from:"Leonardo Santagostini"

Issue using X on Hyper-V

2019-11-01 Thread Leonardo Santagostini

Hello @misc people.

Im having an issue when using 66 as guest for hyper-v.

Screen cant get 1366x768 size.

Anyone can give a suggestion? clue?

Thanks in advance, Leonardo

obsdVirtual# dmesg
OpenBSD 6.6 (GENERIC.MP) #372: Sat Oct 12 10:56:27 MDT 2019
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4278124544 (4079MB)
avail mem = 4135747584 (3944MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf93d0 (338 entries)
bios0: vendor American Megatrends Inc. version "090008" date 12/07/2018
bios0: Microsoft Corporation Virtual Machine
acpi0 at bios0: ACPI 2.0
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP WAET SLIC OEM0 SRAT APIC OEMB
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihve0 at acpi0
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins, remapped
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-8265U CPU @ 1.60GHz, 1244.16 MHz, 06-8e-0c
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 151MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5-8265U CPU @ 1.60GHz, 1367.28 MHz, 06-8e-0c
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i5-8265U CPU @ 1.60GHz, 1367.28 MHz, 06-8e-0c
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i5-8265U CPU @ 1.60GHz, 1367.28 MHz, 06-8e-0c
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C1(@1 halt!)
acpicpu1 at acpi0: C1(@1 halt!)
acpicpu2 at acpi0: C1(@1 halt!)
acpicpu3 at acpi0: C1(@1 halt!)
acpipci0 at acpi0 PCI0: _OSC failed
acpicmos0 at acpi0
"VMBus" at acpi0 not configured
"Hyper_V_Gen_Counter_V1" at acpi0 not configured
cpu0: using VERW MDS workaround
pvbus0 at mainbus0: Hyper-V 10.0
hyperv0 at pvbus0: protocol 4.0, features 0x2e7f
hyperv0: heartbeat, kvp, shutdown, timesync
hvs0 at hyperv0 channel 2: ide, protocol 6.2
scsibus1 at hvs0: 2 targets
sd0 at scsibus1 targ 0 lun 0: 
naa.600224808d2752f4ce69d28116d815eb
sd0: 16384MB, 512 bytes/sector, 33554432 sectors, thin
hvn0 at hyperv0 channel 13: NVS 5.0 NDIS 6.30, address 00:15:5d:a3:3d:19
hvs1 at hyperv0 channel 14: scsi, protocol 6.2
scsibus2 at hvs1: 2 targets
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82443BX" rev 0x03
pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x01
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel
0 wired to compatibility, channel 1 wired to compatibility
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus3 at atapiscsi0: 2 targets
cd0 at scsibus3 targ 0 lun 0:  removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x02: SMBus
disabled
vga1 at pci0 dev 8 function 0 "Microsoft VGA" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
isa0 at pcib0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0

X problem on Intel HD Graphics 2000

2019-10-27 Thread Leonardo Santagostini

amage tracking initialized
[  1900.097] (II) modeset(0): Setting screen physical size to 361 x 203
[  1900.458] (II) config/wscons: checking input device /dev/wskbd
[  1900.458] (II) wskbd: using layout latam
[  1900.458] (II) LoadModule: "kbd"
[  1900.459] (II) Loading /usr/X11R6/lib/modules/input/kbd_drv.so
[  1900.482] (II) Module kbd: vendor="X.Org Foundation"
[  1900.482]compiled for 1.20.5, module version = 1.9.0
[  1900.482]Module class: X.Org XInput Driver
[  1900.482]ABI class: X.Org XInput driver, version 24.1
[  1900.482] (II) Using input driver 'kbd' for '/dev/wskbd'
[  1900.482] (**) /dev/wskbd: always reports core events
[  1900.482] (**) /dev/wskbd: always reports core events
[  1900.482] (**) Option "Protocol" "standard"
[  1900.482] (**) Option "XkbRules" "base"
[  1900.482] (**) Option "XkbModel" "pc105"
[  1900.482] (**) Option "XkbLayout" "latam"
[  1900.482] (II) XINPUT: Adding extended input device "/dev/wskbd"
(type: KEYBOARD, id 6)
[  1901.123] (II) config/wscons: checking input device /dev/wsmouse0
[  1901.123] (II) LoadModule: "ws"
[  1901.124] (II) Loading /usr/X11R6/lib/modules/input/ws_drv.so
[  1901.125] (II) Module ws: vendor="X.Org Foundation"
[  1901.125]compiled for 1.20.5, module version = 1.3.0
[  1901.125]Module class: X.Org XInput Driver
[  1901.125]ABI class: X.Org XInput driver, version 24.1
[  1901.126] (II) Using input driver 'ws' for '/dev/wsmouse0'
[  1901.126] (**) /dev/wsmouse0: always reports core events
[  1901.126] (II) ws: /dev/wsmouse0: debuglevel 0
[  1901.126] (**) Option "Device" "/dev/wsmouse0"
[  1901.126] (**) ws: /dev/wsmouse0: ZAxisMapping: buttons 4 and 5
[  1901.126] (**) ws: /dev/wsmouse0: WAxisMapping: buttons 6 and 7
[  1901.126] (**) ws: /dev/wsmouse0: associated screen: 0
[  1901.633] (II) ws: /dev/wsmouse0: minimum x position: 0
[  1901.633] (II) ws: /dev/wsmouse0: maximum x position: 1365
[  1901.633] (II) ws: /dev/wsmouse0: minimum y position: 0
[  1901.633] (II) ws: /dev/wsmouse0: maximum y position: 767
[  1901.633] (==) ws: /dev/wsmouse0: Buttons: 7
[  1901.698] (**) ws: /dev/wsmouse0: YAxisMapping: buttons 4 and 5
[  1901.698] (II) XINPUT: Adding extended input device "/dev/wsmouse0"
(type: MOUSE, id 7)
[  1902.215] (**) /dev/wsmouse0: (accel) keeping acceleration scheme 1
[  1902.215] (**) /dev/wsmouse0: (accel) acceleration profile 0
[  1902.215] (**) /dev/wsmouse0: (accel) acceleration factor: 2.000
[  1902.215] (**) /dev/wsmouse0: (accel) acceleration threshold: 4
[  1902.216] (II) config/wscons: checking input device /dev/wsmouse
[  1902.216] (II) Using input driver 'ws' for '/dev/wsmouse'
[  1902.216] (**) /dev/wsmouse: always reports core events
[  1902.216] (II) ws: /dev/wsmouse: debuglevel 0
[  1902.216] (**) Option "Device" "/dev/wsmouse"
[  1902.216] (**) ws: /dev/wsmouse: ZAxisMapping: buttons 4 and 5
[  1902.216] (**) ws: /dev/wsmouse: WAxisMapping: buttons 6 and 7
[  1902.216] (**) ws: /dev/wsmouse: associated screen: 0
[  1902.216] (EE) PreInit returned 2 for "/dev/wsmouse"
[  1902.216] (II) UnloadModule: "ws"

pcidump
pcidump
Domain /dev/pci0:
 0:0:0: Intel Core 2G Host
 0:2:0: Intel HD Graphics 2000
 0:20:0: Intel 7 Series xHCI
 0:22:0: Intel 7 Series MEI
 0:26:0: Intel 7 Series USB
 0:27:0: Intel 7 Series HD Audio
 0:28:0: Intel 7 Series PCIE
 0:28:1: Intel 7 Series PCIE
 0:29:0: Intel 7 Series USB
 0:31:0: Intel HM76 LPC
 0:31:2: Intel 7 Series AHCI
 0:31:3: Intel 7 Series SMBus
 1:0:0: Attansic Technology AR8162
 2:0:0: Atheros AR9485

xenodm.log
xenodm info (pid 66816): Starting
xenodm info (pid 66816): Starting X server on :0

X.Org X Server 1.20.5
X Protocol Version 11, Revision 0
Build Operating System: OpenBSD 6.6 amd64
Current Operating System: OpenBSD ntbLeo.my.domain 6.6 GENERIC.MP#372 amd64
Build Date: 12 October 2019  11:22:22AM

Current version of pixman: 0.38.4
Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/var/log/Xorg.0.log", Time: Sun Oct 27 11:05:05 2019
(==) Using system config directory "/usr/X11R6/share/X11/xorg.conf.d"
(II) modeset(0): Initializing kms color map for depth 24, 8 bpc.
xenodm info (pid 18115): sourcing /etc/X11/xenodm/Xsetup_0

No extra config / no kernel manipulation.

Just started xenodm using rcctl and the result is a black screen

Anyone that can give me a clue will be really appreciated.

Regards!
-- 
Saludos.-
Leonardo Santagostini

Re: DigitalOcean and OpenBSD

2016-08-25 Thread Leonardo Santagostini

My two cents: Ramnode.

Im using it since 5.6 withou anu issues.

Regards
El ago 25, 2016 9:34 a.m., "Gilles Chehade"  escribiÃ³:

> On Thu, Aug 25, 2016 at 12:22:21PM +0300, li...@wrant.com wrote:
> > Wed, 24 Aug 2016 18:59:46 -0300 "R0me0 ***" 
> > [...]
> > > Thank you everyone that gime directions really appreciated ( all those
> in
> > > pvt as well )
> > >
> > > Cheers guys !
> >
> > Thu, 25 Aug 2016 11:07:17 +0800 Tinker 
> > [...]
> > > Guys, www.kimsufi.com is the best combination of inexpensive and
> > > reliable, for dedicated servers.
> >
> > Hi R0me0,
> >
> > Indeed, recommending even more self managed affordable SSD servers:
> >
> > OVH: SoYouStart, FR (EUR)
> > [https://www.soyoustart.com/ie/essential-servers/]
> >
> > OVH: SoYouStart, CA (USD)
> > [https://www.soyoustart.com/us/essential-servers/]
> >
> > NB: Not affiliate, years of OpenBSD in KVM on SSD servers reliably.
> >
>
> As a former customer, I would recommand against them.
>
> There are other alternatives with better hardware, services and policies
> within the same price ranges. online.net to name one, hetzner.de to name
> another one.
>
> I'm only commenting because your mail didn't mention competitors and I'd
> hate the idea that people went there by default, but I'm off this thread
> now ;-)
>
> --
> Gilles Chehade
>
> https://www.poolp.org  @poolpOrg

Re: Question about NTP server

2016-07-01 Thread Leonardo Santagostini

Just to say thank you all for your responses.

I will tell you the final set of NTP servers =)

Yours, Leonardo

Saludos.-
Leonardo Santagostini

<http://ar.linkedin.com/in/santagostini>




2016-06-30 18:08 GMT-03:00 ZÃ© Loff <zel...@zeloff.org>:

> > On 30/06/2016, at 20:30, Martin SchrÃ¶der <mar...@oneiros.de> wrote:
> >
> > 2016-06-30 21:24 GMT+02:00 Leonardo Santagostini <
> lsantagost...@gmail.com>:
> >> 1) Is there some calculus for making those ntp boxes efficient in terms
> of
> >> not overstate (sorry, but english is not my mothers tongue) or right
> size
> >> the hardware.
> >
> > A Rasberry Pi would suffice (but it's not supported by OpenBSD).
> > Any old server you have lying around will be more than enough.
>
> Not too old, though. I've had problems with clocks in aging hardware (e.g.
> a
> Pentium II machine about 5 years ago) starting to drift so bad that not
> even
> NTP could keep them in sync. That being said, prices drop fast enough so
> that
> you can find fairly recent machines at very low prices.
>
> >
> >> 2) Im wondering also to set up this boxes virtualized using KVM. I know
> >> that using RTC its a really pain in the ass, but maybe you can give me
> some
> >> advice for this config.
> >
> > Don't virtualize your ntp servers.
> >
> > Best
> >   Martin

Question about NTP server

2016-06-30 Thread Leonardo Santagostini

Hi @misc, i am about to mount 4 ntp servers.

Main goal is to serve approximately 300 servers and 300 hundreds
workstations

Servers are located at one datacenter and office in other place. I have a
couple of doubts for asking to you.

1) Is there some calculus for making those ntp boxes efficient in terms of
not overstate (sorry, but english is not my mothers tongue) or right size
the hardware.
2) Im wondering also to set up this boxes virtualized using KVM. I know
that using RTC its a really pain in the ass, but maybe you can give me some
advice for this config.

Thank you all,

Best regards/Saludos.-
Leonardo Santagostini

<http://ar.linkedin.com/in/santagostini>

Re: Question about logo

2016-03-03 Thread Leonardo Santagostini

Thank you all, for answer me.

OpenBSD its amazing, thankyou for your work. Happy user since 5.1 =)

Yours Leonardo

Saludos.-
Leonardo Santagostini

<http://ar.linkedin.com/in/santagostini>




2016-03-03 16:09 GMT-03:00 Theo de Raadt <dera...@cvs.openbsd.org>:

> > There are people selling shirts on Zazzle, CafePress, etc. which have the
> > OpenBSD logo - easy to find via google.  I'm assuming those people are
> not
> > authorized by OpenBSD nor do they pass on profits, alas.
>
> That is correct.
>
> There are layers of cheaters and enablers out there.  Like playing
> whack-a-mole.
>
> I haven't put much effort into fighting it because it isn't fun.

Question about logo

2016-03-02 Thread Leonardo Santagostini

Hello @misc,

Just wondering and bothering you, if i can use for my twitter account and
mi personal blog, a puffy image.

Kind regards

Saludos.-
Leonardo Santagostini

<http://ar.linkedin.com/in/santagostini>

Just want to say thanks to all OpenBSD developers

2015-10-29 Thread Leonardo Santagostini

Hello @all, today i have upgraded from 5.7 to 5.8 on a VPS with a WordPress
for my personal site.

Following the guide at http://www.openbsd.org/faq/upgrade58.html everything
went fine.

Wow i was surprised because documentation was 100% accurated and the
process was staightforward 

At work we use linux, and the upgrade process its a pain in the ass. So
guys, you rock and OpenBSD for me its a breath of fresh air.

Thanks thanks thanks.

Kind regards, one happy user !

PS: Sorry for my english but is not my mothers tongue.

Saludos.-
Leonardo Santagostini

<http://ar.linkedin.com/in/santagostini>

Re: 5.8 Snap from Sep 24

2015-09-27 Thread Leonardo Santagostini

  
0x00c0:    
0x00d0:    
0x00e0:    
0x00f0:   08040f87 
 0:31:3: Intel 7 Series SMBus
0x: Vendor ID: 8086 Product ID: 1e22
0x0004: Command: 0003 Status: 0280
0x0008: Class: 0c Subclass: 05 Interface: 00 Revision: 04
0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 00
0x0010: BAR mem 64bit addr: 0xe0615000/0x0100
0x0018: BAR empty ()
0x001c: BAR empty ()
0x0020: BAR io addr: 0x3040/0x0020
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 17aa Product ID: 3977
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 03 Line: 0a Min Gnt: 00 Max Lat: 00
0x: 1e228086 0283 0c050004 
0x0010: e0615004   
0x0020: 3041   397717aa
0x0030:    030a
0x0040: 0001   
0x0050:    
0x0060: 00040403 0808  
0x0070:    
0x0080: 0004   
0x0090:    
0x00a0:    
0x00b0:    
0x00c0:    
0x00d0:    
0x00e0:    
0x00f0:   08040f87 
 1:0:0: Attansic Technology AR8162
0x: Vendor ID: 1969 Product ID: 1090
0x0004: Command: 0007 Status: 0010
0x0008: Class: 02 Subclass: 00 Interface: 00 Revision: 10
0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 10
0x0010: BAR mem 64bit addr: 0xe050/0x0004
0x0018: BAR io addr: 0x2000/0x0080
0x001c: BAR empty ()
0x0020: BAR empty ()
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 17aa Product ID: 3979
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 01 Line: 0b Min Gnt: 00 Max Lat: 00
0x0040: Capability 0x01: Power Management
0x0058: Capability 0x10: PCI Express
   Link Speed: 2.5 / 2.5 GT/s Link Width: x1 / x1
0x00c0: Capability 0x05: Message Signaled Interrupts (MSI)
0x00d8: Capability 0x11: Extended Message Signaled Interrupts (MSI-X)
0x: 10901969 0017 0210 0010
0x0010: e054  2001 
0x0020:    397917aa
0x0030:  0040  010b
0x0040: f9c35801 0008  
0x0050:   0001c010 0590ffc5
0x0060: 00112000 0007fc11 10110143 0003
0x0070:    
0x0080:  10901969  
0x0090:    
0x00a0:    
0x00b0:    
0x00c0: 0188d805   
0x00d0:   000f0011 2000
0x00e0: 3000   
0x00f0:    
 2:0:0: Atheros AR9485
0x: Vendor ID: 168c Product ID: 0032
0x0004: Command: 0007 Status: 0010
0x0008: Class: 02 Subclass: 80 Interface: 00 Revision: 01
0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 10
0x0010: BAR mem 64bit addr: 0xe040/0x0008
0x0018: BAR empty ()
0x001c: BAR empty ()
0x0020: BAR empty ()
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 17aa Product ID: 3218
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 01 Line: 0a Min Gnt: 00 Max Lat: 00
0x0040: Capability 0x01: Power Management
0x0050: Capability 0x05: Message Signaled Interrupts (MSI)
0x0070: Capability 0x10: PCI Express
   Link Speed: 2.5 / 2.5 GT/s Link Width: x1 / x1
0x: 0032168c 0017 0281 0010
0x0010: e044   
0x0020:    321817aa
0x0030:  0040  010a
0x0040: ffc25001 0000 0000 0000
0x0050: 01847005   
0x0060:   0000 0000
0x0070: 00020010 05908dc0 00102010 00036c11
0x0080: 10110042   
0x0090:  0010  0002
0x00a0:    
0x00b0:    
0x00c0:    
0x00d0:    
0x00e0:   0000 0000
0x00f0: 0000   

I started to read http://www.openbsd.org/faq/faq4.html#Multibooting for
dual booting between windows and openbsd =)

So, in short, backup, make some install disks/sticks and on the route again
with openbsd.

