Re: Bug Hunting 101 - Finding The Alpha Bug
On Wed, 21 Dec 2005 12:13:54 -0800, J.C. Roberts [EMAIL PROTECTED] wrote: I found something interesting, namely a (more than once) reported bug that looks very similar to The alpha bug. The primary difference is you get cpu_switch_queuescan rather than cpu_switch in the trace output. 2003-10-01 21:40:00 http://marc.theaimsgroup.com/?l=openbsd-alpham=106504464724168w=2 2003-08-03 12:00:14 http://marc.theaimsgroup.com/?l=openbsd-alpham=105999853009839w=2 There is also another report that is vague but since it is missing the needed trace information, there's no way to tell if it's related. 2003-05-13 22:13:50 http://marc.theaimsgroup.com/?l=openbsd-bugsm=105286536018393w=2 Yes, the two bugs, one which shows cpu_switch in the trace output and the other that shows cpu_switch_queuescan in the trace output, are definitely related. I managed to reproduce the cpu_switch_queuescan output originally reported from OpenBSD 3.3 while compiling 3.8-STABLE tonight. The only change in the source files is that I enabled the #makeoptions DEBUG=-g line in /src/sys/conf/GENERIC file. I'm going to try flipping this back and forth a few times to see if it really is the deciding factor for which output the bug displays. JCR
Re: Access CD as user using cdrtools
On Wed, Dec 21, 2005 at 10:26:38PM -0700, Ludwig Mises wrote: It seems that only root can access /dev/rcd0c when using tools such as cdrdao, cdda2wav and cdparanoia, even when the user is in the operator group: $ cdparanoia -v -d /dev/rcd0c -B Checking /dev/rcd0c for cdrom... Testing /dev/rcd0c for SCSI interface generic device: /dev/rcd0c ioctl device: /dev/rcd0c Could not open generic SCSI device /dev/rcd0c: Permission denied Testing /dev/rcd0c for SCSI interface uid=1000(lm) gid=1000(lm) groups=1000(lm), 0(wheel), 5(operator) I get similar results with cdda2wav and cdrdao. Oddly enough, cdio works just fine for this user. Even changing the permissions on /dev/rcd0c to 644 didn't change anything and I still get errors indicating that I have no permission, yet clearly the account is in the correct group: $ ls -l /dev/rcd0c crw-r- 1 root operator 15, 2 Dec 15 21:32 /dev/rcd0c operator group has only read permission. Is it possible to read /dev/rcd0c as a user in the operator group using cdda2wav or other cdrtools? I would rather not have to use su or sudo just to read a CD. And I see nothing special about cdio (i.e. no SUID) to make it work differently. cdio opens the CD device O_RDONLY. the cdrtools all use libscg bits to make the actual open(2), and it only opens the device with O_RDWR. cdrecord needs to be able to write to the device, obviously, but the other cdrtools shouldn't need to. changing this appears non-trivial. maybe ask Joerg to add a O_RDONLY option for opening the CD device in future cdrtools versions on the cdwrite@other.debian.org mailing list? cdrdao and cdparanoia are not part of the cdrtools. cdrdao needs to be able to write to the drive. cdparanois ahouldn't need to though. the patch below for the audio/cdparanoia port opens the device O_RDONLY, and apparently does not change cdparanoia's behaviour. let me know how that works for you (and anyone else). -- [EMAIL PROTECTED] Index: patches/patch-interface_scan_devices_c === RCS file: /cvs/ports/audio/cdparanoia/patches/patch-interface_scan_devices_c,v retrieving revision 1.3 diff -u -r1.3 patch-interface_scan_devices_c --- patches/patch-interface_scan_devices_c 16 Sep 2002 13:35:52 - 1.3 +++ patches/patch-interface_scan_devices_c 22 Dec 2005 08:55:48 - @@ -176,6 +176,15 @@ } idmessage(messagedest,messages,\t\tgeneric device: %s,generic_device); +@@ -535,7 +579,7 @@ cdrom_drive *cdda_identify_scsi(const ch + } + + if(ioctl_device)i_fd=open(ioctl_device,O_RDONLY|O_NONBLOCK); +- g_fd=open(generic_device,O_RDWR); ++ g_fd=open(generic_device,O_RDONLY); + + if(ioctl_device i_fd==-1) + idperror(messagedest,messages,\t\tCould not open SCSI cdrom device @@ -556,6 +600,7 @@ cdrom_drive *cdda_identify_scsi(const ch type=(int)(i_st.st_rdev8);
Re: pf and two ADSL links
On Thu, Dec 22, 2005 at 03:11:57AM +, pedro la peu wrote: I work for an ISP It shows. Disagree off-list please. If you insult someone on list, expect the same back, on list, you coward.
Re: OpenBSD 3.8 PPPoE Broadband Connection Howto
hi Siju, Siju George wrote: so the DSL Router is working and the username and password is correct. What could be the problem? If it is a DSL _router_ you just have to setup a normal network, PPPoE is handled by the router. If it is a DSL _modem_ you have to setup PPPoE. mfG -- stefan --
pf anchor problem (not working as expected)
Hi, I would like to load/unload an emule anchor when needed. Unfortunately it does not work as expected as ort tcp 4662 traffic coming back to my router is still blocked. Dec 22 13:05:36.720276 rule 2/(match) block in on pppoe0: 80.239.200.108.34965 158.64.125.147.4662: [|tcp] (DF) Dec 22 13:05:37.330539 rule 2/(match) block in on pppoe0: 212.112.238.82.13114 158.64.125.147.4662: [|tcp] (DF) Dec 22 13:05:39.720729 rule 2/(match) block in on pppoe0: 80.239.200.108.34965 158.64.125.147.4662: [|tcp] (DF) Dec 22 13:05:40.330485 rule 2/(match) block in on pppoe0: 212.112.238.82.13114 158.64.125.147.4662: [|tcp] (DF) May be I misunderstood the anchors manual, but I honestly don't know what is wrong. I would really appreciate if you can help me on this issue. Why is the traffic still blocked via this rule block log (all) all, shoudn't it pass through as the anchor rules allow the traffic? Here is my pf.conf: # VARIABLES SECTION # int_if=sis0 ext_if=pppoe0 localnet=172.16.43.0/24 outftp=53000:53450 icmp_types=echoreq icmp_types = echoreq # TABLES SECTION # table friends {x,y} table hostile persist # OPTIONS SECTION # set block-policy drop set loginterface $ext_if # SCRUBBING SECTION # scrub in on $ext_if all scrub out on $ext_if max-mss 1440 # NAT SECTION # nat on $ext_if from $localnet to any - ($ext_if) static-port # REDIRECTION # rdr on $int_if proto tcp from !$ext_if to !$localnet port ftp \ - 127.0.0.1 port ftp-proxy rdr on $int_if proto tcp from $localnet to $int_if port ssh \ - $int_if port 8022 rdr-anchor authpf/* rdr-anchor emule #pass quick all block quick from hostile block quick inet6 all block log (all) all #loopback and internal interface are ok pass quick on lo0 all pass quick on $int_if all EXTERNAL INTERFACE pass out on $ext_if inet proto tcp from ($ext_if) to any \ flags S/SA modulate state pass out on $ext_if inet proto udp from ($ext_if) to any \ keep state pass out quick on $ext_if inet proto tcp from ($ext_if) to any \ port 1023 user proxy modulate state label ftpproxy pass on $ext_if inet proto icmp icmp-type $icmp_types keep state anchor emule anchor authpf/* END OF PF RULE Here is my emule anchor (/etc/emule.pf): ext_if = pppoe0 MuleIP= 172.16.43.10 localnet= 172.16.43.0/24 InMuleTCP = { 4661, 4662 } InMuleUDP = { 4665, 4672 } rdr on $ext_if proto tcp from !$localnet to any port 4661:4662 - $MuleIP port 4661:* rdr on $ext_if proto udp from !$localnet to any port 4665 - $MuleIP port 4665 rdr on $ext_if proto udp from !$localnet to any port 4672 - $MuleIP port 4672 pass in quick on $ext_if inet proto tcp from any to ($ext_if) port $InMuleTCP\ flags S/SA keep state label eMuleTCP pass in quick on $ext_if inet proto udp from any to ($ext_if) port $InMuleUDP\ keep state label eMuleUDP END OF EMULE ANCHOR The anchor is loaded when I need it via: pfctl -v -a emule -f /etc/emule.pf and unloaded pfctl -v -a emule -Fa -sn pfctl -v -a emule -Fa -sr THX A LOT FOR HELPING
Re: pf anchor problem (not working as expected)
