Re: pgt firmware ...

[Wesley M.]

Why don't you try to install a snapshot version ?
Just to see if the problem is resolved for the next release (5.1)...
And sorry for the wget advice :-)

All the best,

Wesley.

On Tue, 28 Feb 2012 00:33:06 +1030, David Walker
 wrote:
> Hi Magnus.
> 
> That was the issue - that directory didn't exist.
> It was my fault - playing with fstab ...
> 
> Unfortunately it seems there's bigger issue anyway.
> When I plug the card in there's either no action (no ifconfig, no
> LEDs, no console message) or I get a panic.
> It happens invariably (I think) if the card's in at boot, here's one
> (hand typed) ...
> 
> cbb0:  no bus space
> panic: io alloc
> Stopped at Debugger+0x4: popl %ebp
> 
> ddb>
> 
> I've done 'ps' and 'trace' but they're a bit long to transcribe right
now.
> I did 'boot dump' and can see the dump in /var/crash - when I get
> sometime I'll try and read some more man pages and see if I can
> extract anything useful.
> If anyone's interested and wants me to extract anything, please tell
> me how, and I'll do it soonest. I'm not sure what I'm looking for.
> 
> Regardless, I might re-install so I can guarantee any other changes
> I've made are voided and try again. It's quite possible theres an
> issue with the card also. I might try it on another OS to verify that.
> 
> Best wishes.
> 
> On 27/02/2012, Magnus  wrote:
>> Hello,
>>
>> check that you have the path /var/db/pkg
>>
>> Information about the package(s) is recorded in a central repository,
by
>> default located in /var/db/pkg/. This will, among other things, prevent
>> the dependencies of a package from being deleted before the package
>> itself has been deleted. This helps ensure that an application cannot
be
>> accidentally broken by a careless user
>>
>> f.i. mine looks like this:
>>
>> # ls -Fl /var/db/pkg
>> total 76
>> drwxr-xr-x  2 root  wheel  512 Oct 19 11:29 bacula-client-5.0.2p1/
>> drwxr-xr-x  2 root  wheel  512 Sep 13 10:14 bash-4.1.9p0/
>> drwxr-xr-x  2 root  wheel  512 Jun 15  2011 dnsmasq-2.55/
>> drwxr-xr-x  2 root  wheel  512 Jun 15  2011 gd-2.0.35p0/
>> drwxr-xr-x  2 root  wheel  512 Sep 13 10:14 gettext-0.18.1p0/
>> drwxr-xr-x  2 root  wheel  512 Jun 15  2011 joe-3.7p0/
>> drwxr-xr-x  2 root  wheel  512 Jun 15  2011 jpeg-8b/
>> drwxr-xr-x  2 root  wheel  512 Jun 15  2011 libdnet-1.12p1/
>> drwxr-xr-x  2 root  wheel  512 Sep 13 10:14 libiconv-1.13p2/
>> drwxr-xr-x  2 root  wheel  512 Jun 15  2011 lua-5.1.4p1/
>> drwxr-xr-x  2 root  wheel  512 Jun 15  2011 nano-2.2.6/
>> drwxr-xr-x  2 root  wheel  512 Jun 15  2011 ngrep-1.45p1/
>> drwxr-xr-x  2 root  wheel  512 Jun 15  2011 nmap-5.21p3/
>> drwxr-xr-x  2 root  wheel  512 Jun 15  2011 ntop-1.1/
>> drwxr-xr-x  2 root  wheel  512 Jun 15  2011 pcre-8.02p1/
>> drwxr-xr-x  2 root  wheel  512 Jun 15  2011 pfstat-2.3p1/
>> drwxr-xr-x  2 root  wheel  512 Jun 15  2011 png-1.2.44/
>> drwxr-xr-x  2 root  wheel  512 Jun 15  2011 postfix-2.8.20110113/
>> drwxr-xr-x  2 root  wheel  512 Sep 12 12:56 screen-4.0.3p2/
>>
>> // Magnus
>>
>>
>>
>>
>> On 2012-02-27 12:58, David Walker wrote:
>>> Thank you Peter.
>>>
>>> I still get the same error message (error line wrapped):
>>>
>>> pkg_add ./pgt-firmware-1.2p2.tgz
>>> Bad pkg_db: No such file or directory at
>>> /usr/libdata/perl5/OpenBSD/PackageInfo.pm line 63.
>>>
>>> Line 63:
>>>
>>> opendir(my $dir, $pkg_db) or die "Bad pkg_db: $!");
>>>
>>> Somethings wrong with my environment but what ...
>>>
>>> On 27/02/2012, Peter Hessler  wrote:
>>>> NO!
>>>>
>>>> For the love of everything holy, don't fucking use wget.
>>>>
>>>> the built-in ftp(1) client can download from http servers.
>>>>
>>>> and, do NOT just extract the files.  we have package tools for a
>>>> reason.
>>>>
>>>> EITHER:
>>>>  a) pkg_add
>>>>  http://firmware.openbsd.org/firmware/5.0/pgt-firmware-1.2.tgz
>>>>
>>>> OR
>>>>
>>>>  b) ftp http://firmware.openbsd.org/firmware/5.0/pgt-firmware-1.2.tgz
>>>>  &&
>>>> pkg_add ./pgt-firmware-1.2.tgz
>>>>
>>>> Anything else is stupid.
>>>>
>>>>
>>>>
>>>> On 2012 Feb 26 (Sun) at 18:21:31 +0400 (+0400), Wesley M. wrote:
>>>> :Try this :
>>>> :add wg

Re: pgt firmware ...

[Wesley M.]

Try this :
add wget package using pkg_add -vi wget
wget http://firmware.openbsd.org/firmware/5.0/pgt-firmware-1.2p2.tgz
Then extract this in /etc/firmware.
Halt your machine, Remove your network card, and now plug the new card,
boot

Hope that it will help.

Wesley.


On Mon, 27 Feb 2012 00:02:28 +1030, David Walker
 wrote:
> Thanks Wesley.
> 
> I forgot about that.
> I was going from man pgt which says:
> FILES
> 
>  A prepackaged version of the firmware, designed to be used with
>  pkg_add(1), can be found at:
> 
> http://firmware.openbsd.org/firmware/pgt-firmware-1.2.tgz
> 
> The problem I have is that fw_update doesn't accept arguments and I
> need the adjacent pcmcia slot for the ethernet card and they are both
> bulky cards.
> I need to remove the conexant card to insert the ethernet card to
> access the network and then fw_update reports there are no devices to
> update - the conexant card is no longer attached.
> :]
> 
> If you can think of a way to run this locally it'd be great.
> 
> On 26/02/2012, Wesley M.  wrote:
>> try fw_update (provided in OpenBSD 5.0)
>>
>> Wesley.
>>
>> On Sun, 26 Feb 2012 17:51:03 +1030, David Walker
>>  wrote:
>>> Hi.
>>>
>>> I'm trying to do:
>>> pkg_add http://firmware.openbsd.olg/firmware/pgt-firmware-1.2.tgz
>>>
>>> I get this:
>>> parsing pgt-firmware-1.2.tgz
>>> Bad pkg_db: No such file or directory at
>>> /usr/libdata/perl5/OpenBSD/PackageInfo.
>>> pm line 63.
>>>
>>> Do I need to add perl manually?
>>>
>>> Best wishes.

Re: pgt firmware ...

[Wesley M.]

try fw_update (provided in OpenBSD 5.0)

Wesley.

On Sun, 26 Feb 2012 17:51:03 +1030, David Walker
 wrote:
> Hi.
> 
> I'm trying to do:
> pkg_add http://firmware.openbsd.olg/firmware/pgt-firmware-1.2.tgz
> 
> I get this:
> parsing pgt-firmware-1.2.tgz
> Bad pkg_db: No such file or directory at
> /usr/libdata/perl5/OpenBSD/PackageInfo.
> pm line 63.
> 
> Do I need to add perl manually?
> 
> Best wishes.

