Re: diskless client on virtualbox guest
Il 14 Ago 2017 8:12 PM, "Andreas Kusalananda Kähäri" <andreas.kah...@nbis.se> ha scritto: On Mon, Aug 14, 2017 at 06:17:23PM +0200, matteo filippetto wrote: > Hi all, [cut] > PXE boot MAC address 0b:00:27:42:7a:f0, interface em0 [cut] > # cat /etc/ethers > 08:00:27:42:7A:F0 thin1 Ethernet address are not matching. Sorry, that was a mistake copying the message from guest console The right one is 08:00:27:42:7A:F0 and is also the one report on console while booting Regards Cheers, -- Andreas Kusalananda Kähäri, National Bioinformatics Infrastructure Sweden (NBIS), Uppsala University, Sweden.
diskless client on virtualbox guest
Hi all, i'm trying to make a diskless client following this https://man.openbsd.org/diskless (also find this http://kuutorvaja.eenet.ee/wiki/Diskless_OpenBSD and read the tutorial on Absolute OpenBSD ) Both server and client are virtualbox guest. server is amd64 on 6.1. The boot process stop here: (other info here ...) PXE boot MAC address 0b:00:27:42:7a:f0, interface em0 nfs_boot: using interface em0, with revarp & bootparams nfs_boot: client_addr=192.168.20.21 nfs_boot: server_addr=192.168.20.1 hostname=thin1 root on 192.168.20.1:/export/diskless/root swap on 192.168.20.1:/export/diskless/swap exec /sbin/init: error 8 init: not found panic: no init (other info here ...) As a test, i tried to mount nfs directory from a debian system and it's working fine. There are known problems with this procedure or I'm missing something ? Regards Here there are the configurations I'm using # cat /etc/dhcpd.conf shared-network virtualnet { subnet 192.168.20.0 netmask 255.255.255.0 { range 192.168.20.10 192.168.20.20; option routers 192.168.20.1; option broadcast-address 192.168.20.255; } host thin1 { hardware ethernet 08:00:27:42:7A:F0; fixed-address 192.168.20.21; next-server 192.168.20.1; filename "pxeboot"; } } # cat /etc/hosts 127.0.0.1 localhost ::1 localhost 192.168.20.1mtbsd 192.168.20.21 thin1 192.168.20.10 debian1 # cat /etc/ethers 08:00:27:42:7A:F0 thin1 # cat /etc/bootparams thin1 root=192.168.20.1:/export/diskless/root swap=192.168.20.1: /export/diskless/swap # cat /etc/exports /export/diskless -maproot=root -alldirs thin1 /export/diskless -maproot=root -alldirs debian1 /usr -ro thin1 # ls -all /export/diskless/ total 108 drwxr-xr-x 3 root wheel512 Aug 14 17:10 . drwxr-xr-x 3 root wheel512 Aug 14 16:22 .. drwxr-xr-x 14 root wheel512 Aug 14 17:18 root -rw-r--r-- 1 root wheel 125829120 Aug 14 17:10 swap # ls -all /export/diskless/root/sbin/init -r-xr-xr-x 1 root bin 397704 Apr 2 08:55 /export/diskless/root/sbin/init -- Matteo Filippetto
Re: [OT] Cloud storage accessible via sftp or rsync/ssh?
2016-07-20 11:27 GMT+02:00 John Long <codeb...@inbox.lv>: > Can anybody recommend a good cloud storage provider that has access via sftp > or rsync tunneled through ssh? Everything I have found seems targeted at > Windows, Linux, phones etc. with no platform-agnostic interface. > http://www.tarsnap.com Regards -- Matteo Filippetto
Re: Request for Funding our Electricity
15 EUR donation Thanks devs for your great work! -- Matteo Filippetto http://www.op83.eu
Re: start sshd before nfs
2013/3/20 Stuart Henderson s...@spacehopper.org On 2013-03-19, Ted Unangst t...@tedunangst.com wrote: On Tue, Mar 19, 2013 at 18:17, matteo filippetto wrote: Hi, what do you think about starting sshd before mount NFS resources? ssh comes last because users are not allowed onto the system until the system is ready. If your nfs server is that unreliable, use no auto and mount it manually. or -b -b option is perfect thanks -- Matteo Filippetto http://www.op83.eu
problem building kernel
Hi, I have a system at 4.9 on i386 arch. I'm trying to building kernel ( http://www.openbsd.org/faq/faq5.html#BldKernel ) following -current (http://www.openbsd.org/faq/faq5.html#BldGetSrc ) But on every make I get ioconf.c:1053: warning: excess elements in struct initializer ioconf.c:1053: warning: (near initialization for 'cfdata[0]') (see make.log for detailed error message) Any ideas? -- Matteo Filippetto http://www.op83.eu [demime 1.01d removed an attachment of type text/x-log which had a name of make.log] [demime 1.01d removed an attachment of type application/octet-stream which had a name of dmesg.boot]
Re: problem building kernel
Any ideas? If you can't figue out these things yourself, upgrade to a snapshot. Or at least read http://www.openbsd.org/faq/current.html. B B B B -Otto ok, i'll install a snapshot ASAP and let you know Regards Matteo Filippetto -- Matteo Filippetto http://www.op83.eu
Re: problem building kernel
2011/10/12 Otto Moerbeek o...@drijf.net: If you can't figue out these things yourself, upgrade to a snapshot. Or at least read http://www.openbsd.org/faq/current.html. ok I miss this 2011/05/31 - -current config(8) required to build kernel config(8) needs to be built and installed to avoid excess elements in struct initializer errors in ioconf.o during a kernel build:. kernel compiled with no problem, thanks. Regards -- Matteo Filippetto http://www.op83.eu
Re: ftpd server
