vlan trunking OpenBSD/Cisco switch
Hello, Is it posible to do vlan trunking between an OpenBSD and a cisco switch? I know you can create vlan interfaces in OpenBSD but how would they be trunk with the switch? In the physical interface (hostname.fxp1) i should just put 'up'? Do you have to set some kind of native vlan here? Example: $ cat /etc/hostname.fxp1 up $ cat /etc/hostname.vlan0 inet 172.21.0.31 255.255.255.0 NONE vlan 2 vlandev fxp1 I don't have a spare box to test this right now, so any guidelines, advice or tips on how to this would be greatly apreciated as i have to do this overnight. Thanks Der
Re: How to track down a suspected memory leak?
Is anyone still getting crashes after patch 4 in 4.2? On Dec 2, 2007 9:06 AM, Rolf Sommerhalder [EMAIL PROTECTED] wrote: On Nov 25, 2007 5:22 PM, David Higgs [EMAIL PROTECTED] wrote: Is this possibly the same memory leak mentioned below? http://marc.info/?l=openbsd-miscm=119572453509542w=2 Thanks for your pointer! Indeed, this patch/errata appears to have sqashed the memory leak. A patched kernel did not loose memory since Monday anymore. Thanks again, Rolf
mysql + phpmyadmin
Hi, Installed mysql+phpmyadmin on OBSD 4.0, when doing http://host/phpMyAdmin/index.php i get the following error: #2002 - The server is not responding (or the local MySQL server's socket is not correctly configured) I can connect remotely just fine using mysql query browser tool, anyone have had this problem? any ideas on how to resolve it? I tried #httpd -u but same error. Thanks, Der
Re: OBSD: OS Of The Rad
Umnada, Did you get his point? On 1/4/07, Umnada Tyrolla [EMAIL PROTECTED] wrote: I came here to compute, to help inanimate machines do so, well. -this list, more than any other resource (including my old favorite google.com/bsd) got me where I was going. The OS -how long will it last? I hope forever. But nothing lasts forever. I do have an old host that's been up for 1,248 days without reboot, i'm sure there are those on this list with longer. First of all, not everyone likes to share how long, but thanks. Secondly, I think it's not the duration of up-time but rather cpu usage time which says what kind of machine you have. You know what I mean? CPU usage (on a user machine, not some bragbox) says what kind of software and hardware stresses have been going. I've got over 5,961,600 seconds of cpu usage on this machine. And it's not all pf, spamassassin and mplayer. Not all.
PF question.
Hi,
I have the below rule set in my firewall, both internal networks can
access the Internet and both internal networks can see each other, how
can i prevent each internal network from seeing each other? I have
tried various rule sets with no luck, any advice is appreciated.
Thanks,
Der
# macros
ext_if=fxp0
int_if=xl0
int_if2=bge0
tcp_services={ 22, 113 }
icmp_types=echoreq
# options
set block-policy return
set loginterface $ext_if
set skip on lo
# scrub
scrub in
# nat/rdr
nat on $ext_if from !($ext_if) - ($ext_if:0)
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021
# filter rules
block in
pass out keep state
anchor ftp-proxy/*
antispoof quick for { lo $int_if }
pass in on $ext_if inet proto tcp from any to ($ext_if) \
port $tcp_services flags S/SA keep state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass quick on $int_if
pass quick on $int_if2
Re: iwi0 connection frustration
Did you install the firmware? On 11/28/06, Vim Visual [EMAIL PROTECTED] wrote: Hi, I am still testing a crashbox (not bad, from zero to a full OpenBSD system including port trees in less than a week, my first OpenBSD system :) ) but I have now an issue with the wlan connection. The card is an Intel PRO/Wireless 2200BG First of all: I have read the man pages (good boy, good boy! arf, arf!) My net: nwid: pepitogrillo nwkey: eltrenloco (hahaha!) I have pkg_add'ed the damien firmware. But still I cannot connect. My command line is sudo ifconfig iwi0 nwkey eltrenloco nwid pepitogrillo (I hope that the order of the factors doesn't alter the product! Is iwi an abelian group? ) and then sudo dhclient iwi0 After the first DHCPDISCOVER on iwi0 to 255.255.255.255 I get send_packet: No buffer space available, this goes on some 12 times and then No DHCPOFFERS received and No working leases in presistent database - sleeping I cannot show you dmesg because, as a matter of fact, the crashbox doesn't have connection :) And I don't feel like typping everything! Trying it via /etc/hostname.iwi0 doesn't help Any hint? (I am sure yes!) thanks in advance, Pau PS: The send_packet: No buffer space available disappears after a sudo ifconfig iwi0 down, sudo ifwonfig iwi0 up
How much traffic can it route?
