Re: Virtual interface
On 5/24/07, Michael [EMAIL PROTECTED] wrote: Hi, Renaud Allard schrieb: Unfortunately, this doesn't work on sysjail. I think the next version of sysjail should support dedicated IP, but I have no clue on when it will be out. Thats just too bad. The project seems neglected too at the moment so I wonder if that feature will ever come at all. indeed! the mailing list is dead, there is no way to even subscribe to it as per instructions (550 5.1.1 [EMAIL PROTECTED]: Recipient address rejected: User unknown in virtual mailbox table), Kristaps Johnson (the only dev who lists his email; http://sysjail.bsd.lv/contact.html) is uncontactable ('dig -t mx gradient-enterprises.com' fails!), the mailing list archives show the last post as going back to 16 Feb 2007... If anybody knows of any hope of life for this project, i'm sure i (and a lot of other folks too) would be interested. -jf -- It's so hard to write a graphics driver that open-sourcing it would not help. -- Andrew Fear, Software Product Manager, NVIDIA Corporation http://kerneltrap.org/node/7228
PFSYNC
Hi, I know i repeat myself, but that's important for me: my pf isn't syncing tables i create. Can I solve this? Thanks
Re: PFSYNC
On Sat, May 26, 2007 at 09:36:48AM +0200, Alberich de megres wrote: I know i repeat myself, but that's important for me: my pf isn't syncing tables i create. Can I solve this? Write a tool that synchronises your tables. The pfsync protocol as it stands is not an appropriate protocol for synchronizing tables, because it does not guarantee delivery, and provides only a best-effort basis at synchronising the state table (which is helped by the fact that messages on active states are sent frequently)
Re: mergemaster users, check login.conf
On Wed, May 23, 2007 at 06:31:31PM +, Christian Weisgerber wrote: People who use ports/sysutils/mergemaster to update /etc might want to manually check their /etc/login.conf: # cd /usr/src/etc # make DESTDIR=/var/tmp/temproot distribution-etc-root-var # diff -u /etc/login.conf /var/tmp/temproot/etc/login.conf [... compare, edit ...] # rm -r /var/tmp/temproot A while back, the default filedescriptor limit was bumped from 64 to 128. The login.conf file is generated from a template and that change happened in mklogin.conf, not login.conf.in. However, login.conf only sports the $OpenBSD: login.conf.in,v $ line. No difference there, so mergemaster skips the comparison, missing out on the change. (This is of particular importance to Firefox users, since FF tends to run out of file descriptors with the old limit, causing all sorts of odd problems.) -- Christian naddy Weisgerber [EMAIL PROTECTED] Thanks for the instructions. Same old question again: Will mergemaster be in 4.2? ;-] Tobias
Keys lots in Xenocara update ?
Hello, i lost various keys in last Xenocara update (i had the same issue when updating to snapshot with *41.tgz from 22/5 + x*41.tgz from 8/5 and to latest snapshot from ftp.ca, *41.tgz from 25/5 + x*41.tgz from 24/5). i removed /etc/X11 and /usr/X11R6 before update, and unrolled xetc41.tgz. to get my missing keys back, i have to load this .Xmodmap : keycode 211 = Left keycode 208 = Up keycode 213 = Right keycode 216 = Down keycode 209 = Prior keycode 217 = Next keycode 165 = Control_R keycode 192 = ISO_Level3_Shift keycode 207 = Home keycode 215 = End keycode 218 = Insert keycode 219 = Delete i'm using a dell d410, internal/external keyboard worked really fine with previous snapshot from ~1/5. Keyboard config in xorg.conf (tried with both 'dell' and 'pc105' for XkbModel, wskbd1 is here for an external usb keyboard.) Section InputDevice Identifier Keyboard0 Driver kbd Option Protocol wskbd Option Device /dev/wskbd0 #/dev/wskbd1 Option XkbModel dell#pc105 Option XkbRules xorg Option XkbLayout fr EndSection dmesg : http://gruiik.info/stuff/dmesg.boot did i miss something ? i can live with this .Xmodmap, just wanted to report this issue. the same upgrade on my desktop machine with external usb keyboard didn't show