Re: openbsd.org down?

2020-04-13 Thread Monah Baki 
curl works
[ntis@fpc ~]$ curl https://www.openbsd.org



OpenBSD


https://www.openbsd.org/;>


  

IE works
firefox does not work

On Mon, Apr 13, 2020 at 8:25 AM infoomatic  wrote:

> not reachable for days now in Austria, Germany, Czech Republic
>
>
> On 13.04.20 11:01, SP2L Tom wrote:
> > Greetings.
> >
> >
> > It was and it is still up
> > At least, I can reach OpenBSD site.
> >
> >
> > Best regards.
> > Tom
> >
> > W 13 kwietnia 2020 10:23:18 Sebastien Marie  napisał:
> >
> >> On Mon, Apr 13, 2020 at 10:14:00AM +0300, Ilya Mitrukov wrote:
> >>> Hi,
> >>> flushing the caches doesn't help and it's still unavailable.
> >>>
> >>> Does anybody know where to report the issue?
> >>> (I'd look at openbsd.org but ... )
> >>
> >> I suppose there is one or two openbsd developers which follow this
> >> list. So they
> >> might already know.
> >>
> >> Thanks.
> >> --
> >> Sebastien Marie
> >
> >
> >
>
>

Re: Compiling Zeek 3.0.2 returns an error at final stage

2020-03-07 Thread Monah Baki 
>From the server if you curl a website, in zeek log current folder do you
see a http.log file, and after changing the interface did you zeekctl
deploy.

Thanks
Monah



On Sat, Mar 7, 2020 at 5:42 PM Carlos Lopez  wrote:

> Thanks Monah … But this is not the problem … interface configuration is
> correct …
>
>
>
> --
>
> Regards,
>
> C. L. Martinez
>
>
>
> *From: *Monah Baki 
> *Date: *Saturday, 7 March 2020 at 23:30
> *To: *Carlos Lopez 
> *Cc: *"misc@openbsd.org" 
> *Subject: *Re: Compiling Zeek 3.0.2 returns an error at final stage
>
>
>
> Hi Carlos,
>
>
>
> Check your node.cfg, the interface section
>
>
>
> [zeek]
> type=standalone
> host=localhost
> interface=eth0   <<<<<< might want to change it
>
>
>
> On Sat, Mar 7, 2020 at 5:01 PM Carlos Lopez  wrote:
>
> Many thanks for your answer Stuart ... Finally, I have compiled Zeek
> 3.0.3-dev.3 an all goes ok during compilation ... But zeek doesn't capture
> any packet ... and tcpdump works without problems and I can see all traffic
> ...
>
> --
> Regards,
> C. L. Martinez
>
> On 07/03/2020, 22:08, "owner-m...@openbsd.org on behalf of Stuart
> Henderson" 
> wrote:
>
> On 2020-03-07, Carlos Lopez  wrote:
> > Hi all,
> >
> >  I am trying to install Zeek 3.0.2 under OpenBSD 6.6 amd64 fully
> patched but compilation returns me the following error:
> >
> > [ 97%] Building C object src/CMakeFiles/zeek.dir/nb_dns.c.o
> > [ 97%] Linking CXX executable zeek
> > ld: error: unable to find library -llibbinpac.so.VERSION
> > c++: error: linker command failed with exit code 1 (use -v to see
> invocation)
> > *** Error 1 in build (src/CMakeFiles/zeek.dir/build.make:1826
> 'src/zeek')
> > *** Error 1 in build (CMakeFiles/Makefile2:1661
> 'src/CMakeFiles/zeek.dir/all')
> > *** Error 1 in build (Makefile:152 'all')
> > *** Error 1 in /root/builds/src/zeek-3.0.2 (Makefile:15 'all')
> >
> >  But libbinpac.so exists compiled under the source dirs.:
> >
> > root@obsd66:~/builds/src/zeek-3.0.2# find . -name "*binpac.so"
> > ./build/aux/binpac/lib/libbinpac.so
> > root@obsd66:~/builds/src/zeek-3.0.2
> >
> >  Any tip to solve this issue?
> >
>
> You're probably better off using the port. There is a fair chance that
> if you update *just* the net/bro directory (the port dir wasn't renamed
> but the package was) to -current that it will build, and if not, you'll
> be closer to getting it working.
>
> Or the easy option, update to -current, pkg_add zeek.
>
>
>

Re: Compiling Zeek 3.0.2 returns an error at final stage

2020-03-07 Thread Monah Baki 
Hi Carlos,

Check your node.cfg, the interface section

[zeek]
type=standalone
host=localhost
interface=eth0   << might want to change it

On Sat, Mar 7, 2020 at 5:01 PM Carlos Lopez  wrote:

> Many thanks for your answer Stuart ... Finally, I have compiled Zeek
> 3.0.3-dev.3 an all goes ok during compilation ... But zeek doesn't capture
> any packet ... and tcpdump works without problems and I can see all traffic
> ...
>
> --
> Regards,
> C. L. Martinez
>
> On 07/03/2020, 22:08, "owner-m...@openbsd.org on behalf of Stuart
> Henderson" 
> wrote:
>
> On 2020-03-07, Carlos Lopez  wrote:
> > Hi all,
> >
> >  I am trying to install Zeek 3.0.2 under OpenBSD 6.6 amd64 fully
> patched but compilation returns me the following error:
> >
> > [ 97%] Building C object src/CMakeFiles/zeek.dir/nb_dns.c.o
> > [ 97%] Linking CXX executable zeek
> > ld: error: unable to find library -llibbinpac.so.VERSION
> > c++: error: linker command failed with exit code 1 (use -v to see
> invocation)
> > *** Error 1 in build (src/CMakeFiles/zeek.dir/build.make:1826
> 'src/zeek')
> > *** Error 1 in build (CMakeFiles/Makefile2:1661
> 'src/CMakeFiles/zeek.dir/all')
> > *** Error 1 in build (Makefile:152 'all')
> > *** Error 1 in /root/builds/src/zeek-3.0.2 (Makefile:15 'all')
> >
> >  But libbinpac.so exists compiled under the source dirs.:
> >
> > root@obsd66:~/builds/src/zeek-3.0.2# find . -name "*binpac.so"
> > ./build/aux/binpac/lib/libbinpac.so
> > root@obsd66:~/builds/src/zeek-3.0.2
> >
> >  Any tip to solve this issue?
> >
>
> You're probably better off using the port. There is a fair chance that
> if you update *just* the net/bro directory (the port dir wasn't renamed
> but the package was) to -current that it will build, and if not, you'll
> be closer to getting it working.
>
> Or the easy option, update to -current, pkg_add zeek.
>
>
>
>

Re: OpenBSD on Soekris net4801

2019-05-22 Thread Monah Baki 
Have you tried

boot> stty com0 38400
boot> set tty com0



On Wed, May 22, 2019 at 2:14 PM Alberto Mijares  wrote:

> Hi guys,
>
> I'm new on this list. Greetings everyone.
>
> Here is my case:
>
> I installed OpenBSD on a 4GB Flash Card by attaching the card to a
> Bhyve VM as a "ahci-hd" custom drive. Then, booted the VM and disabled
> a few of services. Also disabled kernel and libs randomization, since
> it's not needed and the Soekris couldn't handle it. At the end, only
> sshd, syslogd and ntpd are starting and and 73MB or RAM remain free.
> Finally, I created a /etc/hostname.sis1 file with proper network
> configuration, since the device name in the VM is not the same of the
> interface of the Soekris.
>
> Now I should say: the serial console is not working for me, for some
> reason I cannot get it working. I see garbage in the screen with all
> possible combinations of speeds and other terminal configs.
>
> When I plug the CF in the Soekris, it won't boot properly. I think the
> kernel is loaded and hangs at some point. Can't tell where, as
> explained before. I know the boot is not finishing because I created a
> /etc/rc.local in it doesn't do anything.
>
> I tried to edit /etc/fstab and change sd disk interface for wd. Not
> working either.
>
> I also tried the bsd.rd but I'm not sure if I get a prompt or it also
> hangs.
>
> Ideally, I would boot the Soekris and wait for network initialization
> for connecting via SSH. Any suggestion?
>
> The only thing I haven't tried is the bsd.mp kernel, now that I think.
> I'll give it a try and will be waiting for your feedback in the
> meantime.
>
> Thanks in advance.
>
>
> Alberto Mijares
>
>

OpenBSD 6.3 syspatch

2019-04-07 Thread Monah Baki 
Hi all,

I am running OpenBSD 6.3 in AWS, and I want to run sysptach since
https://www.openbsd.org/errata63.html shows several patches exist.

So on the openbsd 6.3 server I ran the following;

uname -a displays OpenBSD ip-10-0-0-108.ec2.internal 6.3 GENERIC.MP#107
amd64

ip-10-0-0-108# syspatch -l
001_perl
002_libtls
003_arp
004_gif
005_httpd
006_ipseclen
007_libcrypto
008_ipsecout
009_libcrypto
010_intelfpu
011_perl
012_execsize
013_ipsecexpire
014_amdlfence
016_fpuinit
017_fpufork
018_vmml1tf

ip-10-0-0-108# syspatch -c
ip-10-0-0-108#


Why there was no results for fix 19-32 for 6.3.

