Re: Route Bad address or network unreacheable
Cesar Calvo admin at urulab.com writes: All packets from net1 ip are delivery via 190.64.x.x gateway. But on openbsd, route syntax is different. I have hostname.em0 with: inet 200.124.200.125 255.255.255.248 none !route add 190.64.x.x -iface em0 Above route add syntax seems strange to me. Man page says route add -inet 192.168.5.0/24 192.168.0.1 Also, there is a -host modifier. And in mygate I put only 190.64.x.x The result is bad address and network is unreachable. You didn't show us neither ifconfig output, nor pf.conf (which may be blocking something). Haven't tried by myself, but setups with default gateway being nexthop behind interface address may require forwarding to be enabled (see /etc/sysctl.conf).
Re: Hyper-V drivers?
On Sat, May 25, 2013 at 11:28 PM, Carson Chittom car...@wistly.net wrote: Guillaume Filion g...@logidac.com writes: I did some tests with OpenBSD 5.3 running as a Hyper-V 2012 virtual machine and the performance is disappointing (see http://guillaume.filion.org/blog/archives/2013/05/openbsd_networking_performance_hyperv_2012.php for data). At the risk of sounding like an idiot, did you do anything particular in the OpenBSD configuration to make Hyper-V's Legacy Network Adapter work? I can't seem to make it do so--OpenBSD picks it up as de0, and I've configured /etc/hostname.de0 appropriately. The same Hyper-V setup works okay for me for a Linux VM. I tried same thing (openbsd 5.3 on windows 8 hyper-v) last week and networking only worked under (openbsd) i386. It didn't work under amd64. -- O ascii ribbon campaign - stop html mail - www.asciiribbon.org
Re: Hyper-V drivers?
At the risk of sounding like an idiot, did you do anything particular in the OpenBSD configuration to make Hyper-V's Legacy Network Adapter work? I can't seem to make it do so--OpenBSD picks it up as de0, and I've configured /etc/hostname.de0 appropriately. The same Hyper-V setup works okay for me for a Linux VM. I tried same thing (openbsd 5.3 on windows 8 hyper-v) last week and networking only worked under (openbsd) i386. It didn't work under amd64. I was able to get legacy networking running on amd64 with something along the lines of config -e -o /bsd /bsd disable acpi disable mpbios disable ioapic however, amd64 on hyperv was very unstable for me. I would simply freeze after a few minutes. The commands above also seems to increase i386 performance on hyperv, as the cost of losing MP.
Re: Route Bad address or network unreacheable
On 2013-05-25, Cesar Calvo ad...@urulab.com wrote: Hi people. I have a linux server a try to migrate to openbsd 5.3/amd64. I am totatly new in this amazing OS. In linux I have: - ip addr 200.124.200.125/32 dev net1 - ip route add 190.64.x.x dev net1 - ip route add default via 190.64.x.x All packets from net1 ip are delivery via 190.64.x.x gateway. But on openbsd, route syntax is different. I have hostname.em0 with: inet 200.124.200.125 255.255.255.248 none !route add 190.64.x.x -iface em0 And in mygate I put only 190.64.x.x The result is bad address and network is unreachable. See http://marc.info/?l=openbsd-miscm=134643340822363 for an example of one way you might work around this broken network configuration.
