crypto drives
Hi misc@, I'm interested in having a secure drive and I'm looking for some honest information. The sources I've seen so far are all biased and/or incomplete and/or out of date. Take, for example: http://www.onlamp.com/pub/a/bsd/2005/12/21/netbsd_cgd.html?page=3 http://mareichelt.de/pub/notmine/linuxbsd-comparison.html Was vnconfig's saltfile option created to address the offline dictionary attack concerns? How secure is svnd? Most specifically, to be secure in using it, what weaknesses do I have to be aware of? -Nick
IBM T60 - APM issues
I'm running 4.1-current on T60. I have got powerdown=YES in /etc/rc.shutdown and apmd_flags= in /etc/rc.conf.local. The laptop doesn't power itself off with halt -p. So, I have to turn off the laptop by pressing the power button manually every time. I was wondering if this is going to cause any hardware related issues with the laptop in the long-term. Thanks.
Re: xfce windows manager
2007/6/25, Nick Templeton [EMAIL PROTECTED]: Here are the packages (and their dependencies) that I install to get a nice Xfce desktop: xfce-utils xfce4-session xfce4-taskbar This one is deprecated/was included in panel package now in 4.4 :) xfdesktop xfwm4 don't forget xfce4-panel (surely installed as a dependency of one of these).. and some plugins if you want. Landry
sendmail inside jail
Hi, I'am trying to get sendmail running inside a sysjail with OpenBSD 4.1-stable for amd64 which is working fine so far for accepting emails. Now I've enabled SASL support for authentication and am asked for a password. When I enter it I get the following error messages in /var/log/authlog: Jun 26 10:13:55 warden sm-mta[17886]: Password verification failed Jun 26 10:13:56 warden sm-mta[17886]: Could not open db Someone got an idea what might be the problem here? Michael
Journal des cadeaux d'entreprise : Editorial Juillet
Bonjour, Suite ` la parution du Journal des Cadeaux d'Entreprise de juillet 2007, didii exclusivement aux nouveautis du cadeau d'entreprise, dicouvrez en avant-premihre et en vidio des cadeaux icologiques et surprenants pour votre communication d'entreprise. Dans l'attente de votre visite, Veuillez agrier l'expression de nos sinchres salutations. Michelle Walter Ridaction du Journal des Cadeaux d'Entreprise http://www.journal-cadeaux- entreprise.com/ Offre riservie exclusivement aux entreprises. Conformiment ` la Loi Informatique et Libertis parue au Journal Officiel du 6 janvier 1978, vous disposez d'un droit d'acchs, de rectification, et d'opposition aux donnies personnelles vous concernant. Pour ne plus recevoir d'informations de notre part, Cliq uez ici
Re: LC_COLLATE and PostgreSQL
O I think it is not good idea to change the code of OpenBSD by me. Years ago I was coding in C++ (at the University but with best mark ;). Now I am working for Oracle Corp. (PL/SQL and etc.) and I am a little out of practice ;) with C/C++. Maybe someone core OpenBSD Developer will agree with me, that the extended COLLATION in OpenBSD will be the strong point in the system functionality ? Best regards, Artur On Mon, 25 Jun 2007 22:47:47 +0200, Joachim Schipper [EMAIL PROTECTED] wrote: On Mon, Jun 25, 2007 at 11:50:10AM +0200, Artur Litwinowicz wrote: Hi Philip, thank You match for answer and nice words :). I am starting be concern for my problem but my love for OpenBSD is stronger then sort problems (data on my web are sorted not correctly) and I do not want to change system on may server. Maybe in the nearest feature OpenBSD Developers change the COLLATION support or someone know solution for this problem. Well, if you like to code, you might be able to port strcoll() and the like from another BSD - like FreeBSD. Joachim -- PotD: x11/bbkeys - X keygrabber for blackbox
wsmouse cut and paste in X
From my dmesg - my touchpad is detected as wsmouse0 at pms0 mux 0. I would like to be able to left-click to select text and right click to paste it. I added wsmoused_flags=-2 in my /etc/rc.conf.local file the cut and paste works fine in the tty console. But it doesn't work in X. My window manager is wmii. Any help would be appreciated. Thanks.
