Re: Dual boot OpenBSD with DragonFly BSD
This will be yet another non-answer to your question, I am fully aware, but maybe it will be applicable to your situation. I always found dual booting with OpenBSD a little bit cumbersome compared to other OSes. Whenever I want to "dual boot" my OpenBSD client computers I install the second OS to its own usb drive with its own mbr, leaving the internal drive untouched. When I want to boot the secondary OS I just interrupt the normal boot process with whatever F-key and choose to boot from the stick. Has served me well for many years, and makes it very easy to try out different secondary OSes, as long as I consider OpenBSD my main. Regards, Henrik -Original message- > From: Dr. Martin Ivanov [mailto:martin.iva...@greenpocket.de] > Sent: den 7 oktober 2018 16:23 > To: misc@openbsd.org > Subject: Dual boot OpenBSD with DragonFly BSD > > Hello, I am a Linux (Slackware) fan who is keen to try the BSD flavour as > well. I am planning to buy a new laptop, on which to install OpenBSD and > DragonFly BSD in a dual boot set up. I know this is a challenging task, so I > will proceed step by step. > > > My first question is, which operating system has to be installed first, > DragonFly of OpenBSD? Assuming that it is DragonFly, I am planning to: > > > 1. Load DragonFly using a USB boot disk and login as root > > 2. Slice the hard drive in two GPT slices using gpt (e.g., das0 and > das1) > > 3. Create a, b, and d disklabel partitions on the Dragonfly slice > (das0) > > 4. Install DragonFly on das0 > > 5. Create a, b, d, e, and probably some more disklabel partitions on > the OpenBSD slice (das1) > > 6. Install OpenBSD on das1 > > Please correct me on any of the above steps. I will be happy to read your > suggestions. I would be very thankful if you provide the corresponding > commands in your answers. > Thank you very much in advance!
Re: ***SPAM*** Re: nmap on routed ip4 networks, openbsd/pf or package/port issue?
On 08-01 15:08, Henrik Engmark wrote: >> So I set up a new 6.3 with the sole purpose of nmapping, since my older >> OpenBSDs is coremapping on me with nmap. >>[] >> On to the problem, I scan my local LAN with the following: >> nmap -Pn -A -v -v --send-eth -e em0 -stylesheet somestylesheet -oA >>/tmp/nmapout 192.168.1.0/24 This works fine, every time i try. Takes about >>an hour. However, when I try it on a remote routed net like so: >> nmap -Pn -A -v -v --send-eth -e em1 -stylesheet somestylesheet -oA >>/tmp/nmapout 10.20.30.192/26 >> >> nmap stops doing anything after a minute or so, it goes to 0% cpu and stays >> there. I waited at least 24 hours without any sign of life. >> top tells me nmap is WAIT/bpf after those first couple of minutes. I am not >> sure what that means exactly, but I figured maybe something with pf, so I >> disabled pf alltogether and tried again, with the same result. > >I am curious what you learn as I have seen similar behavior. I've been >nmapping a printer on my local network, trying different things, and nmap >freezes for me after a short or long time. > >Strangely though, it seems to ~ "unfreeze" if I start another nmap instance, >probing the same address, in a separate terminal window. >Sometimes I have to kill and restart that other instance as it freezes too, >but this workaround has allowed me to continue at least. > >I am on 6.3 stable with latest syspatch. > Indeed starting several nmap sessions against the same subnet seems to make things a lot better. They somehow seem to keep eachother alive. This might just be me who is too inexperienced with tweaking nmap, but I don't run in to this issue on other platforms. Does anyone know where best to pursue this problem? The ports list, the maintainer directly or not at all perhaps?
nmap on routed ip4 networks, openbsd/pf or package/port issue?
