Re: files are going missing
Michael Hekeler writes:
Am 11.03.24 19:04 schrieb beecdadd...@danwin1210.de:
I'm not stupid, of course I know about -o
Am 11.03.24 18:37 schrieb beecdadd...@danwin1210.de:
...why still ask redundant question?
isn't this a rather strange way of communicating for someone who
is
looking for help ;-) ??
Indeed. :-) Having spent a lot of time over the years trying to
help people with tech stuff, i'm going to soapbox for a bit:
Part of the issue can be that, at the point someone is asking for
help on a public forum, they might well have spent quite some time
working on the problem, and so are quite frustrated. However, they
might not be aware that it's very common for people to spend
little time trying to solve the problem on their own (e.g. by
*gasp* reading the man pages or other documentation) before
resorting to public forums, which many of us can find frustrating
ourselves (particularly those of us who spend quite a bit of time
working on documentation).
On top of all this, many people asking for help don't understand
that those who are trying to help are often trying to methodically
rule out certain possible causes of the problem, and to reduce the
number of 'moving parts' that need to be taken into consideration.
OP (and others), please note the above, and also take time to read
e.g. https://idownvotedbecau.se/, which lists a number of common
issues with how people ask for tech help. Help us help you. And be
sure to check your configs for typos (e.g. via the `-n` flag on
programs like smtpd(8)):
< nutbar> [root@linux!/usr/src/bind] grep "{" named.conf.newer |
wc -l
< nutbar> 19314
< nutbar> [root@linux!/usr/src/bind] grep "}" named.conf.newer |
wc -l
< nutbar> 19313
-- http://bash.org/?7748
:-)
Alexis.
Re: How to use randon outgoing network aliases?
Le 3/12/24 à 15:40, Stuart Henderson a écrit : On 2024-03-12, Joel Carnat wrote: Hi, I have a server with a single NIC but several IPs configured: # cat /etc/hostname.vio0 inet 192.0.2.10 255.255.255.0 inet alias 192.0.2.11 255.255.255.0 inet alias 192.0.2.12 255.255.255.0 The default gateway is set to 192.0.2.1 in /etc/mygate. I would like outgoing network traffic to randomely appear coming from any of those IPs. Can be done with PF nat-to: either one rule with an address pool, or multiple rules with probabilities (e.g. for three: 33%, 50%, plus one with no probability to catch the rest). Thank you both. I have it working.
Re: Can't disable touchpad while typing with wsconsctl
Try
$ man wsmouse
if you want to know whether the 'disable' option is what you are looking
for.
On 3/12/24 12:45, Anthony wrote:
> Hi,
>
> I am trying to disable the touchpad when typing with the keyboard, but I
> can't find the documentation about the variables in /etc/wsconsctl.conf.
> I'm using a ThinkPad T480 with OpenBSD 7.4, the touchpad works well out
> of the box.
>
> /etc/examples/wsconsctl.conf contains a couple of variables with a
> comment, but not all.
> I 've searched also in wscons(4)[1], wsconsctl(8)[2],
> wsconsctl.conf(5)[3] and FAQ 7[4].
> In the /sys/dev/wscons/wsconsio.h source file, I found the following,
> but I think it's to globally disable the touchpad and not only when
> typing.
>
>
> enum wsmousecfg {
> [...]
> WSMOUSECFG_DISABLE, /* disable all output except for
> clicks in the top-button area */
>
>
> Below, the information related to my device & configuration.
>
> $ doas wsconsctl | grep 'mouse.'
> mouse.type=synaptics
> mouse.rawmode=0
> mouse.scale=1266,5676,1162,4690,0,45,54
> mouse.reverse_scrolling=0
> mouse.tp.tapping=1,3,2
> mouse.tp.scaling=0.200
> mouse.tp.swapsides=0
> mouse.tp.disable=0
> mouse.tp.edges=0.0,5.0,10.0,5.0
> mouse1.type=ps2
> mouse1.reverse_scrolling=0
>
>
> $ dmesg | grep -i 'synaptic'
> pms0: Synaptics clickpad, firmware 8.16, 0x1e2b1 0x940300 0x33cc40 0xf016a3
> 0x12e800
> ugen2 at uhub0 port 9 "Synaptics product 0x009a" rev 2.00/1.64 addr 6
>
>
> Thanks in advance for your time
>
> Anthony
>
>
> [1]: https://man.openbsd.org/wscons.4
> [2]: https://man.openbsd.org/wsconsctl.8
> [3]: https://man.openbsd.org/wsconsctl.conf
> [4]: https://www.openbsd.org/faq/faq7.html
>
Re: mailman on OpenBSD - linking problem
On Tue, Mar 12, 2024 at 8:52 PM Michael Hekeler wrote:
> But please keep in mind that you have disabled chroot and this is not
> recommended.
