Re: reordering libraries:/etc/rc[443]: ./test-ld.so: Permission denied
On Wed, 27 Sep 2017, Theodore Wynnychenko wrote: ... > Thank you for the information. I removed the “noexec” flag from fstab > and the error has disappeared. > > But, I am also surprised by the requirement that /tmp _not_ be mounted > noexec for this to function correctly. I recall reading that it was > best to mount filesystems with the most restrictive settings possible > for that specific filesystem, and that /tmp should be mounted with > (essentially) nothing set (ie: nodev, nosuid, noexec). > > Am I incorrect or has something changed in this regard? > > It seems to me that, as a general rule, making /tmp noexec is a good > thing from a security standpoint; but I admit that I don’t know enough > about this to be sure. > > Anyway, I just added a line to rc.local to remount temp as noexec at the > end of the boot so that rc would work without errors and that /tmp is > noexec once the system is up. To quote a co-worker: "What problem are you trying to solve?" Or, in this case: What attack/threat vector are you trying to block? What on your system is running with (a) ability to exec (think pledge(2)), *and* (b) access to /tmp but *without* write access to other directories (like $HOME) that aren't mounted noexec? If the answer is "nothing", then marking /tmp as noexec is only annoying you. Philip Guenther
Re: reordering libraries:/etc/rc[443]: ./test-ld.so: Permission denied
On Sep 25, 2017, at 9:31 PM, Philip Guentherwrote: On Mon, 25 Sep 2017, Theodore Wynnychenko wrote: I noticed this message in the dmesg after updating -current yesterday. I am not sure what it means. There is no file "test-ld.so" anywhere on the system that I can find. I also see that it appears this part of rc was just committed in the last few weeks. Why is this happening, and is there anything that I should do to correct the "Permission denied" error? It means that after /etc/rc had built a new ld.so, when it tried to test it by running the test-ld.so program (which is packaged inside /usr/libdata/ld.so.a), it failed with that error, EACCES. My guess is that you're hitting this: [EACCES] The new process file is on a filesystem mounted with execution disabled (MNT_NOEXEC in ). If you're mounting /tmp with the noexec flag, then stop doing that. Philip Guenther Thank you for the information. I removed the “noexec” flag from fstab and the error has disappeared. But, I am also surprised by the requirement that /tmp _not_ be mounted noexec for this to function correctly. I recall reading that it was best to mount filesystems with the most restrictive settings possible for that specific filesystem, and that /tmp should be mounted with (essentially) nothing set (ie: nodev, nosuid, noexec). Am I incorrect or has something changed in this regard? It seems to me that, as a general rule, making /tmp noexec is a good thing from a security standpoint; but I admit that I don’t know enough about this to be sure. Anyway, I just added a line to rc.local to remount temp as noexec at the end of the boot so that rc would work without errors and that /tmp is noexec once the system is up. Is that bad? Thanks --- This email has been checked for viruses by AVG. http://www.avg.com
Re: regarding the default path for pkg_add in -current
On Wed, 27 Sep 2017 20:57:10 -0600, and...@quickstick.net wrote: > Also, after login, pkg_add is very determined to use to the same > ../6.2/.. directory path. For the benefit of others who might find > themselves in the same spot, the workaround is to use the full path > while using pkg_add. A better solution is to use pkg_add -Dsnap Cheers, Daniel
Re: regarding the default path for pkg_add in -current
On Wed, Sep 27, 2017 at 7:57 PM,wrote: > Regarding GENERIC.MP #115 > > I have a feeling you are about to roll into 6.2, however I just want to > bring the following to your attention in case it matters. > > I just did a clean install of -current using the bsd.rd dated 2017-09-27. > Within the install sequence of questions, the default download path has > been hardcoded to ../6.2/... as opposed to ../snapshots/.. > > I manually changed it to ../snapshots/ and it installed as expected. > Also, after login, pkg_add is very determined to use to the same ../6.2/.. > directory path. For the benefit of others who might find themselves in the > same spot, the workaround is to use the full path while using pkg_add. > <...> Instead of using a full path, does invoking pkg_add with the option -Dsnap result in the desired behavior? Philip Guenther
regarding the default path for pkg_add in -current
Hello Folks !! Regarding GENERIC.MP #115 I have a feeling you are about to roll into 6.2, however I just want to bring the following to your attention in case it matters. I just did a clean install of -current using the bsd.rd dated 2017-09-27. Within the install sequence of questions, the default download path has been hardcoded to ../6.2/... as opposed to ../snapshots/.. I manually changed it to ../snapshots/ and it installed as expected. Also, after login, pkg_add is very determined to use to the same ../6.2/.. directory path. For the benefit of others who might find themselves in the same spot, the workaround is to use the full path while using pkg_add. In my case, it is: $ doas pkg_add \ https://ftp3.usa.openbsd.org/pub/OpenBSD/snapshots/amd64/pkgname --- It looks like another great release is around the corner and as always I want to take the opportunity to thank Theo for his dedicated leadership and to all the past and present devs who make OpenBSD so special. Cheers !!!
Re: softraid crypto with keydisk and password
On Thu, Sep 28, 2017 at 09:11:49AM +1000, tomr wrote: > I remember seeing a post, I think on undeadly.org, which went through > having the bootloader on password-encrypted usb drive, that also > contains a keyfile for the main disk. It said something like "I also > wanted the laptop to appear broken, and the disk full of random data, if > the usb drive wasn't present - rather than stopping at a password prompt" Here you go: http://www.undeadly.org/cgi?action=article=20110530221728 Cheers, Erling > > There's something similar in the comments here from @mcbride > https://undeadly.org/cgi?action=article=20131112031806 > > But now an hour or so of searching fails to turn it up. Could anyone > share some clues on how to go about this? -- Erling Westenvik
Re: Can I rotate the framebuffer (e.g. using wsdisplay) in OpenBSD?