2011/8/31 fqui nonez fquinon...@gmail.com: Hello I have a ftpd server box, OBSD-4.9, and pflog shows: Aug 29 10:11:03.520900 rule 3/(match) pass in on rl0: 190.87.195.241.2732 192.168.5.2.21: S 2008995709:2008995709(0) win 65535 mss 1452,nop,nop,sackOK Aug 29 10:15:52.825409 rule 3/(match) pass in on rl0: 190.87.195.241.3190 192.168.5.2.21: S 409025537:409025537(0) win 65535 mss 1452,nop,nop,sackOK Aug 29 10:27:40.085461 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 2719210498:2719210554(56) ack 2008995823 win 17424 (DF) [tos 0x10] Aug 29 10:28:44.085510 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:29:48.085560 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:30:52.085653 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:31:56.085655 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:32:29.475695 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 2719185758:2719185814(56) ack 409025651 win 17424 [tos 0x10] Aug 29 10:33:00.085705 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:33:33.475738 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:34:04.085762 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:34:37.475788 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:35:08.085806 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.2732: R 57:57(0) ack 1 win 0 (DF) [tos 0x10] Aug 29 10:35:41.475843 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:36:45.475901 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:37:49.475947 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10] Aug 29 10:38:53.476001 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10] Aug 29 10:39:57.476044 rule 1/(match) block out on rl0: 192.168.5.2.21 190.87.195.241.3190: R 57:57(0) ack 1 win 0 [tos 0x10] pf rules are: set skip on lo block in log all block out log all pass out log quick on rl0 pass in log quick on rl0 proto tcp from any to port {20 21 22} antispoof quick log for rl0 pass B B B B B B # to establish keep-state Hi, please read how the ftp protocol works and which port should be enable in/out from your server http://slacksite.com/other/ftp.html http://www.freesoft.org/CIE/Topics/69.htm Regards -- Matteo Filippetto http://www.op83.eu
Re: OpenBSD in abuse.rfc-ignorant.org
2011/5/16 Gianluca D'Auri Muscelli g...@opensrv.org: blacklist_zone B domain B status B Submitted B B B Added B Rejected B B B B Removed abuse B openbsd.org B B Listed B Sep 8, 2005 6:48 EDT B B Sep 8, 2005 6:49 EDT B B Never Never Why this? http://www.rfc-ignorant.org/policy-abuse.php best regards -- Gianluca D'Auri Muscelli g...@opensrv.org GPG Pub Key: 8312649E http://www.opensrv.org [demime 1.01d removed an attachment of type application/pgp-signature] -- Matteo Filippetto http://op83.blogspot.com
Re: syslog and interfaces
2011/4/19 Julien Dyie mr_jul...@hotmail.com: Hi, after the reading of syslog.conf (5) and syslogd (8), I can't find how to disable syslog's listening on specifical interfaces. Thanks Hi, it's not possible but of course you can use pf rules to block access to port 514 on certain interface. Or maybe you can try syslog-ng from ports (http://openports.se/sysutils/syslog-ng) Best regards -- Matteo Filippetto http://op83.blogspot.com
Re: server openbsd4.7/gateway okey --but client openbsd 4.7 bad
2011/4/19 david carrasco dacar...@gmail.com: friends I do FAQ gateway-home B www.openbsd.org my gateway/dhcp/server(openbsd 4.7) B WORK WELL with client pc-(windowsxp) is okey ifconfig-: active interfaces ping :okey BUT with client dhcp openbsd 4.7 NO WORK ifconfig betwen gateway/cliente no carrier on interfaces ping: no route to host PLEASE HELP I AM NEWBIE Hi, if command ifconfig on openbsd client return status: no carrier it means that the cable isn't connected. Best regards -- Matteo Filippetto http://op83.blogspot.com
Re: server openbsd4.7/gateway okey --but client openbsd 4.7 bad
2011/4/19 david carrasco dacar...@gmail.com: hey friend no , cable is connected, is crossover repeat , is connected BUT if connected to my pc-win xp , WORKS, PLEASE HELP Hi, did you tried with a normal cable and a switch? did you configured dhcp or static address? Bye -- Matteo Filippetto http://op83.blogspot.com
Re: meaning of pflog / tcpdump output
2011/1/22 Johan Helsingius j...@julf.com: Matteo, all you need is at http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdumpapropos=0sektion=0manp ath=OpenBSD+Currentarch=i386format=html Thanks, but as I wrote: I am getting a fair bit of log lines that are shown as rule def/(short), and I can't find anything explaining the meaning of things like (short) - the tcpdump man page only lists short as one of the possible values, without explaining what it means. So the tcpdump(8) page states: reason code B B B B True if the packet was logged with the specified PF B B B B B B B B B B B B reason code. B The known codes are: match, bad-offset, B B B B B B B B B B B B fragment, short, normalize, memory, bad-timestamp, B B B B B B B B B B B B congestion, ip-option, proto-cksum, state-mismatch, B B B B B B B B B B B B state-insert, state-limit, src-limit, and synproxy But... What does reason code short mean? What causes it? I am sure the *meaning* of the reason codes are documented somewhere (rather than just listing the possible codes), but I haven't found it. I guess the next step is to look at the source. B B B B Julf Sorry Johan. I answered too quickly. Best regards -- Matteo Filippetto http://op83.blogspot.com
Re: meaning of pflog / tcpdump output