Re: wsmouse cut and paste in X
On Tue, 26 Jun 2007, atstake atstake wrote: But it doesn't work in X. My window manager is wmii. Try first and second button at the same time to paste. Also see emulate3buttons option. -- Antti Harri
Re: wsmouse cut and paste in X
On 6/26/07, Antti Harri [EMAIL PROTECTED] wrote: Try first and second button at the same time to paste. Also see emulate3buttons option. Thanks! Pressing first and second button at the same time works great!! Any idea which manpage to find more info on emulate3buttons option? man -k doesn't give anything. Thanks, again.
Re: wsmouse cut and paste in X
On Tue, 26 Jun 2007, atstake atstake wrote: Thanks! Pressing first and second button at the same time works great!! Great. Any idea which manpage to find more info on emulate3buttons option? man -k doesn't give anything. Hmm xorg.conf(5) doesn't list it.. I think it's on by default and you can set the behaviour (1st+2nd=paste) off. Someone correct me if I'm wrong.. -- Antti Harri
Re: wsmouse cut and paste in X
On Tuesday 26 June 2007 14:27:19 Antti Harri wrote: Hmm xorg.conf(5) doesn't list it.. I think it's on by default Try mouse(4) -- Antoine
Re: howto set nfsbootdevname for nfsroot?
Tom Cosgrove wrote: Heinrich Rebehn 25-Jun-07 13:57 Tom Cosgrove wrote: Sorry, one last thing: I find a dmesg from a (presumably unsuccessful) boot via xl0. Could you post that, too? So far it looks like the xl0 boot is correctly getting the right MAC address, so we need to find why it's not getting through to the NFS code. Thanks Tom The dmesg that i sent was from a successful boot via sk0. To post an unsuccessful boot's dmesg , i would have to type everything from the screen. What exactly do you want to know? Do you not have a serial console on this box? I'd like to double-check the NIC lines and the lines around the point it fails. It really should be printing out PXE boot MAC address ..., even on 4.1. Could you also post your exact kernel config file? And finally: it's worth trying this with GENERIC, too, particularly from -current (i.e. a snapshot) since that should be able to do this automatically. I was not aware that GENERIC can also deal with nfsroot. In fact, it works perfect with -stable! The problem shows when i change GENERIC to include root on nfs swap on nfs: [EMAIL PROTECTED] [~/src/sys/arch/i386/conf] # diff DISKLESS GENERIC 42,43c42 #config bsd swap generic configbsd root on nfs swap on nfs --- configbsd swap generic The dmesgs for both cases are attached (installed a serial console :-) ) --Heinrich [demime 1.01d removed an attachment of type application/octet-stream which had a name of xl0-GENERIC-stable] [demime 1.01d removed an attachment of type application/octet-stream which had a name of xl0-DISKLESS-stable]
Re: xfce windows manager
Nick Templeton wrote: Here are the packages (and their dependencies) that I install to get a nice Xfce desktop: xfce-utils xfce4-session xfce4-taskbar xfdesktop xfwm4 For me I normally do.. pkg_add -i \ xfce-utils \ orage \ terminal \ xfwm4 \ xfdesktop \ mousepad \ xfce-mcs-plugins This is on -current though. Can't survive without terminal and mousepad. :) Hope it helps, Lawrence -- Lawrence Teo Calyptix Security http://www.calyptix.com/
Re: wsmouse cut and paste in X
On Tuesday 26 June 2007 15:03:17 Peter Strvmberg wrote: doesn't work ... :P Sorry, typo, I meant vmmouse(4) -- Antoine
Re: wsmouse cut and paste in X
Antoine Jacoutot [EMAIL PROTECTED] wrote: Hmm xorg.conf(5) doesn't list it.. I think it's on by default Try mouse(4) Actually that page is now installed as mousedrv(4). -- Christian naddy Weisgerber [EMAIL PROTECTED]
Re: OBSD 4.1 drops to ddb with cdd0: error 22 on component 0 (and 1 (mirror))
This is the expected behavior for a failure on a CCD component. Try cutting the SATA cable to a live system some time; watch the kernel panic there as well. Suddenly it cant stat() / or read/write from swap. You're playing with fire with CCD anyway: RAID0. The stuff in 4.1 wasn't touched for months...6, 10, 11, 11, look at the time between commits. There's some new recent activity. Try RAIDFrame w/ raid0 for a little-more-active development. ~BAS On Thu, 2007-06-14 at 15:56 +0200, Marius Hooge wrote: Hi, I don't know how to handle this: My OpenBSD 4.1 Generic i386 box occasionally freezes completely, without any warning. No Ctrl+Mod1+F1 or any other key-combination, no ssh or ping works. IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message to an intended recipient), please be advised that any re-use, dissemination, distribution or copying of this message is prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