El Jueves, 22 de Diciembre de 2005 13:37, escribis: Hi, I would like to load/unload an emule anchor when needed. Unfortunately it does not work as expected as ort tcp 4662 traffic coming back to my router is still blocked. Dec 22 13:05:36.720276 rule 2/(match) block in on pppoe0: 80.239.200.108.34965 158.64.125.147.4662: [|tcp] (DF) Dec 22 13:05:37.330539 rule 2/(match) block in on pppoe0: 212.112.238.82.13114 158.64.125.147.4662: [|tcp] (DF) Dec 22 13:05:39.720729 rule 2/(match) block in on pppoe0: 80.239.200.108.34965 158.64.125.147.4662: [|tcp] (DF) Dec 22 13:05:40.330485 rule 2/(match) block in on pppoe0: 212.112.238.82.13114 158.64.125.147.4662: [|tcp] (DF) May be I misunderstood the anchors manual, but I honestly don't know what is wrong. I would really appreciate if you can help me on this issue. Why is the traffic still blocked via this rule block log (all) all, shoudn't it pass through as the anchor rules allow the traffic? Here is my pf.conf: # VARIABLES SECTION # int_if=sis0 ext_if=pppoe0 localnet=172.16.43.0/24 outftp=53000:53450 icmp_types=echoreq icmp_types = echoreq # TABLES SECTION # table friends {x,y} table hostile persist # OPTIONS SECTION # set block-policy drop set loginterface $ext_if # SCRUBBING SECTION # scrub in on $ext_if all scrub out on $ext_if max-mss 1440 # NAT SECTION # nat on $ext_if from $localnet to any - ($ext_if) static-port # REDIRECTION # rdr on $int_if proto tcp from !$ext_if to !$localnet port ftp \ - 127.0.0.1 port ftp-proxy rdr on $int_if proto tcp from $localnet to $int_if port ssh \ - $int_if port 8022 rdr-anchor authpf/* rdr-anchor emule This rdr-anchor is ok #pass quick all block quick from hostile block quick inet6 all but here you are blocking the emule traffic You should put here this: anchor emule anchor authpf/* and not below block log (all) all #loopback and internal interface are ok pass quick on lo0 all pass quick on $int_if all EXTERNAL INTERFACE pass out on $ext_if inet proto tcp from ($ext_if) to any \ flags S/SA modulate state pass out on $ext_if inet proto udp from ($ext_if) to any \ keep state pass out quick on $ext_if inet proto tcp from ($ext_if) to any \ port 1023 user proxy modulate state label ftpproxy pass on $ext_if inet proto icmp icmp-type $icmp_types keep state anchor emule anchor authpf/* END OF PF RULE Here is my emule anchor (/etc/emule.pf): ext_if = pppoe0 MuleIP= 172.16.43.10 localnet= 172.16.43.0/24 InMuleTCP = { 4661, 4662 } InMuleUDP = { 4665, 4672 } rdr on $ext_if proto tcp from !$localnet to any port 4661:4662 - $MuleIP port 4661:* rdr on $ext_if proto udp from !$localnet to any port 4665 - $MuleIP port 4665 rdr on $ext_if proto udp from !$localnet to any port 4672 - $MuleIP port 4672 pass in quick on $ext_if inet proto tcp from any to ($ext_if) port $InMuleTCP\ flags S/SA keep state label eMuleTCP pass in quick on $ext_if inet proto udp from any to ($ext_if) port $InMuleUDP\ keep state label eMuleUDP END OF EMULE ANCHOR The anchor is loaded when I need it via: pfctl -v -a emule -f /etc/emule.pf and unloaded pfctl -v -a emule -Fa -sn pfctl -v -a emule -Fa -sr THX A LOT FOR HELPING -- Abel Talaversn Estevez Ingeniero Superior de Telecomunicaciones Analista de Proyectos OpenWired Caballero 87 - Bajos 08029 - Barcelona Tel. 93 495 0990 Fax. 93 419 4591 Openwired Alejandro Villegas,29 28043 - MADRID - ESPAQA Telifono: 91 300 51 09 Fax: 91 300 28 13 http://www.openwired.com
how to disable remote root login
hi i was looking how to disable remote root login but i cant find it some tip? thanks David
Re: how to disable remote root login
On Thu, Dec 22, 2005 at 10:35:12AM -0300, David fire wrote: hi i was looking how to disable remote root login but i cant find it some tip? man sshd_config Look for PermitRootLogin Bernd [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: how to disable remote root login
David fire wrote: hi i was looking how to disable remote root login but i cant find it some tip? http://www.google.com/search?q=disable+root+login+ssh Behold the power of the internets. Ryan [demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a name of rfox.16492DEFANGED-vcf]
[no subject]
Thx a lot for replying. Hmm, I'm a bit lost now ... Why do I have to move the anchor before the block statement? Actually (without moving) the anchor authpf works well and no traffic is blocked. Having a look here: http://www.openbsd.org/faq/pf/authpf.html the anchor is at the bottom too, of the pf.conf file. Coming back to my pf.conf. I have block log (all) all and at the end of the file I have anchor emule. As far as I understood the rules are checked from top to bottom and last match wins. (Assuming the emule anchor is loaded) Traffic comes in on port 4662 at the pppoe0 interface: 1) it MATCHES block log (all) all 2) it checks the other rules ... NO MATCH ... 3) finally comes to the loaded anchor emule that has the following rule pass in quick on $ext_if inet proto tcp from any to ($ext_if) \ port $InMuleTCP flags S/SA keep state label eMuleTCP 4) the rule from the anchor is the LAST MATCHED rule and traffic (port4662) should pass through ... Hmm ... am I completely wrong and did I misunderstand how pf works? Here is snip from the pf manual: For each packet processed by the packet filter, the filter rules are evaluated in sequential order, from first to last. The last matching rule decides what action is taken. thx a lot didier This rdr-anchor is ok #pass quick all block quick from hostile block quick inet6 all but here you are blocking the emule traffic You should put here this: anchor emule anchor authpf/* and not below [demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a name of didier.wiroth.3955DEFANGED-vcf]
Re: C Compiler cannot create executable
Reza Muhammad wrote: C Compiler cannot create executable ? what does it mean ? It can mean a lot of things, and since this looks like a message from a configure script, it might be the same issue that happened to me once. Check your environment variables -- for example, a CPPFLAGS=/usr/local/include could cause this (should be -I/usr/local/include). Typos like that happen ... Clues for what the actual problem is can usually be found in the respective config.log file. Moritz
Re: Greylisting google's gmail servers
Nick Ryan wrote: We have a problem getting mail from gmail through spamd. Google's gmail public mail service use a large number of smtp servers. The first time In addition to that, they also appear to be retrying either too fast or too slow ... *sigh* rdr pass on $EXT_IF inet proto tcp from spamd-mywhite to any port 25 - 127.0.0.1 port smtp == add this line rdr pass on $EXT_IF inet proto tcp from spamd to any port 25 - 127.0.0.1 port 8025 rdr pass on $EXT_IF inet proto tcp from !spamd-white to any port smtp - 127.0.0.1 port 8025 Instead, I suggest to use a ``no rdr'' line after rdr'ing those in the blacklists to spamd. /root/whitelist.txt: 216.239.32.0/19 #gmail servers From my point of view on the Internet, gmail uses uproxy.gmail.com to send mail ... which happens to be in a different network than this (it's all IPs of 66.249.92.192/28, i.e. from their 66.249.64.0/19 netblock.) Moritz
OpenBSD is popular as a VM image
Just an update on the popularity of the OpenBSD 3.8 VM image: Since it was posted on Dec 19 (4 days ago), apache logs have shown 2826 hits on the file with just over 277 gigs of traffic created by those downloads. Not bad for only a few days. -- Will Backman - Network Administrator Coastal Enterprises, Inc. http://www.ceimaine.org
Re: low priority, pf rule set debugging
Joachim Schipper [EMAIL PROTECTED] writes: I like to macro pretty much every variable that is used in more than one place (i.e., hostnames, ports, etc; hostnames are especially likely to be re-re-re-...-used). That is very good advice. I tend to advocate that myself. If you choose good names, it can make stuff easier to understand; and typos tend to be far more disastrous (either giving syntax errors or breaking a large part of the configuration), which is a good thing as you can then fix it immediately. This also is very true. There is no silver bullet, but keeping your rule set readable will help prevent a lot of headaches. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ First, we kill all the spammers The Usenet Bard, Twice-forwarded tales