Thanks for all, regards



Saludos.-
Leonardo Santagostini

<http://ar.linkedin.com/in/santagostini>




2015-09-26 21:43 GMT-03:00 Leonardo Santagostini <lsantagost...@gmail.com>:

> Hi @misc, just tested on my hardware this snap, and im very excited to get
> X working again.
>
> As soon as i can get the logs out from my pen drive (test install on
> pendrive) i will submit then.
>
> Thanks for your effort. Just wondering how to get dual booten with Win10 =)
>
> Regards/Saludos.-
>
> Leonardo Santagostini
>
> <http://ar.linkedin.com/in/santagostini>

5.8 Snap from Sep 24

2015-09-26 Thread Leonardo Santagostini

Hi @misc, just tested on my hardware this snap, and im very excited to get
X working again.

As soon as i can get the logs out from my pen drive (test install on
pendrive) i will submit then.

Thanks for your effort. Just wondering how to get dual booten with Win10 =)

Regards/Saludos.-

Leonardo Santagostini

<http://ar.linkedin.com/in/santagostini>

About HD Graphics

2015-01-13 Thread Leonardo Santagostini

 rev 2.00/0.00 addr 2
ugen0 at uhub2 port 3 Atheros Communications Bluetooth USB Host
Controller rev 1.10/0.01 addr 3
ugen1 at uhub2 port 4 Generic USB2.0-CRW rev 2.00/39.60 addr 4
uhub3 at uhub1 port 1 Intel Rate Matching Hub rev 2.00/0.00 addr 2
uhidev0 at uhub3 port 3 configuration 1 interface 0 Primax Electronics USB
Optical Mouse rev 2.00/2.00 addr 3
uhidev0: iclass 3/1
ums0 at uhidev0: 3 buttons, Z dir
wsmouse1 at ums0 mux 0
run0 at uhub3 port 4 Linksys Linksys WUSB600N Wireless-N USB Network
Adapter with Dual-Band ver. 2 rev 2.00/1.01 addr 4
run0: MAC/BBP RT3572 (rev 0x0223), RF RT3052 (MIMO 2T2R), address
98:fc:11:e0:59:0a
uvideo0 at uhub3 port 6 configuration 1 interface 0 Vimicro Corp. Lenovo
EasyCamera rev 2.00/39.55 addr 5
video0 at uvideo0
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd0a (e6bde91fd35dc49f.a) swap on sd0b dump on sd0b
ugen0 detached
ugen1 detached
uhub2 detached
uhub0 detached
wsmouse1 detached
ums0 detached
uhidev0 detached
run0 detached
video0 detached
uvideo0 detached
uhub3 detached
uhub1 detached
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1
uhub2 at uhub0 port 1 Intel Rate Matching Hub rev 2.00/0.00 addr 2
ugen0 at uhub2 port 3 Atheros Communications Bluetooth USB Host
Controller rev 1.10/0.01 addr 3
ugen1 at uhub2 port 4 Generic USB2.0-CRW rev 2.00/39.60 addr 4
uhub3 at uhub1 port 1 Intel Rate Matching Hub rev 2.00/0.00 addr 2
uhidev0 at uhub3 port 3 configuration 1 interface 0 Primax Electronics USB
Optical Mouse rev 2.00/2.00 addr 3
uhidev0: iclass 3/1
ums0 at uhidev0: 3 buttons, Z dir
wsmouse1 at ums0 mux 0
run0 at uhub3 port 4 Linksys Linksys WUSB600N Wireless-N USB Network
Adapter with Dual-Band ver. 2 rev 2.00/1.01 addr 4
run0: MAC/BBP RT3572 (rev 0x0223), RF RT3052 (MIMO 2T2R), address
98:fc:11:e0:59:0a
uvideo0 at uhub3 port 6 configuration 1 interface 0 Vimicro Corp. Lenovo
EasyCamera rev 2.00/39.55 addr 5
video0 at uvideo0
umass0 at uhub2 port 2 configuration 1 interface 0 Kingston DataTraveler
2.0 rev 2.00/1.00 addr 5
umass0: using SCSI over Bulk-Only
scsibus4 at umass0: 2 targets, initiator 0
sd1 at scsibus4 targ 1 lun 0: Kingston, DataTraveler 2.0, 1.00 SCSI2
0/direct removable serial.09306544CE51D95769B7
sd1: 7396MB, 512 bytes/sector, 15148608 sectors

Thank you very much

Regards

Saludos.-
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini

Re: OpenBSD 5.6 - amd64 on Lenovo G480

2014-12-15 Thread Leonardo Santagostini

Yup, il install 5.5 again and will wait to 5.7 maybe will work in 5.7

Regards and thanks!


Saludos.-
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini




2014-12-15 2:10 GMT-03:00 bodie bodz...@openbsd.cz:

 On 15.12.2014 04:46, Leonardo Santagostini wrote:

 Hello bodie,

 Tried snapshot with same results.



 Mmm I have similar crap at home. Lenovo G580 model 20150. I would be
 surprised if anything behind Windows and Linux (with a lot of complications
 as I found) will be running properly here. One of those - hey we propagate
 this inside, but in fact there's this inside secretely hidden :-)


 --- dmesg ---
 Dec 14 20:14:41 notleo syslogd: start
 Dec 14 20:14:41 notleo /bsd: OpenBSD 5.6-current (RAMDISK_CD) #631: Sun
 Dec
 14 10:45:08 MST 2014
 Dec 14 20:14:41 notleo /bsd: dera...@amd64.openbsd.org:
 /usr/src/sys/arch/amd64/compile/RAMDISK_CD
 Dec 14 20:14:41 notleo /bsd: RTC BIOS diagnostic error 80clock_battery
 Dec 14 20:14:41 notleo /bsd: real mem = 4138713088 (3946MB)
 Dec 14 20:14:41 notleo /bsd: avail mem = 4026851328 (3840MB)
 Dec 14 20:14:41 notleo /bsd: mainbus0 at root
 Dec 14 20:14:41 notleo /bsd: bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe6fd0
 (59 entries)
 Dec 14 20:14:41 notleo /bsd: bios0: vendor LENOVO version
 5ECN95WW(V9.00)
 date 12/19/2012
 Dec 14 20:14:41 notleo /bsd: bios0: LENOVO 20150
 Dec 14 20:14:41 notleo /bsd: acpi0 at bios0: rev 2
 Dec 14 20:14:41 notleo /bsd: acpi0: sleep states S0 S3 S4 S5
 Dec 14 20:14:41 notleo /bsd: acpi0: tables DSDT FACP SLIC UEFI ASF! HPET
 APIC MCFG SSDT BOOT ASPT DBGP FPDT MSDM SSDT SSDT
 Dec 14 20:14:41 notleo /bsd: acpimadt0 at acpi0 addr 0xfee0: PC-AT
 compat
 Dec 14 20:14:41 notleo /bsd: cpu0 at mainbus0: apid 0 (boot processor)
 Dec 14 20:14:41 notleo /bsd: cpu0: Intel(R) Pentium(R) CPU B980 @ 2.40GHz,
 2394.92 MHz
 Dec 14 20:14:41 notleo /bsd: cpu0:

 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,
 CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,
 PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,
 xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,XSAVE,
 NXE,LONG,LAHF,PERF,ITSC
 Dec 14 20:14:41 notleo /bsd: cpu0: 256KB 64b/line 8-way L2 cache
 Dec 14 20:14:41 notleo /bsd: cpu0: apic clock running at 99MHz
 Dec 14 20:14:41 notleo /bsd: cpu at mainbus0: not configured
 Dec 14 20:14:41 notleo /bsd: ioapic0 at mainbus0: apid 0 pa 0xfec0,
 version 20, 24 pins
 Dec 14 20:14:41 notleo /bsd: acpiprt0 at acpi0: bus 0 (PCI0)
 Dec 14 20:14:41 notleo /bsd: acpiprt1 at acpi0: bus -1 (P0P1)
 Dec 14 20:14:41 notleo /bsd: acpiprt2 at acpi0: bus 1 (RP01)
 Dec 14 20:14:41 notleo /bsd: acpiprt3 at acpi0: bus 2 (RP02)
 Dec 14 20:14:41 notleo /bsd: acpiprt4 at acpi0: bus -1 (RP03)
 Dec 14 20:14:41 notleo /bsd: acpiprt5 at acpi0: bus -1 (RP04)
 Dec 14 20:14:41 notleo /bsd: acpiprt6 at acpi0: bus -1 (RP05)
 Dec 14 20:14:41 notleo /bsd: acpiprt7 at acpi0: bus -1 (RP06)
 Dec 14 20:14:41 notleo /bsd: acpiprt8 at acpi0: bus -1 (RP07)
 Dec 14 20:14:41 notleo /bsd: acpiprt9 at acpi0: bus -1 (RP08)
 Dec 14 20:14:41 notleo /bsd: acpiprt10 at acpi0: bus -1 (PEG0)
 Dec 14 20:14:42 notleo /bsd: acpiprt11 at acpi0: bus -1 (PEG1)
 Dec 14 20:14:43 notleo /bsd: acpiprt12 at acpi0: bus -1 (PEG2)
 Dec 14 20:14:43 notleo /bsd: acpiprt13 at acpi0: bus -1 (PEG3)
 Dec 14 20:14:43 notleo /bsd: pci0 at mainbus0 bus 0
 Dec 14 20:14:43 notleo /bsd: pchb0 at pci0 dev 0 function 0 Intel Core 2G
 Host rev 0x09
 Dec 14 20:14:43 notleo /bsd: vga1 at pci0 dev 2 function 0 Intel HD
 Graphics 2000 rev 0x09
 Dec 14 20:14:43 notleo /bsd: wsdisplay0 at vga1 mux 1: console (80x25,
 vt100 emulation)
 Dec 14 20:14:43 notleo /bsd: xhci0 at pci0 dev 20 function 0 Intel 7
 Series xHCI rev 0x04: msi
 Dec 14 20:14:43 notleo /bsd: usb0 at xhci0: USB revision 3.0
 Dec 14 20:14:43 notleo /bsd: uhub0 at usb0 Intel xHCI root hub rev
 3.00/1.00 addr 1
 Dec 14 20:14:43 notleo /bsd: Intel 7 Series MEI rev 0x04 at pci0 dev 22
 function 0 not configured
 Dec 14 20:14:43 notleo /bsd: ehci0 at pci0 dev 26 function 0 Intel 7
 Series USB rev 0x04: apic 0 int 16
 Dec 14 20:14:43 notleo /bsd: ehci0: timed out waiting for BIOS
 Dec 14 20:14:43 notleo /bsd: usb1 at ehci0: USB revision 2.0
 Dec 14 20:14:43 notleo /bsd: uhub1 at usb1 Intel EHCI root hub rev
 2.00/1.00 addr 1
 Dec 14 20:14:43 notleo /bsd: Intel 7 Series HD Audio rev 0x04 at pci0
 dev
 27 function 0 not configured
 Dec 14 20:14:43 notleo /bsd: ppb0 at pci0 dev 28 function 0 Intel 7
 Series
 PCIE rev 0xc4: msi
 Dec 14 20:14:43 notleo /bsd: pci1 at ppb0 bus 1
 Dec 14 20:14:43 notleo /bsd: Attansic Technology AR8162 rev 0x10 at pci1
 dev 0 function 0 not configured
 Dec 14 20:14:43 notleo /bsd: ppb1 at pci0 dev 28 function 1 Intel 7
 Series
 PCIE rev 0xc4: msi
 Dec 14 20:14:44 notleo /bsd: pci2 at ppb1 bus 2
 Dec 14 20:14:44 notleo /bsd: Atheros AR9485 rev 0x01 at pci2 dev 0
 function 0 not configured
 Dec 14 20:14:44 notleo /bsd: ehci1 at pci0 dev 29 function 0 Intel 7
 Series USB rev 0x04: apic 0 int 23
 Dec

Re: OpenBSD 5.6 - amd64 on Lenovo G480

2014-12-14 Thread Leonardo Santagostini

Hello bodie, ill try -current snapshot today at nigth and let you know the
results.

Thanks for the reply =)

Saludos.-
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini




2014-12-14 4:59 GMT-03:00 bodie bodz...@openbsd.cz:

 On 13.12.2014 15:47, Leonardo Santagostini wrote:

 Ok, thanks all for reply me.

 Situation Fresh New Install. 5.6 Release.

 OpenBsd Installed fine. Logged in as root - startx - blank screen.
 I have to press CTRL+ALT+F1 to get console(blank) close the lid - suspend
 the machine - open the lid - on console again.

 Done my homework


 Not yet. Did you try -current snapshot? ;-)


 --- DMESG ---

 OpenBSD 5.6 (RAMDISK_CD) #303: Fri Aug  8 00:25:26 MDT 2014
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
 RTC BIOS diagnostic error 80clock_battery
 real mem = 4138713088 (3946MB)
 avail mem = 4023148544 (3836MB)
 mainbus0 at root
 bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe6fd0 (59 entries)
 bios0: vendor LENOVO version 5ECN95WW(V9.00) date 12/19/2012
 bios0: LENOVO 20150
 acpi0 at bios0: rev 2
 acpi0: sleep states S0 S3 S4 S5
 acpi0: tables DSDT FACP SLIC UEFI ASF! HPET APIC MCFG SSDT BOOT ASPT DBGP
 FPDT MSDM SSDT SSDT
 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
 cpu0 at mainbus0: apid 0 (boot processor)
 cpu0: Intel(R) Pentium(R) CPU B980 @ 2.40GHz, 2203.97 MHz
 cpu0:

 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,
 CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,
 PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,
 xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,XSAVE,
 NXE,LONG,LAHF,PERF,ITSC
 cpu0: 256KB 64b/line 8-way L2 cache
 cpu0: apic clock running at 99MHz
 cpu at mainbus0: not configured
 ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins
 acpiprt0 at acpi0: bus 0 (PCI0)
 acpiprt1 at acpi0: bus -1 (P0P1)
 acpiprt2 at acpi0: bus 1 (RP01)
 acpiprt3 at acpi0: bus 2 (RP02)
 acpiprt4 at acpi0: bus -1 (RP03)
 acpiprt5 at acpi0: bus -1 (RP04)
 acpiprt6 at acpi0: bus -1 (RP05)
 acpiprt7 at acpi0: bus -1 (RP06)
 acpiprt8 at acpi0: bus -1 (RP07)
 acpiprt9 at acpi0: bus -1 (RP08)
 acpiprt10 at acpi0: bus -1 (PEG0)
 acpiprt11 at acpi0: bus -1 (PEG1)
 acpiprt12 at acpi0: bus -1 (PEG2)
 acpiprt13 at acpi0: bus -1 (PEG3)
 pci0 at mainbus0 bus 0
 pchb0 at pci0 dev 0 function 0 Intel Core 2G Host rev 0x09
 vga1 at pci0 dev 2 function 0 Intel HD Graphics 2000 rev 0x09
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 Intel 7 Series xHCI rev 0x04 at pci0 dev 20 function 0 not configured
 Intel 7 Series MEI rev 0x04 at pci0 dev 22 function 0 not configured
 ehci0 at pci0 dev 26 function 0 Intel 7 Series USB rev 0x04: apic 0 int
 16
 ehci0: timed out waiting for BIOS
 usb0 at ehci0: USB revision 2.0
 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
 Intel 7 Series HD Audio rev 0x04 at pci0 dev 27 function 0 not
 configured
 ppb0 at pci0 dev 28 function 0 Intel 7 Series PCIE rev 0xc4: msi
 pci1 at ppb0 bus 1
 Attansic Technology AR8162 rev 0x10 at pci1 dev 0 function 0 not
 configured
 ppb1 at pci0 dev 28 function 1 Intel 7 Series PCIE rev 0xc4: msi
 pci2 at ppb1 bus 2
 Atheros AR9485 rev 0x01 at pci2 dev 0 function 0 not configured
 ehci1 at pci0 dev 29 function 0 Intel 7 Series USB rev 0x04: apic 0 int
 23
 ehci1: timed out waiting for BIOS
 usb1 at ehci1: USB revision 2.0
 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1
 Intel HM76 LPC rev 0x04 at pci0 dev 31 function 0 not configured
 ahci0 at pci0 dev 31 function 2 Intel 7 Series AHCI rev 0x04: msi, AHCI
 1.3
 scsibus0 at ahci0: 32 targets
 sd0 at scsibus0 targ 0 lun 0: ATA, ST1000LM024 HN-M, 2AR1 SCSI3 0/direct
 fixed naa.50004cf20a2e7a39
 sd0: 953869MB, 512 bytes/sector, 1953525168 sectors
 cd0 at scsibus0 targ 2 lun 0: PLDS, DVD-RW DS8A8SH, KL31 ATAPI 5/cdrom
 removable
 Intel 7 Series SMBus rev 0x04 at pci0 dev 31 function 3 not configured
 isa0 at mainbus0
 pckbc0 at isa0 port 0x60/5
 pckbd0 at pckbc0 (kbd slot)
 pckbc0: using irq 1 for kbd slot
 wskbd0 at pckbd0: console keyboard, using wsdisplay0
 uhub2 at uhub0 port 1 vendor 0x8087 product 0x0024 rev 2.00/0.00 addr 2
 umass0 at uhub2 port 2 configuration 1 interface 0 Kingston DataTraveler
 2.0 rev 2.00/1.00 addr 3
 umass0: using SCSI over Bulk-Only
 scsibus1 at umass0: 2 targets, initiator 0
 sd1 at scsibus1 targ 1 lun 0: Kingston, DataTraveler 2.0, 1.00 SCSI2
 0/direct removable serial.09306544CE51C98D948F
 sd1: 7396MB, 512 bytes/sector, 15148608 sectors
 Atheros Communications Bluetooth USB Host Controller rev 1.10/0.01 addr
 4
 at uhub2 port 3 not configured
 Generic USB2.0-CRW rev 2.00/39.60 addr 5 at uhub2 port 4 not configured
 uhub3 at uhub1 port 1 vendor 0x8087 product 0x0024 rev 2.00/0.00 addr 2
 uhidev0 at uhub3 port 3 configuration 1 interface 0 vendor 0x0461 USB
 Optical Mouse rev 2.00/2.00 addr 3
 uhidev0: iclass 3/1
 uhid at uhidev0 not configured
 run0 at uhub3 port 4 Linksys Linksys WUSB600N Wireless-N USB Network
 Adapter with Dual-Band ver. 2 rev 2.00

Re: OpenBSD 5.6 - amd64 on Lenovo G480

2014-12-14 Thread Leonardo Santagostini

Hi Zoran thanks for the reposnse.

