obsd 4.3 NFS mount hangs server, umount -f fails
What can be done when the NFS mount is hanged ?
Re: This is what Linus Torvalds calls openBSD crowd
So sad the software icons like him need to use such an offensive way of expressing simple ideas, I hope his destructive way of arguing doesn't _encourage_the_wrong_behavior_ on more people. 2008/7/20 Sean Kennedy [EMAIL PROTECTED]: We need a Button. Reminds me of the advert in Comic Books of my youth, for Sea Monkeys, Maybe we need Puffy looking concerned, with Sea Monkeys facing away from the perspective doing something that most Prudes would find offensive.. Nothing Obvious mind-you, just a perspective of backs of Sea Monkeys'. Oooh Sea-Monkey...:- -sean http://www.sea-monkeys.com/ http://en.wikipedia.org/wiki/Sea-Monkeys . _ Try Chicktionary, a game that tests how many words you can form from the letters given. Find this and more puzzles at Live Search Games! http://g.msn.ca/ca55/207 -- William Penn - Time is what we want most, but what we use worst.
Re: PF + nat + 2 C classes
That's really cool !!! pf rulez, thanks Daniel 2008/6/29 Daniel Anderson [EMAIL PROTECTED]: Example pf.conf here: http://marc.info/?l=openbsd-miscm=120665186412690w=2 The key is route-to and reply-to On Saturday 28 June 2008 07:29:35 pm Jose H. wrote: Hi all, a little help needed with some networking and pf: I have one public IP with forwards traffic to my LAN, I am using rdr and nat, a lot of nat rules for specific cases like smtp and so on, I am also using ftp-proxy for the crappy ftp I can't get rid of. The problem is that now I need to add IPs from another C class to my network, I was thinking on using another nic to assign the public IP of the firewall and use that nic to do the same rdr rules I need for the servers, and put the servers on the same lan as the rest BUT then I am wondering how to manage the default gateway ? For example I have the default gw in the first C class with will be x.x.x.1, but now I am adding y.y.y.y address to the fw, the traffic will get in thru the y.y.y.1 gw and I will reply using x.x.x.1 which may lead to lots of problems like firewalls not able to maintain the state of the connections and so on. How do you guys do this kind of things !? -- William Penn - Time is what we want most, but what we use worst.
PF + nat + 2 C classes
Hi all, a little help needed with some networking and pf: I have one public IP with forwards traffic to my LAN, I am using rdr and nat, a lot of nat rules for specific cases like smtp and so on, I am also using ftp-proxy for the crappy ftp I can't get rid of. The problem is that now I need to add IPs from another C class to my network, I was thinking on using another nic to assign the public IP of the firewall and use that nic to do the same rdr rules I need for the servers, and put the servers on the same lan as the rest BUT then I am wondering how to manage the default gateway ? For example I have the default gw in the first C class with will be x.x.x.1, but now I am adding y.y.y.y address to the fw, the traffic will get in thru the y.y.y.1 gw and I will reply using x.x.x.1 which may lead to lots of problems like firewalls not able to maintain the state of the connections and so on. How do you guys do this kind of things !? -- William Penn - Time is what we want most, but what we use worst.
