Re: What am I doing wrong.
On Fri, Dec 5, 2008 at 4:17 PM, Anathae Townsend <[EMAIL PROTECTED]> wrote: > Checking the owner/group/permissions on my source tree, it's root (as > expected) wsrc (as expected) and rw-r--r--. Okay... the wsrc group only > has read permissions, that would explain why my user can't execute the > config command. Section 2 of man release shows a '$' as the prompt > character for the config command. Doesn't this mean that a member of > wsrc should be able to configure a kernel? Only if they have permission to write to the directory, obviously. The src tree needs to be writable by wsrc for this to work, as it is for a default install.
What am I doing wrong.
Not bothering with the asbestos suit, but still expecting some flamage. On a fresh install of OpenBSD 4.4 current as of 08-11-14, I created my own user with group of wheel, and secondary group of wsrc. Login is set as "staff". /etc/sudoers is set to allow members of wheel to execute it after entering the password or within the standard time after the last sudo. "$cd /usr; sudo cvs -d/cvs get src" was executed after mounting a network share of cvsync copy of the cvs repository. When I go to /etc/src/sys/arch/i386/conf/ to execute "$config GENERIC" it errors out saying I don't have permission to create ../compile/ GENERIC Checking the owner/group/permissions on my source tree, it's root (as expected) wsrc (as expected) and rw-r--r--. Okay... the wsrc group only has read permissions, that would explain why my user can't execute the config command. Section 2 of man release shows a '$' as the prompt character for the config command. Doesn't this mean that a member of wsrc should be able to configure a kernel?
Re: route-to doesnot work for me - what am i doing wrong
On Tue, Oct 14, 2008 at 3:50 PM, Stuart Henderson <[EMAIL PROTECTED]> wrote: >>> pass in quick on $int_if route-to ( $ext_if2 $ext_ifgw ) from >>> to any keep state >>> >>> to route requests from hosts in through the rl2 internet >>> connection but it does not seem to work. > > you should route the packets in the outgoing direction. > Hi Stuart, I did not get what you said. Could you please give an example ? Thanks Siju
Re: route-to doesnot work for me - what am i doing wrong
Hi Siju, isn't this: pass in quick on $int_if route-to ( $ext_if2 $ext_ifgw ) from to any keep state meant to be like this: pass in quick on $int_if route-to { ( $ext_if2 $ext_ifgw ) } from to any keep state Regards, Charlie Siju George wrote: Hi, I have firewall sk0 - LAN Interface rl1 - Primary internet connection rl2 - secondary Internet connection I have a line in pf.conf to route requests from hosts in through the rl2 internet connection but it does not seem to work. the full pf.conf is below === ##NETWORK INTERFACES # int_if="sk0"#HiFX LAN Interface - Connected to Main Swithches - using 172.16.0.0/12 Range. ext_if="rl1"#Dataone Connection - "rl2" interface Connected to the Dataone Router. ext_if2="rl2" ext_ifgw="122.166.40.1" proxy="122.166.40.36" #Private IP Address Range Specified by RFC 1918. # priv_nets="{ 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }" #Computers in HiFX LAN that are permitted to bypass squid to make HTTP and HTTPS connections directly to the Internet # table persist file "/etc/pf-tables/bypass-squid-users" #Websites to which bypassing SQUID is allowed. # table persist file "/etc/pf-tables/bypass-squid-sites" table persist file "/etc/pf-tables/lanspl" table persist file "/etc/pf-tables/adms" table persist file "/etc/pf-tables/vtcservers" table persist file "/etc/pf-tables/bannedIPs" table persist table persist file "/etc/pf-tables/hifxchn2" #Traffic Normalization - Required for "pppoe" connection. # scrub on $ext_if all no-df random-id fragment reassemble ###"Network Address Translation" and "Port Redirection" ###The First Matching rule wins here for any packet and no further "nat" or "rdr" rules are checked. nat-anchor "authpf/*" rdr-anchor "authpf/*" binat-anchor "authpf/*" nat pass on $ext_if from to any -> ($ext_if) nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" rdr pass on $int_if proto tcp from $int_if:network to any port 21 -> 127.0.0.1 port 8021 # redirect to beergas website rdr pass on $ext_if