Re: openbsd.org down?
curl works [ntis@fpc ~]$ curl https://www.openbsd.org OpenBSD https://www.openbsd.org/;> IE works firefox does not work On Mon, Apr 13, 2020 at 8:25 AM infoomatic wrote: > not reachable for days now in Austria, Germany, Czech Republic > > > On 13.04.20 11:01, SP2L Tom wrote: > > Greetings. > > > > > > It was and it is still up > > At least, I can reach OpenBSD site. > > > > > > Best regards. > > Tom > > > > W 13 kwietnia 2020 10:23:18 Sebastien Marie napisał: > > > >> On Mon, Apr 13, 2020 at 10:14:00AM +0300, Ilya Mitrukov wrote: > >>> Hi, > >>> flushing the caches doesn't help and it's still unavailable. > >>> > >>> Does anybody know where to report the issue? > >>> (I'd look at openbsd.org but ... ) > >> > >> I suppose there is one or two openbsd developers which follow this > >> list. So they > >> might already know. > >> > >> Thanks. > >> -- > >> Sebastien Marie > > > > > > > >
Re: Compiling Zeek 3.0.2 returns an error at final stage
>From the server if you curl a website, in zeek log current folder do you see a http.log file, and after changing the interface did you zeekctl deploy. Thanks Monah On Sat, Mar 7, 2020 at 5:42 PM Carlos Lopez wrote: > Thanks Monah … But this is not the problem … interface configuration is > correct … > > > > -- > > Regards, > > C. L. Martinez > > > > *From: *Monah Baki > *Date: *Saturday, 7 March 2020 at 23:30 > *To: *Carlos Lopez > *Cc: *"misc@openbsd.org" > *Subject: *Re: Compiling Zeek 3.0.2 returns an error at final stage > > > > Hi Carlos, > > > > Check your node.cfg, the interface section > > > > [zeek] > type=standalone > host=localhost > interface=eth0 <<<<<< might want to change it > > > > On Sat, Mar 7, 2020 at 5:01 PM Carlos Lopez wrote: > > Many thanks for your answer Stuart ... Finally, I have compiled Zeek > 3.0.3-dev.3 an all goes ok during compilation ... But zeek doesn't capture > any packet ... and tcpdump works without problems and I can see all traffic > ... > > -- > Regards, > C. L. Martinez > > On 07/03/2020, 22:08, "owner-m...@openbsd.org on behalf of Stuart > Henderson" > wrote: > > On 2020-03-07, Carlos Lopez wrote: > > Hi all, > > > > I am trying to install Zeek 3.0.2 under OpenBSD 6.6 amd64 fully > patched but compilation returns me the following error: > > > > [ 97%] Building C object src/CMakeFiles/zeek.dir/nb_dns.c.o > > [ 97%] Linking CXX executable zeek > > ld: error: unable to find library -llibbinpac.so.VERSION > > c++: error: linker command failed with exit code 1 (use -v to see > invocation) > > *** Error 1 in build (src/CMakeFiles/zeek.dir/build.make:1826 > 'src/zeek') > > *** Error 1 in build (CMakeFiles/Makefile2:1661 > 'src/CMakeFiles/zeek.dir/all') > > *** Error 1 in build (Makefile:152 'all') > > *** Error 1 in /root/builds/src/zeek-3.0.2 (Makefile:15 'all') > > > > But libbinpac.so exists compiled under the source dirs.: > > > > root@obsd66:~/builds/src/zeek-3.0.2# find . -name "*binpac.so" > > ./build/aux/binpac/lib/libbinpac.so > > root@obsd66:~/builds/src/zeek-3.0.2 > > > > Any tip to solve this issue? > > > > You're probably better off using the port. There is a fair chance that > if you update *just* the net/bro directory (the port dir wasn't renamed > but the package was) to -current that it will build, and if not, you'll > be closer to getting it working. > > Or the easy option, update to -current, pkg_add zeek. > > >
Re: Compiling Zeek 3.0.2 returns an error at final stage
Hi Carlos, Check your node.cfg, the interface section [zeek] type=standalone host=localhost interface=eth0 << might want to change it On Sat, Mar 7, 2020 at 5:01 PM Carlos Lopez wrote: > Many thanks for your answer Stuart ... Finally, I have compiled Zeek > 3.0.3-dev.3 an all goes ok during compilation ... But zeek doesn't capture > any packet ... and tcpdump works without problems and I can see all traffic > ... > > -- > Regards, > C. L. Martinez > > On 07/03/2020, 22:08, "owner-m...@openbsd.org on behalf of Stuart > Henderson" > wrote: > > On 2020-03-07, Carlos Lopez wrote: > > Hi all, > > > > I am trying to install Zeek 3.0.2 under OpenBSD 6.6 amd64 fully > patched but compilation returns me the following error: > > > > [ 97%] Building C object src/CMakeFiles/zeek.dir/nb_dns.c.o > > [ 97%] Linking CXX executable zeek > > ld: error: unable to find library -llibbinpac.so.VERSION > > c++: error: linker command failed with exit code 1 (use -v to see > invocation) > > *** Error 1 in build (src/CMakeFiles/zeek.dir/build.make:1826 > 'src/zeek') > > *** Error 1 in build (CMakeFiles/Makefile2:1661 > 'src/CMakeFiles/zeek.dir/all') > > *** Error 1 in build (Makefile:152 'all') > > *** Error 1 in /root/builds/src/zeek-3.0.2 (Makefile:15 'all') > > > > But libbinpac.so exists compiled under the source dirs.: > > > > root@obsd66:~/builds/src/zeek-3.0.2# find . -name "*binpac.so" > > ./build/aux/binpac/lib/libbinpac.so > > root@obsd66:~/builds/src/zeek-3.0.2 > > > > Any tip to solve this issue? > > > > You're probably better off using the port. There is a fair chance that > if you update *just* the net/bro directory (the port dir wasn't renamed > but the package was) to -current that it will build, and if not, you'll > be closer to getting it working. > > Or the easy option, update to -current, pkg_add zeek. > > > >
Re: OpenBSD on Soekris net4801
Have you tried boot> stty com0 38400 boot> set tty com0 On Wed, May 22, 2019 at 2:14 PM Alberto Mijares wrote: > Hi guys, > > I'm new on this list. Greetings everyone. > > Here is my case: > > I installed OpenBSD on a 4GB Flash Card by attaching the card to a > Bhyve VM as a "ahci-hd" custom drive. Then, booted the VM and disabled > a few of services. Also disabled kernel and libs randomization, since > it's not needed and the Soekris couldn't handle it. At the end, only > sshd, syslogd and ntpd are starting and and 73MB or RAM remain free. > Finally, I created a /etc/hostname.sis1 file with proper network > configuration, since the device name in the VM is not the same of the > interface of the Soekris. > > Now I should say: the serial console is not working for me, for some > reason I cannot get it working. I see garbage in the screen with all > possible combinations of speeds and other terminal configs. > > When I plug the CF in the Soekris, it won't boot properly. I think the > kernel is loaded and hangs at some point. Can't tell where, as > explained before. I know the boot is not finishing because I created a > /etc/rc.local in it doesn't do anything. > > I tried to edit /etc/fstab and change sd disk interface for wd. Not > working either. > > I also tried the bsd.rd but I'm not sure if I get a prompt or it also > hangs. > > Ideally, I would boot the Soekris and wait for network initialization > for connecting via SSH. Any suggestion? > > The only thing I haven't tried is the bsd.mp kernel, now that I think. > I'll give it a try and will be waiting for your feedback in the > meantime. > > Thanks in advance. > > > Alberto Mijares > >
OpenBSD 6.3 syspatch
Hi all, I am running OpenBSD 6.3 in AWS, and I want to run sysptach since https://www.openbsd.org/errata63.html shows several patches exist. So on the openbsd 6.3 server I ran the following; uname -a displays OpenBSD ip-10-0-0-108.ec2.internal 6.3 GENERIC.MP#107 amd64 ip-10-0-0-108# syspatch -l 001_perl 002_libtls 003_arp 004_gif 005_httpd 006_ipseclen 007_libcrypto 008_ipsecout 009_libcrypto 010_intelfpu 011_perl 012_execsize 013_ipsecexpire 014_amdlfence 016_fpuinit 017_fpufork 018_vmml1tf ip-10-0-0-108# syspatch -c ip-10-0-0-108# Why there was no results for fix 19-32 for 6.3. Thanks Monah
OpenBSD and letsencrypt in Amazon AWS
