Re: Help setting up a PF NAT gateway

Okay. If you're going to give access to internet users to be able to access your system inside your LAN/DMZ(eg webserver), you will need to do NAT. If you want the server which is configured by private ip address is reachable from internet users, you will need NAT. The way you do NAT might depend

Re: android's adb

On Mon, 10 Oct 2011, joshua stein wrote: > (this should probably be on ports@) > > > with more and more android phones around, > > it would be nice to have a working 'adb' > > to make backups and push custom ROMs on the devices. > > > > i found an older adb linux exectuble in their SDK archives.

Re: CVS

On Tue, 11 Oct 2011 15:45:23 +1030, Giridhari wrote: >Why does it say on http://www.openbsd.org/anoncvs.html > > a.. NOTE: If you are updating a source tree that you initially fetched from >a different server, or from a CD, you must add the -d >anon...@anoncvs.ca.openbsd.org:/cvs options to cvs.

CVS

Why does it say on http://www.openbsd.org/anoncvs.html a.. NOTE: If you are updating a source tree that you initially fetched from a different server, or from a CD, you must add the -d anon...@anoncvs.ca.openbsd.org:/cvs options to cvs. # cd /usr/src # cvs -d anon...@anoncvs.ca.o

Re: Help setting up a PF NAT gateway

No I was not aware of this. Could you please explain the meaning of an alias address on the external interface for NAT? There is no mention of using an alias for NAT in this document for example http://www.openbsd.org/faq/pf/nat.html Just to be clear, I already have an external and internal physi

Only noise from Azalia

I can get only noise from the audio of a notebook Acer Aspire 5820T-6825. dmesg, audioctl and mixerctl are attached. Any advice? Thank you. --Jairo dmesg OpenBSD 4.9 (GENERIC.MP) #819: Wed Mar 2 06:57:49 MST 2011 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.

Wichtig: Ihr ClickandBuy-Konto ist zeitlich begrenzt!

Sehr geehrtes Mitglied ClickandBuy, Aufgrund der Online-Betrug, erhvhter ClickandBuy Sicherheitssysteme f|r alle Benutzer. So aktualisieren Sie Ihr Konto mit der neuen Sicherheitsma_nahmen laden Sie bitte das beigef|gte Formular aus und befolgen Sie alle Schritte. Wichtig: Wenn Sie nicht ausf|

Re: The OpenBSD user community needs to shake things up

On Mon, Oct 10, 2011, Alexey E. Suslikov wrote: > Marc Espie nerim.net> writes: > >> >> Don't blame the tools. Blame the *people* who don't test. > > I wonder why jasper@ went to github if mailing lists are > good enough. ports and base are different enough I don't think we should immediately d

Re: SATA RAID card suggestions?

On Mon, 10 Oct 2011 14:50:45 -0700, Ryan Corder wrote: > On Mon, Oct 10, 2011 at 02:16:47PM -0600, Richard Johnson wrote: > I've had great success with the Areca ARC-1210. > > http://www.areca.com.tw/products/pcie.htm Wups, I was apparently too tired last night to find the Areca cards, though I

Re: android's adb

(this should probably be on ports@) > with more and more android phones around, > it would be nice to have a working 'adb' > to make backups and push custom ROMs on the devices. > > i found an older adb linux exectuble in their SDK archives. > it can be started under linux emulation, but that's a

Re: Help setting up a PF NAT gateway

Hi Stefan, As you mentioned that the IP forwarding is already enabled on your system. Have you configured the IP alias on the network interface for the NAT purpose? If the NAT is done on external interface then you'll need to add in the IP alias on /etc/hostname.vic2 Please read the guide from op

Re: 4.9 build problems

On 2011-10-10, ??? wrote: > DESTDIR was the reason of mess. > "unset DESTDIR" solved the problem Ah yes, DESTDIR is not supported for building (and doesn't work on the gcc4 arches). Next time you show your process it helps if you don't miss out important things like that.. >> On 2011-

Foro Empresarial 2da Edición. Estrategias Empresariales rumbo al 2012.

[IMAGE] Pms de Mixico prestigiada firma de Capacitacisn presenta: Foro Empresarial 2011 2da Edicisn Personal Branding, MKT y Medios Creativos, Planeacisn Un foro donde convergen lmderes de Marketing, Management, P.E., Coaching. Engel Fonseca Liderazgo 2.0, Eframn Mendicuti Personal Branding, Ariel

Re: SATA RAID card suggestions?

