Re: Multihomed openbsd firewall with squid and dansguardian
On Fri, Sep 14, 2012 at 11:21 AM, Stuart Henderson s...@spacehopper.orgwrote:
On 2012-09-13, What you get is Not what you see wygin...@gmail.com
wrote:
# Route-to rules for load balancing
pass in on $intif inet proto tcp from $lannet route-to { ($extif1
$gw1), ($extif2 $gw2) } round-robin modulate state
pass in on $intif inet proto udp from $lannet route-to { ($extif1
$gw1), ($extif2 $gw2) } round-robin modulate state
pass in on $intif inet proto icmp from $lannet route-to { ($extif1
$gw1), ($extif2 $gw2) } round-robin modulate state
These are the only rules you have which actually direct traffic out
of multiple interfaces. The other route-to rules you posted only ensure
that traffic goes out of the interface corresponding to the source address.
Your rules only apply to *incoming* traffic, you don't have any similar
rules for outgoing traffic from the firewall itself, that is what you'd
need
to add.
Could you explicitly give the outgoing rules? I didnt understand to write a
rule for firewall itself.
Will it be something like this
pass out inet proto tcp from self route-to { ($extif1 $gw1), ($extif2
$gw2) } round-robin modulate state
isakmpd nat problem with openBSD 5.2
After I upgraded from openBSD 4.6 to 5.2 I have the following problem with isakmpd+nat when the remote side is behind a NAT gateway: openBSD Phase 1 recognizes NAT and switches to port 4500 to send the ID information. openBSD Phase 2 then tries to negotiate TUNNEL mode, but the remote side rejects this with 'no proposal chosen'. The remote side's log says something like 'expected 'UDP Encapsulated TUNNEL', got 'TUNNEL' I believe that I never saw 'UDP_ENCAP_TUNNEL' in tcpdump of isakmpd.pcap where I was on 4.6. Why did it work with 4.6 and not with 5.2? Best Regards / Mit freundlichen Grüßen Christoph
Les Concerts à Venir !!!
LA NICHE ... DU CHIEN A PLUMES /// Programmation à venir /// 21/09 : BARCELLA (chanson) + TOCKART (festif) Après avoir mis le feu en cloture du Cabaret Vert, Barcella vient nous présenter son nouvel album. Les Tockart, eux, avait enflammé le Rolling Saone. Une magnifique soirée en perspective 06/10 : NTTF fête ses 15 ans NTTF senfermera une semaine à la Niche afin de proposer au public un spectacle à la hauteur de cet anniversaire. De nombreuses surprises sont à prévoir. 20/10 : INSPECTOR CLUZO THE FB HORNS (fusion) + HUCK (pop) The Inspector Cluzo est un étourdi et frondeur duo de batterie et guitare composé, capable de joindre le rock des années 70 avec le funk, le groove et le soul, un mélange explosif avec lequel ils remportent le prix au duo le plus funky.Ils seront cette fois ci accompagnée par les FB' s Horns. Y-a til encore des prétendants sérieux pour faire rimer rock et français ? La question se pose de façon plus ou moins évidente alors que la majorité des nouvelles têtes dans le paysage de la scène française ont fait le choix de se conformer aux règles de la langue anglaise HucK est peut être la réponse. 09/11 : LA RUDA (tournée dadieu) + NONOLIMITE (rock) Après près de 20 années au service de la scène rock métissée, La Ruda (ex Salska) annonce sa dissolution pour la fin 2012. Une fin fêtée comme il se doit par une dernière tournée ! NONOLIMITE les PSYCHO POTES font de la CHANSON et/ou du ROCK. Ils mélangent les styles sans compromis, ni état-d'âme! 17/11 : MANIACX (hip hop délire) + YA-OURT (one man hip hop band) Ce phénomène maîtrise parfaitement toutes les méthodes pour faire bouger les masses et si Maniacx nexistait pas la musique de Flik Flak serait prédestiné pour un groupe de rock dont Bob lEponge, Dr. Globule Bart Simpson en seraient les musiciens. Ya-Ourt, quant à lui explore lunivers du beat box et nous délivre un hip hop soul de haute volée. 23/11 : BOULEVARD DES AIRS (festif) + 1° PARTIE Boulevard des Airs est la rencontre pétaradante de la chanson à texte avec le rock et la world toutes tendances confondues. Le collectif plus ou moins élastique qui débarque au début de la décennie écume les scènes de l'Hexagone et croise en route une section de cuivres et Manu Chao. La jeune troupe ouverte aux quatre vents rencontre enfin le succès. RENS : 03.25.88.78.82 / www.laniche.fr Veuillez me retirer de votre liste de diffusion
Re: boot panic with qemu, -current guest on a Linux host
Chris Cappuccio, 2012-08-31 21:44:32:
somehow, your computer thinks C3_CPUID_HAS_RNG is valid, which would mean you
are \
running the via_nano_setup routine, which means your cpu model is VIA Nano \
processor, which is all just wrong. wtf?