I dont have the option to lower or raise the memory asigned for video in my
BIOS.

I have a few options regarding working mode for hard disk, and setting
optimized for W8 and Other OS

But, on 5.5 i was able to work on the same notebook without issues.

Best regards !

Saludos.-
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini




2014-12-14 12:30 GMT-03:00 Zoran Kolic zko...@sbb.rs:

 If it is intel 2000, it should work, just as on my current
 right now.
 To have it on, I had to go to bios and lower how much memory
 I set for graphics. It might not be your case, but nothing
 stops you to try out.
 Best regards

  Zoran

Re: OpenBSD 5.6 - amd64 on Lenovo G480

2014-12-14 Thread Leonardo Santagostini

Hello bodie,

Tried snapshot with same results.

--- dmesg ---
Dec 14 20:14:41 notleo syslogd: start
Dec 14 20:14:41 notleo /bsd: OpenBSD 5.6-current (RAMDISK_CD) #631: Sun Dec
14 10:45:08 MST 2014
Dec 14 20:14:41 notleo /bsd: dera...@amd64.openbsd.org:
/usr/src/sys/arch/amd64/compile/RAMDISK_CD
Dec 14 20:14:41 notleo /bsd: RTC BIOS diagnostic error 80clock_battery
Dec 14 20:14:41 notleo /bsd: real mem = 4138713088 (3946MB)
Dec 14 20:14:41 notleo /bsd: avail mem = 4026851328 (3840MB)
Dec 14 20:14:41 notleo /bsd: mainbus0 at root
Dec 14 20:14:41 notleo /bsd: bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe6fd0
(59 entries)
Dec 14 20:14:41 notleo /bsd: bios0: vendor LENOVO version 5ECN95WW(V9.00)
date 12/19/2012
Dec 14 20:14:41 notleo /bsd: bios0: LENOVO 20150
Dec 14 20:14:41 notleo /bsd: acpi0 at bios0: rev 2
Dec 14 20:14:41 notleo /bsd: acpi0: sleep states S0 S3 S4 S5
Dec 14 20:14:41 notleo /bsd: acpi0: tables DSDT FACP SLIC UEFI ASF! HPET
APIC MCFG SSDT BOOT ASPT DBGP FPDT MSDM SSDT SSDT
Dec 14 20:14:41 notleo /bsd: acpimadt0 at acpi0 addr 0xfee0: PC-AT
compat
Dec 14 20:14:41 notleo /bsd: cpu0 at mainbus0: apid 0 (boot processor)
Dec 14 20:14:41 notleo /bsd: cpu0: Intel(R) Pentium(R) CPU B980 @ 2.40GHz,
2394.92 MHz
Dec 14 20:14:41 notleo /bsd: cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,XSAVE,NXE,LONG,LAHF,PERF,ITSC
Dec 14 20:14:41 notleo /bsd: cpu0: 256KB 64b/line 8-way L2 cache
Dec 14 20:14:41 notleo /bsd: cpu0: apic clock running at 99MHz
Dec 14 20:14:41 notleo /bsd: cpu at mainbus0: not configured
Dec 14 20:14:41 notleo /bsd: ioapic0 at mainbus0: apid 0 pa 0xfec0,
version 20, 24 pins
Dec 14 20:14:41 notleo /bsd: acpiprt0 at acpi0: bus 0 (PCI0)
Dec 14 20:14:41 notleo /bsd: acpiprt1 at acpi0: bus -1 (P0P1)
Dec 14 20:14:41 notleo /bsd: acpiprt2 at acpi0: bus 1 (RP01)
Dec 14 20:14:41 notleo /bsd: acpiprt3 at acpi0: bus 2 (RP02)
Dec 14 20:14:41 notleo /bsd: acpiprt4 at acpi0: bus -1 (RP03)
Dec 14 20:14:41 notleo /bsd: acpiprt5 at acpi0: bus -1 (RP04)
Dec 14 20:14:41 notleo /bsd: acpiprt6 at acpi0: bus -1 (RP05)
Dec 14 20:14:41 notleo /bsd: acpiprt7 at acpi0: bus -1 (RP06)
Dec 14 20:14:41 notleo /bsd: acpiprt8 at acpi0: bus -1 (RP07)
Dec 14 20:14:41 notleo /bsd: acpiprt9 at acpi0: bus -1 (RP08)
Dec 14 20:14:41 notleo /bsd: acpiprt10 at acpi0: bus -1 (PEG0)
Dec 14 20:14:42 notleo /bsd: acpiprt11 at acpi0: bus -1 (PEG1)
Dec 14 20:14:43 notleo /bsd: acpiprt12 at acpi0: bus -1 (PEG2)
Dec 14 20:14:43 notleo /bsd: acpiprt13 at acpi0: bus -1 (PEG3)
Dec 14 20:14:43 notleo /bsd: pci0 at mainbus0 bus 0
Dec 14 20:14:43 notleo /bsd: pchb0 at pci0 dev 0 function 0 Intel Core 2G
Host rev 0x09
Dec 14 20:14:43 notleo /bsd: vga1 at pci0 dev 2 function 0 Intel HD
Graphics 2000 rev 0x09
Dec 14 20:14:43 notleo /bsd: wsdisplay0 at vga1 mux 1: console (80x25,
vt100 emulation)
Dec 14 20:14:43 notleo /bsd: xhci0 at pci0 dev 20 function 0 Intel 7
Series xHCI rev 0x04: msi
Dec 14 20:14:43 notleo /bsd: usb0 at xhci0: USB revision 3.0
Dec 14 20:14:43 notleo /bsd: uhub0 at usb0 Intel xHCI root hub rev
3.00/1.00 addr 1
Dec 14 20:14:43 notleo /bsd: Intel 7 Series MEI rev 0x04 at pci0 dev 22
function 0 not configured
Dec 14 20:14:43 notleo /bsd: ehci0 at pci0 dev 26 function 0 Intel 7
Series USB rev 0x04: apic 0 int 16
Dec 14 20:14:43 notleo /bsd: ehci0: timed out waiting for BIOS
Dec 14 20:14:43 notleo /bsd: usb1 at ehci0: USB revision 2.0
Dec 14 20:14:43 notleo /bsd: uhub1 at usb1 Intel EHCI root hub rev
2.00/1.00 addr 1
Dec 14 20:14:43 notleo /bsd: Intel 7 Series HD Audio rev 0x04 at pci0 dev
27 function 0 not configured
Dec 14 20:14:43 notleo /bsd: ppb0 at pci0 dev 28 function 0 Intel 7 Series
PCIE rev 0xc4: msi
Dec 14 20:14:43 notleo /bsd: pci1 at ppb0 bus 1
Dec 14 20:14:43 notleo /bsd: Attansic Technology AR8162 rev 0x10 at pci1
dev 0 function 0 not configured
Dec 14 20:14:43 notleo /bsd: ppb1 at pci0 dev 28 function 1 Intel 7 Series
PCIE rev 0xc4: msi
Dec 14 20:14:44 notleo /bsd: pci2 at ppb1 bus 2
Dec 14 20:14:44 notleo /bsd: Atheros AR9485 rev 0x01 at pci2 dev 0
function 0 not configured
Dec 14 20:14:44 notleo /bsd: ehci1 at pci0 dev 29 function 0 Intel 7
Series USB rev 0x04: apic 0 int 23
Dec 14 20:14:44 notleo /bsd: ehci1: timed out waiting for BIOS
Dec 14 20:14:44 notleo /bsd: usb2 at ehci1: USB revision 2.0
Dec 14 20:14:44 notleo /bsd: uhub2 at usb2 Intel EHCI root hub rev
2.00/1.00 addr 1
Dec 14 20:14:44 notleo /bsd: Intel HM76 LPC rev 0x04 at pci0 dev 31
function 0 not configured
Dec 14 20:14:44 notleo /bsd: ahci0 at pci0 dev 31 function 2 Intel 7
Series AHCI rev 0x04: msi, AHCI 1.3
Dec 14 20:14:44 notleo /bsd: scsibus0 at ahci0: 32 targets
Dec 14 20:14:44 notleo /bsd: sd0 at scsibus0 targ 0 lun 0: ATA,
ST1000LM024 HN-M, 2AR1 SCSI3 0/direct fixed naa.50004cf20a2e7a39
Dec 14 20:14:44 notleo /bsd: sd0: 953869MB, 512 bytes/sector, 1953525168

Re: OpenBSD 5.6 - amd64 on Lenovo G480

2014-12-13 Thread Leonardo Santagostini

)
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 17aa Product ID: 3979
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 01 Line: 0b Min Gnt: 00 Max Lat: 00
0x0040: Capability 0x01: Power Management
0x0058: Capability 0x10: PCI Express
Link Speed: 2.5 / 2.5 GT/s Link Width: x1 / x1
0x00c0: Capability 0x05: Message Signaled Interrupts (MSI)
0x00d8: Capability 0x11: Extended Message Signaled Interrupts (MSI-X)
 2:0:0: Atheros AR9485
0x: Vendor ID: 168c Product ID: 0032
0x0004: Command: 0007 Status: 0010
0x0008: Class: 02 Subclass: 80 Interface: 00 Revision: 01
0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 10
0x0010: BAR mem 64bit addr: 0xe040/0x0008
0x0018: BAR empty ()
0x001c: BAR empty ()
0x0020: BAR empty ()
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 17aa Product ID: 3218
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 01 Line: 0a Min Gnt: 00 Max Lat: 00
0x0040: Capability 0x01: Power Management
0x0050: Capability 0x05: Message Signaled Interrupts (MSI)
0x0070: Capability 0x10: PCI Express
Link Speed: 2.5 / 2.5 GT/s Link Width: x1 / x1

After enabling machdep.allowaperture as xorg.0.log says, it still
haappening the same behaviour.

Regards,

Saludos.-
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini




2014-12-12 9:29 GMT-03:00 Ville Valkonen weezeld...@gmail.com:

 On 12 December 2014 at 03:50, Leonardo Santagostini
 lsantagost...@gmail.com wrote:
  Hello @misc,
 
  This mail is regarding about issues that im facing after doing a fresh
  install of 5.6 RELEASE and snapshot on my latptop
 
  The point is that after installing sucessfully i am trying to start X but
  screen goes black. The only way i have to go to console is pressing
  CTRL+ALT+F1 after lid close, suspend and resume.
 
  Just wanting to know what is the best way i can help you regarding this.
 
  i know sending:
 
  1) dmesg
  2) x.org.log
 
  Is ok, but i have no idea what else could help.
 
  So, please, just let me know what else is needed, so i can do my
 homework.
 
  (Also i tried snapshot from 12/08 but an libc version problem appears
 when
  x starts)
 
  Regards,
  Leonardo Santagostini
 
  http://ar.linkedin.com/in/santagostini

 Hello Leonardo,

 have you done fw_update -v ? Hard to say if it's needed since you
 didn't include the dmesg.

 --
 Regards,
 Ville Valkonen

OpenBSD 5.6 - amd64 on Lenovo G480

2014-12-11 Thread Leonardo Santagostini

Hello @misc,

This mail is regarding about issues that im facing after doing a fresh
install of 5.6 RELEASE and snapshot on my latptop

The point is that after installing sucessfully i am trying to start X but
screen goes black. The only way i have to go to console is pressing
CTRL+ALT+F1 after lid close, suspend and resume.

Just wanting to know what is the best way i can help you regarding this.

i know sending:

1) dmesg
2) x.org.log

Is ok, but i have no idea what else could help.

So, please, just let me know what else is needed, so i can do my homework.

(Also i tried snapshot from 12/08 but an libc version problem appears when
x starts)

Regards,
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini

RS/600 install

2014-10-28 Thread Leonardo Santagostini

Hello @misc, yesterday at work i've found an RS/6000 Model 140
http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?infotype=ddsubtype=smhtmlfid=897/ENUS7043-140
so,
i was wondering how about installing release 5.5 macppc on it.

Just want to know if somebody try it and if you have some clue on
installation/configuration.

Regards, Leonardo
Saludos.-
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini

Re: RS/600 install

2014-10-28 Thread Leonardo Santagostini

Thank yo very much for your feedback.

=)

Kind regards

Saludos.-
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini




2014-10-28 17:16 GMT-03:00 Peter Kay syllops...@syllopsium.co.uk:

  If I remember correctly that's a PReP model, the PowerPC Reference
 Platform. You might be able to get NetBSD running on it, Windows NT and if
 you're a masochist, possibly OS/2 PPC... (Plus AIX, of course)

 On 28 October 2014 14:40:09 GMT+00:00, David Coppa dco...@gmail.com
 wrote:
 On Tue, Oct 28, 2014 at 3:36 PM, Leonardo Santagostini
 lsantagost...@gmail.com wrote:
  Hello @misc, yesterday at work i've found an RS/6000 Model 140
 
 
 http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?infotype=ddsubtype=smhtmlfid=897/ENUS7043-140
 
  so,
  i was wondering how about installing release 5.5 macppc on it.
 
  Just want to know if somebody try it and if you have some clue on
  installation/configuration.
 
 Unsupported powerpc architecture.
 It's not a macppc.
 
 Ciao,
 David

 --
 Sent from my Android device with K-9 Mail. Please excuse my brevity.

Strange behaviour with X

2014-10-20 Thread Leonardo Santagostini

(type: MOUSE, id 8)
[38.627] (**) /dev/wsmouse: (accel) keeping acceleration scheme 1
[38.627] (**) /dev/wsmouse: (accel) acceleration profile 0
[38.627] (**) /dev/wsmouse: (accel) acceleration factor: 2.000
[38.627] (**) /dev/wsmouse: (accel) acceleration threshold: 4
[   307.465] (II) intel(0): EDID vendor SEC, prod id 17740
[   307.465] (II) intel(0): Printing DDC gathered Modelines:
[   307.465] (II) intel(0): Modeline 1366x768x0.0   75.17  1366 1414 1446
1586  768 770 775 790 -hsync -vsync (47.4 kHz eP)
[  2156.685] [mi] Increasing EQ size to 512 to prevent dropped events.
[  2181.040] (II) AIGLX: Suspending AIGLX clients for VT switch
[  2192.890] (II) AIGLX: Resuming AIGLX clients after VT switch
[  2192.890] (II) intel(0): switch to mode 1366x768@60.0 on LVDS1 using
pipe 0, position (0, 0), rotation normal, reflection none

Thanks for the work, im a happy user since 5.4 (when i discovered OpenBSD)
!!!

Regards / Saludos.-
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini

Re: Pidgin/Lync success stories?

2014-10-01 Thread Leonardo Santagostini

Ok, here i go, i downloaded pidgin from original web and sipe from their
web too.

This procedure does not adjust to the procedures folllowed by openbsd but,
its valid to get pidgin / sipe working =)

Pidgin pidgin-2.10.9 from https://pidgin.im/download/
Sipe 1.18.2 from
http://sourceforge.net/projects/sipe/files/sipe/pidgin-sipe-1.18.2/pidgin-sip
e-1.18.2.tar.gz/download

For making pidgin:

$ ./configure --disable-farstream --disable-vv --disable-nm --with-nss
--with-openssl --disable-tcl
$ gmake
$ sudo gmake install (you can tune your installation with prefix env)

For making sipe
$ ./configure --enable-openssl --enable-nss --enable-debug
$ gmake
$ sudo gmake install (you can tune your installation with prefix env)

HTH

Regards

Saludos.-
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini




2014-09-27 14:34 GMT-03:00 Leonardo Santagostini lsantagost...@gmail.com:

 Later i will write the issue. But is before openssl/libressl switch and
 its related to use nss libs instead ssl. And pidgin is ssilently refusing
 server certs.

 But later i will write it more deeper with some debug. I have pidgin /
 sipe working without issues

 Regards
 El sep 27, 2014 1:37 p.m., Alexander Hall alexan...@beard.se escribiÃ³:

 On 09/26/14 11:55, Mattieu Baptiste wrote:

 On Fri, Sep 26, 2014 at 10:49 AM, Alexander Hall alexan...@beard.se
 mailto:alexan...@beard.se wrote:

 Hi!

 I'm trying to set up Pidgin to talk to our Lync servers at work, but
 it
 seems somewhere after (or in) the TLS handshaking, it just stops, and
 eventually times out.

 I installed the pidgin-sipe package and I'm using the 'office
 communicator' protocol. On a Debian box on the side, with the same
 settings, I don't have this issue.

 Can someone please share success stories, non-success stories, or
 useful
 hints of using Pidgin for Lync on OpenBSD?


 Hi,

 I've also failed at using Pidgin with Office 365. I tried different
 settings with the pidgin-sipe port, without success.
 I found a workaround with chrome (+ extension to change the user-agent)
 and Outlook web access. It let me use the Lync web client.


 Just to rule one possibiliy out... Was this before or after the
 separation from upstream openssl?

 /Alexander


 Regards,
 --
 Mattieu Baptiste
 /earth is 102% full ... please delete anyone you can.

Re: Pidgin/Lync success stories?

2014-09-27 Thread Leonardo Santagostini

Later i will write the issue. But is before openssl/libressl switch and its
related to use nss libs instead ssl. And pidgin is ssilently refusing
server certs.

But later i will write it more deeper with some debug. I have pidgin / sipe
working without issues

Regards
El sep 27, 2014 1:37 p.m., Alexander Hall alexan...@beard.se escribiÃ³:

 On 09/26/14 11:55, Mattieu Baptiste wrote:

 On Fri, Sep 26, 2014 at 10:49 AM, Alexander Hall alexan...@beard.se
 mailto:alexan...@beard.se wrote:

 Hi!

 I'm trying to set up Pidgin to talk to our Lync servers at work, but
 it
 seems somewhere after (or in) the TLS handshaking, it just stops, and
 eventually times out.

 I installed the pidgin-sipe package and I'm using the 'office
 communicator' protocol. On a Debian box on the side, with the same
 settings, I don't have this issue.

 Can someone please share success stories, non-success stories, or
 useful
 hints of using Pidgin for Lync on OpenBSD?