Re: low priority, pf rule set debugging
hi this days i was doing that debuging the firewall i do this i put log in each rule i ant to debug then i pfctl -f /etc/pf.conf then pfctl -s rules /home/david/rules.txt then tcpdump -n -e -ttt -i pflog0 filter option you can look in the PF pdf for all the filter options now try each rule and you will see waht happend in the tcpdump output good look David 2005/12/22, Peter N. M. Hansteen [EMAIL PROTECTED]: Joachim Schipper [EMAIL PROTECTED] writes: I like to macro pretty much every variable that is used in more than one place (i.e., hostnames, ports, etc; hostnames are especially likely to be re-re-re-...-used). That is very good advice. I tend to advocate that myself. If you choose good names, it can make stuff easier to understand; and typos tend to be far more disastrous (either giving syntax errors or breaking a large part of the configuration), which is a good thing as you can then fix it immediately. This also is very true. There is no silver bullet, but keeping your rule set readable will help prevent a lot of headaches. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ First, we kill all the spammers The Usenet Bard, Twice-forwarded tales
Re: OpenBSD is popular as a VM image
Just an update on the popularity of the OpenBSD 3.8 VM image: Since it was posted on Dec 19 (4 days ago), apache logs have shown 2826 hits on the file with just over 277 gigs of traffic created by those downloads. Not bad for only a few days. I hope this isn't too OT for this list, but... do you know if it is possible under VMWare to have the virtual system be the only one which talks to the real ether card, while having the hosted PC only communicate to the net by routing via the VM'd system? What I'm thinking is that we could set up an OpenBSD as a personal firewall to a (cough, spit) Windows machine, and channel all the IP for the Windows machine through that VM'd OpenBSD system. Currently I'm using an extra box under my desk for a BSD firewall but since my main PC is already running 3 emulated systems as my development environment (one 'clean' PC for programming, one Linux for a dev web server, and believe it or not one emulated Vax/VMS for legacy work) it would be really nice to throw the OBSD firewall under VMware as well and have everything in one box! (incidentally this is one of the nicest development environments I've had for some time. VMware is cool, but having a PC with 3 flat panel displays is pretty nice too!) Graham
Re: OpenBSD 3.8 PPPoE Broadband Connection Howto
Hi, At home, I have your working target :) I use an OBSD/i386 3.8 box connected to an ADSL router, but configured in bridge mode (modem-only). If you use a router, you don't have to configure PPPoE on your OBSD. If you use a bridge (seems to be your case), you need to configure PPPoE on your OBSD box, which will receive a public IP from your ISP. For me, using 'chap' as an authentication did the trick. I've documented all my adventure at http://carbonara.kicks-ass.org/doku.php?id=openbsd:pppoerouter (in French, sorry !) OpenBSD helped me to understand PPPoE under the hood. In my mind, it's an excellent (the best ?) teaching platform and a wonderfull production system. Long life to OpenBSD !! On 12/21/05, Siju George [EMAIL PROTECTED] wrote: Hi all, I have a new Broadband Internet connection. It uses PPPoE with a username and password to connect to internet. I can connect to Internet with Windows 2003 (easy click and configure) so the DSL Router is working and the username and password is correct. I would like to use OpenBSD 3.8 to connect to Internet with it and not Windows 2003. I read the man pages and FAQ and did accordingly ( I suppose ) and it is not working. Could some one please point out as to what could I have done wrong? Details of my OpenBSD 3.8 system: I have two interfaces rl0 rl1 rl0 has the PPPoE connection and rl1 is connected to the LAN Switch. # ifconfig -a lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:50:fc:7d:4e:50 media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::250:fcff:fe7d:4e50%rl0 prefixlen 64 scopeid 0x1 rl1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:08:a1:7b:bf:52 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 172.17.1.1 netmask 0xfff0 broadcast 172.31.255.255 inet6 fe80::208:a1ff:fe7b:bf52%rl1 prefixlen 64 scopeid 0x2 pflog0: flags=141UP,RUNNING,PROMISC mtu 33224 pfsync0: flags=0 mtu 1348 enc0: flags=0 mtu 1536 pppoe0: flags=a851UP,POINTOPOINT,RUNNING,SIMPLEX,LINK1,MULTICAST mtu 1492 dev: rl0 state: session sid: 0x10f1 PADI retries: 1 PADR retries: 0 time: 00:00:06 groups: pppoe egress inet 0.0.0.0 -- 0.0.0.1 netmask 0x inet6 fe80::250:fcff:fe7d:4e50%pppoe0 - prefixlen 64 scopeid 0x7 # cat /etc/sysctl.conf |grep inet.ip.forwarding net.inet.ip.forwarding=1# 1=Permit forwarding (routing) of packets # # cat /etc/mygate cat: /etc/mygate: No such file or directory # # cat /etc/hostname.rl0 up # # cat /etc/hostname.rl1 inet 172.17.1.1 255.240.0.0 NONE # # cat /etc/hostname.pppoe0 pppoedev rl0 !/sbin/ifconfig rl0 up !/usr/sbin/spppcontrol \$if myauthproto=pap [EMAIL PROTECTED] myauthkey=zz !/sbin/ifconfig \$if inet 0.0.0.0 0.0.0.1 netmask 0x !/sbin/route add default 0.0.0.1 link1 up # # cat /etc/pf.conf pass all # route show commands hangs for a long time :-( # route flush default 0.0.0.1 done loopback localhostdone 172.16.1.0 00:11:95:c0:c7:33done BASE-ADDRESS.MCAST.N localhostdone ::/128 localhost.broadband. done ::/128 localhost.broadband. done ::127.0.0.0/128 localhost.broadband. done ::224.0.0.0/128 localhost.broadband. done ::255.0.0.0/128 localhost.broadband. done :::0.0.0.0/128 localhost.broadband. done 2002::/128 localhost.broadband. done 2002:7f00::/128 localhost.broadband. done 2002:e000::/128 localhost.broadband. done 2002:ff00::/128 localhost.broadband. done fe80::/128 localhost.broadband. done fe80::250:fcff:fe7d: 00:50:fc:7d:4e:50done fe80::208:a1ff:fe7b: 00:08:a1:7b:bf:52done fe80::1%lo0 link#6 done fe80::250:fcff:fe7d: link#7 done fec0::/128 localhost.broadband. done # # sh /etc/netstart spppcontrol: SIOCSIFGENERIC(SPPPIOSDEFS): Device busy add net default: gateway 0.0.0.1 # What could be the problem? How do I debug this? Thankyou so much :-) kind regards Siju
Re: OpenBSD is popular as a VM image
On 12/22/05, Graham Toal [EMAIL PROTECTED] wrote: Just an update on the popularity of the OpenBSD 3.8 VM image: Since it was posted on Dec 19 (4 days ago), apache logs have shown 2826 hits on the file with just over 277 gigs of traffic created by those downloads. Not bad for only a few days. I hope this isn't too OT for this list, but... do you know if it is possible under VMWare to have the virtual system be the only one which talks to the real ether card, while having the hosted PC only communicate to the net by routing via the VM'd system? What I'm thinking is that we could set up an OpenBSD as a personal firewall to a (cough, spit) Windows machine, and channel all the IP for the Windows machine through that VM'd OpenBSD system. Currently I'm using an extra box under my desk for a BSD firewall but since my main PC is already running 3 emulated systems as my development environment (one 'clean' PC for programming, one Linux for a dev web server, and believe it or not one emulated Vax/VMS for legacy work) it would be really nice to throw the OBSD firewall under VMware as well and have everything in one box! (incidentally this is one of the nicest development environments I've had for some time. VMware is cool, but having a PC with 3 flat panel displays is pretty nice too!) I have a very similar setup going on, but not with that VMware player or whatever it is. I have my host machine with 3 network cards in it, only 1 of which has an IP on the host machine, the other two network cards are ip-less for the host, but virtuals use them with IPs, and the hosted machine routes through one of the virtual machines to actually get out to the Internet. I won't go into any further details on-list, as this is pretty OT, so email me privately if you need further explanation. Jason
