fatal page fault in supervisor mode
Hi list, I've got this error and I don't what it is about. Is something wrong with my hardware, like RAM? Could someone point me in right direction to resolve this error? Dec 7 11:35:33 gw /bsd: uvm_fault(0xd0a2, 0xcfc0, 0, 3) -> e Dec 7 11:35:33 gw /bsd: fatal page fault (6) in supervisor mode Dec 7 11:35:33 gw /bsd: trap type 6 code 2 eip d056f4a8 cs 50 eflags 210256 cr2 cfc0 cpl 40 Dec 7 11:35:33 gw /bsd: panic: trap type 6, code=2, pc=d056f4a8 Dec 7 11:35:33 gw /bsd: Starting stack trace... Dec 7 11:35:33 gw /bsd: panic(d08d35a6,dc7deabc,d08d6f9e,dc7deabc,2) at panic+0x6a Dec 7 11:35:33 gw /bsd: panic(d08d6f9e,6,2,d056f4a8,50) at panic+0x6a Dec 7 11:35:33 gw /bsd: trap() at trap+0x38f Dec 7 11:35:33 gw /bsd: --- trap (number -809500672) --- Dec 7 11:35:33 gw /bsd: 0x2: Dec 7 11:35:33 gw /bsd: End of stack trace. Dec 7 11:35:33 gw /bsd: panic: mtx_enter: locking against myself Dec 7 11:35:33 gw /bsd: Starting stack trace... Dec 7 11:35:33 gw /bsd: panic(d08d35a6,dc7de72c,dc7de720,d020476c,c0) at panic+0x6a Dec 7 11:35:33 gw /bsd: panic(d02036a2,dc7de75c,d03ee791,d0a181a0,17) at panic+0x6a Dec 7 11:35:33 gw /bsd: mtx_enter(d0a181a0,17,d0a162c0,dc7de780,d02043fc) at mtx_enter+0x62 Dec 7 11:35:33 gw /bsd: pool_get(d0a181a0,2,d6872a18,dc7de8f8,2) at pool_get+0x31 Dec 7 11:35:33 gw /bsd: pf_test_rule(dc7de8d0,dc7de8cc,1,d1ea3900,dc8dab00) at pf_test_rule+0x1ab9 Dec 7 11:35:33 gw /bsd: pf_test(2,1,d1eba030,dc7de9d4,0) at pf_test+0xd4c Dec 7 11:35:33 gw /bsd: ipv4_input(dc8dab00,6,dc7de9ec,d0445b55,d0203776) at ipv4_input+0x20c Dec 7 11:35:33 gw /bsd: ipintr(d0203776,d1e98440,dc7dea0c,d057569f,0) at ipintr+0x73 Dec 7 11:35:33 gw /bsd: netintr(0,200292,0,0,d0202232) at netintr+0xc5 Dec 7 11:35:33 gw /bsd: softintr_dispatch(1) at softintr_dispatch+0x4f Dec 7 11:35:33 gw /bsd: Xsoftnet() at Xsoftnet+0x17 Dec 7 11:35:33 gw /bsd: --- interrupt --- Dec 7 11:35:33 gw /bsd: end(100,dc7deabc,d08d6f9e,dc7deabc,2) at 0xdc7deabc Dec 7 11:35:33 gw /bsd: panic(d08d6f9e,6,2,d056f4a8,50) at panic+0x65 Dec 7 11:35:33 gw /bsd: trap() at trap+0x38f Dec 7 11:35:33 gw /bsd: --- trap (number -809500672) --- Dec 7 11:35:33 gw /bsd: 0x2: Dec 7 11:35:33 gw /bsd: End of stack trace. Dec 7 11:35:33 gw /bsd: OpenBSD 5.0 (GENERIC.MP) #59: Wed Aug 17 10:19:44 MDT 2011 Dec 7 11:35:33 gw /bsd:    dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP Dec 7 11:35:33 gw /bsd: cpu0: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz ("GenuineIntel" 686-class) 2 GHz Dec 7 11:35:33 gw /bsd: cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM Dec 7 11:35:33 gw /bsd: