external IP and from the internal gateway IP. Besides I've
 removed the block all so the other rules don't matter much now.

 match out on vic2 inet from 10.221.181.0/24 to any nat-to (vic2)
round-robin
 pass inet from 10.221.181.0/24 to any flags S/SA keep state

 With tcpdump I can see packets going to vic3, but no further.

 With block all commented out I can fully test the network around and
 everything is working just fine, I can nc -kl 50.50.50.59 65535 and
 connect to that port from anywhere on the internet. I just can't
 connect out from the private network through the gateway. The systems
 in the private network have 10.221.181.10 as their default 

Re: Help setting up a PF NAT gateway

[Stefan Midjich]

$ sudo pfctl -sr |grep nat-to
match in on vic3 inet from 10.221.181.0/24 to any label NATOut
nat-to (vic2) round-robin

pfctl -vsl shows only evaluated packets for all my rules, which
worries me, it never increments the counter of packets gone through
any of the nat rules. Only the first rules for management network and
of course the block rule when it was in place.

2011/10/10 James Shupe jsh...@osre.org:
 What does `pfctl -sr | grep nat-to` say?

 On 10/10/11 10:38 AM, Stefan Midjich wrote:
 Simplest of things but I'm failing miserably.

 $ sudo cat /etc/hostname.vic2 # External NIC with static public IPv4
address
 inet 50.50.50.59 255.255.255.0 50.50.50.255

 $ sudo cat /etc/hostname.vic3 # Internal NIC used as gateway by two
 machines on same network
 inet 10.221.181.10 255.255.255.0 10.221.181.255

 For troubleshooting I have removed the block all rule, to confirm that
 it is in fact my NAT related rules that don't work.

 These are my first and only NAT rules. The other rules work fine and
 are just to allow SSH to my management interface and ICMP response
 from the external IP and from the internal gateway IP. Besides I've
 removed the block all so the other rules don't matter much now.

 match out on vic2 inet from 10.221.181.0/24 to any nat-to (vic2)
round-robin
 pass inet from 10.221.181.0/24 to any flags S/SA keep state

 With tcpdump I can see packets going to vic3, but no further.

 With block all commented out I can fully test the network around and
 everything is working just fine, I can nc -kl 50.50.50.59 65535 and
 connect to that port from anywhere on the internet. I just can't
 connect out from the private network through the gateway. The systems
 in the private network have 10.221.181.10 as their default gateway.

 I even have the Book of PF 2nd edition here but it's of no use, the
 rules are mostly from there. Just for troubleshooting I can also nc
 -kl 10.221.181.10 65535 on the gateway and connect to that port from
 the private network machines without issues.

 So please tell me, what am I missing in this nat-to rule?

 --


 Med vdnliga hdlsningar / With kind regards

 Stefan Midjich



 --
 James Shupe, OSRE
 developer/ engineer
 jsh...@osre.org | 866.235.1288
 BSD/ Linux Support | Metro Ethernet | Hosting
 check out our site at www.osre.org





--


Med vdnliga hdlsningar / With kind regards

Stefan Midjich

Re: Help setting up a PF NAT gateway

[Peter N. M. Hansteen]

Stefan Midjich sweh...@gmail.com writes:

 $ sudo cat /etc/hostname.vic2 # External NIC with static public IPv4 address
 inet 50.50.50.59 255.255.255.0 50.50.50.255
 $ sudo cat /etc/hostname.vic3 # Internal NIC used as gateway by two machines 
 on same network
 inet 10.221.181.10 255.255.255.0 10.221.181.255

Are both of those those point to point links? I have a feeling this is
the source of your problem, see man ifconfig


-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Help setting up a PF NAT gateway

[Stefan Midjich]

Not sure what you mean but they're both in switched vlans, two
different vlans. Point to Point is a crossover cable right? I'm not
sure what it means in English. This is all a virtual environment I use
for training so there are no cables as such.

2011/10/10 Peter N. M. Hansteen pe...@bsdly.net:
 Stefan Midjich sweh...@gmail.com writes:

 $ sudo cat /etc/hostname.vic2 # External NIC with static public IPv4
address
 inet 50.50.50.59 255.255.255.0 50.50.50.255
 $ sudo cat /etc/hostname.vic3 # Internal NIC used as gateway by two
machines on same network
 inet 10.221.181.10 255.255.255.0 10.221.181.255

 Are both of those those point to point links? I have a feeling this is
 the source of your problem, see man ifconfig


 --
 Peter N. M. Hansteen, member of the first RFC 1149 implementation team
 http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
 Remember to set the evil bit on all malicious network traffic
 delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.




--


Med vdnliga hdlsningar / With kind regards

Stefan Midjich

Re: Help setting up a PF NAT gateway

[Christiano F. Haesbaert]

On 10 October 2011 15:05, Stefan Midjich sweh...@gmail.com wrote:
 That was from the output of pfctl -vf /etc/pf.conf so it expands the
 rules and adds all that is implied, like keep state for example.