Re: SSH Mastery -- New book by Michal Lucas!

[Wesley M.]

Hi,

I ordered a copy too ;-)

Wesley.

On Fri, 17 Feb 2012 17:27:49 -0700 (MST), Austin Hook
 wrote:
> Here's the entry I just finished adding to OpenBSD's books.html page
> 
> 
> SSH Mastery
>  by Michael Lucas
>  ISBN-13: 978-1470069711
>  ISBN-10: 1470069717
>  February 2012, 145 pp.
>  A guide to what you need to know about SSH. This book will help you

> eliminate passwords on your network, tunnel unencrypted protocols
through 
> secure channels, build VPNs with OpenSSH, and more. Focuses on the
OpenSSH 
> server, the OpenSSH client, and the PuTTY client. Michael W Lucas is the

> author of Absolute OpenBSD and other BSD books. Helping support OpenBSD,

> Michael is contributing all his author's profits, from orders via the
main 
> OpenBSD order page, back to the project.
>  [ Order direct from the OpenBSD website International.]
> 
> 
> A book like this is great for those of us that have a lot on our plate. 
> I can remember a long period when I kind of knew what OpenSSH could do 
> but just didn't have the time to parse out the man page to properly to 
> forward a browser port or a mail port, to set up a VPN, and I could have

> benefited a lot sooner with a bit more well explained cookbook examples 
> at my fingertips.  Then there's that pesky stuff with keep alive and so 
> on.  What does it all really mean for the context I was having trouble 
> with?
> 
> Hey, I wonder if Michael has anything to say about the safety of even 
> using OpenSSH variants on a different operating system to access one of
my 
> OpenBSD boxen.  I'm looking forward to read my own copy.
> 
> Yes, this book has already been out in electronic form for a bit, but 
> myself I spend too much time looking at screen and I still like the 
> physical experience of handling a book.  Besides, the printed version 
> already benefits from reader corrections to the electronic edition.
> 
> Michael has been very gracious with timely help to enable the main
OpenBSD 
> website to be the first to offer it, It will be available everywhere
soon, 
> but we do have a jump on it this time.  It's been so long for us since
we 
> last enjoyed Michael's style that we enjoyed in Absolute OpenBSD, I am 
> really happy to see him come back to us with this new volume.
> 
> There will be a slight delay before the first copies arrive and can be 
> shipped, but the order site is already set up.
> 
> https://https.openbsd.org/cgi-bin/order?B09=1&B08%2b=Add
> 
> 
> 
> Austin

Re: Re : vpn isakmpd ipsec, one side with only one interface

[Wesley M.]

I know ssh works also very well. But the company has requierements : ipsec
vpn with specific phase 1 and 2...

Wesley.

On Thu, 16 Feb 2012 19:18:09 + (GMT), Mik J 
wrote:
> Hello,
> 
> I have this configuration working without any bridge.
> Openbsd rl0 <-
> LAN1 -> Router <- Internet -> RemoteFW <- LAN 2 -> SomeDevice
> My PC is
> connected to a LAN1 switch, and it's able to ssh SomeDevice. As you can
> see my
> OpenBSD has just one interface and the VPN is mounted between OpenBSD
and
> RemoteFW.
> 
> 
> 
> - Mail original -
>> De : Wesley M.
> 
>> @ : Markus Wernig 
>> Cc :
> misc@openbsd.org
>> Envoyi le : Jeudi 16 fivrier 2012 15h59
>> Objet : Re: vpn
> isakmpd ipsec, one side with only one interface
>> 
>> I have it working ;-)
>>
> What i have done :
>> Create a vether0 with : inet 172.17.2.21 255.255.255.0
>>
> Create a bridge0, add to it vether0 and the physical card...
>> PF : filter the
> bridge
>> Create the vpn, i can reach the ftp :-) Pretty cool
>> Thank's to
> vether !!
>> 
>> Cheers,
>> 
>> Wesley MOUEDINE ASSABY
>> 
>> 
>> On Thu, 16 Feb 2012
> 14:03:54 +0100, Markus Wernig 
>> wrote:
>>>  Hi
>>> 
>>>
> I'm not sure if this will work, but you could try creating a loopback
>>>
> interface (lo2) on FWC with the IP address that the FTP server should be
>>>
> reachable on and then set up a regular VPN between FWA and FWC just for
>>>
> that one IP address:
>>>  ike esp from 172.17.2.21/32 to 192.168.0.0/24 peer
> ip_fwA ...
>>> 
>>>  Then tell the FTP server to listen on the IP of the lo2
> interface
>>>  (172.17.2.21?)
>>> 
>>> 
>>>  /m
>>> 
>>>  On 02/13/12 14:43, Wesley
> M. wrote:
>>>>  o;?Hi, 
>>>> 
>>>>  I was using ipsec vpn between 2 OpenBSD
> Gateway. It worked very
>>>>  well.
>>>> 
>>>>  Here : 
>>>> 
>>>>
> ---rl0---[fwA]---rl1(internet)-sis1---[fwB
>>>>  with
> ftpd]---sis0--- 
>>>> 
>>>>  Now we remove ftp services from fwB and put it on
> an
>>>>  other machine fwC with an internet connection (only one network
card).
>> is
>>>>  it possible to keep a vpn online from fwA and fwC, and so computersA
>> can
>>>>  reach again ftp using vpn (provided by fwC). Perhaps i need to use
>> vether
>>>>  on fwC so briged pf ?
>>>> 
>>>>  Here the old ipsec.conf from
> fwB:
>>>>  ike esp from
>>>>  172.17.2.0/24 to 192.168.0.0/24 peer ip_fwA 
>>>>  
> main auth hmac-sha1 enc
>>>>  aes-256 group modp1024 
>>>>   quick auth
> hmac-sha1 enc aes-256 group modp1024 
>>>> 
>>>>  psk "demopassword"
>>>> 
>>>>
> My idea on fwC : 
>>>> 
>>>>  add verther0 with : "inet
>>>>  172.17.2.21
> 255.255.255.0"

Re: vpn isakmpd ipsec, one side with only one interface

[Wesley M.]

I have it working ;-)
What i have done :
Create a vether0 with : inet 172.17.2.21 255.255.255.0
Create a bridge0, add to it vether0 and the physical card...
PF : filter the bridge
Create the vpn, i can reach the ftp :-) Pretty cool
Thank's to vether !!

Cheers,

Wesley MOUEDINE ASSABY


On Thu, 16 Feb 2012 14:03:54 +0100, Markus Wernig 
wrote:
> Hi
> 
> I'm not sure if this will work, but you could try creating a loopback
> interface (lo2) on FWC with the IP address that the FTP server should be
> reachable on and then set up a regular VPN between FWA and FWC just for
> that one IP address:
> ike esp from 172.17.2.21/32 to 192.168.0.0/24 peer ip_fwA ...
> 
> Then tell the FTP server to listen on the IP of the lo2 interface
> (172.17.2.21?)
> 
> 
> /m
> 
> On 02/13/12 14:43, Wesley M. wrote:
>> o;?Hi, 
>> 
>> I was using ipsec vpn between 2 OpenBSD Gateway. It worked very
>> well.
>> 
>> Here : 
>> 
>> ---rl0---[fwA]---rl1(internet)-sis1---[fwB
>> with ftpd]---sis0--- 
>> 
>> Now we remove ftp services from fwB and put it on an
>> other machine fwC with an internet connection (only one network card).
is
>> it possible to keep a vpn online from fwA and fwC, and so computersA
can
>> reach again ftp using vpn (provided by fwC). Perhaps i need to use
vether
>> on fwC so briged pf ?
>> 
>> Here the old ipsec.conf from fwB:
>> ike esp from
>> 172.17.2.0/24 to 192.168.0.0/24 peer ip_fwA 
>>  main auth hmac-sha1 enc
>> aes-256 group modp1024 
>>  quick auth hmac-sha1 enc aes-256 group modp1024 
>> 
>> psk "demopassword"
>> 
>> My idea on fwC : 
>> 
>> add verther0 with : "inet
>> 172.17.2.21 255.255.255.0"

vpn isakmpd ipsec, one side with only one interface

[Wesley M.]

o;?Hi, 

I was using ipsec vpn between 2 OpenBSD Gateway. It worked very
well.

