DNS and PF

2007-06-17 Thread Bray Mailloux 

Hello Everyone;

dmz_ip=192.168.1.1
dmz_block=192.168.1.0/24
#DNS 1
scarlett=192.168.1.2
pub_scarlett=64.142.102.9
#DNS 2
shelly=192.168.1.3
pub_shelly=64.142.102.10
#WWW 1
www_ip=192.168.1.4
pub_www=64.142.102.11


#Normalizing
scrub in all

#NAT and Binat
nat on rl0 from $int_block to any - $ext_ip
binat on rl0 from $scarlett to any - $pub_scarlett
binat on rl0 from $shelly to any - $pub_shelly
binat on rl0 from $www_ip to any - $pub_www

#Redirection
rdr on rl1 proto tcp from any to $pub_www port 80 - $www_ip

#Default block policy
block all

#Anti-spoofing
block in quick from urpf-failed

#vr0 traffic
pass in on vr0 proto tcp from $int_block to any port 6112
pass in on vr0 proto tcp from $int_block to any port 80
pass in on vr0 proto tcp from $int_block to 207.212.58.16
pass in on vr0 proto tcp from $int_block to any port 443
pass in on vr0 proto tcp from $int_block to any port 5190
pass in on vr0 proto { udp, icmp } from $int_block to any

#pass in all
#pass out all

#rl1 traffic
pass in on rl1 proto { tcp, udp } from $dmz_block port 1024:65535 to any 
port 53

pass in on rl1 proto icmp from $scarlett to any
pass in on rl1 proto tcp from $www_ip to any port 80
pass in on rl1 proto { udp, icmp } from $www_ip to any

#rl0 traffic
pass out on rl0 proto { tcp, udp, icmp } all modulate state


# ifconfig -A
rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:50:bf:3a:2e:66
   groups: egress
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
   inet 64.142.102.8 netmask 0xff00 broadcast 64.142.102.255
   inet6 fe80::250:bfff:fe3a:2e66%rl0 prefixlen 64 scopeid 0x1
   inet 64.142.102.9 netmask 0x broadcast 64.142.102.9
   inet 64.142.102.10 netmask 0x broadcast 64.142.102.10
   inet 64.142.102.11 netmask 0x broadcast 64.142.102.11
rl1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:13:46:30:0b:b2
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
   inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255
   inet6 fe80::213:46ff:fe30:bb2%rl1 prefixlen 64 scopeid 0x2

I'm currently running DJBDNS 1.05 and cannot resolve my NS records 
whenever my PF firewall is on a default blocking policy. The commened 
line, rl1 traffic, contains the pass rule for any DNS traffic, but, even 
with that line, I cannot resolve the NS records.
Whenever the pass in all and pass out all rules are set and loaded, DNS 
resolves just fine so it would seem that, somewhere in my rules, a 
problem exists. Anyone who is familiar with PF or DNS and has a thought 
on how to solve this problem, their input is much appreciated.


Thank you;
Bray.

WWW to go public, if pf would let me

2007-06-09 Thread Bray Mailloux 

Hello Everyone;

# ifconfig -A
rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:50:bf:3a:2e:66
   groups: egress
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
   inet6 fe80::250:bfff:fe3a:2e66%rl0 prefixlen 64 scopeid 0x1
   inet 64.142.102.8 netmask 0xff00 broadcast 64.142.102.255
   inet 64.142.102.9 netmask 0xff00 broadcast 64.142.102.255
   inet 64.142.102.10 netmask 0xff00 broadcast 64.142.102.255
   inet 64.142.102.11 netmask 0xff00 broadcast 64.142.102.255
rl1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:13:46:30:0b:b2
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
   inet6 fe80::213:46ff:fe30:bb2%rl1 prefixlen 64 scopeid 0x2
   inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255
vr0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:19:5b:3d:12:12
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
   inet6 fe80::219:5bff:fe3d:1212%vr0 prefixlen 64 scopeid 0x3
   inet 192.168.0.1 netmask 0xff00 broadcast 192.168.0.255

# cat /etc/pf.conf
#   $OpenBSD: pf.conf,v 1.31 2006/01/30 12:20:31 camield Exp $
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