real mem = 1064431616 (1015MB) Dec 7 11:35:33 gw /bsd: avail mem = 1036947456 (988MB) Dec 7 11:35:33 gw /bsd: mainbus0 at root Dec 7 11:35:33 gw /bsd: bios0 at mainbus0: AT/286+ BIOS, date 08/12/08, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.5 @ 0x9f800 (28 entries) Dec 7 11:35:33 gw /bsd: bios0: vendor American Megatrends Inc. version "080014" date 08/12/2008 Dec 7 11:35:33 gw /bsd: bios0: ICP / iEi KINO-9652 Dec 7 11:35:33 gw /bsd: acpi0 at bios0: rev 0 Dec 7 11:35:33 gw /bsd: acpi0: sleep states S0 S1 S4 S5 Dec 7 11:35:33 gw /bsd: acpi0: tables DSDT FACP APIC MCFG OEMB ASF! SSDT Dec 7 11:35:33 gw /bsd: acpi0: wakeup devices P0P2(S4) P0P1(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4) USB2(S4) USB3(S4) EUSB(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) HDAC(S4) USB4(S4) USB5(S4) USBE(S4) GBEC(S4) Dec 7 11:35:33 gw /bsd: acpitimer0 at acpi0: 3579545 Hz, 24 bits Dec 7 11:35:33 gw /bsd: acpimadt0 at acpi0 addr 0xfee0: PC-AT compat Dec 7 11:35:33 gw /bsd: cpu0 at mainbus0: apid 0 (boot processor) Dec 7 11:35:33 gw /bsd: cpu0: apic clock running at 201MHz Dec 7 11:35:33 gw /bsd: cpu1 at mainbus0: apid 1 (application processor) Dec 7 11:35:33 gw /bsd: cpu1: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz ("GenuineIntel" 686-class) 2.02 GHz Dec 7 11:35:33 gw /bsd: cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM Dec 7 11:35:33 gw /bsd: ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins Dec 7 11:35:33 gw /bsd: acpimcfg0 at acpi0 addr 0xe000, bus 0-255 Dec 7 11:35:33 gw /bsd: acpiprt0 at acpi0: bus 0 (PCI0) Dec 7 11:35:33 gw /bsd: acpiprt1 at acpi0: bus -1 (P0P2) Dec 7 11:35:33 gw /bsd: acpiprt2 at acpi0: bus 1 (P0P1) Dec 7 11:35:33 gw /bsd: acpiprt3 at acpi0: bus 2 (P0P4) Dec 7 11:35:33 gw /bsd: acpiprt4 at acpi0: bus 3 (P0P5) Dec 7 11:35:33 gw /bsd: acpiprt5 at acpi0: bus -1 (P0P6) Dec 7 11:35:33 gw /bsd: acpiprt6 at acpi0: bus -1 (P0P7) Dec 7 11:35:33 gw /bsd: acpiprt7 at acpi0: bus -1 (P0P8) Dec 7 11:35:33 gw /bsd: acpiprt8 at acpi0: bus -1 (P0P9) Dec 7 11:
Re[2]: OpenVPN and OBSD 5.1
Also in case of rejection adding route to your box, you have to add source NAT for packets coming from vpn net on local_if. Tue, 16 Oct 2012 13:08:23 -0600 Ð¾Ñ Luis Coronado : > > > > >No, you need to have that route rule in place @snapgear in order to get the > reply from the server. > > -luis > > On Tue, Oct 16, 2012 at 12:52 PM, Alessandro Baggi < >alessandro.ba...@gmail.com> wrote: > > > Hi list, > > i'm setting up a vpn with OpenVPN on OpenBSD 5.1 amd64. (Not IPSec because > > I still do not know how to use well, this will be the next study).
