Re: carp+pfsync+relayd question
Output for 'pfctl -si', 'pfctl -sm' and 'sysctl -a|grep net.inet.ip.ifq would be hie to see. //mxb On 18 nov 2013, at 04:20, Leonardo Santagostini lsantagost...@gmail.com wrote: Sorry, looking more detailed at the logs i found this: /var/log/daemon Nov 17 18:36:12 v-arcbabalancer01 relayd[13984]: fatal: relay_connect: no connection in flight Nov 17 18:36:12 v-arcbabalancer01 relayd[22615]: pfe exiting, pid 22615 Nov 17 18:36:12 v-arcbabalancer01 relayd[31674]: hce exiting, pid 31674 Nov 17 18:36:12 v-arcbabalancer01 relayd[9082]: relay exiting, pid 9082 Nov 17 18:36:12 v-arcbabalancer01 relayd[701]: relay exiting, pid 701 Nov 17 18:36:12 v-arcbabalancer01 relayd[21358]: parent terminating, pid 21358 Nov 17 18:36:12 v-arcbabalancer01 relayd[24886]: relay exiting, pid 24886 Nov 17 18:36:12 v-arcbabalancer01 relayd[21395]: relay exiting, pid 21395 Nov 17 18:36:12 v-arcbabalancer01 relayd[13155]: relay exiting, pid 13155 Nov 17 18:36:12 v-arcbabalancer01 relayd[20557]: relay exiting, pid 20557 Nov 17 18:36:12 v-arcbabalancer01 relayd[14903]: relay exiting, pid 14903 Nov 17 18:36:12 v-arcbabalancer01 relayd[10686]: relay exiting, pid 10686 Nov 17 18:36:12 v-arcbabalancer01 relayd[17355]: relay exiting, pid 17355 Nov 17 18:36:12 v-arcbabalancer01 relayd[26908]: relay exiting, pid 26908 Nov 17 18:36:12 v-arcbabalancer01 relayd[6551]: relay exiting, pid 6551 Nov 17 18:36:12 v-arcbabalancer01 relayd[16649]: relay exiting, pid 16649 Nov 17 18:36:12 v-arcbabalancer01 relayd[2567]: relay exiting, pid 2567 Nov 17 18:36:12 v-arcbabalancer01 relayd[3159]: relay exiting, pid 3159 /var/log/messages Nov 17 18:36:12 v-arcbabalancer01 relayd[13984]: fatal: relay_connect: no connection in flight Regards Saludos.- Leonardo Santagostini 2013/11/18 Leonardo Santagostini lsantagost...@gmail.com Hello everybody, i still having some issues whit relayd. Nov 17 21:01:56 v-arcbabalancer01 relayd[4252]: relay relay4, session 75 (1 active), 0, 190.51.90.22 - :0, buffer event timeout Nov 17 21:01:57 v-arcbabalancer01 relayd[12715]: relay relay4, session 97 (4 active), 0, 190.49.60.30 - :0, buffer event timeout Nov 17 21:01:58 v-arcbabalancer01 relayd[4781]: relay relay4, session 142 (3 active), 0, 190.188.18.202 - :0, buffer event timeout Nov 17 21:02:03 v-arcbabalancer01 relayd[25332]: relay relay4, session 28 (1 active), 0, 181.29.46.36 - :0, hard timeout Nov 17 21:02:03 v-arcbabalancer01 relayd[12715]: relay relay4, session 55 (3 active), 0, 108.36.150.233 - :0, hard timeout Nov 17 21:02:03 v-arcbabalancer01 relayd[18695]: relay relay4, session 67 (3 active), 0, 31.221.13.210 - :0, hard timeout Nov 17 21:02:03 v-arcbabalancer01 relayd[13096]: relay relay5, session 73 (3 active), 0, 190.195.118.49 - :0, hard timeout Nov 17 21:02:03 v-arcbabalancer01 relayd[31990]: relay relay4, session 25 (1 active), 0, 186.188.178.215 - :0, hard timeout Nov 17 21:02:03 v-arcbabalancer01 relayd[4781]: relay relay4, session 144 (7 active), 0, 31.221.13.210 - :0, hard timeout Nov 17 21:02:03 v-arcbabalancer01 relayd[23317]: relay relay2, session 55 (5 active), 0, 181.109.7.31 - :0, hard timeout Nov 17 21:02:03 v-arcbabalancer01 relayd[22942]: relay relay4, session 93 (2 active), 0, 31.221.13.210 - :0, hard timeout Nov 17 21:02:03 v-arcbabalancer01 relayd[13862]: relay relay4, session 80 (3 active), 0, 190.111.231.50 - :0, hard timeout Nov 17 21:02:06 v-arcbabalancer01 relayd[19770]: relay relay4, session 92 (1 active), 0, 75.70.87.158 - :0, buffer event timeout Nov 17 21:02:08 v-arcbabalancer01 relayd[23317]: relay relay4, session 131 (5 active), 0, 190.113.173.36 - :0, buffer event timeout Nov 17 21:02:11 v-arcbabalancer01 relayd[10590]: relay relay4, session 103 (9 active), 0, 186.137.241.254 - :0, buffer event timeout Nov 17 21:02:15 v-arcbabalancer01 relayd[23317]: relay relay4, session 143 (2 active), 0, 24.232.115.134 - :0, buffer event timeout Nov 17 21:02:16 v-arcbabalancer01 relayd[12715]: relay relay4, session 101 (7 active), 0, 108.87.58.21 - :0, buffer event timeout Nov 17 21:02:16 v-arcbabalancer01 relayd[12715]: relay relay4, session 102 (6 active), 0, 108.87.58.21 - :0, buffer event timeout Nov 17 21:02:16 v-arcbabalancer01 relayd[10590]: relay relay5, session 142 (13 active), 0, 190.195.118.49 - 172.19.224.73:80, no method Nov 17 21:02:16 v-arcbabalancer01 relayd[10590]: relay relay4, session 114 (12 active), 0, 190.49.11.36 - :0, buffer event timeout Nov 17 21:02:16 v-arcbabalancer01 relayd[12715]: relay relay4, session 104 (5 active), 0, 190.49.11.36 - :0, buffer event timeout Nov 17 21:02:17 v-arcbabalancer01 relayd[10590]: relay relay4, session 120 (10 active), 0, 189.237.152.81 - :0, buffer event timeout Nov 17 21:02:17 v-arcbabalancer01 relayd[31990]: relay relay4, session 117 (5 active), 0, 189.237.152.81 - :0, buffer event timeout Nov 17 21:02:17 v-arcbabalancer01 relayd[10590]: relay relay5, session 144 (9 active), 0, 190.195.118.49 - 172.19.224.71:80, no
For Google+ users: BSD community
If you're using Google+, this community brings together all BSD systems and BSD projects such as pf, OpenSSH and ZFS. I started it so I could keep in touch with what's going on in other BSDs while I happily use OpenBSD, and that's pretty much how it works out. It's spam-free and 100% on topic, and mostly consists of announcements and links to news items from the different communities. OpenBSD is well represented. https://plus.google.com/communities/100298923022265155991