I think that is not what you want:
match in on vic3 inet from 10.221.181.0/24 to any label NATOut
nat-to (vic2) round-robin

You want to match packets going out your external interface, and then
nat-to the external interface address, so try something like:

match out on vic2 inet from 10.221/181.0/24 nat-to (vic2)

Considering vic2 as your external interface.

Re: Help setting up a PF NAT gateway

[Peter N. M. Hansteen]

Stefan Midjich sweh...@gmail.com writes:

 Not sure what you mean but they're both in switched vlans, two
 different vlans. Point to Point is a crossover cable right? I'm not
 sure what it means in English. This is all a virtual environment I use
 for training so there are no cables as such.

take a step back. with PF disabled (pfctl -d), do you
have connectivity, does traffic pass where you want it to?

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Help setting up a PF NAT gateway

[Stefan Midjich]

match out on egress inet from vic3:network nat-to (egress:0)

This is the new rule then, as it appears in pfctl -v

match out on egress inet from 10.221.181.0/24 to any nat-to (egress:0)
round-robin

vic2 is only NIC in egress group in ifconfig.

nc -vv cvs.openbsd.org 25 from 10.221.181.20 does not connect even
though there is no block rule now.

2011/10/10 Christiano F. Haesbaert haesba...@haesbaert.org:
 On 10 October 2011 15:05, Stefan Midjich sweh...@gmail.com wrote:
 That was from the output of pfctl -vf /etc/pf.conf so it expands the
 rules and adds all that is implied, like keep state for example.


 I think that is not what you want:
 match in on vic3 inet from 10.221.181.0/24 to any label NATOut
 nat-to (vic2) round-robin

 You want to match packets going out your external interface, and then
 nat-to the external interface address, so try something like:

 match out on vic2 inet from 10.221/181.0/24 nat-to (vic2)

 Considering vic2 as your external interface.




--


Med vdnliga hdlsningar / With kind regards

Stefan Midjich

Re: Help setting up a PF NAT gateway

[Stefan Midjich]

I have taken away the block all rule, but pfctl -d makes no
difference. The gateway itself behaves just like any server connected
to multiple vlans. You can reach the world around it, through its
default gateway you can reach the internet.

The servers connected to its private vlan, vic3, cannot connect to
anything but themselves and the gateway ip 10.221.181.10. They cannot
go further. The gateway can ping them and connect to them just like on
a vlan.

2011/10/10 Peter N. M. Hansteen pe...@bsdly.net:
 Stefan Midjich sweh...@gmail.com writes:

 Not sure what you mean but they're both in switched vlans, two
 different vlans. Point to Point is a crossover cable right? I'm not
 sure what it means in English. This is all a virtual environment I use
 for training so there are no cables as such.

 take a step back. with PF disabled (pfctl -d), do you
 have connectivity, does traffic pass where you want it to?

 --
 Peter N. M. Hansteen, member of the first RFC 1149 implementation team
 http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
 Remember to set the evil bit on all malicious network traffic
 delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.




--


Med vdnliga hdlsningar / With kind regards

Stefan Midjich

Re: Help setting up a PF NAT gateway

[Peter N. M. Hansteen]

A couple of general comments, 

keep state is the default, no need to specify 

from any to any port =  - to port does the same thing

quick means if we match this, we do no more evaluation for this one.
I suspect your quick rules before the nat-to match rules mean that
anything that matches the quicks pass without hitting the match with the
nat-to. fine if it's your intention, if not, check what really happens
(tcpdump is your friend).

But again, please check that you have a basic network config and
connectivity to eliminate.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: The OpenBSD user community needs to shake things up

[Alexey E. Suslikov]

Marc Espie espie at nerim.net writes:

 
 Don't blame the tools. Blame the *people* who don't test.

I wonder why jasper@ went to github if mailing lists are
good enough.

And you didn't respond on dead bug-tracker issue: if people
test where is a place to put results?

Alexey

Re: smtpd and virtuals

[Gilles Chehade]

On Tue, Oct 11, 2011 at 03:14:26AM +1030, David Walker wrote:
 Hi.


Hi,


 In manXX.tgz (since 4.8) and also on web-cgi, the smtpd.conf(5) man
 page references makemap(8) more than once ...
 ... with explicit instructions to use that man page as a guide when
 making db maps and/or understanding the format of plain maps.
 
 The web-cgi page obviously hyperlinks to the other page.
 
 The makemap(8) man page - again in manXX.tgz and also on web-cgi -
 contains the following ...
 
 [...]
 
 ... both of which reference Sendmail ...
 ... both of which also reference the sendmail(8) man page ...


Seems sensible to me, considering that:

  ! The *default* MTA for OpenBSD is Sendmail, NOT OpenSMTPD. !

When we switch, the *default* man pages will be updated, but until then
the *default* man pages are those of the *default* MTA which you should
be running if you can't cope with glitches caused by coexistence of man
pages and utilities instaled by the *default* MTA and the one you chose
to run ... and that is not the *default* MTA.

I hope to have hinted you that you're not running the *default* MTA.