this problem. thanks for any help, Landry ps : as a sidenote, acpi works really fine on this laptop ! hw.sensors.acpitz0.temp0=53.55 degC (zone temperature) hw.sensors.acpiac0.indicator0=On (power supply) hw.sensors.acpibat0.volt0=11.10 VDC (voltage) hw.sensors.acpibat0.volt1=11.83 VDC (current voltage) hw.sensors.acpibat0.amphour0=6.86 Ah (last full capacity) hw.sensors.acpibat0.amphour1=0.72 Ah (warning capacity) hw.sensors.acpibat0.amphour2=0.22 Ah (low capacity) hw.sensors.acpibat0.amphour3=1.43 Ah (remaining capacity), OK hw.sensors.acpibat0.raw0=2 (battery charging), OK hw.sensors.acpibat0.raw1=2699 (rate) hw.sensors.acpidock0.indicator0=Off (not docked)
complex packet filter setup
hi list, i've a complex packet filter setup on a 4.0 box. +--+ ++ |Switch| |OBSD4.0 | pc 1 --|vlan1 | || 192.168.1.2/24 | | | +---+ | | |Trunk|vlan1-| | | pc 2 --|vlan2 |-|vlan2-|bridge0| |- pc 4 192.168.1.3/24 | | em0|vlan3-| | |em1 192.168.3.2 | | | em0-| | | pc 3 --|vlan3 | | +---+ | 192.168.2.2/24 | | || +--+ |carp0 | |192.168.1.1 | |192.168.2.1 | | carp1| | 192.168.3.1| ++ default policy is block on all on all interfaces, except bridge0 and loopback. i started with filtering from pc1 to pc4 with filtering on vlan1. i saw the traffic with tcpdump on vlan1 but the filter was never matched on vlan1. it was matched on em0 but i saw no traffic on em0. ok i modified my setup filtering on em0. now i would setup filters between pc1 and pc2. i started with filtering on em0. but it doesn't work. it works only on vlan1 and vlan2. i'm confused. but it works. now i would setup filters between pc1 and pc3. i think i should use my vlan interfaces vlan1 and vlan3. no ... thats wrong. in this case i should use em0 again (for different networks). hase everyone a simple explantation how this works ? thx thomas
panic: ffs_alloccg: map corrupted - SCSI parity errors
Hi folks, One of the servers (running 4.0, generic, fully patched) I'm responsible for has had a panic (see title line). I'll confess right away that I wasn't able to run trace or ps; I was away from the machine at the time and had to guide a colleague by phone through restarting the machine in a hurry - he had an office full of users breathing down his neck... Briefly: this machine runs an external 3Tb RAID array (a Nexsan ATAboy) via an Adaptec 29160 SCSI card; the RAID array is configured as four logical drives. Checking the logs, I see a bunch of parity errors a few days before, and then another bunch immediately prior to the panic. (The log lines, and the dmesg, follow my sig.) After restarting, the ATAboy self-diagnostics reported no errors. (I've run other tests which have reassured me we've lost no data.) The log shows errors on three of the four drives, which perhaps is unsurprising if it's the SCSI connection which wobbled. Are there any known issues with this SCSI card or driver (ahc)? Or do we just have flakey hardware? I've run memtest86+ ad nauseam etc etc with no issues at all, so I'm fairly confident about the base machine, but now unsure about the Adaptec card. The machine has otherwise been running happily with no errors or issues for several months now. Perhaps significantly, a large amount of data was being copied to the RAID array at the time, but this had been done many times before without issue. All cluebats gratefully received. Steve http://www.fivetrees.com *** Extracts from /var/log/messages: May 18 04:27:30 hglserver /bsd: sd3(ahc0:4:4): parity error detected in Data-in phase. SEQADDR(0x55) SCSIRATE(0xc2) May 18 04:27:30 hglserver /bsd: CRC Value Mismatch May 18 04:27:30 hglserver /bsd: sd3(ahc0:4:4): parity error detected in Data-in phase. SEQADDR(0x63) SCSIRATE(0xc2) May 18 04:27:30 hglserver /bsd: CRC Value Mismatch May 18 04:27:30 hglserver /bsd: sd3(ahc0:4:4): parity error detected in Data-in phase. SEQADDR(0x63) SCSIRATE(0xc2) May 18 04:27:30 hglserver /bsd: CRC Value Mismatch May 18 04:27:30 hglserver /bsd: sd3(ahc0:4:4): parity error detected in Data-in phase. SEQADDR(0x4e) SCSIRATE(0xc2) May 