Thanks
Monah

OpenBSD and letsencrypt in Amazon AWS

2018-09-09 Thread Monah Baki 
Hi All,

I have a OpenBSD 6.3 server in Amazon AWS, and I am trying to install from
ports letsencrypt. Install was running fine till I got a Fatal message
after it was done with the patching process

===>   Applying OpenBSD patch patch-setup_py
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--
|$OpenBSD: patch-setup_py,v 1.13 2017/11/05 06:33:45 jca Exp $
|Index: setup.py
|--- setup.py.orig
|+++ setup.py
--
Patching file setup.py using Plan A...
Hunk #1 succeeded at 35.
Hunk #2 succeeded at 461.
Hunk #3 succeeded at 791.
Hunk #4 succeeded at 929.
Hunk #5 succeeded at 999.
Hunk #6 succeeded at 1063.
Hunk #7 succeeded at 1086.
Hunk #8 succeeded at 1244.
Hunk #9 succeeded at 1853.
Hunk #10 succeeded at 1908.
Hunk #11 succeeded at 1951.
done
/usr/bin/perl /usr/ports/infrastructure/bin/pkg_subst -DMODTK_VERSION=8.5
-DMODTK_BIN=/usr/local/bin/wish8.5 -DMODTCL_VERSION=8.5
-DMODTCL_BIN=/usr/local/bin/tclsh8.5 -DLIBpython2.7_VERSION=0.0
-DMACHINE_ARCH=amd64 -DARCH=amd64 -DHOMEPAGE=http://www.python.org/
-D^PREFIX=/usr/local -D^SYSCONFDIR=/etc -DFLAVOR_EXT=
-DFULLPKGNAME=Python-2.7.14 -DMAINTAINER=Remi\ Pointel\ \<
rpoin...@openbsd.org\> -D^BASE_PKGPATH=lang/python/2.7
-D^LOCALBASE=/usr/local -D^X11BASE=/usr/X11R6 -D^TRUEPREFIX=/usr/local
-D^RCDIR=/etc/rc.d -D^LOCALSTATEDIR=/var -i -B
/usr/ports/pobj/Python-2.7.14 /usr/ports/pobj/Python-2.7.14/Python-2.7.14/
configure.ac
Fatal: /usr/ports/pobj must be on a wxallowed filesystem (in
lang/python/2.7)
*** Error 1 in /usr/ports/lang/python/2.7 (/usr/ports/infrastructure/mk/
bsd.port.mk:2657 '_post-patch-finalize': @wrktmp=`df -P /usr/ports/p...)
*** Error 1 in /usr/ports/lang/python/2.7 (/usr/ports/infrastructure/mk/
bsd.port.mk:2644 '/usr/ports/pobj/Python-2.7.14/.patch_done')
*** Error 1 in /usr/ports/lang/python/2.7 (/usr/ports/infrastructure/mk/
bsd.port.mk:1938 '/usr/ports/packages/amd64/all/python-2.7.14p1.tgz')
*** Error 1 in /usr/ports/lang/python/2.7 (/usr/ports/infrastructure/mk/
bsd.port.mk:2440 '_internal-package')
*** Error 1 in /usr/ports/lang/python/2.7 (/usr/ports/infrastructure/mk/
bsd.port.mk:2419 'package')
*** Error 1 in /usr/ports/lang/python/2.7 (/usr/ports/infrastructure/mk/
bsd.port.mk:1956 '/var/db/pkg/python-2.7.14p1/+CONTENTS')
*** Error 1 in /usr/ports/lang/python/2.7 (/usr/ports/infrastructure/mk/
bsd.port.mk:2419 'install')
*** Error 1 in acme-tiny (/usr/ports/infrastructure/mk/bsd.port.mk:2073
'/usr/ports/pobj/acme-tiny-20160818/.dep-lang-python-2.7')
*** Error 1 in acme-tiny (/usr/ports/infrastructure/mk/bsd.port.mk:1958
'/var/db/pkg/acme-tiny-20160818/+CONTENTS')
*** Error 1 in acme-tiny (/usr/ports/infrastructure/mk/bsd.port.mk:2419
'install')
===> Exiting security/letsencrypt/acme-tiny with an error
*** Error 1 in /usr/ports/security/letsencrypt
(/usr/ports/infrastructure/mk/bsd.port.subdir.mk:147 'install')

This is what my fstab looks like

9abe67936fe2a3ab.b none swap sw
9abe67936fe2a3ab.a / ffs rw 1 1
9abe67936fe2a3ab.i /home ffs rw,nodev,nosuid 1 2
9abe67936fe2a3ab.d /tmp ffs rw,nodev,nosuid 1 2
9abe67936fe2a3ab.f /usr ffs rw,nodev 1 2
9abe67936fe2a3ab.e /var ffs rw,nodev,nosuid 1 2


Thanks
Monah

Re: OpenBSd 5.9 dup-to

2017-05-08 Thread Monah Baki 
You have it setup in bridge mode?

Thanks


On Mon, May 8, 2017 at 9:01 PM Edgar Pettijohn <ed...@pettijohn-web.com>
wrote:

>
>
> On 05/08/17 17:55, Monah Baki wrote:
> > Hi all,
> >
> > I am running OpenBSD 5.9 on a Net4801 Soekris. It's acting as my gateway
> > and all my internal machines on the 10.0.0.x network are able to get to
> the
> > internet.
> >
> > My ifconfig
> >
> > # ifconfig
> > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
> >  priority: 0
> >  groups: lo
> >  inet6 ::1 prefixlen 128
> >  inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
> >  inet 127.0.0.1 netmask 0xff00
> > sis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> >  lladdr 00:00:24:c5:08:bc
> >  priority: 0
> >  groups: egress
> >  media: Ethernet autoselect (100baseTX full-duplex)
> >  status: active
> >  inet 192.168.1.222 netmask 0xff00 broadcast 192.168.1.255
> > sis1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> >  lladdr 00:00:24:c5:08:bd
> >  priority: 0
> >  media: Ethernet autoselect (100baseTX full-duplex)
> >  status: active
> >  inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255
> > sis2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
> >  lladdr 00:00:24:c5:08:be
> >  priority: 0
> >  media: Ethernet autoselect (none)
> >  status: no carrier
> >
> >
> >
> >
> >
> > My pf.conf
> >
> >
> > set skip on lo
> >
> > block return# block stateless traffic
> > pass# establish keep-state
> >
> > pass out on sis0 inet from sis1:network to any nat-to sis0
> > pass in on sis1 dup-to 10.0.0.2
> > pass out on sis1 dup-to 10.0.0.2
> >
> >
> >
> > The 10.0.0.2 is the IP address of my Windows workstation running
> wireshark,
> > however I do not see any network traffic from my internal workstations.
> >
> > I actually prefer to copy traffic from sis1 to sis2 if possible and just
> > connect directly my wireshark laptop to it
> >
> > Am I missing anything?
> >
> >
> > Thanks
> > Monah
> I am using a soekris for my router as well.  I pretty much just followed
> the advice here https://www.openbsd.org/faq/pf/example1.html and have
> had no problems for over a year now.
>
> Edgar
>
>

OpenBSd 5.9 dup-to

2017-05-08 Thread Monah Baki 
Hi all,

I am running OpenBSD 5.9 on a Net4801 Soekris. It's acting as my gateway
and all my internal machines on the 10.0.0.x network are able to get to the
internet.

My ifconfig

# ifconfig
lo0: flags=8049 mtu 32768
priority: 0
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
inet 127.0.0.1 netmask 0xff00
sis0: flags=8843 mtu 1500
lladdr 00:00:24:c5:08:bc
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.1.222 netmask 0xff00 broadcast 192.168.1.255
sis1: flags=8843 mtu 1500
lladdr 00:00:24:c5:08:bd
priority: 0
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255
sis2: flags=8802 mtu 1500
lladdr 00:00:24:c5:08:be
priority: 0
media: Ethernet autoselect (none)
status: no carrier





My pf.conf


set skip on lo

block return# block stateless traffic
pass# establish keep-state

pass out on sis0 inet from sis1:network to any nat-to sis0
pass in on sis1 dup-to 10.0.0.2
pass out on sis1 dup-to 10.0.0.2



The 10.0.0.2 is the IP address of my Windows workstation running wireshark,
however I do not see any network traffic from my internal workstations.

I actually prefer to copy traffic from sis1 to sis2 if possible and just
connect directly my wireshark laptop to it

Am I missing anything?


Thanks
Monah

Re: Getting http to work

2017-02-26 Thread Monah Baki 
It worked!

I switched my ext_addr to my 192.168.60.129, manually ran
/usr/sbin/httpd rather than "rcctl" or "/etc/rc.d/httpd start", did a
ps -ax and saw httpd server running. Rebooted the machine, the httpd
daemon came back up automatically. Switched the ext_addr to "*"
rebooted, the httpd server still came up as running.

Very strange.




On Sun, Feb 26, 2017 at 8:50 AM, Vijay Sankar <vsan...@foretell.ca> wrote:
>   Oops, don't know what happened to my config that I added below. Sorry
> about that.
>
> Anyways, the only thing I recall was that I used the real server name
> instead of "default" and it worked and I have not touched the configuration
> since then :)
>
> Vijay
>
> Quoting Vijay Sankar <vsan...@foretell.ca>:
>
>> Hi,
>>
>> Can you try using the name of the server instead of "default"?
>>
>> I sort of recall something like this from a couple of years ago but it
> has
>> run without any problems for me.
>>
>> For example, I had "default" instead of the server's name and it did not
>> work. Once I changed to the following, there were no issues and it has
> run
>> like this  since
>>
>> vault.lab.foretell.ca$ ls -l
>>
> /etc/httpd.conf                   Â
            Â
>> Â
>> -rw-r--r--  1 root  wheel  558 Dec 28  2015 /etc/httpd.conf
>>
>> vault.lab.foretell.ca$ more
>>
> /etc/httpd.conf                   Â
             Â
>> Â
>> prefork 2
>> chroot "/home/distros"
>> Â Â Â Â Â Â Â Â Â Â  server "vault.lab.foretell.ca" {
>> Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  listen on *
> port 80
>> Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  directory
> auto index
>> Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  }
>>
>> Â Â Â Â Â Â Â Â Â Â  types {
>> Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
>> text/css              Â
>> css
>> Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
> text/html             Â
>> html htm
>> Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
>> text/txt              Â
>> txt
>> Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
> image/gif             Â
>> gif
>> Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
> image/jpeg            Â
>> jpeg jpg
>> Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
> image/png             Â
>> png
>> Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
> application/javascript  js
>> Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
> application/xml         xml
>> Â Â Â Â Â Â Â Â Â Â  }
>>
>> Hope this helps,
>>
>> Vijay
>>
>> Quoting Monah Baki <monahb...@gmail.com>:
>>
>>> # netstat -na -f inet | grep LISTEN
>>> tcp          0      0  127.0.0.1.25  Â
> Â  Â  Â  Â *.*Â  Â  Â
>>
>> Â  Â  Â  Â  Â  Â  Â
>>> LISTEN
>>> tcp          0      0  *.22    Â
> Â  Â  Â  Â  Â  Â  Â *.*Â  Â
>>
>> Â  Â  Â  Â  Â  Â  Â  Â
>>> LISTEN
>>> # httpd -dv
>>> startup
>>> parent: send server: Can't assign requested address
>>> # logger exiting, pid 24061
>>> server exiting, pid 96224
>>> server exiting, pid 68259
>>> server exiting, pid 94930
>>>
>>> It's a fresh install so I wasn't expecting any ports listening. Even
>>> if I changed to port 8080 same issue.
>>>
>>> Thanks
>>>
>>> On Sat, Feb 25, 2017 at 6:31 PM, Currell Berry <currellbe...@gmail.com>
>>> wrote:
>>>> Monah Baki writes:
>>>>
>>>>> # httpd -dnv
>>>>> configuration OK
>>>>>
>>>>> #Â  rcctl - start httpd
>>>>> doing _rc_parse_conf
>>>>> doing _rc_quirks
>>>>> httpd_flags empty, using default ><
>>>>> doing _rc_parse_conf /var/run/rc.d/httpd
>>>>> doing _rc_quirks
>>>>> doing rc_check
>>>>> httpd
>>>>> doing rc_pre
>>>>> configuration OK
>>>>> doing rc_start
>>>>> doing _rc_wait start
>>>>> doing rc_check
>>>>> doing _rc_write_runfile
>>>>> (ok)
>>>>>
>>>>> # /etc/rc.d/httpd start
>>>>> httpd(ok)
>>>>>
>>>>> cat /var/log/messages
>>>>>
>>>>> Feb 25 15:35:22 nebula httpd[94632]: parent: send server: Can't assign
>>>>> requested address
>>>>> Feb

Re: Getting http to work

2017-02-26 Thread Monah Baki 
I installed a fresh copy of 5.9 and still having the same issue. Still
seeing  parent: send server: Can't assign requested address in
/var/log/messages.