 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/makemap.8
 
 - smtpd's db maps are incompatible with sendmail's and needs a distinct
   makemap utility, this is needed for virtual users support amongst
   other things. links to smtpd's aliases.c and only provides a
   frontent to parse map descriptions. contains code from pyr@, chl@
   and I. Should have also been imported with smtpd.
 
 Etcetera.

 I feel ill.


Please, don't read the commit logs then.

That message was not intended to be read, let alone understood, by you.
It is a comment from a developer to other developers.

I fail to understand what point you are trying to make here anyways ...


 On 10/10/2011, Gilles Chehade gil...@poolp.org wrote:
  This behavior is not specific to OpenSMTPD, at least Postfix ...
 
 That came as quite a surprise.
 
 [...]
 

There is a documentation bug.

Someone ran into it, kindly asked if it was a documentation bug, which
I confirmed along with an explanation of why domain keys are required,
and a quote from Postfix's

  http://www.postfix.org/virtual.5.html (see VIRTUAL ALIAS DOMAINS)

to outline that this is not an OpenSMTPD-specific thingie.

Man page will be updated to fix the bug, live with it.


 If so, what's a good course of action?
 - outline it for me, and if I can do, it I will, help me get rid of
 some of the disappointment.


You can *easily* get rid of the disappointment by running the *default* MTA.


 If not, what can be done about users who read the man pages and have
 issues as a result?
 - presumably at some point, Sendmail will no longer be in base, man
 pages will get rotated, this will cease to be an issue. In the interim
 ...


In the interim, run the *default* MTA.


 I've apparently wasted a lot of time and enthusiasm on this ...


I've clearly wasted too much time on this mail.


-- 
Gilles Chehade

http://www.poolp.org/http://u.poolp.org/~gilles/

Re: smtpd and virtuals

[Gilles Chehade]

On Tue, Oct 11, 2011 at 04:17:11AM +1030, David Walker wrote:
 Hi Gilles.


Hi,


 If my previous is hostile ... sorry.
 
 [...]
 
 I was angry about various things but that's down to me.
 You've done work here.
 I haven't.
 

You've outlined it.

You've been hostile, you've been angry.
We've done the work, you haven't.

I'm sure I'll enjoy answering your questions in the future ...

-- 
Gilles Chehade

http://www.poolp.org/http://u.poolp.org/~gilles/

Re: smtpd and virtuals

[David Walker]

Hi Henri.

On 11/10/2011, Henri Kemppainen ducl...@guu.fi wrote:

 I agree this isn't ideal.  On the other hand, having a system ship with
 two overlapping  incompatible alternatives is a rather exceptional case,
 and there's no way to automagically please everyone.  One could suggest
 renaming the manuals (and binaries?) and installing them both, but that's
 nasty and ugly, and probably not worth it, if one of the daemons is to
 be axed anyway.

 There's surely a good reason smtpd isn't the default yet, and there's
 a good reason I kept hearing that smtpd isn't considered ready for
 production yet, back when I started using it.  The message is rather
 clear to me: you may play with it, as long as you know what you're doing,
 and are okay with the possibility of problems.  Finding the manual is a
 part of knowing what you're doing :-)  I can see why one could get
 confused though, even if the title lines for these (installed) manuals
 contain sendmail.

You are 100% correct about all of that.

Including this ... finding the manual is part of knowing what you're doing.
It seems to me though, that unless people are actively looking through
src for makemap(8) it will easily go unnoticed even for the patch
senders.
I've been through there maybe a hundred times in the last few months
and never noticed it. I go there to look for something specific, find
it, move on.

Whenever I want documentation I start at man smtpd and go from there.
Again though you are 100% correct and we've all been warned.
This is why I've tried to understand the situation and tried to laugh about it.
I've started drinking now which is helping somewhat ...

 If not, what can be done about users who read the man pages and have
 issues as a result?

 I don't know what can be done about users, but I know what the users can
 do: try figure out what is lacking or misleading, maybe contact the
 developer(s), and propose a change.  Something like this:

 Index: makemap.8
 ===
 RCS file: /cvs/src/usr.sbin/smtpd/makemap.8,v
 retrieving revision 1.14
 diff -u -p -r1.14 makemap.8
 --- makemap.8 3 Sep 2010 11:22:36 -   1.14
 +++ makemap.8 10 Oct 2011 19:10:51 -
 @@ -90,11 +90,14 @@ accept for domain map primary deliver
  .Ed
  .Sh VIRTUAL DOMAINS
  Virtual domains are kept in maps.
 -To create single virtual address, add
 -.Dq u...@example.com user
 +To create a virtual domain, add
 +.Dq example.com kittens
  to the virtual map.
 -To handle all mail destined to any user at example.com, add
 -.Dq @example.com user
 +To create a virtual address for one user under that domain, add
 +.Dq u...@example.com user
 +to the virtual map.
 +To catch all mail destined to the domain, add
 +.Dq @example.com user
  to the virtual map.
  .Pp
  In addition to adding an entry to the virtual map,

I'll have a look at that in a minute, well maybe after a good sleep
but I don't see any reason not to make some adjustment to
smtpd.conf(5) ...
That's where the smtpd man pages start to go to makemap(8) ...
The next best and as far as I can see other deviation into the
Sendmail man pages is from smtpd(8) into mailwrapper.
Changing /etc/mailer.conf is discussed there and I don't see any
reason not to make it obvious not to follow the breadcrumbs too
blindly (i.e.caveats) or maybe a BUGS section.
I would like to see smtpd.conf include some warning also and I think
it's warranted there more than anywhere.