Re: How-to: dualboot Windows 8.1 and OpenBSD 5.4
On 11/17/13 14:02, Nick Holland wrote: On 11/17/13 12:53, Wesley MOUEDINE ASSABY wrote: Le 2013-11-17 20:27, dmitry.sensei a écrit : What about 1Tb disk? Is CHS mode correct for this disks? I done the test using Virtualization. Not tried with a physical hard drive 1 TB. The smallest common non-SSD laptop drive is probably around 500G now, and 1TB is routine on desktops. At least some (many? most?) of these machines are now shipping with UEFI boot, and a lot of them will be pre-loaded with Windows, with minimal resources to reload Windows from scratch. The target (and worst-case) audience is the person who bought a laptop or desktop pre-loaded with Windows 8, and wants to install OpenBSD with as little disruption to the existing system as possible. I appreciate the efforts, but we need something more comprehensive. Sounds like I need to go buy a modern Windows system. :-/ Although your FAQ warns about keeping the OpenBSD partition within the first 128G, this limit will be a showstopper for people unable to shrink the preloaded windows partition below 128G. I've appended a patch (with help from krw) that helped me double the limit in July,2011 after the Extended partition support changes[1] were added. [1]http://marc.info/?l=openbsd-techm=130082509621274w=2 Index: biosvar.h === RCS file: /a8v/pub/cvsroot/OpenBSD/src/sys/arch/amd64/include/biosvar.h,v retrieving revision 1.14 diff -u -p -w -b -u -r1.14 biosvar.h --- biosvar.h 26 Apr 2011 17:33:17 - 1.14 +++ biosvar.h 27 Apr 2011 12:03:05 - @@ -36,7 +36,7 @@ #defineBOOTARG_OFF (NBPG*2) #defineBOOTARG_LEN (NBPG*1) #defineBOOTBIOS_ADDR (0x7c00) -#defineBOOTBIOS_MAXSEC ((1 28) - 1) +#defineBOOTBIOS_MAXSEC ((1 29) - 1) /* BIOS configure flags */ #defineBIOSF_BIOS320x0001
update to errata
Is patching source followed by building and installing new binaries and/or kernel the only way to update to errata version? Is there something like errata snapshot which can be used to update the system? -- Marko Cupać
Re: update to errata
On 2013-11-18 07:53, Marko Cupać wrote: Is patching source followed by building and installing new binaries and/or kernel the only way to update to errata version? Is there something like errata snapshot which can be used to update the system? Marko, OpenBSD is source code maintained. There is the -stable branch, which includes errata and any patches against -release that are not published as errata. See FAQ 5.1 for a detailed description of this branch. M:Tier distributes the -stable branch in binary form, as a third party service. See http://stable.mtier.org for information.
Re: Dual booting OpenBSD and Windows 8.1
On Fri, November 15, 2013 13:50, Dmitrij D. Czarkoff wrote: Kirill Bychkov said: I can't agree with that. You can test something not in FAQ if you are sure it will make no harm to your system. Dance with bootloaders and partition managers could lead to catastrophe if you make an error. [snip] Keep in mind that potential risk boiled down to wasted space on the hard drive, which could be easily reclaimed for OS the OP would prefer if dualboot was impossible. Well, I don't really understand the meaning you put behind the word catastrophe, given that the action in subject is the installation of two operating systems. You can't reinstall OS without loosing data, so I assume that all data from hard disks is backed up, and the only resource to waste is the time. Even then, again, given due precausion you don't really risk any data loss for any of the OSs. Any blind operations with MBR, bootloaders and partion editor may be destructive without sufficient knowledge. We all know, than M$ always inventing new traps for alternative OS. Care to elaborate? I'm not aware of any traps regarding disk management. And their boot process organization is one of that traps. Again, care to elaborate? Where's the actual trap? You can't simply follow instructions for multibooting with XP when you are dealing with Win7. Same could happen with Win8.1. But it seems it doesn't. This time, I assume. We just get UEFI as a headache. Is it not a trap?
Re: update to errata
On Mon, 18 Nov 2013 08:00:48 -0500 josh Grosse j...@jggimi.homeip.net wrote: OpenBSD is source code maintained. There is the -stable branch, which includes errata and any patches against -release that are not published as errata. See FAQ 5.1 for a detailed description of this branch. Thank you for the clarification, Josh. M:Tier distributes the -stable branch in binary form, as a third party service. See http://stable.mtier.org for information. I would rather stick to direct contact with OpenBSD and avoid introducing third parties into the mix. I am not afraid of syncing and patching sources, and building and installing binaries :) -- Marko Cupać
Re: carp+pfsync+relayd question