inet proto tcp from any to any port 80 -> 172.16.4.12 port 80 rdr pass on $ext_if inet proto tcp from any to any port 443 -> 172.16.4.12 port 443 ### # nat on $ext_if from to any -> ($ext_if) #NAT connections to specified websites. nat on $ext_if from any to port { 80, 443 } -> ($ext_if) nat on $ext_if from any to port { 80, 443 } -> ($ext_if2) #Block NAT for other hosts to port 80 and 443 on the Internet. #They should all go via SQUID CACHE PROXY # no nat on $ext_if from any to any port { 80, 443 } no nat on $ext_if2 from any to any port { 80, 443 } #Allow NAT for rest of the Computers to Internet - port 80 and 443 is already blocked for these hosts by the rule above. # nat on $ext_if from $int_if:network to any -> ($ext_if) nat on $ext_if2 from $int_if:network to any -> ($ext_if2) #The SQUID CACHE PROXY Listens on localhost interface port 8080 for security reasons. #PROXY configuration for computers in the HIFX LAN Machine in the IP Address of $int_if and port 8080 #Hence all Traffic comming to $int_if port 8080 should be redirected to SQUID running on localhost:8080 # no rdr on $int_if from any to 70.86.222.30 rdr on $int_if proto tcp from any to any port 8080 -> 127.0.0.1 port 8080 ###Filter Rules. ###The last matching rule wins here for packets except when the quick word is used in which case Further rules are not processed. #Starting with a Deny all Traffic Policy. Later rules open up the firewall for required traffic. block all pass in quick on $ext_if inet proto tcp from any to any port ssh keep state #Blocking RFC1918 Traffic. block in log quick on $ext_if from $priv_nets to any block out log quick on $ext_if from any to $priv_nets block out log quick on $ext_if from any to #Allow all traffic on the localhost interface. pass quick on lo0 all #Allow Traffic from HIFX LAN to pass through the firewall & also allow traffic from firewall to enter the LAN. pass in quick on $int_if from any to $int_if keep state pass out quick on $int_if from $int_if to any keep state pass in quick on $int_if route-to ( $ext_if2 $ext_ifgw ) from to any keep state pass in quick on $int_if from $int_if:network to any keep state pass out quick on $int_if from any to $int_if:network keep state #Allow Trafficfrom Firewall to pass out to the Internet. pass out on $ext_if proto tcp all modulate state flags S/SA pass out on $ext_if2 proto tcp all modulate state flags S/SA pass out on $ext_if proto { udp, icmp } all keep state pass out on $ext_if2 proto { udp, icmp } all keep state #ftp-proxy anchor "ftp-proxy/*" pass out proto tcp from $proxy to any port 21 keep state #authpf anchor "authpf/*" # ifconfig -a lo0: flags=8049 mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00
Re: route-to doesnot work for me - what am i doing wrong
Thanks I figured it out. I missed the nat rule for $ext_if2 --Siju On Tue, Oct 14, 2008 at 1:03 PM, Siju George <[EMAIL PROTECTED]> wrote: > Hi, > > I have firewall > > sk0 - LAN Interface > rl1 - Primary internet connection > rl2 - secondary Internet connection > > I have a line in pf.conf > > pass in quick on $int_if route-to ( $ext_if2 $ext_ifgw ) from > to any keep state > > to route requests from hosts in through the rl2 internet > connection but it does not seem to work. > > the full pf.conf is below > > === > ##NETWORK INTERFACES > # > int_if="sk0"#HiFX LAN Interface - Connected to Main > Swithches - using 172.16.0.0/12 Range. > ext_if="rl1"#Dataone Connection - "rl2" interface > Connected to the Dataone Router. > ext_if2="rl2" > ext_ifgw="122.166.40.1" > proxy="122.166.40.36" > > > #Private IP Address Range Specified by RFC 1918. > # > priv_nets="{ 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }" > > > #Computers in HiFX LAN that are permitted to bypass squid to make HTTP > and HTTPS connections directly to the Internet > # > table persist file "/etc/pf-tables/bypass-squid-users" > > #Websites to which bypassing SQUID is allowed. > # > table persist file "/etc/pf-tables/bypass-squid-sites" > table persist file "/etc/pf-tables/lanspl" > table persist file "/etc/pf-tables/adms" > table persist file "/etc/pf-tables/vtcservers" > table persist file "/etc/pf-tables/bannedIPs" > table persist > table persist file "/etc/pf-tables/hifxchn2" > > #Traffic