New email address added to your Downey Savings account
Downey Savings - Welcome To A Friendlier Easier Way Of Banking [IMAGE] [IMAGE] You have added [EMAIL PROTECTED] as a new email address for your Downey Online Banking. If you did not authorize this change or if you need assistance with your account, please contact Downey Savings customer service at: https://www.downeysavingsonlinebanking.com/onlineserv/HB/Signon.cgi Thank you for using Downey Savings! The Downey Savings Team Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your Downey Savings account and choose the Help link in the header of any page. -- Downey Savings Email ID PP694182
crypto disk
Quoting from: http://www.onlamp.com/lpt/a/6384 The biggest drawback of svnd is its lack of security in the general use case. It is vulnerable to an offline dictionary attack. That is, you can generate a database mapping known ciphertext blocks on the disk back into pass phrases that can be accessed in O(1) without even being in possession of the disk. What's even worse is that the same database will work on any svnd disk. It is possible--and perhaps even likely--that large agencies such as the NSA have constructed such a database and can crack a majority of the svnds in the world in less than a second. The way that one prevents an offline dictionary attack is to use a salt in conjunction with the pass phrase, and this is what I did when I wrote CGD by using PKCS#5 PBKDF2. Offline dictionary attacks have been well-known since at least the '70s, and salting the pass phrase has been standard practice for over 30 years. OpenBSD's solution only supports Blowfish, whereas I wanted to ensure that CGD had the flexibility to support a small range of ciphers. This is important for a number of reasons, but mainly we want to provide our users with the ability to make cost-versus-risk decisions. Blowfish is fast, but probably less secure than AES. In some situations, users will decide that speed is more important than security, and in others the reverse will be true. Also, if security issues are discovered in one cipher that we support, then users can change their CGDs to use one of the other ciphers without needing to upgrade to a new version of the operating system. Blowfish also has a cipherblock size of 64 bits, which for sufficiently large disks might be small enough to allow some level of structural analysis. Is there any chance to see Ted Unangst's port imported?
Re: OpenBSD is popular as a VM image
On Thu, 22 Dec 2005, Graham Toal wrote: Just an update on the popularity of the OpenBSD 3.8 VM image: Since it was posted on Dec 19 (4 days ago), apache logs have shown 2826 hits on the file with just over 277 gigs of traffic created by those downloads. Not bad for only a few days. I hope this isn't too OT for this list, but... do you know if it is possible under VMWare to have the virtual system be the only one which talks to the real ether card, while having the hosted PC only communicate to the net by routing via the VM'd system? What I'm thinking is that we could set up an OpenBSD as a personal firewall to a (cough, spit) Windows machine, and channel all the IP for the Windows machine through that VM'd OpenBSD system. Was doing something similar a while back - http://www.blackant.net/other/docs/howto-win-obsd-pf.php Some issues with it, check out - http://www.undeadly.org/cgi?action=articlesid=20020818020316 The December 2005 issue of ;login: has an article about this topic as well, it helps that VMware usb device support has grown - http://www.usenix.org/publications/login/2005-12/index.html The Virtual Firewall project mentioned in the article - http://www.cs.drexel.edu/~vp/VirtualFirewall/ Coincidentally, the same ;login: issue has an article Linux vs. OpenBSD: A Firewall Performance Test where they test RedHat 7.3 (2.4 kernel) and OpenBSD 3.3. It's anyone's guess why they would print an article about 2 unsupported OS's that are over 2 years old each. -f http://www.blackant.net/
Unable to build Gateway route
Hello. I've been running other firewalls on this IP address with the same settings in the past, but am having problems setting up the Gateway with OpenBSD 3.8. It comes back with no route to host and when I do a nestat -rn, the Gateway is missing even though /etc/mygate exists. IP - 209.216.76.1 Netmask - 255.255.255.252 GW - 209.216.77.6 Any clues to what is going on ? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Unable to build Gateway route
On 12/22/05, martin [EMAIL PROTECTED] wrote: Hello. I've been running other firewalls on this IP address with the same settings in the past, but am having problems setting up the Gateway with OpenBSD 3.8. It comes back with no route to host and when I do a nestat -rn, the Gateway is missing even though /etc/mygate exists. IP - 209.216.76.1 Netmask - 255.255.255.252 GW - 209.216.77.6 Either a typo in your netmask, or a typo in your gateway, since your gateway IP does not belong to the current netmask you assigned to your external IP. I have a feeling it's a typo in the netmask as that's a very very small one. Jason
Re: Unable to build Gateway route
On Thursday 22 December 2005 13:12, you wrote: It comes back with no route to host and when I do a nestat -rn, the Gateway is missing even though /etc/mygate exists. IP - 209.216.76.1 Netmask - 255.255.255.252 GW - 209.216.77.6 How do you get to the gateway? It isn't on the subnet. Your netmask creates a network address of 209.216.76.0 with only 2 hosts 209.216.76.1 and 209.216.76.2. Change the IP address of the host to 209.216.76.5, or use a gateway address of 209.216.76.2, or an alternative netmask that will provide you with a larger subnet allowing your current IP to get to the current gateway, such as 255.255.255.248. Chris
Re: Unable to build Gateway route
--- Jason Crawford [EMAIL PROTECTED] wrote: IP - 209.216.76.1 Netmask - 255.255.255.252 GW - 209.216.77.6 Either a typo in your netmask, or a typo in your gateway, since your gateway IP does not belong to the current netmask you assigned to your external IP. I have a feeling it's a typo in the netmask as that's a very very small one. Jason Jason. The figures are correct (I wondered about the unusual GW when I first rx'd it but they said it was correct). The thing is, I've had this connection for a couple of years and have run a number of firewalls with no issue with these ie. Linux Router Project, Freesco and others I have tested. It is running now with a commercial firewall with no problems. Can I force it to accept the gateway IP ? Regards...Martin Just $16.99/mo. or less. dsl.yahoo.com
Re: Unable to build Gateway route
martin wrote: --- Jason Crawford [EMAIL PROTECTED] wrote: IP - 209.216.76.1 Netmask - 255.255.255.252 GW - 209.216.77.6 Either a typo in your netmask, or a typo in your gateway, since your gateway IP does not belong to the current netmask you assigned to your external IP. I have a feeling it's a typo in the netmask as that's a very very small one. Jason Jason. The figures are correct (I wondered about the unusual GW when I first rx'd it but they said it was correct). The thing is, I've had this connection for a couple of years and have run a number of firewalls with no issue with these ie. Linux Router Project, Freesco and others I have tested. It is running now with a commercial firewall with no problems. Can I force it to accept the gateway IP ? Regards...Martin That setup just doesn't make sense. Have you double and triple checked it? It is hard to believe that it would work with anything. If it has, then there are really big problems with everything else.