18 04:27:30 hglserver /bsd: CRC Value Mismatch (note: 4:27 corresponds to a time during which I run a crontab'ed rsync from another machine for partial offsite backup.) ... snip ... May 23 16:53:56 hglserver /bsd: sd1(ahc0:4:2): parity error detected in Data-in phase. SEQADDR(0x1a7) SCSIRATE(0xc2) May 23 16:53:56 hglserver /bsd: CRC Value Mismatch May 23 16:54:22 hglserver /bsd: sd2(ahc0:4:3): parity error detected in Data-in phase. SEQADDR(0x84) SCSIRATE(0xc2) May 23 16:54:22 hglserver /bsd: CRC Value Mismatch May 23 16:54:25 hglserver /bsd: sd2(ahc0:4:3): parity error detected in Data-in phase. SEQADDR(0x54) SCSIRATE(0xc2) May 23 16:54:25 hglserver /bsd: CRC Value Mismatch May 23 16:54:27 hglserver /bsd: sd2(ahc0:4:3): parity error detected in Data-in phase. SEQADDR(0x54) SCSIRATE(0xc2) May 23 16:54:27 hglserver /bsd: CRC Value Mismatch May 23 16:54:27 hglserver /bsd: sd2(ahc0:4:3): parity error detected in Data-in phase. SEQADDR(0x54) SCSIRATE(0xc2) May 23 16:54:27 hglserver /bsd: CRC Value Mismatch May 23 16:54:38 hglserver /bsd: sd1(ahc0:4:2): parity error detected in Data-in phase. SEQADDR(0x1a7) SCSIRATE(0xc2) May 23 16:54:38 hglserver /bsd: CRC Value Mismatch May 23 18:31:21 hglserver syslogd: restart May 23 18:31:21 hglserver /bsd: start = 0, len = 9793, fs = /s1 May 23 18:31:21 hglserver /bsd: panic: ffs_alloccg: map corrupted (note: panic occurred at 16:54; machine restarted at 18:31 after lengthy fscks...) *** dmesg: OpenBSD 4.0-stable (GENERIC) #10: Mon May 14 20:04:41 BST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Sempron(tm) 2400+ (AuthenticAMD 686-class, 256KB L2 cache) 1.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX, FXSR,SSE real mem = 1073246208 (1048092K) avail mem = 971010048 (948252K) using 4256 buffers containing 53764096 bytes (52504K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 12/08/04, BIOS32 rev. 0 @ 0xfda50, SMBIOS rev. 2.3 @ 0xf0630 (29 entries) pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf7f00/192 (10 entries) pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT8237 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x9000 0xc9000/0x5400 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA VT8377 PCI rev 0x80 ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 Matrox MGA G400/G450 AGP rev 0x85 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) re0 at pci0 dev 10 function 0 Realtek 8169 rev 0x10: irq 5, address 00:14:6c:c0:28:60
Re: Keys lots in Xenocara update ?
On 5/26/07, Landry Breuil [EMAIL PROTECTED] wrote: Hello, i lost various keys in last Xenocara update (i had the same issue when updating to snapshot with *41.tgz from 22/5 + x*41.tgz from 8/5 and to latest snapshot from ftp.ca, *41.tgz from 25/5 + x*41.tgz from 24/5). i removed /etc/X11 and /usr/X11R6 before update, and unrolled xetc41.tgz. to get my missing keys back, i have to load this .Xmodmap : keycode 211 = Left keycode 208 = Up keycode 213 = Right keycode 216 = Down keycode 209 = Prior keycode 217 = Next keycode 165 = Control_R keycode 192 = ISO_Level3_Shift keycode 207 = Home keycode 215 = End keycode 218 = Insert keycode 219 = Delete i'm using a dell d410, internal/external keyboard worked really fine with previous snapshot from ~1/5. Keyboard config in xorg.conf (tried with both 'dell' and 'pc105' for XkbModel, wskbd1 is here for an external usb keyboard.) Section InputDevice Identifier Keyboard0 Driver kbd Option Protocol wskbd Option Device /dev/wskbd0 #/dev/wskbd1 Option XkbModel dell#pc105 Option XkbRules xorg Option XkbLayout fr EndSection dmesg : http://gruiik.info/stuff/dmesg.boot did i miss something ? i can live with this .Xmodmap, just wanted to report this issue. the same upgrade on my desktop machine with external usb keyboard didn't show this problem. Check your /var/log/Xorg.0.log file for xkb related errors. I don't see right now anything that changed there since the initial xenocara snapshots. But what you describe look like your xkb configuration is rejected.