Ok, thanks for all the replies. Im waiting to this situation appears to send to you the output of those commands. Thanks and regards Saludos.- Leonardo Santagostini http://ar.linkedin.com/in/santagostini 2013/11/18 mxb m...@alumni.chalmers.se Output for 'pfctl -si', 'pfctl -sm' and 'sysctl -a|grep net.inet.ip.ifqâ would be hie to see. //mxb On 18 nov 2013, at 04:20, Leonardo Santagostini lsantagost...@gmail.com wrote: Sorry, looking more detailed at the logs i found this: /var/log/daemon Nov 17 18:36:12 v-arcbabalancer01 relayd[13984]: fatal: relay_connect: no connection in flight Nov 17 18:36:12 v-arcbabalancer01 relayd[22615]: pfe exiting, pid 22615 Nov 17 18:36:12 v-arcbabalancer01 relayd[31674]: hce exiting, pid 31674 Nov 17 18:36:12 v-arcbabalancer01 relayd[9082]: relay exiting, pid 9082 Nov 17 18:36:12 v-arcbabalancer01 relayd[701]: relay exiting, pid 701 Nov 17 18:36:12 v-arcbabalancer01 relayd[21358]: parent terminating, pid 21358 Nov 17 18:36:12 v-arcbabalancer01 relayd[24886]: relay exiting, pid 24886 Nov 17 18:36:12 v-arcbabalancer01 relayd[21395]: relay exiting, pid 21395 Nov 17 18:36:12 v-arcbabalancer01 relayd[13155]: relay exiting, pid 13155 Nov 17 18:36:12 v-arcbabalancer01 relayd[20557]: relay exiting, pid 20557 Nov 17 18:36:12 v-arcbabalancer01 relayd[14903]: relay exiting, pid 14903 Nov 17 18:36:12 v-arcbabalancer01 relayd[10686]: relay exiting, pid 10686 Nov 17 18:36:12 v-arcbabalancer01 relayd[17355]: relay exiting, pid 17355 Nov 17 18:36:12 v-arcbabalancer01 relayd[26908]: relay exiting, pid 26908 Nov 17 18:36:12 v-arcbabalancer01 relayd[6551]: relay exiting, pid 6551 Nov 17 18:36:12 v-arcbabalancer01 relayd[16649]: relay exiting, pid 16649 Nov 17 18:36:12 v-arcbabalancer01 relayd[2567]: relay exiting, pid 2567 Nov 17 18:36:12 v-arcbabalancer01 relayd[3159]: relay exiting, pid 3159 /var/log/messages Nov 17 18:36:12 v-arcbabalancer01 relayd[13984]: fatal: relay_connect: no connection in flight Regards Saludos.- Leonardo Santagostini http://ar.linkedin.com/in/santagostini 2013/11/18 Leonardo Santagostini lsantagost...@gmail.com Hello everybody, i still having some issues whit relayd. Nov 17 21:01:56 v-arcbabalancer01 relayd[4252]: relay relay4, session 75 (1 active), 0, 190.51.90.22 - :0, buffer event timeout Nov 17 21:01:57 v-arcbabalancer01 relayd[12715]: relay relay4, session 97 (4 active), 0, 190.49.60.30 - :0, buffer event timeout Nov 17 21:01:58 v-arcbabalancer01 relayd[4781]: relay relay4, session 142 (3 active), 0, 190.188.18.202 - :0, buffer event timeout Nov 17 21:02:03 v-arcbabalancer01 relayd[25332]: relay relay4, session 28 (1 active), 0, 181.29.46.36 - :0, hard timeout Nov 17 21:02:03 v-arcbabalancer01 relayd[12715]: relay relay4, session 55 (3 active), 0, 108.36.150.233 - :0, hard timeout Nov 17 21:02:03 v-arcbabalancer01 relayd[18695]: relay relay4, session 67 (3 active), 0, 31.221.13.210 - :0, hard timeout Nov 17 21:02:03 v-arcbabalancer01 relayd[13096]: relay relay5, session 73 (3 active), 0, 190.195.118.49 - :0, hard timeout Nov 17 21:02:03 v-arcbabalancer01 relayd[31990]: relay relay4, session 25 (1 active), 0, 186.188.178.215 - :0, hard timeout Nov 17 21:02:03 v-arcbabalancer01 relayd[4781]: relay relay4, session 144 (7 active), 0, 31.221.13.210 - :0, hard timeout Nov 17 21:02:03 v-arcbabalancer01 relayd[23317]: relay relay2, session 55 (5 active), 0, 181.109.7.31 - :0, hard timeout Nov 17 21:02:03 v-arcbabalancer01 relayd[22942]: relay relay4, session 93 (2 active), 0, 31.221.13.210 - :0, hard timeout Nov 17 21:02:03 v-arcbabalancer01 relayd[13862]: relay relay4, session 80 (3 active), 0, 190.111.231.50 - :0, hard timeout Nov 17 21:02:06 v-arcbabalancer01 relayd[19770]: relay relay4, session 92 (1 active), 0, 75.70.87.158 - :0, buffer event timeout Nov 17 21:02:08 v-arcbabalancer01 relayd[23317]: relay relay4, session 131 (5 active), 0, 190.113.173.36 - :0, buffer event timeout Nov 17 21:02:11 v-arcbabalancer01 relayd[10590]: relay relay4, session 103 (9 active), 0, 186.137.241.254 - :0, buffer event timeout Nov 17 21:02:15 v-arcbabalancer01 relayd[23317]: relay relay4, session 143 (2 active), 0, 24.232.115.134 - :0, buffer event timeout Nov 17 21:02:16 v-arcbabalancer01 relayd[12715]: relay relay4, session 101 (7 active), 0, 108.87.58.21 - :0, buffer event timeout Nov 17 21:02:16 v-arcbabalancer01 relayd[12715]: relay relay4, session 102 (6 active), 0, 108.87.58.21 - :0, buffer event timeout Nov 17 21:02:16 v-arcbabalancer01 relayd[10590]: relay relay5, session 142 (13 active), 0, 190.195.118.49 - 172.19.224.73:80http://172.19.224.73/, no method Nov 17 21:02:16 v-arcbabalancer01 relayd[10590]: relay relay4, session 114 (12 active), 0, 190.49.11.36 - :0, buffer event timeout Nov 17 21:02:16 v-arcbabalancer01 relayd[12715]: relay relay4, session 104 (5 active), 0, 190.49.11.36 - :0, buffer event timeout Nov 17 21:02:17 v-arcbabalancer01 relayd[10590]:
Re: update to errata
On Mon, Nov 18, 2013 at 8:21 AM, Marko CupaÄ marko.cu...@mimar.rs wrote: On Mon, 18 Nov 2013 08:00:48 -0500 josh Grosse j...@jggimi.homeip.net wrote: OpenBSD is source code maintained. There is the -stable branch, which includes errata and any patches against -release that are not published as errata. See FAQ 5.1 for a detailed description of this branch. Thank you for the clarification, Josh. M:Tier distributes the -stable branch in binary form, as a third party service. See http://stable.mtier.org for information. I would rather stick to direct contact with OpenBSD and avoid introducing third parties into the mix. I am not afraid of syncing and patching sources, and building and installing binaries :) Few of the OpenBSD porters work at M:Tier. Here is something to help... http://opensource.mtier.org/binpatchng.html
Re: carp+pfsync+relayd question