Normalization - Required for "pppoe" connection. > # > scrub on $ext_if all no-df random-id fragment reassemble > > ###"Network Address Translation" and "Port Redirection" > ###The First Matching rule wins here for any packet and no further > "nat" or "rdr" rules are checked. > nat-anchor "authpf/*" > rdr-anchor "authpf/*" > binat-anchor "authpf/*" > > nat pass on $ext_if from to any -> ($ext_if) > nat-anchor "ftp-proxy/*" > rdr-anchor "ftp-proxy/*" > rdr pass on $int_if proto tcp from $int_if:network to any port 21 -> > 127.0.0.1 port 8021 > > # redirect to beergas website > rdr pass on $ext_if inet proto tcp from any to any port 80 -> > 172.16.4.12 port 80 > rdr pass on $ext_if inet proto tcp from any to any port 443 -> > 172.16.4.12 port 443 > > ### > # > nat on $ext_if from to any -> ($ext_if) > > #NAT connections to specified websites. > nat on $ext_if from any to port { 80, 443 } -> ($ext_if) > nat on $ext_if from any to port { 80, 443 } -> ($ext_if2) > > #Block NAT for other hosts to port 80 and 443 on the Internet. > #They should all go via SQUID CACHE PROXY > # > no nat on $ext_if from any to any port { 80, 443 } > no nat on $ext_if2 from any to any port { 80, 443 } > > #Allow NAT for rest of the Computers to Internet - port 80 and 443 is > already blocked for these hosts by the rule above. > # > nat on $ext_if from $int_if:network to any -> ($ext_if) > nat on $ext_if2 from $int_if:network to any -> ($ext_if2) > > #The SQUID CACHE PROXY Listens on localhost interface port 8080 for > security reasons. > #PROXY configuration for computers in the HIFX LAN Machine in the IP > Address of $int_if and port 8080 > #Hence all Traffic comming to $int_if port 8080 should be redirected > to SQUID running on localhost:8080 > # > > no rdr on $int_if from any to 70.86.222.30 > rdr on $int_if proto tcp from any to any port 8080 -> 127.0.0.1 port 8080 > > ###Filter Rules. > ###The last matching rule wins here for packets except when the quick > word is used in which case Further rules are not processed. > #Starting with a Deny all Traffic Policy. Later rules open up the > firewall for required traffic. > > block all > pass in quick on $ext_if inet proto tcp from any to any port ssh keep state > > #Blocking RFC1918 Traffic. > block in log quick on $ext_if from $priv_nets to any > block out log quick on $ext_if from any to $priv_nets > block out log quick on $ext_if from any to > > #Allow all traffic on the localhost interface. > > pass quick on lo0 all > > #Allow Traffic from HIFX LAN to pass through the firewall & also allow > traffic from firewall to enter the LAN. > > pass in quick on $int_if from any to $int_if keep state > pass out quick on $int_if from $int_if to any keep state > > > pass in quick on $int_if route-to ( $ext_if2 $ext_ifgw ) from > to any keep state > > pass in quick on $int_if from $int_if:network to any keep state > pass out quick on $int_if from any to $int_if:network keep state > > > > #Allow Trafficfrom Firewall to pass out to the Internet. > pass out on $ext_if proto tcp all modulate state flags S/SA > pass out on $ext_if2 proto tcp all modulate state flags S/SA > pass out on $ext_if proto { udp, icmp } all keep state > pass out on $ext_if2 proto { udp, icmp } all keep state > > > #ftp-proxy > anchor "ftp-proxy/*" > pass out proto tcp from $proxy to any port 21 keep state > > #authpf > a
Re: route-to doesnot work for me - what am i doing wrong
> If you don't use quick option on rules, then it will be last matching rule > applied, but if you you use quick option, the first matching rule will be > applied, the rest will be ignored. So, if you use quick option the filter > order would be; picking just the "in...on $int_if" rules in order; >> pass in quick on $int_if from any to $int_if keep state >> pass in quick on $int_if route-to ( $ext_if2 $ext_ifgw ) from to >> any keep state >> pass in quick on $int_if from $int_if:network to any keep state so this is not a problem. >> pass in quick on $int_if route-to ( $ext_if2 $ext_ifgw ) from >> to any keep state >> >> to route requests from hosts in through the rl2 internet >> connection but it does not seem to work. you should route the packets in the outgoing direction.