Hi All, I have a OpenBSD 6.3 server in Amazon AWS, and I am trying to install from ports letsencrypt. Install was running fine till I got a Fatal message after it was done with the patching process ===> Applying OpenBSD patch patch-setup_py Hmm... Looks like a unified diff to me... The text leading up to this was: -- |$OpenBSD: patch-setup_py,v 1.13 2017/11/05 06:33:45 jca Exp $ |Index: setup.py |--- setup.py.orig |+++ setup.py -- Patching file setup.py using Plan A... Hunk #1 succeeded at 35. Hunk #2 succeeded at 461. Hunk #3 succeeded at 791. Hunk #4 succeeded at 929. Hunk #5 succeeded at 999. Hunk #6 succeeded at 1063. Hunk #7 succeeded at 1086. Hunk #8 succeeded at 1244. Hunk #9 succeeded at 1853. Hunk #10 succeeded at 1908. Hunk #11 succeeded at 1951. done /usr/bin/perl /usr/ports/infrastructure/bin/pkg_subst -DMODTK_VERSION=8.5 -DMODTK_BIN=/usr/local/bin/wish8.5 -DMODTCL_VERSION=8.5 -DMODTCL_BIN=/usr/local/bin/tclsh8.5 -DLIBpython2.7_VERSION=0.0 -DMACHINE_ARCH=amd64 -DARCH=amd64 -DHOMEPAGE=http://www.python.org/ -D^PREFIX=/usr/local -D^SYSCONFDIR=/etc -DFLAVOR_EXT= -DFULLPKGNAME=Python-2.7.14 -DMAINTAINER=Remi\ Pointel\ \< rpoin...@openbsd.org\> -D^BASE_PKGPATH=lang/python/2.7 -D^LOCALBASE=/usr/local -D^X11BASE=/usr/X11R6 -D^TRUEPREFIX=/usr/local -D^RCDIR=/etc/rc.d -D^LOCALSTATEDIR=/var -i -B /usr/ports/pobj/Python-2.7.14 /usr/ports/pobj/Python-2.7.14/Python-2.7.14/ configure.ac Fatal: /usr/ports/pobj must be on a wxallowed filesystem (in lang/python/2.7) *** Error 1 in /usr/ports/lang/python/2.7 (/usr/ports/infrastructure/mk/ bsd.port.mk:2657 '_post-patch-finalize': @wrktmp=`df -P /usr/ports/p...) *** Error 1 in /usr/ports/lang/python/2.7 (/usr/ports/infrastructure/mk/ bsd.port.mk:2644 '/usr/ports/pobj/Python-2.7.14/.patch_done') *** Error 1 in /usr/ports/lang/python/2.7 (/usr/ports/infrastructure/mk/ bsd.port.mk:1938 '/usr/ports/packages/amd64/all/python-2.7.14p1.tgz') *** Error 1 in /usr/ports/lang/python/2.7 (/usr/ports/infrastructure/mk/ bsd.port.mk:2440 '_internal-package') *** Error 1 in /usr/ports/lang/python/2.7 (/usr/ports/infrastructure/mk/ bsd.port.mk:2419 'package') *** Error 1 in /usr/ports/lang/python/2.7 (/usr/ports/infrastructure/mk/ bsd.port.mk:1956 '/var/db/pkg/python-2.7.14p1/+CONTENTS') *** Error 1 in /usr/ports/lang/python/2.7 (/usr/ports/infrastructure/mk/ bsd.port.mk:2419 'install') *** Error 1 in acme-tiny (/usr/ports/infrastructure/mk/bsd.port.mk:2073 '/usr/ports/pobj/acme-tiny-20160818/.dep-lang-python-2.7') *** Error 1 in acme-tiny (/usr/ports/infrastructure/mk/bsd.port.mk:1958 '/var/db/pkg/acme-tiny-20160818/+CONTENTS') *** Error 1 in acme-tiny (/usr/ports/infrastructure/mk/bsd.port.mk:2419 'install') ===> Exiting security/letsencrypt/acme-tiny with an error *** Error 1 in /usr/ports/security/letsencrypt (/usr/ports/infrastructure/mk/bsd.port.subdir.mk:147 'install') This is what my fstab looks like 9abe67936fe2a3ab.b none swap sw 9abe67936fe2a3ab.a / ffs rw 1 1 9abe67936fe2a3ab.i /home ffs rw,nodev,nosuid 1 2 9abe67936fe2a3ab.d /tmp ffs rw,nodev,nosuid 1 2 9abe67936fe2a3ab.f /usr ffs rw,nodev 1 2 9abe67936fe2a3ab.e /var ffs rw,nodev,nosuid 1 2 Thanks Monah
Re: OpenBSd 5.9 dup-to
You have it setup in bridge mode? Thanks On Mon, May 8, 2017 at 9:01 PM Edgar Pettijohn <ed...@pettijohn-web.com> wrote: > > > On 05/08/17 17:55, Monah Baki wrote: > > Hi all, > > > > I am running OpenBSD 5.9 on a Net4801 Soekris. It's acting as my gateway > > and all my internal machines on the 10.0.0.x network are able to get to > the > > internet. > > > > My ifconfig > > > > # ifconfig > > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768 > > priority: 0 > > groups: lo > > inet6 ::1 prefixlen 128 > > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7 > > inet 127.0.0.1 netmask 0xff00 > > sis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > > lladdr 00:00:24:c5:08:bc > > priority: 0 > > groups: egress > > media: Ethernet autoselect (100baseTX full-duplex) > > status: active > > inet 192.168.1.222 netmask 0xff00 broadcast 192.168.1.255 > > sis1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > > lladdr 00:00:24:c5:08:bd > > priority: 0 > > media: Ethernet autoselect (100baseTX full-duplex) > > status: active > > inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 > > sis2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500 > > lladdr 00:00:24:c5:08:be > > priority: 0 > > media: Ethernet autoselect (none) > > status: no carrier > > > > > > > > > > > > My pf.conf > > > > > > set skip on lo > > > > block return# block stateless traffic > > pass# establish keep-state > > > > pass out on sis0 inet from sis1:network to any nat-to sis0 > > pass in on sis1 dup-to 10.0.0.2 > > pass out on sis1 dup-to 10.0.0.2 > > > > > > > > The 10.0.0.2 is the IP address of my Windows workstation running > wireshark, > > however I do not see any network traffic from my internal workstations. > > > > I actually prefer to copy traffic from sis1 to sis2 if possible and just > > connect directly my wireshark laptop to it > > > > Am I missing anything? > > > > > > Thanks > > Monah > I am using a soekris for my router as well. I pretty much just followed > the advice here https://www.openbsd.org/faq/pf/example1.html and have > had no problems for over a year now. > > Edgar > >
OpenBSd 5.9 dup-to
Hi all, I am running OpenBSD 5.9 on a Net4801 Soekris. It's acting as my gateway and all my internal machines on the 10.0.0.x network are able to get to the internet. My ifconfig # ifconfig lo0: flags=8049mtu 32768 priority: 0 groups: lo inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7 inet 127.0.0.1 netmask 0xff00 sis0: flags=8843 mtu 1500 lladdr 00:00:24:c5:08:bc priority: 0 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet 192.168.1.222 netmask 0xff00 broadcast 192.168.1.255 sis1: flags=8843 mtu 1500 lladdr 00:00:24:c5:08:bd priority: 0 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 sis2: flags=8802 mtu 1500 lladdr 00:00:24:c5:08:be priority: 0 media: Ethernet autoselect (none) status: no carrier My pf.conf set skip on lo block return# block stateless traffic pass# establish keep-state pass out on sis0 inet from sis1:network to any nat-to sis0 pass in on sis1 dup-to 10.0.0.2 pass out on sis1 dup-to 10.0.0.2 The 10.0.0.2 is the IP address of my Windows workstation running wireshark, however I do not see any network traffic from my internal workstations. I actually prefer to copy traffic from sis1 to sis2 if possible and just connect directly my wireshark laptop to it Am I missing anything? Thanks Monah
Re: Getting http to work
It worked! I switched my ext_addr to my 192.168.60.129, manually ran /usr/sbin/httpd rather than "rcctl" or "/etc/rc.d/httpd start", did a ps -ax and saw httpd server running. Rebooted the machine, the httpd daemon came back up automatically. Switched the ext_addr to "*" rebooted, the httpd server still came up as running. Very strange. On Sun, Feb 26, 2017 at 8:50 AM, Vijay Sankar <vsan...@foretell.ca> wrote: > Oops, don't know what happened to my config that I added below. Sorry > about that. > > Anyways, the only thing I recall was that I used the real server name > instead of "default" and it worked and I have not touched the configuration > since then :) > > Vijay > > Quoting Vijay Sankar <vsan...@foretell.ca>: > >> Hi, >> >> Can you try using the name of the server instead of "default"? >> >> I sort of recall something like this from a couple of years ago but it > has >> run without any problems for me. >> >> For example, I had "default" instead of the server's name and it did not >> work. Once I changed to the following, there were no issues and it has > run >> like this since >> >> vault.lab.foretell.ca$ ls -l >> > /etc/httpd.conf                                 >>  >> -rw-r--r-- 1 root wheel 558 Dec 28 2015 /etc/httpd.conf >> >> vault.lab.foretell.ca$ more >> > /etc/httpd.conf                                  >>  >> prefork 2 >> chroot "/home/distros" >>           server "vault.lab.foretell.ca" { >>                listen on * > port 80 >>                directory > auto index >>                } >> >>           types { >>                   >> text/css               >> css >>                   > text/html              >> html htm >>                   >> text/txt               >> txt >>                   > image/gif              >> gif >>                   > image/jpeg             >> jpeg jpg >>                   > image/png              >> png >>                   > application/javascript js >>                   > application/xml        xml >>           } >> >> Hope this helps, >> >> Vijay >> >> Quoting Monah Baki <monahb...@gmail.com>: >> >>> # netstat -na -f inet | grep LISTEN >>> tcp     0   0 127.0.0.1.25  >     *.*   >> >>        >>> LISTEN >>> tcp     0   0 *.22   >        *.*  >> >>         >>> LISTEN >>> # httpd -dv >>> startup >>> parent: send server: Can't assign requested address >>> # logger exiting, pid 24061 >>> server exiting, pid 96224 >>> server exiting, pid 68259 >>> server exiting, pid 94930 >>> >>> It's a fresh install so I wasn't expecting any ports listening. Even >>> if I changed to port 8080 same issue. >>> >>> Thanks >>> >>> On Sat, Feb 25, 2017 at 6:31 PM, Currell Berry <currellbe...@gmail.com> >>> wrote: >>>> Monah Baki writes: >>>> >>>>> # httpd -dnv >>>>> configuration OK >>>>> >>>>> # rcctl - start httpd >>>>> doing _rc_parse_conf >>>>> doing _rc_quirks >>>>> httpd_flags empty, using default >< >>>>> doing _rc_parse_conf /var/run/rc.d/httpd >>>>> doing _rc_quirks >>>>> doing rc_check >>>>> httpd >>>>> doing rc_pre >>>>> configuration OK >>>>> doing rc_start >>>>> doing _rc_wait start >>>>> doing rc_check >>>>> doing _rc_write_runfile >>>>> (ok) >>>>> >>>>> # /etc/rc.d/httpd start >>>>> httpd(ok) >>>>> >>>>> cat /var/log/messages >>>>> >>>>> Feb 25 15:35:22 nebula httpd[94632]: parent: send server: Can't assign >>>>> requested address >>>>> Feb