Re: Keys lots in Xenocara update ?
On Sat, 26 May 2007, Matthieu Herrb wrote: Section InputDevice Identifier Keyboard0 Driver kbd Option Protocol wskbd Option Device /dev/wskbd0 #/dev/wskbd1 Option XkbModel dell#pc105 Option XkbRules xorg Option XkbLayout fr EndSection FYI, I use a dell d420 and I don't use Option XkbModel dell, nor Protocol and Device and it works fine. But I don't use any external keyboard with it... so it might be a shot in the air ;) -- Antoine
to russian OpenBSD fans who wants official 4.1 CDs
I've got package* from Wim recently, with 4.1 CDs and stickers, for russian obsd fans who ordered it via me on some russian opensource forums. But there are some extra CDs (3-4 I think) which I can redistribute. So if you are living in Moscow or Saint-Petersburg, I can give it to you directly. If you are living in other cities I can send it to you. The price is exactly the same as if you order it on openbsd.org. All collected money will be sent back to Wim to support OpenBSD project, ofcourse. Feel free to mail me privately *images: http://www.toxahost.ru/images/obsd_packs/
Re: panic: ffs_alloccg: map corrupted - SCSI parity errors
On Sat, May 26, 2007 at 12:51:09PM +0100, Steve Fairhead wrote: Hi folks, One of the servers (running 4.0, generic, fully patched) I'm responsible for has had a panic (see title line). I'll confess right away that I wasn't able to run trace or ps; I was away from the machine at the time and had to guide a colleague by phone through restarting the machine in a hurry - he had an office full of users breathing down his neck... Briefly: this machine runs an external 3Tb RAID array (a Nexsan ATAboy) via an Adaptec 29160 SCSI card; the RAID array is configured as four logical drives. Checking the logs, I see a bunch of parity errors a few days before, and then another bunch immediately prior to the panic. (The log lines, and the dmesg, follow my sig.) After restarting, the ATAboy self-diagnostics reported no errors. (I've run other tests which have reassured me we've lost no data.) The log shows errors on three of the four drives, which perhaps is unsurprising if it's the SCSI connection which wobbled. Are there any known issues with this SCSI card or driver (ahc)? Or do we just have flakey hardware? I've run memtest86+ ad nauseam etc etc with no issues at all, so I'm fairly confident about the base machine, but now unsure about the Adaptec card. The machine has otherwise been running happily with no errors or issues for several months now. Perhaps significantly, a large amount of data was being copied to the RAID array at the time, but this had been done many times before without issue. All cluebats gratefully received. Steve http://www.fivetrees.com There are many known issues with ahc, known in the sense that mysterious errors do occur on apparently random instances of identical hardware. But if your hardware has worked up to this point without error I would tend to discount ahc as the problem. Assuming the driver is correctly reporting parity errors while reading data off the bus it would appear that the data path between your external box and the server is flakey or being disturbed in some way. And eventually corrupt data gets through. Ken *** Extracts from /var/log/messages: May 18 04:27:30 hglserver /bsd: sd3(ahc0:4:4): parity error detected in Data-in phase. SEQADDR(0x55) SCSIRATE(0xc2) May 18 04:27:30 hglserver /bsd: CRC Value Mismatch May 18 04:27:30 hglserver /bsd: sd3(ahc0:4:4): parity error detected in Data-in phase. SEQADDR(0x63) SCSIRATE(0xc2) May 18 04:27:30 hglserver /bsd: CRC Value Mismatch May 18 04:27:30 hglserver /bsd: sd3(ahc0:4:4): parity error detected in Data-in phase. SEQADDR(0x63) SCSIRATE(0xc2) May 18 04:27:30 hglserver /bsd: CRC Value Mismatch May 18 04:27:30 hglserver /bsd: sd3(ahc0:4:4): parity error detected in Data-in phase. SEQADDR(0x4e) SCSIRATE(0xc2) May 18 04:27:30 hglserver /bsd: CRC Value Mismatch (note: 4:27 corresponds to a time during which I run a crontab'ed rsync from another machine for partial offsite backup.) ... snip ... May 23 16:53:56 hglserver /bsd: sd1(ahc0:4:2): parity error detected in Data-in phase. SEQADDR(0x1a7) SCSIRATE(0xc2) May 23 16:53:56 hglserver /bsd: CRC Value Mismatch May 23 16:54:22 hglserver /bsd: sd2(ahc0:4:3): parity error detected in Data-in phase. SEQADDR(0x84) SCSIRATE(0xc2) May 23 16:54:22 hglserver /bsd: CRC Value Mismatch May 23 16:54:25 hglserver /bsd: sd2(ahc0:4:3): parity error detected in Data-in phase. SEQADDR(0x54) SCSIRATE(0xc2) May 23 16:54:25 hglserver /bsd: CRC Value Mismatch May 23 16:54:27 hglserver /bsd: sd2(ahc0:4:3): parity error detected in Data-in phase. SEQADDR(0x54) SCSIRATE(0xc2) May 23 16:54:27 hglserver /bsd: CRC Value Mismatch May 23 16:54:27 hglserver /bsd: sd2(ahc0:4:3): parity error detected in Data-in phase. SEQADDR(0x54) SCSIRATE(0xc2) May 23 16:54:27 hglserver /bsd: CRC Value Mismatch May 23 16:54:38 hglserver /bsd: sd1(ahc0:4:2): parity error detected in Data-in phase. SEQADDR(0x1a7) SCSIRATE(0xc2) May 23 16:54:38 hglserver /bsd: CRC Value Mismatch May 23 18:31:21 hglserver syslogd: restart May 23 18:31:21 hglserver /bsd: start = 0, len = 9793, fs = /s1 May 23 18:31:21 hglserver /bsd: panic: ffs_alloccg: map corrupted (note: panic occurred at 16:54; machine restarted at 18:31 after lengthy fscks...) *** dmesg: OpenBSD 4.0-stable (GENERIC) #10: Mon May 14 20:04:41 BST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Sempron(tm) 2400+ (AuthenticAMD 686-class, 256KB L2 cache) 1.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX, FXSR,SSE real mem = 1073246208 (1048092K) avail mem = 971010048 (948252K) using 4256 buffers containing 53764096 bytes (52504K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 12/08/04, BIOS32 rev. 0 @ 0xfda50, SMBIOS rev. 2.3 @ 0xf0630 (29 entries) pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ
openldap -- syncrepl and dynamic backend modules
I have been using the openldap (openldap-server-2.3.33p1-bdb) from ports and it works great when I use slurpd for replication. I would like to use syncrepl instead of slurpd, just to see what the benefits are. However I don't know how to enable the dynamic backend modules since they are not installed in /usr/local/libexec/openldap. I tried to modify the Makefile with --enable-overlays and --enable-modules but those attempts went down in flames. Is it possible to use syncrepl with openldap-server-2.3.33p1 on OpenBSD 4.1? What are the steps? Please let me know if you are able to help. Thanks very much, Vijay -- Vijay Sankar ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6 Phone: +1 (204) 885-9535, E-Mail: [EMAIL PROTECTED]
Re: update: net/tor [OT: [EMAIL PROTECTED] not working]
@rui I've just got a failure notice when sending to [EMAIL PROTECTED]: The following message to [EMAIL PROTECTED] was undeliverable. The reason for the problem: 5.1.0 - Unknown address error 554-'5.1.0 Sender Denied' Final-Recipient: rfc822;[EMAIL PROTECTED] Action: failed Status: 5.0.0 (permanent failure) Remote-MTA: dns; [10.137.34.6] Diagnostic-Code: smtp; 5.1.0 - Unknown address error 554-'5.1.0 Sender Denied' (delivery attempts: 0) Reporting-MTA: dns; neti03mx.hdi.tvcabo
Re: [Fwd: Re: update: net/tor [OT: [EMAIL PROTECTED] not working]]
hmm, weird, I've been using my mail without any problem. just use [EMAIL PROTECTED] if you want. Regards, rui On Sat, May 26, 2007 at 11:10:22PM +0100, OpenBSD - Wire Consulting wrote: Original Message Subject: Re: update: net/tor [OT: [EMAIL PROTECTED] not working] Date: Sat, 26 May 2007 23:44:59 +0200 From: Michael [EMAIL PROTECTED] To: misc@openbsd.org References: [EMAIL PROTECTED] [EMAIL PROTECTED] @rui I've just got a failure notice when sending to [EMAIL PROTECTED]: The following message to [EMAIL PROTECTED] was undeliverable. The reason for the problem: 5.1.0 - Unknown address error 554-'5.1.0 Sender Denied' Final-Recipient: rfc822;[EMAIL PROTECTED] Action: failed Status: 5.0.0 (permanent failure) Remote-MTA: dns; [10.137.34.6] Diagnostic-Code: smtp; 5.1.0 - Unknown address error 554-'5.1.0 Sender Denied' (delivery attempts: 0) Reporting-MTA: dns; neti03mx.hdi.tvcabo