Re: route-to doesnot work for me - what am i doing wrong
On Tue, 14 Oct 2008 14:33:19 +0700, Siju George <[EMAIL PROTECTED]> wrote: Hi Siju, I think there are several things you need to understand more about pf quick option. If you don't use quick option on rules, then it will be last matching rule applied, but if you you use quick option, the first matching rule will be applied, the rest will be ignored. So, if you use quick option the filter order would be; rule 1 # very detail rule 2 # pretty much detail rule 3 # detail rule 4 # not detail something like; pass in quick on $int_if inet proto tcp from to pass in quick on $int_if inet from to pass in quick on $int_if from to any pass in quick on $int_if if you don't use "quick" then it would be; rule 1 # not detail rule 2 # detail rule 3 # pretty much detail rule 4 # very detail something like; pass in on $int_if pass in on $int_if from to any pass in on $int_if from to pass in on $int_if inet from to pass in on $int_if inet proto tcp from HTH, Insan Hi, I have firewall sk0 - LAN Interface rl1 - Primary internet connection rl2 - secondary Internet connection I have a line in pf.conf pass in quick on $int_if route-to ( $ext_if2 $ext_ifgw ) from to any keep state to route requests from hosts in through the rl2 internet connection but it does not seem to work. the full pf.conf is below === ##NETWORK INTERFACES # int_if="sk0"#HiFX LAN Interface - Connected to Main Swithches - using 172.16.0.0/12 Range. ext_if="rl1"#Dataone Connection - "rl2" interface Connected to the Dataone Router. ext_if2="rl2" ext_ifgw="122.166.40.1" proxy="122.166.40.36" #Private IP Address Range Specified by RFC 1918. # priv_nets="{ 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }" #Computers in HiFX LAN that are permitted to bypass squid to make HTTP and HTTPS connections directly to the Internet # table persist file "/etc/pf-tables/bypass-squid-users" #Websites to which bypassing SQUID is allowed. # table persist file "/etc/pf-tables/bypass-squid-sites" table persist file "/etc/pf-tables/lanspl" table persist file "/etc/pf-tables/adms" table persist file "/etc/pf-tables/vtcservers" table persist file "/etc/pf-tables/bannedIPs" table persist table persist file "/etc/pf-tables/hifxchn2" #Traffic Normalization - Required for "pppoe" connection. # scrub on $ext_if all no-df random-id fragment reassemble ###"Network Address Translation" and "Port Redirection" ###The First Matching rule wins here for any packet and no further "nat" or "rdr" rules are checked. nat-anchor "authpf/*" rdr-anchor "authpf/*" binat-anchor "authpf/*" nat pass on $ext_if from to any -> ($ext_if) nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" rdr pass on $int_if proto tcp from $int_if:network to any port 21 -> 127.0.0.1 port 8021 # redirect to beergas website rdr pass on $ext_if inet proto tcp from any to any port 80 -> 172.16.4.12 port 80 rdr pass on $ext_if inet proto tcp from any to any port 443 -> 172.16.4.12 port 443 ### # nat on $ext_if from to any -> ($ext_if) #NAT connections to specified websites. nat on $ext_if from any to port { 80, 443 } -> ($ext_if) nat on $ext_if from any to port { 80, 443 } -> ($ext_if2) #Block NAT for other hosts to port 80 and 443 on the Internet. #They should all go via SQUID CACHE PROXY # no nat on $ext_if from any to any port { 80, 443 } no nat on $ext_if2 from any to any port { 80, 443 } #Allow NAT for rest of the Computers to Internet - port 80 and 443 is already blocked for these hosts by the rule above. # nat on $ext_if from $int_if:network to any -> ($ext_if) nat on $ext_if2 from $int_if:network to any -> ($ext_if2) #The SQUID CACHE PROXY Listens on localhost interface port 8080 for security reasons. #PROXY configuration for computers in the HIFX LAN Machine in the IP Address of $int_if and port 8080 #Hence all Traffic comming to $int_if port 8080 should be redirected to SQUID running on localhost:8080 # no rdr on $int_if from any to 70.86.222.30 rdr on $int_if proto tcp from any to any port 8080 -> 127.0.0.1 port 8080 ###Filter Rules. ###The last matching rule wins here for packets except when the quick word is used in which case Further rules are not processed. #Starting with a Deny all Traffic Policy. Later rules open up the firewall for required traffic. block all pass in quick on $ext_if inet proto tcp from any to any port ssh keep state #Blocking RFC1918 Traffic. block in log quick on $ext_if from $priv_nets to any block out log quick on $ext_if from any to $priv_nets block out log quick on $ext_if from any to #Allow all traffic on the localhost interface. pass quick on lo0 all #Allow Traffic from HIFX LAN to pass through the firewall & also allow traffic from firewall to enter the LAN. pass in quick on $int_if from any to $int_if keep state pass out quick on $int_if from $int_if to any keep state pas
