Re: network alias on different network
Thank you Claudio!!! That worked. I am always grateful for the valuable knowledge in the Open BSD community. Thanks, Victor -Original Message- From: Claudio Jeker Sent: Thursday, June 20, 2019 2:31 PM To: Victor Camacho Cc: misc@openbsd.org Subject: Re: network alias on different network On Thu, Jun 20, 2019 at 07:05:57PM +, Victor Camacho wrote: > Hi, > > Using OpenBSD 6.4 and I wanted to run some alias ip addresses on one of the > interfaces. > My question is, can I use a different network as an alias? > > Example: > fw3# more hostname.bge0 > inet 10.2.0.1 255.255.0.0 > inet alias 10.2.1.1 255.255.255.255 > inet alias 10.2.2.1 255.255.255.255 > inet alias 10.2.4.1 255.255.255.255 > inet alias 10.2.6.1 255.255.255.255 > inet alias 172.17.11.1 255.255.255.255 > > I am having a problem pinging on the 172.17.11.0 network. > Ping 172.17.11.1 > Responds, but nothing else on the network. > I saw one thing on the internet that said 'alias' has to be on the same > network, but this was not specific as far as age and what operating system. > To me a router, routes. > Any clarification or better way to handle this would be appreciated. > You need to add the 172.17.11.1 with the correct netmask. The 255.255.255.255 netmask will not allow it to see any other system on that net. The 255.255.255.255 netmask should only be used for additional IPs that are already covered by an other IP address on that interface. Because of this outgoing traffic will use 10.2.0.1 as local IP address an not one of the other (10.2.1.1, 10.2.2.1, ...) unless explicitly bound. When using two different networks on the same interface just configure them the usual way (alias is just telling ifconfig not to replace the first IP address on the interface and instead add another one). > Here is the routing table (with public ip and mac addresses changed or > obscured): > > fw3# route -n show > Routing tables > > Internet: > DestinationGatewayFlags Refs Use Mtu Prio Iface > defaultx.x.x.109 UGS 261 23105124 - 8 dc0 > 224/4 127.0.0.1 URS00 32768 8 lo0 > 10.2/1610.2.0.1 UCn 31 3623 - 4 bge0 > 10.2.0.1 00:16:41:ed:dd:47 UHLl 026952 - 1 bge0 > 10.2.1.1 00:16:41:ed:dd:47 UHLl 0 175419 - 1 bge0 > 10.2.1.1/3210.2.1.1 UCn00 - 4 bge0 > 10.2.1.11 b4:fb:e4:2c:5b:4d UHLc 0 249998 - 3 bge0 > 10.2.1.200 e8:36:17:6e:89:67 UHLc 0 3730 - 3 bge0 > 10.2.1.207 d0:d2:b0:0c:b9:41 UHLc 0 149944 - 3 bge0 > 10.2.1.208 38:89:2c:dd:5c:37 UHLc 0 179441 - 3 bge0 > 10.2.1.213 34:08:bc:be:3f:c6 UHLc 039991 - 3 bge0 > 10.2.1.217 4c:57:ca:08:33:c8 UHLc 0 6704 - 3 bge0 > 10.2.1.221 b0:c0:90:4b:8c:f8 UHLc 1 1299001 - 3 bge0 > 10.2.1.226 78:8a:20:d6:e7:b8 UHLc 0 3626 - 3 bge0 > 10.2.1.243 64:c7:53:aa:68:85 UHLc 0 3720 - 3 bge0 > 10.2.1.245 28:ff:3c:52:6a:51 UHLc 0 171234 - 3 bge0 > 10.2.2.1 00:16:41:ed:dd:47 UHLl 046132 - 1 bge0 > 10.2.2.1/3210.2.2.1 UCn00 - 4 bge0 > 10.2.2.21 ec:b1:d7:f3:09:a9 UHLc 1 252761 - 3 bge0 > 10.2.2.31 ac:1f:6b:96:38:96 UHLc 111629 - 3 bge0 > 10.2.2.61 9c:93:4e:5c:b7:9e UHLc 0 120968 - 3 bge0 > 10.2.2.62 9c:93:4e:2d:87:1f UHLc 0 3833 - 3 bge0 > 10.2.2.101 18:60:24:e3:eb:a1 UHLc 0 1872476 - 3 bge0 > 10.2.2.102 18:60:24:e3:f4:80 UHLc 0 5944221 - 3 bge0 > 10.2.2.103 18:60:24:e3:f3:99 UHLc 0 409286 - 3 bge0 > 10.2.2.104 18:60:24:e3:fb:97 UHLc 0 1452694 - 3 bge0 > 10.2.2.105 64:51:06:2b:ba:8b UHLc 0 559768 - 3 bge0 > 10.2.2.106 18:60:24:e3:f1:d2 UHLc 0 150568 - 3 bge0 > 10.2.2.107 64:51:06:2b:74:a3 UHLc 0 406897 - 3 bge0 > 10.2.2.108 18:60:24:e3:e0:63 UHLc 0 1759000 - 3 bge0 > 10.2.2.150 00:0b:82:c1:04:fb UHLc 020780 - 3 bge0 > 10.2.2.155 00:0b:82:d0:28:0c UHLc 0 3730 - 3 bge0 > 10.2.2.157 00:0b:82:d0:28:00 UHLc 0 3729 - 3 bge0 > 10.2.2.158 00:0b:82:d2:a9:aa UHLc 0 3729 - 3 bge0 > 10.2.2.255 link#1 UHLc 0 3671 - 3 bge0 >
network alias on different network
Hi, Using OpenBSD 6.4 and I wanted to run some alias ip addresses on one of the interfaces. My question is, can I use a different network as an alias? Example: fw3# more hostname.bge0 inet 10.2.0.1 255.255.0.0 inet alias 10.2.1.1 255.255.255.255 inet alias 10.2.2.1 255.255.255.255 inet alias 10.2.4.1 255.255.255.255 inet alias 10.2.6.1 255.255.255.255 inet alias 172.17.11.1 255.255.255.255 I am having a problem pinging on the 172.17.11.0 network. Ping 172.17.11.1 Responds, but nothing else on the network. I saw one thing on the internet that said 'alias' has to be on the same network, but this was not specific as far as age and what operating system. To me a router, routes. Any clarification or better way to handle this would be appreciated. Thanks in advance, Victor Here is the routing table (with public ip and mac addresses changed or obscured): fw3# route -n show Routing tables Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface defaultx.x.x.109 UGS 261 23105124 - 8 dc0 224/4 127.0.0.1 URS00 32768 8 lo0 10.2/1610.2.0.1 UCn 31 3623 - 4 bge0 10.2.0.1 00:16:41:ed:dd:47 UHLl 026952 - 1 bge0 10.2.1.1 00:16:41:ed:dd:47 UHLl 0 175419 - 1 bge0 10.2.1.1/3210.2.1.1 UCn00 - 4 bge0 10.2.1.11 b4:fb:e4:2c:5b:4d UHLc 0 249998 - 3 bge0 10.2.1.200 e8:36:17:6e:89:67 UHLc 0 3730 - 3 bge0 10.2.1.207 d0:d2:b0:0c:b9:41 UHLc 0 149944 - 3 bge0 10.2.1.208 38:89:2c:dd:5c:37 UHLc 0 179441 - 3 bge0 10.2.1.213 34:08:bc:be:3f:c6 UHLc 039991 - 3 bge0 10.2.1.217 4c:57:ca:08:33:c8 UHLc 0 6704 - 3 bge0 10.2.1.221 b0:c0:90:4b:8c:f8 UHLc 1 1299001 - 3 bge0 10.2.1.226 78:8a:20:d6:e7:b8 UHLc 0 3626 - 3 bge0 10.2.1.243 64:c7:53:aa:68:85 UHLc 0 3720 - 3 bge0 10.2.1.245 28:ff:3c:52:6a:51 UHLc 0 171234 - 3 bge0 10.2.2.1 00:16:41:ed:dd:47 UHLl 046132 - 1 bge0 10.2.2.1/3210.2.2.1 UCn00 - 4 bge0 10.2.2.21 ec:b1:d7:f3:09:a9 UHLc 1 252761 - 3 bge0 10.2.2.31 ac:1f:6b:96:38:96 UHLc 111629 - 3 bge0 10.2.2.61 9c:93:4e:5c:b7:9e UHLc 0 120968 - 3 bge0 