Hi. I very rarely post on these lists, so please go easy on me. Not sure on what list to post, since I don't know what causes the issue, so I thought I would start here and maybe get directed elsewhere. So I set up a new 6.3 with the sole purpose of nmapping, since my older OpenBSDs is coremapping on me with nmap. A very clean setup; 2 interfaces: em0: 192.168.1.200/24 em1: 10.10.10.200/26 mygate: 192.168.1.1 route: 10/8 -> 10.10.10.193 resolv.conf: 8.8.8.8 pf.conf: set skip on lo block return pass sysctl is default out of the box except for machdep.allowaperture=2 nmap is from 6.3 packages: nmap-7.60p0 Can ping and communicate everywhere essential, so network on both ifs seems fine. On to the problem, I scan my local LAN with the following: nmap -Pn -A -v -v --send-eth -e em0 -stylesheet somestylesheet -oA /tmp/nmapout 192.168.1.0/24 This works fine, every time i try. Takes about an hour. However, when I try it on a remote routed net like so: nmap -Pn -A -v -v --send-eth -e em1 -stylesheet somestylesheet -oA /tmp/nmapout 10.20.30.192/26 nmap stops doing anything after a minute or so, it goes to 0% cpu and stays there. I waited at least 24 hours without any sign of life. top tells me nmap is WAIT/bpf after those first couple of minutes. I am not sure what that means exactly, but I figured maybe something with pf, so I disabled pf alltogether and tried again, with the same result. For some reason, I also tried it again against 10.20.30.193-254, but no luck. Still stops after a minute or two and just does nothing. Worth mentioning is it starts off fine, giving me loads of information about open ports and completed SYN stealth scans against hosts. I am well aware that this might not be perfectly suited for misc, but I recall having several issues in the past with the combination OpenBSD/pf/nmap, so I thought I would give it a shot here first. "Hardware" under this OpenBSD is VMWare Workstation Pro 14.1 on Windows 10, where the 2 vm-nics are bridged to 2 VLAN configured virtual Intel (I219-LM) NICs on my Windows host. I don't think that is what's causing the issue I am having, but thought I should mention it. "dmesg" output is at the bottom. Best Regards, Henrik Engmark My food poops of your food ### dmesg ### OpenBSD 6.3 (GENERIC.MP) #107: Sat Mar 24 14:21:59 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 17162960896 (16367MB) avail mem = 16635740160 (15865MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe0010 (248 entries) bios0: vendor Phoenix Technologies LTD version "6.00" date 05/19/2017 bios0: VMware, Inc. VMware Virtual Platform acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP BOOT APIC MCFG SRAT HPET WAET acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3) S8F0(S3) S16F(S3) S17F(S3) S18F(S3) S22F(S3) S23F(S3) S24F(S3) S25F(S3) PE40(S3) S1F0(S3) PE50(S3) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-6770HQ CPU @ 2.60GHz, 2592.13 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,ARAT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache acpitimer0: recalibrated TSC frequency 2591813105 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 65MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i7-6770HQ CPU @ 2.60GHz, 2591.88 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,ARAT,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i7-6770HQ CPU @ 2.60GHz, 2591.94 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,ARAT,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-6770HQ CPU @ 2.60GHz, 2591.88 MHz cpu3: F
IPSEC gateway serving rogue laptops
I have been trying to set up a vpn concentrator using isakmpd and ipsec, where clients are laptops on the run, and my vpn concentrator is on a static IP. To start with, I want to use a setup as simple as possible, and use only psk for authentication. No certificates or anything like that. I am having trouble finding information on the subject, both on forums and list archives. I know this is kind of a spoon feeding request, but is anyone aware of a good source of information, how-to or guide regarding this? IPSEC has a kind of steep learning curve, and I am by no means an expert. When we set up LAN-LAN IPSEC tunnels with static publics, everything is as simple as can be. Not so much so when I try to serve rogue clients with identical configs, it appears. I am aware of the flaws in such a crude setup, but I dont need pointers about that. Any information or links would be highly appreciated.