Hello list, i found something strange. By one side, cpu idle is at 0% [root@v-arcbabalancer01 ~]# vmstat 2 20 procsmemory pagediskstraps cpu r b wavm fre flt re pi po fr sr wd0 cd0 int sys cs us sy id 5 0 0 86576 1450072 845 0 0 0 0 0 0 0 152 2922 308 60 5 35 4 0 0 86668 1449976 31 0 0 0 0 0 0 0 435 4554 869 94 6 0 4 0 0 86732 1449896 14 0 0 0 0 0 0 0 425 4269 827 94 6 0 5 0 0 86732 14498964 0 0 0 0 0 0 0 297 4098 762 92 8 0 7 0 0 86740 14498725 0 0 0 0 0 0 0 287 3264 625 94 6 0 4 0 0 86748 1449864 14 0 0 0 0 0 0 0 370 4400 804 92 8 0 4 0 0 86756 1449836 12 0 0 0 0 0 0 0 311 3708 730 92 8 0 4 0 0 86840 1449744 30 0 0 0 0 0 0 0 331 3585 701 93 7 0 4 0 0 86840 14497284 0 0 0 0 0 0 0 453 4744 885 93 7 0 4 0 0 86840 14497284 0 0 0 0 0 0 0 355 3832 745 92 8 0 5 0 0 86876 1449668 23 0 0 0 0 0 0 0 375 5003 934 92 8 0 4 0 0 86880 14496644 0 0 0 0 0 0 0 295 3600 707 93 7 0 9 1 0 87136 1449148 13421 0 0 0 0 0 0 0 242 24373 778 87 13 0 5 1 0 91964 1445628 23388 0 0 0 0 0 0 0 273 1 1256 80 20 0 5 0 0 86892 1449624 479 0 0 0 0 0 0 0 313 4012 736 90 10 0 7 0 0 86892 14496086 0 0 0 0 0 0 0 308 3831 712 93 7 0 4 0 0 86892 14496084 0 0 0 0 0 0 0 290 3694 732 95 5 0 4 0 0 86900 1449576 14 0 0 0 0 0 0 0 345 4439 857 92 8 0 4 0 0 86900 14495764 0 0 0 0 0 0 0 337 4798 879 92 8 0 5 0 0 86964 1449492 12 0 0 0 0 0 0 0 389 4723 923 94 6 0 By the other assigned cpus are two not one as the machine sees. [root@v-arcbabalancer01 ~]# dmesg | grep cpu acpicpu0 at acpi0 cpu0 at mainbus0: apid 0 (boot processor) cpu0: Opteron or Athlon 64, 2660.64 MHz cpu0: FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,PGE,CMOV,PAT,MMX,FXSR,SSE,SSE2,SSE3,POPCN T cpu0: smt 0, core 0, package 0 cpu0: apic clock running at 1000MHz cpu at mainbus0: not configured So i will try to do some search about gettint the proper config for openbsd hosts in kvm If anyone can give to me some clues it will realy welcome. Regards Saludos.- Leonardo Santagostini http://ar.linkedin.com/in/santagostini 2013/11/18 Leonardo Santagostini lsantagost...@gmail.com Ok, thanks for all the replies. Im waiting to this situation appears to send to you the output of those commands. Thanks and regards Saludos.- Leonardo Santagostini http://ar.linkedin.com/in/santagostini 2013/11/18 mxb m...@alumni.chalmers.se Output for 'pfctl -si', 'pfctl -sm' and 'sysctl -a|grep net.inet.ip.ifqâ would be hie to see. //mxb On 18 nov 2013, at 04:20, Leonardo Santagostini lsantagost...@gmail.com wrote: Sorry, looking more detailed at the logs i found this: /var/log/daemon Nov 17 18:36:12 v-arcbabalancer01 relayd[13984]: fatal: relay_connect: no connection in flight Nov 17 18:36:12 v-arcbabalancer01 relayd[22615]: pfe exiting, pid 22615 Nov 17 18:36:12 v-arcbabalancer01 relayd[31674]: hce exiting, pid 31674 Nov 17 18:36:12 v-arcbabalancer01 relayd[9082]: relay exiting, pid 9082 Nov 17 18:36:12 v-arcbabalancer01 relayd[701]: relay exiting, pid 701 Nov 17 18:36:12 v-arcbabalancer01 relayd[21358]: parent terminating, pid 21358 Nov 17 18:36:12 v-arcbabalancer01 relayd[24886]: relay exiting, pid 24886 Nov 17 18:36:12 v-arcbabalancer01 relayd[21395]: relay exiting, pid 21395 Nov 17 18:36:12 v-arcbabalancer01 relayd[13155]: relay exiting, pid 13155 Nov 17 18:36:12 v-arcbabalancer01 relayd[20557]: relay exiting, pid 20557 Nov 17 18:36:12 v-arcbabalancer01 relayd[14903]: relay exiting, pid 14903 Nov 17 18:36:12 v-arcbabalancer01 relayd[10686]: relay exiting, pid 10686 Nov 17 18:36:12 v-arcbabalancer01 relayd[17355]: relay exiting, pid 17355 Nov 17 18:36:12 v-arcbabalancer01 relayd[26908]: relay exiting, pid 26908 Nov 17 18:36:12 v-arcbabalancer01 relayd[6551]: relay exiting, pid 6551 Nov 17 18:36:12 v-arcbabalancer01 relayd[16649]: relay exiting, pid 16649 Nov 17 18:36:12 v-arcbabalancer01 relayd[2567]: relay exiting, pid 2567 Nov 17 18:36:12 v-arcbabalancer01 relayd[3159]: relay exiting, pid 3159 /var/log/messages Nov 17 18:36:12 v-arcbabalancer01 relayd[13984]: fatal: relay_connect: no connection in flight Regards Saludos.- Leonardo Santagostini http://ar.linkedin.com/in/santagostini 2013/11/18 Leonardo Santagostini lsantagost...@gmail.com Hello everybody, i still having some issues whit relayd. Nov 17 21:01:56 v-arcbabalancer01 relayd[4252]: relay relay4, session 75 (1 active), 0, 190.51.90.22 - :0, buffer event timeout Nov 17 21:01:57 v-arcbabalancer01 relayd[12715]: relay relay4, session 97 (4 active),
relayd as transparent HTTPS proxy
Hello everyone, I have a question regarding relayd(8) in OpenBSD 5.3
I was playing a little with relayd as a transparent proxy with URL
filtering using this relayd.conf:
http protocol httpfilter {
# Return HTML error pages
return error
header change Connection to close
# Block requests to unwated hosts
request url filter file /etc/blacklist.txt
}
relay httpproxy {
listen on 127.0.0.1 port 8080
protocol httpfilter
forward to destination
}
then I've added this line to my pf.conf:
pass quick inet proto tcp to port http divert-to 127.0.0.1 port 8080
So far everything is working fine: pf redirects all the HTTP traffic on
the standard TCP port and relayd takes care of the rest filtering out
anything I place in /etc/blacklist.txt
Is it possible to do so for HTTPS connections too? I've found a lot of
tutorial/documentation aiming at SSL accelleration but none about
transparent SSL proxy. As far as I know forward to destination doesn't
have a ssl option like forward with ssl to $address.
I fear I am looking at the problem from the wrong side, so I've
decided to ask for advice before messing with the conf files and/or
looking at the source code of relayd.