Another really stupid question - is the full output format of tcpdump when dumping the pflog0 device documented somewhere? I am getting a fair bit of log lines that are shown as rule def/(short), and I can't find anything explaining the meaning of things like (short) - the tcpdump man page only lists short as one of the possible values, without explaining what it means. Hi, all you need is at http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdumpapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html Best regards -- Matteo Filippetto http://op83.blogspot.com
Re: Can't reach www.openbsd.org
I can't reach www.openbsd.org (from 3 locations in Portugal). Is www.openbsd.org down? $ telnet www.openbsd.org 80 Trying 142.244.12.42... telnet: Unable to connect to remote host: No route to host Thanks, Ari Constancio Hi, try it : http://openbsd.org Guillaume. Hi they are not the same website. Best regards -- Matteo Filippetto http://op83.blogspot.com
Re: HP laptops again
Then mail me acpidump -o hp8350 results + dmesg + pcidump -v Hi, I have an hp ProBook 4520s that has problem with acpi (boot only with acpi disable). Do you need my results for those commands? Best regards. -- Matteo Filippetto
4.7 on thin client neoware ca15
Hi all, succesful install of OpenBSD 4.7 release on a thin client neoware ca15 (http://www.parkytowers.me.uk/thin/NeoCA15/). I did a network boot (pxeboot) using bsd.rd as bsd returns a kernel panic. Also I can't install comp47.tgz, game47.tgz and x*.tgz as it has only 256 MB of DOM. All devices are working good. You can find dmseg and pcidump for the working configuration in attachment. Best regards -- Matteo Filippetto OpenBSD 4.7 (GENERIC) #558: Wed Mar 17 20:46:15 MDT 2010 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: VIA Esther processor 400MHz (CentaurHauls 686-class) 400 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2 real mem = 250048512 (238MB) avail mem = 233586688 (222MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 08/12/07, BIOS32 rev. 0 @ 0xfb1f0, SMBIOS rev. 2.3 @ 0xf0800 (33 entries) bios0: vendor Phoenix Technologies, LTD version 6.00 PG date 08/12/2007 bios0: Neoware Inc. Thin Client apm0 at bios0: Power Management spec V1.2 (slowidle) apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0xdf44 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdeb0/144 (7 entries) pcibios0: bad IRQ table checksum pcibios0: PCI BIOS has 7 Interrupt Routing table entries pcibios0: PCI Exclusive IRQs: 5 10 11 pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT8237 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xda00 0xd/0x1800 cpu0 at mainbus0: (uniprocessor) cpu0: RNG AES AES-CTR SHA1 SHA256 RSA pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 VIA CN700 Host rev 0x00 viaagp0 at pchb0: v3 agp0 at viaagp0: aperture at 0xe800, size 0x1000 pchb1 at pci0 dev 0 function 1 VIA CN700 Host rev 0x00 pchb2 at pci0 dev 0 function 2 VIA CN700 Host rev 0x00 pchb3 at pci0 dev 0 function 3 VIA PT890 Host rev 0x00 pchb4 at pci0 dev 0 function 4 VIA CN700 Host rev 0x00 pchb5 at pci0 dev 0 function 7 VIA CN700 Host rev 0x00 ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 VIA S3 Unichrome PRO IGP rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pciide0 at pci0 dev 15 function 0 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: PQI IDE DiskOnModule wd0: 1-sector PIO, LBA, 250MB, 512000 sectors wd0(pciide0:0:0): using PIO mode 0 pciide0: channel 1 disabled (no drives) uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x81: irq 11 uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x81: irq 11 uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x81: irq 5 uhci3 at pci0 dev 16 function 3 VIA VT83C572 USB rev 0x81: irq 5 ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x86: irq 10 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 VIA EHCI root hub rev 2.00/1.00 addr 1 viapm0 at pci0 dev 17 function 0 VIA VT8237 ISA rev 0x00 iic0 at viapm0 eeprom at iic0 addr 0x50 not configured auvia0 at pci0 dev 17 function 5 VIA VT8233 AC97 rev 0x60: irq 10 ac97: codec id 0x56494161 (VIA Technologies VT1612A) ac97: codec features headphone, 18 bit DAC, 18 bit ADC, KS Waves 3D audio0 at auvia0 vr0 at pci0 dev 18 function 0 VIA RhineII-2 rev 0x78: irq 11, address 00:e0:c5:5d:03:c6 ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 10: OUI 0x004063, model 0x0032 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 VIA UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 VIA UHCI root hub rev 1.00/1.00 addr 1 usb4 at uhci3: USB revision 1.0 uhub4 at usb4 VIA UHCI root hub rev 1.00/1.00 addr 1 isa0 at mainbus0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 wbsio0 at isa0 port 0x2e/2: W83697HF rev 0x12 lm1 at wbsio0 port 0x290/8: W83697HF npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 biomask ff6f netmask ff6f ttymask mtrr: Pentium Pro MTRR support vscsi0 at root scsibus0 at vscsi0: 256 targets softraid0 at root root on wd0a swap on wd0b dump on wd0b Domain /dev/pci0: 0:0:0: VIA CN700 Host 0x: Vendor ID: 1106 Product ID: 0314 0x0004: Command: 0006 Status ID: 2230 0x0008: Class: 06 Subclass: 00 Interface: 00 Revision: 00 0x000c: BIST: 00 Header Type: 80 Latency Timer: 08 Cache Line Size: 00 0x0010: BAR mem prefetchable 32bit addr: 0xe800 0x0014: BAR empty () 0x0018: BAR empty () 0x001c: BAR empty () 0x0020: BAR empty () 0x0024: BAR empty () 0x0028: Cardbus
cd arrived in Italy
Hi all, today cd arrived in Italy Thanks! -- Matteo Filippetto
Re: which ISO for a VM?