As you say smtpd is known non-production, transitional, so on.
Under these circumstances it seems reasonable to me that this
information is clearly outlined in all the smtpd specific man pages
which it currently isn't.
not in any of them that I can see.
You and I know this but there are others.
Whether or not that happens I see no reason under the same
circumstance to be careful when pointing to other man pages that are
irrelevant and/or harmful.

For instance if I see smtpd and smtpd.conf man pages included can I
assume that other included man pages they point to and reference
without warning are pointed to and referenced for a reason ...
That's what I've assumed.

Absent input from Gilles I'll get up tomorrow and do this.
It's 7am here ...

 The need to have a value for the domain key is a bit ugly.  I noticed
 the stdio backend is happy with empty values, allowing for a pretty list
 under a colon terminated domain name:
   virtual.domain:
   user1@virtual.domainuser1
   user2@virtual.domainuser2

   another.domain:
   user3@another.domainuser3
   user4@another.domainuser4
   ..

 Makemap doesn't like it, though.



You're talking a very different language from me.
These terms don't appear outside of makemap(8) and maybe newaliases(8)
which again I notice is in src ...
I pulled makemap(8) from the web last night and had a couple of reads
but I really need to take my time with it ...
... but your previous examples were exactly my reaction ...
I put this in a draft ...

example.com

Re: smtpd and virtuals

[Gilles Chehade]

On Mon, Oct 10, 2011 at 10:45:37PM +0300, Henri Kemppainen wrote:

 I don't know what can be done about users, but I know what the users can
 do: try figure out what is lacking or misleading, maybe contact the
 developer(s), and propose a change.  Something like this:
 
 Index: makemap.8
 ===
 RCS file: /cvs/src/usr.sbin/smtpd/makemap.8,v
 retrieving revision 1.14
 diff -u -p -r1.14 makemap.8
 --- makemap.8 3 Sep 2010 11:22:36 -   1.14
 +++ makemap.8 10 Oct 2011 19:10:51 -
 @@ -90,11 +90,14 @@ accept for domain map primary deliver 
  .Ed
  .Sh VIRTUAL DOMAINS
  Virtual domains are kept in maps.
 -To create single virtual address, add
 -.Dq u...@example.com user
 +To create a virtual domain, add
 +.Dq example.com kittens
  to the virtual map.
 -To handle all mail destined to any user at example.com, add
 -.Dq @example.com user
 +To create a virtual address for one user under that domain, add
 +.Dq u...@example.com user
 +to the virtual map.
 +To catch all mail destined to the domain, add
 +.Dq @example.com user
  to the virtual map.
  .Pp
  In addition to adding an entry to the virtual map,


As much as I love kittend, a variation of this will be committed shortly :-)

 
 The need to have a value for the domain key is a bit ugly.  I noticed
 the stdio backend is happy with empty values, allowing for a pretty list
 under a colon terminated domain name:
   virtual.domain:
   user1@virtual.domainuser1
   user2@virtual.domainuser2
 
   another.domain:
   user3@another.domainuser3
   user4@another.domainuser4
   ..

 Makemap doesn't like it, though.
 

Maybe we can solve that


-- 
Gilles Chehade

http://www.poolp.org/http://u.poolp.org/~gilles/

Re: smtpd and virtuals

[Henri Kemppainen]

 In manXX.tgz (since 4.8) and also on web-cgi, the smtpd.conf(5) man
 page references makemap(8) more than once ...
 ... with explicit instructions to use that man page as a guide when
 making db maps and/or understanding the format of plain maps.

 [..]

 This has been the case for over a year every single time I've looked
 at web-cgi and on multiple iterations of base ...
 ... and I've been trying very hard to exhaust myself there before coming here.

 Suffice to say this is not optimum.

I agree this isn't ideal.  On the other hand, having a system ship with
two overlapping  incompatible alternatives is a rather exceptional case,
and there's no way to automagically please everyone.  One could suggest
renaming the manuals (and binaries?) and installing them both, but that's
nasty and ugly, and probably not worth it, if one of the daemons is to
be axed anyway.

There's surely a good reason smtpd isn't the default yet, and there's
a good reason I kept hearing that smtpd isn't considered ready for
production yet, back when I started using it.  The message is rather
clear to me: you may play with it, as long as you know what you're doing,
and are okay with the possibility of problems.  Finding the manual is a
part of knowing what you're doing :-)  I can see why one could get
confused though, even if the title lines for these (installed) manuals
contain sendmail.

 If not, what can be done about users who read the man pages and have
 issues as a result?