Le 27/09/2017 à 17:24, Stefan Sperling a écrit : On Wed, Sep 27, 2017 at 04:11:45PM +0200, Kamil Cholewiński wrote: On Wed, 27 Sep 2017, Francois Pussaultwrote: maybe installing a tool like xrandr ? Xrandr works only for X. I've skimmed wscons(4), wsdisplay(4), wsconscfg(8), wsconsctl(8), nothing about rotation... In -current, the console is rotated counter-clockwise if the display isn't already upright: https://marc.info/?l=openbsd-cvs=150266331224832=2 https://marc.info/?l=openbsd-cvs=150300131911666=2 This behaviour is hard-coded and cannot be configured. It helps machines which need counter-clockwise rotation, but is not ideal because some machines need clockwise rotation instead. There are plans to auto-detect and use the correct rotation required in the future. And if I use a monitor in portrait orientation ? -- Stéphane Aulery
softraid crypto with keydisk and password
I remember seeing a post, I think on undeadly.org, which went through having the bootloader on password-encrypted usb drive, that also contains a keyfile for the main disk. It said something like "I also wanted the laptop to appear broken, and the disk full of random data, if the usb drive wasn't present - rather than stopping at a password prompt" There's something similar in the comments here from @mcbride https://undeadly.org/cgi?action=article=20131112031806 But now an hour or so of searching fails to turn it up. Could anyone share some clues on how to go about this? tia, tom
Re: Openbsd 6.1 and Current Console Freezes and lockup Proxmox PVE5.0
It looks like a KVM bug, which I can cover on a span of commits. This are commits form the Linux stable repository. gitk bb3dd056ed1af9b186f0d9fe849eab78c51d14ce..813ae37e6aed72cc457094b6066aa38efd66c9e9 What is certainly safe in any case, it will affect all KVM hosted OpenBSD with a kernel which is newer than 4.9.
Re: relayd: high CPU usage by one or two proc. of many
My intention with this mail is to gather more qualitative help to, hopefully, ever solve this or to have more info so it can be provided to someone whom can solve this, if it is a bug. What I know for sure is that those boxes (dual-node setup) are exposed to a large HTTP PUT/POST requests. Large does not means ”put a 1G-sized stream”. Text it is. Of cause it is not a bug report. No info, if any, states this. Let’s see what I can gather more with fstat. Thanks. Br Maxim > 27 sep. 2017 kl. 20:51 skrev Theo de Raadt: > > This probably means the process has run out of file descriptors. > fstat might expose what is going on. If that's the case, roll your > sleeves up and study the code. As usual, the circumstances that > create this event are not being completely documented - I MEAN, what > I'm seeing here isn't a bug report including a configuration file > that reliably reproduces it.
Re: relayd: high CPU usage by one or two proc. of many
> >> ktrace gives me following: > >> 4013 relayd CALL getdtablecount() > >> 4013 relayd RET getdtablecount 101/0x65 > >> 4013 relayd CALL getrlimit(RLIMIT_NOFILE,0x7f7bb630) > >> 4013 relayd STRU struct rlimit { cur=3D65536, max=3D65536 } > >> 4013 relayd RET getrlimit 0 > >> 4013 relayd CALL recvmsg(550,0x7f7bb6a0,0) > >> 4013 relayd RET recvmsg -1 errno 35 Resource temporarily unavailable > >> 4013 relayd CALL getdtablecount() > >> 4013 relayd RET getdtablecount 101/0x65 > >> 4013 relayd CALL getrlimit(RLIMIT_NOFILE,0x7f7bb630) > >> 4013 relayd STRU struct rlimit { cur=3D65536, max=3D65536 } > >> 4013 relayd RET getrlimit 0 > >> 4013 relayd CALL recvmsg(550,0x7f7bb6a0,0) > >> 4013 relayd RET recvmsg -1 errno 35 Resource temporarily unavailable > >> 4013 relayd CALL getdtablecount() > >> 4013 relayd RET getdtablecount 101/0x65 > >> 4013 relayd CALL getrlimit(RLIMIT_NOFILE,0x7f7bb630) > >> 4013 relayd STRU struct rlimit { cur=3D65536, max=3D65536 } > >> 4013 relayd RET getrlimit 0 > >> 4013 relayd CALL recvmsg(550,0x7f7bb6a0,0) > >> 4013 relayd RET recvmsg -1 errno 35 Resource temporarily unavailable This probably means the process has run out of file descriptors. fstat might expose what is going on. If that's the case, roll your sleeves up and study the code. As usual, the circumstances that create this event are not being completely documented - I MEAN, what I'm seeing here isn't a bug report including a configuration file that reliably reproduces it.
Re: relayd: high CPU usage by one or two proc. of many
Hey, had to bring this up again as I’m facing the same problem. Exactly with the same ’error 35’ in trace. This time it is a 6.0-stable. Anything else can be done to track this down? Br Maxim > 24 feb. 2016 kl. 10:53 skrev Stuart Henderson: > > On 2016-02-24, mxb > > wrote: >> Hey, >> I have a strange behavior of relayd running on 5.8. >> This machine almost exclusively terminates TLS traffic. >> Exceptions are forwards which are in backup state (listen on CARP). >> >> Some times one or two relayd processes out of many consumes a lot of CPU >> and stays like this until I restart relayd. > >> ktrace gives me following: >> 4013 relayd CALL getdtablecount() >> 4013 relayd RET getdtablecount 101/0x65 >> 4013 relayd CALL getrlimit(RLIMIT_NOFILE,0x7f7bb630) >> 4013 relayd STRU struct rlimit { cur=65536, max=65536 } >> 4013 relayd RET getrlimit 0 >> 4013 relayd CALL recvmsg(550,0x7f7bb6a0,0) >> 4013 relayd RET recvmsg -1 errno 35 Resource temporarily unavailable >> 4013 relayd CALL getdtablecount() >> 4013 relayd RET getdtablecount 101/0x65 >> 4013 relayd CALL getrlimit(RLIMIT_NOFILE,0x7f7bb630) >> 4013 relayd STRU struct rlimit { cur=65536, max=65536 } >> 4013 relayd RET getrlimit 0 >> 4013 relayd CALL recvmsg(550,0x7f7bb6a0,0) >> 4013 relayd RET recvmsg -1 errno 35 Resource temporarily unavailable >> 4013 relayd CALL getdtablecount() >> 4013 relayd RET getdtablecount 101/0x65 >> 4013 relayd CALL getrlimit(RLIMIT_NOFILE,0x7f7bb630) >> 4013 relayd STRU struct rlimit { cur=65536, max=65536 } >> 4013 relayd RET getrlimit 0 >> 4013 relayd CALL recvmsg(550,0x7f7bb6a0,0) >> 4013 relayd RET recvmsg -1 errno 35 Resource temporarily unavailable >> >> Human readable file after kdump is filled with those lines. >> This as far of my understanding is about limit of openfiles. > > It's not files; errno 35 is EAGAIN - it is likely that this was > fixed in -current (2015/12/05).
Re: Crypto softraid is supported on GPT/UEFI boot and not just on BIOS/MBR boot, right?