npppd as pptpdserver
I'm trying to setup npppd as change for poptop. I'm able connect to server from Internet, but I'm not able to get access to resources behind server and even server. I repeat all step from here except 1, 2, 3, 6: http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.sbin/npppd/Attic/HOWTO_PIPEX_NPPPD.txt?rev=1.3;content-type=text%2Fplain tun0 used for openvpn, but I need pptp for mobile devices. # uname -vrp 5.1 GENERIC.MP#188 i386 # npppd -d 2012-10-16 22:18:07:NOTICE: Starting npppd pid=25397 version=5.0.0 2012-10-16 22:18:07:NOTICE: Load configuration from='/etc/npppd/npppd.conf' successfully. 2012-10-16 22:18:07:INFO: tun1 Started ip4addr=10.0.0.1 2012-10-16 22:18:07:INFO: Listening /var/run/npppd_ctl (npppd_ctl) 2012-10-16 22:18:07:INFO: pool name=default dyn_pool=[10.0.0.0/25] pool=[10.0.0.0/24] 2012-10-16 22:18:07:INFO: Added 2 routes for new pool addresses 2012-10-16 22:18:07:INFO: Loading pool config successfully. 2012-10-16 22:18:07:INFO: realm name=local(local) Loaded users from='/etc/npppd/npppd-users.csv' successfully. 1 users 2012-10-16 22:18:07:INFO: pptpd Listening 0.0.0.0:1723/tcp (PPTP PAC) [PPTP] 2012-10-16 22:18:07:INFO: pptpd Listening 0.0.0.0:gre (PPTP PAC) 2012-10-16 22:18:07:INFO: tun1 is using ipcp=default(1 pools). 2012-10-16 22:18:34:INFO: pptpd ctrl=0 Starting peer=77.52.3x.x:4411/tcp sock=194.106.x.x:1723/tcp 2012-10-16 22:18:34:INFO: pptpd ctrl=0 RecvSCCRQ protocol_version=1.0 framing=async bearer=analog max_channels=0 firmware_revision=2600(0x0a28) host_name="" vendor_string="Microsoft Windows NT" 2012-10-16 22:18:34:INFO: pptpd ctrl=0 SendSCCRP protocol_version=1.0 result=1 error=0 framing=sync bearer=digital max_channels=4 firmware_revision=1282(0x0502) host_name="" vendor_string="" 2012-10-16 22:18:34:INFO: pptpd ctrl=0 call=0 RecvOCRQ call_id=0 call_serial_number=37740 max_bps=300 min_bps=1 bearer=analog,digital framing=async,sync recv_winsz=64 packet_proccessing_delay=0 phone_nunmber= subaddress= 2012-10-16 22:18:34:INFO: pptpd ctrl=0 call=65160 SendOCRP call_id=65160 peers_call_id=0 result=1 error=0 cause=0 conn_speed=1000 recv_winsz=64 packet_proccessing_delay=0 physical_channel_id=65160 2012-10-16 22:18:34:NOTICE: pptpd ctrl=0 call=65160 logtype=PPPBind ppp=0 2012-10-16 22:18:34:INFO: ppp id=0 layer=base logtype=Started tunnel=PPTP(77.52.x.x:4411) 2012-10-16 22:18:34:INFO: pptpd ctrl=0 call=65160 RecvSLI accm=: 2012-10-16 22:18:34:INFO: ppp id=0 layer=lcp logtype=Opened mru=1400/1400 auth=MS-CHAP-V2 magic=c4655616/38d539d0 2012-10-16 22:18:34:INFO: ppp id=0 layer=lcp RecvId magic=38d539d0 text=MSRASV5.10 2012-10-16 22:18:34:INFO: ppp id=0 layer=lcp RecvId magic=38d539d0 text=MSRAS-0-ASUS-A6J 2012-10-16 22:18:34:INFO: ppp id=0 layer=chap proto=mschap_v2 logtype=Success username="admin" realm=local 2012-10-16 22:18:34:INFO: pptpd ctrl=0 call=65160 RecvSLI accm=: 2012-10-16 22:18:34:INFO: ppp id=0 layer=mppe mismatch our=128bit,stateless peer=mppc,40bit,128bit,56bit,stateless 2012-10-16 22:18:34:INFO: ppp id=0 layer=ipcp IP Address peer=0.0.0.0 our=10.0.0.5. 