I don't know what can be done about users, but I know what the users can
do: try figure out what is lacking or misleading, maybe contact the
developer(s), and propose a change.  Something like this:

Index: makemap.8
===
RCS file: /cvs/src/usr.sbin/smtpd/makemap.8,v
retrieving revision 1.14
diff -u -p -r1.14 makemap.8
--- makemap.8   3 Sep 2010 11:22:36 -   1.14
+++ makemap.8   10 Oct 2011 19:10:51 -
@@ -90,11 +90,14 @@ accept for domain map primary deliver 
 .Ed
 .Sh VIRTUAL DOMAINS
 Virtual domains are kept in maps.
-To create single virtual address, add
-.Dq u...@example.com   user
+To create a virtual domain, add
+.Dq example.com kittens
 to the virtual map.
-To handle all mail destined to any user at example.com, add
-.Dq @example.com   user
+To create a virtual address for one user under that domain, add
+.Dq u...@example.com user
+to the virtual map.
+To catch all mail destined to the domain, add
+.Dq @example.com user
 to the virtual map.
 .Pp
 In addition to adding an entry to the virtual map,

The need to have a value for the domain key is a bit ugly.  I noticed
the stdio backend is happy with empty values, allowing for a pretty list
under a colon terminated domain name:
  virtual.domain:
  user1@virtual.domainuser1
  user2@virtual.domainuser2

  another.domain:
  user3@another.domainuser3
  user4@another.domainuser4
  ..

Makemap doesn't like it, though.

SATA RAID card suggestions?

[Richard Johnson]

I'm looking to possibly use a SATA RAID card instead of softraid(4) on a
new amd64 PCIx or PCI express machine build.

I'm tired of rebooting into the bios for other machines with mfi(4).  So I
want to build something manageable via bio(4), bioctl(4), and maybe
sensorsd(8).  That'll either be softraid, or some kind of supported SATA
RAID card.

However, most of the card models listed in the man pages for ami(4),
ciss(4), ips(4), and arc(4) are older discontinued SCSI and PCI beasts.
ami(4) also is limited to 2TB logical volumes.

Given the whole go dark and produce driver blobs only trend in the RAID
controller business, I'm not getting my hopes up too much for a hardware
SATA RAID option, and will certainly be OK with softraid(4).

However, if you have any ideas, I'd appreciate suggestions about
manufacturers to look at for SATA RAID cards that might provide for drive
status and maintenance commands via bio(4) and bioctl(4) in OpenBSD.


Richard

Infracciones de transito pendientes

[Aviso]

Lunes 10 de octubre del 2011, Buenos Aires Republica Argentina

Estimado contribuyente:

Detectamos en nuestro Sistema Integrado de Multas de transito (SIMT)
varias infracciones cometidas por su vehiculo. Debido a que usted no se
notifico en el tribunal de faltas correspondiente le reenviamos las
Foto-multas via internet

Si usted no regulariza las infracciones correspondientes en los proximos
90 dias a partir de la fecha de emision de este comunicado, su vehiculo
sera informado como deudor y pasara a formar parte del Veraz, conforme
Ley  n 12.799 de 1/04/2009

La inclusion de su vehiculo en el Veraz le impedira la venta regular de
su vehiculo por 2 aqos en la Republica Argentina

Adjuntamos en este informe las infracciones realizadas:  FOTO 1- FOTO 2 -
FOTO 3

(Articulo 157,  7 de Afip y articulo 2 y 7 de Resolucion n 149/03 -
ARBA)  El propietario del vehiculo queda notificado por este medio

Todas aquellas actas labradas con anterioridad a las fechas especificadas
seguiran bajo la orbita de la Unidad Administrativa de Control de Faltas

Re: SATA RAID card suggestions?

[Ryan Corder]

On Mon, Oct 10, 2011 at 02:16:47PM -0600, Richard Johnson wrote:
| I'm looking to possibly use a SATA RAID card instead of softraid(4) on a
| new amd64 PCIx or PCI express machine build.
|
| I'm tired of rebooting into the bios for other machines with mfi(4).  So I
| want to build something manageable via bio(4), bioctl(4), and maybe
| sensorsd(8).  That'll either be softraid, or some kind of supported SATA
| RAID card.
|
| However, most of the card models listed in the man pages for ami(4),
| ciss(4), ips(4), and arc(4) are older discontinued SCSI and PCI beasts.
| ami(4) also is limited to 2TB logical volumes.

I've had great success with the Areca ARC-1210.

  http://www.areca.com.tw/products/pcie.htm


--
Ryan Corder  || () ASCII ribbon campaign
ryanc at greengrey.org || /\  against HTML email
http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEE37813

[demime 1.01d removed an attachment of type application/pgp-signature]

Foro Empresarial 2da Edición. Estrategias Empresariales rumbo al 2012.