> On Wed, Sep 27, 2017 at 10:31:22AM -, ti...@openmailbox.org wrote: >> probing: pc0 mem[572K 56K 495M 1455M 5M 6144M] >> disk: hd0* hd1* hd2 sr0* >> >> OpenBSD/amd64 BOOTX64 3.32 >> open(hd0a:/etc/boot.conf): Invalid Argument >> boot> >> >> >> This error may be because OpenBSD creating "boot.conf" within the FAT32 EFI >> system boot volume actually crates "bo~1.con", which is not resolved as >> "boot.conf" by OpenBSD's BOOTX64 EFI loader program? - > > boot.conf has nothing to do with it. > softraid boot is handled independently from boot.conf. > >> How do I instruct BOOTX64 to boot from sr0a:/boot ? > > What's odd is that you have a bootable sr0 but the boot loader still > tries hd0 instead. That looks like a bug. Usually sr0 should be tried > in this situation. > > I don't know the solution. Perhaps try re-running installboot? > > FWIW, this all works fine for me on a thinkpad helix2. Hi Stefan, I first tried booting the machine (by typing "boot sr0a:/bsd" in the boot console of course), and doing "installboot -v sd0". It says: Using / as root installing bootstrap on /dev/rsd0c using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot copying /usr/mdec/BOOTIA32.EFI to /tmp/installboot.MjdT8BAY8o/efi/BOOT/BOOTIA32.EFI copying /usr/mdec/BOOTIX64.EFI to /tmp/installboot.MjdT8BAY8o/efi/BOOT/BOOTIX64.EFI ..and after rebooting the machine, booting was still not automatic. I then booted the machine (by typing "boot sr0a:/bsd" in the boot console again of course) and did "installboot -v sd1", and it gave: Using / as root installing bootstrap on /dev/rsd0c using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot sd1: softraid volume with 1 disk(s) sd1: installing boot loader on softraid volume /usr/mdec/boot is 6 blocks x 16384 bytes copying /usr/mdec/BOOTIA32.EFI to /tmp/installboot.1lt1hgtQYa/efi/BOOT/BOOTIA32.EFI copying /usr/mdec/BOOTIX64.EFI to /tmp/installboot.1lt1hgtQYa/efi/BOOT/BOOTIX64.EFI Rebooting, that also did not help. I tried with "fdisk -e sd1" and disabling the 1 (EFI) partition by setting its type to 0 (so that installboot would not try to install any EFI files to sd1i) and then doing "installboot sd1", and that did not help too. What am I doing wrong, are there actually any installboot arguments that could help me make it work? Would I need to add some debug output lines to installboot? Actually, it would be nice if installboot's verbose mode would clarify which configuration the boot code is actually set up with, so the user is a bit more saved from the wild-guessing-by-a-large-number-of-reboots-hoping-for-the-best kind of method I'm refered to right now. Please let me know what I should do now to fix it - Thanks, Tinker
Re: Can I rotate the framebuffer (e.g. using wsdisplay) in OpenBSD?
> On Wed, Sep 27, 2017 at 04:11:45PM +0200, Kamil Cholewiński wrote: >> On Wed, 27 Sep 2017, Francois Pussaultwrote: >> > maybe installing a tool like xrandr ? >> >> Xrandr works only for X. I've skimmed wscons(4), wsdisplay(4), >> wsconscfg(8), wsconsctl(8), nothing about rotation... > > In -current, the console is rotated counter-clockwise if the display > isn't already upright: > https://marc.info/?l=openbsd-cvs=150266331224832=2 > https://marc.info/?l=openbsd-cvs=150300131911666=2 > > This behaviour is hard-coded and cannot be configured. It helps machines which > need counter-clockwise rotation, but is not ideal because some machines need > clockwise rotation instead. There are plans to auto-detect and use the correct > rotation required in the future. How could the display know that it's rotated, from that the width < the height, in a world of landscape-only displays?
Re: Installer hangs - "already acking lease"
https://github.com/openbsd/src/commits/master/usr.sbin/dhcpd Maybe one of the few changes to dhcpd in the last few months? On Wed, Sep 27, 2017 at 10:09 AM, Eivind Eidewrote: > > Can you post the dmesg? > > Yes. And more. Full output from sendbug below. > > > Does 6.0 or 6.1 release work? > > Yes and yes. > > > >Synopsis:dhclient in 6.2 snapshot bsd.rd installer hangs > >Category:system upgrade > >Environment: > System : OpenBSD 6.1 > Details : OpenBSD 6.1 (GENERIC) #291: Sat Apr 1 13:49:08 MDT 2017 > dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/ > GENERIC > > Architecture: OpenBSD.i386 > Machine : i386 > >Description: > > >How-To-Repeat: > > >Fix: > > > > dmesg: > OpenBSD 6.1 (GENERIC) #291: Sat Apr 1 13:49:08 MDT 2017 > dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC > cpu0: Intel(R) Pentium(R) 4 Mobile CPU 1.80GHz ("GenuineIntel" > 686-class) 1.80 GHz > cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV, > PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PERF > real mem = 2146852864 (2047MB) > avail mem = 2093019136 (1996MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: date 05/15/03, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. > 2.3 @ 0xf7690 (61 entries) > bios0: vendor Dell Computer Corporation version "A09" date 05/15/2003 > bios0: Dell Computer Corporation Latitude C640 > acpi0 at bios0: rev 0 > acpi0: sleep states S0 S1 S3 S4 S5 > acpi0: tables DSDT FACP > acpi0: wakeup devices LID_(S3) PBTN(S4) PCI0(S3) UAR1(S3) USB0(S1) > USB1(S1) USB2(S1) MODM(S3) PCIE(S3) MPCI(S3) > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus 1 (AGP_) > acpiprt2 at acpi0: bus 2 (PCIE) > acpiprt3 at acpi0: bus -1 (MPCI) > acpipwrres0 at acpi0: PADA, resource for ADPT > acpitz0 at acpi0: critical temperature is 99 degC > acpiac0 at acpi0: AC unit online > acpibat0 at acpi0: BAT0 model "LIP8120DLP" serial 5184 type LION oem > "Sony Corp." > acpibat1 at acpi0: BAT1 not present > acpibtn0 at acpi0: LID_ > acpibtn1 at acpi0: PBTN > acpibtn2 at acpi0: SBTN > "PNP0F13" at acpi0 not configured > "PNP0303" at acpi0 not configured > "PNP0700" at acpi0 not configured > "PNP0501" at acpi0 not configured > "PNP0401" at acpi0 not configured > acpidock0 at acpi0: GDCK not docked (0) > acpivideo0 at acpi0: VID_ > bios0: ROM list: 0xc/0xf000 0xcf000/0x800! 