#Macros

# 192.168.0.1 subnet
ext_ip=64.142.102.8
int_ip=192.168.0.1
int_block=192.168.0.0/24
#DMZ subnet
#Interface
dmz_ip=192.168.1.1
dmz_block=192.168.1.0/24
#DNS 1
scarlett=192.168.1.2
pub_scarlett=64.142.102.9
#DNS 2
shelly=192.168.1.3
pub_shelly=64.142.102.10
#WWW 1
www_ip=192.168.1.4
pub_www=64.142.102.11
#DMZ Services
services={ domain, www, smtp, }
#Normalizing
scrub in all

#NAT and Binat
nat on rl0 from $int_block to any - $ext_ip
binat on rl0 from $scarlett to any - $pub_scarlett
binat on rl0 from $shelly to any - $pub_shelly
binat on rl0 from $www_ip to any - $pub_www

#Redirection
rdr on rl1 proto tcp from any to 64.142.102.11 port 80 - $www_ip port 8000
rdr on rl1 proto udp from any to any port domain - $shelly
rdr on rl1 proto udp from any to any port domain - $scarlett

#Default block policy
block all

#Anti-spoofing
block in quick from urpf-failed

#vr0 traffic
pass in on vr0 proto tcp from $int_block to any port 6112
pass in on vr0 proto tcp from $int_block to any port 80
pass in on vr0 proto tcp from $int_block to 207.212.58.16 port 25
pass in on vr0 proto { udp, icmp } from $int_block to any

#rl1 traffic
pass in log on rl1 proto tcp from $dmz_block to $www_ip port 80
pass in log on rl1 proto udp from $dmz_block to $shelly port domain
pass in log on rl1 proto udp from $dmz_block to $scarlett port domain
pass out on rl1 proto tcp from $www_ip to any port 80
pass out on rl1 proto udp from $shelly to any port domain
pass out on rl1 proto udp from $scarlett to any port domain

#rl0 traffic
pass in on rl0 inet proto { tcp, udp } all modulate state
pass out on rl0 proto { tcp, udp, icmp } all modulate state
pass in log on rl0 proto tcp from any to $www_ip port 80
pass in log on rl0 proto udp from any to $shelly port domain
pass in log on rl0 proto udp from any to $scarlett port domain

#dmesg
OpenBSD 4.1 (GENERIC) #1435: Sat Mar 10 19:07:45 MST 2007
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III (GenuineIntel 686-class) 931 MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE

real mem  = 401108992 (391708K)
avail mem = 357941248 (349552K)
using 4278 buffers containing 20180992 bytes (19708K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 10/14/00, BIOS32 rev. 0 @ 0xfd8a0
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xfd8a0/0x760
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf50/144 (7 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xa000
acpi at mainbus0 not configured
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82810E rev 0x03: rng active, 7Kb/sec
vga1 at pci0 dev 1 function 0 Intel 82810E Graphics rev 0x03: aperture 
at 0xf800, size 0x400

wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb0 at pci0 dev 30 function 0 Intel 82801AA Hub-to-PCI rev 0x02
pci1 at ppb0 bus 1
rl0 at pci1 dev 11 function 0 Realtek 8139 rev 0x10: irq 5, address 
00:50:bf:3a:2e:66

rlphy0 at rl0 phy 0: RTL internal PHY
rl1 at pci1 dev 13 function 0 D-Link Systems 530TX+ rev 0x10: irq 9, 
address 00:13:46:30:0b:b2

rlphy1 at rl1 phy 0: RTL internal PHY
vr0 at pci1 dev 14 function 0 VIA VT6105 RhineIII rev 0x86: irq 10, 
address

Re: How to run and manage a DNS server.

2007-06-07 Thread Bray Mailloux 

Tom Van Looy wrote:

http://lifewithdjbdns.org (henning@ wrote this ;-)
It's not about bind but it has stuff about mysql and ISP-Environments.

So it may be of your interest.


Sam Fourman Jr. wrote:
well here is a question, I was wondering if there would be anyway to 
make

OpenBSD based DNS
 servers have a PostgreSQL backend. (I know there will be a 
performance hit)


and does anyone know of a gtk front end for DNS management? or maybe 
a web

based solution that is just DNS not like a full install of webmin.


Sam Fourman Jr.

On 6/6/07, Open Phugu [EMAIL PROTECTED] wrote:

On 6/6/07, Bray Mailloux [EMAIL PROTECTED] wrote:

Hello;

This is my first time managing anything larger than a simple dhcp 
or pf
box and I'm wondering if there is anyone available on this list who 
can
answer a few questions I have concerning the creation and 
management of

DNS servers.