OpenBSD 5.2-current (GENERIC.MP) #6: Mon Aug 27 20:40:45 MDT 2012
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: AMD Phenom(tm) II X4 B50 Processor (AuthenticAMD 686-class, 512KB
L2 cac
he) 3.11 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
LUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,FFXSR,3DNOW2,3DNOW,SSE3,CX16,POPCNT,LAHF,CMPLEG,
SVM,AMCR8,ABM,SSE4A,MASSE,3DNOWP
real mem = 536395776 (511MB)
avail mem = 516698112 (492MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 06/23/99, BIOS32 rev. 0 @ 0xff046,
SMBIOS
rev. 2.4 @ 0xfd900 (11 entries)
bios0: vendor Bochs version Bochs date 01/01/2007
bios0: Bochs Bochs
acpi0 at bios0: rev 0
acpi0: sleep states S3 S4 S5
acpi0: tables DSDT FACP SSDT APIC HPET
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
acpihpet0 at acpi0: 1 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
mpbios0 at bios0: Intel MP Specification 1.4
cpu0 at mainbus0: apid 0 (boot processor)
kernel: protection fault trap, code=0
Stopped at viac3_rnd+0x9f: rdmsr
viac3_rnd(d0b025a0,d09e3268,d08f384b,3,4) at viac3_rnd+0x9f
amd64_errata(d0b025a0,d0b025a0,d0f8,d078eb77,d0b025a0) at
amd64_errata+0xb9
cpu_init(d0b025a0,0,2000,0,d0bbbc04) at cpu_init+0x19
cpu_attach(d164bfc0,d155e400,d0bbbc4c,d03ee29b,d078de30) at cpu_attach+0x297
config_attach(d164bfc0,d09d45c0,d0bbbc4c,d078cb20,800,0,0,d08f3129,0,1,d09f21c0
,100f42,78bfbff) at config_attach+0x1bb
mpbios_cpu(f51a5a9c,d16737c0,2,1,2) at mpbios_cpu+0x85
mpbios_scan(d16737c0,d16737c0,d0bbbd60,d03ee29b,0) at mpbios_scan+0x2dc
config_attach(d164bf80,d09d45a0,d0bbbd60,d0789d30,b) at config_attach+0x1bb
biosattach(d164bfc0,d164bf80,d0bbbe58,d03ee29b,0) at biosattach+0x517
config_attach(d164bfc0,d09d4560,d0bbbe58,d05afb60,3000) at
config_attach+0x
1bb
ddb{0}
The host has an AMD Phenom(tm) II X4 B50 Processor.
The guest OpenBSD tries to boot a -current bsd.mp. This works with other
cpu types specified (like kvm32, or qemu32...), I just wanted to try out
if the guest would be faster with the 'phenom' or 'host' cpu type.
Since it works with -stable (5.1), I'm attaching the -stable dmesg, maybe it
tells something to someone :)
Is there a commit, around which I should look, and try out reverting some
things that might pinpoint the change since -stable that triggers this
problem?