Here : 

---rl0---[fwA]---rl1(internet)-sis1---[fwB
with ftpd]---sis0--- 

Now we remove ftp services from fwB and put it on an
other machine fwC with an internet connection (only one network card). is
it possible to keep a vpn online from fwA and fwC, and so computersA can
reach again ftp using vpn (provided by fwC). Perhaps i need to use vether
on fwC so briged pf ?

Here the old ipsec.conf from fwB:
ike esp from
172.17.2.0/24 to 192.168.0.0/24 peer ip_fwA 
 main auth hmac-sha1 enc
aes-256 group modp1024 
 quick auth hmac-sha1 enc aes-256 group modp1024 

psk "demopassword"

My idea on fwC : 

add verther0 with : "inet
172.17.2.21 255.255.255.0" 

Need help ;-) 

Thank you very much. 

Wesley.

Re: The use of DUID

[Wesley M.]

Thank you for your explanation.
I understand better. 



On Mon, 30 Jan 2012 12:05:58 -0500, Nick Holland
 wrote:
> On 01/30/2012 11:10 AM, Wesley M. wrote:
>> Hi,
>>
>> I have a question, i read faq "14 - Disk Setup (DiskLabel Unique
>> Identifiers) ".
>> It is a pretty feature. We can start OpenBSD OS from the
>> disk put anywhere(order).
>>
>> But what's about after a dump/restore
>> Boot in
>> single user : backup the disk using 'dump -0af /mnt/root.dump
/dev/wd0a'
> ...
>> How to restore a disk using DUID ? keeping duid in
>> /etc/fstab ?
>> Thank you very much.
>>
>> Cheers,
>> Wesley.
> 
> So, you want to restore a disk and magically have the duid of the new 
> disk assume the old disk's value?  I think you haven't thought this 
> through.  _You_ want to replace your existing disk, fine, it might be 
> reasonable to have the same DUID magically restored to the replacement 
> disk...
> 
> But...what if that's not what you are doing?  Maybe you want to use 
> dump/restore to copy data to another part of your existing system? 
> Maybe after you upgrade to your bigger disk, you want to put the old 
> disk back on the same system...
> 
> *DUID = Disklabel Unique I Dentifier.*
> if you do something where you change the DUID of a disk to make it 
> convenient for you, it's no longer... (all together now, class)
"UNIQUE!"
> 
> If you are using DUIDs and you change your disk, you will be changing 
> the fstab.  That's how it works, that's how things stay...unique.  This 
> is not only a feature, not a bug, it is THE WHOLE IDEA.
> 
> Note: there are a lot of places where DUIDs may be LESS convenient than 
> simple device names.  Keep your brain engaged, one solution does not fit

> all.  There are also places where you may wish to mix DUIDs with 
> conventional device names (for example, the root partition of a softraid

> mirror).
> 
> Nick.

The use of DUID

[Wesley M.]

Hi, 

I have a question, i read faq "14 - Disk Setup (DiskLabel Unique
Identifiers) ".
It is a pretty feature. We can start OpenBSD OS from the
disk put anywhere(order).

But what's about after a dump/restore
Boot in
single user : backup the disk using 'dump -0af /mnt/root.dump /dev/wd0a'
... 

When we try to restore on a NEW DISK (WITH NEW SIZE)
Boot in single
user : restore using 'restore -rf /mnt/root.dump'
Restore biosboot block...
reboot to restore others partitions

Need to do : mount -u -w /
I have the
following error : mount_ffs: .a on /: No such file or
directory
I suppose DUID is concerned.

To avoid this, i need to modify
/etc/fstab from /dev/wd0a remove DUID use and put the old (cf /dev/wd0a /
...)
Now works...

How to restore a disk using DUID ? keeping duid in
/etc/fstab ?
Thank you very much. 

Cheers,
Wesley. 

error keyboad

[Wesley M.]

Hi, 

I have a problem with my keyboard.
I use OpenBSD 5.0 with Bind
Patch, acpi is disabled in the kernel (because it hangs on Mtrr
pentium...)

When i was in the OpenBSD install script, i was able to have
this "^" working.
But now, at i can't do this "^", there's a bip when i try
to have it.
Any idea ? 

Here's the dmesg (it is a TwinHead notbook F12DT)
: 

OpenBSD 5.0 (GENERIC) #43: Wed Aug 17 10:10:52 MDT 2011

dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0:
Intel(R) Pentium(R) M processor 1.73GHz ("GenuineIntel" 686-class) 1.96
GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2
real
mem = 250998784 (239MB)
avail mem = 236851200 (225MB)
mainbus0 at
root
bios0 at mainbus0: AT/286+ BIOS, date 03/14/06, BIOS32 rev. 0 @
0xf0010, SMBIOS rev. 2.3 @ 0xfb920 (48 entries)
bios0: vendor American
Megatrends Inc. version "080011" date 03/14/2006
bios0: Twinhead F12D
apm0
at bios0: Power Management spec V1.2
acpi at bios0 function 0x0 not
configured
mpbios0 at bios0: Intel MP Specification 1.4
cpu0 at mainbus0:
apid 0 (boot processor)
cpu0: apic clock running at 132MHz
mpbios0: bus 0
is type PCI 
mpbios0: bus 1 is type PCI 
mpbios0: bus 2 is type PCI