Re: IBM T60 - APM issues
On 26/06/07, atstake atstake [EMAIL PROTECTED] wrote: I'm running 4.1-current on T60. I have got powerdown=YES in /etc/rc.shutdown and apmd_flags= in /etc/rc.conf.local. The laptop doesn't power itself off with halt -p. So, I have to turn off the laptop by pressing the power button manually every time. I was wondering if this is going to cause any hardware related issues with the laptop in the long-term. Thanks. Maybe that will help: $ grep apmhalt /etc/sysctl.conf #machdep.apmhalt=1 # 1=powerdown hack, try if halt -p doesn't work -- viq
pftop question
Good Day, I was looking at pftop and noticed the following and would like to understand its meaning DROP_P DROP_B QLEN SUSPEN I have tried to search the man and google but luck was not with me. ta -e
Re: pftop question
On 2007/06/27 00:43, Pui Edylie wrote: Good Day, I was looking at pftop and noticed the following and would like to understand its meaning they're for queues. DROP_P dropped packets DROP_B dropped bytes QLEN queue length SUSPEN suspends
Re: C++ Book
The book from Bjarne Stroustrup (The C++ Programming Language) is state of the art if you are not focused on a special subject.
Re: pftop question
Hi Stuart, Thank you for the reply. May i ask uner what circumtances that a packet could be in suspends category? ta -e - Original Message - From: Stuart Henderson [EMAIL PROTECTED] To: Pui Edylie [EMAIL PROTECTED] Cc: misc misc@openbsd.org Sent: Wednesday, June 27, 2007 1:05 AM Subject: Re: pftop question On 2007/06/27 00:43, Pui Edylie wrote: Good Day, I was looking at pftop and noticed the following and would like to understand its meaning they're for queues. DROP_P dropped packets DROP_B dropped bytes QLEN queue length SUSPEN suspends
Re: Kernel MINIROOTSIZE 8192 = No Boot
On Fri, 2007-06-15 at 16:51 +, Tobias Weingartner wrote: And no information about the machines beyond that? No dmesg, no information option NKPTP=16 ...fixed it. I wasn't going to burn 200k and 30 minutes on an e-mail about an issue that likely someone already knows about and has a quick one-line fix such as this. (only to get a you're not running GENERIC response) I know there are people out there running embedded environments who were testing 4.1 during -current. ~BAS -- Brian A. Seklecki [EMAIL PROTECTED] Collaborative Fusion, Inc. IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message to an intended recipient), please be advised that any re-use, dissemination, distribution or copying of this message is prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
Re: isakmpd on OpenBSD 3.7 and OpenBSD 4.0
Thanks to Stuart Henderson. On 2007/06/25 11:35, catalin visinescu wrote: I see that OpenBSD 3.7 isakmpd and OpenBSD 4.0 isakmpd do not establish security associations. try -T (disable nat-t) on the 4.0 side. If it works, can you post back to misc@ to get it in the archives please. - Ask a question on any topic and get answers from real people. Go to Yahoo! Answers. Received: from [207.34.229.126] by web39710.mail.mud.yahoo.com via HTTP; Mon, 25 Jun 2007 11:35:19 EDT Date: Mon, 25 Jun 2007 11:35:19 -0400 (EDT) From: catalin visinescu [EMAIL PROTECTED] Subject: isakmpd on OpenBSD 3.7 and OpenBSD 4.0 To: misc@openbsd.org MIME-Version: 1.0 X-Security: message sanitized on shear.ucar.edu See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.147 $Date: 2004-10-02 11:16:26-07 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit Content-Length: 516 X-Converted-To-Plain-Text: from multipart/alternative by demime 1.01d X-Converted-To-Plain-Text: Alternative section used was text/plain Hello, I see that OpenBSD 3.7 isakmpd and OpenBSD 4.0 isakmpd do not establish security associations. I get an INVALID-PAYLOAD-TYPE message. isakmpd 3.7 does not seem to understand payload RESERVED. Is there a way I can run isakmpd 4.0 downgraded or any other way to get the two of them to work together? Thank you, ./catalin - Ask a question on any topic and get answers from real people. Go to Yahoo! Answers.