2012-10-16 22:18:34:INFO: ppp id=0 layer=mppe logtype=Opened our=128bit,stateless peer=128bit,stateless 2012-10-16 22:18:34:INFO: ppp id=0 layer=ipcp logtype=Opened ip=10.0.0.5 assignType=dynamic 2012-10-16 22:18:34:NOTICE: ppp id=0 layer=base logtype=TUNNELSTART user="admin" duration=1sec layer2=PPTP layer2from=77.52.x.x:4411 auth=MS-CHAP-V2 ip=10.0.0.5 iface=tun1 2012-10-16 22:18:34:NOTICE: ppp id=0 layer=base Using pipex=yes # ifconfig lo0: flags=8049 mtu 33196        priority: 0        groups: lo        inet6 ::1 prefixlen 128        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4        inet 127.0.0.1 netmask 0xff00 em0: flags=28843 mtu 1500        lladdr 00:18:7d:0e:f5:34        priority: 0        media: Ethernet autoselect (100baseTX full-duplex)        status: active        inet 192.168.5.80 netmask 0xff00 broadcast 192.168.5.255 em1: flags=28843 mtu 1500        lladdr 00:18:7d:0e:f5:33        priority: 0        groups: egress        media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)        status: active        inet 194.106.x.x netmask 0xfffc broadcast 194.106.218.99 enc0: flags=0<>        priority: 0        groups: enc        status: active rum0: flags=28802 mtu 1500        lladdr 6c:62:6d:12:5d:59        priority: 4        groups: wlan        media: IEEE802.11 autoselect mode 11g hostap        status: no network        ieee80211: nwid OpenBSDwifi chan 2 bssid 6c:62:6d:12:5d:59 100dBm        inet 192.168.55.1 netmask 0xff00 broadcast 192.168.55.255 tun0: flags=8051 mtu 1500        priority: 0        groups: tun        status: active        inet 192.168.99.1 --> 192.168.
combine openvpn & pptpd
I already have hostname.tun0, that used for openvpn: up !/usr/local/sbin/openvpn --daemon --config /etc/openvpn/server.conf how can I run pptpd on that machine in same time? what interface should I create and how to map it to pptpd for five concurrent pptp session? thanks.
source ./vars and pkitool
Hello misc, I know that it is terrible, and many answers on this questions in past, but construction with dot and space before ./vars is work to make ./clean-all and ./build-dh. and something went wrong with ./pkitool # uname -a OpenBSD openbsd 5.0 GENERIC.MP#59 i386 # pwd /etc/openvpn/easy-rsa # . ./vars NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys # ./clean-all # ./build-dh Generating DH parameters, 1024 bit long safe prime, generator 2 This is going to take a long time +..++... .. ...+...++...+..+... ...+..+..++*++*++* # ./pkitool --initca Using CA Common Name: Ektos CA B Please edit the vars script to reflect your configuration, B then source it with "source ./vars". B Next, to start with a fresh PKI configuration and to delete any B previous certificates and keys, run "./clean-all". B Finally, you can run this tool (pkitool) to build certificates/keys.