Hi, I have a doubt about if OpenBSD/PF can NAT 40Mbits with a simple rule set and like 60 redirects. The box has a xeon proc and two integrated NICs, one fxp and a bge, can it handle it? Thanks
FTP problem
Hi, Having this ftp problem with a 3.9 box, the box has one external interface and two internal interfaces each one for different subnets, the PF conf is very simple, my problem is after a while clients can't access ftp, in either subnet, rebooting the box fixes the problem but then after a while happens again, have no idea on how to fix without rebooting, was wondering if anyone has had this problem? Maybe some issue in the new ftp-proxy? Is there a way to restart ftp-proxy without rebooting the box? Thanks.
Re: FTP problem
Ok, i ran ftp-proxy command and ftp access started working again for
the clients, that solves the rebooting part :)
my pf.conf:
# macros
ext_if=fxp0
int_if=xl0
int_if2=bge0
both={xl0 bge0}
tcp_services={ 22 80 113 }
icmp_types=echoreq
# options
set block-policy return
set loginterface $ext_if
set skip on lo
# scrub
scrub in
# nat/rdr
nat on $ext_if from !($ext_if) - ($ext_if:0)
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr pass on $both proto tcp to port ftp - 127.0.0.1 port 8021
# filter rules
block in
pass out keep state
anchor ftp-proxy/*
antispoof quick for { lo $int_if $int_if2}
pass in on $ext_if inet proto tcp from any to ($ext_if) \
port $tcp_services flags S/SA keep state
pass in on $ext_if inet proto tcp from any to $comp3 port 80 \
flags S/SA synproxy state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass quick on $int_if
pass quick on $int_if2
On 11/3/06, Tito Mari Francis Escaqo [EMAIL PROTECTED] wrote:
Maybe you should show your pf.conf so you can be given more accurate
advise. Thanks!
On 11/4/06, Der Engel [EMAIL PROTECTED] wrote:
Hi,
Having this ftp problem with a 3.9 box, the box has one external
interface and two internal interfaces each one for different subnets,
the PF conf is very simple, my problem is after a while clients can't
access ftp, in either subnet, rebooting the box fixes the problem but
then after a while happens again, have no idea on how to fix without
rebooting, was wondering if anyone has had this problem? Maybe some
issue in the new ftp-proxy? Is there a way to restart ftp-proxy
without rebooting the box?
Thanks.
--
Tito Mari Francis H. Escaqo
Computer Engineer and Free Software Proponent
Re: vmware keyboard problem.
VMware Workstation 3.2.1 is like a bit old don't you think? On 11/1/06, Albert Hooper Hooper [EMAIL PROTECTED] wrote: Hi there; I am running the VMware Workstation 3.2.1 on OpenBSD. Unfortunaly, i receive a error message,that says: Failed to determine language-specific keyboard mapping. Please see web page http://www.vmware.com/support/; for more information. Failed to initialize mouse-keyboard-screen control. My keyboard map is abnt-2. thanks, Albert.
Re: NOD32 Antivirus and OpenBSD?
lol? On 10/24/06, Leonardo Rodrigues [EMAIL PROTECTED] wrote: Hello everyone, I'm thinking on purchasing this NOD32 anti-virus solution from ESET.COM and use it here at work. I really want to use it with OpenBSD, since every other server machine runs OpenBSD as well. The problem is that eset.com claims that their product will run on Linux and FreeBSD, they say nothing about OpenBSD. I've heard rumors of NOD32 being also able to run on OpenBSD, but I *think* that was for earlier versions of NOD32. I'm not very fond of rumors, so I came here to ask your opinion about it. Does anyone here have any experience with NOD32 and OpenBSD? Or another really good antivirus that I may consider? Thanks in advance, Leonardo Rodrigues -- An OpenBSD user... and that's all you need to know =)
Re: OpenBSD Wireless Router
Get an AP and get on with your life? On 9/8/06, John Tate [EMAIL PROTECTED] wrote: * I just want to use IPsec, its probably far harder to crack anyway. I have wrote scripts and such before that do ssh encryption anyway, i could probably use that kind of tunneling on squid connections and all. * My internet connection is currently briged to the wireless link to a router with WPA. I can use this with ndiswrapper and wpa_supplicant but personally I don't think linux is secure enough. Fedora Core 5 runs extremely fast on the machine, its the router I really care about. I love OpenBSD from experience. * I want to be able to shape traffic, from a WiMax connection at 11mb and a 1.5mbit adsl connection on one machine. I can most likely do this, ill just put the different traffic on different networks (house and servers). On 9/8/06, openbsd misc [EMAIL PROTECTED] wrote: On Fri, Sep 08, 2006 at 05:00:16AM +1000, John Tate wrote: I am constantly disappointed with the lack of freedom out-of-the-box wireless routers provide. I am interested in a solution on OpenBSD, because I haven't used any Soekris device yet but you may be interested in this: http://www.soekris.com/net4511.htm A WRAP system could also be an option www.pcengines.ch I haven't tried wireless lan with openbsd because it does not support WPA. Regards Hagen Volpers -- Faced with the fact that Intelligent Design doesn't meet the criteria for a scientific theory, leading proponent redefines what a scientific theory is. Result: Astrology now a scientific theory.