Re: Getting http to work
I installed a fresh copy of 5.9 and still having the same issue. Still seeing parent: send server: Can't assign requested address in /var/log/messages. Thanks On Sat, Feb 25, 2017 at 10:27 PM, Kevin Gerrard <ke...@txwre.com> wrote: > OpenBSD 6.0 > I had this happen to me a few days ago. I set httpd.conf up to use "*" at > first just to cut down on hiccups. When I had it up and working with php, > and mariadb I changed "*" to"192.168.3.254" and restarted > httpd.conf. It did not work, even after a reboot. So I put the "*" back in > just so I could go populate mariadb 10 and php 7. After reading these > emails today it made me remember that, and so I logged into it and changed > it back to the "192.168.3.254" instead of "*", and restarted httpd. I > thought I was going to reproduce the hiccup but instead the dadgum thing > worked!!! > > No problems here at all but I did want to say for whatever reason it was, > this exact anomaly did happen to me once also, however upon trying to > reproduce it I could not. > > The only thing I can think of is that I "might" not have rebooted? I really > doubt that is it but a lot on my mind lately and it could easily have been. > > Kevin Gerrard > > -Original Message- > From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of > Currell Berry > Sent: Saturday, February 25, 2017 5:32 PM > To: Monah Baki > Cc: ludovic coues; openbsd-misc > Subject: Re: Getting http to work > > Monah Baki writes: > >> # httpd -dnv >> configuration OK >> >> # rcctl - start httpd >> doing _rc_parse_conf >> doing _rc_quirks >> httpd_flags empty, using default >< >> doing _rc_parse_conf /var/run/rc.d/httpd doing _rc_quirks doing >> rc_check httpd doing rc_pre configuration OK doing rc_start doing >> _rc_wait start doing rc_check doing _rc_write_runfile >> (ok) >> >> # /etc/rc.d/httpd start >> httpd(ok) >> >> cat /var/log/messages >> >> Feb 25 15:35:22 nebula httpd[94632]: parent: send server: Can't assign >> requested address Feb 25 15:36:06 nebula httpd[14026]: parent: send >> server: Can't assign requested address >> >> >> vi httpd.conf >> >> # $OpenBSD: httpd.conf,v 1.14 2015/02/04 08:39:35 florian Exp $ >> >> # >> # Macros >> # >> ext_addr="*" >> >> # >> # Global Options >> # >> # prefork 3 >> >> # >> # Servers >> # >> >> # A minimal default server >> server "default" { >> listen on $ext_addr port 80 >> } >> >> >> >> Thanks >> >> >> On Sat, Feb 25, 2017 at 3:27 PM, ludovic coues <cou...@gmail.com> wrote: >>> # rcctl - start httpd >>> This command should give you some details on what isn't working. >>> If not, you can try `# httpd -nvv` to check your config and `# httpd >>> -d` to run httpd directly. >>> >>> 2017-02-25 21:20 GMT+01:00 Monah Baki <monahb...@gmail.com>: >>>> Changing to ext_addr="*" >>>> >>>> >>>> # /etc/rc.d/httpd start >>>> httpd(failed) >>>> >>>> Nothing shows up in /var/log/messages >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Sat, Feb 25, 2017 at 12:00 PM, Currell Berry <currellbe...@gmail.com> > wrote: >>>>> >>>>> Monah Baki writes: >>>>> >>>>>> Hi all, >>>>>> >>>>>> Installed a fresh install of OpenBSD 6.0 on VMWare workstation and >>>>>> wanted to run default webserver. >>>>>> >>>>>> In the messages logs I find the following error: >>>>>> >>>>>> httpd[23792]: parent: send server: Can't assign requested address >>>>>> >>>>>> >>>>>> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 >>>>>> lladdr 00:0c:29:b3:81:f8 >>>>>> index 1 priority 0 llprio 3 >>>>>> groups: egress >>>>>> media: Ethernet autoselect (1000baseT full-duplex,master) >>>>>> status: active >>>>>> inet 192.168.60.129 netmask 0xff00 broadcast >>>>>> 192.168.60.255 >>>>>> >>>>>> In my httpd.conf all I changed was the "ext_addr" Macro, everything > else as is. >>>>>> >>>>>> $ cat /etc/httpd.conf >>>>>> # $OpenBSD: httpd.conf,v 1.14 2015/02/04 08:39:35 florian Exp $ >>>>>> >>>>>> # >>>>>> # Macros >>>>>> # >>>>>> ext_addr="192.168.60.129" >>>>>> # A minimal default server >>>>>> server "default" { >>>>>> listen on $ext_addr port 80 } >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Thank you >>>>>> Monah >>>>> >>>>> Did you try >>>>> >>>>> ext_addr="*" >>>>> >>>>> yet? >>>>> >>>>> Does it report the same error with that in place? >>>>> >>>>> -- Currell >>>> >>> >>> >>> >>> -- >>> >>> Cordialement, Coues Ludovic >>> +336 148 743 42 > > Some ideas: > You might have an instance of httpd running in the background stopping a > new one from binding to the port. > > Run the following commands and examine the output to check what could be > there > > # netstat -na -f inet | grep LISTEN > # ps ax > > Kill all running instances of httpd, or anything else that is binding to > port 80. > > Once you've done that, try starting httpd in no-fork mode and see what > it says: > > # httpd -dv > > If it still doesn't work, try a different port (change 80 to for > instance). > > -- Currell
Re: Getting http to work
# netstat -na -f inet | grep LISTEN tcp 0 0 127.0.0.1.25 *.*LISTEN tcp 0 0 *.22 *.*LISTEN # httpd -dv startup parent: send server: Can't assign requested address # logger exiting, pid 24061 server exiting, pid 96224 server exiting, pid 68259 server exiting, pid 94930 It's a fresh install so I wasn't expecting any ports listening. Even if I changed to port 8080 same issue. Thanks On Sat, Feb 25, 2017 at 6:31 PM, Currell Berry <currellbe...@gmail.com> wrote: > > Monah Baki writes: > >> # httpd -dnv >> configuration OK >> >> # rcctl - start httpd >> doing _rc_parse_conf >> doing _rc_quirks >> httpd_flags empty, using default >< >> doing _rc_parse_conf /var/run/rc.d/httpd >> doing _rc_quirks >> doing rc_check >> httpd >> doing rc_pre >> configuration OK >> doing rc_start >> doing _rc_wait start >> doing rc_check >> doing _rc_write_runfile >> (ok) >> >> # /etc/rc.d/httpd start >> httpd(ok) >> >> cat /var/log/messages >> >> Feb 25 15:35:22 nebula httpd[94632]: parent: send server: Can't assign >> requested address >> Feb 25 15:36:06 nebula httpd[14026]: parent: send server: Can't assign >> requested address >> >> >> vi httpd.conf >> >> # $OpenBSD: httpd.conf,v 1.14 2015/02/04 08:39:35 florian Exp $ >> >> # >> # Macros >> # >> ext_addr="*" >> >> # >> # Global Options >> # >> # prefork 3 >> >> # >> # Servers >> # >> >> # A minimal default server >> server "default" { >> listen on $ext_addr port 80 >> } >> >> >> >> Thanks >> >> >> On Sat, Feb 25, 2017 at 3:27 PM, ludovic coues <cou...@gmail.com> wrote: >>> # rcctl - start httpd >>> This command should give you some details on what isn't working. >>> If not, you can try `# httpd -nvv` to check your config and `# httpd >>> -d` to run httpd directly. >>> >>> 2017-02-25 21:20 GMT+01:00 Monah Baki <monahb...@gmail.com>: >>>> Changing to ext_addr="*" >>>> >>>> >>>> # /etc/rc.d/httpd start >>>> httpd(failed) >>>> >>>> Nothing shows up in /var/log/messages >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Sat, Feb 25, 2017 at 12:00 PM, Currell Berry <currellbe...@gmail.com> >>>> wrote: >>>>> >>>>> Monah Baki writes: >>>>> >>>>>> Hi all, >>>>>> >>>>>> Installed a fresh install of OpenBSD 6.0 on VMWare workstation and >>>>>> wanted to run default webserver. >>>>>> >>>>>> In the messages logs I find the following error: >>>>>> >>>>>> httpd[23792]: parent: send server: Can't assign requested address >>>>>> >>>>>> >>>>>> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 >>>>>> lladdr 00:0c:29:b3:81:f8 >>>>>> index 1 priority 0 llprio 3 >>>>>> groups: egress >>>>>> media: Ethernet autoselect (1000baseT full-duplex,master) >>>>>> status: active >>>>>> inet 192.168.60.129 netmask 0xff00 broadcast 192.168.60.255 >>>>>> >>>>>> In my httpd.conf all I changed was the "ext_addr" Macro, everything else >>>>>> as is. >>>>>> >>>>>> $ cat /etc/httpd.conf >>>>>> # $OpenBSD: httpd.conf,v 1.14 2015/02/04 08:39:35 florian Exp $ >>>>>> >>>>>> # >>>>>> # Macros >>>>>> # >>>>>> ext_addr="192.168.60.129" >>>>>> # A minimal default server >>>>>> server "default" { >>>>>> listen on $ext_addr port 80 >>>>>> } >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Thank you >>>>>> Monah >>>>> >>>>> Did you try >>>>> >>>>> ext_addr="*" >>>>> >>>>> yet? >>>>> >>>>> Does it report the same error with that in place? >>>>> >>>>> -- Currell >>>> >>> >>> >>> >>> -- >>> >>> Cordialement, Coues Ludovic >>> +336 148 743 42 > > Some ideas: > You might have an instance of httpd running in the background stopping a > new one from binding to the port. > > Run the following commands and examine the output to check what could be there > > # netstat -na -f inet | grep LISTEN > # ps ax > > Kill all running instances of httpd, or anything else that is binding to > port 80. > > Once you've done that, try starting httpd in no-fork mode and see what > it says: > > # httpd -dv > > If it still doesn't work, try a different port (change 80 to for > instance). > > -- Currell
Re: Getting http to work