2010/4/2 Zachary Uram net...@gmail.com: I have never run OpenBSD before and want to try it out. Wondering if there is an ISO I can run in VirtualBox? If not what is the recommended method for users who wish to run OpenBSD in virtualization? Regards, Zach http://www.fidei.org Hi, you can download an iso for i386 here ftp://ftp.eu.openbsd.org/pub/OpenBSD/4.6/i386/install46.iso and if you like it you can also buy bootable cds from openbsd shop. Best regards -- Matteo Filippetto
Re: Blocking Teamviewer
2010/3/26 sonjaya sonj...@gmail.com i try update this threads in my network using squid proxy for all internet access after capture the access.log teamviewer have several server main server teamviewer 1. http://ping3.dyngate.com 2. masterxx.teamviewer.com where xxx = 1 until 17 so become master1.teamviewer.com until master17.teamviewer.com so i made block dst domain in squid.conf . and teamviewer client can't working. i try scan port was using for teamviewer server # nmap ping3.dyngate.com Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:06 WIT Warning: Hostname ping3.dyngate.com resolves to 4 IPs. Using 85.25.143.69. Interesting ports on server340.teamviewer.com (85.25.143.69): Not shown: 997 filtered ports PORT STATE SERVICE 80/tcp open http 843/tcp open unknown 3389/tcp open ms-term-serv Nmap done: 1 IP address (1 host up) scanned in 17.25 seconds # nmap master1.teamviewer.com Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:06 WIT Interesting ports on master.dyngate.com (87.230.73.23): Not shown: 998 filtered ports PORTSTATE SERVICE 80/tcp open http 843/tcp open unknown ini hasil scan client teamviewer # nmap 124.217.230.1xx Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:12 WIT Interesting ports on server404.teamviewer.com (124.217.230.174): Not shown: 997 filtered ports PORT STATE SERVICE 80/tcp open http 843/tcp open unknown 3389/tcp open ms-term-serv Nmap done: 1 IP address (1 host up) scanned in 24.82 seconds so add in pf for blockerd port 843 3389 just that and teamviewer client can't working i hope this will be blocked teamviewer. On Sat, Mar 20, 2010 at 1:22 AM, Siju George sgeorge...@gmail.com wrote: On Fri, Mar 19, 2010 at 10:14 PM, Steve Shockley steve.shock...@shockley.net Presumably you're trying to block it with an OpenBSD firewall. Yes :-) Analyze the protocol, you can probably stop it with a transparent proxy that disallows CONNECT requests. Could you please explain? Or, http://lmgtfy.com/?q=teamviewer+blockl=1 The first thing I did :-) thanks --Siju -- sonjaya http://www.sharenupload.com Hi, my teamviewer works correctly with host serverXXX.teamviewer.com and port 5938 You should block also that port. Best regards -- Matteo Filippetto
Re: help with pf redirection (openbsd 4.6)
2010/3/17 N. Arley Dealey arley.dea...@gmail.com Help! I'm obviously overlooking something really obvious but I just can't see it. I'm building my first PF-based router/firewall using OpenBSD 4.6. For now, what I need it to do is pretty simple: 1. Allow all outbound traffic via NAT and allow all inbound responses. 2. Allow only ssh and auth to the external interface. 3. Redirect to ports (2000 4200) to two different hosts on the internal net. I've created a minimal pf.conf file that I thought would accomplish this. Goals 1 2 are working fine (I can connect outbound from hosts on the internal net and I can connect to the firewall inbound via ssh) but the redirections are not going anywhere. I don't know what to do next other than enable logging, fire up tcpdump and try to see what is actually happening. But I thought I'd ask first if anybody more familiar with pf can see something fundamentally flawed with my config. Here is the pf.conf (slightly edited to obscure the actual IPs) # pf.conf: agilulf.det2.gw00 # # MACROS # # interfaces ifExt = fxp0# 66.b.c.118 ifInt = fxp1# 192.x.y.2 # OPTIONS # set block-policy return set loginterface $ifExt set skip on lo # NAT Redirection # nat on $ifExt from !$ifExt - $ifExt:0 rdr pass on $ifExt proto tcp from any to any port 4200 - 192.x.y.40 port 4200 rdr pass on $ifExt proto tcp from any to any port 2000 - 192.x.y.21 port 2000 # # FILTER RULES # block in pass out keep state # internal clients pass in quick on $ifInt # external pass in inet proto icmp all icmp-type echoreq pass in on $ifExt inet proto tcp from any to $ifExt port { ssh, auth } ###EoF### And here is the result of loading pf.conf # pfctl -vf /etc/pf.conf ifExt = fxp0 ifInt = fxp1 set block-policy return set loginterface fxp0 set skip on { lo } nat on fxp0 inet from ! 