ftp-proxy
Hi ! I'm using the exact pf ruleset that is in: http://www.openbsd.org/faq/pf/example1.html#allrules and my problem is that clients can't access ftp servers, I noticed this pf.conf doesn't have any rules for ftp-proxy, shouldn't there be a rule for this? Or any ideas where should i start looking for the problem? Thanks Der
Re: ftp-proxy
Its obsd 3.9, i just found the proble, ftp-proxy is manage through rc.conf now, the ftp-proxy man page doesn't say anything about this. Thanks Der On 8/22/06, Didier Wiroth [EMAIL PROTECTED] wrote: Hello, You won't get a useful answer if you don't provide useful information. 1) What version of obsd are you using? 2) Post your pf.conf? 3) Post some tcpdump -nettti pflog0 output to see what is blocked? Are you sure that you have all the required anchors (required for ftp-proxy) in your pf, check twice? (The pf rules are automatically generated and load/unloaded with the anchors) Kind regards, Didier - Original Message - From: Der Engel Date: Tuesday, August 22, 2006 20:07 Subject: ftp-proxy To: misc@openbsd.org Hi ! I'm using the exact pf ruleset that is in: http://www.openbsd.org/faq/pf/example1.html#allrules and my problem is that clients can't access ftp servers, I noticed this pf.conf doesn't have any rules for ftp-proxy, shouldn't there be a rule for this? Or any ideas where should i start looking for the problem? Thanks Der
Re: PF queueing
Tried that, didn't work. On 7/13/06, Pablo Halamaj [EMAIL PROTECTED] wrote: On 13/07/06, Der Engel [EMAIL PROTECTED] wrote: But isn't there some config or trick to do between the two interfaces to achieve this? On 7/13/06, Jeff Quast [EMAIL PROTECTED] wrote: On 7/13/06, Der Engel [EMAIL PROTECTED] wrote: Hi! I have try for several days to achieve the following goal with PF but failed repeatedly, have read all the docs also, especially this http://www.openbsd.org/faq/pf/queueing.html The goal is: To be able to set dowload/upload speeds to PC's on the lan, so far i have succed in setting dowload speeds for PC's but no luck with upload. #pass in on $ext_if from $pc to any queue pcout -- I know, wrong ;) You cannot control the speed at which packets arrive on an interface. Think about it. It may not be documented because its pretty much a duh. You should do the bandwith limit to the packet when it goes out of your box! To change the uploading of your internal network you should apply the queue to the rule: pass out on $ext_if from $pc to any queue pcout
Re: PF queueing
That rules-set design is where i'm stuck, If the upload of the pc in
the lan is obeying to the std queue if should be able to queue to
whatever speed i want, right?...
Note: Trying to set upload speeds for a pc on the lan.
# macros
ext_if=dc0
int_if=vr1
tcp_services={ 22, 113 }
icmp_types=echoreq
comp3=192.168.100.3
# options
set block-policy return
set loginterface $ext_if
set skip on lo
# scrub
scrub in
# queue
altq on $ext_if cbq bandwidth 256Kb queue { stdout pcout }
queue stdout bandwidth 192Kb cbq(default)
queue pcout bandwidth 64Kb cbq
altq on $int_if cbq bandwidth 100% queue { stdin pcin }
queue stdin bandwidth 192Kb cbq(default)
queue pcin bandwidth 64Kb cbq
# nat/rdr
nat on $ext_if from !($ext_if) - ($ext_if:0)
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021
#rdr on $ext_if proto tcp from any to any port 80 - $comp3
# filter rules
block in
pass out keep state
anchor ftp-proxy/*
antispoof quick for { lo $int_if }
pass in on $ext_if inet proto tcp from any to ($ext_if) \
port $tcp_services flags S/SA keep state
#pass in on $ext_if inet proto tcp from any to $comp3 port 80 \
#flags S/SA synproxy state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass on $int_if
pass out on $int_if from any to 192.168.100.106 queue pcin
pass out on $ext_if from 192.168.100.106 to any queue pcout
On 7/14/06, tony sarendal [EMAIL PROTECTED] wrote:
On 14/07/06, Jeff Quast [EMAIL PROTECTED] wrote:
On 7/14/06, Bernd Schoeller [EMAIL PROTECTED] wrote:
On Thu, Jul 13, 2006 at 08:53:31PM -0400, Jeff Quast wrote:
You cannot control the speed at which packets arrive on an interface.