Thanks


On Sat, Feb 25, 2017 at 10:27 PM, Kevin Gerrard <ke...@txwre.com> wrote:
> OpenBSD 6.0
> I had this happen to me a few days ago. I set httpd.conf up to use "*"  at
> first just to cut down on hiccups. When I had it up and working with php,
> and mariadb I changed   "*" to"192.168.3.254" and restarted
> httpd.conf. It did not work, even after a reboot. So I put the "*" back in
> just  so I could go populate mariadb 10 and php 7. After reading these
> emails today it made me remember that, and so I logged into it and changed
> it back to the "192.168.3.254" instead of "*", and restarted httpd. I
> thought I was going to reproduce the hiccup but instead the dadgum thing
> worked!!!
>
> No problems here at all but I did want to say for whatever reason it was,
> this exact anomaly did happen to me once also, however upon trying to
> reproduce it I could not.
>
> The only thing I can think of is that I "might" not have rebooted? I really
> doubt that is it but a lot on my mind lately and it could easily have been.
>
> Kevin Gerrard
>
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
> Currell Berry
> Sent: Saturday, February 25, 2017 5:32 PM
> To: Monah Baki
> Cc: ludovic coues; openbsd-misc
> Subject: Re: Getting http to work
>
> Monah Baki writes:
>
>> # httpd -dnv
>> configuration OK
>>
>> #  rcctl - start httpd
>> doing _rc_parse_conf
>> doing _rc_quirks
>> httpd_flags empty, using default ><
>> doing _rc_parse_conf /var/run/rc.d/httpd doing _rc_quirks doing
>> rc_check httpd doing rc_pre configuration OK doing rc_start doing
>> _rc_wait start doing rc_check doing _rc_write_runfile
>> (ok)
>>
>> # /etc/rc.d/httpd start
>> httpd(ok)
>>
>> cat /var/log/messages
>>
>> Feb 25 15:35:22 nebula httpd[94632]: parent: send server: Can't assign
>> requested address Feb 25 15:36:06 nebula httpd[14026]: parent: send
>> server: Can't assign requested address
>>
>>
>> vi httpd.conf
>>
>> # $OpenBSD: httpd.conf,v 1.14 2015/02/04 08:39:35 florian Exp $
>>
>> #
>> # Macros
>> #
>> ext_addr="*"
>>
>> #
>> # Global Options
>> #
>> # prefork 3
>>
>> #
>> # Servers
>> #
>>
>> # A minimal default server
>> server "default" {
>> listen on $ext_addr port 80
>> }
>>
>>
>>
>> Thanks
>>
>>
>> On Sat, Feb 25, 2017 at 3:27 PM, ludovic coues <cou...@gmail.com> wrote:
>>> # rcctl - start httpd
>>> This command should give you some details on what isn't working.
>>> If not, you can try `# httpd -nvv` to check your config and `# httpd
>>> -d` to run httpd directly.
>>>
>>> 2017-02-25 21:20 GMT+01:00 Monah Baki <monahb...@gmail.com>:
>>>> Changing to ext_addr="*"
>>>>
>>>>
>>>> # /etc/rc.d/httpd start
>>>> httpd(failed)
>>>>
>>>> Nothing shows up in /var/log/messages
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Sat, Feb 25, 2017 at 12:00 PM, Currell Berry <currellbe...@gmail.com>
> wrote:
>>>>>
>>>>> Monah Baki writes:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> Installed a fresh install of OpenBSD 6.0 on VMWare workstation and
>>>>>> wanted to run default webserver.
>>>>>>
>>>>>> In the messages logs I find the following error:
>>>>>>
>>>>>>  httpd[23792]: parent: send server: Can't assign requested address
>>>>>>
>>>>>>
>>>>>> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>>>>>> lladdr 00:0c:29:b3:81:f8
>>>>>> index 1 priority 0 llprio 3
>>>>>> groups: egress
>>>>>> media: Ethernet autoselect (1000baseT full-duplex,master)
>>>>>> status: active
>>>>>> inet 192.168.60.129 netmask 0xff00 broadcast
>>>>>> 192.168.60.255
>>>>>>
>>>>>> In my httpd.conf all I changed was the "ext_addr" Macro, everything
> else as is.
>>>>>>
>>>>>> $ cat /etc/httpd.conf
>>>>>> # $OpenBSD: httpd.conf,v 1.14 2015/02/04 08:39:35 florian Exp $
>>>>>>
>>>>>> #
>>>>>> # Macros
>>>>>> #
>>>>>> ext_addr="192.168.60.129"
>>>>>> # A minimal default server
>>>>>> server "default" {
>>>>>> listen on $ext_addr port 80 }
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thank you
>>>>>> Monah
>>>>>
>>>>> Did you try
>>>>>
>>>>>  ext_addr="*"
>>>>>
>>>>> yet?
>>>>>
>>>>> Does it report the same error with that in place?
>>>>>
>>>>> -- Currell
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> Cordialement, Coues Ludovic
>>> +336 148 743 42
>
> Some ideas:
> You might have an instance of httpd running in the background stopping a
> new one from binding to the port.
>
> Run the following commands and examine the output to check what could be
> there
>
> # netstat -na -f inet | grep LISTEN
> # ps ax
>
> Kill all running instances of httpd, or anything else that is binding to
> port 80.
>
> Once you've done that, try starting httpd in no-fork mode and see what
> it says:
>
> # httpd -dv
>
> If it still doesn't work, try a different port (change 80 to  for
> instance).
>
> -- Currell

Re: Getting http to work

2017-02-25 Thread Monah Baki 
# netstat -na -f inet | grep LISTEN
tcp  0  0  127.0.0.1.25   *.*LISTEN
tcp  0  0  *.22   *.*LISTEN
# httpd -dv
startup
parent: send server: Can't assign requested address
# logger exiting, pid 24061
server exiting, pid 96224
server exiting, pid 68259
server exiting, pid 94930


It's a fresh install so I wasn't expecting any ports listening. Even
if I changed to port 8080 same issue.


Thanks

On Sat, Feb 25, 2017 at 6:31 PM, Currell Berry <currellbe...@gmail.com> wrote:
>
> Monah Baki writes:
>
>> # httpd -dnv
>> configuration OK
>>
>> #  rcctl - start httpd
>> doing _rc_parse_conf
>> doing _rc_quirks
>> httpd_flags empty, using default ><
>> doing _rc_parse_conf /var/run/rc.d/httpd
>> doing _rc_quirks
>> doing rc_check
>> httpd
>> doing rc_pre
>> configuration OK
>> doing rc_start
>> doing _rc_wait start
>> doing rc_check
>> doing _rc_write_runfile
>> (ok)
>>
>> # /etc/rc.d/httpd start
>> httpd(ok)
>>
>> cat /var/log/messages
>>
>> Feb 25 15:35:22 nebula httpd[94632]: parent: send server: Can't assign
>> requested address
>> Feb 25 15:36:06 nebula httpd[14026]: parent: send server: Can't assign
>> requested address
>>
>>
>> vi httpd.conf
>>
>> # $OpenBSD: httpd.conf,v 1.14 2015/02/04 08:39:35 florian Exp $
>>
>> #
>> # Macros
>> #
>> ext_addr="*"
>>
>> #
>> # Global Options
>> #
>> # prefork 3
>>
>> #
>> # Servers
>> #
>>
>> # A minimal default server
>> server "default" {
>> listen on $ext_addr port 80
>> }
>>
>>
>>
>> Thanks
>>
>>
>> On Sat, Feb 25, 2017 at 3:27 PM, ludovic coues <cou...@gmail.com> wrote:
>>> # rcctl - start httpd
>>> This command should give you some details on what isn't working.
>>> If not, you can try `# httpd -nvv` to check your config and `# httpd
>>> -d` to run httpd directly.
>>>
>>> 2017-02-25 21:20 GMT+01:00 Monah Baki <monahb...@gmail.com>:
>>>> Changing to ext_addr="*"
>>>>
>>>>
>>>> # /etc/rc.d/httpd start
>>>> httpd(failed)
>>>>
>>>> Nothing shows up in /var/log/messages
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Sat, Feb 25, 2017 at 12:00 PM, Currell Berry <currellbe...@gmail.com> 
>>>> wrote:
>>>>>
>>>>> Monah Baki writes:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> Installed a fresh install of OpenBSD 6.0 on VMWare workstation and
>>>>>> wanted to run default webserver.
>>>>>>
>>>>>> In the messages logs I find the following error:
>>>>>>
>>>>>>  httpd[23792]: parent: send server: Can't assign requested address
>>>>>>
>>>>>>
>>>>>> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>>>>>> lladdr 00:0c:29:b3:81:f8
>>>>>> index 1 priority 0 llprio 3
>>>>>> groups: egress
>>>>>> media: Ethernet autoselect (1000baseT full-duplex,master)
>>>>>> status: active
>>>>>> inet 192.168.60.129 netmask 0xff00 broadcast 192.168.60.255
>>>>>>
>>>>>> In my httpd.conf all I changed was the "ext_addr" Macro, everything else 
>>>>>> as is.
>>>>>>
>>>>>> $ cat /etc/httpd.conf
>>>>>> # $OpenBSD: httpd.conf,v 1.14 2015/02/04 08:39:35 florian Exp $
>>>>>>
>>>>>> #
>>>>>> # Macros
>>>>>> #
>>>>>> ext_addr="192.168.60.129"
>>>>>> # A minimal default server
>>>>>> server "default" {
>>>>>> listen on $ext_addr port 80
>>>>>> }
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thank you
>>>>>> Monah
>>>>>
>>>>> Did you try
>>>>>
>>>>>  ext_addr="*"
>>>>>
>>>>> yet?
>>>>>
>>>>> Does it report the same error with that in place?
>>>>>
>>>>> -- Currell
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> Cordialement, Coues Ludovic
>>> +336 148 743 42
>
> Some ideas:
> You might have an instance of httpd running in the background stopping a
> new one from binding to the port.
>
> Run the following commands and examine the output to check what could be there
>
> # netstat -na -f inet | grep LISTEN
> # ps ax
>
> Kill all running instances of httpd, or anything else that is binding to
> port 80.
>
> Once you've done that, try starting httpd in no-fork mode and see what
> it says:
>
> # httpd -dv
>
> If it still doesn't work, try a different port (change 80 to  for 
> instance).
>
> -- Currell