nut cgi-bin in apache chroot
hello misc. please help to understand how it work? I install nut and nut-cgi from pakages. nut work without any problem: # upsc eaton@localhost battery.charge: 100 battery.charge.low: 20 battery.runtime: 3216 device.mfr: MGE UPS SYSTEMS device.model: EX 2200 device.serial: AQ0L39022 driver.name: mge-shut ... input.frequency: 50 input.voltage: 227 ... ups.load: 11 .. ups.power.nominal: 2200 ups.serial: AQ0L39022 ups.status: OL CHRG .. but I can't set up web for it. I uncomment line in hosts.conf, and change line in upsset.conf to actual. also try any settings in httpd.conf, but result - upsstats.html shows formatted page with " @HOSTLINK@, @VAR ups.model@" and other macros from upsstats.html instead of real parameter. what can be not right? --
Re[2]: start daemon with rc.d
21 P4P5P:P0P1QQ 2011, 14:41 P>Q Antoine Jacoutot : > On Wed, Dec 21, 2011 at 02:26:32PM +0400, pavel pocheptsov wrote: > > Hello misc. > > In old release of OBSD to start daemons with system was used rc.local. > > For example: > > if [ -x /usr/local/bin/mysqld_safe ] ; then > >su -c _mysql root -c '/usr/local/bin/mysqld_safe >/dev/null 2>&1 &' > >echo -n ' mysql' > > fi > > > > In 5.0 have changes described here: http://www.openbsd.org/faq/faq10.html#rc > > and in man rc.d and rc.conf.local. > > The questions is how to start mysqld_safe or cupsd or any other daemon, > > that was placed in /etc/rc.d? > > Add the lines to rc.conf.local like this: > > pkg_scripts="cupsd" > > pkg_scripts="mysqld" > > > > or something else? > > pkg_scripts="cupsd mysqld" > > Order matters, since daemons will be started accordingly. > > -- > Antoine > > Thanks, so old way is no longer needed or it use for daemons, that not properly installed and not put own startup-script in /etc/rc.d?
start daemon with rc.d
Hello misc. In old release of OBSD to start daemons with system was used rc.local. For example: if [ -x /usr/local/bin/mysqld_safe ] ; then su -c _mysql root -c '/usr/local/bin/mysqld_safe >/dev/null 2>&1 &' echo -n ' mysql' fi In 5.0 have changes described here: http://www.openbsd.org/faq/faq10.html#rc and in man rc.d and rc.conf.local. The questions is how to start mysqld_safe or cupsd or any other daemon, that was placed in /etc/rc.d? Add the lines to rc.conf.local like this: pkg_scripts="cupsd" pkg_scripts="mysqld" or something else?
Re: Help setting up a PF NAT gateway
match out on vic2 inet from 10.221.181.0/24 to any nat-to (vic2) round-robin in what reason you paste "round-robin"? also you need pass in on $local_if from $localnet to any pass out on $ext_if from $localnet to any 10 P>P:QQP1QQ 2011, 19:42 P>Q Stefan Midjich : Simplest of things but I'm failing miserably. $ sudo cat /etc/hostname.vic2 # External NIC with static public IPv4 address inet 50.50.50.59 255.255.255.0 50.50.50.255 $ sudo cat /etc/hostname.vic3 # Internal NIC used as gateway by two machines on same network inet 10.221.181.10 255.255.255.0 10.221.181.255 For troubleshooting I have removed the block all rule, to confirm that it is in fact my NAT related rules that don't work. These are my first and only NAT rules. The other rules work fine and are just to allow SSH to my management interface and ICMP response from the external IP and from the internal gateway IP. Besides I've removed the block all so the other rules don't matter much now. match out on vic2 inet from 10.221.181.0/24 to any nat-to (vic2) round-robin pass inet from 10.221.181.0/24 to any flags S/SA keep state With tcpdump I can see packets going to vic3, but no further. With block all commented out I can fully test the network around and everything is working just fine, I can nc -kl 50.50.50.59 65535 and connect to that port from anywhere on the internet. I just can't connect out from the private network through the gateway. The systems in the private network have 10.221.181.10 as their default gateway. I even have the Book of PF 2nd edition here but it's of no use, the rules are mostly from there. Just for troubleshooting I can also nc -kl 10.221.181.10 65535 on the gateway and connect to that port from the private network machines without issues. So please tell me, what am I missing in this nat-to rule? -- Med vdnliga hdlsningar / With kind regards Stefan Midjich
spamd.black & pfctl
hello misc. I have spamd before mail server. and it's work nice with liberal setting like this: spamd_flags="-v -l 127.0.0.1 -G 10:4:864 -h mail.server" pf.conf: table persist table file "/etc/mail/spamd.bypass" table file "/etc/mail/spamd.black" match in on $ext_if_a inet proto tcp from { , } to $ext_if_a port { smtp, smtps } rdr-to match in on $ext_if_a inet proto tcp from { !, ! } to $ext_if_a port { smtp, smtps } tag MAIL_A rdr-to 127.0.0.1 port spamd block in log quick on { $ext_if_a, $ext_if_b } from { , , } to any pass in on $ext_if_a inet proto tcp from any to port { smtp, smtps } synproxy state reply-to ($ext_if_a $ext_gw_a) pass in quick reply-to ($ext_if_a $ext_gw_a) tagged MAIL_A Periodically I receive mail from spammers throuch spamd and antispam setting on mail server. Then I copy-paste IP-adress of spam-sender from field "Received" to spam.txt file on router and do something like this: #cat spam.txt | uniq | sort > /etc/mail/spamd.black or #sort -u spam.txt > /etc/mail/spamd.black and #pfctl -f /etc/pf.conf but I won't want to reload all rules. In best way I want to add in pf table only new IP, that I past in the top of spam.txt file. Also I try to use pfctl -t spamd-black -T flush pfctl -t spamd-black -T add -f /etc/mail/spamd.black to do not touch all pf.conf, but I think when spamd.black table will have big size, the better way is add a new IP in table without reloading or loading big table.