updated shared X libs missing in sparc64 snapshots from 2013-05-26
Hi, be careful with the latest x sets on sparc64 from 2013-05-26. The shared X libs which were updated recently are missing. Regards, Markus
Re: Route Bad address or network unreacheable
Hi, thanks for sharing http://marc.info/?l=openbsd-miscm=134643340822363 hostname.if: !route add -llinfo -iface -net 10.255.0.0/16 10.255.255.1 -ifp nfe0 inet 1.2.3.4 255.255.255.255 inet 1.2.4.3 255.255.255.255 ... mygate: 10.255.255.1 I change all inet values for sanbox testing before apply settings in production machine PF=no net.inet.ip.forwarding=1 My test ip is 10.1.1.1 in a usb wireless nic (urtwn0), and the gateway must be 192.168.1.1 where is a linksys router/gateway hostname.urtwn0: nwid wifi wpakey inet 10.1.1.1 255.255.255.255 !route add -llinfo -iface -net 192.168.1.0/24 192.168.1.1 -ifp urtwn0 mygate: 192.168.1.1 And the result is... Network is Unreachable and ping icmp packets are lost. urtwn0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr f8:1a:67:18:16:eb priority: 4 groups: wlan egress media: IEEE802.11 autoselect (OFDM54 mode 11g) status: active ieee80211: nwid wifi chan 1 bssid 00:25:9c:2f:43:a0 198dB wpakey not displayed wpaprotos wpa1,wpa2 wpaakms psk wpaciphers tkip,ccmp wpagroupcipher tkip inet 10.1.1.1 netmask 0xff00 broadcast 10.255.255.255 Thanks all for comments. 2013/5/26 Stuart Henderson s...@spacehopper.org On 2013-05-25, Cesar Calvo ad...@urulab.com wrote: Hi people. I have a linux server a try to migrate to openbsd 5.3/amd64. I am totatly new in this amazing OS. In linux I have: - ip addr 200.124.200.125/32 dev net1 - ip route add 190.64.x.x dev net1 - ip route add default via 190.64.x.x All packets from net1 ip are delivery via 190.64.x.x gateway. But on openbsd, route syntax is different. I have hostname.em0 with: inet 200.124.200.125 255.255.255.248 none !route add 190.64.x.x -iface em0 And in mygate I put only 190.64.x.x The result is bad address and network is unreachable. See http://marc.info/?l=openbsd-miscm=134643340822363 for an example of one way you might work around this broken network configuration.
Re: divert-to with bridge
Hi Luiz, I actually have seen that on a bridge setup I had, too. Although the divert-to points to localhost, I see the packet trying to pass out on the interface to the original destination, as your data shows, too. No idea why that's happening though. \Patrick Am 23.05.2013 um 22:45 schrieb Luiz Gustavo S. Costa luizgust...@mundounix.com.br: Hi List ! I'm trying to implement a firewall with squid TPROXY in an environment with bridge. vio0 = external if vio1 = internal if bridge0 = (vio0 + vio1) I have these rules, the connections pass through it, but nothing comes on the side of the divert-to (did tests with nc -l 3128) [17:31:25] root:logs # cat /etc/pf.conf pass in log quick on vio1 inet proto tcp from any to any port 80 divert-to 127.0.0.1 port 3128 pass out log quick on vio0 inet proto tcp from any to any port 80 divert-reply pass all [17:39:40] root:~ # pfctl -vvsr @0 pass in log quick on vio1 inet proto tcp from any to any port = 80 flags S/SA divert-to 127.0.0.1 port 3128 [ Evaluations: 92Packets: 194 Bytes: 43964 States: 1 ] [ Inserted: uid 0 pid 22438 State Creations: 21] @1 pass out log quick on vio0 inet proto tcp from any to any port = 80 flags S/SA divert-reply [ Evaluations: 49Packets: 194 Bytes: 43964 States: 1 ] [ Inserted: uid 0 pid 22438 State Creations: 21] @2 pass all flags S/SA [ Evaluations: 50Packets: 93Bytes: 13453 States: 6 ] [ Inserted: uid 0 pid 22438 State Creations: 50] [17:35:54] root:~ # tcpdump -n -e -ttt -i pflog0 tcpdump: WARNING: snaplen raised from 116 to 160 tcpdump: listening on pflog0, link-type PFLOG May 23 17:36:13.429174 rule 0/(match) pass in on vio1: 192.168.15.13.38330 74.125.234.238.80: S 2238109532:2238109532(0) win 14600 mss 1460,sackOK,timestamp 45163358 0,nop,wscale 7 (DF) tcpdump: WARNING: compensating for unaligned libpcap packets May 23 17:36:13.429228 rule 1/(match) pass out on vio0: 192.168.15.13.38330 74.125.234.238.80: S 2238109532:2238109532(0) win 14600 mss 1460,sackOK,timestamp 45163358 0,nop,wscale 7 (DF) but, command nc not receiving any packet or connection. divert-to not working with bridge ? My reference is this - http://wiki.squid-cache.org/ConfigExamples/Intercept/OpenBsdPf Thanks --- Luiz Gustavo Costa (Powered by BSD) *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ mundoUnix - Consultoria em Software Livre http://www.mundounix.com.br ICQ: 2890831 / MSN: cont...@mundounix.com.br Tel: 55 (21) 4063-7110 / 8194-1905 / (11) 4063-0407 Blog: http://www.luizgustavo.pro.br