Re: Asus EEEPC 900
Ok, thanks. Has to be a BIOS thing then, because 4.8 dont recognize any NICs at all, internal or USB. I kind of expected the WLAN to be unusable, as it was on the 700. Any ideas as to what BIOS settings to fiddle with? On Mon, 28 Nov 2011 08:47:42 +0100, Christian StCrmer deterministi...@googlemail.com wrote: On Fri, Nov 25, 2011 at 11:50 AM, Henrik Engmark h...@tti.se wrote: I was wondering if anyone out there is using the eee pc 900 to run OpenBSD. If anyone is using a successful combination of eee pc 900 and OpenBSD, please let me know. I use OpenBSD on my Eee PC 900, but I've had stability problems using 4.9 with the internal SSD and the Atheros AR5424 was unusable. I don't know if that changed with 5.0. lii and axe work fine. --- OpenBSD 5.0 (GENERIC) #43: Wed Aug 17 10:10:52 MDT 2011 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Celeron(R) M processor 900MHz (GenuineIntel 686-class) 901 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF real mem = 2138107904 (2039MB) avail mem = 2093076480 (1996MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 03/03/09, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.5 @ 0xf06f0 (37 entries) bios0: vendor American Megatrends Inc. version 1006 date 03/03/2009 bios0: ASUSTeK Computer INC. 900 acpi0 at bios0: rev 0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC OEMB MCFG acpi0: wakeup devices P0P3(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) MC97(S4) USB1(S3) USB2(S3) USB3(S3) USB4(S3) EUSB(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 100MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 5 (P0P3) acpiprt2 at acpi0: bus 3 (P0P5) acpiprt3 at acpi0: bus 1 (P0P6) acpiec0 at acpi0 acpicpu0 at acpi0: C3, C2 acpitz0 at acpi0: critical temperature is 90 degC acpibat0 at acpi0: BAT0 model 900 serial type LION oem ASUS acpiac0 at acpi0: AC unit online acpiasus0 at acpi0 acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibtn2 at acpi0: PWRB acpivideo0 at acpi0: VGA_ bios0: ROM list: 0xc/0xf800! pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82915GM Host rev 0x04 vga1 at pci0 dev 2 function 0 Intel 82915GM Video rev 0x04 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0xd000, size 0x1000 inteldrm0 at vga1: apic 1 int 16 drm0 at inteldrm0 Intel 82915GM Video rev 0x04 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 Intel 82801FB HD Audio rev 0x04: msi azalia0: codecs: Realtek ALC662 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x04: apic 1 int 16 pci1 at ppb0 bus 4 ppb1 at pci0 dev 28 function 1 Intel 82801FB PCIE rev 0x04: apic 1 int 17 pci2 at ppb1 bus 3 lii0 at pci2 dev 0 function 0 Attansic Technology L2 rev 0xa0: apic 1 int 17, address 00:22:15:0f:f8:a6 atphy0 at lii0 phy 1: F2 10/100 PHY, rev. 2 ppb2 at pci0 dev 28 function 2 Intel 82801FB PCIE rev 0x04: apic 1 int 18 pci3 at ppb2 bus 1 ath0 at pci3 dev 0 function 0 Atheros AR5424 rev 0x01: apic 1 int 18 ath0: AR5424 14.2 phy 7.0 rf 0.0, WOR0W, address 00:15:af:b5:93:a1 uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x04: apic 1 int 23 uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x04: apic 1 int 19 uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x04: apic 1 int 18 uhci3 at pci0 dev 29 function 3 Intel 82801FB USB rev 0x04: apic 1 int 16 ehci0 at pci0 dev 29 function 7 Intel 82801FB USB rev 0x04: apic 1 int 23 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb3 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xd4 pci4 at ppb3 bus 5 ichpcib0 at pci0 dev 31 function 0 Intel 82801FBM LPC rev 0x04: PM disabled pciide0 at pci0 dev 31 function 2 Intel 82801FBM SATA rev 0x04: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 1 drive 0: ASUS-PHISON OB SSD wd0: 1-sector PIO, LBA, 3847MB, 7880544 sectors wd1 at pciide0 channel 1 drive 1: Patriot Memory 32GB PATA Storage Drive wd1: 1-sector PIO, LBA, 30783MB, 63045360 sectors wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 4 wd1(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 4 ichiic0 at pci0 dev 31 function 3 Intel 82801FB SMBus rev 0x04: apic 1 int 19 iic0 at ichiic0 spdmem0 at iic0 addr 0x50: 2GB DDR2 SDRAM non-parity PC2-5300CL5 SO-DIMM usb1 at uhci0: USB revision 1.0 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr
Asus EEEPC 900
I was wondering if anyone out there is using the eee pc 900 to run OpenBSD. I used an early 700 for many years as a firewall without problems, but that one died on me. Now when I try and replace it with my 900, with the same version OpenBSD (4.8), the installation does not find any network adapters at all. I also tried a usb nic which worked flawlessly on the 700, but with no success on the 900. When I attach the usb nic, it says something along the lines of usb not initialized. If anyone is using a successful combination of eee pc 900 and OpenBSD, please let me know. Could this be a BIOS settings issue? I can boot from usb cdrom without issues. -- Henrik Engmark Systems Engineer TechTrade International AB Office: 08-754 09 90 P.O. Box 6044 SE-192 06 Sollentuna, Sweden
Re: Bilgilendirme...