10.2.2.62 9c:93:4e:2d:87:1f UHLc 0 3833 - 3 bge0 10.2.2.101 18:60:24:e3:eb:a1 UHLc 0 1872476 - 3 bge0 10.2.2.102 18:60:24:e3:f4:80 UHLc 0 5944221 - 3 bge0 10.2.2.103 18:60:24:e3:f3:99 UHLc 0 409286 - 3 bge0 10.2.2.104 18:60:24:e3:fb:97 UHLc 0 1452694 - 3 bge0 10.2.2.105 64:51:06:2b:ba:8b UHLc 0 559768 - 3 bge0 10.2.2.106 18:60:24:e3:f1:d2 UHLc 0 150568 - 3 bge0 10.2.2.107 64:51:06:2b:74:a3 UHLc 0 406897 - 3 bge0 10.2.2.108 18:60:24:e3:e0:63 UHLc 0 1759000 - 3 bge0 10.2.2.150 00:0b:82:c1:04:fb UHLc 020780 - 3 bge0 10.2.2.155 00:0b:82:d0:28:0c UHLc 0 3730 - 3 bge0 10.2.2.157 00:0b:82:d0:28:00 UHLc 0 3729 - 3 bge0 10.2.2.158 00:0b:82:d2:a9:aa UHLc 0 3729 - 3 bge0 10.2.2.255 link#1 UHLc 0 3671 - 3 bge0 10.2.4.1 00:16:41:ed:dd:47 UHLl 075492 - 1 bge0 10.2.4.1/3210.2.4.1 UCn00 - 4 bge0 10.2.4.101 6c:62:6d:93:1e:66 UHLc 1 2203177 - 3 bge0 10.2.4.102 c8:60:00:75:f3:d1 UHLc 015808 - 3 bge0 10.2.4.103 bc:ae:c5:e2:15:eb UHLc 095620 - 3 bge0 10.2.4.255 link#1 UHLc 0 3635 - 3 bge0 10.2.6.1 00:16:41:ed:dd:47 UHLl 00 - 1 bge0 10.2.6.1/3210.2.6.1 UCn00 - 4 bge0 10.2.255.255 10.2.0.1 UHb0 1288 - 1 bge0 x.x.x.108/28 x.x.x.113 UCn2 362071 - 4 dc0 x.x.x.109 54:39:69:1f:23:7c UHLch 1 190137 - 3 dc0 x.x.x.110 00:22:55:69:24:59 UHLc 1 361719 - 3 dc0 x.x.x.113 00:24:e2:3f:ac:54 UHLl 0 195942 - 1 dc0 x.x.x.123 x.x.x.113 UHb00 - 1 dc0 127/8 127.0.0.1 UGRS 00 32768 8 lo0 127.0.0.1 127.0.0.1 UHhl 2 149 32768 1 lo0 172.17.11.100:16:41:ed:dd:47 UHLl 0 1116 - 1 bge0 172.17.11.1/32
Re: Maintaining your system with snapshots
On 2/20/2015 9:21 AM, Steve Williams wrote: On 20/02/2015 2:19 AM, lm wrote: Hi there! I'm giving a try to snapshots for the first time. The system feels great, but I'm having some issues trying to maintain base system and ports synced. I've got a local copy of the complete packages tree for convenience, so I don't have to update base and ports everytime I want to install a new package, but it still seems some packages don't match the base system and they crash. How do you maintain your system fresh? What do you follow? Thanks, Luis Hi, I have been using snapshots for my system, but don't update too often. Sometimes there's a package I want to install, but because my snapshot is old (stale when compared to the current repository), I can't get the package. What I have started to do is download the ports.tar.gz when I install a snapshot. I have no idea if this is a supported approach, but I've never had a problem building from ports when I need something after the fact. The downside of doing this is I get MANY packages installed that are dependencies of building a port. For example: autoconf-2.13p2 automatically configure source code on many Un*x platforms autoconf-2.52p4 automatically configure source code on many Un*x platforms autoconf-2.59p3 automatically configure source code on many Un*x platforms autoconf-2.61p3 automatically configure