Re: updated shared X libs missing in sparc64 snapshots from 2013-05-26
The same seems to be the case for amd64. Anyway, spite error warnings, X works. Zoran
Re: Seeking GUI refuge
Hi, On 05/26/13 05:21, Patrick Mc(avery wrote: I am still on Linux on my primary desktop. I loaded a few GNUstep apps from the repos, your right, they don't look that bad and yes, I am sure they can be tweaked even if they did. Your sleek theme looks very promising. :) good. Yes plotting widgets are really helpful. I just need to target X86 or 64 bit cousin. I hope yo may find a use for them. I'm not a fan of HTML-5 interfaces or any stuff going through a browser, I prefer traditional stuff :) GNUstep is well tested on 32 and 64bit, it has recently undergone thorough testing and upgrading for that. little and big-endina work fine too. OresmeKit follows the same rule and is programmed with care, should you however use it and experience 64bit problems, just tell me, since I mainly develop on 32bit. Thanks for all your time and help A pleasure. Perhaps you will find it useful. Currently, since I need to display 24h monitoring data which is not strictly x-y I am working on extending the Kit's charting capability, including grid drawing with auto-resizing. Have fun. Riccardo
Re: Route Bad address or network unreacheable
On 2013/05/26 12:52, Cesar Calvo wrote: Hi, thanks for sharing http://marc.info/?l=openbsd-miscm=134643340822363 hostname.if: !route add -llinfo -iface -net 10.255.0.0/16 10.255.255.1 -ifp nfe0 inet 1.2.3.4 255.255.255.255 inet 1.2.4.3 255.255.255.255 ... mygate: 10.255.255.1 I change all inet values for sanbox testing before apply settings in production machine PF=no net.inet.ip.forwarding=1 My test ip is 10.1.1.1 in a usb wireless nic (urtwn0), and the gateway must be 192.168.1.1 where is a linksys router/gateway You do realise that having a gateway outside of your own subnet is a totally broken setup normally only done by some root server operators to avoid using an additional IP address? As well as needing special setup on their customers machines they will most likely be doing something special on their side of the network too which you'll also need to replicate if you're trying to emulate this for a test... hostname.urtwn0: nwid wifi wpakey inet 10.1.1.1 255.255.255.255 !route add -llinfo -iface -net 192.168.1.0/24 192.168.1.1 -ifp urtwn0 mygate: 192.168.1.1 And the result is... Network is Unreachable and ping icmp packets are lost. urtwn0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr f8:1a:67:18:16:eb priority: 4 groups: wlan egress media: IEEE802.11 autoselect (OFDM54 mode 11g) status: active ieee80211: nwid wifi chan 1 bssid 00:25:9c:2f:43:a0 198dB wpakey not displayed wpaprotos wpa1,wpa2 wpaakms psk wpaciphers tkip,ccmp wpagroupcipher tkip inet 10.1.1.1 netmask 0xff00 broadcast 10.255.255.255 Thanks all for comments. 2013/5/26 Stuart Henderson s...@spacehopper.org On 2013-05-25, Cesar Calvo ad...@urulab.com wrote: Hi people. I have a linux server a try to migrate to openbsd 5.3/amd64. I am totatly new in this amazing OS. In linux I have: - ip addr 200.124.200.125/32 dev net1 - ip route add 190.64.x.x dev net1 - ip route add default via 190.64.x.x All packets from net1 ip are delivery via 190.64.x.x gateway. But on openbsd, route syntax is different. I have hostname.em0 with: inet 200.124.200.125 255.255.255.248 none !route add 190.64.x.x -iface em0 And in mygate I put only 190.64.x.x The result is bad address and network is unreachable. See http://marc.info/?l=openbsd-miscm=134643340822363 for an example of one way you might work around this broken network configuration.