0xcf800/0x800! > cpu0 at mainbus0: (uniprocessor) > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > pci0 at mainbus0 bus 0: configuration mode 1 (bios) > pchb0 at pci0 dev 0 function 0 "Intel 82845 Host" rev 0x04 > intelagp0 at pchb0 > agp0 at intelagp0: aperture at 0xe800, size 0x400 > ppb0 at pci0 dev 1 function 0 "Intel 82845 AGP" rev 0x04 > pci1 at ppb0 bus 1 > radeondrm0 at pci1 dev 0 function 0 "ATI Radeon Mobility M7" rev 0x00 > drm0 at radeondrm0 > radeondrm0: irq 11 > uhci0 at pci0 dev 29 function 0 "Intel 82801CA/CAM USB" rev 0x02: irq 11 > ppb1 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x42 > pci2 at ppb1 bus 2 > xl0 at pci2 dev 0 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq > 11, address 00:08:74:48:40:d6 > exphy0 at xl0 phy 24: 3Com internal media interface > cbb0 at pci2 dev 1 function 0 "TI PCI1420 CardBus" rev 0x00: irq 11 > cbb1 at pci2 dev 1 function 1 "TI PCI1420 CardBus" rev 0x00: irq 11 > ath0 at pci2 dev 3 function 0 "Atheros AR2413" rev 0x01: irq 11 > ath0: AR2413 7.8 phy 4.5 rf 5.6 eeprom 5.2, WOR3W, address > 00:16:cf:53:07:71 > cardslot0 at cbb0 slot 0 flags 0 > cardbus0 at cardslot0: bus 4 device 0 cacheline 0x8, lattimer 0x20 > pcmcia0 at cardslot0 > cardslot1 at cbb1 slot 1 flags 0 > cardbus1 at cardslot1: bus 5 device 0 cacheline 0x8, lattimer 0x20 > pcmcia1 at cardslot1 > ichpcib0 at pci0 dev 31 function 0 "Intel 82801CAM LPC" rev 0x02 > pciide0 at pci0 dev 31 function 1 "Intel 82801CAM IDE" rev 0x02: DMA, > channel 0 configured to compatibility, channel 1 configured to > compatibility > wd0 at pciide0 channel 0 drive 0: > wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors > wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 > atapiscsi0 at pciide0 channel 1 drive 0 > scsibus1 at atapiscsi0: 2 targets > cd0 at scsibus1 targ 0 lun 0: ATAPI > 5/cdrom removable > cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 > auich0 at pci0 dev 31 function 5 "Intel 82801CA/CAM AC97" rev 0x02: irq > 11, ICH3 > ac97: codec id 0x4352595b (Cirrus Logic CS4205 rev 3) > ac97: codec features mic channel, tone, simulated stereo, bass boost, > 20 bit DAC, 18 bit ADC, SRS 3D > audio0 at auich0 > "Intel 82801CA/CAM Modem" rev 0x02 at pci0 dev 31 function 6 not configured > usb0 at uhci0: USB revision 1.0 > uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev > 1.00/1.00 addr 1 > isa0 at ichpcib0 > isadma0 at isa0 > fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 > com0 at isa0
Re: routing problem with wordpress and external and internal traffic
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Op 27-9-2017 om 11:20 schreef Markus Rosjat: > Hi there, > > I have a small problem getting a wordpress instance, that works with ips in the url, to work from the internal net. > > So here ist the setup > > a webserver for some application behind a Openbsd Firewall (webbserver is openBSD 6.0) I have a static ip for my external nic and the wordpress instance uses the external ip in the site url. Additionally I have to use a diffrent port then https because there is a proxy server listining for some other application. > > While reaching the site from the outsite world is no problem because its simple redirect to the webserver and the wordpress instance has the url saved it becomes kinda tricky to reach the wordpress instance from the inside. in the internal net the webserver is listens on port 80 and 443 so I can reach it from the inside but then the wordpress instance is rewiriting the url to a port that isnt 443 becuase from the outsideworld it expects a diffrent port. > > So question now is, is it possible to route the way from inside to the outside and back without inventing the wheel new or is it simpler just to let the webserver listen to the diffrent port too? > > I hope it makes sense to someone to give me a push in the right direction > > regards > Hi, I think you are looking for something along the lines like: match in on $vlan1 proto tcp from any to $realoutside port 443 rdr-to $misp port 443 vlan1 is an inside network, and misp is an internal machine (was reachable from the outside and needed to be reachable on the inside as well). Am I correct? Regards, Erik -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZy814AAoJEAeixT/cUIgnicQP/0+bYFH04K3ZagwfTi22NjMN 0txdUlLJCIJtRVaeLFJ4u7MDCKC9CzJO6s7NIwBmwKmaE40fL+itWAJH/qQ1DRQ3 uyG8AlccGLS+KnjNze7zR3rDPMsJFrgtOKVAU0YRNYEFxS0ShYBzme8ZydAwxq7M Br/RxTHEA1kV0kfYk7z1JffdjYkGPpZG9/ocwdVKiwKBOf0LAz8OrlAwEhDcjd/B jWs/T6GkFNDUo1qS1kmRpwXGIHCGjNdz9k1y3kaZ0lz2htt5ITfya1+d09kFNtaB N/OIOwj2mLF6WnJrQ/RDmqEDzIX74XUROH7a1hKJpIhDU8yVRgva/czR5CCkOz+m xwEKESeXhhccOF1aCmY/K3btK0LuBxQqxg48T0XiWeSFyK0V4+nMy4Ddohfuvoll xyYt225XIWB+9hgNOTuChtuy7hKltj8Lv3dyTrNxkRRd/VFF2d0hm/e4FB3NLdFJ 9SwfeOp/NJ33vc3Z0ohx8589sWfL47IleEQWxEBebVE8uQQI/d+bygDa/HhUaB+W P1jzETwHeis/SrIp7wShWC600lCsoNLWvcMHrR0Yu2oCNJsUsbwYvs7SmBIvYBty F6GVpP4Y62hwbHWIL/nALdJSUF6r0GDsn+Gd1DLxQ6ZzP++bBScq93zdW0VXsIxo 3/vQdsjNd6uhh7JwhiXW =XXdi -END PGP SIGNATURE-
Re: Can I rotate the framebuffer (e.g. using wsdisplay) in OpenBSD?