> Maybe you want to consider to copy the needed files inside the chroot?
> Or perhaps deploy mailman with something like gunicorn or uwsgi?
>
>
Hi Michael,
Thanks a lot for the suggestions and tips.
It's a basic mailing list for few gaming discussions really,
so escaping from chroot was not really that scary, at least in that case.
OpenBSD, even unchrooted, is rock solid! No? :)
After your suggestions, the latest httpd.conf is as follows;
location "/" {
block return 302 "/listinfo"
}
location "/icons/*" {
root "/usr/local/lib/mailman/icons/"
request strip 1
}
location "/pipermail/*" {
root "/var/spool/mailman/archives/public"
request strip 1
}
location "/*" {
fastcgi socket "/var/www/run/slowcgi.sock"
root "/usr/local/lib/mailman/cgi-bin"
}
my httpd.conf is much cleaner and simpler now, thanks to you guys all,
it seems everything is all set now.
Anything else I should pay attention to?
Best,
Mark.
Re: files are going missing
Am 11.03.24 19:04 schrieb beecdadd...@danwin1210.de: > I'm not stupid, of course I know about -o Am 11.03.24 18:37 schrieb beecdadd...@danwin1210.de: > ...why still ask redundant question? isn't this a rather strange way of communicating for someone who is looking for help ;-) ??
Re: mailman on OpenBSD - linking problem
> What does "request strip 1" actually do in that case?
>From the manpage:
Strip strips path components from the beginning of the request path
before looking up the stripped-down path at the document root.
So in your case:
location "/admin/*" {
fastcgi socket "/var/www/run/slowcgi.sock"
root "/usr/local/lib/mailman/cgi-bin/admin"
request strip 1
}
if request is "admin/" then "admin" is stripped and "/" is sent to
document_root.
> The cgi files are in /usr/local/lib/mailman/cgi-bin/
> chroot setting in httpd.conf: chroot "/"
> Slowcgi starts with: slowcgi_flags="-p /" and it's socket path is:
> /var/www/run/slowcgi.sock
>
> Slowcgi and httpd works fine. However two things I'd like to know;
>
> As I asked, what does "request strip 1" do and if I really need that?
>
> Secondly; how to combine two locations into one? So that;
> "/admin" and "/admin/" would get captured both.
So you expect the location to be triggered if the request is "admin"
but you configured the location to listen on "admin/"?
See the difference?
Next:
There is another misconfiguration in your http.conf: You use root
directive with a filename? Why? Manpage says: The directory is a
pathname within the chroot(2) root directory of httpd.
If you set root to a filename then you have to create multiple locations
for every request:
location "/admin"--> root "/usr/local/lib/mailman/cgi-bin/admin"
location "/list" --> root "/usr/local/lib/mailman/cgi-bin/list"
location "/foo" --> root "/usr/local/lib/mailman/cgi-bin/foo"
...
this could be quite tedious thats why I would suggest:
location "/*" --> root "/usr/local/lib/mailman/cgi-bin"
If you want mailman act on something like http://localhost/mailman/admin
then you can do:
location "/mailman/*" {
fastcgi
root "/usr/local/lib/mailman/cgi-bin"
request strip 1
}
But please keep in mind that you have disabled chroot and this is not
recommended.
Maybe you want to consider to copy the needed files inside the chroot?
Or perhaps deploy mailman with something like gunicorn or uwsgi?
Re: files are going missing
>I have a problem where files recently downloaded go missing ... > I tried searching internet, nothing of answer came in view Well, since we are at the fun section of @misc (explanation: there is a message where user claim keyboard types by itself, mouse is moving by itself, one user has missing ssh output, and maybe more like this) I can tell you about someone I know complaining that some friends disappeared from the Facebook list. After some time of grief and doubt, the culprit was found: $WIFE.
Re: No internet even wifi is active
Greetings, You may want to provide your dmesg output as well, but I suspect your WiFi device might need firmware (assuming it's supported), so it's recommended you connect via Ethernet somehow, run "fw_update" as root, and then try again. -Claudio On Tue, Mar 12, 2024 at 12:32 PM Hari wrote: > > There is no internet connection with mobile hotspot even though ifconfig > shows that eifi is active. There is in destination or gateway in netstate > -rn. I suspect sonething is wrong with dhcp but I can't think of any > solution. Please look into this issue. > Thanks
No internet even wifi is active
There is no internet connection with mobile hotspot even though ifconfig shows that eifi is active. There is in destination or gateway in netstate -rn. I suspect sonething is wrong with dhcp but I can't think of any solution. Please look into this issue. Thanks
Re: When IPSec destination 0.0.0.0/0, I cannot ping directly connected Interfaces
On 12.3.2024. 17:11, Samuel Jayden wrote:
> Dear Misc,
>
> I have an OpenBSD device with two interfaces: vport10 with an IP address of
> 192.168.83.1/24 and vport20 with an IP address of 192.168.85.1/24. I have
> configured IPSec to route all traffic from these two vport interfaces to
> another point through an IPSec tunnel using the destination network
> 0.0.0.0/0.