Thanks for your time,
Gianfranco Gallizia
carp+pfsync+relayd question
qemu-kvm ...-smp sockets=2 ... solved it for me. What qemu version an build are you using ? Am 14.11.2013 18:47 schrieb Leonardo Santagostini lsantagost...@gmail.com : Thanks a lot to all, i will give it a try and gives tou you feedback as soon as it get implemented. Saludos.- Leonardo Santagostini http://ar.linkedin.com/in/santagostini 2013/11/14 Andy a...@brandwatch.com On 14/11/13 15:21, Leonardo Santagostini wrote: Hello misc, Im doing my final approach to put a production system with carp+pfsync+relayd on production. The point is that im facing some trouble setting more than one ip alias address with different vhid and different passwd. So, this is the scenario. Im trying to relayd more or less 15 sites so i have conceptual doubts. 1) is it nesessary to create one carp interface for each one of my internals VIP address 2) my understanding is that i have to work with pf on my carp interfaces. I have tried to put two different VIP's on my carp, but whitout lucky. Here is the homework. [root@server ~]# uname -a OpenBSD server.internaldomain.com 5.4 GENERIC#37 amd64 [root@server ~]# [root@server ~]# cat /etc/hostname.em0 inet 172.19.224.180 255.255.255.0 [root@server ~]# cat /etc/hostname.em1 inet 172.19.226.231 255.255.255.0 172.19.226.255 [root@server ~]# cat /etc/hostname.carp0 # inet alias 172.19.224.16 255.255.255.255 172.19.224.255 vhid 1 advskew 10 carpdev em0 pass Ahsooqu3 inet alias 172.19.224.131 255.255.255.0 172.19.224.255 vhid 2 advskew 10 carpdev em0 pass Meixo9oe # inet alias 172.19.224.41 255.255.255.255 172.19.224.255 vhid 3 advskew 10 carpdev em0 pass av5eG9Gi # inet alias 172.19.224.40 255.255.255.255 172.19.224.255 vhid 4 advskew 10 carpdev em0 pass Rei6thai # inet alias 172.19.224.181 255.255.255.0 172.19.224.255 vhid 5 advskew 10 carpdev em0 pass Toobohz3 # inet alias 172.19.224.182 255.255.255.255 172.19.224.255 vhid 6 adskew 10 carpdev em0 pass Quahng6U CARP should look like this (master); inet 172.19.224.16 255.255.255.0 172.19.224.255 vhid 1 carpdev em0 pass Ahsooqu3 advskew 0 inet alias 172.19.224.131 255.255.255.255 inet alias 172.19.224.41 255.255.255.255 inet alias 172.19.224.40 255.255.255.255 inet alias 172.19.224.181 255.255.255.255 inet alias 172.19.224.182 255.255.255.255 And (backup); inet 172.19.224.16 255.255.255.0 172.19.224.255 vhid 1 carpdev em0 pass Ahsooqu3 advskew 200 inet alias 172.19.224.131 255.255.255.255 inet alias 172.19.224.41 255.255.255.255 inet alias 172.19.224.40 255.255.255.255 inet alias 172.19.224.181 255.255.255.255 inet alias 172.19.224.182 255.255.255.255 And yes the subnet masks for the alias' should be /32 and you will see a warning in the logs during fail-over. This is fine, the devs just haven't muted the check warning yet. You've done it right if 'netstat -rn' shows; 172.19.224.131 127.0.0.1 UGHS 00 33152 8 lo0 172.19.224.131/32 172.19.224.131 U 00 - 4 carp0 [root@server ~]# cat /etc/hostname.pfsync0 up syncdev em1 [root@server ~]# cat /etc/pf.conf ext_if=carp0 You don't refer to CARP as an interface, it is simply a VRRP watchdog interface (for example you cannot set the MTU on a CARP interface as it is not really an interface. Use the physical.. ext_if=em0 set fingerprints /etc/pf.os set optimization aggressive set limit states 9 Definitely needs to be higher! try 1 million.. set limit src-nodes 65000 table bad_ip persist table internat_net persist file /etc/internal_net table admitted_net persist file /etc/admitted.txt # vip1_address = 172.19.224.181 # vip2_address = 172.19.224.16 vip3_address = 172.19.224.131 # vip4_address = 172.19.224.41 # vip5_address = 172.19.224.40 Just to keep you sane remember these rules; # (SNAT) NATing is done before filtering, 'pass out on $if_ext from $external_carp_ip1' (public address as src for outbound). # (DNAT) RDRing is done before filtering, 'pass in on $if_ext from any to $internal_ip1' (private address as dst for inbound). [image: OpenBSD_PF_flow] # Dejo de procesar cuando se trata de las redes internas pass in quick from internat_net to any # Dejo pasar las ips desde las redes permitidas # pass in quick from admitted_net to $vip1_address pass in quick from admitted_net to $vip3_address # Genero el block block in quick from bad_ip Your 'block in quick's should be above your 'pass in quick's! quick means stop evaluating and do this action now.. block in log quick on $ext_if proto tcp from any os NMAP to any label ExtNMAPScan # Proteccion contra nmap y herramientas similares # block in quick on $ext_if proto tcp flags FUP/WEUAPRSF block in quick on $ext_if proto tcp flags WEUAPRSF/WEUAPRSF block in quick on $ext_if proto tcp flags
Re: carp+pfsync+relayd question
Hello Jan, thanks for answering. The point was with booting without bsd.mp, now box rebooted and showing 4 procs =) By now, all is working fine. Thank for all your support. I will keep you all informed how things are going. Best regards Saludos.- Leonardo Santagostini http://ar.linkedin.com/in/santagostini 2013/11/18 Jan Lambertz jd.arb...@googlemail.com qemu-kvm ...-smp sockets=2 ... solved it for me. What qemu version an build are you using ? Am 14.11.2013 18:47 schrieb Leonardo Santagostini lsantagost...@gmail.com : Thanks a lot to all, i will give it a try and gives tou you feedback as soon as it get implemented. Saludos.- Leonardo Santagostini http://ar.linkedin.com/in/santagostini 2013/11/14 Andy a...@brandwatch.com On 14/11/13 15:21, Leonardo Santagostini wrote: Hello misc, Im doing my final approach to put a production system with carp+pfsync+relayd on production. The point is that im facing some trouble setting more than one ip alias address with different vhid and different passwd. So, this is the scenario. Im trying to relayd more or less 15 sites so i have conceptual doubts. 1) is it nesessary to create one carp interface for each one of my internals VIP address 2) my understanding is that i have to work with pf on my carp interfaces. I have tried to put two different VIP's on my carp, but whitout lucky. Here is the homework. [root@server ~]# uname -a OpenBSD server.internaldomain.com 5.4 GENERIC#37 amd64 [root@server ~]# [root@server ~]# cat /etc/hostname.em0 inet 172.19.224.180 255.255.255.0 [root@server ~]# cat /etc/hostname.em1 inet 172.19.226.231 255.255.255.0 172.19.226.255 [root@server ~]# cat /etc/hostname.carp0 # inet alias 172.19.224.16 255.255.255.255 172.19.224.255 vhid 1 advskew 10 carpdev em0 pass Ahsooqu3 inet alias 172.19.224.131 255.255.255.0 172.19.224.255 vhid 2 advskew 10 carpdev em0 pass Meixo9oe # inet alias 172.19.224.41 255.255.255.255 172.19.224.255 vhid 3 advskew 10 carpdev em0 pass av5eG9Gi # inet alias 172.19.224.40 255.255.255.255 172.19.224.255 vhid 4 advskew 10 carpdev em0 pass Rei6thai # inet alias 172.19.224.181 255.255.255.0 172.19.224.255 vhid 5 advskew 10 carpdev em0 pass Toobohz3 # inet alias 172.19.224.182 255.255.255.255 172.19.224.255 vhid 6 adskew 10 carpdev em0 pass Quahng6U CARP should look like this (master); inet 172.19.224.16 255.255.255.0 172.19.224.255 vhid 1 carpdev em0 pass Ahsooqu3 advskew 0 inet alias 172.19.224.131 255.255.255.255 inet alias 172.19.224.41 255.255.255.255 inet alias 172.19.224.40 255.255.255.255 inet alias 172.19.224.181 255.255.255.255 inet alias 172.19.224.182 255.255.255.255 And (backup); inet 172.19.224.16 255.255.255.0 172.19.224.255 vhid 1 carpdev em0 pass Ahsooqu3 advskew 200 inet alias 172.19.224.131 255.255.255.255 inet alias 172.19.224.41 255.255.255.255 inet alias 172.19.224.40 255.255.255.255 inet alias 172.19.224.181 255.255.255.255 inet