 Hi,

 I've also failed at using Pidgin with Office 365. I tried different
 settings with the pidgin-sipe port, without success.
 I found a workaround with chrome (+ extension to change the user-agent)
 and Outlook web access. It let me use the Lync web client.


 Just to rule one possibiliy out... Was this before or after the separation
 from upstream openssl?

 /Alexander


 Regards,
 --
 Mattieu Baptiste
 /earth is 102% full ... please delete anyone you can.

Re: CARP cluster: howto keep pf.conf in sync?

2014-07-28 Thread Leonardo Santagostini

Maybe puppet?

Regards
El jul 29, 2014 12:08 a.m., Nick Holland n...@holland-consulting.net
escribiÃ³:

 On 07/28/14 07:50, Peus, Christoph wrote:
  Hi all,
 
 
 
  is there a standard or recommended way to keep the pf.conf on the CARP
 cluster
  members in sync?
 
  Thanks!

 No one standard or recommended way, but lots of ideas, as you can see.

 Here's mine, but for the moment, I'll leave you to develop the script.

 My design philosophy:
 1) No additional hw, other than the two firewalls.
 2) EITHER machine should be able to act as master.
 3) EITHER machine should be able to provide all the info to rebuild the
 failed machine.
 4) Change control is good, just not how managers usually like to
 implement it.
 5) uses no other packages (rsync to move pf.conf around?  I don't think
 that's needed)

 So...  I wrote a relatively simple little script which
 * Figures out which the other machine is
 * does a diff -u of the changes between the local machine and the
 other machine (assuming the other machine is the old config)
 * Displays the diff to the user, and asks you to explain the change.
 * records the diff and your explanation to a file with a date and time
 stamp as a file name into a change log directory.
 * copies the pf.conf and the change log file to the corresponding
 directory in the other machine.
 * pfctl -f /etc/pf.conf's the other machine.

 So...you make a change on one box (EITHER!), test it, when satisified,
 you run the sync script.  It compares the changed file to the other
 system, shows you the diff, and you can:
 1) comment it and save it to both
 2) Realize you made a typo, and deleted something you didn't intend to
 or fat-fingered something you didn't intend to, fix.
 3) Realize that you made some other changes that weren't sync'd on
 either machine
 4) etc.

 The script is identical between machines, so if you lose EITHER
 firewall, the other can be used to rebuild the missing system, including
 the history.

 If something goes horribly wrong, you just dig out the history file, and
 revert the change.  If something goes horribly wrong before you sync it,
 log into the other firewall, and push the changes back.

 Wonder why a rule is in the firewall? Look back through the change log
 and read the comments.

 I've done the same thing with DNS zone files and config files, (in my
 opinion) better than the BIND master/slave model -- set up each node
 as a master, and sync the data through scripts like this.

 Nick.

Re: Thanks for ACPI

2014-06-24 Thread Leonardo Santagostini

Hello all, just to add that its true !!! In my notebook also ACPI and two
finger its working perfectly.

Theo the way you define windows, linux and openbsd is brilliant. I will
pass these words to my work colleagues =)

Thank you for doing what you do. Its simply working !!! And simpler that
the other OSes

Saludos.-
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini





2014-06-24 22:14 GMT-03:00 Theo de Raadt dera...@cvs.openbsd.org:

  It's funny to me that NO power saving features work in Windows 8, nor
  2 finger scrolling on the trackpad.

 It's a funny world, here's how, let me explain the road map for you:

 In 1 year, Windows will work worse on that particular laptop.  In 2 years,
 it will be expired.  In 4 years, it will barely work.  That is a result of
 chasing new sales.

 In 1 year, OpenBSD will work better on that laptop.  In 2 years, it will be
 work even better.  In about 4 years, it will work as well, but the decline
 will start because our developers will move on.  That is an aspect of
 minimal
 refinement, not chasing the curve.

 In 1 year, Linux might work better.  In 2 years, it will not work well.
 But hey, don't take my word for me.  Ask the net.  They'll set me straight,
 and they'll set you straight.  I don't know what they are chasing.  Maybe
 it is the same as the first.  Really, honestly, I don't have a clue what
 they are chasing.

Ethernet port on Lenovo G480

2014-06-17 Thread Leonardo Santagostini

: PLDS, DVD-RW DS8A8SH, KL31 ATAPI 5/cdrom
removable
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6
cd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 5
ichiic0 at pci0 dev 31 function 3 Intel 7 Series SMBus rev 0x04: apic 0
int 19
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-12800 SO-DIMM
pciide1 at pci0 dev 31 function 5 Intel 7 Series SATA rev 0x04: DMA
(unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI
pciide1: using apic 0 int 21 for native-PCI interrupt
pciide1: channel 0 ignored (not responding; disabled or no drives?)
pciide1: channel 1 ignored (not responding; disabled or no drives?)
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pms0: Synaptics touchpad, firmware 7.5
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
uhub2 at uhub0 port 1 Intel Rate Matching Hub rev 2.00/0.00 addr 2
ugen0 at uhub2 port 3 Atheros Communications Bluetooth USB Host
Controller rev 1.10/0.01 addr 3
ugen1 at uhub2 port 4 Generic USB2.0-CRW rev 2.00/39.60 addr 4
uhub3 at uhub1 port 1 Intel Rate Matching Hub rev 2.00/0.00 addr 2
run0 at uhub3 port 4 Linksys Linksys WUSB600N Wireless-N USB Network
Adapter with Dual-Band ver. 2 rev 2.00/1.01 addr 3
run0: MAC/BBP RT3572 (rev 0x0223), RF RT3052 (MIMO 2T2R), address
98:fc:11:e0:59:0a
uvideo0 at uhub3 port 6 configuration 1 interface 0 Vimicro Corp. Lenovo
EasyCamera rev 2.00/39.55 addr 4
video0 at uvideo0
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
root on wd0a (6402310bd91d2df0.a) swap on wd0b dump on wd0b

Saludos.-
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini

Re: carp+pfsync+relayd question

2013-11-21 Thread Leonardo Santagostini

Hello list,

painfully i had to migrate the relayd service to a linux boxes with piranha
until find the issue that caused relayd exit unexpectedly.

So if someone want to make some smoke test to find the issue, please tellme.

Best regads,

Leonardo


Saludos.-
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini





2013/11/18 Leonardo Santagostini lsantagost...@gmail.com

 Hello all, unfortunally i have to setup a cron entry that bounce relayd.

 Here the log that show how relayd stopped working

 Nov 18 18:34:55 v-arcbabalancer01 relayd[20347]: relay relay5, session
 1961 (54 active), 0, 200.16.99.232 - 172.19.224.71:80, done
 Nov 18 18:34:55 v-arcbabalancer01 relayd[28629]: relay relay4, session
 1959 (40 active), 0, 201.251.221.57 - 172.19.224.72:80, done
 Nov 18 18:34:55 v-arcbabalancer01 relayd[13074]: relay relay4, session
 1990 (61 active), 0, 190.189.189.171 - 172.19.224.70:80, done
 Nov 18 18:34:55 v-arcbabalancer01 relayd[24546]: relay exiting, pid 24546
 Nov 18 18:34:55 v-arcbabalancer01 relayd[13924]: relay relay4, session
 1883 (43 active), 0, 190.228.28.250 - :0, buffer event timeout
 Nov 18 18:34:55 v-arcbabalancer01 relayd[27128]: relay relay4, session
 2063 (49 active), 0, 201.255.217.232 - 172.19.224.71:80, done
 Nov 18 18:34:55 v-arcbabalancer01 relayd[24551]: pfe exiting, pid 24551
 Nov 18 18:34:55 v-arcbabalancer01 relayd[3602]: hce exiting, pid 3602
 Nov 18 18:34:55 v-arcbabalancer01 relayd[13924]: relay relay4, session
 1964 (43 active), 0, 190.12.181.160 - 172.19.224.73:80, done
 Nov 18 18:34:55 v-arcbabalancer01 relayd[17688]: relay relay4, session
 2080 (49 active), 0, 186.126.250.165 - 172.19.224.72:80, done
 Nov 18 18:34:55 v-arcbabalancer01 relayd[28629]: relay relay5, session
 1891 (39 active), 0, 190.179.204.226 - :0, buffer event timeout
 Nov 18 18:34:55 v-arcbabalancer01 relayd[28629]: relay relay4, session
 1962 (39 active), 0, 190.189.189.171 - 172.19.224.70:80, done
 Nov 18 18:34:55 v-arcbabalancer01 relayd[22840]: relay exiting, pid 22840
 Nov 18 18:34:55 v-arcbabalancer01 relayd[5545]: relay exiting, pid 5545
 Nov 18 18:34:55 v-arcbabalancer01 relayd[1089]: relay exiting, pid 1089
 Nov 18 18:34:55 v-arcbabalancer01 relayd[28629]: relay exiting, pid 28629
 Nov 18 18:34:55 v-arcbabalancer01 relayd[857]: relay exiting, pid 857
 Nov 18 18:34:55 v-arcbabalancer01 relayd[27128]: relay exiting, pid 27128
 Nov 18 18:34:55 v-arcbabalancer01 relayd[20347]: relay exiting, pid 20347
 Nov 18 18:34:55 v-arcbabalancer01 relayd[13074]: relay exiting, pid 13074
 Nov 18 18:34:55 v-arcbabalancer01 relayd[7637]: relay exiting, pid 7637
 Nov 18 18:34:55 v-arcbabalancer01 relayd[8449]: relay exiting, pid 8449
 Nov 18 18:34:55 v-arcbabalancer01 relayd[30009]: relay exiting, pid 30009
 Nov 18 18:34:55 v-arcbabalancer01 relayd[13924]: relay exiting, pid 13924
 Nov 18 18:34:55 v-arcbabalancer01 relayd[4542]: relay exiting, pid 4542
 Nov 18 18:34:55 v-arcbabalancer01 relayd[13505]: parent terminating, pid
 13505
 Nov 18 18:39:11 v-arcbabalancer01 puppet-agent[20912]: Finished catalog
 run in 2.59 seconds
 Nov 18 18:58:04 v-arcbabalancer01 relayd[9964]: startup


 Best regards, yours

 Saludos.-
 Leonardo Santagostini

 http://ar.linkedin.com/in/santagostini





 2013/11/18 Leonardo Santagostini lsantagost...@gmail.com

 Hello Jan, thanks for answering.

 The point was with booting without bsd.mp, now box rebooted and showing
 4 procs =)

 By now, all is working fine. Thank for all your support. I will keep you
 all informed how things are going.

 Best regards

 Saludos.-
 Leonardo Santagostini

 http://ar.linkedin.com/in/santagostini





 2013/11/18 Jan Lambertz jd.arb...@googlemail.com

 qemu-kvm ...-smp sockets=2 ... solved it for me. What qemu version an
 build
 are you using ?
 Am 14.11.2013 18:47 schrieb Leonardo Santagostini 
 lsantagost...@gmail.com
 :
 
  Thanks a lot to all, i will give it a try and gives tou you feedback as
  soon as it get implemented.
 
  Saludos.-
  Leonardo Santagostini
 
  http://ar.linkedin.com/in/santagostini
 
 
 
 
 
  2013/11/14 Andy a...@brandwatch.com
 
On 14/11/13 15:21, Leonardo Santagostini wrote:
  
   Hello misc,
  
   Im doing my final approach to put a production system with
   carp+pfsync+relayd on production.
  
   The point is that im facing some trouble setting more than one ip
 alias
   address with different vhid and different passwd.
  
   So, this is the scenario.
  
   Im trying to relayd more or less 15 sites so i have conceptual
 doubts.
  
   1) is it nesessary to create one carp interface for each one of my
   internals VIP address
   2) my understanding is that i have to work with pf on my carp
 interfaces.
  
   I have tried to put two different VIP's on my carp, but whitout
 lucky.
  
   Here is the homework.
  
   [root@server ~]# uname -a
   OpenBSD server.internaldomain.com 5.4 GENERIC#37 amd64
   [root@server ~]#
  
   [root@server ~]# cat /etc/hostname.em0
   inet 172.19.224.180 255.255.255.0
  
   [root

Re: carp+pfsync+relayd question

2013-11-18 Thread Leonardo Santagostini

Ok, thanks for all the replies. Im waiting to this situation appears to
send to you the output of those commands.

Thanks and regards

Saludos.-
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini





2013/11/18 mxb m...@alumni.chalmers.se


 Output for

 'pfctl -si', 'pfctl -sm' and 'sysctl -a|grep net.inet.ip.ifqâ would be
hie
 to see.

 //mxb


 On 18 nov 2013, at 04:20, Leonardo Santagostini lsantagost...@gmail.com
 wrote:

 Sorry, looking more detailed at the logs i found this:

 /var/log/daemon
 Nov 17 18:36:12 v-arcbabalancer01 relayd[13984]: fatal: relay_connect: no
 connection in flight
 Nov 17 18:36:12 v-arcbabalancer01 relayd[22615]: pfe exiting, pid 22615
 Nov 17 18:36:12 v-arcbabalancer01 relayd[31674]: hce exiting, pid 31674
 Nov 17 18:36:12 v-arcbabalancer01 relayd[9082]: relay exiting, pid 9082
 Nov 17 18:36:12 v-arcbabalancer01 relayd[701]: relay exiting, pid 701
 Nov 17 18:36:12 v-arcbabalancer01 relayd[21358]: parent terminating, pid
 21358
 Nov 17 18:36:12 v-arcbabalancer01 relayd[24886]: relay exiting, pid 24886
 Nov 17 18:36:12 v-arcbabalancer01 relayd[21395]: relay exiting, pid 21395
 Nov 17 18:36:12 v-arcbabalancer01 relayd[13155]: relay exiting, pid 13155
 Nov 17 18:36:12 v-arcbabalancer01 relayd[20557]: relay exiting, pid 20557
 Nov 17 18:36:12 v-arcbabalancer01 relayd[14903]: relay exiting, pid 14903
 Nov 17 18:36:12 v-arcbabalancer01 relayd[10686]: relay exiting, pid 10686
 Nov 17 18:36:12 v-arcbabalancer01 relayd[17355]: relay exiting, pid 17355
 Nov 17 18:36:12 v-arcbabalancer01 relayd[26908]: relay exiting, pid 26908
 Nov 17 18:36:12 v-arcbabalancer01 relayd[6551]: relay exiting, pid 6551
 Nov 17 18:36:12 v-arcbabalancer01 relayd[16649]: relay exiting, pid 16649
 Nov 17 18:36:12 v-arcbabalancer01 relayd[2567]: relay exiting, pid 2567
 Nov 17 18:36:12 v-arcbabalancer01 relayd[3159]: relay exiting, pid 3159


 /var/log/messages
 Nov 17 18:36:12 v-arcbabalancer01 relayd[13984]: fatal: relay_connect: no
 connection in flight


 Regards

 Saludos.-
 Leonardo Santagostini

 http://ar.linkedin.com/in/santagostini





 2013/11/18 Leonardo Santagostini lsantagost...@gmail.com

 Hello everybody, i still having some issues whit relayd.

 Nov 17 21:01:56 v-arcbabalancer01 relayd[4252]: relay relay4, session 75
 (1 active), 0, 190.51.90.22 - :0, buffer event timeout
 Nov 17 21:01:57 v-arcbabalancer01 relayd[12715]: relay relay4, session 97
 (4 active), 0, 190.49.60.30 - :0, buffer event timeout
 Nov 17 21:01:58 v-arcbabalancer01 relayd[4781]: relay relay4, session 142
 (3 active), 0, 190.188.18.202 - :0, buffer event timeout
 Nov 17 21:02:03 v-arcbabalancer01 relayd[25332]: relay relay4, session 28
 (1 active), 0, 181.29.46.36 - :0, hard timeout
 Nov 17 21:02:03 v-arcbabalancer01 relayd[12715]: relay relay4, session 55
 (3 active), 0, 108.36.150.233 - :0, hard timeout
 Nov 17 21:02:03 v-arcbabalancer01 relayd[18695]: relay relay4, session 67
 (3 active), 0, 31.221.13.210 - :0, hard timeout
 Nov 17 21:02:03 v-arcbabalancer01 relayd[13096]: relay relay5, session 73
 (3 active), 0, 190.195.118.49 - :0, hard timeout
 Nov 17 21:02:03 v-arcbabalancer01 relayd[31990]: relay relay4, session 25
 (1 active), 0, 186.188.178.215 - :0, hard timeout
 Nov 17 21:02:03 v-arcbabalancer01 relayd[4781]: relay relay4, session 144
 (7 active), 0, 31.221.13.210 - :0, hard timeout
 Nov 17 21:02:03 v-arcbabalancer01 relayd[23317]: relay relay2, session 55
 (5 active), 0, 181.109.7.31 - :0, hard timeout
 Nov 17 21:02:03 v-arcbabalancer01 relayd[22942]: relay relay4, session 93
 (2 active), 0, 31.221.13.210 - :0, hard timeout
 Nov 17 21:02:03 v-arcbabalancer01 relayd[13862]: relay relay4, session 80
 (3 active), 0, 190.111.231.50 - :0, hard timeout
 Nov 17 21:02:06 v-arcbabalancer01 relayd[19770]: relay relay4, session 92
 (1 active), 0, 75.70.87.158 - :0, buffer event timeout
 Nov 17 21:02:08 v-arcbabalancer01 relayd[23317]: relay relay4, session
 131 (5 active), 0, 190.113.173.36 - :0, buffer event timeout
 Nov 17 21:02:11 v-arcbabalancer01 relayd[10590]: relay relay4, session
 103 (9 active), 0, 186.137.241.254 - :0, buffer event timeout
 Nov 17 21:02:15 v-arcbabalancer01 relayd[23317]: relay relay4, session
 143 (2 active), 0, 24.232.115.134 - :0, buffer event timeout
 Nov 17 21:02:16 v-arcbabalancer01 relayd[12715]: relay relay4, session
 101 (7 active), 0, 108.87.58.21 - :0, buffer event timeout
 Nov 17 21:02:16 v-arcbabalancer01 relayd[12715]: relay relay4, session
 102 (6 active), 0, 108.87.58.21 - :0, buffer event timeout
 Nov 17 21:02:16 v-arcbabalancer01 relayd[10590]: relay relay5, session
 142 (13 active), 0, 190.195.118.49 -
172.19.224.73:80http://172.19.224.73/,
 no method
 Nov 17 21:02:16 v-arcbabalancer01 relayd[10590]: relay relay4, session
 114 (12 active), 0, 190.49.11.36 - :0, buffer event timeout
 Nov 17 21:02:16 v-arcbabalancer01 relayd[12715]: relay relay4, session
 104 (5 active), 0, 190.49.11.36 - :0, buffer event timeout
 Nov 17 21:02:17 v-arcbabalancer01 relayd[10590

Re: carp+pfsync+relayd question

2013-11-18 Thread Leonardo Santagostini

Hello list, i found something strange.