Re: Php cannot connect to mysql
Mik J P?P8QP5Q: # ls /var/www/var/run/mysql/ mysql.sock I hard linked it to /var/run/mysql/ # ln /var/www/var/run/mysql/mysql.sock /var/run/mysql/mysql.sock # ls -la /var/www/var/run/mysql total 8 drwxr-xr-xB 2 _mysqlB _mysqlB 512 Sep 21 21:14 . drwxr-xr-xB 3 rootB B B daemonB 512 Apr 21B 2010 .. srwxrwxrwxB 1 _mysqlB _mysqlB B B 0 Sep 21 21:14 mysql.sock use chmod to change owner to mysql-user
Re[2]: routing problem
28 QP5P=QQP1QQ 2011, 15:28 P>Q "Wesley M." : > The VPN is between a fictif ip address(gives by the_green_bow) to > 10.100.1.0/24 > > Using VPN, i can ping 10.100.1.250 and use also ssh on the box but pings > doesn't work for : 10.100.1.100, and 10.100.1.254. > > On the OpenBSD SIDE : ipsec.conf > > ike dynamic from 10.100.1.0/24 to any \ > main auth hmac-sha1 enc aes-256 group modp1024 \ > quick auth hmac-sha1 enc aes-256 psk demokey > maybe add to ipsec.conf "from any to 10.100.." on remote side "route add 10.100.1.0 mask 255.255.255.0 IP_addres_of_your_vpn_gateway(not real gateway)"
Re: routing problem
what settings on client/home side? B ipconfig /all, route print..etc 28 QP5P=QQP1QQ 2011, 11:18 P>Q "Wesley M." : Hi, I have at work: TS Server : 10.100.1.100 his gateway is 10.100.1.254 (router for private network) Firewall : 10.100.1.250 (OpenBSD 4.9, ADSL : sis0, Lan (10.100.1.0/24) :sis2 On the firewall, i can ping 10.100.1.100 and telnet 10.100.1.100 3389 -> OK When i am at home, i connect to firewall using "thegreenbow" vpn is ok, i can ping 10.100.1.250, use ssh on the firewall, but i can't ping 10.100.1.100 and can't use rdp on this address. my pf rules: ... set skip on {lo,enc0} pass out on sis2 inet proto tcp from $remote to 10.100.1.100 port 3389 pass out inet proto icmp all icmp-type echoreq ... Any idea ? thank you very much. Wesley
Re[2]: Load Balance Outgoing Traffic
26 QP5P=QQP1QQ 2011, 19:50 P>Q "Gonzalo L. R." : > Maybe you can use trunk(4) > so, I need this: # ifconfig trunk0 trunkproto loadbalance trunkport fxp0 trunkport fxp1 \ trunkport fxp2 trunkport fxp3 \ 192.168.1.1 netmask 255.255.255.0 and in pf.conf match out on trunk0 from $local_net to any nat-to $trunk0 set skip on $local_if pass out on $ext0 pass out on $ext1 pass out on $ext2 pass out on $ext3 pass out on trunk0 I feel than something wrong in this way, isn't it? man page say: The trunk protocols loadbalance and roundrobin require a switch which supports IEEE 802.3ad static link aggregation; otherwise protocols such as inet6(4) duplicate address detection (DAD) cannot properly deal with duplicate packets But I know nothing about what devices run after several my $ext_if.