mpbios0: bus 3 is type ISA 
ioapic0 at mainbus0: apid 1 pa 0xfec0,
version 20, 24 pins
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0:
PCI IRQ Routing Table rev 1.0 @ 0xf47b0/272 (15 entries)
pcibios0: PCI
Interrupt Router at 000:31:0 ("Intel 82801FBM LPC" rev 0x00)
pcibios0: PCI
bus #2 is the last bus
bios0: ROM list: 0xc/0xf000! 0xcf000/0x1000
0xd/0x1000
cpu0: unknown Enhanced SpeedStep CPU, msr
0x06120d2606000d26
cpu0: using only highest and lowest power states
cpu0:
Enhanced SpeedStep 1730 MHz: speeds: 1733, 800 MHz
pci0 at mainbus0 bus 0:
configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82915GM
Host" rev 0x04
vga1 at pci0 dev 2 function 0 "Intel 82915GM Video" rev
0x04
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0:
screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0:
aperture at 0xd000, size 0x1000
inteldrm0 at vga1: apic 1 int
16
drm0 at inteldrm0
"Intel 82915GM Video" rev 0x04 at pci0 dev 2 function
1 not configured
uhci0 at pci0 dev 29 function 0 "Intel 82801FB USB" rev
0x04: apic 1 int 23
uhci1 at pci0 dev 29 function 1 "Intel 82801FB USB" rev
0x04: apic 1 int 19
uhci2 at pci0 dev 29 function 2 "Intel 82801FB USB" rev
0x04: apic 1 int 18
uhci3 at pci0 dev 29 function 3 "Intel 82801FB USB" rev
0x04: apic 1 int 16
ehci0 at pci0 dev 29 function 7 "Intel 82801FB USB" rev
0x04: apic 1 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel
EHCI root hub" rev 2.00/1.00 addr 1
ppb0 at pci0 dev 30 function 0 "Intel
82801BAM Hub-to-PCI" rev 0xd4
pci1 at ppb0 bus 1
mem address conflict
0xf00/0x1000
mem address conflict 0xf001000/0x1000
iwi0 at pci1 dev 4
function 0 "Intel PRO/Wireless 2200BG" rev 0x05: apic 1 int 18, address
00:15:00:48:e6:32
cbb0 at pci1 dev 5 function 0 "O2 Micro OZ711MP1 CardBus"
rev 0x21: apic 1 int 16
sdhc0 at pci1 dev 5 function 2 "O2 Micro OZ711MP1
SDHC" rev 0x01: apic 1 int 16
sdmmc0 at sdhc0
"O2 Micro OZ711MP1 XDHC" rev
0x01 at pci1 dev 5 function 3 not configured
"O2 Micro Firewire" rev 0x02
at pci1 dev 5 function 4 not configured
rl0 at pci1 dev 6 function 0
"Realtek 8139" rev 0x10: apic 1 int 19, address 00:40:45:2a:6e:9d
rlphy0 at
rl0 phy 0: RTL internal PHY
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at
cardslot0: bus 2 device 0 cacheline 0x0, lattimer 0x40
pcmcia0 at
cardslot0
auich0 at pci0 dev 30 function 2 "Intel 82801FB AC97" rev 0x04:
apic 1 int 17, ICH6 AC97
ac97: codec id 0x414c4760 (Avance Logic ALC655 rev
0)
audio0 at auich0
"Intel 82801FB Modem" rev 0x04 at pci0 dev 30 function
3 not configured
ichpcib0 at pci0 dev 31 function 0 "Intel 82801FBM LPC"
rev 0x04: PM disabled
pciide0 at pci0 dev 31 function 1 "Intel 82801FB IDE"
rev 0x04: DMA, channel 0 configured to compatibility, channel 1 configured
to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO,
LBA48, 38154MB, 78140160 sectors
atapiscsi0 at pciide0 channel 0 drive
1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  ATAPI
5/cdrom removable
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode
5
cd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1
disabled (no drives)
ichiic0 at pci0 dev 31 function 3 "Intel 82801FB
SMBus" rev 0x04: apic 1 int 19
iic0 at ichiic0
admtemp0 at iic0 addr 0x4c:
adm1032
spdmem0 at iic0 addr 0x51: 256MB DDR SDRAM non-parity
PC2700CL2.5
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 "Intel UHCI root
hub" rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2
"Intel UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision
1.0
uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb4 at uhci3:
USB revision 1.0
uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr
1
isa0 at ichpcib0
isadma0 at 

Re: strange localhost address

[Wesley M.]

On Sat, 21 Jan 2012 11:46:00 +0400, "Wesley M." 
wrote:
> sorry, it was a stupid error.
> My hostname, there was an error in the name !!
> 
> Again sorry.
> 




> On Sat, 21 Jan 2012 11:40:32 +0400, "Wesley M." 
> wrote:
>> Hi,
>> I don't know where it comes from.
>> I just configured my iwi card using : iwi-firmware-3.1p1.tgz
>> I can connect to my network, internet works.
>> Therefore, i find a strange error : 
>> When i ping localhost it give me : 208.73.210.29 instead of 127.0.0.1 !
>> Where does it come from ? I don't understand.
>> 
>> I use OpenBSD 5.0 with bind patch.
>> acpi is disabled in kernel.
>> 
>> If i down the iwi0 interface, i ping localhost to 127.0.0.1, this is
>> normal.
>> 
>> If i use rl0 interface, i ping localhost to 208.73.210.29... ???
>> I already look the file /etc/resolv.conf and /etc/hosts, seems to me
ok.
>> 
>> /etc/hosts:
>> 127.0.0.1 localhost
>> ::1 localhost  
>> 
>> /etc/resolv.conf:
>> nameserver 192.168.1.1
>> 
>> netstat -rnf inet
>> Routing tables
>> 
>> Internet:
>> DestinationGatewayFlags   Refs  Use   Mtu  Prio
>> Iface
>> default192.168.1.1UGS3   48 - 8
>> rl0  
>> 127/8  127.0.0.1  UGRS   00 33196 8
>> lo0  
>> 127.0.0.1  127.0.0.1  UH 20 33196 4
>> lo0  
>> 192.168.1/24   link#2 UC 20 - 4
>> rl0  
>> 192.168.1.100:25:15:90:a3:6c  UHLc   1   37 - 4
>> rl0  
>> 192.168.1.23   04:1e:64:eb:11:32  UHLc   1  113 - 4
>> rl0  
>> 192.168.1.68   127.0.0.1  UGHS   00 33196 8
>> lo0  
>> 224/4  127.0.0.1  URS00 33196 8
>> lo0
>> 
>> Any idea ?
>> 
>> Wesley.

Re: strange localhost address

[Wesley M.]

see http://www.openbsd.org/errata50.html


On Sat, 21 Jan 2012 09:01:35 +0100, Jan Stary  wrote:
> On Jan 21 11:40:32, Wesley M. wrote:
>> When i ping localhost it give me : 208.73.210.29 instead of 127.0.0.1 !
>> Where does it come from ? I don't understand.
>> I use OpenBSD 5.0 with bind patch.
> 
> Before I burst into howls of derisive laughter:
> what "bind patch"?

strange localhost address

[Wesley M.]

Hi,
I don't know where it comes from.
I just configured my iwi card using : iwi-firmware-3.1p1.tgz
I can connect to my network, internet works.
Therefore, i find a strange error : 
When i ping localhost it give me : 208.73.210.29 instead of 127.0.0.1 !
Where does it come from ? I don't understand.

I use OpenBSD 5.0 with bind patch.
acpi is disabled in kernel.

If i down the iwi0 interface, i ping localhost to 127.0.0.1, this is
normal.

If i use rl0 interface, i ping localhost to 208.73.210.29... ???
I already look the file /etc/resolv.conf and /etc/hosts, seems to me ok.

/etc/hosts:
127.0.0.1 localhost
::1 localhost  

/etc/resolv.conf:
nameserver 192.168.1.1

netstat -rnf inet
Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio
Iface
default192.168.1.1UGS3   48 - 8
rl0  
127/8  127.0.0.1  UGRS   00 33196 8
lo0  
127.0.0.1  127.0.0.1  UH 20 33196 4
lo0  
192.168.1/24   link#2 UC 20 - 4
rl0  
192.168.1.100:25:15:90:a3:6c  UHLc   1   37 - 4
rl0  
192.168.1.23   04:1e:64:eb:11:32  UHLc   1  113 - 4
rl0  
192.168.1.68   127.0.0.1  UGHS   00 33196 8
lo0  
224/4  127.0.0.1  URS00 33196 8
lo0

Any idea ?

Wesley.

use trap command in a script

[Wesley M.]

Hi, 

I want to see a message on console when i send signal like HUP
KILL INT and TERM 

using for example in a script "manageprocess":


#!/bin/ksh
trap 'echo Kill detected!' 9
trap 'ctrl-c detected!' 2 

run
it with sudo sh manageprocess
No message appear 

Therefore if i run
manually this : trap 'ctrl-c detected!' 2
it works. But trap 'echo Kill
detected!' 9 doesn't work.
Why ? Why i can't use it in a script? 

Any idea
? 

Thank you very much. 

Re: could not read firmware iwi-bss

[Wesley M.]

You re very funny!!
Now it works like a charm, thank for your replies, i
downloaded the iwi-firmare.
And wiconfig is pretty cool !!!

Thank you a
lot !

On Wed, 18 Jan 2012 07:17:00 -0500, Richard Thornton  wrote:  

why
not use gnu/linux instead

 On Wed, Jan 18, 2012 at 6:18 AM, Wesley M. 
wrote:
 I use OpenBSD 5.0 RELEASE on a notebook : twinhead F12DT

 There
was a
 problem at startup, it hangs on MTRR pentium message.
 So i disabled
acpi
 using config -ef /bsd
 Now i can boot.