>
> Due to IPSec operating before kernel routing, I cannot even ping the
> directly connected interfaces' IP addresses.
>
> I've attempted to implement route-based PF rules to solve the issue, but
> unfortunately, the problem persists.
> I'm looking for a solution that allows for the local traffic between these
> two interfaces to bypass the IPSec tunnel, ensuring they can communicate
> with each other while keeping the IPSec destination network as 0.0.0.0/0.
>
> Here's my IPSec configuration:
>
> ike active esp tunnel from { 192.168.83.0/24 192.168.85.0/24 } to {
> 0.0.0.0/0 } \
> peer A.B.C.D \
> main auth hmac-md5 enc 3des group modp1024 lifetime 86400 \
> quick auth hmac-md5 enc 3des group none lifetime 43200 \
> psk "verysecret"
>
> Thanks in advance.
>
Hi,
put in ipsec.conf
flow from 192.168.83.0/24 to 192.168.83.0/24 type bypass
flow from 192.168.83.0/24 to 192.168.85.0/24 type bypass
flow from 192.168.85.0/24 to 192.168.85.0/24 type bypass
flow from 192.168.85.0/24 to 192.168.83.0/24 type bypass
and if you have carp than put this also
flow from 192.168.83.0/24 to 224.0.0.18/32 type bypass
flow from 192.168.85.0/24 to 224.0.0.18/32 type bypass
or something like that . .
When IPSec destination 0.0.0.0/0, I cannot ping directly connected Interfaces
Dear Misc,
I have an OpenBSD device with two interfaces: vport10 with an IP address of
192.168.83.1/24 and vport20 with an IP address of 192.168.85.1/24. I have
configured IPSec to route all traffic from these two vport interfaces to
another point through an IPSec tunnel using the destination network
0.0.0.0/0.
Due to IPSec operating before kernel routing, I cannot even ping the
directly connected interfaces' IP addresses.
I've attempted to implement route-based PF rules to solve the issue, but
unfortunately, the problem persists.
I'm looking for a solution that allows for the local traffic between these
two interfaces to bypass the IPSec tunnel, ensuring they can communicate
with each other while keeping the IPSec destination network as 0.0.0.0/0.
Here's my IPSec configuration:
ike active esp tunnel from { 192.168.83.0/24 192.168.85.0/24 } to {
0.0.0.0/0 } \
peer A.B.C.D \
main auth hmac-md5 enc 3des group modp1024 lifetime 86400 \
quick auth hmac-md5 enc 3des group none lifetime 43200 \
psk "verysecret"
Thanks in advance.
Re: How to use randon outgoing network aliases?
On 2024-03-12, Joel Carnat wrote: > Hi, > > I have a server with a single NIC but several IPs configured: > # cat /etc/hostname.vio0 > inet 192.0.2.10 255.255.255.0 > inet alias 192.0.2.11 255.255.255.0 > inet alias 192.0.2.12 255.255.255.0 > > The default gateway is set to 192.0.2.1 in /etc/mygate. > > I would like outgoing network traffic to randomely appear coming from > any of those IPs. Can be done with PF nat-to: either one rule with an address pool, or multiple rules with probabilities (e.g. for three: 33%, 50%, plus one with no probability to catch the rest).
Re: How to use randon outgoing network aliases?
On Tue, Mar 12, 2024 at 10:03 AM Joel Carnat wrote: > > Hi, > > I have a server with a single NIC but several IPs configured: > # cat /etc/hostname.vio0 > inet 192.0.2.10 255.255.255.0 > inet alias 192.0.2.11 255.255.255.0 > inet alias 192.0.2.12 255.255.255.0 > > The default gateway is set to 192.0.2.1 in /etc/mygate. > > I would like outgoing network traffic to randomely appear coming from > any of those IPs. > > I've read faq/pf/pools.html, pf.conf and route manpage but I don't get > which directive would be the right one to use. > > Can this be achieved with pf and/or route? > Or do I have to look at setting up routing domains attached to the > interface aliases and have several daemon instances run in those domains? > > Thanks, > Joel C. > with some strange build up and some nat-to , but setting the source ip in the server ( where you do send () ) would be the most straightforward ( like ping -b ) -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
How to use randon outgoing network aliases?