Re[2]: write spamd log to another file
> You grepped out some useful information; most likely you added it to > the end so the previous blocks match first. This might make it clearer: > look's like this: # cat /etc/syslog.conf # $OpenBSD: syslog.conf,v 1.17 2005/05/25 07:35:38 david Exp $ # !!spamd daemon.info /var/log/spamd # *.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages kern.debug;syslog,user.info /var/log/messages auth.info /var/log/authlog authpriv.debug /var/log/secure cron.info /var/cron/log daemon.info /var/log/daemon ftp.info /var/log/xferlog lpr.debug /var/log/lpd-errs mail.info /var/log/maillog #uucp.info /var/log/uucp # Uncomment this line to send "important" messages to the system # console: be aware that this could create lots of output. #*.err;auth.notice;authpriv.none;kern.debug;mail.crit /dev/console # Uncomment this to have all messages of notice level and higher # as well as all authentication messages sent to root. #*.notice;auth.debug root # Everyone gets emergency messages. *.emerg * # Uncomment to log to a central host named "loghost". You need to run # syslogd with the -u option on the remote host if you are using this. # (This is also required to log info from things like routers and # ISDN-equipment). If you run -u, you are vulnerable to syslog bombing, # and should consider blocking external syslog packets. #*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none @loghost #auth,daemon,syslog,user.info;authpriv,kern.debug @loghost # Uncomment to log messages from sudo(8) and chat(8) to their own # respective log files. Matches are done based on the program name. # Program-specific logs: #!sudo #*.* /var/log/sudo #!chat #*.* /var/log/chat !ppp *.* /var/log/ppp # maybe problem in this: # ls -la /var/log/ | grep spamd -rw-r--r-- 1 root wheel 0 Sep 21 21:24 spamd
Re[2]: write spamd log to another file
> See syslog.conf(5) and try !!spamd instead. # ps -ax | grep spamd 8690 ?? Is 0:00.21 spamd: (pf update) (spamd) 21550 ?? S 0:04.81 spamd: [priv] (greylist) (spamd) 12647 ?? S 0:00.11 spamd: (/var/db/spamd update) (spamd) 14455 p0 S+ 0:00.00 grep spamd # ps -ax | grep spamlogd 26048 ?? Ss 0:00.13 /usr/libexec/spamlogd # ps -ax | grep syslogd 10054 ?? Ss 0:00.01 syslogd: [priv] (syslogd) 13536 ?? S 0:00.05 syslogd -a /var/www/dev/log -a /var/named/dev/log -a # cat /etc/syslog.conf | grep spamd !!spamd daemon.info /var/log/spamd you have mail in /var/mail/root # cat /etc/rc.conf | grep spamd spamd_flags=NO # for normal use: "" and see spamd(8) spamd_black=NO # set to YES to run spamd without greylisting # cat /etc/rc.conf | grep spamlogd spamlogd_flags="" # use eg. "-i interface" and see spamlogd(8) # cat /etc/rc.conf.local | grep spamd spamd_flags="-v -l 127.0.0.1 -G 10:4:864 -h myhostname" # kill -HUP `cat /var/run/syslog.pid` # cat /var/log/spamd # tail /var/log/daemon Sep 21 22:14:24 www spamd[21550]: 89.230.147.133: disconnected after 67 seconds. lists: uatraps Sep 21 22:14:24 www spamd[21550]: 89.230.147.133: disconnected after 67 seconds. lists: uatraps still don't work.
