Error building system binaries

2007-01-14 Thread Marcos Marconcini 
Hi

 

 Today I got this problem when build system Binaries after do and update to
3.9 -stable using patch brand.

 

 

cc   -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o
sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o
auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o
auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o
auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o
kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o
-L/usr/src/usr.bin/ssh/sshd/../lib/obj -lssh -lgssapi -lkrb5 -lkafs -lcrypto
-lutil -lz -ldes -lwrap

sshd.o(.text+0x1bd): In function `grace_alarm_handler':

: undefined reference to `sigdie'

collect2: ld returned 1 exit status

*** Error code 1

 

Stop in /usr/src/usr.bin/ssh/sshd (line 93 of /usr/share/mk/bsd.prog.mk).

*** Error code 1

 

Stop in /usr/src/usr.bin/ssh.

*** Error code 1

 

Stop in /usr/src/usr.bin.

*** Error code 1

 

Stop in /usr/src.

*** Error code 1

 

Stop in /usr/src (line 73 of Makefile).

 

 

Any Idea??

 

 

Thank you

 

 

Marcos

compiling problems `-Wstack-larger-than-2047'

2006-08-21 Thread Marcos Marconcini 
Hi

 

I did an upgrade from 3.8 stable to 3.9 current ( I don't know if this is
the problem )

 

I followed the upgrade guide, then I did an update of the source to current
and ports to current.

 

Then when I Want to recompile Kernel I got this message

 

 

cc1: error: unrecognized option `-Wstack-larger-than-2047'

*** Error code 1

 

Stop in /usr/src/sys/arch/i386/compile/GENERIC (line 715 of Makefile).

 

 

Any help would be appreciated!

 

 

Thank you

 

Marcos

Re: T1 and DSL failover? redundancy?

2006-06-24 Thread Marcos Marconcini 
Giancarlo:

 

I was following the mailist and found your mail. I have a
similar scenary with OpenBSD 3.8-stable.

Two ADSL links with two ADSL modems working as bridge (not as router) with 3
interfaces, two external interfaces (one for each modem) and one for my
internal net. Until today I can do load balancing (outgoing) but without a
failover system. I manually reload pf.conf every times I need. I think that
my knowledge of OBSD it's not enough. It's possible for your give a hand
with this issue? I can send you any conf you need (pf.conf, ppp.conf, etc) 

Thank you for your time.

 

Marcos Marconcini

 

 

 

 

 

>Date: Fri, 23 Jun 2006 09:35:37 -0300

>From: Giancarlo Razzolini <[EMAIL PROTECTED]>

>To: misc@openbsd.org

>Subject: Re: T1 and DSL failover? redundancy?

>Message-ID: <[EMAIL PROTECTED]>

 

>I do have a similar setup, but in my case, i have two ADSL routers, from

>2 different ISP's. And each router is on a separate interface, and i do

>have one internal network and 2 dmz's. Both the routers support snmp

>queries. I do use one pf.conf file, with one anchor for the balancing.

>Then, to detect the link state, i use ifstated with some scripts that

>check the WAN link and the interface that connect with the router link.

>If the WAN link fall, then i use pfctl to load rules in my anchor

>directing traffic to the other link, and vice-versa, and i do reboot my

>router (many of them works better after rebooting). If the link come

>back, the ifstated daemon detects it, and load rules again for doing

>load balancing. This setup works great. I do incoming routing too.

 

>My 2 cents,

>--

>Giancarlo Razzolini

>Linux User 172199

>Moleque Sem Conteudo Numero #002

>Slackware Current

>OpenBSD Stable

>Snike Tecnologia em Informatica

>4386 2A6F FFD4 4D5F 5842  6EA0 7ABE BBAB 9C0E 6B85

PF Rules blocking internal traffic. 2 Isp Links

2006-06-06 Thread Marcos Marconcini 
Hi, 

 

I am using PF with two ISP links and doing load balancing.
Everything works fine, I copied the rules from the FAQ, except for one
issue. I am using samba, my problem appears when I have to Log to samba or
with RDR to my XP ip (192.168.3.22). PF is blocking internal traffic from my
PC to my OBSD 3.8 ( I am waiting for my 3.9 copy :-D ) machine ( with samba
server ). If I open the traffic on internal interface with a :