Give us details of what you want to accomplish and your questions.





Everyone;

Wow, thanks for all the information, I really appreciate it.

Thanks, again;
Bray.

Re: Bidirectional translation for DNS and WWW servers

2007-06-06 Thread Bray Mailloux 

Matt Rowley wrote:

rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:50:bf:3a:2e:66
   groups: egress
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
   inet 64.142.102.8 netmask 0xff00 broadcast 64.142.102.255
   inet6 fe80::250:bfff:fe3a:2e66%rl0 prefixlen 64 scopeid 0x1



  

binat on rl0 from $scarlett to any - $pub_scarlett
binat on rl0 from $shelly to any - $pub_shelly
binat on rl0 from $www_ip to any - $pub_www



the external addresses you're pointing to in your binat statements, you have
them configured as aliases to your external interface (rl0), right?
(one can't tell from ifconfig output unless you run 'ifconfig rl0' explicitly)

--Matt



  
No, I did not. I removed them in the past for reasons unknown. Thank you 
for your help, everyone.

Bidirectional translation for DNS and WWW servers

2007-06-05 Thread Bray Mailloux 

Misc Users;

I'm having NAT problems; could someone examine my pf file and make some 
recommendations?

(Yes, Nat is well documented. I'm not here because of issues with clarity.
Thanks;
Bray.  



PS: My pf.conf file
#Macros

# 192.168.0.1 subnet
ext_ip=64.142.102.8
int_ip=192.168.0.1
int_block=192.168.0.0/24
#DMZ subnet
#Interface
dmz_ip=192.168.1.1
#DNS 1
scarlett=192.168.1.2
pub_scarlett=64.142.102.9
#DNS 2
shelly=192.168.1.3
pub_shelly=64.142.102.10
#WWW 1
www_ip=192.168.1.4
pub_www=64.142.102.11
#Normalizing
#scrub in all
table natclients { $int_ip, !$scarlett, !$shelly, !$www_ip }

#NAT and Binat
nat on rl0 from $int_block to any - $ext_ip
nat on rl0 from $scarlett to any - $pub_scarlett
nat on rl0 from $shelly to any - $pub_shelly
nat on rl0 from $www_ip to any - $pub_www

#Default block policy
#block all

#Anti-spoofing
#block in quick from urpf-failed

#Traffic passing through
pass in all
#pass out all

#External interfaces
#pass in on rl0 inet proto { tcp, udp } all modulate state
pass out on rl0 proto { tcp, udp, icmp } all modulate state

SSH-login is slow to connect with remote computer

2007-06-03 Thread Bray Mailloux 

Hello;

I'm experiencing some network trouble. Two problems exist and they are 
as thus; My DNS server, which has the ip 192.168.1.2, which is 
translated through my router to 64.142.102.10, cannot connect to the 
internet. And, whenever puTTY attempts to remote control the server, the 
login process is very slow between inputting the user name then password.

My gut tells me the problems may be related.

My pf rules on my router are as such:
#   $OpenBSD: pf.conf,v 1.31 2006/01/30 12:20:31 camield Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

#Macros
ext_ip=64.142.102.8
local_int_ip=192.168.0.1
local_int_block=192.168.0.0/24
dmz_ip=192.168.1.1
dmz_block={ 192.168.1.1, 192.168.1.2, 192.168.1.3, 192.168.1.4, 
192.168.1.5 }

dmz_www_ip=64.142.102.9
local_www_ip=192.168.1.4
#DNS Server
dmz_scarlett_ip=64.142.102.10
dmz_shelly_ip=64.142.102.11
local_scarlett_ip=192.168.1.2
local_shelly_ip=192.168.1.3
dmz_qmail_ip=64.142.102.12
local_qmail_ip=192.168.1.4
tcp_services= ( ssh, smtp, domain, www, pop3 )
udp_services= ( domain )

#normalizing
#scrub in all

#NAT and Binat
nat on rl0 from $local_int_block to any - $ext_ip
binat on rl0 from $local_www_ip to any - $dmz_www_ip
binat on rl0 from $local_scarlett_ip to any - $dmz_scarlett_ip
binat on rl0 from $local_shelly_ip to any - $dmz_shelly_ip
binat on rl0 from $local_qmail_ip to any - $dmz_qmail_ip

#Default block policy
#block all

#Anti-spoofing
#block in quick from urpf-failed

#Traffic passing through
pass in all
pass out all


#External interfaces
#pass in on rl0 inet proto { tcp, udp } all modulate state
#pass out on rl0 proto { tcp, udp, icmp } all modulate state

The block and external interface rules are commented for troubleshooting 
operations as I've been working with this problem to try and resolve it.