 I'm trying to configure
iwi0
 interface.

 Wifi card : Intel PRO/Wireless 2200BG

 When i try
ifconfig iwi0
 :
 iwi0: flags=8802 mtu 1500
 lladdr 00:15:00:48:e6:32

priority: 4
 groups:
 wlan
 media: IEEE802.11 autoselect
 status: no
network
 ieee80211: nwid ""
 100dBm
 inet6 fe80::215:ff:fe48:e632%iwi0
prefixlen 64 scopeid 0x1

 When i
 try ifconfig iwi0 scan :
 iwi0: error 2,
could not read firmware iwi-bss

 I
 try also wiconfig
(http://home.melameth.com/~daniel/pub/wiconfig [2]) provided
 by Daniel M.

Same error : iwi0: error 2, could not read firmware iwi-bss

 Any idea ?

Thank you very much.

 Cheers,

 Wesley MOUEDINE
 ASSABY
www.mouedine.net
[3]

 The dmesg :

 OpenBSD 5.0 (GENERIC) #43: Wed Aug
 17 10:10:52 MDT
2011

 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC

cpu0:
 Intel(R) Pentium(R) M processor 1.73GHz ("GenuineIntel" 686-class)
1.73
 GHz
 cpu0:

FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2

real
 mem = 250998784 (239MB)
 avail mem = 236851200 (225MB)
 User Kernel

Config
 UKC> disqb^H ^H^H ^Hable qcpi^H ^H^H ^H^H ^H^H ^Hacpi
 466 acpi0

disabled
 UKC> a^H ^Hquit
 Continuing...
 mainbus0 at root
 bios0 at
mainbus0:
 AT/286+ BIOS, date 03/14/06, BIOS32 rev. 0 @ 0xf0010, SMBIOS
rev. 2.3 @
 0xfb920 (48 entries)
 bios0: vendor American Megatrends Inc.
version
 "080011" date 03/14/2006
 bios0: Twinhead F12D
 apm0 at bios0:
Power
 Management spec V1.2
 acpi at bios0 function 0x0 not configured

mpbios0 at
 bios0: Intel MP Specification 1.4
 cpu0 at mainbus0: apid 0
(boot
 processor)
 cpu0: apic clock running at 132MHz
 mpbios0: bus 0 is
type PCI

 mpbios0: bus 1 is type PCI
 mpbios0: bus 2 is type PCI
 mpbios0:
bus 3 is
 type ISA
 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20,
24
 pins
 pcibios0 at bios0: rev 2.1 @ 0xf/0x1
 pcibios0: PCI IRQ
Routing
 Table rev 1.0 @ 0xf47b0/272 (15 entries)
 pcibios0: PCI Interrupt
Router at
 000:31:0 ("Intel 82801FBM LPC" rev 0x00)
 pcibios0: PCI bus #2
is the last
 bus
 bios0: ROM list: 0xc/0xf000! 0xcf000/0x1000
0xd/0x1000
 cpu0:
 Enhanced SpeedStep 1730 MHz: speeds: 1733, 1333,
1067, 800 MHz
 pci0 at
 mainbus0 bus 0: configuration mode 1 (bios)
 pchb0
at pci0 dev 0 function 0
 "Intel 82915GM Host" rev 0x04
 vga1 at pci0 dev 2
function 0 "Intel 82915GM
 Video" rev 0x04
 wsdisplay0 at vga1 mux 1:
console (80x25, vt100
 emulation)
 wsdisplay0: screen 1-5 added (80x25,
vt100 emulation)
 intagp0 at
 vga1
 agp0 at intagp0: aperture at
0xd000, size 0x1000
 inteldrm0 at
 vga1: apic 1 int 16
 drm0 at
inteldrm0
 "Intel 82915GM Video" rev 0x04 at
 pci0 dev 2 function 1 not
configured
 uhci0 at pci0 dev 29 function 0 "Intel
 82801FB USB" rev 0x04:
apic 1 int 23
 uhci1 at pci0 dev 29 function 1 "Intel
 82801FB USB" rev
0x04: apic 1 int 19
 uhci2 at pci0 dev 29 function 2 "Intel
 82801FB USB"
rev 0x04: apic 1 int 18
 uhci3 at pci0 dev 29 function 3 "Intel
 82801FB
USB" rev 0x04: apic 1 int 16
 ehci0 at pci0 dev 29 function 7 "Intel

82801FB USB" rev 0x04: apic 1 int 23
 usb0 at ehci0: USB revision 2.0

uhub0
 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
 ppb0 at pci0 dev
30
 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xd4
 pci1 at ppb0 bus 1

mem
 address conflict 0xf00/0x1000
 mem address conflict

0xf001000/0x1000
 iwi0 at pci1 dev 4 function 0 "Intel PRO/Wireless
2200BG"
 rev 0x05: apic 1 int 18, address 00:15:00:48:e6:32
 cbb0 at pci1
dev 5
 function 0 "O2 Micro OZ711MP1 CardBus" rev 0x21: apic 1 int 16

sdhc0 at
 pci1 dev 5 function 2 "O2 Micro OZ711MP1 SDHC" rev 0x01: apic 1
int
 16
 sdmmc0 at sdhc0
 "O2 Micro OZ711MP1 XDHC" rev 0x01 at pci1 dev 5
function
 3 not configured
 "O2 Micro Firewire" rev 0x02 at pci1 dev 5
function 4 not
 configured
 rl0 at pci1 dev 6 function 0 "Realtek 8139" rev
0x10: apic 1 int
 19, address 00:40:45:2a:6e:9d
 rlphy0 at rl0 phy 0: RTL
internal
 PHY
 cardslot0 at cbb0 slot 0 flags 0
 cardbus0 at cardslot0: bus
2 device 0
 cacheline 0x0, lattimer 0x40
 pcmcia0 at cardslot0
 auich0 at
pci0 dev 30
 function 2 "Intel 82801FB AC97" rev 0x04: apic 1 int 17, ICH6
AC97
 ac97:
 codec id 0x414c4760 (Avance Logic ALC655 rev 0)
 audio0 at
auich0
 "Intel
 82801FB Modem" rev 0x04 at pci0 dev 30 function 

could not read firmware iwi-bss

[Wesley M.]

I use OpenBSD 5.0 RELEASE on a notebook : twinhead F12DT

There was a
problem at startup, it hangs on MTRR pentium message.
So i disabled acpi
using config -ef /bsd
Now i can boot.

I'm trying to configure iwi0
interface.

Wifi card : Intel PRO/Wireless 2200BG

When i try ifconfig iwi0
:
iwi0: flags=8802 mtu 1500
 lladdr 00:15:00:48:e6:32
 priority: 4
 groups:
wlan
 media: IEEE802.11 autoselect
 status: no network
 ieee80211: nwid ""
100dBm
 inet6 fe80::215:ff:fe48:e632%iwi0 prefixlen 64 scopeid 0x1 

When i
try ifconfig iwi0 scan :
iwi0: error 2, could not read firmware iwi-bss

I
try also wiconfig (http://home.melameth.com/~daniel/pub/wiconfig) provided
by Daniel M.
Same error : iwi0: error 2, could not read firmware iwi-bss


Any idea ?
Thank you very much.