[Lic. Cindy Olivas]

[IMAGE]
Pms de Mixico prestigiada firma de Capacitacisn presenta:
Foro Empresarial 2011 2da Edicisn Personal Branding, MKT y Medios
Creativos, Planeacisn
Un foro donde convergen lmderes de Marketing, Management, P.E., Coaching.
Engel Fonseca Liderazgo 2.0, Eframn Mendicuti Personal Branding, Ariel
Valero Planeacisn Estratigica, Sergio Villalobos Marketing para nuevos
consumidores.
Presentacisn Exclusiva: 28 de Noviembre Ciudad de Mixico
Tarifa de Preventa hasta 31 Octubre 2011.
Empresa Registrada ante la STPS
Smguenos en Twitter@pmscapacitacion o bien en Facebook PMS de Mixico,
Neuronadigital Radio.

!Solicite Mayores Informes! Por favor responda este e-mail con los datos
siguientes.
Empresa:
Nombre:
Telifono:
Email:
Nzmero de Interesados:
En breve recibira la informacisn completa de este inigualable evento.
Comunmquese a los telifonos y con gusto uno de nuestros ejecutivos le
atendera.
Telifonos: (0133) 8851-2365, (0133) 8851-2741.
Copyright (C) 2011, PMS Capacitacisn Efectiva de Mixico  S.C. Derechos
Reservados. PMS de Mixico, El logo de PMS de Mixico son marcas
registradas. ADVERTENCIA PMS de Mixico no cuenta con alianzas
estratigicas de ningzn tipo dentro de la Republica Mexicana. NO SE DEJE
ENGAQAR - DIGA NO A LA PIRATERIA. Todos los logotipos, marcas comerciales
e imagenes son propiedad de sus respectivas corporaciones y se utilizan
con fines informativos solamente.

Este Mensaje ha sido enviado a misc@openbsd.org  /span como usuario de
Pms de Mixico o bien un usuario le refiris para recibir este boletmn.
Como usuario de Pms de Mixico, en este acto autoriza de manera expresa
que Pms de Mixico le puede contactar vma correo electrsnico u otros
medios.
Si usted ha recibido este mensaje por error, haga caso omiso de el y
reporte su cuenta respondiendo este correo con el subject BAJAFORO2
Unsubscribe to this mailing list, reply a blank message with the subject
UNSUBSCRIBE BAJAFORO2
Tenga en cuenta que la gestisn de nuestras bases de datos es de suma
importancia y no es intencisn de la empresa la inconformidad del
receptor.

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
imageforo nov001.jpg]

Re: 4.9 build problems

[Stuart Henderson]

On 2011-10-10,  ??? chipits...@gmail.com wrote:
 DESTDIR was the reason of mess.
 unset DESTDIR solved the problem

Ah yes, DESTDIR is not supported for building (and doesn't work on the gcc4 
arches).

Next time you show your process it helps if you don't miss out important
things like that..

 On 2011-10-10,  ??? chipits...@gmail.com wrote:
 server is 4.9/amd64
 source is CVS/4.9


 cd /usr/src
 make build

Re: Help setting up a PF NAT gateway

[Stefan N]

Hi Stefan,

As you mentioned that the IP forwarding is already enabled on your
system.
Have you configured the IP alias on the network interface for the NAT
purpose?
If the NAT is done on external interface then you'll need to add in
the IP alias on /etc/hostname.vic2

Please read the guide from openbsd url
below:http://www.openbsd.org/cgi-bin/man.cgi?query=hostname.ifapropos=0sekt
ion=0manpath=OpenBSD+4.9arch=i386format=html

Sample of hostname.if config
with IP alias: 

A typical file contains only one line, but more extensive
files are possible, for example: inet 10.0.1.12 255.255.255.0 10.0.1.255 media
100baseTX description Uplink inet alias 10.0.1.13 255.255.255.255 10.0.1.13
inet alias 10.0.1.14 255.255.255.255 NONE inet alias 10.0.1.15 255.255.255.255
inet alias 10.0.1.16 0x # This is an example comment line. inet6 alias
fec0::1 64 inet6 alias fec0::2 64 anycast !route add 65.65.65.65 10.0.1.13 up
I hope it helps.

Regards,
Stefan




From:
Stefan Midjich sweh...@gmail.com
To: Mark (obsd) openbsd-l...@nerdish.us
Cc: misc@openbsd.org
Sent: Tuesday, October 11, 2011 2:06 AM
Subject: Re: Help
setting up a PF NAT gateway

Yes forwarding is enabled. I have followed the
Book of PF 2nd Edition so far.

2011/10/10 Mark (obsd)
openbsd-l...@nerdish.us:
 Hi Stefan,

 On Mon, Oct 10, 2011 at 10:38 AM,
Stefan Midjich sweh...@gmail.com wrote:

 Simplest of things but I'm
failing miserably.

 ...

 With tcpdump I can see packets going to
vic3, but no further.