On Wed, Sep 27, 2017 at 04:11:45PM +0200, Kamil Cholewiński wrote: > On Wed, 27 Sep 2017, Francois Pussaultwrote: > > maybe installing a tool like xrandr ? > > Xrandr works only for X. I've skimmed wscons(4), wsdisplay(4), > wsconscfg(8), wsconsctl(8), nothing about rotation... In -current, the console is rotated counter-clockwise if the display isn't already upright: https://marc.info/?l=openbsd-cvs=150266331224832=2 https://marc.info/?l=openbsd-cvs=150300131911666=2 This behaviour is hard-coded and cannot be configured. It helps machines which need counter-clockwise rotation, but is not ideal because some machines need clockwise rotation instead. There are plans to auto-detect and use the correct rotation required in the future.
Re: Installer hangs - "already acking lease"
> Can you post the dmesg? Yes. And more. Full output from sendbug below. > Does 6.0 or 6.1 release work? Yes and yes. >Synopsis:dhclient in 6.2 snapshot bsd.rd installer hangs >Category:system upgrade >Environment: System : OpenBSD 6.1 Details : OpenBSD 6.1 (GENERIC) #291: Sat Apr 1 13:49:08 MDT 2017 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC Architecture: OpenBSD.i386 Machine : i386 >Description: >How-To-Repeat: >Fix: dmesg: OpenBSD 6.1 (GENERIC) #291: Sat Apr 1 13:49:08 MDT 2017 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 Mobile CPU 1.80GHz ("GenuineIntel" 686-class) 1.80 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PERF real mem = 2146852864 (2047MB) avail mem = 2093019136 (1996MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: date 05/15/03, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.3 @ 0xf7690 (61 entries) bios0: vendor Dell Computer Corporation version "A09" date 05/15/2003 bios0: Dell Computer Corporation Latitude C640 acpi0 at bios0: rev 0 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP acpi0: wakeup devices LID_(S3) PBTN(S4) PCI0(S3) UAR1(S3) USB0(S1) USB1(S1) USB2(S1) MODM(S3) PCIE(S3) MPCI(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (AGP_) acpiprt2 at acpi0: bus 2 (PCIE) acpiprt3 at acpi0: bus -1 (MPCI) acpipwrres0 at acpi0: PADA, resource for ADPT acpitz0 at acpi0: critical temperature is 99 degC acpiac0 at acpi0: AC unit online acpibat0 at acpi0: BAT0 model "LIP8120DLP" serial 5184 type LION oem "Sony Corp." acpibat1 at acpi0: BAT1 not present acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: PBTN acpibtn2 at acpi0: SBTN "PNP0F13" at acpi0 not configured "PNP0303" at acpi0 not configured "PNP0700" at acpi0 not configured "PNP0501" at acpi0 not configured "PNP0401" at acpi0 not configured acpidock0 at acpi0: GDCK not docked (0) acpivideo0 at acpi0: VID_ bios0: ROM list: 0xc/0xf000 0xcf000/0x800! 0xcf800/0x800! cpu0 at mainbus0: (uniprocessor) mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Intel 82845 Host" rev 0x04 intelagp0 at pchb0 agp0 at intelagp0: aperture at 0xe800, size 0x400 ppb0 at pci0 dev 1 function 0 "Intel 82845 AGP" rev 0x04 pci1 at ppb0 bus 1 radeondrm0 at pci1 dev 0 function 0 "ATI Radeon Mobility M7" rev 0x00 drm0 at radeondrm0 radeondrm0: irq 11 uhci0 at pci0 dev 29 function 0 "Intel 82801CA/CAM USB" rev 0x02: irq 11 ppb1 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x42 pci2 at ppb1 bus 2 xl0 at pci2 dev 0 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 11, address 00:08:74:48:40:d6 exphy0 at xl0 phy 24: 3Com internal media interface cbb0 at pci2 dev 1 function 0 "TI PCI1420 CardBus" rev 0x00: irq 11 cbb1 at pci2 dev 1 function 1 "TI PCI1420 CardBus" rev 0x00: irq 11 ath0 at pci2 dev 3 function 0 "Atheros AR2413" rev 0x01: irq 11 ath0: AR2413 7.8 phy 4.5 rf 5.6 eeprom 5.2, WOR3W, address 00:16:cf:53:07:71 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 4 device 0 cacheline 0x8, lattimer 0x20 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 5 device 0 cacheline 0x8, lattimer 0x20 pcmcia1 at cardslot1 ichpcib0 at pci0 dev 31 function 0 "Intel 82801CAM LPC" rev 0x02 pciide0 at pci0 dev 31 function 1 "Intel 82801CAM IDE" rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0:ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 auich0 at pci0 dev 31 function 5 "Intel 82801CA/CAM AC97" rev 0x02: irq 11, ICH3 ac97: codec id 0x4352595b (Cirrus Logic CS4205 rev 3) ac97: codec features mic channel, tone, simulated stereo, bass boost, 20 bit DAC, 18 bit ADC, SRS 3D audio0 at auich0 "Intel 82801CA/CAM Modem" rev 0x02 at pci0 dev 31 function 6 not configured usb0 at uhci0: USB revision 1.0 uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0: console keyboard pms0 at pckbc0 (aux slot) wsmouse0 at pms0 mux 0 wsmouse1 at pms0 mux 0 pms0: Synaptics touchpad, firmware 5.9 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 vscsi0 at root scsibus2 at vscsi0: 256
Re: FF vs. Chrome/Chromium
> Firefox has W^X compliance and so runs with the secure defaults. it uses page aliasing, which is a shitty way of being compliant > The latest Firefox (Not ESR as mtier provides) has recently had > sandboxing for Windows and Linux added and legacy extensions will be > phased out. > > It is therefore likely possible to add pledge patches without depending > on upstream and so Firefox could become the clear winner. you really shouldn't be promising that to anyone. it might not happen, their design might not allow it. pledge in giant programs is very rare. chrome got LUCKY, and there is no evidence that firefox will also. n> > Otherwise you have to decide for yourself. I'm not sure any browsers > code quality is Good or which is better, which would be an important > factor. > > Neither are particularly good at privacy but Firefox does allow > clearing data on exit and has better extensions. > 1
Re: routing problem with wordpress and external and internal traffic
hi, Am 27.09.2017 um 15:59 schrieb x9p: I am supposing its Apache because you did not said so. no it's of course a httpd from OpenBSD You are right, httpd. my bad. I am used to Linux world. the problem here is the for internal traffic to somehow rewirite the url to a internal ip with some lines in the server part of the httpd.conf (dont know if this is possible) We know packets are being changed by pf rules when coming from outside world. From inside network, there is a URL transformation that represents the problem are facing . well if I do stuff on the internal nic I could do things to these packages too but this should be the smaller problem here. where is the URL rewrite being done? .htaccess or in another part? I believe this is the first step to search for. If it is in the .htaccess, that is the simpler solution in my point of view. well since .htaccess has nothing to do with httpd of Openbsd rewrites could be possible in relayd (maybe) od as I stated maybe in the sever definition in httpd.conf. or to somehow get the traffic rerouted wen it hits the firewall in a pf rule or rules I believe mix routing/pf rules with URL rewriting makes the problem complex, should be a simple solution. cheers. x9p regards -- Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: Can I rotate the framebuffer (e.g. using wsdisplay) in OpenBSD?