Re: Unable to build Gateway route
On 12/22/05, martin [EMAIL PROTECTED] wrote: --- Jason Crawford [EMAIL PROTECTED] wrote: IP - 209.216.76.1 Netmask - 255.255.255.252 GW - 209.216.77.6 Either a typo in your netmask, or a typo in your gateway, since your gateway IP does not belong to the current netmask you assigned to your external IP. I have a feeling it's a typo in the netmask as that's a very very small one. Jason Jason. The figures are correct (I wondered about the unusual GW when I first rx'd it but they said it was correct). The thing is, I've had this connection for a couple of years and have run a number of firewalls with no issue with these ie. Linux Router Project, Freesco and others I have tested. It is running now with a commercial firewall with no problems. Can I force it to accept the gateway IP ? Regards...Martin Unless they don't follow IPv4 specs properly, with those exact numbers, none of them should work. 209.216.76.1 is nowhere near 209.216.77.6 so the netmask of 255.255.255.252 will not let you talk to 209.216.77.6 without another route. My guess, 255.255.252.0 is the netmask you want, as that would include both IPs. Or maybe you mistyped the 3rd set, and they should both be 76 or 77, although you'll still have to change the netmask to something like 255.255.255.240. Whether other OS's worked or not is irrelevant, the current WILL NOT WORK with an OS that follows the IPv4 spec PROPERLY. If your ISP is indeed handing this info to you, then they are complete morons, as it WILL NOT WORK. Jason
Re: Unable to build Gateway route
On Thursday 22 December 2005 14:46, Chris Smith wrote: GW - 209.216.77.6 Oops...I read that as 209.216.76.6 and not 209.216.77.6, so your netmask would have to be different than what I suggested. Do you have another network device? The gateway address is usually the address that your system uses to get to all places not on on your local subnet (excluding more specific routing rules). It's clear you can't get there with your current device set up with that IP/mask. Chris
Re: Unable to build Gateway route
On 12/22/05, martin [EMAIL PROTECTED] wrote: --- Jason Crawford [EMAIL PROTECTED] wrote: IP - 209.216.76.1 Netmask - 255.255.255.252 GW - 209.216.77.6 Either a typo in your netmask, or a typo in your gateway, since your gateway IP does not belong to the current netmask you assigned to your external IP. I have a feeling it's a typo in the netmask as that's a very very small one. Jason Jason. The figures are correct (I wondered about the unusual GW when I first rx'd it but they said it was correct). The thing is, I've had this connection for a couple of years and have run a number of firewalls with no issue with these ie. Linux Router Project, Freesco and others I have tested. It is running now with a commercial firewall with no problems. I really really doubt it. The point of the router is route 2 or more networks together. How on earth can you route 2 networks together when there isn't a router for your network? In other words: your network needs a gateway on your segment in order to find it's way to what you are telling us is your gateway. I don't see how *anything* would work with those, and would go so far as too say that anything that would work with those is broken. --Bryan
Re: Unable to build Gateway route
On 12/22/05, martin [EMAIL PROTECTED] wrote: --- Jason Crawford [EMAIL PROTECTED] wrote: IP - 209.216.76.1 Netmask - 255.255.255.252 GW - 209.216.77.6 Either a typo in your netmask, or a typo in your gateway, since your gateway IP does not belong to the current netmask you assigned to your external IP. I have a feeling it's a typo in the netmask as that's a very very small one. Jason Jason. The figures are correct (I wondered about the unusual GW when I first rx'd it but they said it was correct). The thing is, I've had this connection for a couple of years and have run a number of firewalls with no issue with these ie. Linux Router Project, Freesco and others I have tested. It is running now with a commercial firewall with no problems. We'll have to take your word for that but with the limited info you have provided this is very non-standard. Who's the provider? Are you sure you're missing missing any info? Can I force it to accept the gateway IP ? With that netmask for basic IP routing those two IPs are on different subnets. Greg
Weird Issue with FTP and pf(8)
Here's something strange. I'm trying to connect from a pf gateway to an ftp server and it's failing in a very specific manner. Going through the pf gateway works fine using passive mode, but from the gateway itself using ftp(1) doesn't seem to work. Observe: $ ftp ftp.example.org [ login as anonymous ] ftp ls 229 Entering Extended Passive Mode (|||62283|) 435 Can't build data connection: No such file or directory. ftp ls 229 Entering Extended Passive Mode (|||50641|) 150 Opening ASCII mode data connection for '/bin/ls'. total 16 drwxr-xr-x 10 1000 1000 512 Nov 15 15:10 OpenBSD 226 Transfer complete. Why would I be getting a failed LIST the first time? This is very reproducable: basically every second time a dir or ls will work. Here's my pf from the host connecting to the FTP server. The machine these rules are from is 3.8-STABLE). ## blah = 10.18.209.66 binat on $ext_if from 192.168.217.244 to any - $blah nat on $ext_if from any to any - ($ext_if) rdr on $wire_if proto tcp from any to any port 21 - 127.0.0.1 port 8021 scrub out all no-df random-id max-mss 1440 fragment reassemble scrub in all no-df min-ttl 2 fragment reassemble block return log all label any-block-log block drop log from idiots to any block drop in log on ! em0 inet from 10.18.209.0/24 to any label em0-antispoof block drop in log on ! em0 inet from 10.18.209.48 to any label em0-antispoof block drop in log on em0 inet6 from fe80::20d:56ff:fefa:3b8f to any label em0-antispoof block drop in log inet from 10.18.209.79 to any label any-antispoof block drop in log inet from 10.18.209.48 to any label any-antispoof block drop in log on ! rl0 inet from 192.168.217.240/28 to any label rl0-antispoof block drop in log inet from 192.168.217.241 to any label any-antispoof block drop in log on rl0 inet6 from fe80::240:f4ff:fe71:8305 to any label rl0-antispoof pass out quick proto tcp from any port = ssh to any flags S/SA modulate state queue(ssh_dfl, ssh_pri) pass out quick inet proto tcp from any port = 3128 to any flags A/A keep state queue http pass in on em0 inet proto tcp from any port = ftp-data to (em0) user = 71 flags S/SA keep state label ftpproxy pass out quick proto tcp from any port = www to any flags A/A keep state queue httplo pass out quick proto tcp from any port = https to any flags S/SA modulate state queue http pass out quick proto tcp from any port = smtp to any flags S/SA modulate state queue smtp pass out quick proto tcp from any port = domain to any flags S/SA modulate state queue dns_tcp pass out quick proto tcp from any to any port = domain keep state queue dns_tcp pass out quick proto udp from any to any port = domain keep state queue dns_udp pass out quick proto udp from any to any port = ntp keep state queue dns_ntp pass out quick proto tcp all modulate state queue(tcp_dfl, tcp_pri) pass out quick proto udp all keep state queue udp pass out quick inet proto icmp all keep state queue icmp pass out quick inet6 proto ipv6-icmp all keep state queue icmp pass out quick all queue default block return-rst log proto tcp all flags /S queue default block return-rst log proto tcp all flags A/A queue default pass in on rl0 inet proto udp from any to any port = bootps keep state label rl0-bootps-in pass in on rl0 inet proto udp from 192.168.217.240/28 to 192.168.217.241 port = domain keep state label rl0-domain-udp-in pass in on rl0 inet proto tcp from 192.168.217.240/28 to 192.168.217.241 port = domain modulate state label rl0-domain-tcp-in pass in on rl0 inet proto udp from 192.168.217.240/28 to 192.168.217.241 port = ntp keep state label rl0-ntp-in pass in inet6 proto ipv6-icmp all icmp6-type toobig pass in inet6 proto ipv6-icmp all icmp6-type paramprob pass in inet6 proto ipv6-icmp all icmp6-type routeradv pass in inet6 proto ipv6-icmp all icmp6-type neighbrsol pass in inet6 proto ipv6-icmp all icmp6-type neighbradv pass in log on rl0 inet6 proto ipv6-icmp all icmp6-type routersol pass in log on rl0 inet6 proto ipv6-icmp all icmp6-type routeradv pass in log inet6 proto ipv6-icmp all icmp6-type echoreq keep state pass in inet proto icmp all icmp-type echoreq keep state pass in proto tcp from any to any port = auth modulate state label any-identd-in pass in proto tcp from any to any port = smtp modulate state label any-smtp-in pass in quick inet proto tcp from 192.168.217.240/28 to ! 192.168.217.241 flags S/SA modulate state pass in quick inet proto tcp from 192.168.217.240/28 to ! 192.168.217.241 keep state pass in quick inet proto udp from 192.168.217.240/28 to ! 192.168.217.241 keep state pass in quick inet from 192.168.217.240/28 to ! 192.168.217.240/28 keep state pass in quick inet proto tcp from 192.168.217.240/28 to 192.168.217.241 port = ssh modulate state