source code on many Un*x platforms autoconf-2.64 automatically configure source code on many Un*x platforms autoconf-2.65 automatically configure source code on many Un*x platforms autoconf-2.69p0 automatically configure source code on many Un*x platforms Yes, I've had this system going for a while! lol. Cheers, Steve W. +1 I do the exact same thing. I have a machine up for couple of weeks and want to add some newer software I compile from ports that I had downloaded with the snapshot on a test computer. If it works fine, if not, I check current snapshot or other version. To me that freedom is one of the great things about OpenBSD. Thank you developers! Victor
Re: Hang possibly related to pipex
On 7/3/2013 6:55 AM, Marko Cupać wrote: I have a machine that has been serving as NAT gateway and VPN server (both pptp/poptop and openvpn) since 5.0 without problems. On 5.2 I switched poptop to npppd compiled from sources and was very happy with it. With release of 5.3 I added second machine as CARP failover backup. In last 10 days machine hanged twice. I do not have hang message from the first time, but this time i read this: uvm_fault(0xd8f5f680, 0x0, 0, 3) - e kernel: page fault trap, code=0 Stopped at pipex_close_session+0xc4: movl %eax,0x6c(%exc) ddb{3} Below is my dmesg: OpenBSD 5.3 (GENERIC.MP) #58: Tue Mar 12 18:43:53 MDT 2013 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Xeon(R) CPU E5420 @ 2.50GHz (GenuineIntel 686-class) 2.51 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,LAHF,PERF real mem = 2145267712 (2045MB) avail mem = 2099216384 (2001MB) snip... On 7/5/2013 2:05 AM, Marko Cupać in another thread wrote: I find it sad that it is now third day that noone responded to my call for help with system hang, at least something like ask on bugs list, while threads like this get 15 responses in a matter of hours :( Hi Marko, My guess is that you did not included enough information for anybody to make a reasonable assumption about the problem you are having. You mention that you added second machine with CARP but you did not include a pf.conf. And you did not include any other configuration information about the packages you mentioned. Try again with important information. http://openbsd.com/mail.html Hope this helps, Victor
Re: Asus M4A78LT-M or M4A88T-V EVO/USB3?
On 3/23/2011 12:59 PM, Fasil Alemante (falem...@princeton.edu) wrote: Good point, but isn't ECC memory more expensive? Still, it's likely just ignorance or lack of care. Interesting article on Wikipedia : http://en.wikipedia.org/wiki/Dynamic_random-access_memory One part of the article says that bit flip may not happen as much as it use too. But I did not check their references. At Crucial 8GB kit is 99.99 for Non-ECC and 137.99 for 8GB Kit ECC memory for the Asus M4A78LT-M. I will keep using it when I can. Victor
Re: Asus M4A78LT-M or M4A88T-V EVO/USB3?