route-to doesnot work for me - what am i doing wrong
Hi, I have firewall sk0 - LAN Interface rl1 - Primary internet connection rl2 - secondary Internet connection I have a line in pf.conf pass in quick on $int_if route-to ( $ext_if2 $ext_ifgw ) from to any keep state to route requests from hosts in through the rl2 internet connection but it does not seem to work. the full pf.conf is below === ##NETWORK INTERFACES # int_if="sk0"#HiFX LAN Interface - Connected to Main Swithches - using 172.16.0.0/12 Range. ext_if="rl1"#Dataone Connection - "rl2" interface Connected to the Dataone Router. ext_if2="rl2" ext_ifgw="122.166.40.1" proxy="122.166.40.36" #Private IP Address Range Specified by RFC 1918. # priv_nets="{ 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }" #Computers in HiFX LAN that are permitted to bypass squid to make HTTP and HTTPS connections directly to the Internet # table persist file "/etc/pf-tables/bypass-squid-users" #Websites to which bypassing SQUID is allowed. # table persist file "/etc/pf-tables/bypass-squid-sites" table persist file "/etc/pf-tables/lanspl" table persist file "/etc/pf-tables/adms" table persist file "/etc/pf-tables/vtcservers" table persist file "/etc/pf-tables/bannedIPs" table persist table persist file "/etc/pf-tables/hifxchn2" #Traffic Normalization - Required for "pppoe" connection. # scrub on $ext_if all no-df random-id fragment reassemble ###"Network Address Translation" and "Port Redirection" ###The First Matching rule wins here for any packet and no further "nat" or "rdr" rules are checked. nat-anchor "authpf/*" rdr-anchor "authpf/*" binat-anchor "authpf/*" nat pass on $ext_if from to any -> ($ext_if) nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" rdr pass on $int_if proto tcp from $int_if:network to any port 21 -> 127.0.0.1 port 8021 # redirect to beergas website rdr pass on $ext_if inet proto tcp from any to any port 80 -> 172.16.4.12 port 80 rdr pass on $ext_if inet proto tcp from any to any port 443 -> 172.16.4.12 port 443 ### # nat on $ext_if from to any -> ($ext_if) #NAT connections to specified websites. nat on $ext_if from any to port { 80, 443 } -> ($ext_if) nat on $ext_if from any to port { 80, 443 } -> ($ext_if2) #Block NAT for other hosts to port 80 and 443 on the Internet. #They should all go via SQUID CACHE PROXY # no nat on $ext_if from any to any port { 80, 443 } no nat on $ext_if2 from any to any port { 80, 443 } #Allow NAT for rest of the Computers to Internet - port 80 and 443 is already blocked for these hosts by the rule above. # nat on $ext_if from $int_if:network to any -> ($ext_if) nat on $ext_if2 from $int_if:network to any -> ($ext_if2) #The SQUID CACHE PROXY Listens on localhost interface port 8080 for security reasons. #PROXY configuration for computers in the HIFX LAN Machine in the IP Address of $int_if and port 8080 #Hence all Traffic comming to $int_if port 8080 should be redirected to SQUID running on localhost:8080 # no rdr on $int_if from any to 70.86.222.30 rdr on $int_if proto tcp from any to any port 8080 -> 127.0.0.1 port 8080 ###Filter Rules. ###The last matching rule wins here for packets except when the quick word is used in which case Further rules are not processed. #Starting with a Deny all Traffic Policy. Later rules open up the firewall for required traffic. block all pass in quick on $ext_if inet proto tcp from any to any port ssh keep state #Blocking RFC1918 Traffic. block in log quick on $ext_if from $priv_nets to any block out log quick on $ext_if from any to $priv_nets block out log quick on $ext_if from any to #Allow all traffic on the localhost interface. pass quick on