On Wed, 27 Sep 2017, Francois Pussaultwrote: > maybe installing a tool like xrandr ? Xrandr works only for X. I've skimmed wscons(4), wsdisplay(4), wsconscfg(8), wsconsctl(8), nothing about rotation...
Re: routing problem with wordpress and external and internal traffic
>> I am supposing its Apache because you did not said so. >> > > no it's of course a httpd from OpenBSD > You are right, httpd. my bad. I am used to Linux world. > the problem here is the for internal traffic to somehow rewirite the > url to a internal ip with some lines in the server part of the > httpd.conf (dont know if this is possible) > We know packets are being changed by pf rules when coming from outside world. From inside network, there is a URL transformation that represents the problem are facing . where is the URL rewrite being done? .htaccess or in another part? I believe this is the first step to search for. If it is in the .htaccess, that is the simpler solution in my point of view. > or to somehow get the traffic rerouted wen it hits the firewall in a pf > rule or rules I believe mix routing/pf rules with URL rewriting makes the problem complex, should be a simple solution. cheers. x9p
Re: Installer hangs - "already acking lease"
Can you post the dmesg? Does 6.0 or 6.1 release work? On Wed, Sep 27, 2017 at 5:45 AM, Eivind Eidewrote: > 2017-09-11 16:05 GMT+02:00 Eivind Eide : > > Trying to upgrade this old machine with i386 snapshot bsd.rd from > > 2017-09-11. bsd.rd boots ok, but after fscheck it tries to get dhcp. > > After "DHCPOFFER from 192.168.1.1 (mac-address)" it just waits, > > nothing more happens. > > > > On the router, running OBSD 6.1 -stable it says: > > dhcpd: DHCPDISCOVER from (mac-address) via vether0 > > dhcpd: DHCPDISCOVER from (mac-address via vether0 > > dhcpd: already acking lease 192.168.1.32 > > dhcpd: DHCPOFFER on 192.168.1.32 to (mac-address) via vether0 > > > > ...And i get no further. Any clues? > > > > Still this problem with all bsd.rd from snapshots. Latest tried bsd.rd > from i386 snapshot 2017-09-26. > dhclient in bsd.rd don't get lease, it just hangs. > I tried to bypass my own router (OBSD 6.1 -stable) and plug the cable > directly into my ISPs cable modem, as to test with their DHCP server. > Same result. > I've also tried to drop to the shell in bsd.rd and test dhclient. It just > hangs. > The only clue I have is from my own router: "already acking lease > 192.168.1.32". Whatever that means. > Googeling have brought me no further. > > If I don't find any clues on this I can't update OpenBSD anymore. > > > -- > > > > Eivind Eide > > "ONLY THOSE WHO ATTEMPT THE IMPOSSIBLE WILL ACHIEVE THE ABSURD" > - Oceania Association of Autonomous Astronauts > >
Re: FF vs. Chrome/Chromium
On Wed, 27 Sep 2017 14:49:19 +0200 > Hi there! > > Last night I enjoyed reading through the different presentation > slides from EuroBSDcon 2017. > > Relating to Theo's presentation on 'Pledge and > Privsep' (https://www.openbsd.org/papers/eurobsdcon2017-pledge.pdf) > he states that firefox cannot be pledged while "chrome was strongly > pledged in <1 week". > > I assume that this actually is 'chromium', right? Disregarding any > addons, is it valid to say that for OpenBSD users chromium is "safer" > than FF as the latter is not pledgeable? I believe mtier provides updates for firefox ESR and not chromium. Chromium has pledges patched in because it was structured for sandboxing. Firefox has W^X compliance and so runs with the secure defaults. The latest Firefox (Not ESR as mtier provides) has recently had sandboxing for Windows and Linux added and legacy extensions will be phased out. It is therefore likely possible to add pledge patches without depending on upstream and so Firefox could become the clear winner. Otherwise you have to decide for yourself. I'm not sure any browsers code quality is Good or which is better, which would be an important factor. Neither are particularly good at privacy but Firefox does allow clearing data on exit and has better extensions.
Re: routing problem with wordpress and external and internal traffic
Hi, Am 27.09.2017 um 13:33 schrieb x9p: Hi there, Hi I have a small problem getting a wordpress instance, that works with ips in the url, to work from the internal net. So here ist the setup a webserver for some application behind a Openbsd Firewall (webbserver is openBSD 6.0) I have a static ip for my external nic and the wordpress I am supposing its Apache because you did not said so. no it's of course a httpd from OpenBSD So question now is, is it possible to route the way from inside to the outside and back without inventing the wheel new or is it simpler just to let the webserver listen to the diffrent port too? I hope it makes sense to someone to give me a push in the right direction I think its lacking some information, but supposing your wordpress installation is redirecting based on .htaccess rules under httpd I would include a rule to not rewrite the URL based on source IP (if internal, do not apply .htaccess rule of URL rewrite) the problem here is the for internal traffic to somehow rewirite the url to a internal ip with some lines in the server part of the httpd.conf (dont know if this is possible) or to somehow get the traffic rerouted wen it hits the firewall in a pf rule or rules something like: https://unix.stackexchange.com/questions/44129/conditional-directoryindex-based-on-ip-address-using-htaccess cheers. x9p regards -- Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: httpd+relayd behind a proxy
Manuel Giraudwrites: > Hi, > > I have a website that is served with httpd+relayd behind a proxy (that I > don't control). The said proxy is responsible for the public side TLS > handshake with clients and I serve with relayd TLS and a local httpd > without TLS. > > The problem is that I end up serving "mixed content" because the > $_SERVER[HTTPS] variable is not set. What would be the best (easier) way > to have this variable set? Reply to self: All I had to do was to listen with tls on in httpd.conf and do a "forward with tls to" in relayd.conf (BTW thanks for those great man pages!) -- Manuel Giraud
Re: Can I rotate the framebuffer (e.g. using wsdisplay) in OpenBSD?