OpenBSD 5.1 (GENERIC.MP) #188: Sun Feb 12 09:55:11 MST 2012
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: AMD Phenom(tm) II X4 B50 Processor (AuthenticAMD 686-class, 512KB L2
cache) 3.11 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,FFXSR,3DNOW2,3DNOW,SSE3,CX16,POPCNT,LAHF,SVM,ABM,SSE4A
real mem = 536399872 (511MB)
avail mem = 517509120 (493MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 06/23/99, BIOS32 rev. 0 @ 0xff046, SMBIOS
rev. 2.4 @ 0xfd8c0 (11 entries)
bios0: vendor Bochs version Bochs date 01/01/2011
bios0: Bochs Bochs
acpi0 at bios0: rev 0
acpi0: sleep states S3 S4 S5
acpi0: tables DSDT FACP SSDT APIC HPET SSDT
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
acpihpet0 at acpi0: 1 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
mpbios0 at bios0: Intel MP Specification 1.4
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 1009MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Phenom(tm) II X4 B50 Processor (AuthenticAMD 686-class, 512KB L2
cache) 3.14 GHz
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,FFXSR,3DNOW2,3DNOW,SSE3,CX16,POPCNT,LAHF,SVM,ABM,SSE4A
mpbios0: bus 0 is type PCI
mpbios0: bus 1 is type ISA
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins
bios0: ROM list: 0xc/0x8c00 0xc9000/0xa00 0xca000/0x2400 0xee800/0x1800!
vmt0 at mainbus0
vmware: open failed, eax=564d5868, ecx=001e, edx=5658
vmt0: failed to open backdoor RPC channel (TCLO protocol)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82441FX rev 0x02
pcib0 at pci0 dev 1 function 0 Intel 82371SB ISA rev 0x00
pciide0 at pci0 dev 1 function 1 Intel 82371SB IDE rev 0x00: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: QEMU HARDDISK
wd0: 16-sector PIO, LBA48, 15360MB, 31457280 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: QEMU,
RE:TE:360-0416/360-3673-SOL-PISCINAS-RESTAURANTS-BUNGALOWS-SALONES DE CONFERENCIAS-ESPARCIMIENTO-PVBLIC_I_DAD
[IMAGE] VIERNES,SABADO,DOMINGO VENGAN A PASAR EL DIA CON NOSOTROS HAGA SU RESERVA. (Dias de semana, previa llamada telefonica) 360-0416 /360-3673 /360-2189 BUNGALOWS PARA 2 PERSOMAS DESDE 120 SOLES * VEINTE MIL M2 DE AREAS VERDES * ALQUILER DE BUNGALOWS * RESTAURANT,BAR,POLLOS A LA LEÑA,ALQUILER DE PARRILLAS * PISCINAS,PISCINA PARA NIÑOS,CANCHA DE FULBITO,PALETA FRONTON,VOLEY * PING PONG,BILLAR,FULBITO DE MANO,JUEGOS DE MESA * SUBIBAJA,CAMA ELASTICA,COLUMPIOS,PASAMANOS * EXCELENTE MICROCLIMA Y SOL TODO EL AÑO · DISPONEMOS DE EQUIPO DE KARAOKE * AREA DE CAMPING,CONSULTENOS INVITA A TU FAMILIA Y/O AMIGOS. ATENDEMOS COLEGIOS,RETIROS,CUMPLEAÑOS,FIESTAS INFANTILES, ALMUERZOS DE CAMARADERÍA,CONVENCIONES O EMPRESAS LOS ESTAREMOS ESPERANDO GUSTOSOS DE PODER ATENDERLOS. DIRECCION:AV EL BOSQUE 401 URBANIZACION CALIFORNIA ALTA,PASANDO CHACLACAYO ANTES DEL PUENTE LOS ANGELES NO LO CRUCE, SIGA DE FRENTE,PARALELO AL RIO. SIGA 2KM (TENEMOS SEÑALIZACION CARTELES FLECHAS DESDE 3.3KM ANTES. TELEFONOS:3603673,3600416 SI USTED TIENE INTERES EN QUE LE ENVIEMOS VISTAS DE NUESTRO LOCAL ENVIENOS UN E-MAILS SOLICITANDO FOTOS E-MAIL: laslade...