# httpd -dnv configuration OK # rcctl - start httpd doing _rc_parse_conf doing _rc_quirks httpd_flags empty, using default >< doing _rc_parse_conf /var/run/rc.d/httpd doing _rc_quirks doing rc_check httpd doing rc_pre configuration OK doing rc_start doing _rc_wait start doing rc_check doing _rc_write_runfile (ok) # /etc/rc.d/httpd start httpd(ok) cat /var/log/messages Feb 25 15:35:22 nebula httpd[94632]: parent: send server: Can't assign requested address Feb 25 15:36:06 nebula httpd[14026]: parent: send server: Can't assign requested address vi httpd.conf # $OpenBSD: httpd.conf,v 1.14 2015/02/04 08:39:35 florian Exp $ # # Macros # ext_addr="*" # # Global Options # # prefork 3 # # Servers # # A minimal default server server "default" { listen on $ext_addr port 80 } Thanks On Sat, Feb 25, 2017 at 3:27 PM, ludovic coues <cou...@gmail.com> wrote: > # rcctl - start httpd > This command should give you some details on what isn't working. > If not, you can try `# httpd -nvv` to check your config and `# httpd > -d` to run httpd directly. > > 2017-02-25 21:20 GMT+01:00 Monah Baki <monahb...@gmail.com>: >> Changing to ext_addr="*" >> >> >> # /etc/rc.d/httpd start >> httpd(failed) >> >> Nothing shows up in /var/log/messages >> >> >> >> >> >> >> On Sat, Feb 25, 2017 at 12:00 PM, Currell Berry <currellbe...@gmail.com> >> wrote: >>> >>> Monah Baki writes: >>> >>>> Hi all, >>>> >>>> Installed a fresh install of OpenBSD 6.0 on VMWare workstation and >>>> wanted to run default webserver. >>>> >>>> In the messages logs I find the following error: >>>> >>>> httpd[23792]: parent: send server: Can't assign requested address >>>> >>>> >>>> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 >>>> lladdr 00:0c:29:b3:81:f8 >>>> index 1 priority 0 llprio 3 >>>> groups: egress >>>> media: Ethernet autoselect (1000baseT full-duplex,master) >>>> status: active >>>> inet 192.168.60.129 netmask 0xff00 broadcast 192.168.60.255 >>>> >>>> In my httpd.conf all I changed was the "ext_addr" Macro, everything else >>>> as is. >>>> >>>> $ cat /etc/httpd.conf >>>> # $OpenBSD: httpd.conf,v 1.14 2015/02/04 08:39:35 florian Exp $ >>>> >>>> # >>>> # Macros >>>> # >>>> ext_addr="192.168.60.129" >>>> # A minimal default server >>>> server "default" { >>>> listen on $ext_addr port 80 >>>> } >>>> >>>> >>>> >>>> >>>> Thank you >>>> Monah >>> >>> Did you try >>> >>> ext_addr="*" >>> >>> yet? >>> >>> Does it report the same error with that in place? >>> >>> -- Currell >> > > > > -- > > Cordialement, Coues Ludovic > +336 148 743 42
Re: Getting http to work
Changing to ext_addr="*" # /etc/rc.d/httpd start httpd(failed) Nothing shows up in /var/log/messages On Sat, Feb 25, 2017 at 12:00 PM, Currell Berry <currellbe...@gmail.com> wrote: > > Monah Baki writes: > >> Hi all, >> >> Installed a fresh install of OpenBSD 6.0 on VMWare workstation and >> wanted to run default webserver. >> >> In the messages logs I find the following error: >> >> httpd[23792]: parent: send server: Can't assign requested address >> >> >> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 >> lladdr 00:0c:29:b3:81:f8 >> index 1 priority 0 llprio 3 >> groups: egress >> media: Ethernet autoselect (1000baseT full-duplex,master) >> status: active >> inet 192.168.60.129 netmask 0xff00 broadcast 192.168.60.255 >> >> In my httpd.conf all I changed was the "ext_addr" Macro, everything else as >> is. >> >> $ cat /etc/httpd.conf >> # $OpenBSD: httpd.conf,v 1.14 2015/02/04 08:39:35 florian Exp $ >> >> # >> # Macros >> # >> ext_addr="192.168.60.129" >> # A minimal default server >> server "default" { >> listen on $ext_addr port 80 >> } >> >> >> >> >> Thank you >> Monah > > Did you try > > ext_addr="*" > > yet? > > Does it report the same error with that in place? > > -- Currell
Getting http to work
Hi all, Installed a fresh install of OpenBSD 6.0 on VMWare workstation and wanted to run default webserver. In the messages logs I find the following error: httpd[23792]: parent: send server: Can't assign requested address em0: flags=8843mtu 1500 lladdr 00:0c:29:b3:81:f8 index 1 priority 0 llprio 3 groups: egress media: Ethernet autoselect (1000baseT full-duplex,master) status: active inet 192.168.60.129 netmask 0xff00 broadcast 192.168.60.255 In my httpd.conf all I changed was the "ext_addr" Macro, everything else as is. $ cat /etc/httpd.conf # $OpenBSD: httpd.conf,v 1.14 2015/02/04 08:39:35 florian Exp $ # # Macros # ext_addr="192.168.60.129" # A minimal default server server "default" { listen on $ext_addr port 80 } Thank you Monah
Re: Trying to newfs an old 128 compactflash
# newfs /dev/rsd0a /dev/rsd0a: 123.0MB in 251840 sectors of 512 bytes 4 cylinder groups of 30.74MB, 3935 blocks, 7872 inodes each newfs: wtfs: write error on block 16: Input/output error Same error. I never seen this error before and I've used newfs before. On Sat, Jan 30, 2016 at 8:10 PM, Edgar Pettijohn <ed...@pettijohn-web.com> wrote: > On 01/30/16 18:15, Monah Baki wrote: >> >> Hi all, >> >> Trying to newfs an old 128MB flashcard on my OpenBSD 5.7, so I can >> install OpenBSd on it to run on a Soekris. >> >> # dmesg | grep sd0 >> sd0 at scsibus5 targ 1 lun 0: <Generic-, Multi-Card, 1.00> SCSI4 >> 0/direct removable serial.0bda0309201209010309 >> sd0: 123MB, 512 bytes/sector, 251904 sectors >> >> # disklabel sd0 >> # /dev/rsd0c: >> type: SCSI >> disk: vnd-a43c9e59 >> label: >> duid: 770fe5cc30020c20 >> flags: >> bytes/sector: 512 >> sectors/track: 63 >> tracks/cylinder: 255 >> sectors/cylinder: 16065 >> cylinders: 15 >> total sectors: 251904 >> boundstart: 0 >> boundend: 0 >> drivedata: 0 > > > http://marc.info/?l=openbsd-misc=105156642420865=2 > The math doesn't add up. > >> 3 partitions: >> #size offset fstype [fsize bsize cpg] >>a: 251840 64 4.2BSD 1024 81920 >>c: 2519040 unused >> >> >> # fdisk sd0 >> Disk: sd0 geometry: 15/255/63 [251904 Sectors] >> Offset: 0 Signature: 0xAA55 >> Starting Ending LBA Info: >> #: id C H S - C H S [ start:size ] >> >> --- >> 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] >> unused >> 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] >> unused >> 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] >> unused >> *3: A6 0 1 2 - 14 254 63 [ 64: 240911 ] >> OpenBSD >> >> >> # newfs -S 512 /dev/rsd0a >> /dev/rsd0a: 123.0MB in 251840 sectors of 512 bytes >> 4 cylinder groups of 30.74MB, 3935 blocks, 7872 inodes each >> newfs: wtfs: write error on block 16: Input/output error > > Have you tried: > #newfs /dev/rsd0a > > I've done a few flashcards and never had to use anything but the default. > > >> >> I tried 3 other 128MB flashcards, and a 32MB too, same results. >> >> Any help will be highly appreciated, and if you need any additional info >> too. >> >> >> >> Thanks >> Monah
Trying to newfs an old 128 compactflash
Hi all, Trying to newfs an old 128MB flashcard on my OpenBSD 5.7, so I can install OpenBSd on it to run on a Soekris. # dmesg | grep sd0 sd0 at scsibus5 targ 1 lun 0:SCSI4 0/direct removable serial.0bda0309201209010309 sd0: 123MB, 512 bytes/sector, 251904 sectors # disklabel sd0 # /dev/rsd0c: type: SCSI disk: vnd-a43c9e59 label: duid: 770fe5cc30020c20 flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 15 total sectors: 251904 boundstart: 0 boundend: 0 drivedata: 0 3 partitions: #size offset fstype [fsize bsize cpg] a: 251840 64 4.2BSD 1024 81920 c: 2519040 unused # fdisk sd0 Disk: sd0 geometry: 15/255/63 [251904 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] --- 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused *3: A6 0 1 2 - 14 254 63 [ 64: 240911 ] OpenBSD # newfs -S 512 /dev/rsd0a /dev/rsd0a: 123.0MB in 251840 sectors of 512 bytes 4 cylinder groups of 30.74MB, 3935 blocks, 7872 inodes each newfs: wtfs: write error on block 16: Input/output error I tried 3 other 128MB flashcards, and a 32MB too, same results. Any help will be highly appreciated, and if you need any additional info too. Thanks Monah
Patching OpenBSD 5.7