pf block IP range
I know I can block an outgoing IP address such as block out quick on $external from any to 123.123.123.123 But can you also block a range of IP addresses? Such as block out quick on $external from any to 123.123.100.0-123.123.200.255 Thanks, Jim
ftp-proxy, pf and single machine network
Hi, I have a problem getting my ftp client to work through a pf firewall. I have a local machine (quark) with only one interface (fxp0) which connects to the internet through a router. PF is running on quark with a very simple set of rules (see below). I tried to follow the FAQ and the ftp-proxy man page to get those rules working, but they don't. I guess I am just doing something stupid or that I really don't understand what is going on... I tried setting net.inet.ip.forwarding=1 and running ftp-proxy with the -r flag, but nothing works. When I try to connect with gftp I get error message Looking up ftp.openbsd.org Trying openbsd.sunsite.ualberta.ca:21 Connected to ftp.openbsd.org:21 220- 220- Welcome to SunSITE Alberta 220- 220- at the University of Alberta, in Edmonton, Alberta, Canada 220- 220-All connections to and transfers from this server are logged. If 220-you do not like this policy, please disconnect now. 220- 220-You may want to grab the index file called ls-lR.gz in /pub. It is 220-updated nightly with the contents of the ftp tree. 220- 220-If you have any questions, hints, or requests, please email 220- 220-[EMAIL PROTECTED] 220- 220 USER anonymous 331 Who are you impersonating today? PASS 230- 230-Welcome to Sunsite Alberta 230- Login Successful. 230 Your data rate unrestricted SYST 215 UNIX Type: L8 TYPE I 200 Switching to Binary mode. CWD /pub 250 Directory successfully changed. Loading directory listing /pub from server (LC_TIME=C) PASV 227 Entering Passive Mode (129,128,5,191,164,210) Cannot create a data connection: No route to host Disconnecting from site ftp.openbsd.org So it seems that the connection gets established, but nothing can be transferred... I get similar messages when using ftp from a terminal. This is all on an OpenBSD 4.1 box. [EMAIL PROTECTED] loic cat /etc/pf.conf # $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $ # # See pf.conf(5) and /usr/share/pf for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or # net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. # Macros ext_if=fxp0 tcp_services={ ssh, smtp, domain, www, pop3, auth, sftp, \ pop3s, imap, imaps, https } udp_services={ domain, ntp } icmp_types=echoreq # Tables # Options set block-policy return set skip on lo # Scrub scrub in # Queueing #Translation nat-anchor ftp-proxy/* rdr-anchor ftp-proxy/* rdr pass on $ext_if proto tcp from any to any port ftp - \ 127.0.0.1 port 8021 # Filter rules #antispoof quick for $ext_if block all anchor ftp-proxy/* pass in on $ext_if proto tcp from any to $ext_if port ssh pass out proto tcp from any to any port 21 pass out proto tcp to any port $tcp_services pass out proto udp to any port $udp_services pass out inet proto icmp all icmp-type $icmp_types pass out proto tcp to www-atrium.bib.umontreal.ca port 8000 # Allow traceroute (8) to pass through pass out on $ext_if inet proto udp from any to any\ port 33433 33626 Any help is appreciated. Thanks in advance, Looc
i386: ath: HAL status 22
Hi all, CardBus adapter, Corega CG-WLCB54GS, on i386 #176: ath0 at cardbus1 dev 0 function 0: irq 9 ar5k_ar5212_nic_wakeup: failed to resume the AR5212 (again) ath0: unable to attach hardware; HAL status 22 http://www.openbsd.org/plus41.html says Disable 802.11g mode on AR5211 and 5212 based devices for now. but still - please let me know if more info would be helpful. OpenBSD 4.1-current (GENERIC) #176: Wed May 23 11:56:37 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class) 598 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,SER,MMX ,FXSR,SSE real mem = 133722112 (130588K) avail mem = 114249728 (111572K) using 1663 buffers containing 6811648 bytes (6652K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 07/18/00, BIOS32 rev. 0 @ 0xfd8a6, SMBIOS