66.b.c.118 to any - 66.b.c.118 rdr pass on fxp0 inet proto tcp from any to any port = 4200 - 192.x.y.40 port 4200 rdr pass on fxp0 inet proto tcp from any to any port = 2000 - 192.x.y.21 port 2000 block return in all pass out all flags S/SA keep state pass in quick on fxp1 all flags S/SA keep state pass in on fxp0 inet proto tcp from any to 66.b.c.118 port = ssh flags S/SA keep state pass in on fxp0 inet proto tcp from any to 66.b.c.118 port = auth flags S/SA keep state pass in inet proto icmp all icmp-type echoreq keep state # From the firewall box, I can ping and traceroute successfully to the two destination hosts for the redirections and I can connect to the destination ports of the redirections. I just can't make the redirected connections via the external interface of the firewall. Any help would be greatly appreciated. Hi, maybe you forget a pass rule to allow traffic on port 2000 and 4200? Let me know any news, best regards. -- Matteo Filippetto
Re: installing amd64 using i386 to boot then amd64 for install?
2010/3/16 Cameron Simpson c...@zip.com.au I have the apparently common problem of CD2 (amd64) from the OpenBSD distro not booting on an IBM x336. And of course there's no floppy and the box won't boot off a USB device at all. One of the avenues I'm considering is booting off the i386 CD1 and then using the CD2 disc for the install data. Will that work, or will the i386 install still load up some inappropriate i386 items (eg the boot sector)? Has anyone done this? -- Cameron Simpson c...@zip.com.au DoD#743 http://www.cskk.ezoshosting.com/cs/ If you can't make it out of coathanger wire, you just aren't thinking. - John Whitmore Hi, it's not the same thing and it's not very simple to set up but maybe you can try to boot from lan? Look at http://www.openbsd.org/faq/faq6.html#PXE Best regards -- Matteo Filippetto
Re: pfctl(8): unclear docs
2010/3/16 Toni Mueller openbsd-m...@oeko.net Hi, On Tue, 16.03.2010 at 07:37:42 +0001, Jason McIntyre j...@kerhand.co.uk wrote: On Mon, Mar 15, 2010 at 10:35:23PM +0100, Toni Mueller wrote: An optimizer (or any other such device) which is on by default and claims to not change semantics, should imho be transparent to the user, but this one isn't. If you have other uses of disabling the optimizer except for debugging pf, I'd really like to hear. sorry, you've lost me with the optimiser stuff ;) why are you discussing that? ok, I'll try again: matteo pointed me to an article which says that the problem can be bypassed by using an option to pfctl that disables the optimiser, which is enabled by default. I think that any device that automatically works on the user's input should not alter the documented semantics of what the user input, and on which the user relies. On the contrary, such devices should imho be transparent to the user, but obviously, this optimiser isn't because its use is not orthogonal to the other options of 'pfctl'. Also (I didn't mention this before), since the use of tables is advocated in about any docs (counting statements on this list in for this purpose) that I've read so far, with the optimiser being on by default, using '-R' alone should presently be impossible in the majority of real-world use cases. Therefore I advocate changing the documentation or the implementation to highlight this case of non-orthogonality. Better now? -- Kind regards, --Toni++ Hi all, Toni, the article says that optimizer is enable by default on OpwnBSD 4.2 thus you don't need to pass option -R to pfctl. If you pass that option you get the warning. Best regards. -- Matteo Filippetto
Re: pfctl(8): unclear docs
2010/3/15 Toni Mueller openbsd-m...@oeko.net Hi, I've just run into the following problem on a 4.6 box: /etc/pf.conf (excerpt): table rfc1918 const { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 } block out on $extif from rfc1918 # /sbin/pfctl -F rules -R -f pf.conf rules cleared pfctl: Must enable table loading for optimizations # /sbin/pfctl -s r # Imho, this interaction should be documented in the man page. One needs to specify '-Tl', or else no rules will be loaded. TIA! Kind regards, --Toni++ Hi, for me it works good ... just don't use -R option http://kerneltrap.org/mailarchive/openbsd-misc/2007/4/6/147502 -- Matteo Filippetto
Re: pfctl(8): unclear docs