By one side, cpu idle is at 0%

[root@v-arcbabalancer01 ~]# vmstat 2 20
 procsmemory   pagediskstraps  cpu
 r b wavm fre  flt  re  pi  po  fr  sr wd0 cd0  int   sys   cs us
sy id
 5 0 0  86576 1450072  845   0   0   0   0   0   0   0  152  2922  308 60
 5 35
 4 0 0  86668 1449976   31   0   0   0   0   0   0   0  435  4554  869 94
 6  0
 4 0 0  86732 1449896   14   0   0   0   0   0   0   0  425  4269  827 94
 6  0
 5 0 0  86732 14498964   0   0   0   0   0   0   0  297  4098  762 92
 8  0
 7 0 0  86740 14498725   0   0   0   0   0   0   0  287  3264  625 94
 6  0
 4 0 0  86748 1449864   14   0   0   0   0   0   0   0  370  4400  804 92
 8  0
 4 0 0  86756 1449836   12   0   0   0   0   0   0   0  311  3708  730 92
 8  0
 4 0 0  86840 1449744   30   0   0   0   0   0   0   0  331  3585  701 93
 7  0
 4 0 0  86840 14497284   0   0   0   0   0   0   0  453  4744  885 93
 7  0
 4 0 0  86840 14497284   0   0   0   0   0   0   0  355  3832  745 92
 8  0
 5 0 0  86876 1449668   23   0   0   0   0   0   0   0  375  5003  934 92
 8  0
 4 0 0  86880 14496644   0   0   0   0   0   0   0  295  3600  707 93
 7  0
 9 1 0  87136 1449148 13421   0   0   0   0   0   0   0  242 24373  778 87
13  0
 5 1 0  91964 1445628 23388   0   0   0   0   0   0   0  273 1 1256 80
20  0
 5 0 0  86892 1449624  479   0   0   0   0   0   0   0  313  4012  736 90
10  0
 7 0 0  86892 14496086   0   0   0   0   0   0   0  308  3831  712 93
 7  0
 4 0 0  86892 14496084   0   0   0   0   0   0   0  290  3694  732 95
 5  0
 4 0 0  86900 1449576   14   0   0   0   0   0   0   0  345  4439  857 92
 8  0
 4 0 0  86900 14495764   0   0   0   0   0   0   0  337  4798  879 92
 8  0
 5 0 0  86964 1449492   12   0   0   0   0   0   0   0  389  4723  923 94
 6  0

By the other assigned cpus are two not one as the machine sees.

[root@v-arcbabalancer01 ~]# dmesg | grep cpu
acpicpu0 at acpi0
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Opteron or Athlon 64, 2660.64 MHz
cpu0:
FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,PGE,CMOV,PAT,MMX,FXSR,SSE,SSE2,SSE3,POPCN
T
cpu0: smt 0, core 0, package 0
cpu0: apic clock running at 1000MHz
cpu at mainbus0: not configured

So i will try to do some search about gettint the proper config for openbsd
hosts in kvm

If anyone can give to me some clues it will realy welcome.

Regards

Saludos.-
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini





2013/11/18 Leonardo Santagostini lsantagost...@gmail.com

 Ok, thanks for all the replies. Im waiting to this situation appears to
 send to you the output of those commands.

 Thanks and regards

 Saludos.-
 Leonardo Santagostini

 http://ar.linkedin.com/in/santagostini





 2013/11/18 mxb m...@alumni.chalmers.se


 Output for

 'pfctl -si', 'pfctl -sm' and 'sysctl -a|grep net.inet.ip.ifqâ would be
 hie to see.

 //mxb


 On 18 nov 2013, at 04:20, Leonardo Santagostini lsantagost...@gmail.com
 wrote:

 Sorry, looking more detailed at the logs i found this:

 /var/log/daemon
 Nov 17 18:36:12 v-arcbabalancer01 relayd[13984]: fatal: relay_connect: no
 connection in flight
  Nov 17 18:36:12 v-arcbabalancer01 relayd[22615]: pfe exiting, pid 22615
 Nov 17 18:36:12 v-arcbabalancer01 relayd[31674]: hce exiting, pid 31674
 Nov 17 18:36:12 v-arcbabalancer01 relayd[9082]: relay exiting, pid 9082
 Nov 17 18:36:12 v-arcbabalancer01 relayd[701]: relay exiting, pid 701
 Nov 17 18:36:12 v-arcbabalancer01 relayd[21358]: parent terminating, pid
 21358
 Nov 17 18:36:12 v-arcbabalancer01 relayd[24886]: relay exiting, pid 24886
 Nov 17 18:36:12 v-arcbabalancer01 relayd[21395]: relay exiting, pid 21395
 Nov 17 18:36:12 v-arcbabalancer01 relayd[13155]: relay exiting, pid 13155
 Nov 17 18:36:12 v-arcbabalancer01 relayd[20557]: relay exiting, pid 20557
 Nov 17 18:36:12 v-arcbabalancer01 relayd[14903]: relay exiting, pid 14903
 Nov 17 18:36:12 v-arcbabalancer01 relayd[10686]: relay exiting, pid 10686
 Nov 17 18:36:12 v-arcbabalancer01 relayd[17355]: relay exiting, pid 17355
 Nov 17 18:36:12 v-arcbabalancer01 relayd[26908]: relay exiting, pid 26908
 Nov 17 18:36:12 v-arcbabalancer01 relayd[6551]: relay exiting, pid 6551
 Nov 17 18:36:12 v-arcbabalancer01 relayd[16649]: relay exiting, pid 16649
 Nov 17 18:36:12 v-arcbabalancer01 relayd[2567]: relay exiting, pid 2567
 Nov 17 18:36:12 v-arcbabalancer01 relayd[3159]: relay exiting, pid 3159


 /var/log/messages
 Nov 17 18:36:12 v-arcbabalancer01 relayd[13984]: fatal: relay_connect: no
 connection in flight


 Regards

 Saludos.-
 Leonardo Santagostini

 http://ar.linkedin.com/in/santagostini





 2013/11/18 Leonardo Santagostini lsantagost...@gmail.com

 Hello everybody, i still having some issues whit relayd.

 Nov 17 21:01:56 v-arcbabalancer01 relayd[4252]: relay relay4, session 75
 (1 active), 0, 190.51.90.22 - :0, buffer event timeout
 Nov 17 21:01:57 v-arcbabalancer01 relayd[12715]: relay relay4, session
 97 (4 active

Re: carp+pfsync+relayd question

2013-11-18 Thread Leonardo Santagostini

Hello Jan, thanks for answering.

The point was with booting without bsd.mp, now box rebooted and showing 4
procs =)

By now, all is working fine. Thank for all your support. I will keep you
all informed how things are going.

Best regards

Saludos.-
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini





2013/11/18 Jan Lambertz jd.arb...@googlemail.com

 qemu-kvm ...-smp sockets=2 ... solved it for me. What qemu version an build
 are you using ?
 Am 14.11.2013 18:47 schrieb Leonardo Santagostini 
 lsantagost...@gmail.com
 :
 
  Thanks a lot to all, i will give it a try and gives tou you feedback as
  soon as it get implemented.
 
  Saludos.-
  Leonardo Santagostini
 
  http://ar.linkedin.com/in/santagostini
 
 
 
 
 
  2013/11/14 Andy a...@brandwatch.com
 
On 14/11/13 15:21, Leonardo Santagostini wrote:
  
   Hello misc,
  
   Im doing my final approach to put a production system with
   carp+pfsync+relayd on production.
  
   The point is that im facing some trouble setting more than one ip alias
   address with different vhid and different passwd.
  
   So, this is the scenario.
  
   Im trying to relayd more or less 15 sites so i have conceptual doubts.
  
   1) is it nesessary to create one carp interface for each one of my
   internals VIP address
   2) my understanding is that i have to work with pf on my carp
 interfaces.
  
   I have tried to put two different VIP's on my carp, but whitout lucky.
  
   Here is the homework.
  
   [root@server ~]# uname -a
   OpenBSD server.internaldomain.com 5.4 GENERIC#37 amd64
   [root@server ~]#
  
   [root@server ~]# cat /etc/hostname.em0
   inet 172.19.224.180 255.255.255.0
  
   [root@server ~]# cat /etc/hostname.em1
   inet 172.19.226.231 255.255.255.0 172.19.226.255
  
   [root@server ~]# cat /etc/hostname.carp0
   # inet alias 172.19.224.16 255.255.255.255 172.19.224.255 vhid 1
 advskew 10
   carpdev em0 pass Ahsooqu3
   inet alias 172.19.224.131 255.255.255.0 172.19.224.255 vhid 2 advskew
 10
   carpdev em0 pass Meixo9oe
   # inet alias 172.19.224.41 255.255.255.255 172.19.224.255 vhid 3
 advskew 10
   carpdev em0 pass av5eG9Gi
   # inet alias 172.19.224.40 255.255.255.255 172.19.224.255 vhid 4
 advskew 10
   carpdev em0 pass Rei6thai
   # inet alias 172.19.224.181 255.255.255.0 172.19.224.255 vhid 5 advskew
 10
   carpdev em0 pass Toobohz3
   # inet alias 172.19.224.182 255.255.255.255 172.19.224.255 vhid 6
 adskew 10
   carpdev em0 pass Quahng6U
  
CARP should look like this (master);
   inet 172.19.224.16 255.255.255.0 172.19.224.255 vhid 1 carpdev em0 pass
   Ahsooqu3 advskew 0
   inet alias 172.19.224.131 255.255.255.255
   inet alias 172.19.224.41 255.255.255.255
   inet alias 172.19.224.40 255.255.255.255
   inet alias 172.19.224.181 255.255.255.255
   inet alias 172.19.224.182 255.255.255.255
  
   And (backup);
   inet 172.19.224.16 255.255.255.0 172.19.224.255 vhid 1 carpdev em0 pass
   Ahsooqu3 advskew 200
   inet alias 172.19.224.131 255.255.255.255
   inet alias 172.19.224.41 255.255.255.255
   inet alias 172.19.224.40 255.255.255.255
   inet alias 172.19.224.181 255.255.255.255
   inet alias 172.19.224.182 255.255.255.255
  
   And yes the subnet masks for the alias' should be /32 and you will see
 a
   warning in the logs during fail-over. This is fine, the devs just
 haven't
   muted the check warning yet.
  
   You've done it right if 'netstat -rn' shows;
  
   172.19.224.131 127.0.0.1  UGHS   00 33152 8
   lo0
   172.19.224.131/32  172.19.224.131 U  00 -
 4
   carp0
  
  
[root@server ~]# cat /etc/hostname.pfsync0
   up syncdev em1
  
   [root@server ~]# cat /etc/pf.conf
   ext_if=carp0
  
You don't refer to CARP as an interface, it is simply a VRRP watchdog
   interface (for example you cannot set the MTU on a CARP interface as it
 is
   not really an interface.
   Use the physical..
  
   ext_if=em0
  
  
  
   set fingerprints /etc/pf.os
   set optimization aggressive
   set limit states 9
  
Definitely needs to be higher! try 1 million..
  
  
set limit src-nodes 65000
  
   table bad_ip persist
   table internat_net persist file /etc/internal_net
   table admitted_net persist file /etc/admitted.txt
  
   # vip1_address = 172.19.224.181
   # vip2_address = 172.19.224.16
   vip3_address = 172.19.224.131
   # vip4_address = 172.19.224.41
   # vip5_address = 172.19.224.40
  
Just to keep you sane remember these rules;
   # (SNAT) NATing is done before filtering, 'pass out on $if_ext from
   $external_carp_ip1' (public address as src for outbound).
   # (DNAT) RDRing is done before filtering, 'pass in on $if_ext from any
 to
   $internal_ip1' (private address as dst for inbound).
  
   [image: OpenBSD_PF_flow]
  
  
  
   # Dejo de procesar cuando se trata de las redes internas
   pass in quick from internat_net to any
  
   # Dejo pasar las ips desde las redes permitidas
   # pass in quick from admitted_net to $vip1_address
   pass in quick

Re: carp+pfsync+relayd question

2013-11-18 Thread Leonardo Santagostini

Hello all, unfortunally i have to setup a cron entry that bounce relayd.

Here the log that show how relayd stopped working

Nov 18 18:34:55 v-arcbabalancer01 relayd[20347]: relay relay5, session 1961
(54 active), 0, 200.16.99.232 - 172.19.224.71:80, done
Nov 18 18:34:55 v-arcbabalancer01 relayd[28629]: relay relay4, session 1959
(40 active), 0, 201.251.221.57 - 172.19.224.72:80, done
Nov 18 18:34:55 v-arcbabalancer01 relayd[13074]: relay relay4, session 1990
(61 active), 0, 190.189.189.171 - 172.19.224.70:80, done
Nov 18 18:34:55 v-arcbabalancer01 relayd[24546]: relay exiting, pid 24546
Nov 18 18:34:55 v-arcbabalancer01 relayd[13924]: relay relay4, session 1883
(43 active), 0, 190.228.28.250 - :0, buffer event timeout
Nov 18 18:34:55 v-arcbabalancer01 relayd[27128]: relay relay4, session 2063
(49 active), 0, 201.255.217.232 - 172.19.224.71:80, done
Nov 18 18:34:55 v-arcbabalancer01 relayd[24551]: pfe exiting, pid 24551
Nov 18 18:34:55 v-arcbabalancer01 relayd[3602]: hce exiting, pid 3602
Nov 18 18:34:55 v-arcbabalancer01 relayd[13924]: relay relay4, session 1964
(43 active), 0, 190.12.181.160 - 172.19.224.73:80, done
Nov 18 18:34:55 v-arcbabalancer01 relayd[17688]: relay relay4, session 2080
(49 active), 0, 186.126.250.165 - 172.19.224.72:80, done
Nov 18 18:34:55 v-arcbabalancer01 relayd[28629]: relay relay5, session 1891
(39 active), 0, 190.179.204.226 - :0, buffer event timeout
Nov 18 18:34:55 v-arcbabalancer01 relayd[28629]: relay relay4, session 1962
(39 active), 0, 190.189.189.171 - 172.19.224.70:80, done
Nov 18 18:34:55 v-arcbabalancer01 relayd[22840]: relay exiting, pid 22840
Nov 18 18:34:55 v-arcbabalancer01 relayd[5545]: relay exiting, pid 5545
Nov 18 18:34:55 v-arcbabalancer01 relayd[1089]: relay exiting, pid 1089
Nov 18 18:34:55 v-arcbabalancer01 relayd[28629]: relay exiting, pid 28629
Nov 18 18:34:55 v-arcbabalancer01 relayd[857]: relay exiting, pid 857
Nov 18 18:34:55 v-arcbabalancer01 relayd[27128]: relay exiting, pid 27128
Nov 18 18:34:55 v-arcbabalancer01 relayd[20347]: relay exiting, pid 20347
Nov 18 18:34:55 v-arcbabalancer01 relayd[13074]: relay exiting, pid 13074
Nov 18 18:34:55 v-arcbabalancer01 relayd[7637]: relay exiting, pid 7637
Nov 18 18:34:55 v-arcbabalancer01 relayd[8449]: relay exiting, pid 8449
Nov 18 18:34:55 v-arcbabalancer01 relayd[30009]: relay exiting, pid 30009
Nov 18 18:34:55 v-arcbabalancer01 relayd[13924]: relay exiting, pid 13924
Nov 18 18:34:55 v-arcbabalancer01 relayd[4542]: relay exiting, pid 4542
Nov 18 18:34:55 v-arcbabalancer01 relayd[13505]: parent terminating, pid
13505
Nov 18 18:39:11 v-arcbabalancer01 puppet-agent[20912]: Finished catalog run
in 2.59 seconds
Nov 18 18:58:04 v-arcbabalancer01 relayd[9964]: startup


Best regards, yours

Saludos.-
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini





2013/11/18 Leonardo Santagostini lsantagost...@gmail.com

 Hello Jan, thanks for answering.

 The point was with booting without bsd.mp, now box rebooted and showing 4
 procs =)

 By now, all is working fine. Thank for all your support. I will keep you
 all informed how things are going.

 Best regards

 Saludos.-
 Leonardo Santagostini

 http://ar.linkedin.com/in/santagostini





 2013/11/18 Jan Lambertz jd.arb...@googlemail.com

 qemu-kvm ...-smp sockets=2 ... solved it for me. What qemu version an
 build
 are you using ?
 Am 14.11.2013 18:47 schrieb Leonardo Santagostini 
 lsantagost...@gmail.com
 :
 
  Thanks a lot to all, i will give it a try and gives tou you feedback as
  soon as it get implemented.
 
  Saludos.-
  Leonardo Santagostini
 
  http://ar.linkedin.com/in/santagostini
 
 
 
 
 
  2013/11/14 Andy a...@brandwatch.com
 
On 14/11/13 15:21, Leonardo Santagostini wrote:
  
   Hello misc,
  
   Im doing my final approach to put a production system with
   carp+pfsync+relayd on production.
  
   The point is that im facing some trouble setting more than one ip
 alias
   address with different vhid and different passwd.
  
   So, this is the scenario.
  
   Im trying to relayd more or less 15 sites so i have conceptual doubts.
  
   1) is it nesessary to create one carp interface for each one of my
   internals VIP address
   2) my understanding is that i have to work with pf on my carp
 interfaces.
  
   I have tried to put two different VIP's on my carp, but whitout lucky.
  
   Here is the homework.
  