alias 172.19.224.182 255.255.255.255 And yes the subnet masks for the alias' should be /32 and you will see a warning in the logs during fail-over. This is fine, the devs just haven't muted the check warning yet. You've done it right if 'netstat -rn' shows; 172.19.224.131 127.0.0.1 UGHS 00 33152 8 lo0 172.19.224.131/32 172.19.224.131 U 00 - 4 carp0 [root@server ~]# cat /etc/hostname.pfsync0 up syncdev em1 [root@server ~]# cat /etc/pf.conf ext_if=carp0 You don't refer to CARP as an interface, it is simply a VRRP watchdog interface (for example you cannot set the MTU on a CARP interface as it is not really an interface. Use the physical.. ext_if=em0 set fingerprints /etc/pf.os set optimization aggressive set limit states 9 Definitely needs to be higher! try 1 million.. set limit src-nodes 65000 table bad_ip persist table internat_net persist file /etc/internal_net table admitted_net persist file /etc/admitted.txt # vip1_address = 172.19.224.181 # vip2_address = 172.19.224.16 vip3_address = 172.19.224.131 # vip4_address = 172.19.224.41 # vip5_address = 172.19.224.40 Just to keep you sane remember these rules; # (SNAT) NATing is done before filtering, 'pass out on $if_ext from $external_carp_ip1' (public address as src for outbound). # (DNAT) RDRing is done before filtering, 'pass in on $if_ext from any to $internal_ip1' (private address as dst for inbound). [image: OpenBSD_PF_flow] # Dejo de procesar cuando se trata de las redes internas pass in quick from internat_net to any # Dejo pasar las ips desde las redes permitidas # pass in quick from admitted_net to $vip1_address pass in quick
Re: R: Re: speex can't find /usr/lib/libsndio.so.5.0
On Mon, Nov 18, 2013 at 01:58:54PM +, claudiozu...@gmail.com wrote: I've tried a few different mirrors and they all seem to have the same issue, could you suggest me one? Packages build may not be complete yet so the packages with the libsndio.so.6.0 may not be available yet. Base system builds are faster than packages builds so they tend to be ahead. -- Alexandre
R: Re: speex can't find /usr/lib/libsndio.so.5.0
I've tried a few different mirrors and they all seem to have the same issue, could you suggest me one? --Messaggio originale-- Da: Alexandre Ratchov A: Me Cc: misc@openbsd.org Oggetto: Re: speex can't find /usr/lib/libsndio.so.5.0 Inviato: 18 nov 2013 08:26 On Sun, Nov 17, 2013 at 10:41:12PM +0100, Claudio wrote: Hello, On the latest snapshot when trying to install speex (it's brought in by firefox) it fails since it can't find /usr/lib/libsndio.so.5.0 , libsndio.so.6.0 is present instead. The packages snapshot you're using is not in sync with the base system. If you can't upgrade packages it right away, (in this very particular case) it is safe to symlink libsndio.so.6.0 to libsndio.so.5.0 -- Alexandre TIM: la tua mail in mobilità con il BlackBerry®
time_t
double (or even better long double) would be a better underlying type for time_t than long long. Programs that are using time_t properly would not notice the difference. Programs that very incorrect would get complete garbage for a result, and thus be easier to notice and correct. Using double for time_t would allow a time_t value to be used as a time stamp for events separated by milliseconds. Using long double for time_t would allow time_t to be used as time stamps to record time starts and finish crossing an atom. I am sure the CERN would like it. It time_t is a double. It also makes sense for clock_t to be a double in the same units.
OpenBSD DNS/Web Infrastructure
Hi All, I've been a user of OpenBSD for almost 10 years now and always advocated it, as the most free and secure OS in the world (which it is). But some things have been bugging me even more on the last few months. In light of the recent events that changed the way the entire world see the internet, aka, spying, I've been paying even more attention to any form of surveillance and monitoring. One thing I've been doing is using dnscrypt, because my ISP did use transparent dns proxying, as I confirmed it using several methods, including the wonderful site www.dnsleaktest.com. Needless to say, that I changed my ISP. And I'm using dnscrypt with opendns. Now, I'd like to ask why the openbsd infrastructure servers (www, anoncvs, packages), do not make use of SSL certs, SSHFP DNS records, etc. One of the recent changes of OpenSSH was to trust SSHFP records by default when the domain zone is using DNSSEC. But the main anoncvs server, which is the source of all code, do not have such record. Not even on the anoncvs page there isn't the fingerprint published. I know that the most secure way is to buy the CD's and use then. But what about the errata patches? And security related packages updates? None of those can be reliably verified. I know and use the binpatches + packages updates from M:Tier. But the trust is placed on a third party, not on the OpenBSD project itself. Great job M:Tier, by the way. I volunteer myself to donate a wildcard ssl cert to the openbsd.org domain (I use on in my company). And I also have a script that uses the sshfp tool to update the ssh fingerprints on a named zone file. One thing that the dnscrypt project uses is TXT dns records to store sha256 sums of their releases. This, on top of dnssec, is one of the most secure ways of distributing hashes that I'm aware of. Today, to verify the releases, I randomly download the SUMS files and releases ones from different mirrors and using different internet links, but this method isn't 100% interception proof, but it is what can be done now, with the current infrastructure. On the packages side, I know that not all the mirrors can't have dnssec nor ssl on top of them. But if we could at least verify the signature with an OpenBSD provided cert that is installed with the release itself, this would be awesome. Anyway, these are just suggestions, and I would be happy to help implement them. What you guys think? Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
Re: time_t
double (or even better long double) would be a better underlying type for time_t than long long. If you believe strongly in this idea, you should take an entire operating system base and prove the case. By converting the entire base. By showing that it will work. By getting X and firefox running on it. By fixing NTP, DNS, and everything else. Programs that are using time_t properly would not notice the difference. Programs that very incorrect would get complete garbage for a result, and thus be easier to notice and correct. And through this processs we will reach time_t utopia? Using double for time_t would allow a time_t value to be used as a time stamp for events separated by milliseconds. Using long double for time_t would allow time_t to be used as time stamps to record time starts and finish crossing an atom. I am sure the CERN would like it. It time_t is a double. It also makes sense for clock_t to be a double in the same units. So in that case, you should start by converting a entire OS source tree. Without that step, your assertion lacks essential value, because the benefits may be significantly minor compared to the difficulties on the way. I recommend you a lot of luck inside the kernel, because it cannot do floating point. And time_t math is done inside the kernel (what are the odds..) See, the kernels avoid doing floating point because the floating point registers contain values for the userland contexts. You could undo this feature, and then argue that the performance losses are irrelevant. You will also have great fun in the various DNS related codebases. Good luck!