On Mon, Oct 10, 2011 at 02:16:47PM -0600, Richard Johnson wrote: | I'm looking to possibly use a SATA RAID card instead of softraid(4) on a | new amd64 PCIx or PCI express machine build. | | I'm tired of rebooting into the bios for other machines with mfi(4). So I | want to build something managea

Infracciones de transito pendientes

Lunes 10 de octubre del 2011, Buenos Aires Republica Argentina Estimado contribuyente: Detectamos en nuestro Sistema Integrado de Multas de transito (SIMT) varias infracciones cometidas por su vehiculo. Debido a que usted no se notifico en el tribunal de faltas correspondiente le reenviamos las F

SATA RAID card suggestions?

I'm looking to possibly use a SATA RAID card instead of softraid(4) on a new amd64 PCIx or PCI express machine build. I'm tired of rebooting into the bios for other machines with mfi(4). So I want to build something manageable via bio(4), bioctl(4), and maybe sensorsd(8). That'll either be softr

Re: smtpd and virtuals

> In manXX.tgz (since 4.8) and also on web-cgi, the smtpd.conf(5) man > page references makemap(8) more than once ... > ... with explicit instructions to use that man page as a guide when > making db maps and/or understanding the format of plain maps. > > [..] > > This has been the case for over a

Re: smtpd and virtuals

On Mon, Oct 10, 2011 at 10:45:37PM +0300, Henri Kemppainen wrote: > > I don't know what can be done about users, but I know what the users can > do: try figure out what is lacking or misleading, maybe contact the > developer(s), and propose a change. Something like this: > > Index: makemap.8 > ==

Re: smtpd and virtuals

Hi Henri. On 11/10/2011, Henri Kemppainen wrote: > > I agree this isn't ideal. On the other hand, having a system ship with > two overlapping & incompatible alternatives is a rather exceptional case, > and there's no way to automagically please everyone. One could suggest > renaming the manuals

Re: smtpd and virtuals

On Tue, Oct 11, 2011 at 04:17:11AM +1030, David Walker wrote: > Hi Gilles. > Hi, > If my previous is hostile ... sorry. > > [...] > > I was angry about various things but that's down to me. > You've done work here. > I haven't. > You've outlined it. You've been hostile, you've been angry. W

Re: smtpd and virtuals

On Tue, Oct 11, 2011 at 03:14:26AM +1030, David Walker wrote: > Hi. > Hi, > In manXX.tgz (since 4.8) and also on web-cgi, the smtpd.conf(5) man > page references makemap(8) more than once ... > ... with explicit instructions to use that man page as a guide when > making db maps and/or understand

Re: The OpenBSD user community needs to shake things up

Marc Espie nerim.net> writes: > > Don't blame the tools. Blame the *people* who don't test. I wonder why jasper@ went to github if mailing lists are good enough. And you didn't respond on dead bug-tracker issue: if people test where is a place to put results? Alexey

Re: Help setting up a PF NAT gateway

A couple of general comments, "keep state" is the default, no need to specify "from any to any port = " - "to port" does the same thing quick means "if we match this, we do no more evaluation for this one". I suspect your quick rules before the nat-to match rules mean that anything that matche

Re: Help setting up a PF NAT gateway

I have taken away the block all rule, but pfctl -d makes no difference. The gateway itself behaves just like any server connected to multiple vlans. You can reach the world around it, through its default gateway you can reach the internet. The servers connected to its private vlan, vic3, cannot co

Re: Help setting up a PF NAT gateway

match out on egress inet from vic3:network nat-to (egress:0) This is the new rule then, as it appears in pfctl -v match out on egress inet from 10.221.181.0/24 to any nat-to (egress:0) round-robin vic2 is only NIC in egress group in ifconfig. nc -vv cvs.openbsd.org 25 from 10.221.181.20 does no

Re: Help setting up a PF NAT gateway

Stefan Midjich writes: > Not sure what you mean but they're both in switched vlans, two > different vlans. Point to Point is a crossover cable right? I'm not > sure what it means in English. This is all a virtual environment I use > for training so there are no cables as such. take a step back.

