Error building system binaries
Hi Today I got this problem when build system Binaries after do and update to 3.9 -stable using patch brand. cc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o -L/usr/src/usr.bin/ssh/sshd/../lib/obj -lssh -lgssapi -lkrb5 -lkafs -lcrypto -lutil -lz -ldes -lwrap sshd.o(.text+0x1bd): In function `grace_alarm_handler': : undefined reference to `sigdie' collect2: ld returned 1 exit status *** Error code 1 Stop in /usr/src/usr.bin/ssh/sshd (line 93 of /usr/share/mk/bsd.prog.mk). *** Error code 1 Stop in /usr/src/usr.bin/ssh. *** Error code 1 Stop in /usr/src/usr.bin. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src (line 73 of Makefile). Any Idea?? Thank you Marcos
compiling problems `-Wstack-larger-than-2047'
Hi I did an upgrade from 3.8 stable to 3.9 current ( I don't know if this is the problem ) I followed the upgrade guide, then I did an update of the source to current and ports to current. Then when I Want to recompile Kernel I got this message cc1: error: unrecognized option `-Wstack-larger-than-2047' *** Error code 1 Stop in /usr/src/sys/arch/i386/compile/GENERIC (line 715 of Makefile). Any help would be appreciated! Thank you Marcos
Re: T1 and DSL failover? redundancy?
Giancarlo: I was following the mailist and found your mail. I have a similar scenary with OpenBSD 3.8-stable. Two ADSL links with two ADSL modems working as bridge (not as router) with 3 interfaces, two external interfaces (one for each modem) and one for my internal net. Until today I can do load balancing (outgoing) but without a failover system. I manually reload pf.conf every times I need. I think that my knowledge of OBSD it's not enough. It's possible for your give a hand with this issue? I can send you any conf you need (pf.conf, ppp.conf, etc) Thank you for your time. Marcos Marconcini >Date: Fri, 23 Jun 2006 09:35:37 -0300 >From: Giancarlo Razzolini <[EMAIL PROTECTED]> >To: misc@openbsd.org >Subject: Re: T1 and DSL failover? redundancy? >Message-ID: <[EMAIL PROTECTED]> >I do have a similar setup, but in my case, i have two ADSL routers, from >2 different ISP's. And each router is on a separate interface, and i do >have one internal network and 2 dmz's. Both the routers support snmp >queries. I do use one pf.conf file, with one anchor for the balancing. >Then, to detect the link state, i use ifstated with some scripts that >check the WAN link and the interface that connect with the router link. >If the WAN link fall, then i use pfctl to load rules in my anchor >directing traffic to the other link, and vice-versa, and i do reboot my >router (many of them works better after rebooting). If the link come >back, the ifstated daemon detects it, and load rules again for doing >load balancing. This setup works great. I do incoming routing too. >My 2 cents, >-- >Giancarlo Razzolini >Linux User 172199 >Moleque Sem Conteudo Numero #002 >Slackware Current >OpenBSD Stable >Snike Tecnologia em Informatica >4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
PF Rules blocking internal traffic. 2 Isp Links
Hi, I am using PF with two ISP links and doing load balancing. Everything works fine, I copied the rules from the FAQ, except for one issue. I am using samba, my problem appears when I have to Log to samba or with RDR to my XP ip (192.168.3.22). PF is blocking internal traffic from my PC to my OBSD 3.8 ( I am waiting for my 3.9 copy :-D ) machine ( with samba server ). If I open the traffic on internal interface with a : Pass in on $int_if from any to any Then samba works fine, but there's no load balancing. May be I am misunderstanding something. Below are my rules. Any help to fix and improve these rules would be appreciated. I have 2 Dsl links from the same provider ( there is only one provider where I am living ) and they don't want to speed up my link. I have 2 links of 256 download and 128 upload working at 65% ( thanks to telefonica de argentina :-( ) Thanks Marcos # # See pf.conf(5) and /usr/share/pf for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. ext_if1="tun0" ext_gw1="200.51.241.211" ext_if2="tun1" ext_gw2="200.51.241.253" int_if ="rl0" lan_net="192.168.3.0/24" gateway_addr="192.168.3.1" # Options: tune the behavior of pf, default values are given. set timeout { interval 30, frag 10 } set timeout { tcp.first 120, tcp.opening 30, tcp.established 3600 } set timeout { tcp.closing 120, tcp.finwait 45, tcp.closed 90 } set timeout { udp.first 60, udp.single 30, udp.multiple 60 } set timeout { icmp.first 20, icmp.error 10 } set timeout { other.first 60, other.single 30, other.multiple 60 } set limit { states 2, frags 5000 } set optimization aggressive scrub in on $ext_if1 all fragment reassemble random-id scrub in on $ext_if2 all fragment reassemble random-id altq on { $ext_if1, $ext_if2 } priq bandwidth 100Kb queue { q_pri, q_def } queue q_pri priority 7 queue q_def priority 1 priq(default) # nat outgoing connections on each internet interface nat on $ext_if1 from $lan_net to any -> ($ext_if1) # sticky-address nat on $ext_if2 from $lan_net to any -> ($ext_if2) # sticky-address # redirect local FTP rdr pass on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021 # default deny block