Re: SSH-login is slow to connect with remote computer

2007-06-03 Thread Bray Mailloux 

Bray Mailloux wrote:

Hello;

I'm experiencing some network trouble. Two problems exist and they are 
as thus; My DNS server, which has the ip 192.168.1.2, which is 
translated through my router to 64.142.102.10, cannot connect to the 
internet. And, whenever puTTY attempts to remote control the server, 
the login process is very slow between inputting the user name then 
password.

My gut tells me the problems may be related.

My pf rules on my router are as such:
#   $OpenBSD: pf.conf,v 1.31 2006/01/30 12:20:31 camield Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or 
net.inet6.ip6.forwarding=1

# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

#Macros
ext_ip=64.142.102.8
local_int_ip=192.168.0.1
local_int_block=192.168.0.0/24
dmz_ip=192.168.1.1
dmz_block={ 192.168.1.1, 192.168.1.2, 192.168.1.3, 192.168.1.4, 
192.168.1.5 }

dmz_www_ip=64.142.102.9
local_www_ip=192.168.1.4
#DNS Server
dmz_scarlett_ip=64.142.102.10
dmz_shelly_ip=64.142.102.11
local_scarlett_ip=192.168.1.2
local_shelly_ip=192.168.1.3
dmz_qmail_ip=64.142.102.12
local_qmail_ip=192.168.1.4
tcp_services= ( ssh, smtp, domain, www, pop3 )
udp_services= ( domain )

#normalizing
#scrub in all

#NAT and Binat
nat on rl0 from $local_int_block to any - $ext_ip
binat on rl0 from $local_www_ip to any - $dmz_www_ip
binat on rl0 from $local_scarlett_ip to any - $dmz_scarlett_ip
binat on rl0 from $local_shelly_ip to any - $dmz_shelly_ip
binat on rl0 from $local_qmail_ip to any - $dmz_qmail_ip

#Default block policy
#block all

#Anti-spoofing
#block in quick from urpf-failed

#Traffic passing through
pass in all
pass out all


#External interfaces
#pass in on rl0 inet proto { tcp, udp } all modulate state
#pass out on rl0 proto { tcp, udp, icmp } all modulate state

The block and external interface rules are commented for 
troubleshooting operations as I've been working with this problem to 
try and resolve it.




DNS resolution does seem probably, neither DNS computers nor my WWW 
computer can ping their respective name servers, but the ssh connection 
that exists between my computer and the servers is still shaky besides 
the long response time. For instance, the servers sometimes unexpectedly 
close the connections. Do you have any other ideas?

4.0 and 4.1 issues

2007-06-02 Thread Bray Mailloux 

Hello;

Are there any network issues or problems that are known to exist between 
the 4.0 packet filter and 4.1 systems trying to access the internet or 
communicate across the network? I'm having a large ammount of trouble 
getting my 4.1 computers to communicate with others on my network.

Re: NAT with PF

2007-05-16 Thread Bray Mailloux 

Jonathan A. Lindsey wrote:

Here is what mine reads:
nat on fxp0 inet from 192.168.0.0/24 to any - 69.254.129.192

BradenM - Sonoma Computer wrote:
  

Hi;

My knowledge of PF has grown a tad but, despite whatever I may or may-not have
learned, NAT still does not seem to be functioning and my internal lan
computers cannot access the internet.

The NAT rule is as such:
pfctl -sn
nat on rl0 inet from 192.168.0.0/24 to 192.168.0.1 - 64.142.102.8

The computers on my workgroup are receiving dynamic addresses from rl1, an
ethernet card in my OpenBSD box.
Ip fowarding is enabled in /etc/sysctl.conf and pf=YES in /etc/rc.conf

I greatly appreciate any help in resolving this issue. If any further details
are required to diagnose the problem, please contact me by email at
[EMAIL PROTECTED]

Thank you;
Bray



[demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a 
name of jlindsey.11442DEFANGED-vcf]



  

Everyone;

Thank you for the quick response. I reviewed the messages and used the 
advice from all posts to develop a solution that has solved my lack of 
internet problem.