Re: Unable to build Gateway route
Are you using PPPoE for connecting to your ISP? I don't want to waste your time with suggestions about PPPoE-related troubleshooting if that is not appropriate. I mention this because the only comparable routing entries that I have seen (to what you describe in your email) is with tun devices. It will be very helpful to have additional information. Here is an example from one of the OBSD firewalls here that uses PPPoE: $ uptime 2:56PM up 183 days, 23:44, 2 users, load averages: 0.07, 0.08, 0.08 $ netstat -nrf inet Routing tables Internet: DestinationGatewayFlags Refs UseMtu Interface default205.200.28.28 UGS 2 13884207 1400 tun0 127.0.0.1 127.0.0.1 UH 0 260868 33224 lo0 205.200.28.28 206.45.64.231 UH 10 1400 tun0 $ ifconfig -a tun0: flags=8011UP,POINTOPOINT,MULTICAST mtu 1400 inet 206.45.64.231 -- 205.200.28.28 netmask 0x Other than some set up like this, I cannot see how 209.216.77.6 can be the default gateway for an interface with the IP address 209.216.76.1. Vijay -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of martin Sent: December 22, 2005 12:13 PM To: misc@openbsd.org Subject: Unable to build Gateway route Hello. I've been running other firewalls on this IP address with the same settings in the past, but am having problems setting up the Gateway with OpenBSD 3.8. It comes back with no route to host and when I do a nestat -rn, the Gateway is missing even though /etc/mygate exists. IP - 209.216.76.1 Netmask - 255.255.255.252 GW - 209.216.77.6 Any clues to what is going on ? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: DSL Internet Connection Question
Hello Robert, Wednesday, December 21, 2005, 4:20:28 PM, you wrote: RCW Would adding the line: RCW supercede domain-name-servers dns.IP.address.1 dns.IP.address.2; RCW ...do the job of hardcoding: RCW nameserver dns.IP.address.1 RCW nameserver dns.IP.address.2 RCW ...into the 'resolv.conf' file? Answering my own question... the syntax and corrected spelling that works for this, is: supersede domain-name-servers dns.IP.address.1, dns.IP.address.2; Works great... but still does not address why a kludge is needed, which I now will get to work figuring out. TU You should however check, why you get wrong values from your TU router. I have given this some thought... since the same value... 192.168.1.254 which is the internal IP value on the modem/router, is the same value that is passed to Red Hat, and Windows, and works for them, I do not thing the value is 'wrong'... and since it also works with OpenBSD, but with about a 60 second delay (like something times out, and then defaults to a secondary (else) behaviour, which does work... ...I suspect that I have something else set wrong, for when I installed the operating system, and when I eventually, using trial and error, on one thing at a time, get lucky and change the right variable, I will be able to remove the hard-coded DNS IP's from dhclient.conf, and things will run smoothly. At least now, I can use the machine with Internet access, while I figure out the right configuration. -wittig http://www.robertwittig.com/ .
Genesys Logic USB2.0 Hub keyboard and keyboard.repeat.deln
Hello, I used to change the behavior of my keyboard with /etc/wsconsctl.conf: keyboard.repeat.del1=200# change keyboard repeat/delay keyboard.repeat.deln=40 Now I plugged it to usb (see dmesg) - but from then on I am not able to change the behavior anymore with wsconsctl. I am not sure but is wsconsctl not able to change the settings of keyboard.repeat.del1 and keyboard.repeat.deln for USB keyboards? Here is my dmesg: OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class, 128KB L2 cache) 898 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 267952128 (261672K) avail mem = 237613056 (232044K) using 3296 buffers containing 13500416 bytes (13184K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(bb) BIOS, date 08/13/01, BIOS32 rev. 0 @ 0xfb460 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xb8e0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdd00/144 (7 entries) pcibios0: PCI Exclusive IRQs: 10 11 pcibios0: PCI Interrupt Router at 000:07:0 (VIA VT82C596A ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xa000 0xcc000/0x4000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA VT82C691 PCI rev 0xc4 ppb0 at pci0 dev 1 function 0 VIA VT82C598 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 Nvidia Vanta rev 0x11 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 7 function 0 VIA VT82C686 ISA rev 0x40 pciide0 at pci0 dev 7 function 1 VIA VT82C571 IDE rev 0x06: ATA100, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: ST340015A wd0: 16-sector PIO, LBA, 38166MB, 78165360 sectors wd1 at pciide0 channel 0 drive 1: WDC WD800BB-00DAA3 wd1: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TEAC, DV-516E, 2.01 SCSI0 5/cdrom removable atapiscsi1 at pciide0 channel 1 drive 1 scsibus1 at atapiscsi1: 2 targets cd1 at scsibus1 targ 0 lun 0: MITSUMI, CR-48X8TE, 1.1B SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 cd1(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2 uhci0 at pci0 dev 7 function 2 VIA VT83C572 USB rev 0x16: irq 10 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 7 function 3 VIA VT83C572 USB rev 0x16: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered viaenv0 at pci0 dev 7 function 4 VIA VT82C686 SMBus rev 0x40 rl0 at pci0 dev 15 function 0 Realtek 8139 rev 0x10: irq 11 address 00:40:f4:63:c0:f5 rlphy0 at rl0 phy 0: RTL internal phy cmpci0 at pci0 dev 17 function 0 C-Media Electronics CMI8738/C3DX Audio rev 0x10: irq 10 audio0 at cmpci0 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 sysbeep0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask f765 netmask ff65 ttymask ffe7 pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support uhub2 at uhub0 port 1 uhub2: Genesys Logic USB2.0 Hub, rev 2.00/6.0b, addr 2 uhub2: 4 ports with 4 removable, self powered uhidev0 at uhub0 port 2 configuration 1 interface 0 uhidev0: Logitech USB Receiver, rev 1.10/21.00, addr 3, iclass 3/1 ukbd0 at uhidev0: 8 modifier keys, 6 key codes wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 uhidev1 at uhub0 port 2 configuration 1 interface 1 uhidev1: Logitech USB Receiver, rev 1.10/21.00, addr 3, iclass 3/1 uhidev1: 4 report ids ums0 at uhidev1 reportid 1: 16 buttons and Z dir. wsmouse0 at ums0 mux 0 uhid0 at uhidev1 reportid 2: input=2, output=0, feature=0 uhid1 at uhidev1 reportid 3: input=1, output=0, feature=0 uhid2 at uhidev1 reportid 4: input=3, output=0, feature=0 wd0: no disk label dkcsum: wd0 matches BIOS drive 0x80 dkcsum: wd1 matches BIOS drive 0x81 root on wd1a rootdev=0x10 rrootdev=0x310 rawdev=0x312 Oliver -- ... don't touch the bang bang fruit
BerkeleyDB on 3.8
How can I tell what version the BDB is that comes within OpenBSD 3.8? thanks -JD
Re: BerkeleyDB on 3.8
On Thu, Dec 22, 2005 at 05:10:56PM -0600, J.D. Bronson wrote: How can I tell what version the BDB is that comes within OpenBSD 3.8? see FAQ 15.2.3. -- steven Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
Re: BerkeleyDB on 3.8
On 12/22/05, steven mestdagh [EMAIL PROTECTED] wrote: On Thu, Dec 22, 2005 at 05:10:56PM -0600, J.D. Bronson wrote: How can I tell what version the BDB is that comes within OpenBSD 3.8? look in cvs. the answer is 1.85 plus some of 1.86 plus some other patches. see FAQ 15.2.3. not so useful for the libraries that are shipped in base.