rev. 2.3 @ 0xea8b0 (29 entries) bios0: FUJITSU FMV7NA2BC2 apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 96% apm0: AC on, battery charge high, charging, estimated 3:12 hours apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd890/0x770 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf50/144 (7 entries) pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #9 is the last bus bios0: ROM list: 0xc/0x1 0xd/0x1000 acpi at mainbus0 not configured cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x03 ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x03 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Mobility 1 rev 0x64 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) cbb0 at pci0 dev 4 function 0 TI PCI1225 CardBus rev 0x01: irq 9 cbb1 at pci0 dev 4 function 1 TI PCI1225 CardBus rev 0x01: irq 9 piixpcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x02 pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 wi red to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: FUJITSU MHM2200AT wd0: 16-sector PIO, LBA, 19077MB, 39070080 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) uhci0 at pci0 dev 7 function 2 Intel 82371AB USB rev 0x01: irq 5 piixpm0 at pci0 dev 7 function 3 Intel 82371AB Power rev 0x03: SMI iic0 at piixpm0 maestro0 at pci0 dev 8 function 0 ESS Maestro 2E rev 0x10: irq 5 ac97: codec id 0x83847609 (SigmaTel STAC9721/23) ac97: codec features 18 bit DAC, 18 bit ADC, SigmaTel 3D audio0 at maestro0 fxp0 at pci0 dev 16 function 0 Intel 8255x rev 0x08, i82559: irq 5, address 00 :00:0e:cc:29:b2 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 8 device 0 cacheline 0x8, lattimer 0x20 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 9 device 0 cacheline 0x8, lattimer 0x20 pcmcia1 at cardslot1 isa0 at piixpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered biomask efed netmask efed ttymask ffef pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matches BIOS drive 0x80 root on wd0a swap on wd0b dump on wd0b ath0 at cardbus1 dev 0 function 0: irq 9 ar5k_ar5212_nic_wakeup: failed to resume the AR5212 (again) ath0: unable to attach hardware; HAL status 22 ath0 detached
Re: pf block IP range
Jim M wrote: I know I can block an outgoing IP address such as block out quick on $external from any to 123.123.123.123 But can you also block a range of IP addresses? Such as block out quick on $external from any to 123.123.100.0-123.123.200.255 Yes, but one writes this in CIDR style, thus for your example: block out quick on $external from any to 123.123.100.0/24 block out quick on $external from any to 123.123.200.0/24 A /23 would be 100 - 254, see 'sipcalc' or other such tools for calculations. Also see Wikipedia's CIDR entry for more details. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: ftp-proxy, pf and single machine network
I have a problem getting my ftp client to work through a pf firewall. I have a local machine (quark) with only one interface (fxp0) which connects to the internet through a router. PF is running on quark with a very simple set of rules (see below). I tried to follow the FAQ and the ftp-proxy man page to get those rules working, but they don't. I guess I am just doing something stupid or that I really don't understand what is going on... ftp-proxy is for forwarded connections, for passive connections from the host itself you'll need to allow some more outgoing ports. Cannot create a data connection: No route to host this message often means blocked by pf
Re: pf block IP range
yes block out quick on $external from any to 123.123.100.0/24 for example. Of course, the / equiv will need to be that of the size of the segment you are blocking on Enjoy - Original Message - From: Jim M [EMAIL PROTECTED] To: misc@openbsd.org Sent: Saturday, May 26, 2007 7:54 PM Subject: pf block IP range I know I can block an outgoing IP address such as block out quick on $external from any to 123.123.123.123 But can you also block a range of IP addresses? Such as block out quick on $external from any to 123.123.100.0-123.123.200.255 Thanks, Jim