Some pros, cons and observations: Pros: - ECC memory is supported, as is Chipkill. I'm running ECC in Chipkill mode on mine. The BIOS option for DCT Unganged Mode must be set to Auto to enable Chipkill. A little off topic: Three cheers to Asus and their support of ECC memory. It amazes me that the you can buy server boards that do not support ECC memory. And I appreciate that I can buy inexpensive desktop boards that allow me to use ECC memory like ASUS. I am not sure why computer users are not as concerned about ECC memory any more. I still have memory chips fail on systems. Just wanted to give them a pat on the back. Victor Camacho
Re: [OT] OpenBSD on plugcomputers
On 2/15/2011 12:31 AM, Sean Kamath wrote: On Feb 14, 2011, at 3:32 PM, Ron McDowell wrote: Or just get an Alix board http://www.pcengines.ch/alix3d3.htm [available stateside from netgate.com] for projects like this. AMD Geode CPU, common VGA/USB keyboard input, i386 versions of most OSes work, I have 4.7 i386 running on one with a couple 500gb USB drives as a backup server. I'll second that -- makes a great personal firewall. Also, I bought mine directly from pcengines.ch -- got it in like 3 days. I was amazed. Had to get the P/S from netgate (though it will take anything from 5v-18v). I loved 'em so much with OpenBSD on 'em I ended up buying a bunch for OOB connection to servers. . . Sean I also have started to use these for my main point for OOB connections to boxes. For low power backup boxes with more expansion options, I have been surprised by The Atom boards. And I am looking forward to the new AMD low power options. Victor
Re: 4.6 arriving
CD Showed up in San Antonio Texas on Monday, Oct. 6. Thank you Theo and all the developers. I appreciate and am grateful for the hard work and pride you put into OpenBSD. Thank You, Victor Camacho
Re: 2008-11-20 snapshot gives wpi0: radio is disabled by hardware switch
Peter N. M. Hansteen wrote: The wpi in my ThinkPad R60 has worked as flawlessly as those things do for quite a while now, but after upgrading to the latest snapshot and installing the result of `ftp http://damien.bergamini.free.fr/packages/openbsd/wpi-firmware-3.0.tgz` the system now claims the wpi wireless has been disabled by a hardware switch when I try to run `dhclient wpi0`. Unfortunately there is (as far as I am aware) no such switch in the system. Hopefully this is fixable. Hi Peter, Some of the ThinkPads do have a manual switch on the case. Found this out when client called with not being able to use the Fn key combination to turn on wireless. I enjoyed your book and hope this helps, Victor Camacho
Re: machine which freeze with openbsd 4.2
Matthieu Herrb wrote: I see the re(4) hanging my machine problem too. One more data point: cnst@ found out that having lots of multicast traffic on you local net (Mac OS X machines, IPv6,...) greatly increases the probability of such hangs happening. Just to add to this thread for the archive. I have a new Intel D945GCNL board with the Realtek card. re0 at pci2 dev 0 function 0 Realtek 8168 rev 0x01: RTL8168 2 (0x3800), irq 10, address 00:19:d1:8c:58:33 rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2 I set the machine up and it worked fine in my office. I took to clients and machine would hang when booted. I finally figured it was the network and tried moving the connection. Machine would hang when connected to the gig port on the Netgear or Cisco switch. The machine would also hang when connected to the 100M port on the Cisco switch. The machine would lock hard without any response from keyboard. I did not try serial port. I did not have this problem with the gig port on the Netgear at my office. I am assuming that as Matthieu mentions, it is network noise related. My office has about 10 computers on the network and the client has over 50 network connections. I hope this information helps someone. Thanks, Victor here is my dmesg: OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC RTC BIOS diagnostic error 80clock_battery cpu0: Intel(R) Celeron(R) CPU 2.80GHz (GenuineIntel 686-class) 2.80 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CNXT-ID,CX16,xTPR real mem = 1062379520 (1013MB) avail mem = 1019621376 (972MB) RTC BIOS diagnostic error 80clock_battery mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 05/23/07, SMBIOS rev. 2.4 @ 0xe44a0 (29 entries) bios0: vendor Intel Corp. version NL94510J.86A.0010.2007.0523.1650 date 05/23/2007 bios0: Intel Corporation D945GCNL apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown, estimated 0:00 hours apm0: flags 30102 dobusy 0 doidle 1 pcibios at bios0 function 0x1a not configured bios0: ROM list: 0xc/0xae00! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82945GP rev 0x02: rng active, 800Kb/sec vga1 at pci0 dev 2 function 0 Intel 82945G Video rev 0x02: aperture at 0x4000, size 0x1000 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x01: irq 9 azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: Realtek/0x0888 (rev. 0.1), HDA version 1.0 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01 pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x01 pci2 at ppb1 bus 2 re0 at pci2 dev 0 function 0 Realtek 8168 rev 0x01: RTL8168 2 (0x3800), irq 10, address 00:19:d1:8c:58:33 rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2 ppb2 at pci0 dev 28 function 2 Intel 82801GB PCIE rev 0x01 pci3 at ppb2 bus 3 ppb3 at pci0 dev 28 function 3 Intel 82801GB PCIE rev 0x01 pci4 at ppb3 bus 4 uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x01: irq 11 uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x01: irq 9 uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x01: irq 10 uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x01: irq 11 ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x01: irq 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1 ppb4 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xe1 pci5 at ppb4 bus 5 ichpcib0 at pci0 dev 31 function 0 Intel 82801GB LPC rev 0x01: PM disabled pciide0 at pci0 dev 31 function 1 Intel 82801GB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: E-IDE CD, -956E/AKV, R9AS SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) pciide1 at pci0 dev 31 function 2 Intel 82801GB SATA rev 0x01: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using irq 9 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: ST3500630NS wd0: 16-sector PIO, LBA48, 476940MB, 976773168 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 ichiic0 at pci0 dev 31 function 3 Intel 82801GB SMBus rev 0x01: irq 9 iic0 at ichiic0 usb1 at uhci0: USB revision 1.0 uhub1 at usb1: Intel UHCI root hub, rev 1.00/1.00, addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2: Intel UHCI root hub, rev 1.00/1.00, addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3: Intel UHCI root hub, rev 1.00/1.00, addr 1 usb4 at uhci3: USB revision 1.0 uhub4 at usb4: Intel UHCI root hub, rev
Re: Marginal boot CD #1 in OpenBSD 4.2 sets
Austin Hook wrote: I understand that some people have experienced boot problems with CD #1 in the new 4.2 release set, mainly with older machines. There are cases where the same CD works with a newer machine, but fails to boot with an older one. I presume this means the track alignment is marginal in some cases. I am not tracking misc@ We would like to send out replacement CD's for anyone with those problems so that we can see if the problem is with all CDs of the current release, or only with some of them. Please contact me if you have seen this problem. Austin Hook OpenBSD distribution Milk River, AB I installed 4.2 on new system without any problems. I tried to install 4.2 on an old p3-500 that currently has 4.1 installed. The system was set to boot off CD first but it would not boot. It would look at the CD and then boot off the hard drive. I tried multiple times and confirmed the BIOS settings. I wiped the drive and tried again. I received errors similar to those listed below when trying to boot from the CD. (this was from a post when I was tracing the problem.) I booted from a 4.2 current disk I had created a few weeks ago and then put the 4.2 CD mailed to me in the drive when it came time to extract the files and everything is working. If you want me to get the exact error message or if you need any other information, please let me know. You do not need to send me a replacement CD, but if you would like me to test a CD I will be happy to test it. Order number 2007/10/17-15:22:15-30930 Thank you and the whole OpenBSD team for your work and dedication, Victor Camacho Errors when booting from 4.2 CD: open(hd0a:/etc/boot.conf): Invalid argument boot booting hd0a:/bsd: open hd0a:/bsd: Invalid argument failed(22). will try /obsd boot booting hd0a:/obsd: open hd0a:/obsd: Invalid argument failed(22). will try /bsd.old boot booting hd0a:/bsd.old: open hd0a:/bsd.old: Invalid argument failed(22). will try /bsd boot booting hd0a:/bsd: open hd0a:/bsd: Invalid argument failed(22). will try /obsd boot booting hd0a:/obsd: open hd0a:/obsd: Invalid argument failed(22). will try /bsd.old boot booting hd0a:/bsd.old: open hd0a:/bsd.old: Invalid argument failed(22). will try /bsd Turning timeout off boot
Re: webbased authpf ?