Hi, I have a server with a single NIC but several IPs configured: # cat /etc/hostname.vio0 inet 192.0.2.10 255.255.255.0 inet alias 192.0.2.11 255.255.255.0 inet alias 192.0.2.12 255.255.255.0 The default gateway is set to 192.0.2.1 in /etc/mygate. I would like outgoing network traffic to randomely appear coming from any of those IPs. I've read faq/pf/pools.html, pf.conf and route manpage but I don't get which directive would be the right one to use. Can this be achieved with pf and/or route? Or do I have to look at setting up routing domains attached to the interface aliases and have several daemon instances run in those domains? Thanks, Joel C.
Can't disable touchpad while typing with wsconsctl
Hi,
I am trying to disable the touchpad when typing with the keyboard, but I
can't find the documentation about the variables in /etc/wsconsctl.conf.
I'm using a ThinkPad T480 with OpenBSD 7.4, the touchpad works well out
of the box.
/etc/examples/wsconsctl.conf contains a couple of variables with a
comment, but not all.
I 've searched also in wscons(4)[1], wsconsctl(8)[2],
wsconsctl.conf(5)[3] and FAQ 7[4].
In the /sys/dev/wscons/wsconsio.h source file, I found the following,
but I think it's to globally disable the touchpad and not only when
typing.
enum wsmousecfg {
[...]
WSMOUSECFG_DISABLE, /* disable all output except for
clicks in the top-button area */
Below, the information related to my device & configuration.
$ doas wsconsctl | grep 'mouse.'
mouse.type=synaptics
mouse.rawmode=0
mouse.scale=1266,5676,1162,4690,0,45,54
mouse.reverse_scrolling=0
mouse.tp.tapping=1,3,2
mouse.tp.scaling=0.200
mouse.tp.swapsides=0
mouse.tp.disable=0
mouse.tp.edges=0.0,5.0,10.0,5.0
mouse1.type=ps2
mouse1.reverse_scrolling=0
$ dmesg | grep -i 'synaptic'
pms0: Synaptics clickpad, firmware 8.16, 0x1e2b1 0x940300 0x33cc40 0xf016a3
0x12e800
ugen2 at uhub0 port 9 "Synaptics product 0x009a" rev 2.00/1.64 addr 6
Thanks in advance for your time
Anthony
[1]: https://man.openbsd.org/wscons.4
[2]: https://man.openbsd.org/wsconsctl.8
[3]: https://man.openbsd.org/wsconsctl.conf
[4]: https://www.openbsd.org/faq/faq7.html
Re: files are going missing
Files don't randomly disappear. Downloaders can set the date of downloaded files to the time the server reports. OpenBSD then deletes them because they are old. Don't use /tmp for long term storage. It's temporary. The clue is in the name. Matthew ps. as a general rule if something has been around for 50 years, is used by millions daily, runs a sizeable chunk of the internet, and it appears to be broken, you're probably holding it wrong.
Re: mailman on OpenBSD - linking problem
On Mon, 11 Mar 2024 21:16:05 +0300
Mark wrote:
> On Mon, Mar 11, 2024 at 11:16 AM Michael Hekeler
> wrote:
>
> > I don't know this mailman script but...
> > Why did you strip first component from the request?
> > Are these cgi's in /usr/local/lib/mailman/cgi-bin/admin or in
> > /var/www/usr/local/lib/mailman/cgi-bin/admin?
> > What is your chroot setting in httpd.conf?
> > And IF you changed httpd chroot how do you start slowcgi(8)?
> > What/where is socket? Where is path?
> >
> >
> Hi Michael,
>
> What does "request strip 1" actually do in that case?
> The cgi files are in /usr/local/lib/mailman/cgi-bin/
> chroot setting in httpd.conf: chroot "/"
> Slowcgi starts with: slowcgi_flags="-p /" and it's socket path is:
> /var/www/run/slowcgi.sock
>
> Slowcgi and httpd works fine. However two things I'd like to know;
>
> As I asked, what does "request strip 1" do and if I really need that?
>
> Secondly; how to combine two locations into one? So that;
> "/admin" and "/admin/" would get captured both.
you would have 2 locations like this
location match "/admin" {
request rewrite "/admin/"
}
location "/admin/" {
...
}
you should be able to generalize the 1st match to add a / to every
request not having a / at the end when it is not pointing to a file
(*.html/png/...) with something like this (note I've not tested this,
so use at own risk :) )
location match "([^.]+)[^/]$" {
request rewrite "%1/"
}