Re: time_t
http://pubs.opengroup.org/onlinepubs/9699919799/ On Mon, Nov 18, 2013 at 17:47, Peter Fraser wrote: double (or even better long double) would be a better underlying type for time_t than long long. Programs that are using time_t properly would not notice the difference. Programs that very incorrect would get complete garbage for a result, and thus be easier to notice and correct. Using double for time_t would allow a time_t value to be used as a time stamp for events separated by milliseconds. Using long double for time_t would allow time_t to be used as time stamps to record time starts and finish crossing an atom. I am sure the CERN would like it. It time_t is a double. It also makes sense for clock_t to be a double in the same units.
Re: For Google+ users: BSD community
Also, the strictly OpenBSD community on G+: https://plus.google.com/communities/113634135604793474364 | -Original Message- | From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On | Behalf Of Tony Sidaway | Sent: Monday, November 18, 2013 6:18 AM | To: OpenBSD misc | Subject: For Google+ users: BSD community | | If you're using Google+, this community brings together all BSD systems and | BSD projects such as pf, OpenSSH and ZFS. I started it so I could keep in touch | with what's going on in other BSDs while I happily use OpenBSD, and that's | pretty much how it works out. | | It's spam-free and 100% on topic, and mostly consists of announcements and | links to news items from the different communities. OpenBSD is well | represented. | | https://plus.google.com/communities/100298923022265155991
Re: time_t
Theo de Raadt wrote: double (or even better long double) would be a better underlying type for time_t than long long. If you believe strongly in this idea, you should take an entire operating system base and prove the case 15 years ago a gen-yoo-wine software engineer in our department suggested an optimization in an often-executed loop in our code. The curmudgeonly architect/programmer lowered his eyeglasses and stared across the table. And if we make this change, he said, and it passes testing, and is pushed to all our customers, each of them will save, oh, 1.5 seconds of execution time per year. -- Jack Woehr # We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is. http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
Re: GM45 gpu hung error
GM45 works fine playing html5 videos in firefox for me OpenBSD 5.4-current (GENERIC.MP) #150: Thu Nov 14 00:30:57 MST 2013 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4161064960 (3968MB) avail mem = 4042162176 (3854MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf6520 (57 entries) bios0: vendor Dell Inc. version A19 date 10/30/2009 bios0: Dell Inc. Latitude E6400 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP HPET DMAR APIC ASF! MCFG TCPA SLIC SSDT acpi0: wakeup devices PCI0(S4) PCIE(S4) USB1(S0) USB2(S0) USB3(S0) USB4(S0) USB5(S0) USB6(S0) EHC2(S0) EHCI(S0) AZAL(S3) RP01(S4) RP02(S4) RP03(S4) RP04(S3) RP05(S3) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz, 2394.32 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF cpu0: 3MB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 cpu0: apic clock running at 265MHz cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz, 2394.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF cpu1: 3MB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 2 acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiprt0 at acpi0: bus 3 (PCIE) acpiprt1 at acpi0: bus -1 (AGP_) acpiprt2 at acpi0: bus 11 (RP01) acpiprt3 at acpi0: bus 12 (RP02) acpiprt4 at acpi0: bus 13 (RP03) acpiprt5 at acpi0: bus -1 (RP04) acpiprt6 at acpi0: bus -1 (RP05) acpiprt7 at acpi0: bus -1 (RP06) acpiprt8 at acpi0: bus 0 (PCI0) acpiec0 at acpi0 acpicpu0 at acpi0: C3, C2, C1, PSS acpicpu1 at acpi0: C3, C2, C1, PSS acpitz0 at acpi0: critical temperature is 107 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: PBTN acpibtn2 at acpi0: SBTN acpiac0 at acpi0: AC unit online acpibat0 at acpi0: BAT0 model DELL FU27481 serial 65534 type LION oem Sanyo acpibat1 at acpi0: BAT1 not present acpivideo0 at acpi0: VID_ acpivideo1 at acpi0: VID_ acpivout0 at acpivideo1: LCD_ acpivideo2 at acpi0: VID2 cpu0: Enhanced SpeedStep 2394 MHz: speeds: 2535, 2534, 1600, 800 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x07 vga1 at pci0 dev 2 function 0 Intel GM45 Video rev 0x07 intagp0 at vga1 agp0 at intagp0: aperture at 0xe000, size 0x1000 inteldrm0 at vga1 drm0 at inteldrm0 inteldrm0: 1440x900 wsdisplay0 at vga1 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) Intel GM45 Video rev 0x07 at pci0 dev 2 function 1 not configured Intel GM45 HECI rev 0x07 at pci0 dev 3 function 0 not configured pciide0 at pci0 dev 3 function 2 Intel GM45 PT IDER rev 0x07: DMA (unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI pciide0: using apic 2 int 18 for native-PCI interrupt pciide0: channel 0 ignored (not responding; disabled or no drives?) pciide0: channel 1 ignored (not responding; disabled or no drives?) puc0 at pci0 dev 3 function 3 Intel GM45 KT rev 0x07: ports: 1 com com4 at puc0 port 0 apic 2 int 17: ns16550a, 16 byte fifo com4: probed fifo depth: 0 bytes em0 at pci0 dev 25 function 0 Intel ICH9 IGP M AMT rev 0x03: msi, address 00:26:b9:97:c6:58 uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x03: apic 2 int 20 uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x03: apic 2 int 21 uhci2 at pci0 dev 26 function 2 Intel 82801I USB rev 0x03: apic 2 int 22 ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x03: apic 2 int 22 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 azalia0 at pci0 dev 27 function 0 Intel 82801I HD Audio rev 0x03: msi azalia0: codecs: IDT 92HD71B7, Intel/0x2802, using IDT 92HD71B7 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x03: msi pci1 at ppb0 bus 11 ppb1 at pci0 dev 28 function 1 Intel 82801I PCIE rev 0x03: msi pci2 at ppb1 bus 12 iwn0 at pci2 dev 0 function 0 Intel WiFi Link 5300 rev 0x00: msi, MIMO 3T3R, MoW, address 00:21:6a:9c:53:36 ppb2 at pci0 dev 28 function 2 Intel 82801I PCIE rev 0x03: msi pci3 at ppb2 bus 13 uhci3 at pci0 dev 29 function 0 Intel 82801I USB rev 0x03: apic 2 int 20 uhci4 at pci0 dev 29 function 1 Intel 82801I USB rev 0x03: apic 2 int 21 uhci5 at pci0 dev 29 function 2 Intel 82801I USB rev 0x03: apic 2 int 22 ehci1 at pci0 dev 29 function 7 Intel 82801I USB rev 0x03: apic 2 int 20 usb1 at ehci1: USB revision 2.0