Thank you;
Bray

DJBDNS woes

2007-05-03 Thread Bray Mailloux 
So, I recently installed daemontools, ucspi and djbdns. But, to my 
demise, after compiling the source and configuring the system, I've 
found that the directory /service/tinydns/root does not exist!

Have anyone experienced a similar problem?

default routes

2007-04-23 Thread Bray Mailloux 
I'm setting up an OpenBSD box and need some advice on what my setup 
should reflect.


I have static ip address, specifically 64.142.102.8 which is going to be 
used as a primary internet connection for my home network. There are 
three ethernet cards in my box; rl0 will be the external card, rl1 will 
be the internal card with dhcpd enabled.


Nat will need to be used, correct? However, in the past, I've been using 
configurations that have yielded no results so my desperation is 
reaching the point of baldness.


Please help,
Bray.

Static Ip's: Routing and Fowarding

2007-04-17 Thread Bray Mailloux 
I have one static ip address which is assigned to one of my ethernet 
cards, specifically rl0. Ip fowarding is turned on and dhcp is active 
and listening on another ethernet card, specifically rl1.
Route and routed man pages have offered some tidbits of information but 
not enough to answer my troubleshooting questions. For example, dhcp is 
distributed address and internal network computers are receiving the 
dynamic address but cannot resolve any name servers or an internet 
connection.


Now, I'm new to setting up networks and OpenBSD but feel like this is as 
good an opportunity to learn the system from the ground up.


Here is some system information to guide anyone along.
rl0 = 64.142.102.8
rl1 = 192.168.0.1
workgroup client #1 = dynamic 192.168.1.20

dhcpd.conf
shared-network LOCAL-NET {
   option domain-name theamericanbray.com;
   option domain-name-servers 208.204.224.11, 208.204.224.33;

   subnet 192.168.0.0 netmask 255.255.0.0 {
  option routers 192.168.0.1;

  range 192.168.0.14 192.168.0.23;
   }
}

Routing Table

Internet:
Destination Gateway  Flags  Refs 
Use Mtu Interface
64.142.102/24   link#1UC  1   
0   -rl0
allen  00:50:bf:3a:2e:66   UHLc  1   
 0   - lo0
localhost localhost   UH   0   
033224  lo0
192.168.0/24link#2UC   1
   0  -  rl1
192.168.0.1allen   UGHS   0
   0  - rl0
192.168.0.20  00:0d:61:03:8f:f6UHLc 0  
20   -   rl1


To recap, my workgroup clients using dynamic addressing cannot use the 
internet.


Please and Thank You  

PS. I want ipv6 turned off and if anyone has a link to using IPsec on 
OpenBSD in the form of some tutorial would be just dynamite. Explosive, 
ya know? Potentially dangerous. Red. Bang.


Bye,
Love, Bray.

Re: Static Ip's: Routing and Fowarding

2007-04-17 Thread Bray Mailloux 

BradenM - Sonoma Computer wrote:
- Original Message - From: Bryan Vyhmeister 
[EMAIL PROTECTED]

To: Bray Mailloux [EMAIL PROTECTED]
Cc: misc@openbsd.org
Sent: Tuesday, April 17, 2007 9:08 AM
Subject: Re: Static Ip's: Routing and Fowarding



On Apr 17, 2007, at 8:30 AM, Bray Mailloux wrote:
Shouldn't the internet connection be passed around to other hosts  
on the network without the use of nat and pf? Ip forwarding is on,  
isn't that enough? I'm just trying to get the internet connection  
out to other computers, filtering comes afterwards.


No. You can't do that without using all publicly routable IP  
addresses (no 192.168.0.0/16, 172.16.0.0/12, or 10.0.0.0/8). NAT is  
Network Address Translation and has nothing to do with filtering.


Basically nat takes connections from 192.168.0.0/24 (your internal  
network) and sends them out as if they were actually coming from  
64.142.102.8 and then keeps track so that when data comes back from  
other places, it actually keeps track of who asked for what and then  
puts the internal IP address back in the destination. The PF FAQ has  
an excellent explanation of how NAT works in more details:


http://www.openbsd.org/faq/pf/nat.html

In any case, you have to use NAT in the scenario. There are some  
examples in pf.conf that you can use but the basic idea is:


set ext_if=rl0 and int_if=rl1 at the top of pf.conf and then use the  
following nat statement near the examples:


nat on $ext_if from ($int_if) - ($ext_if:0)

This is basically saying translate at the external interface (rl0)  
for anything coming from addresses on the internal interface (rl1)  
and use the external interface public IP address.