Re: Getting http to work

2017-02-25 Thread Monah Baki 
# httpd -dnv
configuration OK

#  rcctl - start httpd
doing _rc_parse_conf
doing _rc_quirks
httpd_flags empty, using default ><
doing _rc_parse_conf /var/run/rc.d/httpd
doing _rc_quirks
doing rc_check
httpd
doing rc_pre
configuration OK
doing rc_start
doing _rc_wait start
doing rc_check
doing _rc_write_runfile
(ok)

# /etc/rc.d/httpd start
httpd(ok)

cat /var/log/messages

Feb 25 15:35:22 nebula httpd[94632]: parent: send server: Can't assign
requested address
Feb 25 15:36:06 nebula httpd[14026]: parent: send server: Can't assign
requested address


vi httpd.conf

# $OpenBSD: httpd.conf,v 1.14 2015/02/04 08:39:35 florian Exp $

#
# Macros
#
ext_addr="*"

#
# Global Options
#
# prefork 3

#
# Servers
#

# A minimal default server
server "default" {
listen on $ext_addr port 80
}



Thanks


On Sat, Feb 25, 2017 at 3:27 PM, ludovic coues <cou...@gmail.com> wrote:
> # rcctl - start httpd
> This command should give you some details on what isn't working.
> If not, you can try `# httpd -nvv` to check your config and `# httpd
> -d` to run httpd directly.
>
> 2017-02-25 21:20 GMT+01:00 Monah Baki <monahb...@gmail.com>:
>> Changing to ext_addr="*"
>>
>>
>> # /etc/rc.d/httpd start
>> httpd(failed)
>>
>> Nothing shows up in /var/log/messages
>>
>>
>>
>>
>>
>>
>> On Sat, Feb 25, 2017 at 12:00 PM, Currell Berry <currellbe...@gmail.com> 
>> wrote:
>>>
>>> Monah Baki writes:
>>>
>>>> Hi all,
>>>>
>>>> Installed a fresh install of OpenBSD 6.0 on VMWare workstation and
>>>> wanted to run default webserver.
>>>>
>>>> In the messages logs I find the following error:
>>>>
>>>>  httpd[23792]: parent: send server: Can't assign requested address
>>>>
>>>>
>>>> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>>>> lladdr 00:0c:29:b3:81:f8
>>>> index 1 priority 0 llprio 3
>>>> groups: egress
>>>> media: Ethernet autoselect (1000baseT full-duplex,master)
>>>> status: active
>>>> inet 192.168.60.129 netmask 0xff00 broadcast 192.168.60.255
>>>>
>>>> In my httpd.conf all I changed was the "ext_addr" Macro, everything else 
>>>> as is.
>>>>
>>>> $ cat /etc/httpd.conf
>>>> # $OpenBSD: httpd.conf,v 1.14 2015/02/04 08:39:35 florian Exp $
>>>>
>>>> #
>>>> # Macros
>>>> #
>>>> ext_addr="192.168.60.129"
>>>> # A minimal default server
>>>> server "default" {
>>>> listen on $ext_addr port 80
>>>> }
>>>>
>>>>
>>>>
>>>>
>>>> Thank you
>>>> Monah
>>>
>>> Did you try
>>>
>>>  ext_addr="*"
>>>
>>> yet?
>>>
>>> Does it report the same error with that in place?
>>>
>>> -- Currell
>>
>
>
>
> --
>
> Cordialement, Coues Ludovic
> +336 148 743 42

Re: Getting http to work

2017-02-25 Thread Monah Baki 
Changing to ext_addr="*"


# /etc/rc.d/httpd start
httpd(failed)

Nothing shows up in /var/log/messages






On Sat, Feb 25, 2017 at 12:00 PM, Currell Berry <currellbe...@gmail.com> wrote:
>
> Monah Baki writes:
>
>> Hi all,
>>
>> Installed a fresh install of OpenBSD 6.0 on VMWare workstation and
>> wanted to run default webserver.
>>
>> In the messages logs I find the following error:
>>
>>  httpd[23792]: parent: send server: Can't assign requested address
>>
>>
>> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>> lladdr 00:0c:29:b3:81:f8
>> index 1 priority 0 llprio 3
>> groups: egress
>> media: Ethernet autoselect (1000baseT full-duplex,master)
>> status: active
>> inet 192.168.60.129 netmask 0xff00 broadcast 192.168.60.255
>>
>> In my httpd.conf all I changed was the "ext_addr" Macro, everything else as 
>> is.
>>
>> $ cat /etc/httpd.conf
>> # $OpenBSD: httpd.conf,v 1.14 2015/02/04 08:39:35 florian Exp $
>>
>> #
>> # Macros
>> #
>> ext_addr="192.168.60.129"
>> # A minimal default server
>> server "default" {
>> listen on $ext_addr port 80
>> }
>>
>>
>>
>>
>> Thank you
>> Monah
>
> Did you try
>
>  ext_addr="*"
>
> yet?
>
> Does it report the same error with that in place?
>
> -- Currell

Getting http to work

2017-02-25 Thread Monah Baki 
Hi all,

Installed a fresh install of OpenBSD 6.0 on VMWare workstation and
wanted to run default webserver.

In the messages logs I find the following error:

 httpd[23792]: parent: send server: Can't assign requested address


em0: flags=8843 mtu 1500
lladdr 00:0c:29:b3:81:f8
index 1 priority 0 llprio 3
groups: egress
media: Ethernet autoselect (1000baseT full-duplex,master)
status: active
inet 192.168.60.129 netmask 0xff00 broadcast 192.168.60.255

In my httpd.conf all I changed was the "ext_addr" Macro, everything else as is.

$ cat /etc/httpd.conf
# $OpenBSD: httpd.conf,v 1.14 2015/02/04 08:39:35 florian Exp $

#
# Macros
#
ext_addr="192.168.60.129"
# A minimal default server
server "default" {
listen on $ext_addr port 80
}




Thank you
Monah

Re: Trying to newfs an old 128 compactflash

2016-01-30 Thread Monah Baki 
# newfs /dev/rsd0a
/dev/rsd0a: 123.0MB in 251840 sectors of 512 bytes
4 cylinder groups of 30.74MB, 3935 blocks, 7872 inodes each
newfs: wtfs: write error on block 16: Input/output error

Same error. I never seen this error before and I've used newfs before.

On Sat, Jan 30, 2016 at 8:10 PM, Edgar Pettijohn
<ed...@pettijohn-web.com> wrote:
> On 01/30/16 18:15, Monah Baki wrote:
>>
>> Hi all,
>>
>> Trying to newfs an old 128MB flashcard on my OpenBSD 5.7, so I can
>> install OpenBSd on it to run on a Soekris.
>>
>> # dmesg | grep sd0
>> sd0 at scsibus5 targ 1 lun 0: <Generic-, Multi-Card, 1.00> SCSI4
>> 0/direct removable serial.0bda0309201209010309
>> sd0: 123MB, 512 bytes/sector, 251904 sectors
>>
>> # disklabel sd0
>> # /dev/rsd0c:
>> type: SCSI
>> disk: vnd-a43c9e59
>> label:
>> duid: 770fe5cc30020c20
>> flags:
>> bytes/sector: 512
>> sectors/track: 63
>> tracks/cylinder: 255
>> sectors/cylinder: 16065
>> cylinders: 15
>> total sectors: 251904
>> boundstart: 0
>> boundend: 0
>> drivedata: 0
>
>
> http://marc.info/?l=openbsd-misc=105156642420865=2
> The math doesn't add up.
>
>> 3 partitions:
>> #size   offset  fstype [fsize bsize  cpg]
>>a:   251840   64  4.2BSD   1024  81920
>>c:   2519040  unused
>>
>>
>> # fdisk sd0
>> Disk: sd0   geometry: 15/255/63 [251904 Sectors]
>> Offset: 0   Signature: 0xAA55
>>  Starting Ending LBA Info:
>>   #: id  C   H   S -  C   H   S [   start:size ]
>>
>> ---
>>   0: 00  0   0   0 -  0   0   0 [   0:   0 ]
>> unused
>>   1: 00  0   0   0 -  0   0   0 [   0:   0 ]
>> unused
>>   2: 00  0   0   0 -  0   0   0 [   0:   0 ]
>> unused
>> *3: A6  0   1   2 - 14 254  63 [  64:  240911 ]
>> OpenBSD
>>
>>
>> # newfs -S 512 /dev/rsd0a
>> /dev/rsd0a: 123.0MB in 251840 sectors of 512 bytes
>> 4 cylinder groups of 30.74MB, 3935 blocks, 7872 inodes each
>> newfs: wtfs: write error on block 16: Input/output error
>
> Have you tried:
> #newfs /dev/rsd0a
>
> I've done a few flashcards and never had to use anything but the default.
>
>
>>
>> I tried 3 other 128MB flashcards, and a 32MB too, same results.
>>
>> Any help will be highly appreciated, and if you need any additional info
>> too.
>>
>>
>>
>> Thanks
>> Monah

Trying to newfs an old 128 compactflash

2016-01-30 Thread Monah Baki 
Hi all,

Trying to newfs an old 128MB flashcard on my OpenBSD 5.7, so I can
install OpenBSd on it to run on a Soekris.

# dmesg | grep sd0
sd0 at scsibus5 targ 1 lun 0:  SCSI4
0/direct removable serial.0bda0309201209010309
sd0: 123MB, 512 bytes/sector, 251904 sectors

# disklabel sd0
# /dev/rsd0c:
type: SCSI
disk: vnd-a43c9e59
label:
duid: 770fe5cc30020c20
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 15
total sectors: 251904
boundstart: 0
boundend: 0
drivedata: 0

3 partitions:
#size   offset  fstype [fsize bsize  cpg]
  a:   251840   64  4.2BSD   1024  81920
  c:   2519040  unused


# fdisk sd0
Disk: sd0   geometry: 15/255/63 [251904 Sectors]
Offset: 0   Signature: 0xAA55
Starting Ending LBA Info:
 #: id  C   H   S -  C   H   S [   start:size ]
---
 0: 00  0   0   0 -  0   0   0 [   0:   0 ] unused
 1: 00  0   0   0 -  0   0   0 [   0:   0 ] unused
 2: 00  0   0   0 -  0   0   0 [   0:   0 ] unused
*3: A6  0   1   2 - 14 254  63 [  64:  240911 ] OpenBSD


# newfs -S 512 /dev/rsd0a
/dev/rsd0a: 123.0MB in 251840 sectors of 512 bytes
4 cylinder groups of 30.74MB, 3935 blocks, 7872 inodes each
newfs: wtfs: write error on block 16: Input/output error

I tried 3 other 128MB flashcards, and a 32MB too, same results.

Any help will be highly appreciated, and if you need any additional info too.