Re: pftop question
On 2007/06/27 01:30, Pui Edylie wrote: Thank you for the reply. May i ask uner what circumtances that a packet could be in suspends category? you should probably read parts of this if you'd like to learn more about altq internals: ftp://ftp.sonycsl.co.jp/pub/kjc/papers/dissertation.ps.gz try searching for 'offtime' as well as 'suspen*' (if you search for suspend, you'll need to look for suspend/suspension and some mis-spellings). (ps2pdf, from ghostscript, does a reasonable job of getting it into a format that be searched a little more easily)...
ps wrapping
Is there anyway to make ps format its output to not cut off lines at the edge of the screen? Is have a long command line I'm trying to remember and I can't see it all. I tried -o command but it's still too long. Perhaps a newbie question, but I suspect it might not actually be possible. Also, for the record, `ps $PID` works (exactly like `ps -p $PID`) as you'd guess, but it's not in the man page. -Nick
Re: ps wrapping
Nick Guenther [EMAIL PROTECTED] writes: Is there anyway to make ps format its output to not cut off lines at the edge of the screen? Is have a long command line I'm trying to remember and I can't see it all. you could always redirect to less (or to a file for that matter). -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: ps wrapping
Nick Guenther wrote: Is there anyway to make ps format its output to not cut off lines at the edge of the screen? Is have a long command line I'm trying to remember and I can't see it all. I tried -o command but it's still too long. Perhaps a newbie question, but I suspect it might not actually be possible. Also, for the record, `ps $PID` works (exactly like `ps -p $PID`) as you'd guess, but it's not in the man page. -Nick I use 'ps aux -w' in my scripts and haven't had a problem Chris -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: ps wrapping
On Tue, 26 Jun 2007, Chris Tankersley wrote: Nick Guenther wrote: Is there anyway to make ps format its output to not cut off lines at the edge of the screen? Is have a long command line I'm trying to remember and I can't see it all. I tried -o command but it's still too long. Perhaps a newbie question, but I suspect it might not actually be possible. Also, for the record, `ps $PID` works (exactly like `ps -p $PID`) as you'd guess, but it's not in the man page. -Nick I use 'ps aux -w' in my scripts and haven't had a problem Please read the man page. -w still truncates. Use -ww if you do not want truncation. -Otto
Re: ps wrapping
On Tue, Jun 26, 2007 at 02:28:37PM -0400, Nick Guenther wrote:
Is there anyway to make ps format its output to not cut off lines
at the edge of the screen? Is have a long command line I'm trying
to remember and I can't see it all. I tried -o command but it's
still too long.
ps(1):
-w Use 132 columns to display information, instead of the default,
which is the window size. If the -w option is specified more
than once, ps will use as many columns as necessary without re-
gard for window size.
--
o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*
Re: C++ Book
Danny wrote: Good Day, My apologies if this question has been asked a million times before. I want to know if there is a good book out there to learn C++ on UNIX/Linux. Check out this thread on Slashdot: http://books.slashdot.org/comments.pl?threshold=4mode=nestedcommentsort=0op=Changesid=151935 In particular, I think the comment from foo fighter is what you're looking for: http://books.slashdot.org/comments.pl?sid=151935cid=12761859 As with anything on Slashdot, keep your wits about you with a healthy dose of skepticism. -- Freedom, truth, love, beauty. John Rodenbiker [EMAIL PROTECTED]
Re: ps wrapping
On 6/26/07, Will Maier [EMAIL PROTECTED] wrote: On Tue, Jun 26, 2007 at 02:28:37PM -0400, Nick Guenther wrote: Is there anyway to make ps format its output to not cut off lines at the edge of the screen? Is have a long command line I'm trying to remember and I can't see it all. I tried -o command but it's still too long. ps(1): -w Use 132 columns to display information, instead of the default, which is the window size. If the -w option is specified more than once, ps will use as many columns as necessary without re- gard for window size. Aah, my eyes completely skipped over that. Thanks a lot.
Re: C++ Book
On 6/26/07, Marc Espie [EMAIL PROTECTED] wrote: There is very little that's unix specific in these books. As far as using C++ on unix goes, I would recommend learning some qt, and looking at all the fine applications available in the ports tree, a lot of stuff based on qt or kde is fairly decent, and highly interesting as far as modern C++ style goes... really? i've barely touched qt, but i'd say its use of macros and stringify is closer to horrifying. it may be interesting, but imo it's not a good way to learn c++, especially since it throws away the benefits of static type checking. now, if you want objective c, you know where to find it...