2010/3/15 Toni Mueller openbsd-m...@oeko.net Hi, On Mon, 15.03.2010 at 12:22:35 +0100, matteo filippetto matteo.filippe...@gmail.com wrote: for me it works good ... just don't use -R option http://kerneltrap.org/mailarchive/openbsd-misc/2007/4/6/147502 thanks for this link. Not using -R is not too good, either, as on this particular box, reloading everything results in a severance of all existing connections. A clarification in the docs is imho the way to go. My 'nroff' is almost nonexistant, but here's a diff: --- pfctl.8.origWed Jun 11 09:23:36 2008 +++ pfctl.8 Mon Mar 15 12:53:04 2010 @@ -354,7 +354,9 @@ Only print errors and warnings. .It Fl R Load only the filter rules present in the rule file. -Other rules and options are ignored. +Other rules and options are ignored. If you are using +tables, you need to also specify one of -T load or +-o none. .It Fl r Perform reverse DNS lookups on states when displaying them. .It Fl s Ar modifier Kind regards, --Toni++ Hi Toni, I find this Starting in OpenBSD 4.2, the default is basic. See pf.conf(5)http://www.openbsd.org/cgi-bin/man.cgi?query=pf.confsektion=5manpath=OpenBSD+4.6for a more complete description. on faq (http://www.openbsd.org/faq/pf/options.html) and also in the man pages http://www.openbsd.org/cgi-bin/man.cgi?query=pf.confsektion=5manpath=OpenBSD+4.6 Best regards -- Matteo Filippetto
autoproxy option in man pages
Hi , while configuring dhcpd I found that option-252 has been changed to autoproxy-script ( as in the source code of tables.c) but there seems to be no reference in the man pages of dhcpd, dhcpd.conf or dhcp-options. How can I help to fix this? Best regards -- Matteo Filippetto
iMac G3 500Mhz
Hi all, a succesfull install of openbsd 4.6 on an iMac G3 500 Mhz running openvpn server. Best regards -- Matteo Filippetto Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2009 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 4.6 (GENERIC) #43: Thu Jul 9 21:29:23 MDT 2009 dera...@macppc.openbsd.org:/usr/src/sys/arch/macppc/compile/GENERIC real mem = 134217728 (128MB) avail mem = 116981760 (111MB) mainbus0 at root: model PowerMac4,1 cpu0 at mainbus0: 750 (Revision 0x3311): 500 MHz: 256KB backside cache mem0 at mainbus0 spdmem0 at mem0: 128MB SDRAM non-parity PC133CL2 memc0 at mainbus0: uni-n kiic0 at memc0 offset 0xf8001000 iic0 at kiic0 mpcpcibr0 at mainbus0 pci: uni-north, Revision 0xff pci0 at mpcpcibr0 bus 0 pchb0 at pci0 dev 11 function 0 Apple Pangea AGP rev 0x00 vgafb0 at pci0 dev 16 function 0 ATI Rage 128 Pro rev 0x00, mmio wsdisplay0 at vgafb0 mux 1: console (std, vt100 emulation) mpcpcibr1 at mainbus0 pci: uni-north, Revision 0x0 pci1 at mpcpcibr1 bus 0 pchb1 at pci1 dev 11 function 0 Apple Pangea rev 0x00 macobio0 at pci1 dev 23 function 0 Apple Pangea Macio rev 0x00 openpic0 at macobio0 offset 0x4: version 0x4614 little endian macgpio0 at macobio0 offset 0x50 macgpio1 at macgpio0 irq 47 programmer-switch at macgpio0 not configured escc-legacy at macobio0 offset 0x12000 not configured zsc0 at macobio0 offset 0x13000: irq 22,50 zstty0 at zsc0 channel 0 zstty1 at zsc0 channel 1 awacs0 at macobio0 offset 0x14000: irq 24,9,10 speaker audio0 at awacs0 timer at macobio0 offset 0x15000 not configured adb0 at macobio0 offset 0x16000 irq 25: via-pmu, 0 targets apm0 at adb0: battery flags 0x9, 0% charged kiic1 at macobio0 offset 0x18000 iic1 at kiic1 wdc0 at macobio0 offset 0x1f000 irq 19: DMA wd0 at wdc0 channel 0 drive 0: ST320410A wd0: 16-sector PIO, LBA, 19536MB, 40011300 sectors atapiscsi0 at wdc0 channel 0 drive 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: LG, CD-ROM CRN-8242B, LASF ATAPI 5/cdrom removable wd0(wdc0:0:0): using PIO mode 4, DMA mode 2 cd0(wdc0:0:1): using PIO mode 4, DMA mode 2 ohci0 at pci1 dev 24 function 0 Apple Pangea USB rev 0x00: irq 27, version 1.0 ohci1 at pci1 dev 25 function 0 Apple Pangea USB rev 0x00: irq 28, version 1.0 usb0 at ohci0: USB revision 1.0 uhub0 at usb0 Apple OHCI root hub rev 1.00/1.00 addr 1 usb1 at ohci1: USB revision 1.0 uhub1 at usb1 Apple OHCI root hub rev 1.00/1.00 addr 1 mpcpcibr2 at mainbus0 pci: uni-north, Revision 0x16 pci2 at mpcpcibr2 bus 0 pchb2 at pci2 dev 11 function 0 Apple Pangea PCI rev 0x00 Apple Pangea FireWire rev 0x00 at pci2 dev 14 function 0 not configured gem0 at pci2 dev 15 function 0 Apple Pangea GMAC rev 0x00: irq 41, address 00:03:93:8d:2b:9c bmtphy0 at gem0 phy 0: BCM5201 10/100 PHY, rev. 2 softraid0 at root bootpath: /p...@f200/mac...@17/at...@1f000/d...@0:/bsd root on wd0a swap on wd0b dump on wd0b arp info overwritten for 192.168.1.205 by 00:14:c1:2b:38:ca on gem0 arp info overwritten for 192.168.1.205 by 00:14:c1:2b:37:d3 on gem0 arp info overwritten for 192.168.1.205 by 00:19:db:fe:64:19 on gem0 syncing disks... done rebooting [ using 437516 bytes of bsd ELF symbol table ] console out [ATY,Rage128P2ks]console in [keyboard] , no keyboard attached, trying usb anyway : memaddr 9400 size 400, : consaddr 96008000, : ioaddr 9002, size 2: memtag 8000, iotag 8000: width 800 linebytes 1024 height 600 depth 8 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2009 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 4.6 (GENERIC) #43: Thu Jul 9 21:29:23 MDT 2009 dera...