in from any to any block out from any to any block quick inet6 pass quick on lo all # spoofing protection on int_if antispoof quick log for $int_if inet # allow all outgoing traffic on IntIf pass out on $int_if from any to $lan_net # allow all incoming traffic on IntIf pass in quick on $int_if from $lan_net to $int_if # load balance tcp pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin proto tcp from $lan_net to any flags S/SA keep state # load balance udp and icmp pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin proto { udp, icmp } from $lan_net to any keep s tate # ping to/from world pass out log quick on { $ext_if1 $ext_if2 } inet proto icmp all icmp-type 8 code 0 keep state pass in log quick on { $ext_if1 $ext_if2 } inet proto icmp all icmp-type 8 code 0 keep state # allow external access to SSH on both interfaces pass in log quick on $ext_if1 inet proto tcp from !$lan_net to ($ext_if1) port 22 flags S/SA keep state ( max-src-conn 5, max-src-co nn-rate 3/30 ) queue (q_def, q_pri) pass in log quick on $ext_if2 inet proto tcp from !$lan_net to ($ext_if2) port 22 flags S/SA keep state ( max-src-conn 5, max-src-co nn-rate 3/30 ) queue (q_def, q_pri) pass in log on $ext_if1 proto tcp from any to ($ext_if1) port ftp flags S/SA keep state queue (q_def, q_pri) pass in log on $ext_if2 proto tcp from any to ($ext_if2) port ftp flags S/SA keep state queue (q_def, q_pri) # active FTP pass in log quick on $ext_if1 inet proto tcp from any to $ext_if1 port > 49151 flags S/SA keep state queue (q_def, q_pri) pass in log quick on $ext_if2 inet proto tcp from any to $ext_if2 port > 49151 flags S/SA keep state queue (q_def, q_pri) # dns # pass in log on { $ext_if1 $ext_if2 } proto tcp from any to any port domain keep state pass out on $ext_if1 proto tcp from $ext_if1 to any port domain keep state pass out on $ext_if2 proto tcp from $ext_if2 to any port domain keep state # general "pass out" rules for external interfaces pass out on $ext_if1 proto tcp from any to any flags S/SA keep state queue (q_def, q_pri) pass out on $ext_if1 proto udp from any to any keep state pass out on $ext_if2 proto tcp from any to any flags S/SA keep state queue (q_def, q_pri) pass out on $ext_if2 proto udp from any to any keep state # route packets trough the appropiate gateways pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
dual in-kernel pppoe links
Hello I am doing Load balancing with two adsl using pf pools, everything is perfect, my problems appears when I try to config a second kernel pppoe link. ( now I am using one with in-kernel ans the other with userland pppoe ) I have to do something special?? Or it's not posible to have two in kernel pppoe at the same time? This is my hostanme.pppoe0 pppoedev rl1 !/sbin/ifconfig rl1 up !/usr/sbin/spppcontrol \$if myauthproto=pap myauthname=x myauthkey=x !/sbin/ifconfig \$if inet 0.0.0.0 0.0.0.1 netmask 0x !/sbin/route add default 0.0.0.1 Up And this my second pppoe2 hostname pppoedev rl2 !/sbin/ifconfig rl2 up !/usr/sbin/spppcontrol \$if myauthproto=pap myauthname=x myauthkey=x !/sbin/ifconfig \$if inet 0.0.0.0 0.0.0.2 netmask 0x !/sbin/route add default 0.0.0.2 Up May be I am misunderstanding something, What is wrong here? Thank you very much. Marcos
queueing witj Address Pools and Load Balancing
Hi, In a few days, I will be adding a second ADSL link from my provider. ( it's long story, to resume I havent any posible option ) I will try to implement Adrees Pools and Load Balancing, my question is, it's posible to make queueing over the two link's using adrees pools and load balancinfg at same time? or I have to deactivate the queueing option. Thank's Marcos
balancing traffic with two links
Hi I not sure, I saw someone ask a similar question some weeks ago, but mail from the openbsd list was incidentally deleted. It's posible use two differents adsl links over the same openbsd router/firewall, for balance traffic? I have now one 256/128 Adsl, and there is not posible to get more speed for politics from my ISP provider (and can't change it, there is only one). Then, the plan B will be put another ADSL over the same router or over new one router, and balance traffic of my subnet clients who's stay all day surfing the web and downloading files. I have to use pools of PF?? It's a new subject for me, actually I am using openbsd version 3.7 and the adsl links are with dynamic IP's. Thanks in advance. Marcos
Head Command Thanks!!
Hi, I am trying to extract a portion of a large file, to do a sha1 check, it's greater than 2.7Gb. I was reading help for head command, but it's only permit me put number of lines to extract, and I need to extract the portion of 1.5Gb in bytes, and generate a new file. Is this posible? How can I do ? I am using openbsd 3.6. Any help are welcome!!! Thanks in Advance. Marcos
Head command
Hi, I am trying to extract a portion of a large file, to do a sha1 check, it's greater than 2.7Gb. I was reading help for head command, but it's only permit me put number of lines to extract, and I need to extract the portion of 1.5Gb in bytes, and generate a new file. Is this posible? How can I do ? I am using openbsd 3.6. Any help are welcome!!! Thanks in Advance. Marcos