Cheers, 

Wesley MOUEDINE
ASSABY
www.mouedine.net 

The dmesg :

OpenBSD 5.0 (GENERIC) #43: Wed Aug
17 10:10:52 MDT 2011

dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0:
Intel(R) Pentium(R) M processor 1.73GHz ("GenuineIntel" 686-class) 1.73
GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2
real
mem = 250998784 (239MB)
avail mem = 236851200 (225MB)
User Kernel
Config
UKC> disqb^H ^H^H ^Hable qcpi^H ^H^H ^H^H ^H^H ^Hacpi
466 acpi0
disabled
UKC> a^H ^Hquit
Continuing...
mainbus0 at root
bios0 at mainbus0:
AT/286+ BIOS, date 03/14/06, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.3 @
0xfb920 (48 entries)
bios0: vendor American Megatrends Inc. version
"080011" date 03/14/2006
bios0: Twinhead F12D
apm0 at bios0: Power
Management spec V1.2
acpi at bios0 function 0x0 not configured
mpbios0 at
bios0: Intel MP Specification 1.4
cpu0 at mainbus0: apid 0 (boot
processor)
cpu0: apic clock running at 132MHz
mpbios0: bus 0 is type PCI

mpbios0: bus 1 is type PCI 
mpbios0: bus 2 is type PCI 
mpbios0: bus 3 is
type ISA 
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24
pins
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing
Table rev 1.0 @ 0xf47b0/272 (15 entries)
pcibios0: PCI Interrupt Router at
000:31:0 ("Intel 82801FBM LPC" rev 0x00)
pcibios0: PCI bus #2 is the last
bus
bios0: ROM list: 0xc/0xf000! 0xcf000/0x1000 0xd/0x1000
cpu0:
Enhanced SpeedStep 1730 MHz: speeds: 1733, 1333, 1067, 800 MHz
pci0 at
mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0
"Intel 82915GM Host" rev 0x04
vga1 at pci0 dev 2 function 0 "Intel 82915GM
Video" rev 0x04
wsdisplay0 at vga1 mux 1: console (80x25, vt100
emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at
vga1
agp0 at intagp0: aperture at 0xd000, size 0x1000
inteldrm0 at
vga1: apic 1 int 16
drm0 at inteldrm0
"Intel 82915GM Video" rev 0x04 at
pci0 dev 2 function 1 not configured
uhci0 at pci0 dev 29 function 0 "Intel
82801FB USB" rev 0x04: apic 1 int 23
uhci1 at pci0 dev 29 function 1 "Intel
82801FB USB" rev 0x04: apic 1 int 19
uhci2 at pci0 dev 29 function 2 "Intel
82801FB USB" rev 0x04: apic 1 int 18
uhci3 at pci0 dev 29 function 3 "Intel
82801FB USB" rev 0x04: apic 1 int 16
ehci0 at pci0 dev 29 function 7 "Intel
82801FB USB" rev 0x04: apic 1 int 23
usb0 at ehci0: USB revision 2.0
uhub0
at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb0 at pci0 dev 30
function 0 "Intel 82801BAM Hub-to-PCI" rev 0xd4
pci1 at ppb0 bus 1
mem
address conflict 0xf00/0x1000
mem address conflict
0xf001000/0x1000
iwi0 at pci1 dev 4 function 0 "Intel PRO/Wireless 2200BG"
rev 0x05: apic 1 int 18, address 00:15:00:48:e6:32
cbb0 at pci1 dev 5
function 0 "O2 Micro OZ711MP1 CardBus" rev 0x21: apic 1 int 16
sdhc0 at
pci1 dev 5 function 2 "O2 Micro OZ711MP1 SDHC" rev 0x01: apic 1 int
16
sdmmc0 at sdhc0
"O2 Micro OZ711MP1 XDHC" rev 0x01 at pci1 dev 5 function
3 not configured
"O2 Micro Firewire" rev 0x02 at pci1 dev 5 function 4 not
configured
rl0 at pci1 dev 6 function 0 "Realtek 8139" rev 0x10: apic 1 int
19, address 00:40:45:2a:6e:9d
rlphy0 at rl0 phy 0: RTL internal
PHY
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 2 device 0
cacheline 0x0, lattimer 0x40
pcmcia0 at cardslot0
auich0 at pci0 dev 30
function 2 "Intel 82801FB AC97" rev 0x04: apic 1 int 17, ICH6 AC97
ac97:
codec id 0x414c4760 (Avance Logic ALC655 rev 0)
audio0 at auich0
"Intel
82801FB Modem" rev 0x04 at pci0 dev 30 function 3 not configured
ichpcib0
at pci0 dev 31 function 0 "Intel 82801FBM LPC" rev 0x04: PM
disabled
pciide0 at pci0 dev 31 function 1 "Intel 82801FB IDE" rev 0x04:
DMA, channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48,
38154MB, 78140160 sectors
atapiscsi0 at pciide0 channel 0 drive 1
scsibus0
at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  ATAPI 5/cdrom
removable
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode
5
cd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1
disabled (no drives)
ichiic0 at pci0 dev 31 function 3 "Intel 82801FB
SMBus" rev 0x04: apic 1 int 19
iic

Re: mailserv project

[Wesley M.]

On Mon, 16 Jan 2012 07:40:57 +0100, Tomas Bodzar 
wrote:
> There's sendmail in base system and there's ongoing work on smtpd by
> OpenBDS devs (other components are in ports). Anyway you're welcome to
> start port see http://www.openbsd.org/faq/ports/index.html
> 

It is not an other MTA.
It is a script with config files, it installs a secure mail server
(Administration using a Web interface)
Postfix+Nginx+Spamd+Spamassassin+Dovecot+Roundcube+sql database
Actually works on OpenBSD 4.8 / 4.9

It doesn't work on OpenBSD 5.0
There's a lot of changes like Nginx/Dovecot/php

If someone can update the work : http://mailserv.github.com/


>>
>> Best
>> regards,
>>
>> Wesley.

mailserv project

[Wesley M.]

Hi, 

It will be famous if somebody can update mailserv project to work
on the last version OpenBSD 5.0
Therefore it works like a charm on OpenBSD
4.8/4.9
Here the source : https://github.com/mailserv/mailserv/ 

Best
regards, 

Wesley. 

Re: PF Snort tutorial

[Wesley M.]

Also, an idea, add scanlogd package, and do a small script to add ip in
log to your pf table ;-)

Cheers,

Wesley MOUEDINE ASSABY
http://mouedine.net/ruleset50.aspx

On Tue, 3 Jan 2012 17:56:13 -0500, "Bentley, Dain" 
wrote:
> ughthat's what I thought.
> I'm reading through some OSSEC docs right now and it seems pretty
> promising.
> Having trouble finding anything about having it read from pflog.
> 
> From: Andres Genovez [andresgeno...@gmail.com]
> Sent: Tuesday, January 03, 2012 3:04 PM
> To: Bentley, Dain
> Cc: misc@openbsd.org
> Subject: Re: PF Snort tutorial
> 
> 2012/1/3 Bentley, Dain mailto:dbent...@nas.edu>>
> I've been looking around for a good tutorial on implementing snort with
PF
> and
> everything I see is old, does anyone know of or have implemented a
solution
> using an IDS/IPS with PF on the same box?  If possible I'd like snort of
> some
> other IDS inspect packets and have pf drop them based on the fact they
> match
> certain signatures.  Thanks in advance.
> 
> 
> Implimenting that is really a Pain in the hell out..I did it on a
4.9,
> i
> need to do it from sources, there is no complete tutorial, it works on
4.9,
> not implemented with PF tought...
> 
> Greetings...
> 
> 
> 
> --
> Atentamente
> 
> Andris Genovez Tobar / Tecnico
> Elastix ECE - Linux  LPI-1 - Novell CLA - Apple ACMT
> http://www.puntonet.ec

Re: PF Snort tutorial

[Wesley M.]