@hotmail.com Si solo desea pasar el día, hay un consumo mínimo de S/. 30.00 por persona adulta. El alquiler de parrilla: US. $ 10.00 ( Carbon, utensilios y todo tipo de salsas ) Aceptamos Tarjetas de Crédito ( Master Card, Visa, Diners Club.American Express y Ripley ). Para mayor información y reservaciones sírvase llamar a nuestros teléfonos 3603673 - 3600416 Atentamaente jonattan otero LIMA-PERU LAS LADERAS DE CALIFORNIA AGRADECE LA RECEPCION DE NUESTRO E-MAIL. Para no volver a recibir estos mensajes responda por favor escribiendo a: laderasremoi...@mixmail.com REMOVER Y SERA REMOVIDO A LA BREVEDAD MUCHAS GRACIAS SI NO SE MOSTRASEN LAS IMAGENES POR FAVOR HACER CLICK EN EL SIGUIENTE LINK: http://perso.gratisweb.com/elpalmo112/empresas.doc
Re: boot panic with qemu, -current guest on a Linux host
On szo, szept 15, 2012 at 22:49:42 +0200, LEVAI Daniel wrote:
[...]
OpenBSD 5.2-current (GENERIC.MP) #6: Mon Aug 27 20:40:45 MDT 2012
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: AMD Phenom(tm) II X4 B50 Processor (AuthenticAMD 686-class, 512KB
L2 cac
he) 3.11 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
LUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,FFXSR,3DNOW2,3DNOW,SSE3,CX16,POPCNT,LAHF,CMPLEG,
SVM,AMCR8,ABM,SSE4A,MASSE,3DNOWP
real mem = 536395776 (511MB)
avail mem = 516698112 (492MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 06/23/99, BIOS32 rev. 0 @ 0xff046,
SMBIOS
rev. 2.4 @ 0xfd900 (11 entries)
bios0: vendor Bochs version Bochs date 01/01/2007
bios0: Bochs Bochs
acpi0 at bios0: rev 0
acpi0: sleep states S3 S4 S5
acpi0: tables DSDT FACP SSDT APIC HPET
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
acpihpet0 at acpi0: 1 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
mpbios0 at bios0: Intel MP Specification 1.4
cpu0 at mainbus0: apid 0 (boot processor)
kernel: protection fault trap, code=0
Stopped at viac3_rnd+0x9f: rdmsr
viac3_rnd(d0b025a0,d09e3268,d08f384b,3,4) at viac3_rnd+0x9f
amd64_errata(d0b025a0,d0b025a0,d0f8,d078eb77,d0b025a0) at
amd64_errata+0xb9
cpu_init(d0b025a0,0,2000,0,d0bbbc04) at cpu_init+0x19
cpu_attach(d164bfc0,d155e400,d0bbbc4c,d03ee29b,d078de30) at
cpu_attach+0x297
config_attach(d164bfc0,d09d45c0,d0bbbc4c,d078cb20,800,0,0,d08f3129,0,1,d09f21c0
,100f42,78bfbff) at config_attach+0x1bb
mpbios_cpu(f51a5a9c,d16737c0,2,1,2) at mpbios_cpu+0x85
mpbios_scan(d16737c0,d16737c0,d0bbbd60,d03ee29b,0) at mpbios_scan+0x2dc
config_attach(d164bf80,d09d45a0,d0bbbd60,d0789d30,b) at
config_attach+0x1bb
biosattach(d164bfc0,d164bf80,d0bbbe58,d03ee29b,0) at biosattach+0x517
config_attach(d164bfc0,d09d4560,d0bbbe58,d05afb60,3000) at
config_attach+0x
1bb
ddb{0}
The host has an AMD Phenom(tm) II X4 B50 Processor.
[...]