Re: Kernel MINIROOTSIZE 8192 = No Boot
Brian A. Seklecki wrote: On Fri, 2007-06-15 at 16:51 +, Tobias Weingartner wrote: And no information about the machines beyond that? No dmesg, no information option NKPTP=16 ...fixed it. I wasn't going to burn 200k and 30 minutes on an e-mail about an issue that likely someone already knows about and has a quick one-line fix such as this. (only to get a you're not running GENERIC response) But you wanted us to burn that amount for you? Somewhat selfish, no? The dmesg, and the 'machine memory' may have helped the developers as well. We live in a world where information is like gold, the more you have it, the better we can support all hardware out there. Embedded systems are the type of systems that push the envelope of what it means to be X (a PC, etc). When you give more information along with your requests you help us out by enabling us to get a better generic view of the world out there, and possibly support fringe hardware in the future by generalizing our code. I know there are people out there running embedded environments who were testing 4.1 during -current. And? They may or may not be running *your* hardware. And we may or may not have the information from your hardware to add to our collective list of weird things out there. Again, thank you for your support... -- [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax
Re: Only one core of an amd X2 4600 is in use
Stephan Andreas wrote: See my dmesg.txt Multicoreprocessor support is enabled in BIOS and I boot the bsd.mp. I have upgraded my system from 4.1 to a current snapshot of OpenBSD 4.1, but the problem is the same. [..] acpi at mainbus0 not configured Is ACPI disabled on your box? - check your BIOS that it is on. cpu0 at mainbus0: (uniprocessor) It only sees one CPU, most likely due to missing ACPI. [..] WARNING: NVRAM century is 32 but RTC year is 2007 Clearly something is wrong with the config of the BIOS. try resetting it or turning some knobs. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
isakmpd: message_recv: invalid cookie(s)
On two OpenBSD 4.1-stable systems, I get: isakmpd[31988]: message_recv: invalid cookie(s) 378fd1c537d22b16 38bf2f6699147070 isakmpd[31988]: dropped message from 128.164.144.144 port 500 due to notification type INVALID_COOKIE isakmpd is running with the -K option, and ipsec.conf is very simple, ike esp from 128.164.159.159 to 128.164.144.144 quick enc aesctr IPsec is working. I'm unsure why occasionally the cookie becomes invalid and what it is I can do about it. What is the problem?
Spamd sync observations and differences and setup question.
Hi, I setup the spamd sync feature between two servers running 4.1 and I observe the following issues with the setup itself. Some setup based on the man page do not work for me anyway and some are not always reliable and some always work. See below. Example Interface facing the Internet: dc0. server1.test.com 1.1.1.2 server2.test.com 1.1.1.3 setup in rc.conf.local that always work. In server 1: spamd_flags=-y dc0 -Y 1.1.1.3 In server 2: spamd_flags=-y dc0 -Y 1.1.1.2 = Setup that mostly work. Meaning if you reboot, it doesn't always start spamd and as far as I can tell, that's because the name resolutions do not work right away when the query is requested, or something like that. This configuration will not always work and be reliable on reboot of servers. However based on the man page, it should. if you do it on the command line it does. Just reboot doesn't always do it. In server 1: spamd_flags=-y dc0 -Y server2.test.com In server 2: spamd_flags=-y dc0 -Y server1.test.com == Setup that I never been able to get to work. I see the message that said the initial communications between the two servers, but never do I see any sync messages exchanged between the two on the multicast channel. Only the initial helo message, but never any updates. In server 1: spamd_flags=-y dc0 -Y dc0 In server 2: spamd_flags=-y dc0 -Y dc0 Setup that I never got to work at all. Not even the initial help message at all. In server 1: spamd_flags=-y server1.test.com -Y server1.test.com -Y server2.test.com In server 2: spamd_flags=-y server2.test.com -Y server1.test.com -Y server2.test.com In theory the man page said that you should be able to do this. I get: spamd: sync init: Device not configured I am still puzzle as to why it also should send the updates to itself