Unable to get ftp-proxy to work as expected when using authpf
Hi,
Over my wired network (not using authpf) I can connect to ftp sites
over ftp-proxy fine. Similarly when connecting to ftp sites over my
wifi without authpf. However, using authpf on my wifi gives me
errors when connecting to ftp sites over ftp-proxy.
In man authpf(8) the following configuration lines are given for
/etc/authpf/authpf.rules to use ftp-proxy over wifi.
# rdr ftp for proxying by ftp-proxy(8)
match in on $internal_if proto tcp from $user_ip to any port 21 \
rdr-to 127.0.0.1 port 8021
# allow out ftp, ssh, www and https only, and allow user to negotiate
# ipsec with the ipsec server.
pass in log quick on $internal_if proto tcp from $user_ip to any \
port { 21, 22, 80, 443 }
However, using similar rules
match in on #wifi_if proto tcp from $user_ip to any port ftp \
rdr-to 127.0.0.1 port 8021
...
pass in quick on $wifi_if proto tcp from $user_ip to any \
port $macro_here synproxy state queue(queue1, queue2)
gets me a connection refused error.
Using
pass in quick on $wifi_if proto tcp from $user_ip to any \
port $macro_here synproxy state queue(queue1, queue2)
...
pass in quick on $wifi_if inet proto tcp from $user_ip to \
port ftp divert-to 127.0.0.1 port 8021
gets me a data port error.
I'm beating head against the wall on this one. Any pointers would
be nice. Thanks.
/etc/pf.conf (My apologies in advance if this hurts anybody's eyes)
# pf.conf
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or
# net.inet6.ip6.forwarding=1 in /etc/sysctl.conf if packets are to
# be forwarded between interfaces.
##
# Macros #
##
# Interfaces
#
ext_if=dc0
int_if=rl0
#tun_if=gif0
wifi_if=ral0
# Important IPs or URLs
#
non_routables={ 0/8, 10/8 127/8, 172.16/12, 192.0.2/24, 192.168/16, \
240/4, 255.255.255.255/32 } # see RFC 1918
modem_noise=255.255.255.255
int_network=$int_if:network
wifi_network=$wifi_if:network
gateway=xxx.xxx.xxx.xxx
gemini=xxx.xxx.xxx.xxx
diane=xxx.xxx.xxx.xxx
portable_lc=xxx.xxx.xxx.xxx
ps_ip=xxx.xxx.xxx.xxx
wii_ip=xxx.xxx.xxx.xxx
haley=xxx.xxx.xxx.xxx
comsat0=xxx.xxx.xxx.xxx
# Outgoing Mail servers
mail_out={ 204.209.205.51,199.185.220.249,198.161.96.4, \
206.75.213.45 }
# Incoming Mail Servers
mail_in={ 129.128.5.73,66.112.177.187,204.209.205.53,\
199.185.220.248,74.125.0.0/16,209.191.69.2,209.85.199.109,\
209.85.199.111,198.161.96.4,209.85.147.109,74.125.127.109,\
198.161.97.58,173.194.0.0/16 }
# Usenet Servers
usenet={85.214.90.228,88.198.0.0/16,85.214.105.209,188.40.43.245 }
# IRC Servers
chat={ 64.161.254.20,82.96.64.4,85.188.1.26,89.16.176.16,\
128.237.157.136,130.237.188.200,130.239.18.172,140.211.166.3,\
140.211.166.4,204.11.244.21,207.158.1.150,209.177.146.34,\
213.219.240.0/20,216.155.130.130,213.92.0.0/17,93.152.160.0/20, \
140.211.0.0/16,78.40.120.0/21,86.64.0.0/12,174.143.119.91, \
82.96.64.0/18,91.232.181.0/24,213.92.0.0/17,66.225.192.0/18, \
67.218.96.0/19,85.236.96.0/19,216.218.128.0/17,217.17.32.0/20, \
216.193.192.0/18,208.167.224.0/19,208.51.40.2,205.209.6.0/24, \
205.209.5.0/24,205.188.0.0/16,198.252.144.0/24,198.3.192.0/18, \
198.3.144.0/20,198.3.160.0/19,194.109.0.0/16,193.163.220.0/24, \