ZORUNLU. GEREKL] EVRAKLAR; Src Belgesi Gerkli Evraklar: 3 Resim, Kimlik fotokopisi, Ehliyet fotokopisi Psikoteknik Belgesi Gerkli Evraklar: 3 Resim, Kimlik fotokopisi, Ehliyet fotokopisi Not:Evraklar}n}z} haz}rlad}ktan sonra l|tfen bizimle irtibata geginiz. Konu Hakk}nda Detayl} Bilgi'yi ve Randevunuzu M|~teri Dan}~man}m}z Lokman' Bey'den Alabilirsiniz. ]LET]^]M : 12 SAAT ULA^AB]LECEP]N]Z ]LG]L] TELEFONLAR. GSM : 0532.603.00.50 0545.313.76.20 i...@srcpsikoteknikmerkezi.com lok...@srcpsikoteknikmerkezi.com www.srcpsikoteknikmerkezi.com Listeden g}kmak igin a~ap}daki baplant}ya t}klay}n, http://mailtracker.tk/stuz/ -- Henrik Engmark Systems Engineer TechTrade International AB Office: 08-754 09 90 P.O. Box 6044 SE-192 06 Sollentuna, Sweden
Re: ......-....
quite quiet, yes. On Thu, 31 Mar 2011 14:19:40 +, Anton Parol wrote: ..wow its quite here these days __ [http://www.orcsoftware.com/global/signature.jpg]http://www.orcsoftware.com/ Anton Parol Customer Services * Orc Software 23 Camomile Street 3rd Floor * EC3A 7LL London * United Kingdom Phone: +44 20 7942 0999 * Mobile: +44 7876032151 * Fax: +44 207 942 09 41 E-mail: anton.pa...@orcsoftware.com Read the latest news from Orc Softwarehttp://www.orcsoftware.com This e-mail is confidential and may contain legally privileged information. It is intended only for the addressees. If you have received this e-mail in error, kindly notify us immediately by telephone or e-mail and delete the message from your system. [demime 1.01d removed an attachment of type image/jpeg which had a name of image001.jpg] -- Henrik Engmark Systems Engineer TechTrade International AB Office: 08-754 09 90 P.O. Box 6044 SE-192 06 Sollentuna, Sweden
Re: OpenBSD 4.9 pre-orders
I am kind of uncertain about Canadian clothes sizes. I am 187 centimetres tall, and I weigh in at about 100 kilos. In other words, quite the fat bloke. What size hoodie would you recommend, X, XX or XXX? On Tue, 15 Mar 2011 15:10:02 -0600, Theo de Raadt wrote: I've turned on OpenBSD 4.9 pre-orders. Support us by buying something please. These sales are a part of keeping the project going. As for clothing... there's going to be a black hoodie this time.
Re: restore wants a new tape but none exists!