Hi All, I upgraded my server from 5.6 to 5.7 using the bsd.rd, all was successful. OpenBSD 5.7 (GENERIC) #738: Sun Mar 8 10:59:31 MDT 2015 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz (GenuineIntel 686-class) 3.60 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,NXE,PAGE1GB,LONG,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS real mem = 267862016 (255MB) avail mem = 251109376 (239MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: date 07/31/13, BIOS32 rev. 0 @ 0xfd780, SMBIOS rev. 2.4 @ 0xe0010 (364 entries) bios0: vendor Phoenix Technologies LTD version 6.00 date 07/31/2013 bios0: VMware, Inc. VMware Virtual Platform acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP BOOT APIC MCFG SRAT HPET WAET acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) S10F(S3) S11F(S3) S12F(S3) S13F(S3) [...] I went and downloaded http://ftp.openbsd.org/pub/OpenBSD/patches/5.7.tar.gz so I can patch it. Followed the instruction per the OpenBSD site Apply patch using: signify -Vep /etc/signify/openbsd-57-base.pub -x 003_openssl.patch.sig \ -m - | (cd /usr/src patch -p0) Then build and install libcrypto and libssl cd /usr/src/lib/libcrypto/crypto make obj (Success) make SNIP cc -O2 -pipe -g -Wall -Werror -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_FUNOPEN -DLIBRESSL_INTERNAL -DTERMIOS -DOPENSSL_NO_HW_PADLOCK -I/usr/src/lib/libcrypto/crypto/../../libssl/src -I/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto -I/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/modes -I/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1 -I/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/evp -I/usr/src/lib/libcrypto/crypto/obj -DAES_ASM -DVPAES_ASM -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DMD5_ASM -DGHASH_ASM -DRMD160_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DWHIRLPOOL_ASM -DOPENSSL_CPUID_OBJ -c /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/a_time.c -o a_time.o cc1: warnings being treated as errors /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/a_time.c:88: warning: return type defaults to 'int' /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/a_time.c: In function 'IMPLEMENT_ASN1_FUNCTIONS': /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/a_time.c:90: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/a_time.c:96: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/a_time.c:116: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/a_time.c:127: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/a_time.c:164: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/a_time.c:185: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/a_time.c:74: error: parameter name omitted /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/a_time.c:204: error: expected '{' at end of input *** Error 1 in /usr/src/lib/libcrypto/crypto (bsd.lib.mk:40 'a_time.o': @cc -O2 -pipe -g -Wall -Werror -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_F...) Any guidance will be greatly appreciated. Thank you Monah
Re: tools for monitoring network traffic
I use Bro and Argus http://qosient.com/argus/ http://bro.org On Fri, Sep 19, 2014 at 9:10 AM, Markus Rosjat ros...@ghweb.de wrote: Hello, just a simple question with a properbly more complicated answer. Are there tools out there to simply monitor the network traffic for a webserver so you get information about which domain caused which traffic over a week or a day? I know I could go and reinvent the wheel by using pf and other tools but since Im a lazy guy I want to look for a solution that is already out there. Thx for the help :) Regards -- Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Squid + OpenBSD 5.4 and 5.5
Hi all, Using ./configure --prefix=/usr/local/squid --with-filedescriptors=32768 --enable-snmp --with-large-files I installed OpenBSD 5.4 on a vmware workstation and squid 3.4.5, works fine. However, OpenBSD 5.5 on both vmware workstation and on a SPARC64 T5220, I get the following error running make, po -c -o client_side.o client_side.cc mv -f $depbase.Tpo $depbase.Po depbase=`echo client_side_reply.o | sed 's|[^/]*$|.deps/|;s|\.o$||'`; g++ -DHAVE_CONFIG_H -DDEFAULT_CONFIG_FILE=\/usr/ local/squid/etc/squid.conf\ -DDEFAULT_SQUID_DATA_DIR=\/usr/local/squid/share\ -DDEFAULT_SQUID_CONFIG_DIR=\/usr/local/squid/etc\ -I.. -I../include -I../lib -I../src -I../include -I/usr/include/kerberosV -I/usr/include/kerberosV -I../libltdl -I../src -I../libltdl -I/usr/include/kerberosV -I/usr/include/kerberosV -I/usr/include/kerberosV -I/usr/include/kerberosV -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT -g -O2 -MT client_side_reply.o -MD -MP -MF $depbase.Tpo -c -o client_side_reply.o client_side_reply.cc mv -f $depbase.Tpo $depbase.Po cc1plus: warnings being treated as errors client_side_reply.cc: In member function 'void clientReplyContext::buildReplyHeader()': client_side_reply.cc:1326: warning: format '%ld' expects type 'long int', but argument 4 has type 'long long int' *** Error 1 in src (Makefile:6970 'client_side_reply.o') *** Error 1 in src (Makefile:7116 'all-recursive') *** Error 1 in src (Makefile:6036 'all') *** Error 1 in /home/mbaki/squid-3.4.5 (Makefile:587 'all-recursive') Is this a squid issue??? Thanks
New install
Hi all, I just installed OpenBSD 5.5 on a sparc64 $ uname -a OpenBSD test.home 5.5 GENERIC.MP#173 sparc64 I then issued the following commands: cd /usr/ export CVSROOT=anon...@anoncvs.openbsd.org:/cvs cvs -d$CVSROOT up -rOPENBSD_5_5 -Pd Couple of hours later: cvs server: Updating libexec U libexec/Makefile U libexec/Makefile.inc cvs server: Updating libexec/atrun cvs [update aborted]: could not chdir to libexec/comsat: Not a directory cd /usr/libexec ls -la $ ls -la total 5416 drwxr-xr-x 10 root wheel1536 Jun 8 11:48 . drwxr-xr-x 24 root wheel 512 Jun 8 12:33 .. drwxr-xr-x 2 root wheel 512 Jun 8 11:48 CVS -rw-r--r-- 1 root wheel 598 Dec 4 2013 Makefile -rw-r--r-- 1 root wheel 87 Jan 28 2001 Makefile.inc drwxr-xr-x 3 root wheel 512 Jun 8 11:48 atrun drwxr-x--- 2 root auth 512 Mar 4 16:03 auth -r-xr-xr-x 1 root bin 16824 Mar 4 16:03 comsat -r-xr-xr-x 1 root bin217864 Mar 4 16:05 cpp drwxr-xr-x 3 root wheel 512 Mar 4 16:05 cvs Thanks
Thank you thank you thank you
# dmesg console is /virtual-devices@100/console@1 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2014 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 5.5 (GENERIC.MP) #173: Tue Mar 4 14:47:47 MST 2014 dera...@sparc64.openbsd.org:/usr/src/sys/arch/sparc64/compile/GENERIC.MP real mem = 17045651456 (16256MB) avail mem = 16759693312 (15983MB) mainbus0 at root: SPARC Enterprise T5220 cpu0 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu1 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu2 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu3 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu4 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu5 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu6 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu7 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu8 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu9 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu10 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu11 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu12 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu13 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu14 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu15 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu16 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu17 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu18 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu19 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu20 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu21 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu22 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu23 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu24 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu25 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu26 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu27 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu28 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu29 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu30 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz cpu31 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
DNS Proxy
Hi all, I'm running OpenBSD 5.2 with squid for a friend who owns an ISP outside the U.S and uses my OpenBSD squid proxy to access netflix. I've been told this can be also accomplished via DNS Proxy. Is it true? If yes which one do you recommend? Thanks
Re: www.openbsd.org down?