Joachim Schipper wrote: On Fri, Sep 15, 2006 at 02:18:58PM -0500, Victor Camacho wrote: Jeff Quast wrote: On 9/15/06, Joachim Schipper [EMAIL PROTECTED] wrote: It would probably be best to let a daemon or cronjob outside the chroot read it; a socket or even a simple pipe in the chroot is sufficient to signal a daemon, or even send the whole IP address. Of course, this does result in a two-part script, but the seperation is likely to be a good thing from a security standpoint. This design is mentioned alot. I understand it, and it would probobly be best solution. Does anybody have a simple two-bin C app that communicates over a pipe that functions for this purpose? I suppose I could pull out my richard stevens AUP... I see this recommended alot. So somebody had to actualy sat down and do this at some point. Care to share? I have two perl scripts that I used to implement wireless Internet access. There are a few holes but it is a work in progress. My next step is to change it to allow users that do not have ssh, access to our network. Some, airports only allow port 80 so I need to deal with that. The way the scripts work: PF redirects all users that are not in the goodip table to a default web page. They are asked for a user name and password. When they hit enter, the first script handles the input. The perl script checks the user name and password and if it is correct it sends the IP address over a socket to the access server script that then adds the ip to the goodip table. If the user then enters a new web page then they are directed because PF will now have them in the good ip table. Things that need to be fixed or considered. Consider using authpf. Not really necessary, is it? I have not used authpf before and I was not sure if there was any advantage to it. I did not add perl to the Apache chroot. When this is done, will the socket still work? You do need perl (either /usr/bin/perl or mod_perl, plus supporting files) in the chroot of Apache, or perl scripts won't work. However, sockets work just fine across chroot. Thanks for the information. I have user name and password in the perl script. This is not secure. Simple pass whatever the user entered to the second script, and validate there. Great idea. I have to write a script to clean the goodip table every so often. Well, and *this* is the reason I didn't try to write something last night; a good solution to this problem would be much appreciated... There are many half-assed solutions. A possible solution is just pinging the host every five seconds and dropping the connection as soon as no return packets are received; this is dependent on the security of the underlying medium, but since the original design already is, that's no biggy. (Of course, this consideration makes this solution much less useful than it appears to be, but again, that's no news). A solution that might actually works involves Java or some other client-side scripting and authpf. Joachim For one application the usage expires at closing time. For the other, the people access the network at all hours and your client side scripting may be the answer. Thank you very much for you input. Victor
Re: webbased authpf ?
Jeff Quast wrote: On 9/15/06, Joachim Schipper [EMAIL PROTECTED] wrote: It would probably be best to let a daemon or cronjob outside the chroot read it; a socket or even a simple pipe in the chroot is sufficient to signal a daemon, or even send the whole IP address. Of course, this does result in a two-part script, but the seperation is likely to be a good thing from a security standpoint. Joachim This design is mentioned alot. I understand it, and it would probobly be best solution. Does anybody have a simple two-bin C app that communicates over a pipe that functions for this purpose? I suppose I could pull out my richard stevens AUP... I see this recommended alot. So somebody had to actualy sat down and do this at some point. Care to share? I have two perl scripts that I used to implement wireless Internet access. There are a few holes but it is a work in progress. My next step is to change it to allow users that do not have ssh, access to our network. Some, airports only allow port 80 so I need to deal with that. The way the scripts work: PF redirects all users that are not in the goodip table to a default web page. They are asked for a user name and password. When they hit enter, the first script handles the input. The perl script checks the user name and password and if it is correct it sends the IP address over a socket to the access server script that then adds the ip to the goodip table. If the user then enters a new web page then they are directed because PF will now have them in the good ip table. Things that need to be fixed or considered. Consider using authpf. I did not add perl to the Apache chroot. When this is done, will the socket still work? I have user name and password in the perl script. This is not secure. I have to write a script to clean the goodip table every so often. Web page does not always show proper information. I redirect the first hit, but when they hit home, their cache shows the login page. I am new to perl. If you are interested, let me know and I will e-mail or post the code (very small scripts). Victor Camacho