Well, who knew; even a broken watch is right two times a day :)
I've started to rummage through the openbsd-cvs mails, and searched for
a similar commit, and after 'viac3_rnd' didn't yield much result, the
next search, 'amd64_errata' was fruitful.
There were two commits back in March by jsg@, namely to
sys/arch/i386/i386/amd64errata.c(r1.3) and
sys/arch/i386/include/specialreg.h(r1.41) about some workaround for AMD.
Reverting these two little patches solved this issue on the i386 guest:
--- src/sys/arch/i386/include/specialreg.h 2011/11/03 00:53:44 1.40
+++ src/sys/arch/i386/include/specialreg.h 2012/03/27 06:59:46 1.41
@@ -1,4 +1,4 @@
-/* $OpenBSD: specialreg.h,v 1.40 2011/11/02 23:53:44 jsg Exp $ */
+/* $OpenBSD: specialreg.h,v 1.41 2012/03/27 05:59:46 jsg Exp $ */
/* $NetBSD: specialreg.h,v 1.7 1994/10/27 04:16:26 cgd Exp $ */
/*-
@@ -305,6 +305,9 @@
#define MSR_GSBASE 0xc101 /* 64bit offset for gs: */
#define MSR_KERNELGSBASE 0xc102/* storage for swapgs ins */
#define MSR_INT_PEN_MSG0xc0010055 /* Interrupt pending
message */
+
+#define MSR_DE_CFG 0xc0011029 /* Decode Configuration */
+#defineDE_CFG_721 0x0001 /* errata 721 */
#define IPM_C1E_CMP_HLT0x1000
#define IPM_SMI_CMP_HLT0x0800
--- src/sys/arch/i386/i386/amd64errata.c2008/06/26 06:42:10 1.2
+++ src/sys/arch/i386/i386/amd64errata.c2012/03/27 06:59:46 1.3
@@ -1,4 +1,4 @@
-/* $OpenBSD: amd64errata.c,v 1.2 2008/06/26 05:42:10 ray Exp $ */
+/* $OpenBSD: amd64errata.c,v 1.3 2012/03/27 05:59:46 jsg Exp $ */
/* $NetBSD: errata.c,v 1.6 2007/02/05 21:05:45 ad Exp $*/
/*-
@@ -64,6 +64,8 @@ typedef struct errata {
typedef enum cpurev {
BH_E4, CH_CG, CH_D0, DH_CG, DH_D0, DH_E3, DH_E6, JH_E1,
JH_E6, SH_B0, SH_B3, SH_C0, SH_CG, SH_D0, SH_E4, SH_E5,
+ DR_BA, DR_B2, DR_B3, RB_C2, RB_C3, BL_C2, BL_C3, DA_C2,
+ DA_C3, HY_D0, HY_D1, HY_D1_G34R1, PH_E0, LN_B0,
OINK
} cpurev_t;
@@ -78,6 +80,11 @@ static const u_int cpurevs[] = {
SH_CG, 0xf4a, SH_CG, 0xf5a, SH_CG, 0xf7a,
SH_D0, 0x0010f40, SH_D0, 0x0010f50, SH_D0, 0x0010f70,
SH_E4, 0x0020f51, SH_E4, 0x0020f71, SH_E5, 0x0020f42,
+ DR_BA, 0x0100f2a, DR_B2, 0x0100f22, DR_B3, 0x0100f23,
+ RB_C2, 0x0100f42, RB_C3, 0x0100f43, BL_C2, 0x0100f52,
+ BL_C3, 0x0100f53, DA_C2, 0x0100f62, DA_C3, 0x0100f63,
+ HY_D0, 0x0100f80, HY_D1, 0x0100f81, HY_D1_G34R1, 0x0100f91,
+ PH_E0, 0x0100fa0, LN_B0, 0x0300f10,
OINK
};
@@ -117,6 +124,11 @@ static const uint8_t amd64_errata_set8[] = {
SH_D0, SH_D0, SH_D0, SH_E4, SH_E4, SH_E5, OINK
};
+static const uint8_t