Can't access from Washington DC On Tue, Jun 25, 2013 at 6:53 AM, Nenhum_de_Nos math...@eternamente.infowrote: On Tue, June 25, 2013 06:56, Yusof Khalid - FreeBSD / OpenBSD wrote: Yeah can't access from here (Kuala Lumpur, MY) Can't access from Brazil. matheus -- We will call you Cygnus, The God of balance you shall be A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? http://en.wikipedia.org/wiki/Posting_style
pf log question
Hi all, Using tcpdump -i pflog0 Jun 24 10:54:01.209701 rule 14/(match) pass in on tun0 Is there a way to display what's rule 14? Thank you BSD Networking, Microsoft Notworking
Re: pf log question
Thanks all for all the help. Reason I was asking is I have this strange issue. First my pf.conf (sniped) is: + int_if=xl0 ext_if=xl1 external_addr=tun0 tcp_services = { 22, 25, 53, 80, 110, 143, 443, 554, 6667, 1220, 1863, \ 3128, 5060, 5061, 5190, 6667, 8000, 8021, 8080, 8085, 9090, 1 } udp_services = { 53, 113 } set loginterface $external_addr set loginterface $ext_if # set block-policy drop scrub in all nat-anchor ftp-proxy/* rdr-anchor ftp-proxy/* pass quick on lo0 all block in log pass out keep state antispoof quick for { lo $int_if } pass out quick on $int_if proto tcp from any to $mail_srvr port 25 pass log quick on $external_addr pass quick on $ext_if ++ If I change pass log quick on $external_addr to pass in log quick on $external_addr from any to any port $tcp_services, I can no longer receive email from certain domains (gmail.com, guru.com and customers). However I can receive email from my work and from hotmail. When I issue the tcpdump -i pflog, I do not see any (block), but I do not receive the mails at all. Couple of days, google responds with: timeout after EHLO from yw-out-1718.google.com[74.125.46.157] and timeout after EHLO from mail3.guru.com[216.151.125.108] If I switch back to pass log quick on $external_addr everything works. I'm using OpenBSD3.9 with PPPoE. On Tue, Jun 24, 2008 at 11:06:04AM -0400, Monah Baki wrote: | Hi all, | | Using tcpdump -i pflog0 | | Jun 24 10:54:01.209701 rule 14/(match) pass in on tun0 | | Is there a way to display what's rule 14? BSD Networking, Microsoft Notworking
Buying 4.2 CD
Why the 4.2 CD set is missing in https://https.openbsd.org/cgi-bin/order Thank you BSD Networking, Microsoft Notworking
rdr to squid proxy with authentication
Hi all, I implemented the following rule and so far I can see that all users are accessing my proxy server Tried the following in /etc/inetd.conf 127.0.0.1:5000 stream tcp nowait nobody /usr/bin/nc nc -w \ 20 192.168.3.106 8080 rdr on $int_if proto tcp from $int_net to $ext_if port 80 - \ 127.0.0.1 port 5000 But I have one question, my proxy requires authentication before browsing, how can I have the firewall also authenticate, because if I disable on the squid proxy authentication, it works. If I enable it, all sites I try to visit comes up with a page that I need authentication first to use the proxy. Thanks BSD Networking, Microsoft Notworking
RDR question
Hi all, I'm running OpenBSD on a soekris box 4.3 current. sis0=192.168.3.32 sis1=192.168.2.1 I have a proxy server IP address 192.168.3.106 I want a rule to have all users on the .2 network to go thru the proxy. Tried the following in /etc/inetd.conf 127.0.0.1:5000 stream tcp nowait nobody /usr/bin/nc nc -w \ 20 192.168.3.106 8080 rdr on $int_if proto tcp from $int_net to $ext_if port 80 - \ 127.0.0.1 port 5000 I can access websites but thing is the proxy server is running dans guardian on 8080 and I do not see a denied page when I access unwanted sites. Thanks BSD Networking, Microsoft Notworking
Re: RDR question
Hi, It did not work, I get a blank page on all URL's. Here's my pf.conf real basic. ext_if=sis0 int_if=sis1 #table spamd-white persist set skip on lo #scrub in nat-anchor ftp-proxy/* rdr-anchor ftp-proxy/* #rdr-anchor relayd/* nat on $ext_if from $int_if:network to any - $ext_if # rdr pass on $ext_if proto tcp to port 80 - 192.168.3.106 port 8080 rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021 rdr on $ext_if proto tcp from 192.168.2.0/24 to any port 80 - \ 127.0.0.1 port 5000 rdr on $ext_if proto tcp from any to $ext_if - 192.168.3.106 port 8080 #no rdr on $ext_if proto tcp from spamd-white to any port smtp #rdr pass on $ext_if proto tcp from any to any port smtp \ # - 127.0.0.1 port spamd anchor ftp-proxy/* # block all pass out Thanks On Apr 13, 2008, at 1:59 PM, Dorian B|ttner wrote: Monah Baki schrieb: rdr on $int_if proto tcp from $int_net to $ext_if port 80 - \ 127.0.0.1 port 5000 unless you host the unwanted sites on $ext_if, you may try to any instead and let us know? BSD Networking, Microsoft Notworking
openbsd 3.9 and httpd-2.2.6
Hi all, I'm trying to install httpd-2.2.6 on my openbsd 3.9 from source. I get the following error when I run make Making all in support make[1]: Entering directory `/export/home/mbaki/httpd-2.2.6/support' make[2]: Entering directory `/export/home/mbaki/httpd-2.2.6/support' /usr/local/apr/build-1/libtool --silent --mode=link gcc -g -O2 -pthread -o htpasswd htpasswd.lo -lm /export/home/mbaki/httpd-2.2.6/srclib/pcre/libpcre.la /usr/local/apr/lib/libaprutil-1.la -lexpat -liconv /usr/local/apr/lib/libapr-1.la -lpthread /usr/bin/ld: cannot find -lexpat collect2: ld returned 1 exit status make[2]: *** [htpasswd] Error 1 make[2]: Leaving directory `/export/home/mbaki/httpd-2.2.6/support' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/export/home/mbaki/httpd-2.2.6/support' make: *** [all-recursive] Error 1 Thanks BSD Networking, Microsoft Notworking
OpenBSD 3.9 and Httpd-2.2.6 compile error
Hi All, I'm compiling httpd with the following: ./configure --prefix=/usr/local/apache2 --enable-ssl --enable-dav --enable-dav-fs --enable-vhost-alias --enable-rewrite --enable-so When I run make I get the following error: Making all in support make[1]: Entering directory `/export/home/mbaki/httpd-2.2.6/support' make[2]: Entering directory `/export/home/mbaki/httpd-2.2.6/support' /usr/local/apr/build-1/libtool --silent --mode=compile gcc -g -O2 -pthread -D_POSIX_THREADS-I/export/home/mbaki/httpd-2.2.6/srclib/pcre -I. -I/export/home/mbaki/httpd-2.2.6/os/unix -I/export/home/mbaki/httpd-2.2.6/server/mpm/prefork -I/export/home/mbaki/httpd-2.2.6/modules/http -I/export/home/mbaki/httpd-2.2.6/modules/filters -I/export/home/mbaki/httpd-2.2.6/modules/proxy -I/export/home/mbaki/httpd-2.2.6/include -I/export/home/mbaki/httpd-2.2.6/modules/generators -I/export/home/mbaki/httpd-2.2.6/modules/mappers -I/export/home/mbaki/httpd-2.2.6/modules/database -I/usr/local/apr/include/apr-1 -I/usr/local/include -I/export/home/mbaki/httpd-2.2.6/modules/proxy/../generators -I/export/home/mbaki/httpd-2.2.6/modules/ssl -I/export/home/mbaki/httpd-2.2.6/modules/dav/main -prefer-non-pic -static -c htpasswd.c touch htpasswd.lo /usr/local/apr/build-1/libtool --silent --mode=link gcc -g -O2 -pthread -o htpasswd htpasswd.lo -lm /export/home/mbaki/httpd-2.2.6/srclib/pcre/libpcre.la /usr/local/apr/lib/libaprutil-1.la -lexpat -liconv /usr/local/apr/lib/libapr-1.la -lpthread /usr/bin/ld: cannot find -lexpat collect2: ld returned 1 exit status make[2]: *** [htpasswd] Error 1 make[2]: Leaving directory `/export/home/mbaki/httpd-2.2.6/support' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/export/home/mbaki/httpd-2.2.6/support' make: *** [all-recursive] Error 1 Thanks
PPP problems
Hi All, I'm running PPP on OpenBSD 3.9, machine runs great for 3-4 weeks and then disconnects then I have to restart PPP for it to work. Is this normal, is there a way to keep it up indefinitely? Thanks BSD Networking, Microsoft Notworking
PF Rule
Hi all, Is there a way to write a single rule to cover these 2 rules: no nat on $ext_if inet proto tcp from 192.168.3.204 to any nat on $ext_if from 192.168.3.0/24 to any - $ext_if Thanks BSD Networking, Microsoft Notworking
NAT Question
Hi all, Yesterday I just received 8 public IP addresses from my ISP. I'm running ppp on my OpenBSD 3.9 server (DSL). My xl0 has the public IP address (67.100.x.x) provided to me by my ISP, my xl1 interface is my 192.168.3.1 Once I run /usr/sbin/ppp -ddial pppoe, my tun0 gets created If I issue a netstat -an, I see the 5 other public IP addresses given to me. Now I have 4 other machines behind the OBSD box, in the 192.168.3.x IP range. My NAT rule is: nat on xl1 from 192.168.3.0/24 to any - xl0 Now if I were to assign the gateway on my internal hosts the IP address of xl1 on my BSD box, I can't seem to access the internet. Now if I were to assign one of the public interfaces on one of the internal machines, and the gateway is the IP address of xl0 on my BSD box, it works fine. Hope this makes sense, cause I'm completely lost as to why something that was working on a single IP, I introduced 8 other IP's and it does not work anymore. Nothing has changed in my pf.rule file, only the new 8 IP addresses. Thank you BSD Networking, Microsoft Notworking
CPAN error
Hi all, Yesterday I installed Openbsd3.9 and wanted to install Digest::SHA1 using CPAN I get an error complaining the MD5 checksum is incorrect and to delete it from /root/.cpan../../etc etc (which I did). This happens with other modules too. I can download the modules manually and run perl Makefile.pl, make make install, but was wandering why I'm having this problem. Thanks BSD Networking, Microsoft Notworking
Question