Re: how to clear dmesg outpout
Kernel messages since a certain time and hide the hardware specs from users will be achieved the same way, suppose you have a parameter for dmesg that prints the current buffer and then clears it. I don't think it is a silly knob, in fact it may be the only knob you can have, dmesg holds messages/texts, you can print it, and you can clear it, other than that may be a silly knob. Possible uses for this ?, you bet people will find them, the whole idea of unix is to have specialized tools you can put together to do great things, in this case dmesg will be doing that has to do with kernel messages, but your approach is to relay on external mechanisms to accomplish something that dmesg can do easily, see HP-UX for example, and the fact that other important unix flavors use this knob. Also, consider the security factor, you can hide information from users as Stuart pointed out. From my stand point it is useful and appropriate, if you have to rewrite kernel code it may otherwise. On 7/5/07, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/07/05 06:42, Nick Holland wrote: Yes, there are benefits to looking at the change in the dmesg. I do NOT like the idea of CLEARING this most valuable resource, however. Whatever you wish to accomplish this way can be easily accomplished in some other way, I think. The OP needs to say *what* they would like to achieve (e.g. 'only list kernel messages since a certain time', or 'hide the hardware spec from users'), rather than think up a possible way to do it (i.e. 'clear dmesg output'). -- You should be the change that you want to see in the world. - Gandhi
Re: how to clear dmesg outpout
I think it is a pretty valid question(request?), you have to relay on external mechanisms, like syslog, or to compare differences from previous outputs of dmesg. On HP-UX dmesg has the optional parameter '-' which: system tables overflow or the system crashes). If the - argument is specified, dmesg computes (incrementally) the new messages since the last time it was run and places these on the standard output. This is typically used with cron (see cron(1)) to produce the error log /var/adm/messages by running the command: On FreeBSD and Linux it can be cleared. I think it is a feature that can help a lot. On 7/4/07, Nick Guenther [EMAIL PROTECTED] wrote: On 7/4/07, smonek [EMAIL PROTECTED] wrote: On FreeBSD i have 'sysctl kern.msgbuf_clear' bu OpenBSD don't have this options find a clean one here: /var/run/dmesg.boot HTH, Timo This now work cool! :) sorry not work :-( I think what he's getting at is that there's no way to clear the dmesg buffer, but that if you need a clean dmesg from-boot, you can open /var/run/dmesg.boot Why do you need to clear the dmesg? -- You should be the change that you want to see in the world. - Gandhi
Re: ssh and sudo, password not hidden
Because it is not necessarily needed, tty allocation may require other tasks like logging the user to wtmp* or creating job control and you may only need to run the command and get the result as if it where a file to read from. Btw, you can use the ssh's -T to log into a server and not to be noticed. :-D On 7/1/07, Tom Van Looy [EMAIL PROTECTED] wrote: Oke, problem solved. But, why doesn't this flag get set implicitly when using a command with ssh? Chris Cohen wrote: On Saturday 30 June 2007 19:31, Tom Van Looy wrote: Hi Today I used sudo as command to ssh and it echoed my sudo password. [EMAIL PROTECTED] ~] $ ssh soekris sudo pfctl -s state [EMAIL PROTECTED]'s password: Password:secret_in_echo output of pfctl / [EMAIL PROTECTED] ~] $ I don't see anything about this in the manpage so I think this not expected behaviour. Normally I ssh from an Ubuntu box to the firewall, but to be sure, I ssh-ed to localhost on the openbsd box and I got the same result. What's wrong? Add -t to your ssh command: -t Force pseudo-tty allocation. This can be used to execute arbi- trary screen-based programs on a remote machine, which can be very useful, e.g. when implementing menu services. Multiple -t options force tty allocation, even if ssh has no local tty. -- You should be the change that you want to see in the world. - Gandhi
pf syntax question
Can anybody tell me what is wrong with this rules ? pass on $ext_if inet proto tcp port $servicios_baseline_tcp flags S/SA keep state pass on $ext_if inet proto udp port $servicios_baseline_udp keep state pass on $ext_if inet proto icmp icmptype $servicios_baseline_icmp keep state Thanks. -- You should be the change that you want to see in the world. - Gandhi
Re: pf syntax question
Thanks, one more question, What is the difference between: rdr on $ext_if proto tcp from any to $pubip - $privip and binat on $ext_if from $privip to any - $pubip Do I need both ? Thanks. On 6/23/07, Ryan McBride [EMAIL PROTECTED] wrote: On Sat, Jun 23, 2007 at 09:50:36PM -0600, Jose H. wrote: Can anybody tell me what is wrong with this rules ? Is it source port or destination port? You're missing 'from any' or 'to any' at least, and for a good security policy you should explicitly specify source and/or destination IP addresses whenever possible. Also, if this is 4.1 you don't need 'keep state' and 'flags S/SA', they're on by default. pass on $ext_if inet proto tcp port $servicios_baseline_tcp flags S/SA keep state pass on $ext_if inet proto udp port $servicios_baseline_udp keep state pass on $ext_if inet proto icmp icmptype $servicios_baseline_icmp keep state -- You should be the change that you want to see in the world. - Gandhi
PF binat question
If I want to mask one server, will this be enough: PRIV = 192.168.1.100 PUB = 24.5.0.6 binat on tl0 from $PRIV to any - $PUB ? -- You should be the change that you want to see in the world. - Gandhi