Thanks
Monah

Patching OpenBSD 5.7

2015-07-25 Thread Monah Baki 
Hi All,

I upgraded my server from 5.6 to 5.7 using the bsd.rd, all was successful.

OpenBSD 5.7 (GENERIC) #738: Sun Mar  8 10:59:31 MDT 2015
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz (GenuineIntel
686-class) 3.60 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,NXE,PAGE1GB,LONG,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS
real mem  = 267862016 (255MB)
avail mem = 251109376 (239MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 07/31/13, BIOS32 rev. 0 @ 0xfd780, SMBIOS rev.
2.4 @ 0xe0010 (364 entries)
bios0: vendor Phoenix Technologies LTD version 6.00 date 07/31/2013
bios0: VMware, Inc. VMware Virtual Platform
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP BOOT APIC MCFG SRAT HPET WAET
acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3)
S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3)
S10F(S3) S11F(S3) S12F(S3) S13F(S3) [...]




I went and downloaded
http://ftp.openbsd.org/pub/OpenBSD/patches/5.7.tar.gz so I can patch
it.


Followed the instruction per the OpenBSD site

Apply patch using:

signify -Vep /etc/signify/openbsd-57-base.pub -x 003_openssl.patch.sig \
-m - | (cd /usr/src  patch -p0)

Then build and install libcrypto and libssl

cd /usr/src/lib/libcrypto/crypto
make obj (Success)


make
SNIP
cc -O2 -pipe -g -Wall -Werror -DDSO_DLFCN -DHAVE_DLFCN_H
-DHAVE_FUNOPEN -DLIBRESSL_INTERNAL -DTERMIOS -DOPENSSL_NO_HW_PADLOCK
-I/usr/src/lib/libcrypto/crypto/../../libssl/src
-I/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto
-I/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/modes
-I/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1
-I/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/evp
-I/usr/src/lib/libcrypto/crypto/obj -DAES_ASM -DVPAES_ASM
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_GF2m -DMD5_ASM -DGHASH_ASM -DRMD160_ASM -DSHA1_ASM
-DSHA256_ASM -DSHA512_ASM -DWHIRLPOOL_ASM -DOPENSSL_CPUID_OBJ   -c
/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/a_time.c -o
a_time.o
cc1: warnings being treated as errors
/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/a_time.c:88:
warning: return type defaults to 'int'
/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/a_time.c:
In function 'IMPLEMENT_ASN1_FUNCTIONS':
/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/a_time.c:90:
error: expected '=', ',', ';', 'asm' or '__attribute__' before '{'
token
/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/a_time.c:96:
error: expected '=', ',', ';', 'asm' or '__attribute__' before '{'
token
/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/a_time.c:116:
error: expected '=', ',', ';', 'asm' or '__attribute__' before '{'
token
/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/a_time.c:127:
error: expected '=', ',', ';', 'asm' or '__attribute__' before '{'
token
/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/a_time.c:164:
error: expected '=', ',', ';', 'asm' or '__attribute__' before '{'
token
/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/a_time.c:185:
error: expected '=', ',', ';', 'asm' or '__attribute__' before '{'
token
/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/a_time.c:74:
error: parameter name omitted
/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/a_time.c:204:
error: expected '{' at end of input
*** Error 1 in /usr/src/lib/libcrypto/crypto (bsd.lib.mk:40
'a_time.o': @cc -O2 -pipe -g -Wall -Werror -DDSO_DLFCN -DHAVE_DLFCN_H
-DHAVE_F...)



Any guidance will be greatly appreciated.


Thank you

Monah

Re: tools for monitoring network traffic

2014-09-19 Thread Monah Baki 
I use Bro and Argus

http://qosient.com/argus/
http://bro.org

On Fri, Sep 19, 2014 at 9:10 AM, Markus Rosjat ros...@ghweb.de wrote:

 Hello,

 just a simple question with a properbly more complicated answer. Are there
 tools out there to simply monitor the network traffic for a webserver so
 you get information about which domain caused which traffic over a week or
 a day?

 I know I could go and reinvent the wheel by using pf and other tools but
 since Im a lazy guy I want to look for a solution that is already out
there.

 Thx for the help :)

 Regards

 --
 Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

 G+H Webservice GbR Gorzolla, Herrmann
 Königsbrücker Str. 70, 01099 Dresden

 http://www.ghweb.de
 fon: +49 351 8107220   fax: +49 351 8107227

 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before
 you print it, think about your responsibility and commitment to the
 ENVIRONMENT

Squid + OpenBSD 5.4 and 5.5

2014-06-15 Thread Monah Baki 
Hi all,

Using ./configure --prefix=/usr/local/squid --with-filedescriptors=32768
--enable-snmp --with-large-files


I installed OpenBSD 5.4 on a vmware workstation and squid 3.4.5, works fine.


However, OpenBSD 5.5 on both vmware workstation and on a SPARC64
T5220, I get the following error running make,


po -c -o client_side.o client_side.cc  mv -f $depbase.Tpo $depbase.Po
depbase=`echo client_side_reply.o | sed 's|[^/]*$|.deps/|;s|\.o$||'`;
g++ -DHAVE_CONFIG_H
-DDEFAULT_CONFIG_FILE=\/usr/
local/squid/etc/squid.conf\
-DDEFAULT_SQUID_DATA_DIR=\/usr/local/squid/share\
-DDEFAULT_SQUID_CONFIG_DIR=\/usr/local/squid/etc\  -I.. -I../include
-I../lib  -I../src -I../include   -I/usr/include/kerberosV
-I/usr/include/kerberosV  -I../libltdl  -I../src -I../libltdl
-I/usr/include/kerberosV  -I/usr/include/kerberosV
-I/usr/include/kerberosV  -I/usr/include/kerberosV  -Wall
-Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe
-D_REENTRANT -g -O2 -MT client_side_reply.o -MD -MP -MF $depbase.Tpo
-c -o client_side_reply.o client_side_reply.cc  mv -f $depbase.Tpo
$depbase.Po
cc1plus: warnings being treated as errors
client_side_reply.cc: In member function 'void
clientReplyContext::buildReplyHeader()':
client_side_reply.cc:1326: warning: format '%ld' expects type 'long
int', but argument 4 has type 'long long int'
*** Error 1 in src (Makefile:6970 'client_side_reply.o')
*** Error 1 in src (Makefile:7116 'all-recursive')
*** Error 1 in src (Makefile:6036 'all')
*** Error 1 in /home/mbaki/squid-3.4.5 (Makefile:587 'all-recursive')


Is this a squid issue???


Thanks

New install

2014-06-08 Thread Monah Baki 
Hi all,


I just installed OpenBSD 5.5 on a sparc64

$ uname -a
OpenBSD test.home 5.5 GENERIC.MP#173 sparc64

I then issued the following commands:

cd /usr/
export CVSROOT=anon...@anoncvs.openbsd.org:/cvs
cvs -d$CVSROOT up -rOPENBSD_5_5 -Pd


Couple of hours later:

cvs server: Updating libexec
U libexec/Makefile
U libexec/Makefile.inc
cvs server: Updating libexec/atrun
cvs [update aborted]: could not chdir to libexec/comsat: Not a directory

cd /usr/libexec

ls -la
$ ls -la
total 5416
drwxr-xr-x  10 root  wheel1536 Jun  8 11:48 .
drwxr-xr-x  24 root  wheel 512 Jun  8 12:33 ..
drwxr-xr-x   2 root  wheel 512 Jun  8 11:48 CVS
-rw-r--r--   1 root  wheel 598 Dec  4  2013 Makefile
-rw-r--r--   1 root  wheel  87 Jan 28  2001 Makefile.inc
drwxr-xr-x   3 root  wheel 512 Jun  8 11:48 atrun
drwxr-x---   2 root  auth  512 Mar  4 16:03 auth
-r-xr-xr-x   1 root  bin 16824 Mar  4 16:03 comsat
-r-xr-xr-x   1 root  bin217864 Mar  4 16:05 cpp
drwxr-xr-x   3 root  wheel 512 Mar  4 16:05 cvs



Thanks

Thank you thank you thank you

2014-06-07 Thread Monah Baki 
# dmesg
console is /virtual-devices@100/console@1
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2014 OpenBSD. All rights reserved.
http://www.OpenBSD.org

OpenBSD 5.5 (GENERIC.MP) #173: Tue Mar  4 14:47:47 MST 2014
dera...@sparc64.openbsd.org:/usr/src/sys/arch/sparc64/compile/GENERIC.MP
real mem = 17045651456 (16256MB)
avail mem = 16759693312 (15983MB)
mainbus0 at root: SPARC Enterprise T5220
cpu0 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu1 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu2 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu3 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu4 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu5 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu6 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu7 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu8 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu9 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu10 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu11 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu12 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu13 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu14 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu15 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu16 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu17 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu18 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu19 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu20 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu21 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu22 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu23 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu24 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu25 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu26 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu27 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu28 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu29 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu30 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz
cpu31 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1165.379 MHz

DNS Proxy

2013-09-15 Thread Monah Baki 
Hi all,


I'm running OpenBSD 5.2 with squid for a friend who owns an ISP outside the
U.S and uses my OpenBSD squid proxy to access netflix. I've been told this
can be also accomplished via DNS Proxy. Is it true?

If yes which one do you recommend?


Thanks

Re: www.openbsd.org down?

2013-06-25 Thread Monah Baki 
Can't access from Washington DC


On Tue, Jun 25, 2013 at 6:53 AM, Nenhum_de_Nos math...@eternamente.infowrote:

 On Tue, June 25, 2013 06:56, Yusof Khalid - FreeBSD / OpenBSD wrote:
  Yeah can't access from here (Kuala Lumpur, MY)

 Can't access from Brazil.

 matheus

 --
 We will call you Cygnus,
 The God of balance you shall be

 A: Because it messes up the order in which people normally read text.
 Q: Why is top-posting such a bad thing?

 http://en.wikipedia.org/wiki/Posting_style

pf log question

2008-06-24 Thread Monah Baki 
Hi all,

Using tcpdump -i pflog0

Jun 24 10:54:01.209701 rule 14/(match) pass in on tun0

Is there a way to display what's rule 14?


Thank you




BSD Networking, Microsoft Notworking

Re: pf log question

2008-06-24 Thread Monah Baki 
Thanks all for all the help.

Reason I was asking is I have this strange issue.