   [root@server ~]# uname -a
   OpenBSD server.internaldomain.com 5.4 GENERIC#37 amd64
   [root@server ~]#
  
   [root@server ~]# cat /etc/hostname.em0
   inet 172.19.224.180 255.255.255.0
  
   [root@server ~]# cat /etc/hostname.em1
   inet 172.19.226.231 255.255.255.0 172.19.226.255
  
   [root@server ~]# cat /etc/hostname.carp0
   # inet alias 172.19.224.16 255.255.255.255 172.19.224.255 vhid 1
 advskew 10
   carpdev em0 pass Ahsooqu3
   inet alias 172.19.224.131 255.255.255.0 172.19.224.255 vhid 2 advskew
 10
   carpdev em0 pass Meixo9oe
   # inet alias 172.19.224.41 255.255.255.255 172.19.224.255 vhid 3
 advskew 10
   carpdev

Re: carp+pfsync+relayd question

2013-11-17 Thread Leonardo Santagostini

Hello everybody, i still having some issues whit relayd.

Nov 17 21:01:56 v-arcbabalancer01 relayd[4252]: relay relay4, session 75 (1
active), 0, 190.51.90.22 - :0, buffer event timeout
Nov 17 21:01:57 v-arcbabalancer01 relayd[12715]: relay relay4, session 97
(4 active), 0, 190.49.60.30 - :0, buffer event timeout
Nov 17 21:01:58 v-arcbabalancer01 relayd[4781]: relay relay4, session 142
(3 active), 0, 190.188.18.202 - :0, buffer event timeout
Nov 17 21:02:03 v-arcbabalancer01 relayd[25332]: relay relay4, session 28
(1 active), 0, 181.29.46.36 - :0, hard timeout
Nov 17 21:02:03 v-arcbabalancer01 relayd[12715]: relay relay4, session 55
(3 active), 0, 108.36.150.233 - :0, hard timeout
Nov 17 21:02:03 v-arcbabalancer01 relayd[18695]: relay relay4, session 67
(3 active), 0, 31.221.13.210 - :0, hard timeout
Nov 17 21:02:03 v-arcbabalancer01 relayd[13096]: relay relay5, session 73
(3 active), 0, 190.195.118.49 - :0, hard timeout
Nov 17 21:02:03 v-arcbabalancer01 relayd[31990]: relay relay4, session 25
(1 active), 0, 186.188.178.215 - :0, hard timeout
Nov 17 21:02:03 v-arcbabalancer01 relayd[4781]: relay relay4, session 144
(7 active), 0, 31.221.13.210 - :0, hard timeout
Nov 17 21:02:03 v-arcbabalancer01 relayd[23317]: relay relay2, session 55
(5 active), 0, 181.109.7.31 - :0, hard timeout
Nov 17 21:02:03 v-arcbabalancer01 relayd[22942]: relay relay4, session 93
(2 active), 0, 31.221.13.210 - :0, hard timeout
Nov 17 21:02:03 v-arcbabalancer01 relayd[13862]: relay relay4, session 80
(3 active), 0, 190.111.231.50 - :0, hard timeout
Nov 17 21:02:06 v-arcbabalancer01 relayd[19770]: relay relay4, session 92
(1 active), 0, 75.70.87.158 - :0, buffer event timeout
Nov 17 21:02:08 v-arcbabalancer01 relayd[23317]: relay relay4, session 131
(5 active), 0, 190.113.173.36 - :0, buffer event timeout
Nov 17 21:02:11 v-arcbabalancer01 relayd[10590]: relay relay4, session 103
(9 active), 0, 186.137.241.254 - :0, buffer event timeout
Nov 17 21:02:15 v-arcbabalancer01 relayd[23317]: relay relay4, session 143
(2 active), 0, 24.232.115.134 - :0, buffer event timeout
Nov 17 21:02:16 v-arcbabalancer01 relayd[12715]: relay relay4, session 101
(7 active), 0, 108.87.58.21 - :0, buffer event timeout
Nov 17 21:02:16 v-arcbabalancer01 relayd[12715]: relay relay4, session 102
(6 active), 0, 108.87.58.21 - :0, buffer event timeout
Nov 17 21:02:16 v-arcbabalancer01 relayd[10590]: relay relay5, session 142
(13 active), 0, 190.195.118.49 - 172.19.224.73:80, no method
Nov 17 21:02:16 v-arcbabalancer01 relayd[10590]: relay relay4, session 114
(12 active), 0, 190.49.11.36 - :0, buffer event timeout
Nov 17 21:02:16 v-arcbabalancer01 relayd[12715]: relay relay4, session 104
(5 active), 0, 190.49.11.36 - :0, buffer event timeout
Nov 17 21:02:17 v-arcbabalancer01 relayd[10590]: relay relay4, session 120
(10 active), 0, 189.237.152.81 - :0, buffer event timeout
Nov 17 21:02:17 v-arcbabalancer01 relayd[31990]: relay relay4, session 117
(5 active), 0, 189.237.152.81 - :0, buffer event timeout
Nov 17 21:02:17 v-arcbabalancer01 relayd[10590]: relay relay5, session 144
(9 active), 0, 190.195.118.49 - 172.19.224.71:80, no method
Nov 17 21:02:17 v-arcbabalancer01 relayd[10590]: relay relay5, session 145
(9 active), 0, 190.195.118.49 - 172.19.224.70:80, no method
Nov 17 21:02:19 v-arcbabalancer01 relayd[30656]: relay relay4, session 126
(4 active), 0, 190.220.108.107 - :0, buffer event timeout
Nov 17 21:02:22 v-arcbabalancer01 relayd[19770]: relay relay4, session 103
(1 active), 0, 189.149.155.136 - :0, buffer event timeout
Nov 17 21:02:25 v-arcbabalancer01 relayd[18695]: relay relay4, session 79
(3 active), 0, 181.167.177.45 - :0, buffer event timeout
Nov 17 21:02:28 v-arcbabalancer01 relayd[12715]: relay relay4, session 109
(4 active), 0, 190.18.27.4 - :0, buffer event timeout
Nov 17 21:02:30 v-arcbabalancer01 relayd[12715]: relay relay4, session 112
(3 active), 0, 181.21.154.28 - :0, buffer event timeout

Here is my config

dmesg: http://pastebin.com/fLU8qaTd
relayd.conf: http://pastebin.com/Nn1VYRxQ
pf.conf: http://pastebin.com/HcQchkgP
/etc/hostname.carp0: http://pastebin.com/wyccT20r
/etc/hostname.em1: http://pastebin.com/MQq9nExL
/etc/sysctl.conf: http://pastebin.com/QrkwLgWN

Anybody can enligth me ?

Thank you in advance, best regards

Saludos.-
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini





2013/11/14 Leonardo Santagostini lsantagost...@gmail.com

 Hello Andy. Actually i proved flushing pf rules, tables and counters with
 no luck.

 But after restart relayd things come to work as expected.

 Thanks, Leonardo
 El nov 14, 2013 8:15 p.m., mxb m...@alumni.chalmers.se escribiÃ³:

 No,
 it is number of currently active sessions for this particular relay.
 Eg. 502 âusers.

 On 14 nov 2013, at 21:59, Andy Lemin a...@brandwatch.com wrote:

 Hi, as a complete guess (not used relayd yet let alone DSR) a 502 sounds
 like
 an error return from nginx/apache etc. could be a direct server return
 issue
 causing the TCP three way handshake

Re: carp+pfsync+relayd question

2013-11-17 Thread Leonardo Santagostini

Sorry, looking more detailed at the logs i found this:

/var/log/daemon
Nov 17 18:36:12 v-arcbabalancer01 relayd[13984]: fatal: relay_connect: no
connection in flight
Nov 17 18:36:12 v-arcbabalancer01 relayd[22615]: pfe exiting, pid 22615
Nov 17 18:36:12 v-arcbabalancer01 relayd[31674]: hce exiting, pid 31674
Nov 17 18:36:12 v-arcbabalancer01 relayd[9082]: relay exiting, pid 9082
Nov 17 18:36:12 v-arcbabalancer01 relayd[701]: relay exiting, pid 701
Nov 17 18:36:12 v-arcbabalancer01 relayd[21358]: parent terminating, pid
21358
Nov 17 18:36:12 v-arcbabalancer01 relayd[24886]: relay exiting, pid 24886
Nov 17 18:36:12 v-arcbabalancer01 relayd[21395]: relay exiting, pid 21395
Nov 17 18:36:12 v-arcbabalancer01 relayd[13155]: relay exiting, pid 13155
Nov 17 18:36:12 v-arcbabalancer01 relayd[20557]: relay exiting, pid 20557
Nov 17 18:36:12 v-arcbabalancer01 relayd[14903]: relay exiting, pid 14903
Nov 17 18:36:12 v-arcbabalancer01 relayd[10686]: relay exiting, pid 10686
Nov 17 18:36:12 v-arcbabalancer01 relayd[17355]: relay exiting, pid 17355
Nov 17 18:36:12 v-arcbabalancer01 relayd[26908]: relay exiting, pid 26908
Nov 17 18:36:12 v-arcbabalancer01 relayd[6551]: relay exiting, pid 6551
Nov 17 18:36:12 v-arcbabalancer01 relayd[16649]: relay exiting, pid 16649
Nov 17 18:36:12 v-arcbabalancer01 relayd[2567]: relay exiting, pid 2567
Nov 17 18:36:12 v-arcbabalancer01 relayd[3159]: relay exiting, pid 3159


/var/log/messages
Nov 17 18:36:12 v-arcbabalancer01 relayd[13984]: fatal: relay_connect: no
connection in flight


Regards

Saludos.-
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini





2013/11/18 Leonardo Santagostini lsantagost...@gmail.com

 Hello everybody, i still having some issues whit relayd.

 Nov 17 21:01:56 v-arcbabalancer01 relayd[4252]: relay relay4, session 75
 (1 active), 0, 190.51.90.22 - :0, buffer event timeout
 Nov 17 21:01:57 v-arcbabalancer01 relayd[12715]: relay relay4, session 97
 (4 active), 0, 190.49.60.30 - :0, buffer event timeout
 Nov 17 21:01:58 v-arcbabalancer01 relayd[4781]: relay relay4, session 142
 (3 active), 0, 190.188.18.202 - :0, buffer event timeout
 Nov 17 21:02:03 v-arcbabalancer01 relayd[25332]: relay relay4, session 28
 (1 active), 0, 181.29.46.36 - :0, hard timeout
 Nov 17 21:02:03 v-arcbabalancer01 relayd[12715]: relay relay4, session 55
 (3 active), 0, 108.36.150.233 - :0, hard timeout
 Nov 17 21:02:03 v-arcbabalancer01 relayd[18695]: relay relay4, session 67
 (3 active), 0, 31.221.13.210 - :0, hard timeout
 Nov 17 21:02:03 v-arcbabalancer01 relayd[13096]: relay relay5, session 73
 (3 active), 0, 190.195.118.49 - :0, hard timeout
 Nov 17 21:02:03 v-arcbabalancer01 relayd[31990]: relay relay4, session 25
 (1 active), 0, 186.188.178.215 - :0, hard timeout
 Nov 17 21:02:03 v-arcbabalancer01 relayd[4781]: relay relay4, session 144
 (7 active), 0, 31.221.13.210 - :0, hard timeout
 Nov 17 21:02:03 v-arcbabalancer01 relayd[23317]: relay relay2, session 55
 (5 active), 0, 181.109.7.31 - :0, hard timeout
 Nov 17 21:02:03 v-arcbabalancer01 relayd[22942]: relay relay4, session 93
 (2 active), 0, 31.221.13.210 - :0, hard timeout
 Nov 17 21:02:03 v-arcbabalancer01 relayd[13862]: relay relay4, session 80
 (3 active), 0, 190.111.231.50 - :0, hard timeout
 Nov 17 21:02:06 v-arcbabalancer01 relayd[19770]: relay relay4, session 92
 (1 active), 0, 75.70.87.158 - :0, buffer event timeout
 Nov 17 21:02:08 v-arcbabalancer01 relayd[23317]: relay relay4, session 131
 (5 active), 0, 190.113.173.36 - :0, buffer event timeout
 Nov 17 21:02:11 v-arcbabalancer01 relayd[10590]: relay relay4, session 103
 (9 active), 0, 186.137.241.254 - :0, buffer event timeout
 Nov 17 21:02:15 v-arcbabalancer01 relayd[23317]: relay relay4, session 143
 (2 active), 0, 24.232.115.134 - :0, buffer event timeout
 Nov 17 21:02:16 v-arcbabalancer01 relayd[12715]: relay relay4, session 101
 (7 active), 0, 108.87.58.21 - :0, buffer event timeout
 Nov 17 21:02:16 v-arcbabalancer01 relayd[12715]: relay relay4, session 102
 (6 active), 0, 108.87.58.21 - :0, buffer event timeout
 Nov 17 21:02:16 v-arcbabalancer01 relayd[10590]: relay relay5, session 142
 (13 active), 0, 190.195.118.49 - 172.19.224.73:80, no method
 Nov 17 21:02:16 v-arcbabalancer01 relayd[10590]: relay relay4, session 114
 (12 active), 0, 190.49.11.36 - :0, buffer event timeout
 Nov 17 21:02:16 v-arcbabalancer01 relayd[12715]: relay relay4, session 104
 (5 active), 0, 190.49.11.36 - :0, buffer event timeout
 Nov 17 21:02:17 v-arcbabalancer01 relayd[10590]: relay relay4, session 120
 (10 active), 0, 189.237.152.81 - :0, buffer event timeout
 Nov 17 21:02:17 v-arcbabalancer01 relayd[31990]: relay relay4, session 117
 (5 active), 0, 189.237.152.81 - :0, buffer event timeout
 Nov 17 21:02:17 v-arcbabalancer01 relayd[10590]: relay relay5, session 144
 (9 active), 0, 190.195.118.49 - 172.19.224.71:80, no method
 Nov 17 21:02:17 v-arcbabalancer01 relayd[10590]: relay relay5, session 145
 (9 active), 0, 190.195.118.49 - 172.19.224.70:80, no method
 Nov 17

carp+pfsync+relayd question

2013-11-14 Thread Leonardo Santagostini

 (pfsync init)
pfsync: failed to receive bulk update
carp0: state transition: BACKUP - MASTER
carp0: state transition: BACKUP - MASTER
nd6_na_input: duplicate IP6 address fe80:0005::0200:5eff:fe00:0102
carp0: state transition: BACKUP - MASTER
nd6_na_input: duplicate IP6 address fe80:0005::0200:5eff:fe00:0102


Two more things

1) Sorry for my english, is not my mothers tongue
2) Thank you for doing this great operantig system

Saludos / Regards
Leonardo Santagostini

Re: carp+pfsync+relayd question

2013-11-14 Thread Leonardo Santagostini

Ok, i will modify the config. But i really want to know about the carp
configuration.

I forget to mention that im doing DSR.

Saludos.-
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini





2013/11/14 mxb m...@alumni.chalmers.se

 15 sites and only 9?
 Iâd put around 50 (and have). You might need even more.

 On 14 nov 2013, at 16:21, Leonardo Santagostini lsantagost...@gmail.com
 wrote:

 set limit states 9

Re: carp+pfsync+relayd question

2013-11-14 Thread Leonardo Santagostini

Thanks a lot to all, i will give it a try and gives tou you feedback as
soon as it get implemented.

Saludos.-
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini





2013/11/14 Andy a...@brandwatch.com

  On 14/11/13 15:21, Leonardo Santagostini wrote:

 Hello misc,

 Im doing my final approach to put a production system with
 carp+pfsync+relayd on production.

 The point is that im facing some trouble setting more than one ip alias
 address with different vhid and different passwd.

 So, this is the scenario.

 Im trying to relayd more or less 15 sites so i have conceptual doubts.

 1) is it nesessary to create one carp interface for each one of my
 internals VIP address
 2) my understanding is that i have to work with pf on my carp interfaces.

 I have tried to put two different VIP's on my carp, but whitout lucky.

 Here is the homework.

 [root@server ~]# uname -a
 OpenBSD server.internaldomain.com 5.4 GENERIC#37 amd64
 [root@server ~]#

 [root@server ~]# cat /etc/hostname.em0
 inet 172.19.224.180 255.255.255.0

 [root@server ~]# cat /etc/hostname.em1
 inet 172.19.226.231 255.255.255.0 172.19.226.255

 [root@server ~]# cat /etc/hostname.carp0
 # inet alias 172.19.224.16 255.255.255.255 172.19.224.255 vhid 1 advskew 10
 carpdev em0 pass Ahsooqu3
 inet alias 172.19.224.131 255.255.255.0 172.19.224.255 vhid 2 advskew 10
 carpdev em0 pass Meixo9oe
 # inet alias 172.19.224.41 255.255.255.255 172.19.224.255 vhid 3 advskew 10
 carpdev em0 pass av5eG9Gi
 # inet alias 172.19.224.40 255.255.255.255 172.19.224.255 vhid 4 advskew 10
 carpdev em0 pass Rei6thai
 # inet alias 172.19.224.181 255.255.255.0 172.19.224.255 vhid 5 advskew 10
 carpdev em0 pass Toobohz3
 # inet alias 172.19.224.182 255.255.255.255 172.19.224.255 vhid 6 adskew 10
 carpdev em0 pass Quahng6U

  CARP should look like this (master);
 inet 172.19.224.16 255.255.255.0 172.19.224.255 vhid 1 carpdev em0 pass
 Ahsooqu3 advskew 0
 inet alias 172.19.224.131 255.255.255.255
 inet alias 172.19.224.41 255.255.255.255
 inet alias 172.19.224.40 255.255.255.255
 inet alias 172.19.224.181 255.255.255.255
 inet alias 172.19.224.182 255.255.255.255

 And (backup);
 inet 172.19.224.16 255.255.255.0 172.19.224.255 vhid 1 carpdev em0 pass
 Ahsooqu3 advskew 200
 inet alias 172.19.224.131 255.255.255.255
 inet alias 172.19.224.41 255.255.255.255
 inet alias 172.19.224.40 255.255.255.255
 inet alias 172.19.224.181 255.255.255.255
 inet alias 172.19.224.182 255.255.255.255

 And yes the subnet masks for the alias' should be /32 and you will see a
 warning in the logs during fail-over. This is fine, the devs just haven't
 muted the check warning yet.