here. Meaning -Y server2.test.com when it's configure on server2? It's the one sending the updates, so it already know what it is sending. Anyway, that's what I got. Now in the final setup, I do see the sync messages in the first configuration above, but it's still not clear to me how I can see the results in the /var/db/spamd file, or may be in the pf table spamd-white. I try to add some address to see with spamdb -a 1.2.3.4 on one side and expected it to be added on the second server, but never see it in the spamdb. I don't see it in the pf table spamd-white either. Isn't it suppose to be there some how? Or may be I need to add something in the pf configuration to log it to the spamd-white table when the updates are coming in. That might be it, but the man page say nothing about that. Am I forgetting something here. All this is with brand new 4.1 install. Thanks Daniel
Re: Only one core of an amd X2 4600 is in use
I believed when openbsd kernel took control, it did not matter the bios stuff. On 6/26/07, Jeroen Massar [EMAIL PROTECTED] wrote: Stephan Andreas wrote: See my dmesg.txt Multicoreprocessor support is enabled in BIOS and I boot the bsd.mp. I have upgraded my system from 4.1 to a current snapshot of OpenBSD 4.1, but the problem is the same. [..] acpi at mainbus0 not configured Is ACPI disabled on your box? - check your BIOS that it is on. cpu0 at mainbus0: (uniprocessor) It only sees one CPU, most likely due to missing ACPI. [..] WARNING: NVRAM century is 32 but RTC year is 2007 Clearly something is wrong with the config of the BIOS. try resetting it or turning some knobs. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: isakmpd: message_recv: invalid cookie(s)
Jason Mader wrote: On two OpenBSD 4.1-stable systems, I get: isakmpd[31988]: message_recv: invalid cookie(s) 378fd1c537d22b16 38bf2f6699147070 isakmpd[31988]: dropped message from 128.164.144.144 port 500 due to notification type INVALID_COOKIE isakmpd is running with the -K option, and ipsec.conf is very simple, ike esp from 128.164.159.159 to 128.164.144.144 quick enc aesctr IPsec is working. I'm unsure why occasionally the cookie becomes invalid and what it is I can do about it. What is the problem? Not that it helps, but I see the same behavior. -Steve S.
Re: IBM T60 - APM issues
On 6/27/07, viq [EMAIL PROTECTED] wrote: $ grep apmhalt /etc/sysctl.conf #machdep.apmhalt=1 # 1=powerdown hack, try if halt -p doesn't work Thanks but that didn't help. At the monent I'm thinking of re-compiling the kernel as someone mentioned (off the list) that I need to enable acpi in the kernel. I was wondering if there's something I could enable from the UKC prompt as mentioned here: http://openbsd.org/faq/faq5.html#Options and thus avoid re-compiling the kernel altogether. Thanks for any help.
Re: nat trouble accessing web
Sounds like a possible MTU issue... Liberal use of tcpdump should
help in diagnosing the problem.
On 6/25/07, Lawrence Horvath [EMAIL PROTECTED] wrote:
Im having some trouble accessing certain sites from my laptop going
through a obsd router doing nat
I have 2 tested configurations
Laptop---Cisco1721[doing nat]---internet msn.com
and
Laptop---Cisco1721--(gre0)Openbsd[doing nat]---internet msn.com
in the first setup, i have a local network behind a cisco1721, the
cisco does nat, and all works well
in the second setup, i have an internal network that spans via gre
from the cisco to an Openbsd router in colo which does the nat, this
is not working for me at all, when i try to go to msn.com, my browser
just sits there, i have tried this from 1 other computer as well
OpenBSD 4.0 GENERIC.MP#936 i386
# cat /etc/pf.conf.test
# Macros
# Tables
# Options
# Traffic Normalization(scrub)
# Queueing
# Translation(nat-binat-rdr)
# Packet Filtering
ext_if=tl0
tun_if=gre0
int_ip={ 10/8 192.168/16 }
natpool_ip=208.179.68.11
local_ip={ 10/8 192.168/16 208.179.68.8/29 208.179.25/24 }
set optimization high-latency
no nat on $ext_if from $local_ip to $local_ip
nat on $ext_if from $int_ip to any - $natpool_ip
pass in all
pass out all
im using ospfd to route over the gre
with either situation, i can get good name resolution, and i can
telnet to the msn server on 0 and issue a get request successfully i
can get to almost any other website in either config, google, yahoo,
etc, there are only a few i cant get to
if there is any other info requested, im happy to provide
thank you