Hi all, I'm hoping I'm wording this correctly. Is there any software available for OpenBSD that will permit me to redirect a packet based on a certain string in the packet?. For example if someone where to telnet to my server (userid foo), server should redirect that packet based on the string foo to a syslog server. Sort of like patch-o-matic for linux. BSD Networking, Microsoft Notworking
latest sendmail patch
Hi all, I'm trying to apply the latest patch for sendmail and on my make, I get the following error: cc -O2 -pipe -DSTARTTLS -DMILTER -DFAST_PID_RECYCLE -D_FFR_USE_SETLOGIN -DSM_OMIT_BOGUS_WARNINGS -DNEWDB -DMAP_REGEX -DNETINET6 -DNEEDSGETIPNODE -DSM_CONF_SHM -DNIS -DTCPWRAPPERS -I/usr/src/gnu/usr.sbin/sendmail/sendmail/../sendmail -I/usr/src/gnu/usr.sbin/sendmail/sendmail/../include -c /usr/src/gnu/usr.sbin/sendmail/sendmail/deliver.c /usr/src/gnu/usr.sbin/sendmail/sendmail/deliver.c: In function `deliver': /usr/src/gnu/usr.sbin/sendmail/sendmail/deliver.c:3269: error: syntax error before '' token /usr/src/gnu/usr.sbin/sendmail/sendmail/deliver.c:3286: error: syntax error before '==' token /usr/src/gnu/usr.sbin/sendmail/sendmail/deliver.c:3294: error: syntax error before '' token /usr/src/gnu/usr.sbin/sendmail/sendmail/deliver.c:3430: confused by earlier errors, bailing out *** Error code 1 Stop in /usr/src/gnu/usr.sbin/sendmail/sendmail. *** Error code 1 Stop in /usr/src/gnu/usr.sbin/sendmail. Partial dmesg OpenBSD 3.9-current (GENERIC) #685: Mon Apr 10 14:00:41 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache) 349 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MM X,FXSR real mem = 536444928 (523872K) avail mem = 482459648 (471152K) Thank you BSD Networking, Microsoft Notworking
OpenBSD 3.8+Mysql 5.0.16
Hi all, I'm installing mysql from source. I know this is an error that has been posted several times: # /usr/local/mysql/bin/mysql -V /usr/local/mysql/bin/mysql: can't load library '../libmysql/.libs/libmysqlclient.so.15.0' # cd /usr/local/mysql/bin # ./mysql -V # ./mysql Ver 14.12 Distrib 5.0.16, for unknown-openbsd3.8 (i386) using EditLine wrapper If I vi the mysql file in /usr/local/mysql/bin: SNIP. @[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@ [EMAIL PROTECTED]/libmysql/.libs/[EMAIL PROTECTED]@mysql_field_count SNIP. Does this mean libmysqlclient.so.15.0 is hardcoded and won't work unless you're in the /usr/local/mysql/bin directory. It works fine as long as long as you start the commands in the /usr/local/mysql/bin directory, if you change directory then you get the error. Thank you
Re: Carp scp loosing connection
Solved it, had to switch pass in quick on $int_if all pass out quick on $int_if all to pass in quick on $int_if all keep state pass out quick on $int_if all keep state On Fri, 21 Oct 2005 16:37:54 -0400, Monah Baki wrote Sorry all it's a Soekris net4801 Thank you On Fri, 21 Oct 2005 13:47:05 -0400, Monah Baki wrote Hi all, I have 2 Rasta 4801 (3.7 current) as a master and backup carp. One solaris 10 server is behind them. When I try to scp a 600MB file from 1 solaris server outside the network to the solaris server behind the net4801, I get network error: connection reset by peer error. If I halt the master carp and the backup becomes master, no problem all 600MB gets transfered. I then went ahead and deleted the file and rebooted the the master, the current Master switched to backup, and I did the copy a network error: connection reset by peer showed up. My pf.conf file on both machines are identical. Thank you. /etc/pf.conf - ext_if=sis0 int_if=sis1 ext_net=104.83.19.0/24 int_net=172.16.0.0/24 carp5=carp5 ross=172.16.0.3 ross_int_webzone=172.16.0.4 tcp_services={22, 80} dns_services={53} set timeout interval 10 set timeout frag 30 set block-policy return set loginterface sis0 set skip on lo0 # scrub in all nat on $ext_if from $int_net to any - $ext_if static-port rdr on $ext_if proto tcp from any to $carp5 port 22 - $ross_int_webzone port 22 # Deny all packets block in on sis0 all pass in quick on $int_if all pass out quick on $int_if all pass in quick on $ext_if inet proto tcp from any to any port $tcp_services flags S/SA keep state pass out quick on $ext_if inet proto tcp from any to any port $tcp_services flags S/SA keep state pass in quick on $carp5 inet proto tcp from any to any port $tcp_services keep state pass out quick on $carp5 inet proto tcp from any to any port $tcp_services keep state pass quick on lo0 all pass quick on { sis2 } proto pfsync pass in quick on { sis0 sis1 } proto carp keep state # Filter rules for sis0 outbound block out on sis0 all # pass in all # pass out all My master carp has the following: - ifconfig carp5 create ifconfig carp5 vhid 5 carpdev sis0 pass netpasswd advskew 0 104.83.19.244 netmask 255.255.255.0 My backup carp has the following: - ifconfig carp5 create ifconfig carp5 vhid 5 carpdev sis0 pass netpasswd advskew 128 104.83.19.244 netmask 255.255.255.0
Email problems
Hi all, Until 4 days ago, I no longer receive email on my server. I thought it was my provider (cox) since they block inbound and outbound smtp. When I send email from the outside, nothing shows up in my /var/mail/maillog, I then get an email 3 days later connection timed out with my server. If I send locally to verify pop and imap os working, no problem what so ever. If I telnet from the outside to my server on port 110 143, $ telnet whywire.com 110 Trying 68.227.194.65... Connected to whywire.com. Escape character is '^]'. +OK quit +OK Connection closed by foreign host. $ telnet whywire.com 143 Trying 68.227.194.65... Connected to whywire.com. Escape character is '^]'. * OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS AUTH=LOGIN] marvin.whywire.com IMAP4rev1 2004.357 at Sun, 23 Oct 2005 14:12:08 -0400 (EDT) This problem started 4 days ago and I didn't apply any modification on the server. What else can I look for? Thank you.
Carp scp loosing connection
Hi all, I have 2 Rasta 4801 (3.7 current) as a master and backup carp. One solaris 10 server is behind them. When I try to scp a 600MB file from 1 solaris server outside the network to the solaris server behind the net4801, I get network error: connection reset by peer error. If I halt the master carp and the backup becomes master, no problem all 600MB gets transfered. I then went ahead and deleted the file and rebooted the the master, the current Master switched to backup, and I did the copy a network error: connection reset by peer showed up. My pf.conf file on both machines are identical. Thank you. /etc/pf.conf - ext_if=sis0 int_if=sis1 ext_net=104.83.19.0/24 int_net=172.16.0.0/24 carp5=carp5 ross=172.16.0.3 ross_int_webzone=172.16.0.4 tcp_services={22, 80} dns_services={53} set timeout interval 10 set timeout frag 30 set block-policy return set loginterface sis0 set skip on lo0 # scrub in all nat on $ext_if from $int_net to any - $ext_if static-port rdr on $ext_if proto tcp from any to $carp5 port 22 - $ross_int_webzone port 22 # Deny all packets block in on sis0 all pass in quick on $int_if all pass out quick on $int_if all pass in quick on $ext_if inet proto tcp from any to any port $tcp_services flags S/SA keep state pass out quick on $ext_if inet proto tcp from any to any port $tcp_services flags S/SA keep state pass in quick on $carp5 inet proto tcp from any to any port $tcp_services keep state pass out quick on $carp5 inet proto tcp from any to any port $tcp_services keep state pass quick on lo0 all pass quick on { sis2 } proto pfsync pass in quick on { sis0 sis1 } proto carp keep state # Filter rules for sis0 outbound block out on sis0 all # pass in all # pass out all My master carp has the following: - ifconfig carp5 create ifconfig carp5 vhid 5 carpdev sis0 pass netpasswd advskew 0 104.83.19.244 netmask 255.255.255.0 My backup carp has the following: - ifconfig carp5 create ifconfig carp5 vhid 5 carpdev sis0 pass netpasswd advskew 128 104.83.19.244 netmask 255.255.255.0
Carp scp loosing connection
Hi all, I have 2 Rasta 4801 (3.7 current) as a master and backup carp. One solaris 10 server is behind them. When I try to scp a 600MB file from 1 solaris server outside the network to the solaris server behind the net4801, I get network error: connection reset by peer error. If I halt the master carp and the backup becomes master, no problem all 600MB gets transfered. If I also halt the backup and the master is running by itself, no problem either. I then went ahead and deleted the file and rebooted the the master, the current Master switched to backup, and I did the copy a network error: connection reset by peer showed up. So far its a either this or that running but not both, I'm completely lost here. My pf.conf file on both machines are identical. Thank you. /etc/pf.conf - ext_if=sis0 int_if=sis1 ext_net=104.83.19.0/24 int_net=172.16.0.0/24 carp5=carp5 ross=172.16.0.3 ross_int_webzone=172.16.0.4 tcp_services={22, 80} dns_services={53} set timeout interval 10 set timeout frag 30 set block-policy return set loginterface sis0 set skip on lo0 # scrub in all nat on $ext_if from $int_net to any - $ext_if static-port rdr on $ext_if proto tcp from any to $carp5 port 22 - $ross_int_webzone port 22 # Deny all packets block in on sis0 all pass in quick on $int_if all pass out quick on $int_if all pass in quick on $ext_if inet proto tcp from any to any port $tcp_services flags S/SA keep state pass out quick on $ext_if inet proto tcp from any to any port $tcp_services flags S/SA keep state pass in quick on $carp5 inet proto tcp from any to any port $tcp_services keep state pass out quick on $carp5 inet proto tcp from any to any port $tcp_services keep state pass quick on lo0 all pass quick on { sis2 } proto pfsync pass in quick on { sis0 sis1 } proto carp keep state # Filter rules for sis0 outbound block out on sis0 all # pass in all # pass out all My master carp has the following: - ifconfig carp5 create ifconfig carp5 vhid 5 carpdev sis0 pass netpasswd advskew 0 104.83.19.244 netmask 255.255.255.0 My backup carp has the following: - ifconfig carp5 create ifconfig carp5 vhid 5 carpdev sis0 pass netpasswd advskew 128 104.83.19.244 netmask 255.255.255.0