 You've done it right if 'netstat -rn' shows;

 172.19.224.131 127.0.0.1  UGHS   00 33152 8
 lo0
 172.19.224.131/32  172.19.224.131 U  00 - 4
 carp0


  [root@server ~]# cat /etc/hostname.pfsync0
 up syncdev em1

 [root@server ~]# cat /etc/pf.conf
 ext_if=carp0

  You don't refer to CARP as an interface, it is simply a VRRP watchdog
 interface (for example you cannot set the MTU on a CARP interface as it is
 not really an interface.
 Use the physical..

 ext_if=em0



 set fingerprints /etc/pf.os
 set optimization aggressive
 set limit states 9

  Definitely needs to be higher! try 1 million..


  set limit src-nodes 65000

 table bad_ip persist
 table internat_net persist file /etc/internal_net
 table admitted_net persist file /etc/admitted.txt

 # vip1_address = 172.19.224.181
 # vip2_address = 172.19.224.16
 vip3_address = 172.19.224.131
 # vip4_address = 172.19.224.41
 # vip5_address = 172.19.224.40

  Just to keep you sane remember these rules;
 # (SNAT) NATing is done before filtering, 'pass out on $if_ext from
 $external_carp_ip1' (public address as src for outbound).
 # (DNAT) RDRing is done before filtering, 'pass in on $if_ext from any to
 $internal_ip1' (private address as dst for inbound).

 [image: OpenBSD_PF_flow]



 # Dejo de procesar cuando se trata de las redes internas
 pass in quick from internat_net to any

 # Dejo pasar las ips desde las redes permitidas
 # pass in quick from admitted_net to $vip1_address
 pass in quick from admitted_net to $vip3_address

 # Genero el block
 block in quick from bad_ip

  Your 'block in quick's should be above your 'pass in quick's!
 quick means stop evaluating and do this action now..


  block in log quick on $ext_if proto tcp from any os NMAP to any label
 ExtNMAPScan

 # Proteccion contra nmap y herramientas similares
 # block in quick on $ext_if proto tcp flags FUP/WEUAPRSF
 block in quick on $ext_if proto tcp flags WEUAPRSF/WEUAPRSF
 block in quick on $ext_if proto tcp flags SRAFU/WEUAPRSF
 block in quick on $ext_if proto tcp flags /WEUAPRSF
 block in quick on $ext_if proto tcp flags SR/SR
 block in quick on $ext_if proto tcp flags SF/SF
 block in quick from urpf-failed


 # Aplico reglas de DoS y Syn Flood en site1
 # pass in log on $mob_if proto tcp to $vip1_address port www keep state

Re: carp+pfsync+relayd question

2013-11-14 Thread Leonardo Santagostini

Ok, just added my second website to both servers like your recommendation.

I will post my config before the end of the day just to share it with you.

Thank you so much !!!

Regards

Saludos.-
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini





2013/11/14 Leonardo Santagostini lsantagost...@gmail.com

 Thanks a lot to all, i will give it a try and gives tou you feedback as
 soon as it get implemented.

 Saludos.-
 Leonardo Santagostini

 http://ar.linkedin.com/in/santagostini





 2013/11/14 Andy a...@brandwatch.com

  On 14/11/13 15:21, Leonardo Santagostini wrote:

 Hello misc,

 Im doing my final approach to put a production system with
 carp+pfsync+relayd on production.

 The point is that im facing some trouble setting more than one ip alias
 address with different vhid and different passwd.

 So, this is the scenario.

 Im trying to relayd more or less 15 sites so i have conceptual doubts.

 1) is it nesessary to create one carp interface for each one of my
 internals VIP address
 2) my understanding is that i have to work with pf on my carp interfaces.

 I have tried to put two different VIP's on my carp, but whitout lucky.

 Here is the homework.

 [root@server ~]# uname -a
 OpenBSD server.internaldomain.com 5.4 GENERIC#37 amd64
 [root@server ~]#

 [root@server ~]# cat /etc/hostname.em0
 inet 172.19.224.180 255.255.255.0

 [root@server ~]# cat /etc/hostname.em1
 inet 172.19.226.231 255.255.255.0 172.19.226.255

 [root@server ~]# cat /etc/hostname.carp0
 # inet alias 172.19.224.16 255.255.255.255 172.19.224.255 vhid 1 advskew 10
 carpdev em0 pass Ahsooqu3
 inet alias 172.19.224.131 255.255.255.0 172.19.224.255 vhid 2 advskew 10
 carpdev em0 pass Meixo9oe
 # inet alias 172.19.224.41 255.255.255.255 172.19.224.255 vhid 3 advskew 10
 carpdev em0 pass av5eG9Gi
 # inet alias 172.19.224.40 255.255.255.255 172.19.224.255 vhid 4 advskew 10
 carpdev em0 pass Rei6thai
 # inet alias 172.19.224.181 255.255.255.0 172.19.224.255 vhid 5 advskew 10
 carpdev em0 pass Toobohz3
 # inet alias 172.19.224.182 255.255.255.255 172.19.224.255 vhid 6 adskew 10
 carpdev em0 pass Quahng6U

  CARP should look like this (master);
 inet 172.19.224.16 255.255.255.0 172.19.224.255 vhid 1 carpdev em0 pass
 Ahsooqu3 advskew 0
 inet alias 172.19.224.131 255.255.255.255
 inet alias 172.19.224.41 255.255.255.255
 inet alias 172.19.224.40 255.255.255.255
 inet alias 172.19.224.181 255.255.255.255
 inet alias 172.19.224.182 255.255.255.255

 And (backup);
 inet 172.19.224.16 255.255.255.0 172.19.224.255 vhid 1 carpdev em0 pass
 Ahsooqu3 advskew 200
 inet alias 172.19.224.131 255.255.255.255
 inet alias 172.19.224.41 255.255.255.255
 inet alias 172.19.224.40 255.255.255.255
 inet alias 172.19.224.181 255.255.255.255
 inet alias 172.19.224.182 255.255.255.255

 And yes the subnet masks for the alias' should be /32 and you will see a
 warning in the logs during fail-over. This is fine, the devs just haven't
 muted the check warning yet.

 You've done it right if 'netstat -rn' shows;

 172.19.224.131 127.0.0.1  UGHS   00 33152 8
 lo0
 172.19.224.131/32  172.19.224.131 U  00 - 4
 carp0


  [root@server ~]# cat /etc/hostname.pfsync0
 up syncdev em1

 [root@server ~]# cat /etc/pf.conf
 ext_if=carp0

  You don't refer to CARP as an interface, it is simply a VRRP watchdog
 interface (for example you cannot set the MTU on a CARP interface as it is
 not really an interface.
 Use the physical..

 ext_if=em0


  set fingerprints /etc/pf.os
 set optimization aggressive
 set limit states 9

  Definitely needs to be higher! try 1 million..


  set limit src-nodes 65000

 table bad_ip persist
 table internat_net persist file /etc/internal_net
 table admitted_net persist file /etc/admitted.txt

 # vip1_address = 172.19.224.181
 # vip2_address = 172.19.224.16
 vip3_address = 172.19.224.131
 # vip4_address = 172.19.224.41
 # vip5_address = 172.19.224.40

  Just to keep you sane remember these rules;
 # (SNAT) NATing is done before filtering, 'pass out on $if_ext from
 $external_carp_ip1' (public address as src for outbound).
 # (DNAT) RDRing is done before filtering, 'pass in on $if_ext from any to
 $internal_ip1' (private address as dst for inbound).

 [image: OpenBSD_PF_flow]


  # Dejo de procesar cuando se trata de las redes internas
 pass in quick from internat_net to any

 # Dejo pasar las ips desde las redes permitidas
 # pass in quick from admitted_net to $vip1_address
 pass in quick from admitted_net to $vip3_address

 # Genero el block
 block in quick from bad_ip

  Your 'block in quick's should be above your 'pass in quick's!
 quick means stop evaluating and do this action now..


  block in log quick on $ext_if proto tcp from any os NMAP to any label
 ExtNMAPScan

 # Proteccion contra nmap y herramientas similares
 # block in quick on $ext_if proto tcp flags FUP/WEUAPRSF
 block in quick on $ext_if proto tcp flags WEUAPRSF/WEUAPRSF
 block in quick on $ext_if proto tcp

Re: carp+pfsync+relayd question

2013-11-14 Thread Leonardo Santagostini

Well well well there is one thing its ocurring that i cant figure out.

im getting some relay site3 session 3370 (502 active), 0, 190.179.249.128
- :0, buffer event timeout

And after a couple a minutes (i couldnt take note exactly how many) relayd
get restarted

Is there any clue where to look into?

Thanks in advance


Saludos.-
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini





2013/11/14 Leonardo Santagostini lsantagost...@gmail.com

 Ok, just added my second website to both servers like your recommendation.

 I will post my config before the end of the day just to share it with you.

 Thank you so much !!!

 Regards

 Saludos.-
 Leonardo Santagostini

 http://ar.linkedin.com/in/santagostini





 2013/11/14 Leonardo Santagostini lsantagost...@gmail.com

 Thanks a lot to all, i will give it a try and gives tou you feedback as
 soon as it get implemented.

 Saludos.-
 Leonardo Santagostini

 http://ar.linkedin.com/in/santagostini





 2013/11/14 Andy a...@brandwatch.com

  On 14/11/13 15:21, Leonardo Santagostini wrote:

 Hello misc,

 Im doing my final approach to put a production system with
 carp+pfsync+relayd on production.

 The point is that im facing some trouble setting more than one ip alias
 address with different vhid and different passwd.

 So, this is the scenario.

 Im trying to relayd more or less 15 sites so i have conceptual doubts.

 1) is it nesessary to create one carp interface for each one of my
 internals VIP address
 2) my understanding is that i have to work with pf on my carp interfaces.

 I have tried to put two different VIP's on my carp, but whitout lucky.

 Here is the homework.

 [root@server ~]# uname -a
 OpenBSD server.internaldomain.com 5.4 GENERIC#37 amd64
 [root@server ~]#

 [root@server ~]# cat /etc/hostname.em0
 inet 172.19.224.180 255.255.255.0

 [root@server ~]# cat /etc/hostname.em1
 inet 172.19.226.231 255.255.255.0 172.19.226.255

 [root@server ~]# cat /etc/hostname.carp0
 # inet alias 172.19.224.16 255.255.255.255 172.19.224.255 vhid 1 advskew 10
 carpdev em0 pass Ahsooqu3
 inet alias 172.19.224.131 255.255.255.0 172.19.224.255 vhid 2 advskew 10
 carpdev em0 pass Meixo9oe
 # inet alias 172.19.224.41 255.255.255.255 172.19.224.255 vhid 3 advskew 10
 carpdev em0 pass av5eG9Gi
 # inet alias 172.19.224.40 255.255.255.255 172.19.224.255 vhid 4 advskew 10
 carpdev em0 pass Rei6thai
 # inet alias 172.19.224.181 255.255.255.0 172.19.224.255 vhid 5 advskew 10
 carpdev em0 pass Toobohz3
 # inet alias 172.19.224.182 255.255.255.255 172.19.224.255 vhid 6 adskew 10
 carpdev em0 pass Quahng6U

  CARP should look like this (master);
 inet 172.19.224.16 255.255.255.0 172.19.224.255 vhid 1 carpdev em0 pass
 Ahsooqu3 advskew 0
 inet alias 172.19.224.131 255.255.255.255
 inet alias 172.19.224.41 255.255.255.255
 inet alias 172.19.224.40 255.255.255.255
 inet alias 172.19.224.181 255.255.255.255
 inet alias 172.19.224.182 255.255.255.255

 And (backup);
 inet 172.19.224.16 255.255.255.0 172.19.224.255 vhid 1 carpdev em0 pass
 Ahsooqu3 advskew 200
 inet alias 172.19.224.131 255.255.255.255
 inet alias 172.19.224.41 255.255.255.255
 inet alias 172.19.224.40 255.255.255.255
 inet alias 172.19.224.181 255.255.255.255
 inet alias 172.19.224.182 255.255.255.255

 And yes the subnet masks for the alias' should be /32 and you will see a
 warning in the logs during fail-over. This is fine, the devs just haven't
 muted the check warning yet.

 You've done it right if 'netstat -rn' shows;

 172.19.224.131 127.0.0.1  UGHS   00 33152 8
 lo0
 172.19.224.131/32  172.19.224.131 U  00 - 4
 carp0


  [root@server ~]# cat /etc/hostname.pfsync0
 up syncdev em1

 [root@server ~]# cat /etc/pf.conf
 ext_if=carp0

  You don't refer to CARP as an interface, it is simply a VRRP watchdog
 interface (for example you cannot set the MTU on a CARP interface as it is
 not really an interface.
 Use the physical..

 ext_if=em0


  set fingerprints /etc/pf.os
 set optimization aggressive
 set limit states 9

  Definitely needs to be higher! try 1 million..


  set limit src-nodes 65000

 table bad_ip persist
 table internat_net persist file /etc/internal_net
 table admitted_net persist file /etc/admitted.txt

 # vip1_address = 172.19.224.181
 # vip2_address = 172.19.224.16
 vip3_address = 172.19.224.131
 # vip4_address = 172.19.224.41
 # vip5_address = 172.19.224.40

  Just to keep you sane remember these rules;
 # (SNAT) NATing is done before filtering, 'pass out on $if_ext from
 $external_carp_ip1' (public address as src for outbound).
 # (DNAT) RDRing is done before filtering, 'pass in on $if_ext from any
 to $internal_ip1' (private address as dst for inbound).

 [image: OpenBSD_PF_flow]


  # Dejo de procesar cuando se trata de las redes internas
 pass in quick from internat_net to any

 # Dejo pasar las ips desde las redes permitidas
 # pass in quick from admitted_net to $vip1_address
 pass in quick from admitted_net

Re: carp+pfsync+relayd question

2013-11-14 Thread Leonardo Santagostini

Ok im not at the office now. But tomorrow we could do more test.

Regards and thank you !!!
El nov 14, 2013 8:01 p.m., Andy Lemin a...@brandwatch.com escribiÃ³:

 In fact thinking about it if think that is a relayd issue somewhere and
 not pf at all..

 Sent from my iPhone

 On 14 Nov 2013, at 19:37, Leonardo Santagostini lsantagost...@gmail.com
 wrote:

 Well well well there is one thing its ocurring that i cant figure out.

 im getting some relay site3 session 3370 (502 active), 0, 190.179.249.128
 - :0, buffer event timeout

 And after a couple a minutes (i couldnt take note exactly how many) relayd
 get restarted

 Is there any clue where to look into?

 Thanks in advance


 Saludos.-
 Leonardo Santagostini

 http://ar.linkedin.com/in/santagostini





 2013/11/14 Leonardo Santagostini lsantagost...@gmail.com

 Ok, just added my second website to both servers like your recommendation.

 I will post my config before the end of the day just to share it with you.

 Thank you so much !!!

 Regards

 Saludos.-
 Leonardo Santagostini

 http://ar.linkedin.com/in/santagostini





 2013/11/14 Leonardo Santagostini lsantagost...@gmail.com

 Thanks a lot to all, i will give it a try and gives tou you feedback as
 soon as it get implemented.

 Saludos.-
 Leonardo Santagostini

 http://ar.linkedin.com/in/santagostini





 2013/11/14 Andy a...@brandwatch.com

  On 14/11/13 15:21, Leonardo Santagostini wrote:

 Hello misc,

 Im doing my final approach to put a production system with
 carp+pfsync+relayd on production.

 The point is that im facing some trouble setting more than one ip alias
 address with different vhid and different passwd.

 So, this is the scenario.

 Im trying to relayd more or less 15 sites so i have conceptual doubts.

 1) is it nesessary to create one carp interface for each one of my
 internals VIP address
 2) my understanding is that i have to work with pf on my carp
interfaces.

 I have tried to put two different VIP's on my carp, but whitout lucky.

 Here is the homework.

 [root@server ~]# uname -a
 OpenBSD server.internaldomain.com 5.4 GENERIC#37 amd64
 [root@server ~]#

 [root@server ~]# cat /etc/hostname.em0
 inet 172.19.224.180 255.255.255.0

 [root@server ~]# cat /etc/hostname.em1
 inet 172.19.226.231 255.255.255.0 172.19.226.255

 [root@server ~]# cat /etc/hostname.carp0
 # inet alias 172.19.224.16 255.255.255.255 172.19.224.255 vhid 1 advskew
10
 carpdev em0 pass Ahsooqu3
 inet alias 172.19.224.131 255.255.255.0 172.19.224.255 vhid 2 advskew 10
 carpdev em0 pass Meixo9oe
 # inet alias 172.19.224.41 255.255.255.255 172.19.224.255 vhid 3 advskew
10
 carpdev em0 pass av5eG9Gi
 # inet alias 172.19.224.40 255.255.255.255 172.19.224.255 vhid 4 advskew
10
 carpdev em0 pass Rei6thai
 # inet alias 172.19.224.181 255.255.255.0 172.19.224.255 vhid 5 advskew
10
 carpdev em0 pass Toobohz3
 # inet alias 172.19.224.182 255.255.255.255 172.19.224.255 vhid 6 adskew
10
 carpdev em0 pass Quahng6U

  CARP should look like this (master);
 inet 172.19.224.16 255.255.255.0 172.19.224.255 vhid 1 carpdev em0 pass
 Ahsooqu3 advskew 0
 inet alias 172.19.224.131 255.255.255.255
 inet alias 172.19.224.41 255.255.255.255
 inet alias 172.19.224.40 255.255.255.255
 inet alias 172.19.224.181 255.255.255.255
 inet alias 172.19.224.182 255.255.255.255

 And (backup);
 inet 172.19.224.16 255.255.255.0 172.19.224.255 vhid 1 carpdev em0 pass
 Ahsooqu3 advskew 200
 inet alias 172.19.224.131 255.255.255.255
 inet alias 172.19.224.41 255.255.255.255
 inet alias 172.19.224.40 255.255.255.255
 inet alias 172.19.224.181 255.255.255.255
 inet alias 172.19.224.182 255.255.255.255

 And yes the subnet masks for the alias' should be /32 and you will see
 a warning in the logs during fail-over. This is fine, the devs just
haven't
 muted the check warning yet.

