obsd 4.3 NFS mount hangs server, umount -f fails

2013-04-03 Thread Jose H. 
What can be done when the NFS mount is hanged ?

Re: This is what Linus Torvalds calls openBSD crowd

2008-07-23 Thread Jose H. 
So sad the software icons like him need to use such an offensive way
of expressing simple ideas, I hope his destructive way of arguing
doesn't _encourage_the_wrong_behavior_ on more people.

2008/7/20 Sean Kennedy [EMAIL PROTECTED]:

 We need a Button.



 Reminds me of the advert in Comic Books of my youth, for Sea Monkeys,

 Maybe we need Puffy looking concerned, with Sea Monkeys facing away from the
 perspective doing something that most Prudes would find offensive..
 Nothing Obvious mind-you, just a perspective of backs of Sea Monkeys'.  Oooh
 Sea-Monkey...:-


 -sean




 http://www.sea-monkeys.com/

 http://en.wikipedia.org/wiki/Sea-Monkeys



 .
 _
 Try Chicktionary, a game that tests how many words you can form from the
 letters given. Find this and more puzzles at Live Search Games!
 http://g.msn.ca/ca55/207




--
William Penn - Time is what we want most, but what we use worst.

Re: PF + nat + 2 C classes

2008-06-29 Thread Jose H. 
That's really cool !!!
pf rulez, thanks Daniel



2008/6/29 Daniel Anderson [EMAIL PROTECTED]:

 Example pf.conf here:

 http://marc.info/?l=openbsd-miscm=120665186412690w=2

 The key is route-to and reply-to
 
 On Saturday 28 June 2008 07:29:35 pm Jose H. wrote:
  Hi all, a little help needed with some networking and pf:
  I have one public IP with forwards traffic to my LAN, I am using rdr
  and nat, a lot of nat rules for specific cases like smtp and so on, I
  am also using ftp-proxy for the crappy ftp I can't get rid of.
 
  The problem is that now I need to add IPs from another C class to my
  network, I was thinking on using another nic to assign the public IP
  of the firewall and use that nic to do the same rdr rules I need for
  the servers, and put the servers on the same lan as the rest BUT then
  I am wondering how to manage the default gateway ?
 
  For example I have the default gw in the first C class with will be
  x.x.x.1, but now I am adding y.y.y.y address to the fw, the traffic
  will get in thru the y.y.y.1 gw and I will reply using x.x.x.1 which
  may lead to lots of problems like firewalls not able to maintain the
  state of the connections and so on.
 
  How do you guys do this kind of things !?




-- 
William Penn - Time is what we want most, but what we use worst.

PF + nat + 2 C classes

2008-06-28 Thread Jose H. 
Hi all, a little help needed with some networking and pf:
I have one public IP with forwards traffic to my LAN, I am using rdr
and nat, a lot of nat rules for specific cases like smtp and so on, I
am also using ftp-proxy for the crappy ftp I can't get rid of.

The problem is that now I need to add IPs from another C class to my
network, I was thinking on using another nic to assign the public IP
of the firewall and use that nic to do the same rdr rules I need for
the servers, and put the servers on the same lan as the rest BUT then
I am wondering how to manage the default gateway ?

For example I have the default gw in the first C class with will be
x.x.x.1, but now I am adding y.y.y.y address to the fw, the traffic
will get in thru the y.y.y.1 gw and I will reply using x.x.x.1 which
may lead to lots of problems like firewalls not able to maintain the
state of the connections and so on.

How do you guys do this kind of things !?

-- 
William Penn - Time is what we want most, but what we use worst.

Re: how to clear dmesg outpout

2007-07-06 Thread Jose H. 
Kernel messages since a certain time and hide the hardware specs from users
will be achieved the same way, suppose you have a parameter for dmesg that
prints the current buffer and then clears it.

I don't think it is a silly knob, in fact it may be the only knob you can
have, dmesg holds messages/texts, you can print it, and you can clear it,
other than that may be a silly knob.

Possible uses for this ?, you bet people will find them, the whole idea of
unix is to have specialized tools you can put together to do great things,
in this case dmesg will be doing that has to do with kernel messages, but
your approach is to relay on external mechanisms to accomplish something
that dmesg can do easily, see HP-UX for example, and the fact that other
important unix flavors use this knob.

Also, consider the security factor, you can hide information from users as
Stuart pointed out.
From my stand point it is useful and appropriate, if you have to rewrite
kernel code it may otherwise.


On 7/5/07, Stuart Henderson [EMAIL PROTECTED] wrote:

 On 2007/07/05 06:42, Nick Holland wrote:
  Yes, there are benefits to looking at the change in the dmesg.  I do NOT
  like the idea of CLEARING this most valuable resource,
 however.  Whatever
  you wish to accomplish this way can be easily accomplished in some other
  way, I think.