 Do you definitely have forwarding enabled?
 #
sysctl net.inet.ip.forwarding
 net.inet.ip.forwarding=1
 It that were 0
instead of 1, you'd get your symptoms.  Edit
/etc/sysctl.conf
 to enable
forwarding if you haven't.
 Regards,
 Mark



--


Med vdnliga hdlsningar /
With kind regards

Stefan Midjich

Re: android's adb

[joshua stein]

(this should probably be on ports@)

 with more and more android phones around,
 it would be nice to have a working 'adb'
 to make backups and push custom ROMs on the devices.
 
 i found an older adb linux exectuble in their SDK archives.
 it can be started under linux emulation, but that's about it:

i just looked at the code and was able to get most of it to compile
on openbsd, except the usb stub (usb_libusb.c) which requires
libusb-1.0.  we only have libusb-0.1 in our ports tree, which uses
the old api, and the new api has changed pretty much everything.

Re: SATA RAID card suggestions?

[Richard Johnson]

On Mon, 10 Oct 2011 14:50:45 -0700, Ryan Corder wrote:
 On Mon, Oct 10, 2011 at 02:16:47PM -0600, Richard Johnson wrote:
 I've had great success with the Areca ARC-1210.

   http://www.areca.com.tw/products/pcie.htm

Wups, I was apparently too tired last night to find the Areca cards, though
I could have sworn I'd studied the arc(4) man page.  That is, until I
reviewed it again this evening after receiving your response.

Thanks for getting me pointed in the right direction.

Now to find one in stock.


Richard

Re: The OpenBSD user community needs to shake things up

[Ted Unangst]

On Mon, Oct 10, 2011, Alexey E. Suslikov wrote:
 Marc Espie espie at nerim.net writes:
 

 Don't blame the tools. Blame the *people* who don't test.
 
 I wonder why jasper@ went to github if mailing lists are
 good enough.

ports and base are different enough I don't think we should immediately
draw any conclusions.  ports didn't use the bug tracker even when there
was one

 And you didn't respond on dead bug-tracker issue: if people
 test where is a place to put results?

That has an easy answer.   If it works, mail the author.  If it doesn't
work, mail the list.

Wichtig: Ihr ClickandBuy-Konto ist zeitlich begrenzt!

[ClickandBuy Konten Aktuelles]

Sehr geehrtes Mitglied ClickandBuy,

Aufgrund der Online-Betrug, erhvhter ClickandBuy 
Sicherheitssysteme f|r alle Benutzer.
So aktualisieren Sie Ihr Konto mit der neuen Sicherheitsma_nahmen 
laden Sie bitte das beigef|gte Formular aus und befolgen Sie alle 
Schritte.

Wichtig: Wenn Sie nicht ausf|llen des Formulars, wird Ihr Konto 
eingeschrdnkt werden.

Danke f|r Ihr Verstdndnis,

Copyright 2011 ClickandBuy. Alle Rechte vorbehalten.

[demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a 
name of ClickandBuy_Form.17965DEFANGED-html]

Only noise from Azalia

[Jairo Souto]

I can get only noise from the audio of a notebook Acer Aspire
5820T-6825. dmesg, audioctl and mixerctl are attached.

Any advice? Thank you.

--Jairo
dmesg

OpenBSD 4.9 (GENERIC.MP) #819: Wed Mar  2 06:57:49 MST 2011
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error 80clock_battery
real mem = 3008843776 (2869MB)
avail mem = 2914725888 (2779MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe9460 (51 entries)
bios0: vendor INSYDE version V1.23 date 12/21/2010
bios0: Acer Aspire 5820T
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP ASF! HPET APIC MCFG SLIC BOOT ASPT WDAT SSDT
acpi0: wakeup devices EHC1(S3) EHC2(S3) PXSX(S4) RP01(S4) PXSX(S4) PXSX(S4) 
PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz, 2660.90 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: apic clock running at 133MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz, 2660.46 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu1: 256KB 64b/line 8-way L2 cache
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz, 2660.46 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu2: 256KB 64b/line 8-way L2 cache
cpu3 at mainbus0: apid 5 (application processor)
cpu3: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz, 2660.46 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu3: 256KB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 2
acpimcfg0 at acpi0 addr 0xf000, bus 0-127
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P2)
acpiprt2 at acpi0: bus 3 (P0P1)
acpiprt3 at acpi0: bus 1 (RP01)
acpiprt4 at acpi0: bus -1 (RP02)
acpiprt5 at acpi0: bus -1 (RP03)
acpiprt6 at acpi0: bus -1 (RP04)
acpiprt7 at acpi0: bus -1 (RP05)
acpiprt8 at acpi0: bus -1 (RP07)
acpiprt9 at acpi0: bus -1 (RP08)
acpiprt10 at acpi0: bus -1 (PEG3)
acpiprt11 at acpi0: bus -1 (PEG5)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C1, PSS
acpicpu1 at acpi0: C3, C1, PSS
acpicpu2 at acpi0: C3, C1, PSS
acpicpu3 at acpi0: C3, C1, PSS
acpitz0 at acpi0: critical temperature 105 degC
acpibat0 at acpi0: BAT1 model AS10B3E serial 7F5A type LION oem SANYO
acpiac0 at acpi0: AC unit online
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: LID0
acpibtn2 at acpi0: SLPB
acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: LCD_
acpivideo1 at acpi0: VGA_
cpu0: Enhanced SpeedStep 2660 MHz: speeds: 2667, 2666, 2533, 2399, 2266, 2133, 
1999, 1866, 1733, 1599, 1466, 1333, 1199 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 Intel Core Host rev 0x18
vga1 at pci0 dev 2 function 0 Intel Mobile HD graphics rev 0x18
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xc000, size 0x1000
inteldrm0 at vga1: apic 2 int 16 (irq 7)
drm0 at inteldrm0
Intel 3400 MEI rev 0x06 at pci0 dev 22 function 0 not configured
ehci0 at pci0 dev 26 function 0 Intel 3400 USB rev 0x05: apic 2 int 16 (irq 7)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 Intel 3400 HD Audio rev 0x05: apic 2 int 22 
(irq 11)
azalia0: codecs: Realtek ALC269, Intel/0x2804, using Realtek ALC269
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 Intel 3400 PCIE rev 0x05: apic 2 int 17 (irq 
255)
pci1 at ppb0 bus 1
Attansic Technology L1D rev 0xc0 at pci1 dev 0 function 0 not configured
ppb1 at pci0 dev 28 function 5 Intel 3400 PCIE rev 0x05: apic 2 int 16 (irq 
255)
pci2 at ppb1 bus 2
Broadcom BCM43225 rev 0x01 at pci2 dev 0 function 0 not configured
ehci1 at pci0 dev 29 function 0 Intel 3400 USB rev 0x05: apic 2 int 23 (irq 
11)
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb2 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xa5
pci3 at ppb2 bus 3
pcib0 at pci0 dev 31 function 0 Intel HM55 LPC rev 0x05
ahci0 at pci0 dev 31 function 2 Intel 3400 AHCI rev 0x05: apic 2 int 19 