 You've done it right if 'netstat -rn' shows;

 172.19.224.131 127.0.0.1  UGHS   00 33152 8
 lo0
 172.19.224.131/32  172.19.224.131 U  00 -
 4 carp0


  [root@server ~]# cat /etc/hostname.pfsync0
 up syncdev em1

 [root@server ~]# cat /etc/pf.conf
 ext_if=carp0

  You don't refer to CARP as an interface, it is simply a VRRP watchdog
 interface (for example you cannot set the MTU on a CARP interface as it
is
 not really an interface.
 Use the physical..

 ext_if=em0


  set fingerprints /etc/pf.os
 set optimization aggressive
 set limit states 9

  Definitely needs to be higher! try 1 million..


  set limit src-nodes 65000

 table bad_ip persist
 table internat_net persist file /etc/internal_net
 table admitted_net persist file /etc/admitted.txt

 # vip1_address = 172.19.224.181
 # vip2_address = 172.19.224.16
 vip3_address = 172.19.224.131
 # vip4_address = 172.19.224.41
 # vip5_address = 172.19.224.40

  Just to keep you sane remember these rules;
 # (SNAT) NATing is done before filtering, 'pass out on $if_ext from
 $external_carp_ip1' (public address as src for outbound).
 # (DNAT) RDRing is done before filtering

Re: carp+pfsync+relayd question

2013-11-14 Thread Leonardo Santagostini

Hello Andy. Actually i proved flushing pf rules, tables and counters with
no luck.

But after restart relayd things come to work as expected.

Thanks, Leonardo
El nov 14, 2013 8:15 p.m., mxb m...@alumni.chalmers.se escribiÃ³:

 No,
 it is number of currently active sessions for this particular relay.
 Eg. 502 âusers.

 On 14 nov 2013, at 21:59, Andy Lemin a...@brandwatch.com wrote:

 Hi, as a complete guess (not used relayd yet let alone DSR) a 502 sounds
 like
 an error return from nginx/apache etc. could be a direct server return
 issue
 causing the TCP three way handshake to not be completing properly between
 the
 endpoints, even though a 502 is usually server side issue.. I'd try
 removing
 the 'in' or 'out' direction from the rules.

Question about relayd

2013-10-28 Thread Leonardo Santagostini

Hello Misc, again me, bothering you.

Im getting plenty of buffer event timeout in my /var/gol/daemon. I was
trying to find what exactly means whithout success.

Anyone can give me a clue?

Im using OpenBSD 5.2 GENERIC#278 i386

Relayd from base install.

Saludos / Regards
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini

Re: Sorry: Facebook again

2013-10-21 Thread Leonardo Santagostini

Thanks, very usefull =)

Saludos.-
Leonardo Santagostini

http://ar.linkedin.com/in/santagostini





2013/10/21 Chris Cappuccio ch...@nmedia.net

 I wrote up a guide for all you fascists to exercise your power with relayd.

 Here's the early, unedited version:

 http://www.nmedia.net/chris/url.blacklist.txt

 Stefan Wollny [stefan.wol...@web.de] wrote:
  Hi there!
 
  In the last days I had an interesting and educational thread here on
  misc@ on how to block facebook.com.
 
  Knowing that many of the OpenBSD-pros on this list are way more
  educated on network-related issues than I am, I hope none feels
  offended with another question related to Facebook:
 
  Today I am once more off-site from home, but with access to an iMac
  running OpenBSD-amd64/current; PF runs out-of-the-box unchanged. I
  noticed that ping responses for 'facebook.com' are exceptionally faster
  than e.g. those for 'google.com'. This is what I did to track down on
  the issue:
 
  
  $ cat /etc/resolv.conf
  # Generated by nfe0 dhclient
  nameserver 192.168.1.1
  lookup file bind
 
  $ cat /etc/hosts | grep facebook
  127.0.0.1 facebook.com
  127.0.0.1 www.facebook.com
  127.0.0.1 facebook.de
  127.0.0.1 www.facebook.de
  127.0.0.1 de-de.facebook.com
  127.0.0.1  ads.ak.facebook.com
  127.0.0.1  creative.ak.facebook.com
  127.0.0.1  facebookinc.122.2o7.net
 
  $ sudo traceroute google.com
   1  netgear (192.168.1.1)  0.301 ms  0.232 ms  0.228 ms
   2  aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd)  9.933 ms  7.890 ms  11.456 ms
   3  ve-cmts.mes-muc-02.de.infra.cablesurf.de (aaa.bbb.ccc.ddd)  9.556
   ms 12.199 ms  9.277 ms
   4  aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd)  20.649 ms  22.526 ms  17.204 ms
   5 google.bcix.de (aaa.bbb.ccc.ddd)  22.794 ms  23.894 ms  26.117 ms
   6 aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd)  22.263 ms aaa.bbb.ccc.ddd
   (aaa.bbb.ccc.ddd)  22.457 ms aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd)  21.597
  ms
   7  aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd)  26.983 ms aaa.bbb.ccc.ddd
   (aaa.bbb.ccc.ddd)  25.247 ms aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 35.177
  ms
   8 aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd)  20.533 ms aaa.bbb.ccc.ddd
   (aaa.bbb.ccc.ddd)  22.67 ms  21.929 ms
   9  * * *
   10  bk-in-f100.1e100.net
   (aaa.bbb.ccc.ddd)  21.421 ms  23.498 ms  21.952 ms
 
  $ sudo traceroute facebook.com
   1  localhost (127.0.0.1)  0.57 ms  0.23 ms  0.19 ms
 
  $ pkg_info | grep proxy
  libproxy-0.4.11p3   library handling all the details of proxy
  configuration libproxy-mozilla-0.4.11p2 pacrunner libproxy plugin for
  mozilla-based (gecko) browsers
 
  $ man libproxy
  man: no entry for libproxy in the manual.
 
  $ apropos libproxy
  libproxy: nothing appropriate
  
 
  I'd like to mention that I am in the outskirts of Munich and that the
  system was freshly started into a console (no X, no browser). The
  netgear-router at 192.168.1.1 also serves a colleague who uses facebook.
 
  MY QUESTION: What might have happened that 'facebook.com' is found on
  localhost at 127.0.0.1 on my machine? Actually 'google.com' is called
  regularly thus I'd expeced it to be as fast/show as 'facebook.com'. I
  have no clue and I don't have the slightest idea on how to get rid of
  this address - can anyone provide some more insight? Other information
  you need to provide advice?
 
  Thank you!
 
  Kind regards
 
  STEFAN
 
 
  $ dmesg
  OpenBSD 5.4-current (GENERIC.MP) #73: Tue Oct 15 00:08:48 MDT 2013
  dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
  RTC BIOS diagnostic error
  f7clock_battery,ROM_cksum,config_unit,memory_size,invalid_time real
  mem = 8279707648 (7896MB) avail mem = 8051179520 (7678MB)
  mainbus0 at root
  bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe (43 entries)
  bios0: vendor Apple Inc. version IM91.88Z.008D.B08.0904271717 date
  04/27/09 bios0: Apple Inc. iMac9,1
  acpi0 at bios0: rev 2
  acpi0: sleep states S0 S3 S4 S5
  acpi0: tables DSDT FACP HPET APIC MCFG ASF! SBST ECDT SSDT SSDT SSDT
  acpi0: wakeup devices EC__(S3) OHC1(S3) EHC1(S3) OHC2(S3) EHC2(S3)
  GIGE(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits
  acpihpet0 at acpi0: 2500 Hz
  acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
  cpu0 at mainbus0: apid 0 (boot processor)
  cpu0: Intel(R) Core(TM)2 Duo CPU E8135 @ 2.66GHz, 1592.23 MHz
  cpu0:
 

FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM
2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF
  cpu0: 6MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0
  cpu0: apic clock running at 265MHz
  cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE
  cpu1 at mainbus0: apid 1 (application processor)
  cpu1: Intel(R) Core(TM)2 Duo CPU E8135 @ 2.66GHz, 1592.00 MHz
  cpu1:
 

FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX

Re: Issue with PF + Relayd

2013-03-01 Thread Leonardo Santagostini

Hello Reyk, sorry for the inconsistencies, they was for hide the real
name (for protecting internal things).

Here comes the config with the homework well done (sorry again)

ext_if=pcn0

set fingerprints /etc/pf.os
set optimization aggressive

# match on $ext_if all scrub (no-df)

# Genero las tablas que voy a usar
table ips_malas persist
table redes_yell persist file /etc/redes.yell
table redes_permitidas persist file /etc/redes_permitidas.txt

# Defino la ip del balanceador para Mobile
address_mobile = 10.0.1.181
address1 = 10.0.1.16

# Dejo de procesar cuando se trata de las redes internas
pass in quick from redes_yell to any

# Dejo pasar las ips desde las redes permitidas
pass in quick from redes_permitidas to $address_mobile

# Genero el block
block in quick from ips_malas
block in log quick on $ext_if proto tcp from any os NMAP to any
label ExtNMAPScan

# Proteccion contra nmap y herramientas similares
# block in quick on $ext_if proto tcp flags FUP/WEUAPRSF
block in quick on $ext_if proto tcp flags WEUAPRSF/WEUAPRSF
block in quick on $ext_if proto tcp flags SRAFU/WEUAPRSF
block in quick on $ext_if proto tcp flags /WEUAPRSF
block in quick on $ext_if proto tcp flags SR/SR
block in quick on $ext_if proto tcp flags SF/SF
block in quick from urpf-failed


# Aplico reglas de DoS y Syn Flood en tld
pass in log on $ext_if proto tcp to $address_mobile port www keep
state (sloppy, max 1, max-src-nodes 5000, max-src-conn 100,
max-src-conn-rate 95/2, adap
tive.start 6000, adaptive.end 12000, tcp.first 15, tcp.opening 5,
tcp.established 3600, tcp.closing 5, tcp.finwait 15, tcp.closed 15,
tcp.tsdiff 5)


# Aplico reglas de DoS y Syn Flood en tld2
pass in on $ext_if proto tcp to $address1 port www keep state (sloppy,
max 1, max-src-nodes 5000, max-src-conn 150, max-src-conn-rate
150/3)


# Anchor Para relayd
anchor relayd/*


# Archivo de configuracion de balanceo

## Opciones globales
interval 5
timeout 1000
prefork 5

## Direcciones de las vip
address1=10.0.1.16
address2=10.0.1.181
address3=10.0.1.182


## Direcciones de los servidores
mobileWap01=10.0.1.200
mobileWap02=10.0.1.201
webcache01=10.0.1.70
webcache02=10.0.1.71
webcache03=10.0.1.72
webcache04=10.0.1.73

## Definicion de Tablas
table mobileweb { $mobileWap01 $mobileWap02 }
table webcaches { $webcache01 $webcache02 $webcache03 $webcache04 }
table webcaches1 { $webcache01 }

## Definicion de protocolos (Filtros)

http protocol tld {

# Parametros de rendimiento
tcp {nodelay, sack, socket buffer 65536, backlog 100 }

## Prueba
# return error

# Cerramos la conexion
header change Connection to close

# Block disallowed sites
label URL Request DENIED
request header expect tld.com.ar from Host
request header expect www.tld.com.ar from Host
request header expect s.tld.com.ar from Host
request header expect get.tld.com.ar from Host
request header expect test.tld.com.ar from Host

# Block disallowed browsers
label Please try a emdifferent Browser/em
header filter Mozilla/4.0 * from User-Agent

header append $REMOTE_ADDR to X-Forwarded-For
cookie hash sessid

}
http protocol tld1 {

# Parametros de rendimiento
tcp {nodelay, sack, socket buffer 65536, backlog 100 }

# return error

# Cerramos la conexion
header change Connection to close

# Block disallowed sites
label URL Request DENIED
request header expect tld1.com.ar from Host
request header expect *.tld1.com.ar from Host
request header expect rojas.tld1.com.ar from Host

# Block disallowed browsers
label Please try a emdifferent Browser/em
header filter Mozilla/4.0 * from User-Agent

header append $REMOTE_ADDR to X-Forwarded-For
cookie hash sessid

}

http protocol tld2 {

# Parametros de rendimiento
tcp {nodelay, sack, socket buffer 65536, backlog 100 }

# return error

# Cerramos la conexion
header change Connection to close
# request header expect *.tld2.com.ar  from Host

header append $REMOTE_ADDR to X-Forwarded-For
}


## Definicion de los relays
relay tld {
listen on $address2 port 80
protocol tld
forward to mobileweb port 80 mode roundrobin check http
/relaycheck/mobileWAP/index.php code 200
}

relay tld1 {
listen on $address3 port 80
protocol tld1
forward to webcaches port 80 mode roundrobin check http
/monitoreo/relayd.txt code 200
}

relay tld2 {
listen on $address1 port 80
protocol tld2
forward to webcaches1 port 80 mode roundrobin check http
/monitoreo/relayd.txt code 200
}


I will provide shortly the tcpdump you request me.

Thanks in advance


Saludos / Regards
Leonardo Santagostini






2013/3/1 Reyk Floeter r...@openbsd.org:
 Hi,

 Am 01.03.2013 um 15:24 schrieb

Re: Issue with PF + Relayd

2013-03-01 Thread Leonardo Santagostini

Hello Reyk,

After probing using my browser without proxy all worked fine. I tried
with 2 different proxies (one ISA and one Squid) without luck.

Th proxy gives to me a Zero sized reply, maybe proxy doesnt like DSR

Sorry for bother you all :)

Saludos / Regards
Leonardo Santagostini






2013/3/1 Leonardo Santagostini lsantagost...@gmail.com:
 Hello Reyk, sorry for the inconsistencies, they was for hide the real
 name (for protecting internal things).

 Here comes the config with the homework well done (sorry again)

 ext_if=pcn0

 set fingerprints /etc/pf.os
 set optimization aggressive

 # match on $ext_if all scrub (no-df)

 # Genero las tablas que voy a usar
 table ips_malas persist
 table redes_yell persist file /etc/redes.yell
 table redes_permitidas persist file /etc/redes_permitidas.txt

 # Defino la ip del balanceador para Mobile
 address_mobile = 10.0.1.181
 address1 = 10.0.1.16

 # Dejo de procesar cuando se trata de las redes internas
 pass in quick from redes_yell to any

 # Dejo pasar las ips desde las redes permitidas
 pass in quick from redes_permitidas to $address_mobile

 # Genero el block
 block in quick from ips_malas
 block in log quick on $ext_if proto tcp from any os NMAP to any
 label ExtNMAPScan

 # Proteccion contra nmap y herramientas similares
 # block in quick on $ext_if proto tcp flags FUP/WEUAPRSF
 block in quick on $ext_if proto tcp flags WEUAPRSF/WEUAPRSF
 block in quick on $ext_if proto tcp flags SRAFU/WEUAPRSF
 block in quick on $ext_if proto tcp flags /WEUAPRSF
 block in quick on $ext_if proto tcp flags SR/SR
 block in quick on $ext_if proto tcp flags SF/SF
 block in quick from urpf-failed


 # Aplico reglas de DoS y Syn Flood en tld
 pass in log on $ext_if proto tcp to $address_mobile port www keep
 state (sloppy, max 1, max-src-nodes 5000, max-src-conn 100,
 max-src-conn-rate 95/2, adap
 tive.start 6000, adaptive.end 12000, tcp.first 15, tcp.opening 5,
 tcp.established 3600, tcp.closing 5, tcp.finwait 15, tcp.closed 15,
 tcp.tsdiff 5)


 # Aplico reglas de DoS y Syn Flood en tld2
 pass in on $ext_if proto tcp to $address1 port www keep state (sloppy,
 max 1, max-src-nodes 5000, max-src-conn 150, max-src-conn-rate
 150/3)


 # Anchor Para relayd
 anchor relayd/*

 
 # Archivo de configuracion de balanceo

 ## Opciones globales
 interval 5
 timeout 1000
 prefork 5

 ## Direcciones de las vip
 address1=10.0.1.16
 address2=10.0.1.181
 address3=10.0.1.182


 ## Direcciones de los servidores
 mobileWap01=10.0.1.200
 mobileWap02=10.0.1.201
 webcache01=10.0.1.70
 webcache02=10.0.1.71
 webcache03=10.0.1.72
 webcache04=10.0.1.73

 ## Definicion de Tablas
 table mobileweb { $mobileWap01 $mobileWap02 }
 table webcaches { $webcache01 $webcache02 $webcache03 $webcache04 }
 table webcaches1 { $webcache01 }

 ## Definicion de protocolos (Filtros)

 http protocol tld {

 # Parametros de rendimiento
 tcp {nodelay, sack, socket buffer 65536, backlog 100 }

 ## Prueba
 # return error

 # Cerramos la conexion
 header change Connection to close

 # Block disallowed sites
 label URL Request DENIED
 request header expect tld.com.ar from Host
 request header expect www.tld.com.ar from Host
 request header expect s.tld.com.ar from Host
 request header expect get.tld.com.ar from Host
 request header expect test.tld.com.ar from Host

 # Block disallowed browsers
 label Please try a emdifferent Browser/em
 header filter Mozilla/4.0 * from User-Agent

 header append $REMOTE_ADDR to X-Forwarded-For
 cookie hash sessid

 }
 http protocol tld1 {

 # Parametros de rendimiento
 tcp {nodelay, sack, socket buffer 65536, backlog 100 }

 # return error

 # Cerramos la conexion
 header change Connection to close

 # Block disallowed sites
 label URL Request DENIED
 request header expect tld1.com.ar from Host
 request header expect *.tld1.com.ar from Host
 request header expect rojas.tld1.com.ar from Host

 # Block disallowed browsers
 label Please try a emdifferent Browser/em
 header filter Mozilla/4.0 * from User-Agent

 header append $REMOTE_ADDR to X-Forwarded-For
 cookie hash sessid

 }

 http protocol tld2 {

 # Parametros de rendimiento
 tcp {nodelay, sack, socket buffer 65536, backlog 100 }

 # return error

 # Cerramos la conexion
 header change Connection to close
 # request header expect *.tld2.com.ar  from Host

 header append $REMOTE_ADDR to X-Forwarded-For
 }


 ## Definicion de los relays
 relay tld {
 listen on $address2 port 80
 protocol tld
 forward to mobileweb port 80 mode roundrobin check http
 /relaycheck/mobileWAP/index.php code 200
 }

 relay tld1 {
 listen on $address3 port 80
 protocol tld1

43 matches

Mail list logo