Re: BerkeleyDB on 3.8
At 05:32 PM 12/22/2005, Ted Unangst wrote: On 12/22/05, steven mestdagh [EMAIL PROTECTED] wrote: On Thu, Dec 22, 2005 at 05:10:56PM -0600, J.D. Bronson wrote: How can I tell what version the BDB is that comes within OpenBSD 3.8? look in cvs. the answer is 1.85 plus some of 1.86 plus some other patches. see FAQ 15.2.3. not so useful for the libraries that are shipped in base. I was looking at that FAQ and was wondering what I was missing. Thanks to all of you who responded. I had a guess it was 1.x and thats fine. It works for me.
Re: BerkeleyDB on 3.8
On 12/22/05, J.D. Bronson [EMAIL PROTECTED] wrote: How can I tell what version the BDB is that comes within OpenBSD 3.8? thanks Check out http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/db/ to see the one included with OpenBSD, and /usr/ports/databases/db/ for other versions. Jason
Hi - You have a beautiful eCard- Card from hea345tr ([EMAIL PROTECTED])
Hi You have received a greeting card from hea345tr ([EMAIL PROTECTED]) You can preview your eCard message below: - Believe it or not! Hey, guys! Check this out. Perfect place for our next ultimate adventure! Gorgeous - To view your eCard, please click on the following link, (or copy and paste the following link into your web browser's address bar): http://www.andamanfans.com/ecard/upcardme.php?step=pickupid=kt4d7f685994 Your card will be available for viewing during the next 30 days from 12-23-2005. Please be assured to save it for your personal records before the 30 days are over. I hope you have enjoyed this service and taken some time to send an eCard to your special someone. To send a card, please visit our web site: http://www.andamanfans.com/ecard/index.php Enjoy and Thanks for visitng AndamanFans.com !
erratic networking problem
Hi, This problem has been bugging me for month now. It started happening a month after 3.8 got tagged. At least, that's when I started noticing it. So it might be anything. But I suspect the OpenBSD side the most since returning to an older Linux release on the client from a liveCD didn't fix the problem. The OpenBSD server doesn't have a CD-drive. OpenBSD server - linux client Both rtl8169 gigabit networkcards Uploading to the server goes with 11Mbytes/s, the speedlimit of the ide harddrives, but the downloading goes with erratic speeds. 1Mbyte/s at best, 100Kbyte/s most of the time, sometimes no more than 20Kbytes/s So I started examining and found a lot of fragmentatation. So I resolved that first by turning down the packetsize to 1024 for nfs. I disabled and enabled scrubbing, it didn't make a difference either I also tried disabling the pf firewall completely. No difference either. And I disabled net.ipv4.tcp_ecn on both machines. Still the same. I wonder if anyone has the magical solution. `sudo tcpdump -pnettti re0 not port ssh' output while nfs file transfer: Dec 23 02:09:30.155481 0:8:a1:3c:34:7a 0:8:a1:3c:34:79 0800 186: 172.16.11.3.1022 172.16.11.1.2049: xid 0xfdc03144 144 read [|nfs] (DF) Dec 23 02:09:30.155515 0:8:a1:3c:34:7a 0:8:a1:3c:34:79 0800 186: 172.16.11.3.1022 172.16.11.1.2049: xid 0xfec03144 144 read [|nfs] (DF) Dec 23 02:09:30.155545 0:8:a1:3c:34:7a 0:8:a1:3c:34:79 0800 186: 172.16.11.3.1022 172.16.11.1.2049: xid 0xffc03144 144 read [|nfs] (DF) Dec 23 02:09:30.155766 0:8:a1:3c:34:79 0:8:a1:3c:34:7a 0800 1194: 172.16.11.1.2049 172.16.11.3.1022: xid 0xfdc03144 reply ok 1152 read Dec 23 02:09:30.155896 0:8:a1:3c:34:79 0:8:a1:3c:34:7a 0800 1194: 172.16.11.1.2049 172.16.11.3.1022: xid 0xfec03144 reply ok 1152 read BTW : without -p (promiscuous) mode the connection gets killed in a matter of seconds. ~% ping -s 8000 172.16.11.3 PING 172.16.11.3 (172.16.11.3): 8000 data bytes 8008 bytes from 172.16.11.3: icmp_seq=0 ttl=64 time=0.819 ms 8008 bytes from 172.16.11.3: icmp_seq=1 ttl=64 time=0.745 ms 8008 bytes from 172.16.11.3: icmp_seq=2 ttl=64 time=0.756 ms 8008 bytes from 172.16.11.3: icmp_seq=3 ttl=64 time=0.737 ms 8008 bytes from 172.16.11.3: icmp_seq=5 ttl=64 time=0.770 ms 8008 bytes from 172.16.11.3: icmp_seq=6 ttl=64 time=0.751 ms 8008 bytes from 172.16.11.3: icmp_seq=8 ttl=64 time=0.770 ms 8008 bytes from 172.16.11.3: icmp_seq=9 ttl=64 time=0.746 ms 8008 bytes from 172.16.11.3: icmp_seq=10 ttl=64 time=0.755 ms 8008 bytes from 172.16.11.3: icmp_seq=11 ttl=64 time=0.749 ms 8008 bytes from 172.16.11.3: icmp_seq=12 ttl=64 time=0.769 ms 8008 bytes from 172.16.11.3: icmp_seq=13 ttl=64 time=0.756 ms There is lots of packetloss, also very high pingtimes were reported. `sudo tcpdump -pnettti re0 not port ssh' output while doing `ping -s 8000 172.16.11.3' Dec 23 02:14:14.629981 0:8:a1:3c:34:79 0:8:a1:3c:34:7a 0800 1514: 172.16.11.1 172.16.11.3: icmp: echo request (frag 36405:[EMAIL PROTECTED]) Dec 23 02:14:14.629990 0:8:a1:3c:34:79 0:8:a1:3c:34:7a 0800 1514: 172.16.11.1 172.16.11.3: (frag 36405:[EMAIL PROTECTED]) Dec 23 02:14:14.629995 0:8:a1:3c:34:79 0:8:a1:3c:34:7a 0800 1514: 172.16.11.1 172.16.11.3: (frag 36405:[EMAIL PROTECTED]) Dec 23 02:14:14.630001 0:8:a1:3c:34:79 0:8:a1:3c:34:7a 0800 1514: 172.16.11.1 172.16.11.3: (frag 36405:[EMAIL PROTECTED]) Dec 23 02:14:14.630008 0:8:a1:3c:34:79 0:8:a1:3c:34:7a 0800 1514: 172.16.11.1 172.16.11.3: (frag 36405:[EMAIL PROTECTED]) Dec 23 02:14:14.630013 0:8:a1:3c:34:79 0:8:a1:3c:34:7a 0800 642: 172.16.11.1 172.16.11.3: (frag 36405:[EMAIL PROTECTED]) Dec 23 02:14:14.630272 0:8:a1:3c:34:7a 0:8:a1:3c:34:79 0800 1514: 172.16.11.3 172.16.11.1: icmp: echo reply (frag 64957:[EMAIL PROTECTED]) I also examined irq conflicts. I removed the usb2 hub which conflicted with the nic on the openbsd machine. It didn't seem to matter much. Here is the ifconfig output from the Linux machine, which shows there are no network errors or conflicts: eth0 Link encap:Ethernet HWaddr 00:08:A1:3C:34:7A inet addr:172.16.11.3 Bcast:172.16.11.255 Mask:255.255.255.0 UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1 RX packets:526113 errors:0 dropped:0 overruns:0 frame:0 TX packets:551835 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:406518025 (387.6 Mb) TX bytes:322415079 (307.4 Mb) Interrupt:10 Base address:0x2f00 And here is the OpenBSD output: re0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:08:a1:3c:34:79 media: Ethernet autoselect (1000baseT full-duplex) status: active inet 172.16.11.1 netmask 0xff00 broadcast 172.16.11.255 inet6 fe80::208:a1ff:fe3c:3479%re0 prefixlen 64 scopeid 0x1 And here is the dmesg: OpenBSD 3.8-current (GENERIC) #319: Fri Dec 16 15:31:29 MST
Re: OpenBSD 3.8 PPPoE Broadband Connection Howto