Fw: Carp scp loosing connection
Sorry all a soekris 4801 not rasta, my mistake. Hi all, I have 2 Rasta 4801 (3.7 current) as a master and backup carp. One solaris 10 server is behind them. When I try to scp a 600MB file from 1 solaris server outside the network to the solaris server behind the net4801, I get network error: connection reset by peer error. If I halt the master carp and the backup becomes master, no problem all 600MB gets transfered. If I also halt the backup and the master is running by itself, no problem either. I then went ahead and deleted the file and rebooted the the master, the current Master switched to backup, and I did the copy a network error: connection reset by peer showed up. So far its a either this or that running but not both, I'm completely lost here. My pf.conf file on both machines are identical. Thank you. /etc/pf.conf - ext_if=sis0 int_if=sis1 ext_net=104.83.19.0/24 int_net=172.16.0.0/24 carp5=carp5 ross=172.16.0.3 ross_int_webzone=172.16.0.4 tcp_services={22, 80} dns_services={53} set timeout interval 10 set timeout frag 30 set block-policy return set loginterface sis0 set skip on lo0 # scrub in all nat on $ext_if from $int_net to any - $ext_if static-port rdr on $ext_if proto tcp from any to $carp5 port 22 - $ross_int_webzone port 22 # Deny all packets block in on sis0 all pass in quick on $int_if all pass out quick on $int_if all pass in quick on $ext_if inet proto tcp from any to any port $tcp_services flags S/SA keep state pass out quick on $ext_if inet proto tcp from any to any port $tcp_services flags S/SA keep state pass in quick on $carp5 inet proto tcp from any to any port $tcp_services keep state pass out quick on $carp5 inet proto tcp from any to any port $tcp_services keep state pass quick on lo0 all pass quick on { sis2 } proto pfsync pass in quick on { sis0 sis1 } proto carp keep state # Filter rules for sis0 outbound block out on sis0 all # pass in all # pass out all My master carp has the following: - ifconfig carp5 create ifconfig carp5 vhid 5 carpdev sis0 pass netpasswd advskew 0 104.83.19.244 netmask 255.255.255.0 My backup carp has the following: - ifconfig carp5 create ifconfig carp5 vhid 5 carpdev sis0 pass netpasswd advskew 128 104.83.19.244 netmask 255.255.255.0 --- End of Forwarded Message ---
Pf rule for carp and round-robin
Hi all, I'm having problems implementing round-robin on a carp interface. The rule that I have is rdr on $ext_if proto tcp from any to $carp5 port 80 \ - { $web_srvr1, $web_srvr2 } round-robin sticky-address Does this look correct?, it works if I remove: { $web_srvr1, $web_srvr2 } round-robin sticky-address and just have $web_srvr1 or $web_srvr2, but not both. ext_if is 133.85.19.240 my public IP address. carp5 is 133.85.19.244 Thank you
Stupid Carp question
Hi all, Implementing carp, I have 2 net4801's that seem to be synchronizing, when I do a ifconfig -a on the secondary I see carp0 on the slave becomes Master when the primary goes down. The internal machines are working fine accessing the internet and all. The pf.conf rule has the 2 rules: pass quick on { sis2 } proto pfsync pass on { sis0 sis1 } proto carp keep state However when I physiclly remove the ethernet cable from sis0 on the master, the internal machine cannot access the net anymore. Do I need to copy the pf.conf from the master to the scondary unit, have them both identical Thank you
round-robin question
Hi all, On my openbsd 3.7 bridge, I have the following rule: rdr on $int_if proto tcp from any to any port 80 - { 144.183.17.82, 144.183.17.84 } round-robin If I login to a computer it access servers one webpage, if I move to another computer, it access the seconds server webpage. However, I can't seem to access the other server from the same computer, it always directs me to the same server webpage. Am I missing something or this is the way round-robin works. Thank you
Re: sguil and OpenBSD
Those are the steps that I took to install sguil on 3.7. This installation assumes server, sensor and database is on 1 host. install Openbsd 3.7 / 2GB swap 2GB /var 5GB /usr 20GB /nsm (remainding) System name: idssrvr Domain: xxx.com IP: 10.1.1.82/24 DNS Server: 68.100.16.25 GW: 10.1.1.1 Install src and ports to /usr/src and /usr respectively add users sguil, mysql and (generic id, to login) add the generic user to group wheel Default password for all is welcome mkdir /usr/local/src cd /usr/ports/net/wget make install cd /usr/ports/net/libnet make install pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/3.7/packages/i386/mysql-server-4.0.23p1.tgz /usr/local/bin/mysql_install_db --user=mysql /usr/local/bin/mysqld_safe --user=mysql /usr/local/bin/mysqladmin -u root password 'welcome' /usr/local/bin/mysql -u root -pwelcome mysql CREATE DATABASE sguildb; Query OK, 1 row affected (0.00 sec) mysql GRANT ALL PRIVILEGES ON *.* TO [EMAIL PROTECTED] IDENTIFIED BY 'welcome' WITH GRANT OPTION; Query OK, 0 rows affected (0.00 sec) mysql GRANT ALL PRIVILEGES ON *.* TO [EMAIL PROTECTED] IDENTIFIED BY 'welcome' WITH GRANT OPTION; Query OK, 0 rows affected (0.00 sec) mysql \q cd /usr/local/src wget http://unc.dl.sourceforge.net/sourceforge/sguil/sguil-client-0.5.3.tar.gz wget http://unc.dl.sourceforge.net/sourceforge/sguil/sguil-server-0.5.3.tar.gz wget http://easynews.dl.sourceforge.net/sourceforge/sguil/sguil-sensor-0.5.3.tar.gz tar -xvzf sguil-client-0.5.3.tar.gz tar -xvzf sguil-server-0.5.3.tar.gz tar -xvzf sguil-sensor-0.5.3.tar.gz mv sguil-0.5.3 sguil cd sguil/server /usr/local/bin/mysql -u sguil -p -D sguildb ./sql_scripts/create_sguildb.sql Enter Password: welcome /usr/local/bin/mysql -u sguil -p -e show tables sguildb Enter password: welcome +---+ | Tables_in_sguildb | +---+ | data | | event | | history | | icmphdr | | nessus| | nessus_data | | portscan | | sancp | | sensor| | sessions | | status| | tcphdr| | udphdr| | user_info | | version | +---+ mkdir /etc/sguild cd /usr/local/src/sguil/server cp sguild.users sguild.conf sguild.queries sguild.access autocat.conf /etc/sguild cd /usr/local/src wget http://easynews.dl.sourceforge.net/sourceforge/tcl/tcl8.4.9-src.tar.gz wget http://easynews.dl.sourceforge.net/sourceforge/tcl/tk8.4.9-src.tar.gz wget http://easynews.dl.sourceforge.net/sourceforge/tcllib/tcllib-1.7.tar.gz wget http://internap.dl.sourceforge.net/sourceforge/tclx/tclx8.3.5-src.tar.gz wget http://www.xdobry.de/mysqltcl/mysqltcl-2.51.tar.gz wget http://easynews.dl.sourceforge.net/sourceforge/tls/tls1.5.0-src.tar.gz for i in *.gz; do tar xvzf $i;done cd /usr/local/src/tcl8.4.9/unix ./configure make make install cd /usr/local/src/tk8.4.9/unix ./configure make make install ln -s /usr/local/bin/tclsh8.4 /usr/local/bin/tclsh cd /usr/local/src/tcllib-1.7 ./configure make make install cd /usr/local/src/sancp-1.6.1 make cp sancp /usr/local/bin cd /usr/local/src/tclx8.3.5/unix ./configure make make install cd /usr/local/src/mysqltcl-2.51 ln -s /usr/local/lib/mysql/libmysqlclient.so.12.0 /usr/local/lib/libmysqlclient.so env CC=gcc ./configure --with-mysql-include=/usr/local/include/mysql --with-mysql-lib=/usr/ local/lib make make install cd /usr/local/src/tls1.5 ./configure --with-tcl=/usr/local/lib --with-tcl-include=/usr/local/include --with-ssl-dir=/usr make make install (FOR TESTING TO SEE IF IT WORKS) /usr/local/bin/tcl tclpackage require Tclx 8.3 tclpackage require mysqltcl 2.51 tclexit cd /usr/ports/security/p0f make install cd /usr/ports/net/tcpflow make install cd /usr/ports/devel/pcre make install vi /etc/sguild/sguild.conf # DataBase Info set DBNAME sguildb set DBPASS welcome set DBHOST localhost set DBPORT 3306 set DBUSER sguil set RULESDIR /nsm/ids/rules set LOCAL_LOG_DIR /nsm/ids/archive set TCPFLOW /usr/local/bin/tcpflow set P0F_PATH /usr/local/bin/p0f cd /usr/local/src wget http://www.snort.org/dl/current/snort-2.3.3.tar.gz wget http://www.snort.org/dl/barnyard/barnyard-0.2.0.tar.gz tar -xvzf snort-2.3.3.tar.gz mv snort-2.3.3 snort cd /usr/local/src/snort/src/preprocessors cp spp_portscan.c spp_portscan.c.bak cp spp_stream4.c spp_stream4.c.bak cp -r /usr/local/src/sguil/sensor/snort_mods/2_1/* . patch spp_portscan.c spp_portscan_sguil.patch cd ../.. ./configure --enable-flexresp make make install mkdir /etc/snort cp /usr/local/src/snort/etc/snort.conf /etc/snort cp /usr/local/src/sguil/sensor/sancp/sancp.conf /usr/local/etc/snort/ cd /usr/local/etc/snort vi sancp.conf The only element of the sancp.conf file requiring modification is the HOME_NET variable. Change the HOME_NET variable to reflect the network you wish to monitor. Using 0.0.0.0 appears to allow monitoring any network. In snort.conf you can disable rules so that