write spamd log to another file
OpenBSD 4.7-stable (GENERIC) #3: Mon Sep 27 15:35:17 EEST 2010 # touch /var/log/spamd # cat /etc/syslog.conf | grep spamd !spamd *.* /var/log/spamd # kill -HUP `cat /var/run/syslog.pid` # cat /var/log/spamd # tail /var/log/daemon Sep 21 21:25:42 www spamd[21550]: 74.52.75.222: connected (1/0) Sep 21 21:25:42 www spamd[21550]: 194.88.152.1: connected (2/0) Sep 21 21:25:44 www spamd[21550]: 194.88.152.1: connected (3/0) Sep 21 21:25:53 www spamd[21550]: (GREY) 194.88.152.1: -> Sep 21 21:25:53 www spamd[21550]: 194.88.152.1: disconnected after 11 seconds. Sep 21 21:25:54 www spamd[21550]: (GREY) 74.52.75.222: -> Sep 21 21:25:54 www spamd[21550]: 74.52.75.222: disconnected after 12 seconds. Sep 21 21:25:55 www spamd[21550]: (GREY) 194.88.152.1: -> Sep 21 21:25:55 www spamd[21550]: 194.88.152.1: disconnected after 11 seconds. Sep 21 21:26:22 www spamd[21550]: 78.46.56.77: connected (1/0) # reboot don't help. what is wrong?
tftp - no route to host
openbsd 4.8 # cat inetd.conf | grep tftpd tftpdgram udp waitroot/usr/libexec/tftpd /usr/libexec/tftpd -s /tftpboot # netstat -na | grep .69 udp 0 0 *.69 *.* # cat /etc/pf.conf | grep tftp pass in on $int_if inet proto udp from any to $int_if port tftp # tftp 127.0.0.1 tftp> get 123 Error code 1: File not found tftp> get ekey Received 40 bytes in 0.0 seconds tftp> quit then I try to connect from another machine, and see this message in daemon-log: Apr 29 13:52:35 ipsec2 tftpd[18767]: 127.0.0.1: denied read access to '123' Apr 29 13:53:35 ipsec2 tftpd[24124]: send: No route to host Apr 29 13:53:36 ipsec2 tftpd[15240]: send: No route to host what does it mean?
l2tpd
does openbsd have l2tpd-daemon in packages or ports?
Re[3]: match keyword in pf for "no" action
Fri, 21 Jan 2011 23:14:05 +0200 ohq|ln nr Destan YILANCI : Hi, Use quick keyword and pass packets from table to smtp service. At the second rule redirect packets from any source to spamd port. 2011/1/21 pavel pocheptsov I know about changes in PF sintax: ### nat on $ext_if from 10/8 -> ($ext_if) rdr on $ext_if to ($ext_if) -> 1.2.3.4becomes match out on $ext_if from 10/8 nat-to ($ext_if) match in on $ext_if to ($ext_if) rdr-to 1.2.3.4 and all is work fine. but how to use previosly used: "no rdr on $ext_if inet proto tcp from to port smtp" actually how to use "no" key for nat and rdr rules? I do this to connect goodgays directly to sendmail in next pass-rule. So, I need to do this: match in on $ext_if proto tcp from any to $ext_if port smtp rdr-to 127.0.0.1 port spamd pass in quick on $ext_if proto tcp from to $ext_if port smtp instead of pvevios syntax: no rdr on $ext_if inet proto tcp from to $ext_if port smtp rdr on $ext_if inet proto tcp from any to $ext_if port smtp -> 127.0.0.1 port spamd pass on $ext_if inet proto tcp from any to $ext_if proto smtp
match keyword in pf for "no" action
I know about changes in PF sintax: ### nat on $ext_if from 10/8 -> ($ext_if) rdr on $ext_if to ($ext_if) -> 1.2.3.4becomes match out on $ext_if from 10/8 nat-to ($ext_if) match in on $ext_if to ($ext_if) rdr-to 1.2.3.4 and all is work fine. but how to use previosly used: "no rdr on $ext_if inet proto tcp from to port smtp" actually how to use "no" key for nat and rdr rules? I do this to connect goodgays directly to sendmail in next pass-rule.