Hi,

Perhaps, this can be helpful ;-)
http://www.procyonlabs.com/guides/openbsd/snort/

Cheers,

Wesley MOUEDINE ASSABY
http://mouedine.net/ruleset50.aspx

On Tue, 3 Jan 2012 17:56:13 -0500, "Bentley, Dain" 
wrote:
> ughthat's what I thought.
> I'm reading through some OSSEC docs right now and it seems pretty
> promising.
> Having trouble finding anything about having it read from pflog.
> 
> From: Andres Genovez [andresgeno...@gmail.com]
> Sent: Tuesday, January 03, 2012 3:04 PM
> To: Bentley, Dain
> Cc: misc@openbsd.org
> Subject: Re: PF Snort tutorial
> 
> 2012/1/3 Bentley, Dain mailto:dbent...@nas.edu>>
> I've been looking around for a good tutorial on implementing snort with
PF
> and
> everything I see is old, does anyone know of or have implemented a
solution
> using an IDS/IPS with PF on the same box?  If possible I'd like snort of
> some
> other IDS inspect packets and have pf drop them based on the fact they
> match
> certain signatures.  Thanks in advance.
> 
> 
> Implimenting that is really a Pain in the hell out..I did it on a
4.9,
> i
> need to do it from sources, there is no complete tutorial, it works on
4.9,
> not implemented with PF tought...
> 
> Greetings...
> 
> 
> 
> --
> Atentamente
> 
> Andris Genovez Tobar / Tecnico
> Elastix ECE - Linux  LPI-1 - Novell CLA - Apple ACMT
> http://www.puntonet.ec

Re: create a backup of an online server

[Wesley M.]

In fact, 
-1- i want to copy the mail server system to another machine. I suppose
rsnaphot 
or a dump/restore in single user? is a good choice...

-2- And keep emails synchronized between the 2 mail server using rsync,
this step is ok.

Thank you very much for all your replies.

Cheers,

Wesley.

On Wed, 28 Dec 2011 09:30:11 -0700, Darrin Chandler
 wrote:
> On Wed, Dec 28, 2011 at 11:00:52AM -0500, Nick Holland wrote:
>> However, backing up an IMAP mail store daily leaves a lot to be
>> desired.  Most likely time for someone to accidentally delete the
>> important mail they have been waiting for is probably not too long
>> after it arrives. Depending (mostly) on the number of messages in
>> your mail store, you may be able to run an rsync of the maildir
>> hourly or maybe even every 15 minutes to another local hard disk.
>> You could make that rsync cumulative -- no removing of deleted
>> files, then daily rsync that backup off to another machine (using
>> --link-dest option for a quick, rotated backup), and then doing an
>> rsync WITH deletion to your local system, so your backup store
>> doesn't grow without bound.
> 
> This sounds like a job for rsnapshot: essentailly point-in-time
> snapshots on top of rsync, using hard links of unchanged files for space
> and speed. With some additional shell scripting + cron you could have a
> really nice scheme to keep 15 minute snaps for the last few days, then
> daily for a while, then weekly.

create a backup of an online server

[Wesley M.]

Hi,
I want to backup our mailserver(4.7) in production.
I read :
http://www.openbsd.org/faq/faq10.html#DupFS 

Can i do this wd1(my backup
disk) :

mount /dev/wd1a /mnt
dump -0auf /mnt/etc_backup /dev/wd0a
...
same
for wd0d and wd0e ... Or do i need absolutely to do it in Single User? 

Or
perhaps, there's a better way to do it.

Thank you very much. 

Wesley.

Re: kernel panic (mii_phy_setmedia) on mac mini A1347 (bge device unknown)

[Wesley M.]

Thank you very much. 

It works, i can now use bge0 on the mac mini.
(OpenBSD 4.9)

Wesley.

Re: kernel panic (mii_phy_setmedia) on mac mini A1347 (bge device unknown)

[Wesley M.]

thank's, small forget ;-)
I will try it .

On Fri, 23 Dec 2011 11:51:33 +0100, Mike Belopuhov 
wrote:
> On Fri, Dec 23, 2011 at 11:43 AM, Wesley M. 
wrote:
>> Hi,
>>
>> So i installed a fresh OpenBSD 4.9 to try to patch the files : brgphy.c
>> and miidevs
>> I have the following error when compiling :
>> ...
>> D_KERNEL B -c ../../../../dev/mii/brgphy.c
>> ../../../../dev/mii/brgphy.c:177: error:
'MII_MODEL_xxBROADCOM3_BCM57765'
>> undeclared here (not in a function)
>> ../../../../dev/mii/brgphy.c:178: error: 'MII_STR_xxBROADCOM3_BCM57765'
>> undeclared here (not in a function)
>> *** Error code 1
>>
>> Stop in /usr/src/sys/arch/i386/compile/GENERIC (line 92 of
>> /usr/share/mk/sys.mk).
>>
> 
> you have to run "make" in /sys/dev/mii prior to compiling.

Re: trendnet ethernet usb

[Wesley M.]

nterface 0 "BTC USB Multimedia
Keyboard" rev 1.10/1.00 addr 5
uhidev1: iclass 3/1
ukbd0 at uhidev1: 8 modifier keys, 6 key codes
wskbd0 at ukbd0: console keyboard, using wsdisplay0
uhidev2 at uhub5 port 3 configuration 1 interface 1 "BTC USB Multimedia
Keyboard" rev 1.10/1.00 addr 5
uhidev2: iclass 3/0, 3 report ids
uhid3 at uhidev2 reportid 1: input=1, output=0, feature=0
uhid4 at uhidev2 reportid 2: input=3, output=0, feature=0
uhid5 at uhidev2 reportid 3: input=3, output=0, feature=8
sd0 detached
scsibus1 detached
umass0 detached
umass0 at uhub5 port 2 configuration 1 interface 0 "JetFlash Mass Storage
Device" rev 2.00/1.00 addr 4
umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets, initiator 0
sd0 at scsibus1 targ 1 lun 0:  SCSI2
0/direct removable
sd0: 7660MB, 512 bytes/sec, 15687680 sec total

Thank you very much for your helps.

Cheers,

Wesley.



On Thu, 22 Dec 2011 03:07:56 +1100, Jonathan Gray  wrote:
> The man page is not an exhaustive list, include the full dmesg
> with the device plugged in for a start and the output of
> "ifconfig axe0 media"
> 
> On Wed, Dec 21, 2011 at 04:24:58PM +0400, Wesley M. wrote:
>> i read man page axe(4) there's no my model trendnet TU2-ETG :(
>> So i suppose that it is not compatible :(
>> 
>> Wesley.
>> 
>> On Wed, 21 Dec 2011 16:10:35 +0400, "Wesley M."

>> wrote:
>> > tried on OpenBSD 5.0 : same problem
>> > ifconfig show :
>> > media : Ethernet none (none)
>> > 
>> > On Wed, 21 Dec 2011 16:04:36 +0400, "Wesley M."
>> > 
>> > wrote:
>> >> I plug on my OpenBSD 4.9 (fresh install) :Ethernet USB Device,
>> >> trendnet
>> >> TU2-ETG
>> >> It detects axe0, i configured it using dhcp, it doesn't
>> >> work.
>> >> Manually also doesn't work. Pf disabled, no traffic out 
>> >> 
>> >> any issue ?
>> >> 
>> >> 
>> >> Here dmesg | grep axe0 : 
>> >> 
>> >> axe0 at uhub5 port 2 configuration 1 interface
>> >> 0 "ASIX Electronics AX88178" rev 2.00/0.01 addr 5
>> >> axe0: AX88178, address
>> >> 00:50:b6:4e:5a:c9

Re: trendnet ethernet usb

[Wesley M.]

i read man page axe(4) there's no my model trendnet TU2-ETG :(
So i suppose that it is not compatible :(

Wesley.