@macppc.openbsd.org:/usr/src/sys/arch/macppc/compile/GENERIC real mem = 134217728 (128MB) avail mem = 116981760 (111MB) mainbus0 at root: model PowerMac4,1 cpu0 at mainbus0: 750 (Revision 0x3311): 500 MHz: 256KB backside cache mem0 at mainbus0 spdmem0 at mem0: 128MB SDRAM non-parity PC133CL2 memc0 at mainbus0: uni-n kiic0 at memc0 offset 0xf8001000 iic0 at kiic0 mpcpcibr0 at mainbus0 pci: uni-north, Revision 0xff pci0 at mpcpcibr0 bus 0 pchb0 at pci0 dev 11 function 0 Apple Pangea AGP rev 0x00 vgafb0 at pci0 dev 16 function 0 ATI Rage 128 Pro rev 0x00, mmio wsdisplay0 at vgafb0 mux 1: console (std, vt100 emulation) mpcpcibr1 at mainbus0 pci: uni-north, Revision 0x0 pci1 at mpcpcibr1 bus 0 pchb1 at pci1 dev 11 function 0 Apple Pangea rev 0x00 macobio0 at pci1 dev 23 function 0 Apple Pangea Macio rev 0x00 openpic0 at macobio0 offset 0x4: version 0x4614 little endian macgpio0 at macobio0 offset 0x50 macgpio1 at macgpio0 irq 47 programmer-switch at macgpio0 not configured escc-legacy at macobio0 offset 0x12000 not configured zsc0 at macobio0 offset 0x13000: irq 22,50 zstty0 at zsc0 channel 0 zstty1 at zsc0 channel 1 awacs0 at macobio0 offset 0x14000: irq 24,9,10 speaker audio0 at awacs0 timer at macobio0 offset
IBM thinkpad 570E
Hi all, I have succesfully installed openbsd 4.6 on a IBM thinkpad 570E and all working correctly. I'm using also two pcmcia LAN PC CARD. In attachment you can find dmesg. Best regards -- Matteo Filippetto OpenBSD 4.6 (GENERIC) #58: Thu Jul 9 21:24:42 MDT 2009 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class) 449 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 133722112 (127MB) avail mem = 120504320 (114MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/11/99, BIOS32 rev. 0 @ 0xfd840, SMBIOS rev. 2.3 @ 0xe8010 (32 entries) bios0: vendor IBM version IUET25WW date 12/11/1999 bios0: IBM 26445AG apm0 at bios0: Power Management spec V1.2 apm0: AC on, no battery acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xfd7d0/0x830 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdef0/192 (10 entries) pcibios0: PCI Interrupt Router at 000:06:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #5 is the last bus bios0: ROM list: 0xc/0xc000 0xe8000/0x8000 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x03 intelagp0 at pchb0 agp0 at intelagp0: aperture at 0xf800, size 0x400 ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x03 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 Neomagic Magicgraph NM2200 rev 0x20 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) cbb0 at pci0 dev 2 function 0 TI PCI1450 CardBus rev 0x03: irq 11 cbb1 at pci0 dev 2 function 1 TI PCI1450 CardBus rev 0x03: irq 11 clcs0 at pci0 dev 5 function 0 Cirrus Logic CS4280/46xx CrystalClear rev 0x01: irq 11 ac97: codec id 0x43525903 (Cirrus Logic CS4297 rev 3) ac97: codec features headphone, 18 bit DAC, 18 bit ADC, No 3D Stereo piixpcib0 at pci0 dev 6 function 0 Intel 82371AB PIIX4 ISA rev 0x02 pciide0 at pci0 dev 6 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: IBM-DARA-206000 wd0: 16-sector PIO, LBA, 5729MB, 11733120 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: LG, CD-ROM CRN-8241B, 1.23 ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 uhci0 at pci0 dev 6 function 2 Intel 82371AB USB rev 0x01: irq 11 piixpm0 at pci0 dev 6 function 3 Intel 82371AB Power rev 0x03: SMI iic0 at piixpm0 ATT/Lucent LTMODEM rev 0x01 at pci0 dev 7 function 0 not configured cbb0: bad Vcc request. sock_ctrl 0x0, sock_status 0x3b20 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 2 device 0 cacheline 0x8, lattimer 0xb0 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 5 device 0 cacheline 0x8, lattimer 0xb0 pcmcia1 at cardslot1 isa0 at piixpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt2 at isa0 port 0x3bc/4: polled npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec usb0 at uhci0: USB revision 1.0 uhub0 at usb0 Intel UHCI root hub rev 1.00/1.00 addr 1 biomask effd netmask effd ttymask mtrr: Pentium Pro MTRR support cbb0: bad Vcc request. sock_ctrl 0x30, sock_status 0x3b20 xl0 at cardbus0 dev 0 function 0 3Com 3CCFE575CT rev 0x10: irq 11, address 00:04:75:86:ff:d9 tqphy0 at xl0 phy 0: 78Q2120 10/100 PHY, rev. 11 ep1 at pcmcia1 function 0 3Com, Megahertz 574B, B port 0xa000/32: address 00:50:04:fd:8c:07 tqphy1 at ep1 phy 0: 78Q2120 10/100 PHY, rev. 10 softraid0 at root root on wd0a swap on wd0b dump on wd0b clcs0: firmware loaded audio0 at clcs0