maybe installing a tool like xrandr ? > > From:> Sent: Wed Sep 27 12:30:37 CEST 2017 > To: > Subject: Can I rotate the framebuffer (e.g. using wsdisplay) in OpenBSD? > > > Hi, > > Can I rotate the screenbuffer +90, -90, 180 degrees? > > Some computers and displays have hardware output prerotated, which needs to > be corrected on the OS level. In all cases X has whole-screen rotation > support I think. > > Thanks, > Tinker Cordialement Francois Pussault 10 chemin de négo saoumos apt 202 - bat 2 31300 Toulouse +33 6 17 230 820 fpussa...@contactoffice.fr
FF vs. Chrome/Chromium
Hi there! Last night I enjoyed reading through the different presentation slides from EuroBSDcon 2017. Relating to Theo's presentation on 'Pledge and Privsep' (https://www.openbsd.org/papers/eurobsdcon2017-pledge.pdf) he states that firefox cannot be pledged while "chrome was strongly pledged in <1 week". I assume that this actually is 'chromium', right? Disregarding any addons, is it valid to say that for OpenBSD users chromium is "safer" than FF as the latter is not pledgeable? Just curious. STEFAN
Re: routing problem with wordpress and external and internal traffic
> Hi there, Hi > > I have a small problem getting a wordpress instance, that works with ips > in the url, to work from the internal net. > > So here ist the setup > > a webserver for some application behind a Openbsd Firewall (webbserver > is openBSD 6.0) I have a static ip for my external nic and the wordpress I am supposing its Apache because you did not said so. > So question now is, is it possible to route the way from inside to the > outside and back without inventing the wheel new or is it simpler just > to let the webserver listen to the diffrent port too? > > I hope it makes sense to someone to give me a push in the right direction > I think its lacking some information, but supposing your wordpress installation is redirecting based on .htaccess rules under httpd I would include a rule to not rewrite the URL based on source IP (if internal, do not apply .htaccess rule of URL rewrite) something like: https://unix.stackexchange.com/questions/44129/conditional-directoryindex-based-on-ip-address-using-htaccess cheers. x9p
Re: Crypto softraid is supported on GPT/UEFI boot and not just on BIOS/MBR boot, right?
On Wed, Sep 27, 2017 at 10:31:22AM -, ti...@openmailbox.org wrote: > probing: pc0 mem[572K 56K 495M 1455M 5M 6144M] > disk: hd0* hd1* hd2 sr0* > >> OpenBSD/amd64 BOOTX64 3.32 > open(hd0a:/etc/boot.conf): Invalid Argument > boot> > > > This error may be because OpenBSD creating "boot.conf" within the FAT32 EFI > system boot volume actually crates "bo~1.con", which is not resolved as > "boot.conf" by OpenBSD's BOOTX64 EFI loader program? - boot.conf has nothing to do with it. softraid boot is handled independently from boot.conf. > How do I instruct BOOTX64 to boot from sr0a:/boot ? What's odd is that you have a bootable sr0 but the boot loader still tries hd0 instead. That looks like a bug. Usually sr0 should be tried in this situation. I don't know the solution. Perhaps try re-running installboot? FWIW, this all works fine for me on a thinkpad helix2.
Re: X710 10Gb card not configured
On Wed, Sep 27, 2017 at 03:53:26AM -0700, James A. Peltier wrote: > - On 26 Sep, 2017, at 20:25, Jonathan Gray j...@jsg.id.au wrote: > > | On Tue, Sep 26, 2017 at 05:35:40PM -0700, James A. Peltier wrote: > |> Hi Misc, > |> > |> I am running the latest OpenBSD snapshot and it appears that the 10Gb > cards that > |> we have in the unit aren't recognized or configured properly. I had a > look at > |> pcidevs and pcidevs.h files in src/dev/pci and it appears that the device > |> should be found as > |> > |> src/sys/dev/pcidevs > |> product INTEL X710_10G_SFP 0x1572 X710 SFP+ > |> > |> src/sys/dev/pcidevs.h > |> #definePCI_PRODUCT_INTEL_X710_10G_SFP 0x1572 /* X710 SFP+ */ > |> > |> > |> I have attached a pcidump -v below hoping someone might resolve this issue. > |> Please let me know if there is anything else I can provide and when I > might be > |> able to try another snapshot. > | > | There is currently no driver in the tree for Intel X710/XL710 10Gb/40Gb. > > Can I get a recommendation on a comparable 10Gb/40Gb card that will work? > Specific card or model numbers so I can get them in ASAP I suspect most people are using the Intel based cards supported by ix(4) for 10GbE (https://man.openbsd.org/ix.4). There are no drivers for any 40GbE parts.
Re: X710 10Gb card not configured
- On 26 Sep, 2017, at 20:25, Jonathan Gray j...@jsg.id.au wrote: | On Tue, Sep 26, 2017 at 05:35:40PM -0700, James A. Peltier wrote: |> Hi Misc, |> |> I am running the latest OpenBSD snapshot and it appears that the 10Gb cards that |> we have in the unit aren't recognized or configured properly. I had a look at |> pcidevs and pcidevs.h files in src/dev/pci and it appears that the device |> should be found as |> |> src/sys/dev/pcidevs |> product INTEL X710_10G_SFP 0x1572 X710 SFP+ |> |> src/sys/dev/pcidevs.h |> #define PCI_PRODUCT_INTEL_X710_10G_SFP 0x1572 /* X710 SFP+ */ |> |> |> I have attached a pcidump -v below hoping someone might resolve this issue. |> Please let me know if there is anything else I can provide and when I might be |> able to try another snapshot. | | There is currently no driver in the tree for Intel X710/XL710 10Gb/40Gb. Can I get a recommendation on a comparable 10Gb/40Gb card that will work? Specific card or model numbers so I can get them in ASAP -- James A. Peltier IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 604-365-6432 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices Twitter : @sfu_rcg Powering Engagement Through Technology
Re: Installer hangs - "already acking lease"
2017-09-11 16:05 GMT+02:00 Eivind Eide: > Trying to upgrade this old machine with i386 snapshot bsd.rd from > 2017-09-11. bsd.rd boots ok, but after fscheck it tries to get dhcp. > After "DHCPOFFER from 192.168.1.1 (mac-address)" it just waits, > nothing more happens. > > On the router, running OBSD 6.1 -stable it says: > dhcpd: DHCPDISCOVER from (mac-address) via vether0 > dhcpd: DHCPDISCOVER from (mac-address via vether0 > dhcpd: already acking lease 192.168.1.32 > dhcpd: DHCPOFFER on 192.168.1.32 to (mac-address) via vether0 > > ...And i get no further. Any clues? > Still this problem with all bsd.rd from snapshots. Latest tried bsd.rd from i386 snapshot 2017-09-26. dhclient in bsd.rd don't get lease, it just hangs. I tried to bypass my own router (OBSD 6.1 -stable) and plug the cable directly into my ISPs cable modem, as to test with their DHCP server. Same result. I've also tried to drop to the shell in bsd.rd and test dhclient. It just hangs. The only clue I have is from my own router: "already acking lease 192.168.1.32". Whatever that means. Googeling have brought me no further. If I don't find any clues on this I can't update OpenBSD anymore. -- Eivind Eide "ONLY THOSE WHO ATTEMPT THE IMPOSSIBLE WILL ACHIEVE THE ABSURD" - Oceania Association of Autonomous Astronauts
Re: Crypto softraid is supported on GPT/UEFI boot and not just on BIOS/MBR boot, right?