 

Pass in on $int_if from any to any 

 

Then samba works fine, but there's no load balancing. May be I am
misunderstanding something. Below are my rules. Any help to fix and improve
these rules would be appreciated. I have 2 Dsl links from the same provider
( there is only one provider where I am living ) and they don't want to
speed up my link. I have 2 links of  256 download and 128 upload working at
65% ( thanks to telefonica de argentina :-( )

 

Thanks

 

Marcos

 

 

#

# See pf.conf(5) and /usr/share/pf for syntax and examples.

# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1

# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

 

ext_if1="tun0"

ext_gw1="200.51.241.211"

ext_if2="tun1"

ext_gw2="200.51.241.253"

int_if ="rl0"

lan_net="192.168.3.0/24"

gateway_addr="192.168.3.1"

 

# Options: tune the behavior of pf, default values are given.

set timeout { interval 30, frag 10 }

set timeout { tcp.first 120, tcp.opening 30, tcp.established 3600 }

set timeout { tcp.closing 120, tcp.finwait 45, tcp.closed 90 }

set timeout { udp.first 60, udp.single 30, udp.multiple 60 }

set timeout { icmp.first 20, icmp.error 10 }

set timeout { other.first 60, other.single 30, other.multiple 60 }

 

set limit { states 2, frags 5000 }

 

set optimization aggressive

 

scrub in on $ext_if1 all fragment reassemble random-id

scrub in on $ext_if2 all fragment reassemble random-id

 

altq on { $ext_if1, $ext_if2 }  priq bandwidth 100Kb queue { q_pri, q_def }

queue q_pri priority 7

queue q_def priority 1 priq(default)

 

 

# nat outgoing connections on each internet interface

nat on $ext_if1 from $lan_net to any -> ($ext_if1)  # sticky-address

nat on $ext_if2 from $lan_net to any -> ($ext_if2)  # sticky-address

 

# redirect local FTP

rdr pass on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021

 

# default deny

block in  from any to any

block out from any to any

block quick inet6

 

pass quick on lo all

 

# spoofing protection on  int_if

antispoof quick log for $int_if inet

 

# allow all outgoing traffic on IntIf

pass out on $int_if from any to $lan_net

 

# allow all incoming traffic on IntIf

pass in quick on $int_if from $lan_net to $int_if

 

# load balance tcp

pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) }
round-robin proto tcp from $lan_net to any flags S/SA keep 

state

 

# load balance udp and icmp

pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) }
round-robin proto { udp, icmp } from $lan_net to any keep s

tate

 

# ping to/from world

pass out log quick on { $ext_if1  $ext_if2 } inet proto icmp all icmp-type 8
code 0 keep state 

pass in  log quick on { $ext_if1  $ext_if2 } inet proto icmp all icmp-type 8
code 0 keep state 

 

# allow external access to SSH on both interfaces

pass in log quick on $ext_if1 inet proto tcp from !$lan_net to ($ext_if1)
port 22 flags S/SA keep state ( max-src-conn 5, max-src-co

nn-rate 3/30 ) queue (q_def, q_pri)

 

pass in log quick on $ext_if2 inet proto tcp from !$lan_net to ($ext_if2)
port 22 flags S/SA keep state ( max-src-conn 5, max-src-co

nn-rate 3/30 ) queue (q_def, q_pri)

 

pass in log on $ext_if1 proto tcp from any to ($ext_if1) port ftp flags S/SA
keep state queue (q_def, q_pri)

pass in log on $ext_if2 proto tcp from any to ($ext_if2) port ftp flags S/SA
keep state queue (q_def, q_pri)

 

# active FTP

pass in log quick on $ext_if1 inet proto tcp from any to $ext_if1 port >
49151 flags S/SA keep state queue (q_def, q_pri)

pass in log quick on $ext_if2 inet proto tcp from any to $ext_if2 port >
49151 flags S/SA keep state queue (q_def, q_pri)

 