First my pf.conf (sniped) is:

+
int_if=xl0
ext_if=xl1
external_addr=tun0

tcp_services = { 22, 25, 53, 80, 110, 143, 443, 554, 6667, 1220, 1863,  \
3128, 5060, 5061, 5190, 6667, 8000, 8021, 8080, 8085, 9090, 1 }

udp_services = { 53, 113 }

set loginterface $external_addr
set loginterface $ext_if

# set block-policy drop

scrub in all
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*

pass quick on lo0 all

block in log

pass out keep state

antispoof quick for { lo $int_if }

pass out quick on $int_if proto tcp from any to $mail_srvr port 25

pass log quick on $external_addr

pass quick on $ext_if

++


If I change pass log quick on $external_addr to pass in log quick on
$external_addr from any to any port $tcp_services, I can no longer
receive email from certain domains (gmail.com, guru.com and customers).
However I can receive email from my work and from hotmail. When I issue
the tcpdump -i pflog, I do not see any (block), but I do not receive the
mails at all.

Couple of days, google responds with:
timeout after EHLO from yw-out-1718.google.com[74.125.46.157]
and timeout after EHLO from mail3.guru.com[216.151.125.108]

If I switch back to pass log quick on $external_addr everything works.

I'm using OpenBSD3.9 with PPPoE.






 On Tue, Jun 24, 2008 at 11:06:04AM -0400, Monah Baki wrote:
 | Hi all,
 |
 | Using tcpdump -i pflog0
 |
 | Jun 24 10:54:01.209701 rule 14/(match) pass in on tun0
 |
 | Is there a way to display what's rule 14?





BSD Networking, Microsoft Notworking

Buying 4.2 CD

2008-05-02 Thread Monah Baki 
Why the 4.2 CD set is missing in https://https.openbsd.org/cgi-bin/order

Thank you


BSD Networking, Microsoft Notworking

rdr to squid proxy with authentication

2008-04-23 Thread Monah Baki 
Hi all,

I implemented the following rule and so far I can see that all users are
accessing my proxy server



Tried the following in /etc/inetd.conf

127.0.0.1:5000 stream tcp nowait nobody /usr/bin/nc nc -w \
   20 192.168.3.106 8080


rdr on $int_if proto tcp from $int_net to $ext_if port 80 - \
   127.0.0.1 port 5000


But I have one question, my proxy requires authentication before browsing,
how can I have the firewall also authenticate, because if I disable on the
squid proxy authentication, it works. If I enable it, all sites I try to
visit comes up with a page that I need authentication first to use the
proxy.

Thanks


BSD Networking, Microsoft Notworking

RDR question

2008-04-13 Thread Monah Baki 
Hi all,

I'm running OpenBSD on a soekris box 4.3 current.

sis0=192.168.3.32
sis1=192.168.2.1

I have a proxy server IP address 192.168.3.106

I want a rule to have all users on the .2 network to go thru the proxy.


Tried the following in /etc/inetd.conf

127.0.0.1:5000 stream tcp nowait nobody /usr/bin/nc nc -w \
   20 192.168.3.106 8080


rdr on $int_if proto tcp from $int_net to $ext_if port 80 - \
   127.0.0.1 port 5000

I can access websites but thing is the proxy server is running dans
guardian on 8080 and I do not see a denied page when I access unwanted
sites.

Thanks

BSD Networking, Microsoft Notworking

Re: RDR question

2008-04-13 Thread Monah Baki 
Hi,

It did not work, I get a blank page on all URL's.

Here's my pf.conf real basic.

ext_if=sis0
int_if=sis1

#table spamd-white persist

set skip on lo

#scrub in
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
#rdr-anchor relayd/*

nat on $ext_if from $int_if:network to any - $ext_if
# rdr pass on $ext_if proto tcp to port 80 - 192.168.3.106 port 8080
rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021
rdr on $ext_if proto tcp from 192.168.2.0/24 to any port 80 - \
127.0.0.1 port 5000
rdr on $ext_if proto tcp from any to $ext_if - 192.168.3.106 port 8080
#no rdr on $ext_if proto tcp from spamd-white to any port smtp
#rdr pass on $ext_if proto tcp from any to any port smtp \
#   - 127.0.0.1 port spamd
anchor ftp-proxy/*
# block all
pass out


Thanks







On Apr 13, 2008, at 1:59 PM, Dorian B|ttner wrote:
Monah Baki schrieb:

rdr on $int_if proto tcp from $int_net to $ext_if port 80 - \
   127.0.0.1 port 5000



unless you host the unwanted sites on $ext_if, you may try to any
instead and let us know?


BSD Networking, Microsoft Notworking

openbsd 3.9 and httpd-2.2.6

2007-12-13 Thread Monah Baki 
Hi all,

I'm trying to install httpd-2.2.6 on my openbsd 3.9 from source. I get the
following error when I run make

Making all in support
make[1]: Entering directory `/export/home/mbaki/httpd-2.2.6/support'
make[2]: Entering directory `/export/home/mbaki/httpd-2.2.6/support'
/usr/local/apr/build-1/libtool --silent --mode=link gcc -g -O2 -pthread   
-o htpasswd  htpasswd.lo   -lm
/export/home/mbaki/httpd-2.2.6/srclib/pcre/libpcre.la
/usr/local/apr/lib/libaprutil-1.la -lexpat -liconv
/usr/local/apr/lib/libapr-1.la -lpthread
/usr/bin/ld: cannot find -lexpat
collect2: ld returned 1 exit status
make[2]: *** [htpasswd] Error 1
make[2]: Leaving directory `/export/home/mbaki/httpd-2.2.6/support'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/export/home/mbaki/httpd-2.2.6/support'
make: *** [all-recursive] Error 1



Thanks


BSD Networking, Microsoft Notworking

OpenBSD 3.9 and Httpd-2.2.6 compile error

2007-12-13 Thread Monah Baki 
Hi All,

I'm compiling httpd with the following:

./configure --prefix=/usr/local/apache2 --enable-ssl --enable-dav
--enable-dav-fs --enable-vhost-alias --enable-rewrite --enable-so

When I run make I get the following error:

Making all in support
make[1]: Entering directory `/export/home/mbaki/httpd-2.2.6/support'
make[2]: Entering directory `/export/home/mbaki/httpd-2.2.6/support'
/usr/local/apr/build-1/libtool --silent --mode=compile gcc -g -O2 -pthread
   -D_POSIX_THREADS-I/export/home/mbaki/httpd-2.2.6/srclib/pcre -I.
-I/export/home/mbaki/httpd-2.2.6/os/unix
-I/export/home/mbaki/httpd-2.2.6/server/mpm/prefork
-I/export/home/mbaki/httpd-2.2.6/modules/http
-I/export/home/mbaki/httpd-2.2.6/modules/filters
-I/export/home/mbaki/httpd-2.2.6/modules/proxy
-I/export/home/mbaki/httpd-2.2.6/include
-I/export/home/mbaki/httpd-2.2.6/modules/generators
-I/export/home/mbaki/httpd-2.2.6/modules/mappers
-I/export/home/mbaki/httpd-2.2.6/modules/database
-I/usr/local/apr/include/apr-1 -I/usr/local/include
-I/export/home/mbaki/httpd-2.2.6/modules/proxy/../generators
-I/export/home/mbaki/httpd-2.2.6/modules/ssl
-I/export/home/mbaki/httpd-2.2.6/modules/dav/main  -prefer-non-pic -static
-c htpasswd.c  touch htpasswd.lo
/usr/local/apr/build-1/libtool --silent --mode=link gcc -g -O2 -pthread   
-o htpasswd  htpasswd.lo   -lm
/export/home/mbaki/httpd-2.2.6/srclib/pcre/libpcre.la
/usr/local/apr/lib/libaprutil-1.la -lexpat -liconv
/usr/local/apr/lib/libapr-1.la -lpthread
/usr/bin/ld: cannot find -lexpat
collect2: ld returned 1 exit status
make[2]: *** [htpasswd] Error 1
make[2]: Leaving directory `/export/home/mbaki/httpd-2.2.6/support'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/export/home/mbaki/httpd-2.2.6/support'
make: *** [all-recursive] Error 1




Thanks

PPP problems

2006-10-16 Thread Monah Baki 
Hi All,

I'm running PPP on OpenBSD 3.9, machine runs great for 3-4 weeks and then
disconnects then I have to restart PPP for it to work. Is this normal, is
there a way to keep it up indefinitely?

Thanks


BSD Networking, Microsoft Notworking

PF Rule

2006-09-18 Thread Monah Baki 
Hi all,

Is there a way to write a single rule to cover these 2 rules:

no nat on $ext_if inet proto tcp from 192.168.3.204 to any
nat on $ext_if from 192.168.3.0/24 to any - $ext_if


Thanks

BSD Networking, Microsoft Notworking

NAT Question

2006-09-13 Thread Monah Baki 
Hi all,

Yesterday I just received 8 public IP addresses from my ISP. I'm running
ppp on my OpenBSD 3.9 server (DSL).
My xl0 has the public IP address (67.100.x.x) provided to me by my ISP, my
xl1 interface is my 192.168.3.1
Once I run /usr/sbin/ppp -ddial pppoe, my tun0 gets created

If I issue a netstat -an, I see the 5 other public IP addresses given to me.

Now I have 4 other machines behind the OBSD box, in the 192.168.3.x IP range.

My NAT rule is:
nat on xl1 from 192.168.3.0/24 to any - xl0

Now if I were to assign the gateway on my internal hosts the IP address of
xl1 on my BSD box, I can't seem to access the internet.

Now if I were to assign one of the public interfaces on one of the
internal machines, and the gateway is the IP address of xl0 on my BSD box,
it works fine.


Hope this makes sense, cause I'm completely lost as to why something that
was working on a single IP, I introduced 8 other IP's and it does not work
anymore.
Nothing has changed in my pf.rule file, only the new 8 IP addresses.


Thank you

BSD Networking, Microsoft Notworking

CPAN error

2006-08-30 Thread Monah Baki 
Hi all,

Yesterday I installed Openbsd3.9 and wanted to install Digest::SHA1 using
CPAN
I get an error complaining the MD5 checksum is incorrect and to delete it
from /root/.cpan../../etc etc (which I did). This happens with other
modules too. I can download the modules manually and run perl
Makefile.pl, make  make install, but was wandering why I'm having
this problem.

Thanks

BSD Networking, Microsoft Notworking

Question

2006-07-13 Thread Monah Baki 
Hi all,

I'm hoping I'm wording this correctly.

Is there any software available for OpenBSD that will permit me to
redirect a packet based on a certain string in the packet?.
For example if someone where to telnet to my server (userid foo), server
should redirect that packet based on the string foo to a syslog server.
Sort of like patch-o-matic for linux.