Add those changes to pf.conf and then run these commands:

pfctl -f /etc/pf.conf
pfctl -e

Don't forget to fix the netmask typo in dhcpd.conf and then you  
should be off and running. Sorry if the explanation was too basic 
and  you already understand most of this. In any case, I hope this 
answers  the question.


Bryan


Thank you for your help.


OK, I've tried your nat rule and am using a completely open pass rule to 
allow in all traffic but cannot ping the internet. Any other ideas? What 
are some trouble shooting techniques I could try?

Re: Printing using a network printer

2007-04-03 Thread Bray Mailloux 

Darren Spruell wrote:

On 4/2/07, Darren Spruell [EMAIL PROTECTED] wrote:

On 4/2/07, Bray Mailloux [EMAIL PROTECTED] wrote:
 With cups installed, I've run the lpadmin command to install a network
 printing but the console returns this error:

 Unable to connect to server: connection refused.

 I believe its because there is no port open for the printing and
 computer to communicate through. So, my question is how do I open a 
port

 for cups and get them  to talk?

 I'm using an HP laserjet 2200dn with PCL 6.

You probably need to start cupsd. It should open a TCP port on 636.


Scratch that, cupsd uses port 631. Typo...

DS


Well, the printer is installed and now, whenever a test page is spooled, 
cups will cancel it and offers this message via the web administration tool:


client-error-not-possible

To Theo De Radt, if he is listening.

2007-04-02 Thread Bray Mailloux 
The picture on your main website contains a number of servers of various 
models and makes, however, most of them have labels, but the smallest of 
the computers cannot be made out.


What are they?

Printing using a network printer

2007-04-02 Thread Bray Mailloux 
With cups installed, I've run the lpadmin command to install a network 
printing but the console returns this error:


Unable to connect to server: connection refused.

I believe its because there is no port open for the printing and 
computer to communicate through. So, my question is how do I open a port 
for cups and get them  to talk?


I'm using an HP laserjet 2200dn with PCL 6.

Re: OpenBSD webserver partitioning schemes

2007-03-24 Thread Bray Mailloux 

Bray Mailloux wrote:

Mispunt wrote:

I don't think it is a good idea to do that when you want to use PHP
and some sort of database.
PHP requires a /tmp and I would put that on a seperate partition.
Beside that I think it is also a good idea to give the database a 
partition.

The rest of /var/www could be on the same partition.

On 3/23/07, Bray Mailloux [EMAIL PROTECTED] wrote:

I'm not too knowledgeable in the security arena so this question may
prompt flogging.

My server has three hard drives, one contains the OpenBSD system and 
the
other two are blank and will be a raid mirror of the /var/www 
directory.
Is it wise to give over the entire drive for the mount point 
/var/www or

should I not be assigning mount points to entire drives?


Well, I'm using a raid mirror to store all of my http and database 
data and a seperate disk to house my openbsd installation. Are you 
certain that I should not just have the database and http data stored 
on the raid mirror on two seperate partitions?

Re: OpenBSD webserver partitioning schemes

2007-03-24 Thread Bray Mailloux 

Mispunt wrote:

My suggestion would be this:
1 disk - OpenBSD install

raid disks:
1 partition - /var/mysql
1 partition - /var/www


On 3/24/07, Bray Mailloux [EMAIL PROTECTED] wrote:

Bray Mailloux wrote:
 Mispunt wrote:
 I don't think it is a good idea to do that when you want to use PHP
 and some sort of database.
 PHP requires a /tmp and I would put that on a seperate partition.
 Beside that I think it is also a good idea to give the database a
 partition.
 The rest of /var/www could be on the same partition.

 On 3/23/07, Bray Mailloux [EMAIL PROTECTED] wrote:
 I'm not too knowledgeable in the security arena so this question may
 prompt flogging.

 My server has three hard drives, one contains the OpenBSD system and
 the
 other two are blank and will be a raid mirror of the /var/www
 directory.
 Is it wise to give over the entire drive for the mount point
 /var/www or
 should I not be assigning mount points to entire drives?