Re: Help setting up a PF NAT gateway

On 10 October 2011 15:05, Stefan Midjich wrote: > That was from the output of pfctl -vf /etc/pf.conf so it expands the > rules and adds all that is implied, like keep state for example. > I think that is not what you want: match in on vic3 inet from 10.221.181.0/24 to any label "NATOut" nat-to (v

Re: Help setting up a PF NAT gateway

Not sure what you mean but they're both in switched vlans, two different vlans. Point to Point is a crossover cable right? I'm not sure what it means in English. This is all a virtual environment I use for training so there are no cables as such. 2011/10/10 Peter N. M. Hansteen : > Stefan Midjich

Re: Help setting up a PF NAT gateway

Stefan Midjich writes: > $ sudo cat /etc/hostname.vic2 # External NIC with static public IPv4 address > inet 50.50.50.59 255.255.255.0 50.50.50.255 > $ sudo cat /etc/hostname.vic3 # Internal NIC used as gateway by two machines > on same network > inet 10.221.181.10 255.255.255.0 10.221.181.255

Re: Help setting up a PF NAT gateway

$ sudo pfctl -sr |grep nat-to match in on vic3 inet from 10.221.181.0/24 to any label "NATOut" nat-to (vic2) round-robin pfctl -vsl shows only evaluated packets for all my rules, which worries me, it never increments the counter of packets gone through any of the nat rules. Only the first rules fo

Re: Help setting up a PF NAT gateway

ManagementIF = "vic0" PFsyncIF = "vic1" LocalIF = "lo0" ManagementPorts = "{ 1022, 22 }" UDPManagementPorts = "{ domain }" ICMPTypes = "{ echorep, echoreq, unreach }" set skip on { lo0 vic1 } OutIF = "vic2" InIF = "vic3" pass quick on vic0 inet proto tcp from any to any port = 1022 flags S/SA keep

Re: Help setting up a PF NAT gateway

That was from the output of pfctl -vf /etc/pf.conf so it expands the rules and adds all that is implied, like keep state for example. 2011/10/10 pavel pocheptsov : > match out on vic2 inet from 10.221.181.0/24 to any nat-to (vic2) round-robin > in what reason you paste "round-robin"? > also you ne

Re: Help setting up a PF NAT gateway

Yes forwarding is enabled. I have followed the Book of PF 2nd Edition so far. 2011/10/10 Mark (obsd) : > Hi Stefan, > > On Mon, Oct 10, 2011 at 10:38 AM, Stefan Midjich wrote: >> >> Simplest of things but I'm failing miserably. >> >> ... >> >> With tcpdump I can see packets going to vic3, but no

Re: smtpd and virtuals

Hi Gilles. If my previous is hostile ... sorry. Without the context of the makemap man page in src/usr.sbin/smtpd/ there's no correlation between your first and second mails which creates more confusion. With that man page, however, pennies start to drop ... I spent 4= hours glued to my screen re

Re: Help setting up a PF NAT gateway

Hi, see my sample, it is well explained. http://mouedine.net/ruleset49.aspx All the best, Wesley MOUEDINE ASSABY www.mouedine.net On Mon, 10 Oct 2011 17:38:26 +0200, Stefan Midjich wrote: > Simplest of things but I'm failing miserably. > > $ sudo cat /etc/hostname.vic2 # External NIC with st

Re: smtpd and virtuals

Hi. In manXX.tgz (since 4.8) and also on web-cgi, the smtpd.conf(5) man page references makemap(8) more than once ... ... with explicit instructions to use that man page as a guide when making db maps and/or understanding the format of plain maps. The web-cgi page obviously hyperlinks to the othe

Re: Help setting up a PF NAT gateway

Hi Stefan, On Mon, Oct 10, 2011 at 10:38 AM, Stefan Midjich wrote: > Simplest of things but I'm failing miserably. > > ... > > With tcpdump I can see packets going to vic3, but no further. > > Do you definitely have forwarding enabled? # sysctl net.inet.ip.forwarding net.inet.ip.forwarding=1 I

Re: Help setting up a PF NAT gateway

match out on vic2 inet from 10.221.181.0/24 to any nat-to (vic2) round-robin in what reason you paste "round-robin"? also you need pass in on $local_if from $localnet to any pass out on $ext_if from $localnet to any 10 P>P:QQP1QQ 2011, 19:42 P>Q Stefan Midjich : Simplest of things b