Re: carp+pfsync+relayd question
Hello all, unfortunally i have to setup a cron entry that bounce relayd. Here the log that show how relayd stopped working Nov 18 18:34:55 v-arcbabalancer01 relayd[20347]: relay relay5, session 1961 (54 active), 0, 200.16.99.232 - 172.19.224.71:80, done Nov 18 18:34:55 v-arcbabalancer01 relayd[28629]: relay relay4, session 1959 (40 active), 0, 201.251.221.57 - 172.19.224.72:80, done Nov 18 18:34:55 v-arcbabalancer01 relayd[13074]: relay relay4, session 1990 (61 active), 0, 190.189.189.171 - 172.19.224.70:80, done Nov 18 18:34:55 v-arcbabalancer01 relayd[24546]: relay exiting, pid 24546 Nov 18 18:34:55 v-arcbabalancer01 relayd[13924]: relay relay4, session 1883 (43 active), 0, 190.228.28.250 - :0, buffer event timeout Nov 18 18:34:55 v-arcbabalancer01 relayd[27128]: relay relay4, session 2063 (49 active), 0, 201.255.217.232 - 172.19.224.71:80, done Nov 18 18:34:55 v-arcbabalancer01 relayd[24551]: pfe exiting, pid 24551 Nov 18 18:34:55 v-arcbabalancer01 relayd[3602]: hce exiting, pid 3602 Nov 18 18:34:55 v-arcbabalancer01 relayd[13924]: relay relay4, session 1964 (43 active), 0, 190.12.181.160 - 172.19.224.73:80, done Nov 18 18:34:55 v-arcbabalancer01 relayd[17688]: relay relay4, session 2080 (49 active), 0, 186.126.250.165 - 172.19.224.72:80, done Nov 18 18:34:55 v-arcbabalancer01 relayd[28629]: relay relay5, session 1891 (39 active), 0, 190.179.204.226 - :0, buffer event timeout Nov 18 18:34:55 v-arcbabalancer01 relayd[28629]: relay relay4, session 1962 (39 active), 0, 190.189.189.171 - 172.19.224.70:80, done Nov 18 18:34:55 v-arcbabalancer01 relayd[22840]: relay exiting, pid 22840 Nov 18 18:34:55 v-arcbabalancer01 relayd[5545]: relay exiting, pid 5545 Nov 18 18:34:55 v-arcbabalancer01 relayd[1089]: relay exiting, pid 1089 Nov 18 18:34:55 v-arcbabalancer01 relayd[28629]: relay exiting, pid 28629 Nov 18 18:34:55 v-arcbabalancer01 relayd[857]: relay exiting, pid 857 Nov 18 18:34:55 v-arcbabalancer01 relayd[27128]: relay exiting, pid 27128 Nov 18 18:34:55 v-arcbabalancer01 relayd[20347]: relay exiting, pid 20347 Nov 18 18:34:55 v-arcbabalancer01 relayd[13074]: relay exiting, pid 13074 Nov 18 18:34:55 v-arcbabalancer01 relayd[7637]: relay exiting, pid 7637 Nov 18 18:34:55 v-arcbabalancer01 relayd[8449]: relay exiting, pid 8449 Nov 18 18:34:55 v-arcbabalancer01 relayd[30009]: relay exiting, pid 30009 Nov 18 18:34:55 v-arcbabalancer01 relayd[13924]: relay exiting, pid 13924 Nov 18 18:34:55 v-arcbabalancer01 relayd[4542]: relay exiting, pid 4542 Nov 18 18:34:55 v-arcbabalancer01 relayd[13505]: parent terminating, pid 13505 Nov 18 18:39:11 v-arcbabalancer01 puppet-agent[20912]: Finished catalog run in 2.59 seconds Nov 18 18:58:04 v-arcbabalancer01 relayd[9964]: startup Best regards, yours Saludos.- Leonardo Santagostini http://ar.linkedin.com/in/santagostini 2013/11/18 Leonardo Santagostini lsantagost...@gmail.com Hello Jan, thanks for answering. The point was with booting without bsd.mp, now box rebooted and showing 4 procs =) By now, all is working fine. Thank for all your support. I will keep you all informed how things are going. Best regards Saludos.- Leonardo Santagostini http://ar.linkedin.com/in/santagostini 2013/11/18 Jan Lambertz jd.arb...@googlemail.com qemu-kvm ...-smp sockets=2 ... solved it for me. What qemu version an build are you using ? Am 14.11.2013 18:47 schrieb Leonardo Santagostini lsantagost...@gmail.com : Thanks a lot to all, i will give it a try and gives tou you feedback as soon as it get implemented. Saludos.- Leonardo Santagostini http://ar.linkedin.com/in/santagostini 2013/11/14 Andy a...@brandwatch.com On 14/11/13 15:21, Leonardo Santagostini wrote: Hello misc, Im doing my final approach to put a production system with carp+pfsync+relayd on production. The point is that im facing some trouble setting more than one ip alias address with different vhid and different passwd. So, this is the scenario. Im trying to relayd more or less 15 sites so i have conceptual doubts. 1) is it nesessary to create one carp interface for each one of my internals VIP address 2) my understanding is that i have to work with pf on my carp interfaces. I have tried to put two different VIP's on my carp, but whitout lucky. Here is the homework. [root@server ~]# uname -a OpenBSD server.internaldomain.com 5.4 GENERIC#37 amd64 [root@server ~]# [root@server ~]# cat /etc/hostname.em0 inet 172.19.224.180 255.255.255.0 [root@server ~]# cat /etc/hostname.em1 inet 172.19.226.231 255.255.255.0 172.19.226.255 [root@server ~]# cat /etc/hostname.carp0 # inet alias 172.19.224.16 255.255.255.255 172.19.224.255 vhid 1 advskew 10 carpdev em0 pass Ahsooqu3 inet alias 172.19.224.131 255.255.255.0 172.19.224.255 vhid 2 advskew 10 carpdev em0 pass Meixo9oe # inet alias 172.19.224.41 255.255.255.255 172.19.224.255 vhid 3 advskew 10 carpdev
Re: For Google+ users: BSD community
Join both! Breen Ouellette's community is best for a focus on OpenBSD.
Re: For Google+ users: BSD community
And being one of the .. contributors of the OpenBSD G+ community (ie, reposter from undeadly ;), I thought that the openbsd stuff in the general BSD channel was mostly all the good stuff from the specific OpenBSD channel anyhow, so I'd rather point people to the OpenBSD one. 2013/11/19 Tony Sidaway tonysida...@gmail.com Join both! Breen Ouellette's community is best for a focus on OpenBSD. -- May the most significant bit of your life be positive.