lo0 all #Allow Traffic from HIFX LAN to pass through the firewall & also allow traffic from firewall to enter the LAN. pass in quick on $int_if from any to $int_if keep state pass out quick on $int_if from $int_if to any keep state pass in quick on $int_if route-to ( $ext_if2 $ext_ifgw ) from to any keep state pass in quick on $int_if from $int_if:network to any keep state pass out quick on $int_if from any to $int_if:network keep state #Allow Trafficfrom Firewall to pass out to the Internet. pass out on $ext_if proto tcp all modulate state flags S/SA pass out on $ext_if2 proto tcp all modulate state flags S/SA pass out on $ext_if proto { udp, icmp } all keep state pass out on $ext_if2 proto { udp, icmp } all keep state #ftp-proxy anchor "ftp-proxy/*" pass out proto tcp from $proxy to any port 21 keep state #authpf anchor "authpf/*" # ifconfig -a lo0: flags=8049 mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 rl0: flags=8802 mtu 1500 lladdr 00:50:fc:7d:4e:50 media: Ethernet autoselect
PF & tcp.established - what am I doing wrong ?
I'm trying to protect my mail server by adding some rudimentary options to inbound SMTP connections on my 3.9 stable firewall. I have the following in my pf.conf; SMTP_OPT = "(max 10, source-track rule, max-src-states 1, max-src-nodes 7, tcp.established 60)" pass in quick on $INTERNET_IF proto tcp from any to any port 25 flags S/FSRPAU synproxy state $SMTP_OPT queue (q_def, q_pri) This is is what I see from 'pftop' from time to time; tcp Out 72.236.237.53:2528 192.168.2.3:25 ESTABLISHED:ESTABLISHED 12:13:41 12:07:30 19 2176 ie a connection that has been establish for 12h 13min. Why doesn't this connection get dropped off after 60 seconds ? I Noticed that this connection is in the 'OUT' direction which I think suggests that the connection is from the firewall to the mailserver in the DMZ, like some sort of proxy. I thought it may have been as a result of the 'synproxy' option, but 95% of other SMTP connections are gone from the state table after their 60 seconds are up and they use the same rule. Incidentally, the 72.x.x.x address is the SMTP senders address. Just curious. Brian. I've searched the archives and can't seem to locate a similar issue. Dmesg below; OpenBSD 3.9-stable (GENERIC) #0: Sat Sep 30 18:25:53 EST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III ("GenuineIntel" 686-class, 512KB L2 cache) 501 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 66625536 (65064K) avail mem = 53166080 (51920K) using 838 buffers containing 3432448 bytes (3352K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(45) BIOS, date 12/24/99, BIOS32 rev. 0 @ 0xfb310 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xb798 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde80/144 (7 entries) pcibios0: PCI Exclusive IRQs: 5 10 11 12 pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371SB ISA" rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x4000! 0xcc000/0x1000 0xcd000/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x03 ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x03 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "ATI Rage Pro" rev 0x5c wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x02 pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA, 9786MB, 20041967 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 uhci0 at pci0 dev 7 function 2 "Intel 82371AB USB" rev 0x01: irq 5 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x02: polling iic0 at piixpm0 fxp0 at pci0 dev 9 function 0 "Intel 8255x" rev 0x08, i82559: irq 10, address 00:d0:b7:40:77:ae inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 fxp1 at pci0 dev 10 function 0 "Intel 8255x" rev 0x08, i82559: irq 12, address 00:d0:b7:07:81:51 inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4 fxp2 at pci0 dev 11 function 0 "Intel 8255x" rev 0x05, i82558: irq 5, address 00:90:27:2f:4d:98 inphy2 at fxp2 phy 1: i82555 10/100 PHY, rev. 0 fxp3 at pci0 dev 12 function 0 "Intel 8255x" rev 0x08, i82559: irq 11, address 00:d0:b7:b0:73:2c inphy3 at fxp3 phy 1: i82555 10/100 PHY, rev. 4 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo biomask e365 netmask ff65 ttymask ffe7 pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302