Re: 4.6 arriving
2009/10/20 Jasper Valentijn jasper.valent...@gmail.com: CDs just arrived at Hoorn, the Netherlands. Looking great indeed. Listening to the new track, sounding great too!! Many thanks to all who have made this and all previous releases possible! Jasper Valentijn -- B We spend the first twelve months of our children's lives teaching them to walk and talk and the next twelve telling them to sit down and shut up. Arrived in Treviso (Italy). Thank you for your job! -- Matteo Filippetto
Re: Supporting OpenBSD
2009/9/15 Nick Holland n...@holland-consulting.net: Jeffrey 'jf' Lim wrote: On Thu, Sep 10, 2009 at 6:45 PM, Daniel Bolgheroni m...@dbolgheroni.eng.brwrote: On Tue, 8 Sep 2009, Nick Holland wrote: Thanks to those that contribute money and buy CDs. I would like to buy CDs, but in Brazil these kind of products have a high tax fee applied when they hit the harbour. For a $50 CD, I'll probably pay almost $almost $70 to someone I don't want to contribute. This doesn't include the shipment cost (~$30 I suspect). I don't have a Paypal account (yet). If it's worth to trust him, I don't know, but I much prefer to donate $50 (although they will deduct 3.9% in my case, but at least OpenBSD doesn't have the CD cost) than to pay almost the triple to government, shipment, etc. Don't care if I don't get the CDs. Is it possible to OpenBSD to make profit for the project selling books or manuals? I don't know the costs or if it's worth (like CDs are better for the project than T-shirts, mugs, etc.). It's tax free here, and I think: if it's free here, maybe it's somewhere else. Books and manuals are more like t-shirts and mugs than CDs -- relatively high cost, relatively bulky, more variety to inventory. B They also have an added problem of being in a competitive market -- if you want an OpenBSD t-shirt, you will be buying it from OpenBSD. B If you want a book that covers OpenBSD, you can buy it from OpenBSD, or you can buy it at the corner book store and have it tonight, or at BigOnlineBookStore for a substantial discount off list price and special deals with the shipping companies. I'm not sure what the margin on books is, but if you try to price against BigOnlineBookStore.com, I suspect your margin goes pretty close to zero. I have the same concerns as well (i mean the shipping. F, i'll support the project - but not the shipping?). I did get the disc set, though, but.. it would be nice to be able to check out knowing how much i'm supposed to be paying for shipping. Don't get me wrong, pure cash donations work nicely to keep the lights on. Well...briefly. B Based on some numbers Theo showed me after my earlier note, cash donations from the US and Europe are..uhmm... how do I put this...PATHETIC! We are talking the equiv. of less than 10 CDs each. B Canadians are doing a lot better, relatively speaking, but as of Sept 8 (BEFORE I posted my note) all cash donations barely put a dent in the cost of a mini-hackathon. Theo tells me you guys have responded to my note, and thanks to those that did! but there's still a lot of financial slacking goin' on... Nick. One cd set from Italy! :) -- Matteo Filippetto
Re: Wireless USB Adaptor
2009/8/26 Andres Genovez andresgeno...@gmail.com: www.crice.org 2009/8/25 Daniel Bolgheroni m...@dbolgheroni.eng.br On Tue, 25 Aug 2009, Brad Tilley wrote: Hey guys, I'm looking for some generic advice to give folks who cannot or willnot verify what chipset a wireless usb adapter is using before purchase. What do you guys say to people who do not want to use apropos wireless or man ath, but at the same time want to just walk into Walmart (or where ever) and purchase a wireless USB adapter so their OpenBSD Laptop can do 802.11? Are there some percentage rules we can provide? Such as ... 80% of Linksys and 70% of Dlink stuff works. Don't touch XYZ adapters... Again, keeping it simple and in layman terms. Any suggestion outside of RTFM ;) is much appreciated. Maybe it's worth to see this presentation: http://www.openbsd.org/papers/brhard2007/ Cool paper a must read for everyone! Teers, -- Daniel Bolgheroni FEI - Faculdade de Engenharia Industrial http://www.dbolgheroni.eng.br/mykey ASCII ribbon campaign ( ) B against HTML e-mail B X B B B B B B B B B B B / \ Hi, I'm just tryng openbsd on my old notebook and I'm using Linksys WUSB54GC and openbsd 4.5 recognize it very well and works great. Bye, -- Matteo Filippetto