BSD Networking, Microsoft Notworking

latest sendmail patch

2006-06-19 Thread Monah Baki 
Hi all,

I'm trying to apply the latest patch for sendmail and on my make, I get
the following error:

cc -O2 -pipe  -DSTARTTLS -DMILTER -DFAST_PID_RECYCLE -D_FFR_USE_SETLOGIN
-DSM_OMIT_BOGUS_WARNINGS -DNEWDB -DMAP_REGEX -DNETINET6 -DNEEDSGETIPNODE
-DSM_CONF_SHM -DNIS -DTCPWRAPPERS
-I/usr/src/gnu/usr.sbin/sendmail/sendmail/../sendmail
-I/usr/src/gnu/usr.sbin/sendmail/sendmail/../include   -c
/usr/src/gnu/usr.sbin/sendmail/sendmail/deliver.c
/usr/src/gnu/usr.sbin/sendmail/sendmail/deliver.c: In function `deliver':
/usr/src/gnu/usr.sbin/sendmail/sendmail/deliver.c:3269: error: syntax
error before '' token
/usr/src/gnu/usr.sbin/sendmail/sendmail/deliver.c:3286: error: syntax
error before '==' token
/usr/src/gnu/usr.sbin/sendmail/sendmail/deliver.c:3294: error: syntax
error before '' token
/usr/src/gnu/usr.sbin/sendmail/sendmail/deliver.c:3430: confused by
earlier errors, bailing out
*** Error code 1

Stop in /usr/src/gnu/usr.sbin/sendmail/sendmail.
*** Error code 1

Stop in /usr/src/gnu/usr.sbin/sendmail.




Partial dmesg

OpenBSD 3.9-current (GENERIC) #685: Mon Apr 10 14:00:41 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache) 349 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MM
X,FXSR
real mem  = 536444928 (523872K)
avail mem = 482459648 (471152K)




Thank you

BSD Networking, Microsoft Notworking

OpenBSD 3.8+Mysql 5.0.16

2005-11-29 Thread Monah Baki 
Hi all,

I'm installing mysql from source. I know this is an error that has been posted
several times:

# /usr/local/mysql/bin/mysql -V
/usr/local/mysql/bin/mysql: can't load library
'../libmysql/.libs/libmysqlclient.so.15.0'

# cd /usr/local/mysql/bin
# ./mysql -V
# ./mysql  Ver 14.12 Distrib 5.0.16, for unknown-openbsd3.8 (i386) using 
EditLine wrapper


If I vi the mysql file in /usr/local/mysql/bin:

SNIP.
@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@
[EMAIL PROTECTED]/libmysql/.libs/[EMAIL PROTECTED]@mysql_field_count
SNIP.


Does this mean libmysqlclient.so.15.0 is hardcoded and won't work unless
you're in the /usr/local/mysql/bin directory. 
It works fine as long as long as you start the commands in the
/usr/local/mysql/bin directory, if you change directory then you get the error.



Thank you

Re: Carp scp loosing connection

2005-10-24 Thread Monah Baki 
Solved it,

had to switch

pass in quick on $int_if all
pass out quick on $int_if all

to 

pass in quick on $int_if all keep state
pass out quick on $int_if all keep state


On Fri, 21 Oct 2005 16:37:54 -0400, Monah Baki wrote
 Sorry all it's a Soekris net4801
 
 Thank you
 
 On Fri, 21 Oct 2005 13:47:05 -0400, Monah Baki wrote
  Hi all,
  
  I have 2 Rasta 4801 (3.7 current) as a master and backup carp. One 
  solaris 10 server is behind them. When I try to scp a 600MB file 
  from 1 solaris server outside the network to the solaris server 
  behind the net4801, I get network error: connection reset by peer error.
  If I halt the master carp and the backup becomes master, no problem 
  all 600MB gets transfered. I then went ahead and deleted the file 
  and rebooted the the master, the current Master switched to backup,
   and I did the copy a network error: connection reset by peer 
  showed up.
  
  My pf.conf file on both machines are identical.
  
  Thank you.
  
  /etc/pf.conf
  -
  ext_if=sis0
  int_if=sis1
  ext_net=104.83.19.0/24
  int_net=172.16.0.0/24
  
  carp5=carp5
  
  ross=172.16.0.3
  ross_int_webzone=172.16.0.4
  
  tcp_services={22, 80}
  dns_services={53}
  
  set timeout interval 10
  set timeout frag 30
  set block-policy return
  set loginterface sis0
  set skip on lo0
  
  # scrub in all
  
  nat on $ext_if from $int_net to any - $ext_if static-port
  
  rdr on $ext_if proto tcp from any to $carp5 port 22 - 
  $ross_int_webzone port 22
  
  # Deny all packets
  block in on sis0 all
  
  pass in quick on $int_if all
  pass out quick on $int_if all
  
  pass in quick on $ext_if inet proto tcp from any to any port $tcp_services
  flags S/SA keep state
  pass out quick on $ext_if inet proto tcp from any to any port 
$tcp_services
  flags S/SA keep state
  
  pass in quick on $carp5 inet proto tcp from any to any port 
  $tcp_services keep state pass out quick on $carp5 inet proto tcp 
  from any to any port $tcp_services keep state
  
  pass quick on lo0 all
  
  pass quick on { sis2 } proto pfsync
  pass in quick on { sis0 sis1 } proto carp keep state
  
  # Filter rules for sis0 outbound
  block out on sis0 all
  
  # pass in all
  # pass out all
  
  My master carp has the following:
  -
   ifconfig carp5 create
   ifconfig carp5 vhid 5 carpdev sis0 pass netpasswd advskew 0 104.83.19.244
  netmask 255.255.255.0
  
  My backup carp has the following:
  -
   ifconfig carp5 create
   ifconfig carp5 vhid 5 carpdev sis0 pass netpasswd advskew 128 
104.83.19.244
  netmask 255.255.255.0

Email problems

2005-10-23 Thread Monah Baki 
Hi all,

Until 4 days ago, I no longer receive email on my server. I thought it was my 
provider (cox) since they 
block inbound and outbound smtp.
When I send email from the outside, nothing shows up in my /var/mail/maillog, I 
then get an email 3 
days later connection timed out with my server. If I send locally to verify 
pop and imap os working, 
no problem what so ever.

If I telnet from the outside to my server on port 110  143,

$ telnet whywire.com 110
Trying 68.227.194.65...
Connected to whywire.com.
Escape character is '^]'.
+OK
quit
+OK
Connection closed by foreign host.


$ telnet whywire.com 143 
Trying 68.227.194.65...
Connected to whywire.com.
Escape character is '^]'.
* OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS AUTH=LOGIN] 
marvin.whywire.com IMAP4rev1 2004.357 at Sun, 23 Oct 2005 14:12:08 -0400 (EDT)




This problem started 4 days ago and I didn't apply any modification on the 
server. 
What else can I look for?


Thank you.

Carp scp loosing connection

2005-10-21 Thread Monah Baki 
Hi all,

I have 2 Rasta 4801 (3.7 current) as a master and backup carp. One solaris 10
server is behind them. When I try to scp a 600MB file from 1 solaris server
outside the network to the solaris server behind the net4801, I get network
error: connection reset by peer error.
If I halt the master carp and the backup becomes master, no problem all 600MB
gets transfered.
I then went ahead and deleted the file and rebooted the the master, the
current Master switched to backup, and I did the copy a network error:
connection reset by peer showed up.

My pf.conf file on both machines are identical.

Thank you.

/etc/pf.conf
-
ext_if=sis0
int_if=sis1
ext_net=104.83.19.0/24
int_net=172.16.0.0/24


carp5=carp5

ross=172.16.0.3
ross_int_webzone=172.16.0.4

tcp_services={22, 80}
dns_services={53}

set timeout interval 10
set timeout frag 30
set block-policy return
set loginterface sis0
set skip on lo0

# scrub in all

nat on $ext_if from $int_net to any - $ext_if static-port

rdr on $ext_if proto tcp from any to $carp5 port 22 - $ross_int_webzone port 22

# Deny all packets
block in on sis0 all

pass in quick on $int_if all
pass out quick on $int_if all

pass in quick on $ext_if inet proto tcp from any to any port $tcp_services
flags S/SA keep state
pass out quick on $ext_if inet proto tcp from any to any port $tcp_services
flags S/SA keep state

pass in quick on $carp5 inet proto tcp from any to any port $tcp_services keep
state
pass out quick on $carp5 inet proto tcp from any to any port $tcp_services
keep state


pass quick on lo0 all

pass quick on { sis2 } proto pfsync
pass in quick on { sis0 sis1 } proto carp keep state
 
# Filter rules for sis0 outbound
block out on sis0 all

# pass in all
# pass out all




My master carp has the following:
-
 ifconfig carp5 create
 ifconfig carp5 vhid 5 carpdev sis0 pass netpasswd advskew 0 104.83.19.244
netmask 255.255.255.0



My backup carp has the following:
-
 ifconfig carp5 create
 ifconfig carp5 vhid 5 carpdev sis0 pass netpasswd advskew 128 104.83.19.244
netmask 255.255.255.0

Carp scp loosing connection

2005-10-21 Thread Monah Baki 
Hi all,

I have 2 Rasta 4801 (3.7 current) as a master and backup carp. One solaris 10
server is behind them. When I try to scp a 600MB file from 1 solaris server
outside the network to the solaris server behind the net4801, I get network
error: connection reset by peer error.
If I halt the master carp and the backup becomes master, no problem all 600MB
gets transfered. If I also halt the backup and the master is running by
itself, no problem either.
I then went ahead and deleted the file and rebooted the the master, the
current Master switched to backup, and I did the copy a network error:
connection reset by peer showed up.

So far its a either this or that running but not both, I'm completely lost here.

My pf.conf file on both machines are identical.

Thank you.

/etc/pf.conf
-
ext_if=sis0
int_if=sis1
ext_net=104.83.19.0/24
int_net=172.16.0.0/24


carp5=carp5

ross=172.16.0.3
ross_int_webzone=172.16.0.4

tcp_services={22, 80}
dns_services={53}

set timeout interval 10
set timeout frag 30
set block-policy return
set loginterface sis0
set skip on lo0

# scrub in all

nat on $ext_if from $int_net to any - $ext_if static-port

rdr on $ext_if proto tcp from any to $carp5 port 22 - $ross_int_webzone port 22

# Deny all packets
block in on sis0 all

pass in quick on $int_if all
pass out quick on $int_if all

pass in quick on $ext_if inet proto tcp from any to any port $tcp_services
flags S/SA keep state
pass out quick on $ext_if inet proto tcp from any to any port $tcp_services
flags S/SA keep state

pass in quick on $carp5 inet proto tcp from any to any port $tcp_services keep
state
pass out quick on $carp5 inet proto tcp from any to any port $tcp_services
keep state


pass quick on lo0 all

pass quick on { sis2 } proto pfsync
pass in quick on { sis0 sis1 } proto carp keep state
 
# Filter rules for sis0 outbound
block out on sis0 all

# pass in all
# pass out all




My master carp has the following:
-
 ifconfig carp5 create
 ifconfig carp5 vhid 5 carpdev sis0 pass netpasswd advskew 0 104.83.19.244
netmask 255.255.255.0



My backup carp has the following:
-
 ifconfig carp5 create
 ifconfig carp5 vhid 5 carpdev sis0 pass netpasswd advskew 128 104.83.19.244
netmask 255.255.255.0

Fw: Carp scp loosing connection

2005-10-21 Thread Monah Baki 
Sorry all a soekris 4801 not rasta, my mistake.