193.109.122.0/24,192.116.224.0/19,141.213.238.252,85.236.96.0/19, \
128.39.0.0/16,128.40.0.0/15,195.140.202.0/24,209.222.22.22, \
184.104.0.0/15,149.9.0.0/16,108.61.0.0/16,67.198.128.0/17, \
194.0.0.0/8,192.94.73.0/24,64.18.217.205,67.220.66.113 }
# Telnet Servers
rem_clear={ 64.127.116.166,64.127.116.163,69.31.40.34,\
69.64.155.122,72.55.163.50,192.94.73.1,193.202.115.241,\
64.127.112.98,94.142.240.0/21,10.0.1.7,207.167.16.46,\
195.234.11.64,152.2.217.100,74.3.128.0/18,192.94.73.0/24,\
70.164.23.220,66.85.147.90 }
# Gopher Servers
rodent={ 72.1.4.61,87.227.31.168,128.112.67.152,128.112.128.152,\
128.112.232.152,137.208.3.37,140.180.128.152,149.20.20.133,\
149.20.54.77,157.181.2.1,192.94.73.1,198.30.120.11,193.225.12.74,\
204.152.191.37,83.248.0.0/13,70.164.23.220 }
# Tunnel Brokers
ip4_v6tunnel={ 64.86.88.116, 81.171.72.11, 116.197.146.63,\
202.169.175.23, 81.171.72.10, 116.197.146.62 }
# Dumbass zombies wasting my time, let's waste theirs.
dumbass={ 89.149.195.31,89.149.208.221,89.149.209.100,195.24.76.220 }
# Keyservers
keyservers={ 18.9.60.141,116.240.198.71,195.113.19.83,202.125.45.72,\
192.146.137.11,80.90.43.16,116.240.198.71,217.197.135.103,176.9.51.79,\
208.77.198.101,94.142.241.93,195.111.98.30,5.39.15.226,78.46.117.99,\
209.234.253.170 }
# Web Radio Servers
#radio={ 159.253.145.179 }
# Network Services and ICMP Types
#
# Add ICMP unreach when other nodes on network have reachable IPs
icmp_types={ echoreq, timex, trace }
# in-bound services on the external interface
# No-Ip service: 8245 (TCP only)
# BT clients: 6881:6889,6972,65534
# VNC: 5900
# Traceroute(6) UDP: 33433 33626
# Vuze TCP/UDP: 65534
in_tcp_services_ext_if={ smtp spamd auth gopher sip 5228:5230 6972 8245 4 65534
}
in_udp_services_ext_if={ echo 9 gopher 3724 5004 6972 33433
Seeking GUI refuge
Hi Patrick, My Gui problem is (was) quite similar. I was searching intensivly for a correct,fast,non bloated desktop manager for years. I have checked at least 10 products ( non windows ) and in the end i felt depressed,like you. So what saved my live ? At work i had to build an environment for java and db developers that works on an enterprise linux distro. These distros came typically with gnome2. Being a terminal server and doing some more intense compiling tasks, system became slow. Developers were angry because they were only used to ms windows. Then i remembered openbsd and fvwm. I took a deep dive into fvwm and figured out that it can do nearly anything. I build my config ( beginning from a large sample config that ships with it. Ms windows 95 style). I cleaned out about 50% i dont need. I integrated the development tools and then everything went like tux on crack. It took some time but i was happy with the achieved. After that fvwm became the wm of my choice and i am still happy. I really can recommend fvwm. Even if it looks a little bit oldschool and hard to understand in first place,this is the window manager with coolness (correctness) in mind. I even think it the openbsd of the window managers. P.s. Good to see thomas adam around at openbsd . Great work !