Are you sure?
I am sure. If it sounds unreasonable, get a live firehose, and see if
you can control the amount of water received in your mouth.
I don't think your question is entirely clear.. Please note there is
also a pf mailing list http://www.benzedrine.cx/mailinglist.html . You
state you want to control the download speed on a LAN, implying all
incoming and outgoing packets are on this LAN. If this is the case put
pf+altq on each machine, and queue outgoing packets. Seems simple
enough to me.
From the faq:
PF will record the queue in the state table entry so that packets
traveling back out fxp0 that match the stateful connection will end up
in the ssh queue. Note that even though the queue keyword is being
used on a rule filtering incoming traffic, the goal is to specify a
queue for the corresponding outgoing traffic; the above rule does not
queue incoming packets.
You may not be able to control the rate the packets hit the firewall with,
but you can control the rate they exit on the other side.
Doing what you want to accomplish can be done, read the pf.conf man page
again a few times and consider that state is created for each interface.
An inbound keep state rule on one interface can specify which queue the
return packets
should end up in, and outbound keep state rule on the other side can specify
which queue the packets should use there.
Now it's all down to rule-set design, that is where the complexity, and in
the
end the strenght. of PF is.
/Tony
--
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
-= The scorpion replied,
I couldn't help it, it's my nature =-
PF queueing
Hi! I have try for several days to achieve the following goal with PF but
failed repeatedly, have read all the docs also, especially this
http://www.openbsd.org/faq/pf/queueing.html
The goal is: To be able to set dowload/upload speeds to PC's on the lan, so
far i have succed in setting dowload speeds for PC's but no luck with
upload.
In the above example i'm trying to set the dowload/upload speed to 64Kb to
pc 192.168.100.106.
Any hints, help on how to get the upload thing going?
The box runs 3.9, two interfaces, one for internet, second for lan. doing
basic natting.
Thanks.
# macros
ext_if=dc0 =
int_if=vr1
tcp_services={ 22, 113 }
icmp_types=echoreq
pc=192.168.100.106
# options
set block-policy return
set loginterface $ext_if
set skip on lo
# scrub
scrub in
# queue
altq on $ext_if cbq bandwidth 256Kb queue { stdout pcout }
queue stdout bandwidth 192Kb cbq(default)
queue pcout bandwidth 64Kb cbq
altq on $int_if cbq bandwidth 100% queue { stdin pcin }
queue stdin bandwidth 192Kb cbq(default)
queue pcin bandwidth 64Kb cbq
# nat/rdr
nat on $ext_if from !($ext_if) - ($ext_if:0)
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021
rdr on $ext_if proto tcp from any to any port 80 - $comp3
# filter rules
block in
pass out keep state
anchor ftp-proxy/*
antispoof quick for { lo $int_if }
pass in on $ext_if inet proto tcp from any to ($ext_if) \
port $tcp_services flags S/SA keep state
pass in on $ext_if inet proto tcp from any to $comp3 port 80 \
flags S/SA synproxy state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass on $int_if
pass out on $int_if from any to $pc queue pcin
#pass in on $ext_if from $pc to any queue pcout -- I know, wrong ;)
Re: PF queueing
But isn't there some config or trick to do between the two interfaces to achieve this? On 7/13/06, Jeff Quast [EMAIL PROTECTED] wrote: On 7/13/06, Der Engel [EMAIL PROTECTED] wrote: Hi! I have try for several days to achieve the following goal with PF but failed repeatedly, have read all the docs also, especially this http://www.openbsd.org/faq/pf/queueing.html The goal is: To be able to set dowload/upload speeds to PC's on the lan, so far i have succed in setting dowload speeds for PC's but no luck with upload. #pass in on $ext_if from $pc to any queue pcout -- I know, wrong ;) You cannot control the speed at which packets arrive on an interface. Think about it. It may not be documented because its pretty much a duh.