Re: Help setting up a PF NAT gateway

[Stefan Midjich]

No I was not aware of this. Could you please explain the meaning of an
alias address on the external interface for NAT?

There is no mention of using an alias for NAT in this document for
example http://www.openbsd.org/faq/pf/nat.html

Just to be clear, I already have an external and internal physical
interface to work with, so I am unclear as to why I need an alias.

2011/10/11 Stefan N stefanbsd...@yahoo.com:
 Hi Stefan,
 As you mentioned that the IP forwarding is already enabled on your system.
 Have you configured the IP alias on the network interface for the NAT
 purpose?
 If the NAT is done on external interface then you'll need to add in the IP
 alias on /etc/hostname.vic2
 Please read the guide from openbsd url below:

http://www.openbsd.org/cgi-bin/man.cgi?query=hostname.ifapropos=0sektion=0;
manpath=OpenBSD+4.9arch=i386format=html
 Sample of hostname.if config with IP alias:

  A typical file contains only one line, but more extensive files are
  possible, for example:

   inet 10.0.1.12 255.255.255.0 10.0.1.255 media 100baseTX description
 Uplink
   inet alias 10.0.1.13 255.255.255.255 10.0.1.13
   inet alias 10.0.1.14 255.255.255.255 NONE
   inet alias 10.0.1.15 255.255.255.255
   inet alias 10.0.1.16 0x
   # This is an example comment line.
   inet6 alias fec0::1 64
   inet6 alias fec0::2 64 anycast
   !route add 65.65.65.65 10.0.1.13
   up

 I hope it helps.
 Regards,
 Stefan
 
 From: Stefan Midjich sweh...@gmail.com
 To: Mark (obsd) openbsd-l...@nerdish.us
 Cc: misc@openbsd.org
 Sent: Tuesday, October 11, 2011 2:06 AM
 Subject: Re: Help setting up a PF NAT gateway

 Yes forwarding is enabled. I have followed the Book of PF 2nd Edition so
 far.

 2011/10/10 Mark (obsd) openbsd-l...@nerdish.us:
 Hi Stefan,

 On Mon, Oct 10, 2011 at 10:38 AM, Stefan Midjich sweh...@gmail.com
 wrote:

 Simplest of things but I'm failing miserably.

 ...

 With tcpdump I can see packets going to vic3, but no further.


 Do you definitely have forwarding enabled?
 # sysctl net.inet.ip.forwarding
 net.inet.ip.forwarding=1
 It that were 0 instead of 1, you'd get your symptoms.  Edit
 /etc/sysctl.conf
 to enable forwarding if you haven't.
 Regards,
 Mark



 --


 Med vdnliga hdlsningar / With kind regards

 Stefan Midjich







--


Med vdnliga hdlsningar / With kind regards

Stefan Midjich

CVS

[Giridhari]

Why does it say on http://www.openbsd.org/anoncvs.html

  a.. NOTE: If you are updating a source tree that you initially fetched from
a different server, or from a CD, you must add the -d
anon...@anoncvs.ca.openbsd.org:/cvs options to cvs.
# cd /usr/src
# cvs -d anon...@anoncvs.ca.openbsd.org:/cvs -q up -Pd
Why But this is not mentioned on
http://www.openbsd.org/faq/faq5.html#BldGetSrc in the section on Pre-loading
the tree ?