 Well, I'm using a raid mirror to store all of my http and database
 data and a seperate disk to house my openbsd installation. Are you
 certain that I should not just have the database and http data stored
 on the raid mirror on two seperate partitions?


Ok, my next question is: Do my disks need any sort of special labeling 
through disklabel to use RAID?

OpenBSD webserver partitioning schemes

2007-03-22 Thread Bray Mailloux 
I'm not too knowledgeable in the security arena so this question may 
prompt flogging.


My server has three hard drives, one contains the OpenBSD system and the 
other two are blank and will be a raid mirror of the /var/www directory. 
Is it wise to give over the entire drive for the mount point /var/www or 
should I not be assigning mount points to entire drives?

make build crashing

2007-03-21 Thread Bray Mailloux 
I am updating my 4.0 system to the latest ~stable build and each time my 
make build is crashing. What information should I post in order to 
insure maximum clarity with the problem?

An introduction of sorts

2007-03-21 Thread Bray Mailloux 
The name's Bray. So far, I've been a windows technician for a little 
under a year. My first computer was a Mac SE which resided in my mothers 
room, it had a Shareware version of Carbon Copy and proved somewhat 
entertaining.
The name OpenBSD has floated around my vernacular for some time, but 
only in reference to types of operating systems or whenever someone 
mentioned open-source. To be Frank, (you can be Jim), I'm a new kid on 
the block and would like to be introduced to the community in a formal 
sense; which is why I'm writing this letter in hopes of become embedded 
in the community as opposed to another face in the crowd.
Anyhow, its nice to meet you all and I would shake your hand but that 
appears impossible as I cannot yet fax or email my hand.


Bray (\/).
[EMAIL PROTECTED]

Daylight savings fix with OpenNTPD

2007-03-20 Thread Bray Mailloux 
Have a patch been issued? It might just be the time servers, but date is 
reporting 11:04:31 when it is 12:05.

DHCP server issues.

2007-02-25 Thread Bray Mailloux 
I've been toying with the DHCP server options but cannot seem to bring 
up the process; everytime I run ps there is no dhcpd process to be found 
and no computers on my network are pulling down addresses from the server.

My DHCPD.conf file looks as such.

-bash-3.1# nano /etc/dhcpd.conf
 GNU nano 1.2.5File: /etc/dhcpd.conf

#   $OpenBSD: dhcpd.conf,v 1.1 1998/08/19 04:25:45 form Exp $
#
# DHCP server options.
# See dhcpd.conf(5) and dhcpd(8) for more information.
#

# Network:  192.168.1.0/255.255.255.0
# Domain name:  none
# Name servers: 68.94.156.1 and 68.94.157.1
# Default router:   192.168.1.1
# Addresses:192.168.1.20 - 192.168.1.35
#
shared-network LOCAL-NET {
   option domain-name example.com;
   option domain-name-servers 68.94.156.1, 68.94.157.1;

   subnet 192.168.1.0 netmask 255.255.255.0 {
   option routers 192.168.1.1;
   range 192.168.1.20 192.168.1.35;
   }
}

And my interfaces are configured as such.

cat /etc/hostname.rl0   External interface
inet 192.168.1.2255.255.255.0   NONE

cat /etc/hostname.rl1  Internal Interface
192.168.1.3   255.255.255.0  


nano rc.conf.local reads as such
dhcpd_flags=

Save ports

2007-02-20 Thread Bray Mailloux 

I ran an nmap -sS localhost which output

port state service
13/tcp  open  daytime
22/tcp  open  ssh
25/tcp  open  smtp
37/tcp  open  time
53/tcp  open  domain
113/tcpopen  auth 
587/tcpopen  submission


This BSD box will be serving solely as a router so few of the above 
services are needed (submission, auth, domain, smtp). How do I begin 
closing down these services?

Kernel Compile errors

2007-02-13 Thread Bray Mailloux 
I installed cvsup and ran cvsup -g -L 2 cvsup-file-src (my configuration 
file). Afterwards, I began the compile process using

make clean  make depend  make  make install .
However, when the commands were running, this returned:

rm -f bsd
ld -Ttext 0xD0200120 -e start -N -S -x -o bsd ${SYSTEM_OBJ} vers.o
text   data   bss   dec   hex
5298463   217920   867984  6384367   616aef
rm -f/obsd
ln/bsd   /obsd
ln:   /obsd: Operation not permitted
***   Error code 1