 The OP needs to say *what* they would like to achieve (e.g. 'only
 list kernel messages since a certain time', or 'hide the hardware spec
 from users'), rather than think up a possible way to do it (i.e.
 'clear dmesg output').




-- 
You should be the change that you want to see in the world.
- Gandhi

Re: how to clear dmesg outpout

2007-07-04 Thread Jose H. 
I think it is a pretty valid question(request?), you have to relay on
external mechanisms, like syslog, or to compare differences from previous
outputs of dmesg.

On HP-UX dmesg has the optional parameter '-' which:
  system tables overflow or the system crashes).  If the - argument is
  specified, dmesg computes (incrementally) the new messages since the
  last time it was run and places these on the standard output.  This is
  typically used with cron (see cron(1)) to produce the error log
  /var/adm/messages by running the command:

On FreeBSD and Linux it can be cleared.

I think it is a feature that can help a lot.


On 7/4/07, Nick Guenther [EMAIL PROTECTED] wrote:

 On 7/4/07, smonek [EMAIL PROTECTED] wrote:
 
  On FreeBSD i have 'sysctl kern.msgbuf_clear'  bu OpenBSD don't
  have this options

 find a clean one here: /var/run/dmesg.boot

 HTH,

 Timo
   
This now work
  
   cool! :)
  sorry not work :-(

 I think what he's getting at is that there's no way to clear the dmesg
 buffer, but that if you need a clean dmesg from-boot, you can open
 /var/run/dmesg.boot

 Why do you need to clear the dmesg?




-- 
You should be the change that you want to see in the world.
- Gandhi

Re: ssh and sudo, password not hidden

2007-07-01 Thread Jose H. 
Because it is not necessarily needed, tty allocation may require other tasks
like logging the user to wtmp* or creating job control and you may only need
to run the command and get the result as if it where a file to read from.

Btw, you can use the ssh's  -T  to log into a server and not to be
noticed.  :-D


On 7/1/07, Tom Van Looy [EMAIL PROTECTED] wrote:

 Oke, problem solved. But, why doesn't this flag get set implicitly when
 using a command with ssh?


 Chris Cohen wrote:
  On Saturday 30 June 2007 19:31, Tom Van Looy wrote:
  Hi
 
  Today I used sudo as command to ssh and it echoed my sudo password.
 
  [EMAIL PROTECTED] ~]
  $ ssh soekris sudo pfctl -s state
  [EMAIL PROTECTED]'s password:
  Password:secret_in_echo
   output of pfctl /
  [EMAIL PROTECTED] ~]
  $
 
  I don't see anything about this in the manpage so I think this not
  expected behaviour. Normally I ssh from an Ubuntu box to the firewall,
  but to be sure, I ssh-ed to localhost on the openbsd box and I got the
  same result. What's wrong?
 
  Add -t to your ssh command:
   -t  Force pseudo-tty allocation.  This can be used to execute
 arbi-
   trary screen-based programs on a remote machine, which can
 be
   very useful, e.g. when implementing menu
 services.  Multiple -t
   options force tty allocation, even if ssh has no local tty.




-- 
You should be the change that you want to see in the world.
- Gandhi

pf syntax question

2007-06-23 Thread Jose H. 

Can anybody tell me what is wrong with this rules ?

pass on $ext_if inet proto tcp port $servicios_baseline_tcp flags S/SA
keep state
pass on $ext_if inet proto udp port $servicios_baseline_udp
keep state
pass on $ext_if inet proto icmp icmptype $servicios_baseline_icmp
keep state

Thanks.

--
You should be the change that you want to see in the world.
   - Gandhi

Re: pf syntax question

2007-06-23 Thread Jose H. 

Thanks, one more question, What is the difference between:

rdr on $ext_if proto tcp from any to $pubip - $privip
and
binat on $ext_if from $privip to any - $pubip

Do I need both ?

Thanks.


On 6/23/07, Ryan McBride [EMAIL PROTECTED] wrote:

On Sat, Jun 23, 2007 at 09:50:36PM -0600, Jose H. wrote:
 Can anybody tell me what is wrong with this rules ?

Is it source port or destination port? You're missing 'from any' or 'to
any' at least, and for a good security policy you should explicitly
specify source and/or destination IP addresses whenever possible.

Also, if this is 4.1 you don't need 'keep state' and 'flags S/SA',
they're on by default.

 pass on $ext_if inet proto tcp port $servicios_baseline_tcp flags S/SA
 keep state
 pass on $ext_if inet proto udp port $servicios_baseline_udp
 keep state
 pass on $ext_if inet proto icmp icmptype $servicios_baseline_icmp
 keep state





--
You should be the change that you want to see in the world.
   - Gandhi

PF binat question

2007-06-08 Thread Jose H. 

If I want to mask one server, will this be enough:

PRIV = 192.168.1.100
PUB = 24.5.0.6

binat on tl0 from $PRIV to any  - $PUB

?


--
You should be the change that you want to see in the world.
   - Gandhi