>> On Wed, Sep 27, 2017 at 08:06:15AM -, ti...@openmailbox.org wrote: [..] > How do I instruct BOOTX64 to boot from sr0a:/boot ? (Sorry typo, this should read "How do I instruct BOOTX64 to boot from sr0a:/bsd ?", however sr0a:/bsd was spelled correctly above so it was clear enough already.)
Re: Crypto softraid is supported on GPT/UEFI boot and not just on BIOS/MBR boot, right?
> On Wed, Sep 27, 2017 at 08:06:15AM -, ti...@openmailbox.org wrote: >> Hi! >> >> Crypto softraid is supported on GPT/UEFI boot and not just on BIOS/MBR boot, >> right? >> >> It's supposed to work exactly the same way, just out of the box, the boot >> code will ask for typed password or keydisk, right? >> >> Thanks, >> Tinker > > http://www.openbsd.org/faq/faq14.html#softraid Dear Stefan, Thanks for responding - yes thanks for the obvious reference. For making GPT booting work at all with OpenBSD, the "-b 960" argument to "fdisk -ig" that's mentioned on the FAQ page, is instrumental, as "fdisk -ig" only creates a GPT partitioning table whereas booting requires an EFI system boot partition too, and fdisk creates that one only when "-b 960" is specified. About automatic softraid unpacking on boot, the answer I found was that: Yes, it is supported, but I think the boot order when booting softraid crypto on GPT/UEFI is different from on MBR/boot. I think on MBR/BIOS boot, the setup is that OpenBSD's MBR sector reads some reserved subsequent sectors, which contain the unpacking code which ask you for password/keydisk, and then unpacks the softraid, which will in turn contain the boot code, which reads boot.conf . In GPT/UEFI boot, OpenBSD's boot sequence is different: The host system's UEFI firmware will load the /efi/boot/bootx64.efi file, which tries to load the boot.conf file and then boot the system. Unfortunately, bootx.64.efi does not get the idea of trying to boot sr0a:/bsd , but just tries hd0a:/bsd and then fails. I tried to feed it with a boot.conf file by doing mount /dev/sd0i /mnt; mkdir -p /mnt/etc; echo "boot sr0a:/bsd" >> /mnt/etc/boot.conf , however this has no effect on the boot process, it still says the same as when the file was not there: probing: pc0 mem[572K 56K 495M 1455M 5M 6144M] disk: hd0* hd1* hd2 sr0* >> OpenBSD/amd64 BOOTX64 3.32 open(hd0a:/etc/boot.conf): Invalid Argument boot> This error may be because OpenBSD creating "boot.conf" within the FAT32 EFI system boot volume actually crates "bo~1.con", which is not resolved as "boot.conf" by OpenBSD's BOOTX64 EFI loader program? - How do I instruct BOOTX64 to boot from sr0a:/boot ? Also is this in the manual yet, where? Thanks! Tinker
Can I rotate the framebuffer (e.g. using wsdisplay) in OpenBSD?
Hi, Can I rotate the screenbuffer +90, -90, 180 degrees? Some computers and displays have hardware output prerotated, which needs to be corrected on the OS level. In all cases X has whole-screen rotation support I think. Thanks, Tinker
Re: blank password w/out password prompt
Awesome! Thank you! 2017-09-26 16:50 GMT+03:00 Alfred Morgan: > > Can I login without password prompt? > > Sure. Copy and paste as root: > > echo quicklogin:lo=/usr/local/bin/quicklogin:tc=9600-baud: > >> /etc/gettytab > printf '#!/bin/sh\nexec /usr/bin/login -f $*\n' > /usr/local/bin/quicklogin > chmod +x /usr/local/bin/quicklogin > patch /etc/ttys << \. > @@ -7 +7 @@ > -ttyC0 "/usr/libexec/getty std.9600" vt220 on secure > +ttyC0 "/usr/libexec/getty quicklogin" vt220 on secure > . > kill -HUP 1 > > -- > -alfred >
routing problem with wordpress and external and internal traffic
Hi there, I have a small problem getting a wordpress instance, that works with ips in the url, to work from the internal net. So here ist the setup a webserver for some application behind a Openbsd Firewall (webbserver is openBSD 6.0) I have a static ip for my external nic and the wordpress instance uses the external ip in the site url. Additionally I have to use a diffrent port then https because there is a proxy server listining for some other application. While reaching the site from the outsite world is no problem because its simple redirect to the webserver and the wordpress instance has the url saved it becomes kinda tricky to reach the wordpress instance from the inside. in the internal net the webserver is listens on port 80 and 443 so I can reach it from the inside but then the wordpress instance is rewiriting the url to a port that isnt 443 becuase from the outsideworld it expects a diffrent port. So question now is, is it possible to route the way from inside to the outside and back without inventing the wheel new or is it simpler just to let the webserver listen to the diffrent port too? I hope it makes sense to someone to give me a push in the right direction regards -- Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: Crypto softraid is supported on GPT/UEFI boot and not just on BIOS/MBR boot, right?
On Wed, Sep 27, 2017 at 08:06:15AM -, ti...@openmailbox.org wrote: > Hi! > > Crypto softraid is supported on GPT/UEFI boot and not just on BIOS/MBR boot, > right? > > It's supposed to work exactly the same way, just out of the box, the boot > code will ask for typed password or keydisk, right? > > Thanks, > Tinker http://www.openbsd.org/faq/faq14.html#softraid
Crypto softraid is supported on GPT/UEFI boot and not just on BIOS/MBR boot, right?
Hi! Crypto softraid is supported on GPT/UEFI boot and not just on BIOS/MBR boot, right? It's supposed to work exactly the same way, just out of the box, the boot code will ask for typed password or keydisk, right? Thanks, Tinker