On Wed, 21 Dec 2005 19:27:12 +0530, Siju George [EMAIL PROTECTED] wrote: Details of the exact kind of service package you have from your provider and occasionally info on the DSL hardware you're using are needed to figure out how things should be set up on your end. Its a ADSL Router from HUAWEI Model No. WA1003A Has both option for LAN and wireless. Internet connection comes by a telephone cable. It may have seemed strange for me to ask for this info but in many cases, including yours, it can make things real simple... This modem/router you have actually has a http based administration console built into the device and through the admin console you can configure the device itself to do your PPPoE for you. This means you can just use dhcp for your external interface and not run pppoe on your openbsd box. Details for accessing the web admin console on the device and setting up the pppoe are probably in the quick-start guide. http://www.huawei.com/products/terminal/pdf/view.do?f=360ctype=0 Also you mentioned wireless so are you *sure* about the part number you posted. There is a WA1003A-RU model number as well that specifically mentions wireless. I also stumbled across some info for setting the VPI/VCI values but they may or may not apply to your telco/provider/country. If the defaults don't work, you may need to ask your provider for the correct values. http://www.vinuthomas.com/Forums/viewtopic/p=26302.html jcr
Re: Weird Issue with FTP and pf(8)
On 22/12/05, eric [EMAIL PROTECTED] wrote: Here's something strange. I'm trying to connect from a pf gateway to an ftp server and it's failing in a very specific manner. Going through the pf gateway works fine using passive mode, but from the gateway itself using ftp(1) doesn't seem to work. Observe: $ ftp ftp.example.org [ login as anonymous ] ftp ls 229 Entering Extended Passive Mode (|||62283|) 435 Can't build data connection: No such file or directory. ftp ls 229 Entering Extended Passive Mode (|||50641|) 150 Opening ASCII mode data connection for '/bin/ls'. total 16 drwxr-xr-x 10 1000 1000 512 Nov 15 15:10 OpenBSD 226 Transfer complete. Why would I be getting a failed LIST the first time? This is very reproducable: basically every second time a dir or ls will work. Here's my pf from the host connecting to the FTP server. The machine these rules are from is 3.8-STABLE). ## blah = 10.18.209.66 binat on $ext_if from 192.168.217.244 to any - $blah nat on $ext_if from any to any - ($ext_if) rdr on $wire_if proto tcp from any to any port 21 - 127.0.0.1 port 8021 scrub out all no-df random-id max-mss 1440 fragment reassemble scrub in all no-df min-ttl 2 fragment reassemble block return log all label any-block-log block drop log from idiots to any block drop in log on ! em0 inet from 10.18.209.0/24 to any label em0-antispoof block drop in log on ! em0 inet from 10.18.209.48 to any label em0-antispoof block drop in log on em0 inet6 from fe80::20d:56ff:fefa:3b8f to any label em0-antispoof block drop in log inet from 10.18.209.79 to any label any-antispoof block drop in log inet from 10.18.209.48 to any label any-antispoof block drop in log on ! rl0 inet from 192.168.217.240/28 to any label rl0-antispoof block drop in log inet from 192.168.217.241 to any label any-antispoof block drop in log on rl0 inet6 from fe80::240:f4ff:fe71:8305 to any label rl0-antispoof pass out quick proto tcp from any port = ssh to any flags S/SA modulate state queue(ssh_dfl, ssh_pri) pass out quick inet proto tcp from any port = 3128 to any flags A/A keep state queue http pass in on em0 inet proto tcp from any port = ftp-data to (em0) user = 71 flags S/SA keep state label ftpproxy pass out quick proto tcp from any port = www to any flags A/A keep state queue httplo pass out quick proto tcp from any port = https to any flags S/SA modulate state queue http pass out quick proto tcp from any port = smtp to any flags S/SA modulate state queue smtp pass out quick proto tcp from any port = domain to any flags S/SA modulate state queue dns_tcp pass out quick proto tcp from any to any port = domain keep state queue dns_tcp pass out quick proto udp from any to any port = domain keep state queue dns_udp pass out quick proto udp from any to any port = ntp keep state queue dns_ntp pass out quick proto tcp all modulate state queue(tcp_dfl, tcp_pri) pass out quick proto udp all keep state queue udp pass out quick inet proto icmp all keep state queue icmp pass out quick inet6 proto ipv6-icmp all keep state queue icmp pass out quick all queue default block return-rst log proto tcp all flags /S queue default block return-rst log proto tcp all flags A/A queue default pass in on rl0 inet proto udp from any to any port = bootps keep state label rl0-bootps-in pass in on rl0 inet proto udp from 192.168.217.240/28 to 192.168.217.241 port = domain keep state label rl0-domain-udp-in pass in on rl0 inet proto tcp from 192.168.217.240/28 to 192.168.217.241 port = domain modulate state label rl0-domain-tcp-in pass in on rl0 inet proto udp from 192.168.217.240/28 to 192.168.217.241 port = ntp keep state label rl0-ntp-in pass in inet6 proto ipv6-icmp all icmp6-type toobig pass in inet6 proto ipv6-icmp all icmp6-type paramprob pass in inet6 proto ipv6-icmp all icmp6-type routeradv pass in inet6 proto ipv6-icmp all icmp6-type neighbrsol pass in inet6 proto ipv6-icmp all icmp6-type neighbradv pass in log on rl0 inet6 proto ipv6-icmp all icmp6-type routersol pass in log on rl0 inet6 proto ipv6-icmp all icmp6-type routeradv pass in log inet6 proto ipv6-icmp all icmp6-type echoreq keep state pass in inet proto icmp all icmp-type echoreq keep state pass in proto tcp from any to any port = auth modulate state label any-identd-in pass in proto tcp from any to any port = smtp modulate state label any-smtp-in pass in quick inet proto tcp from 192.168.217.240/28 to ! 192.168.217.241 flags S/SA modulate state pass in quick inet proto tcp from 192.168.217.240/28 to ! 192.168.217.241 keep state pass in quick inet proto udp from 192.168.217.240/28 to ! 192.168.217.241 keep state pass in quick inet from 192.168.217.240/28 to ! 192.168.217.240/28 keep state pass in quick inet proto tcp from 192.168.217.240/28 to 192.168.217.241 port = ssh modulate state Try changing rdr on $wire_if proto tcp from any to any port 21 - 127.0.0.1 port 8021 to
Re: erratic networking problem
I just tried installing openbsd on an old hd in the client PC and exactly the same stuff happens. And the suggestions made in this message also don't help a bit. http://archives.neohapsis.com/archives/openbsd/2005-10/1663.html # Han
Re: erratic networking problem
On 12/22/05, Han Boetes [EMAIL PROTECTED] wrote: This problem has been bugging me for month now. It started happening a month after 3.8 got tagged. At least, that's when I started noticing it. So it might be anything. But I suspect the OpenBSD side the most since returning to an older Linux release on the client from a liveCD didn't fix the problem. The OpenBSD server doesn't have a CD-drive. OpenBSD server - linux client Both rtl8169 gigabit networkcards Uploading to the server goes with 11Mbytes/s, the speedlimit of the ide harddrives, but the downloading goes with erratic speeds. 1Mbyte/s at best, 100Kbyte/s most of the time, sometimes no more than 20Kbytes/s and if you use a different protocol (ftp, http)? anything unusual in netstat -s?
Unsubscription Confirmation
You have been successfully removed and will not receive any more messages.