# dns

# pass in log on { $ext_if1 $ext_if2 } proto tcp from any to any port domain
keep state

pass out on $ext_if1 proto tcp from $ext_if1 to any port domain keep state

pass out on $ext_if2 proto tcp from $ext_if2 to any port domain keep state

 

 

#  general "pass out" rules for external interfaces

pass out on $ext_if1 proto tcp from any to any flags S/SA keep state queue
(q_def, q_pri)

pass out on $ext_if1 proto udp from any to any keep state  

pass out on $ext_if2 proto tcp from any to any flags S/SA keep state queue
(q_def, q_pri) 

pass out on $ext_if2 proto udp from any to any keep state  

 

# route packets trough the appropiate gateways

pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any

pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any

dual in-kernel pppoe links

2006-02-02 Thread Marcos Marconcini 
Hello

 

I am doing Load balancing with two adsl using pf pools, everything is
perfect, my problems appears when I try to config a second kernel pppoe
link. ( now I am using one with in-kernel ans the other with userland pppoe
)

I have to do something special?? Or it's not posible to have two in kernel
pppoe at the same time?

 

This is my hostanme.pppoe0 

 

pppoedev rl1

!/sbin/ifconfig rl1 up 

!/usr/sbin/spppcontrol \$if myauthproto=pap myauthname=x myauthkey=x

!/sbin/ifconfig \$if inet 0.0.0.0 0.0.0.1 netmask 0x

!/sbin/route add default 0.0.0.1

Up

 

And this my second pppoe2 hostname

 

pppoedev rl2

!/sbin/ifconfig rl2 up 

!/usr/sbin/spppcontrol \$if myauthproto=pap myauthname=x myauthkey=x

!/sbin/ifconfig \$if inet 0.0.0.0 0.0.0.2 netmask 0x

!/sbin/route add default 0.0.0.2

Up

 

 

May be I am misunderstanding something, What is wrong here?

 

Thank you very much.

 

Marcos

queueing witj Address Pools and Load Balancing

2006-01-28 Thread Marcos Marconcini 
Hi, 

 

In a few days, I will be adding a second ADSL link from my
provider. ( it's long story,  to resume I havent any posible option  ) I
will try to implement Adrees Pools and Load Balancing, my question is, it's
posible to make queueing over the two link's using adrees pools and load
balancinfg at same time? or I have to deactivate the queueing option.

 

 

Thank's

 

Marcos

balancing traffic with two links

2005-12-18 Thread Marcos Marconcini 
Hi

 

I not sure, I saw someone ask a similar question some weeks ago, but mail
from the openbsd list was incidentally deleted. It's posible use two
differents adsl links over the same openbsd router/firewall, for balance
traffic? I have now one 256/128 Adsl, and there is not posible to get more
speed for politics from my ISP provider (and can't change it, there is only
one). 

Then, the plan B will be put another ADSL over the same router or over new
one router, and balance traffic of my subnet clients who's stay all day
surfing the web and downloading files.

I have to use pools of PF?? It's a new subject for me, actually I am using
openbsd version 3.7 and the adsl links are with dynamic IP's.

 

Thanks in advance.

 

Marcos

Head Command Thanks!!

2005-11-11 Thread Marcos Marconcini 
Hi,

 

 I am trying to extract a portion of a large file, to do a sha1 check, it's
greater than 2.7Gb. I was reading help for head command, but it's only
permit me put number of lines to extract, and I need to extract the portion
of 1.5Gb in bytes, and generate a new file. Is this posible? How can I do ?
I am using openbsd 3.6. Any help are welcome!!!

 

Thanks in Advance.

 

 

Marcos

Head command

2005-11-07 Thread Marcos Marconcini 
Hi,

 

 I am trying to extract a portion of a large file, to do a sha1 check, it's
greater than 2.7Gb. I was reading help for head command, but it's only
permit me put number of lines to extract, and I need to extract the portion
of 1.5Gb in bytes, and generate a new file. Is this posible? How can I do ?
I am using openbsd 3.6. Any help are welcome!!!

 

Thanks in Advance.

 

 

Marcos