This is quite the entertaining thread. Wish it was monday morning. On Thu, 10 Mar 2011 16:53:07 +1030, Brett Lymn wrote: On Wed, Mar 09, 2011 at 11:13:33PM -0700, Theo de Raadt wrote: If you feel so strongly about it that you feel it to forward private correspondence, then please leave our mailing lists. Only following your lead. I am sure others will feel the same; those of you who do, feel free to explain the concept to him. Ah the invitation for the brands and pitchforks. How nice to rally the troops to do your dirty work and muddy the thread with random flagellation attempts. I still think you are a loser. If you have endured a real bug for a long time, and not filed a bug report to have it fixed.. and then feel it is your right to scold people who attempt to explain the bug, then quite frankly, then YOU TOTALLY SUCK. Certainly not unusual on this list for people to scold people for real bugs, perhaps I am guilty of this now too.. Show us the code for this one, I would like to understand it. Certainly, ever since I have been a system admin the recommended way of running dump was in single user mode if you could to ensure a consistent backup. Maybe I have misunderstood what Pass III and Pass IV of the dump messages mean. -- Henrik Engmark Systems Engineer TechTrade International AB Office: 08-754 09 90 P.O. Box 6044 SE-192 06 Sollentuna, Sweden
Nmap and pf
Is there a way, good or bad, to relax pf enough to let nmap do its OS detection? I am on 4.8.
Re: Nmap and pf
That is correct. I noticed every try to do an OS detection with nmap failed for incredibly strange reasons reported by nmap, like no route to host even though the target was on the same subnet. Nmap can't even ping on OpenBSD. At least not since 4.7. And so I went on to really read the CAUTION message. I very much need the pf enabled as I nat with it, so disabling it is not an option. I will try your suggestion Joachim and get back. On Mon, 7 Mar 2011 11:42:26 +0100, Joachim Schipper wrote: On Mon, Mar 07, 2011 at 11:34:50AM +0100, Daniel Gracia wrote: El 07/03/2011 10:54, Henrik Engmark escribiC3: Is there a way, good or bad, to relax pf enough to let nmap do its OS detection? I am on 4.8. Way too vague question; you should at least describe the scenario. I'm pretty certain he's just read /usr/ports/net/nmap/pkg/MESSAGE: --- CAUTION!!! Using nmap with `-O' flag under OpenBSD machine with pf enabled might hang nmap. It's caused by properly working pf which will filter out all weird ip header flags sent by nmap. --- But yes, if my earlier message isn't sufficient some clarification would be welcome. Joachim
Re: Nmap and pf
I tried that, with no success. Also compiled 5.51 from source with the same result. I get this: sendto in send_ip_packet_sd: sendto(4, packet, 60, 0, ya.da.ya.da, 16) = No route to host Offending packet: TCP ya.da.ya.da:59268 ya.da.ya.da:80 ttl=55 id=27672 iplen=60 seq=3496514045 win=128 wscale 10,nop,mss 265,timestamp 4294967295 0,sackOK I went on to clean up like nobodys business, ie # pfctl -s rules pass all no state pass all user = 0 no state (i know) Still doesn't work. Just to be sure I tried disabling pf, and ofcourse that does the trick. But as I said, thats not an option for me. Any more suggestions? Is pf configurable on a lower level outside the ruleset? Is there a way, good or bad, to relax pf enough to let nmap do its OS detection? I am on 4.8. You can always disable pf (pfctl -d). I'd also expect any sensible configuration without scrub or (implicit) keep state to work, but I didn't check that. E.g. you could try set skip on lo0 pass block in on ! lo0 proto tcp to port 6000:6010 pass user root no state pass icmp no state Joachim
Re: Nmap and pf
Worked like a charm. I get a bunch of adjust_timeouts2: packet supposedly had rtt of -301586 microseconds. Ignoring time. adjust_timeouts2: packet supposedly had rtt of -301586 microseconds. Ignoring time. which I don't get with pf disabled, otherwise just peachy. Thank you everyone for giving me a bit of your time. It's appreciated. On Mon, 7 Mar 2011 13:51:25 +0100, Pascal Stumpf wrote: On Mon, Mar 07, 2011 at 10:54:09AM +0100, Henrik Engmark wrote: Is there a way, good or bad, to relax pf enough to let nmap do its OS detection? I am on 4.8. Try --send-eth.