Hi all,

I have 2 Rasta 4801 (3.7 current) as a master and backup carp. One solaris 10
server is behind them. When I try to scp a 600MB file from 1 solaris server
outside the network to the solaris server behind the net4801, I get network
error: connection reset by peer error.
If I halt the master carp and the backup becomes master, no problem all 600MB
gets transfered. If I also halt the backup and the master is running by
itself, no problem either.
I then went ahead and deleted the file and rebooted the the master, the
current Master switched to backup, and I did the copy a network error:
connection reset by peer showed up.

So far its a either this or that running but not both, I'm completely lost here.

My pf.conf file on both machines are identical.

Thank you.

/etc/pf.conf
-
ext_if=sis0
int_if=sis1
ext_net=104.83.19.0/24
int_net=172.16.0.0/24

carp5=carp5

ross=172.16.0.3
ross_int_webzone=172.16.0.4

tcp_services={22, 80}
dns_services={53}

set timeout interval 10
set timeout frag 30
set block-policy return
set loginterface sis0
set skip on lo0

# scrub in all

nat on $ext_if from $int_net to any - $ext_if static-port

rdr on $ext_if proto tcp from any to $carp5 port 22 - $ross_int_webzone port 22

# Deny all packets
block in on sis0 all

pass in quick on $int_if all
pass out quick on $int_if all

pass in quick on $ext_if inet proto tcp from any to any port $tcp_services
flags S/SA keep state
pass out quick on $ext_if inet proto tcp from any to any port $tcp_services
flags S/SA keep state

pass in quick on $carp5 inet proto tcp from any to any port $tcp_services keep
state
pass out quick on $carp5 inet proto tcp from any to any port $tcp_services
keep state

pass quick on lo0 all

pass quick on { sis2 } proto pfsync
pass in quick on { sis0 sis1 } proto carp keep state

# Filter rules for sis0 outbound
block out on sis0 all

# pass in all
# pass out all

My master carp has the following:
-
 ifconfig carp5 create
 ifconfig carp5 vhid 5 carpdev sis0 pass netpasswd advskew 0 104.83.19.244
netmask 255.255.255.0

My backup carp has the following:
-
 ifconfig carp5 create
 ifconfig carp5 vhid 5 carpdev sis0 pass netpasswd advskew 128 104.83.19.244
netmask 255.255.255.0
--- End of Forwarded Message ---

Pf rule for carp and round-robin

2005-09-08 Thread Monah Baki 
Hi all,

I'm having problems implementing round-robin on a carp interface.

The rule that I have is 

rdr on $ext_if proto tcp from any to $carp5 port 80 \
   - { $web_srvr1, $web_srvr2 } round-robin sticky-address

Does this look correct?, it works if I remove:
{ $web_srvr1, $web_srvr2 } round-robin sticky-address

and just have $web_srvr1 or $web_srvr2, but not both.

ext_if is 133.85.19.240 my public IP address.
carp5 is 133.85.19.244

Thank you

Stupid Carp question

2005-08-04 Thread Monah Baki 
Hi all,

Implementing carp, I have 2 net4801's that seem to be synchronizing, when I do
a ifconfig -a on the secondary I see carp0 on the slave becomes Master when
the primary goes down.
The internal machines are working fine accessing the internet and all.

The pf.conf rule has the 2 rules:

pass quick on { sis2 } proto pfsync
pass on { sis0 sis1 } proto carp keep state


However when I physiclly remove the ethernet cable from sis0 on the master,
the internal machine cannot access the net anymore.
Do I need to copy the pf.conf from the master to the scondary unit, have them
both identical


Thank you

round-robin question

2005-07-12 Thread Monah Baki 
Hi all,

On my openbsd 3.7 bridge, I have the following rule:

rdr on $int_if proto tcp from any to any port 80 - { 144.183.17.82,
144.183.17.84 } round-robin


If I login to a computer it access servers one webpage, if I move to another
computer, it access the seconds server webpage. However, I can't seem to
access the other server from the same computer, it always directs me to the
same server webpage. Am I missing something or this is the way round-robin 
works.


Thank you

Re: sguil and OpenBSD

2005-07-01 Thread Monah Baki 
Those are the steps that I took to install sguil on 3.7. This installation 
assumes server, sensor and 
database is on 1 host.

install Openbsd 3.7

/ 2GB
swap 2GB
/var 5GB
/usr 20GB
/nsm (remainding)

System name: idssrvr
Domain: xxx.com
IP: 10.1.1.82/24
DNS Server: 68.100.16.25
GW: 10.1.1.1

Install src and ports to /usr/src and /usr respectively

add users sguil, mysql and (generic id, to login)
add the generic user to group wheel

Default password for all is welcome

mkdir /usr/local/src

cd /usr/ports/net/wget
make install

cd /usr/ports/net/libnet
make install

pkg_add 
ftp://ftp.openbsd.org/pub/OpenBSD/3.7/packages/i386/mysql-server-4.0.23p1.tgz

/usr/local/bin/mysql_install_db --user=mysql
/usr/local/bin/mysqld_safe --user=mysql 
/usr/local/bin/mysqladmin -u root password 'welcome'
/usr/local/bin/mysql -u root -pwelcome

mysql CREATE DATABASE sguildb;
Query OK, 1 row affected (0.00 sec)

mysql GRANT ALL PRIVILEGES ON *.* TO [EMAIL PROTECTED] IDENTIFIED BY 'welcome' 
WITH GRANT 
OPTION;
Query OK, 0 rows affected (0.00 sec)

mysql GRANT ALL PRIVILEGES ON *.* TO [EMAIL PROTECTED] IDENTIFIED BY 'welcome' 
WITH GRANT 
OPTION;
Query OK, 0 rows affected (0.00 sec)

mysql \q

cd /usr/local/src
wget http://unc.dl.sourceforge.net/sourceforge/sguil/sguil-client-0.5.3.tar.gz
wget http://unc.dl.sourceforge.net/sourceforge/sguil/sguil-server-0.5.3.tar.gz
wget 
http://easynews.dl.sourceforge.net/sourceforge/sguil/sguil-sensor-0.5.3.tar.gz

tar -xvzf sguil-client-0.5.3.tar.gz
tar -xvzf sguil-server-0.5.3.tar.gz
tar -xvzf sguil-sensor-0.5.3.tar.gz

mv sguil-0.5.3 sguil
cd sguil/server
/usr/local/bin/mysql -u sguil -p -D sguildb  ./sql_scripts/create_sguildb.sql 
Enter Password: welcome

/usr/local/bin/mysql -u sguil -p -e show tables sguildb 
Enter password: welcome
+---+
| Tables_in_sguildb |
+---+
| data  |
| event |
| history   |
| icmphdr   |
| nessus|
| nessus_data   |
| portscan  |
| sancp |
| sensor|
| sessions  |
| status|
| tcphdr|
| udphdr|
| user_info |
| version   |
+---+


mkdir /etc/sguild
cd /usr/local/src/sguil/server
cp sguild.users sguild.conf sguild.queries sguild.access autocat.conf 
/etc/sguild 

cd /usr/local/src
wget http://easynews.dl.sourceforge.net/sourceforge/tcl/tcl8.4.9-src.tar.gz
wget http://easynews.dl.sourceforge.net/sourceforge/tcl/tk8.4.9-src.tar.gz
wget http://easynews.dl.sourceforge.net/sourceforge/tcllib/tcllib-1.7.tar.gz
wget http://internap.dl.sourceforge.net/sourceforge/tclx/tclx8.3.5-src.tar.gz
wget http://www.xdobry.de/mysqltcl/mysqltcl-2.51.tar.gz
wget http://easynews.dl.sourceforge.net/sourceforge/tls/tls1.5.0-src.tar.gz

for i in *.gz; do tar xvzf $i;done

cd /usr/local/src/tcl8.4.9/unix
./configure  make  make install

cd /usr/local/src/tk8.4.9/unix
./configure  make  make install

ln -s /usr/local/bin/tclsh8.4 /usr/local/bin/tclsh 

cd /usr/local/src/tcllib-1.7
./configure  make  make install

cd /usr/local/src/sancp-1.6.1
make
cp sancp /usr/local/bin

cd /usr/local/src/tclx8.3.5/unix
./configure  make  make install

cd /usr/local/src/mysqltcl-2.51
ln -s /usr/local/lib/mysql/libmysqlclient.so.12.0 
/usr/local/lib/libmysqlclient.so
env CC=gcc ./configure --with-mysql-include=/usr/local/include/mysql 
--with-mysql-lib=/usr/
local/lib
make  make install

cd /usr/local/src/tls1.5
./configure --with-tcl=/usr/local/lib --with-tcl-include=/usr/local/include 
--with-ssl-dir=/usr
make  make install

(FOR TESTING TO SEE IF IT WORKS)
/usr/local/bin/tcl 
tclpackage require Tclx
8.3
tclpackage require mysqltcl
2.51
tclexit

cd /usr/ports/security/p0f
make install

cd /usr/ports/net/tcpflow
make install

cd /usr/ports/devel/pcre
make install

vi /etc/sguild/sguild.conf
# DataBase Info
set DBNAME sguildb
set DBPASS welcome
set DBHOST localhost
set DBPORT 3306
set DBUSER sguil

set RULESDIR /nsm/ids/rules
set LOCAL_LOG_DIR /nsm/ids/archive
set TCPFLOW /usr/local/bin/tcpflow
set P0F_PATH /usr/local/bin/p0f

cd /usr/local/src
wget http://www.snort.org/dl/current/snort-2.3.3.tar.gz
wget http://www.snort.org/dl/barnyard/barnyard-0.2.0.tar.gz

tar -xvzf snort-2.3.3.tar.gz
mv snort-2.3.3 snort 
cd /usr/local/src/snort/src/preprocessors
cp spp_portscan.c spp_portscan.c.bak
cp spp_stream4.c spp_stream4.c.bak
cp -r /usr/local/src/sguil/sensor/snort_mods/2_1/* .
patch spp_portscan.c  spp_portscan_sguil.patch

cd ../..
./configure --enable-flexresp  make  make install 

mkdir /etc/snort
cp /usr/local/src/snort/etc/snort.conf /etc/snort
cp /usr/local/src/sguil/sensor/sancp/sancp.conf /usr/local/etc/snort/

cd /usr/local/etc/snort
vi sancp.conf

The only element of the sancp.conf file requiring modification is the HOME_NET
variable. Change the HOME_NET variable to reflect the network you wish to
monitor. Using 0.0.0.0 appears to allow monitoring any network. 

In snort.conf you can disable rules so that