New project

Hi, A Call Center in the Netherlands starts a new project and likes to host it under OpenBSD / PostgreSQL. I am writing software for it, but could maybe get some help in setting up the infrastructure. If anybody is interested I would love to know this. Please contact me off-list and only if you

Re: Help setting up a PF NAT gateway

On 10 October 2011 12:38, Stefan Midjich wrote: > Simplest of things but I'm failing miserably. > > $ sudo cat /etc/hostname.vic2 # External NIC with static public IPv4 address > inet 50.50.50.59 255.255.255.0 50.50.50.255 > > $ sudo cat /etc/hostname.vic3 # Internal NIC used as gateway by two > m

Re: The OpenBSD user community needs to shake things up

On Sun, Oct 09, 2011 at 09:10:16PM +, Alexey E. Suslikov wrote: > Loganaden Velvindron gmail.com> writes: > > > > > If we don't shake things up, things will not change ! Running -current and > > testing diffs _helps_ OpenBSD development significantly. > > The problem, IMO, how process is or

Help setting up a PF NAT gateway

Simplest of things but I'm failing miserably. $ sudo cat /etc/hostname.vic2 # External NIC with static public IPv4 address inet 50.50.50.59 255.255.255.0 50.50.50.255 $ sudo cat /etc/hostname.vic3 # Internal NIC used as gateway by two machines on same network inet 10.221.181.10 255.255.255.0 10.2

Re: spamd.black & pfctl

Op Mon, 10 Oct 2011 12:12:23 +0200 schreef "pavel pocheptsov" : hello misc. I have spamd before mail server. and it's work nice with liberal setting like this: spamd_flags="-v -l 127.0.0.1 -G 10:4:864 -h mail.server" pf.conf: [...] block in log quick on { $ext_if_a, $ext_if_b } from { , ,

Re: The OpenBSD user community needs to shake things up

* Loganaden Velvindron [111009 12:45]: Fellow OpenBSD users, I've noticed a disturbing trend: Very few users are testing patches that developers/contributors are posting. You raised some good points. Thanks for the reminder to help out the devs. :-) -- W. Steven Schneider

Re: 4.9 build problems

DESTDIR was the reason of mess. "unset DESTDIR" solved the problem 2011/10/10 Stuart Henderson : > You polluted your source directory by building without 'make obj'. > Simplest is to wipe it, make a fresh checkout, and this time follow > section 5.3.5 from http://www.openbsd.org/faq/faq5.html > >

Re: 4.9 build problems

You polluted your source directory by building without 'make obj'. Simplest is to wipe it, make a fresh checkout, and this time follow section 5.3.5 from http://www.openbsd.org/faq/faq5.html On 2011-10-10, ??? wrote: > server is 4.9/amd64 > source is CVS/4.9 > > > cd /usr/src > make bui

Re: smtpd and virtuals

On Mon, Oct 10, 2011 at 12:11:28PM +0200, Gilles Chehade wrote: > > [...] > I forgot to mention that this also allows you to very easily disable a virtual domain by simply commenting / uncommenting the domain key Gilles -- Gilles Chehade http://www.poolp.org/http://u.

spamd.black & pfctl

hello misc. I have spamd before mail server. and it's work nice with liberal setting like this: spamd_flags="-v -l 127.0.0.1 -G 10:4:864 -h mail.server" pf.conf: table persist table file "/etc/mail/spamd.bypass" table file "/etc/mail/spamd.black" match in on $ext_if_a inet proto tcp from { ,

Re: smtpd and virtuals

On Sat, Oct 08, 2011 at 02:40:04PM +0300, Henri Kemppainen wrote: > > [...] > > There's something odd about virtuals; though the code I'm running is no > longer current (5.0-BETA, to be precise). Here's what makemap.8 says: > Virtual domains are kept in maps. To create single virtual address

Re: 4.9 build problems

On Mon, Oct 10, 2011 at 8:39 AM, PP;QQ P(P8P?P8QP8P= wrote: > server is 4.9/amd64 > source is CVS/4.9 > > > cd /usr/src > make build > > is it ok that system cannot build itself from source ? No. But it's also not okay to not read the documentation on the subject. -- chs,