On Wed, 21 Dec 2011 16:10:35 +0400, "Wesley M." 
wrote:
> tried on OpenBSD 5.0 : same problem
> ifconfig show :
> media : Ethernet none (none)
> 
> On Wed, 21 Dec 2011 16:04:36 +0400, "Wesley M." 
> wrote:
>> I plug on my OpenBSD 4.9 (fresh install) :Ethernet USB Device, trendnet
>> TU2-ETG
>> It detects axe0, i configured it using dhcp, it doesn't
>> work.
>> Manually also doesn't work. Pf disabled, no traffic out 
>> 
>> any issue ?
>> 
>> 
>> Here dmesg | grep axe0 : 
>> 
>> axe0 at uhub5 port 2 configuration 1 interface
>> 0 "ASIX Electronics AX88178" rev 2.00/0.01 addr 5
>> axe0: AX88178, address
>> 00:50:b6:4e:5a:c9

Re: trendnet ethernet usb

[Wesley M.]

tried on OpenBSD 5.0 : same problem
ifconfig show :
media : Ethernet none (none)

On Wed, 21 Dec 2011 16:04:36 +0400, "Wesley M." 
wrote:
> I plug on my OpenBSD 4.9 (fresh install) :Ethernet USB Device, trendnet
> TU2-ETG
> It detects axe0, i configured it using dhcp, it doesn't
> work.
> Manually also doesn't work. Pf disabled, no traffic out 
> 
> any issue ?
> 
> 
> Here dmesg | grep axe0 : 
> 
> axe0 at uhub5 port 2 configuration 1 interface
> 0 "ASIX Electronics AX88178" rev 2.00/0.01 addr 5
> axe0: AX88178, address
> 00:50:b6:4e:5a:c9

trendnet ethernet usb

[Wesley M.]

I plug on my OpenBSD 4.9 (fresh install) :Ethernet USB Device, trendnet
TU2-ETG
It detects axe0, i configured it using dhcp, it doesn't
work.
Manually also doesn't work. Pf disabled, no traffic out 

any issue ?


Here dmesg | grep axe0 : 

axe0 at uhub5 port 2 configuration 1 interface
0 "ASIX Electronics AX88178" rev 2.00/0.01 addr 5
axe0: AX88178, address
00:50:b6:4e:5a:c9 

newfs, fsck slow

[Wesley M.]

Hi, 

When i do a newfs on HD 500Go , it takes much more times using
OpenBSD 4.9 instead of 5.0 RELEASE.
Same problem using fsck -y dev. Why ?


Machine : mac mini 
model : A1347

Thank you very much for your replies.


Cheers, 

Wesley.

Re: kernel panic (mii_phy_setmedia) on mac mini A1347 with trace and ps picture url

[Wesley M.]

Ok, thank's.
Therefore, i have a problem. I use mailserv project, and it works only on
4.8; 4.9 RELEASE. Not on 5.0
Is there a way for me to have a 4.9 with patches ?
In short, is it possible to have a patch to use with 4.9-stable ?

Thank you very much.

Wesley.

On Mon, 19 Dec 2011 13:21:20 +, Stuart Henderson 
wrote:
> It's committed so wait for new snaps and you can avoid this step.
> 
> 
> On 2011/12/19 17:10, Wesley M. wrote:
>> Hi Stuart,
>> 
>> I tried this : boot -c at boot prompt (startup)
>> I have this message : "kbc cmd word write error" just after.
>> And i can't use keyboard at UKC Prompt :(
>> 
>> Wesley.
>> 
>> On Mon, 19 Dec 2011 12:51:58 +, Stuart Henderson
>> 
>> wrote:
>> > On 2011/12/19 16:10, Wesley M. wrote:
>> >> So i
>> >> tried to use 5.0 RELEASE.
>> >> This time, it formats quickly. But it is the same
>> >> way : kernel panic when it starts the network.
>> >> 
>> >> The following message
>> >> appear :
>> >> Starting network
>> >> panic: mii_phy_setmedia
>> >> Stopped at
>> >> Debugger+0x4:popl %ebp 
>> >> 
>> >> a "show panic" at the ddb prompt:
>> >> mii_phy_setmedia
>> > 
>> > You can try this patch. Apply, run 'cd /sys/dev/mii && make', then
>> > build
>> > a new kernel. Obviously you will need to get the new kernel on to the
>> > machine somehow; you can probably get it to boot with "boot -c",
>> > "disable bge", "quit" - then you will need to either use a USB
ethernet
>> > device to get the source tree onto the machine, or copy a kernel
built
>> > on another machine via USB storage.
>> > 
>> > Index: brgphy.c
>> > ===
>> > RCS file: /cvs/src/sys/dev/mii/brgphy.c,v
>> > retrieving revision 1.93
>> > diff -u -p -r1.93 brgphy.c
>> > --- brgphy.c   24 May 2010 21:23:23 -  1.93
>> > +++ brgphy.c   19 Dec 2011 12:43:02 -
>> > @@ -174,6 +174,8 @@ static const struct mii_phydesc brgphys[
>> >  MII_STR_xxBROADCOM2_BCM5709S },
>> >{ MII_OUI_xxBROADCOM2,  MII_MODEL_xxBROADCOM2_BCM5709CAX,
>> >  MII_STR_xxBROADCOM2_BCM5709CAX },
>> > +  { MII_OUI_xxBROADCOM3,  MII_MODEL_xxBROADCOM3_BCM57765,
>> > +MII_STR_xxBROADCOM3_BCM57765 },
>> >{ MII_OUI_xxBROADCOM3,  MII_MODEL_xxBROADCOM3_BCM57780,
>> >  MII_STR_xxBROADCOM3_BCM57780 },
>> >{ MII_OUI_BROADCOM2,MII_MODEL_BROADCOM2_BCM5906,
>> > Index: miidevs
>> > ===
>> > RCS file: /cvs/src/sys/dev/mii/miidevs,v
>> > retrieving revision 1.116
>> > diff -u -p -r1.116 miidevs
>> > --- miidevs21 Jan 2011 09:46:13 -  1.116
>> > +++ miidevs19 Dec 2011 12:43:02 -
>> > @@ -159,6 +159,7 @@ model xxBROADCOM2 BCM5709C 0x003c  BCM570
>> >  model xxBROADCOM2 BCM5761 0x003d  BCM5761 10/100/1000baseT PHY
>> >  model xxBROADCOM2 BCM5709S0x003f  BCM5709S 1000/2500baseSX PHY
>> >  model xxBROADCOM3 BCM577800x0019  BCM57780 10/100/1000baseT PHY
>> > +model xxBROADCOM3 BCM577650x0024  BCM57765 10/100/1000baseT PHY
>> >  model BROADCOM BCM54000x0004  BCM5400 1000baseT PHY
>> >  model BROADCOM BCM54010x0005  BCM5401 1000baseT PHY
>> >  model BROADCOM BCM54110x0007  BCM5411 1000baseT PHY
>> > 
>> > Actually I don't see any reason why not to commit this as-is.
>> > It may not work but it's certainly not going to make things worse.
>> > Any OKs for this?
>> > 
>> >> I can't note "trace" message, i have no serial port on the mac... :(
>> > 
>> > Yes you can, just re-type it from the text on-screen. But in this
case
>> > the ramdisk dmesg you included is enough.

Re: kernel panic (mii_phy_setmedia) on mac mini A1347 with trace and ps picture url

[Wesley M.]

Hi Stuart,

I tried this : boot -c at boot prompt (startup)
I have this message : "kbc cmd word write error" just after.
And i can't use keyboard at UKC Prompt :(

Wesley.

On Mon, 19 Dec 2011 12:51:58 +, Stuart Henderson 
wrote:
> On 2011/12/19 16:10, Wesley M. wrote:
>> So i
>> tried to use 5.0 RELEASE.
>> This time, it formats quickly. But it is the same
>> way : kernel panic when it starts the network.
>> 
>> The following message
>> appear :
>> Starting network
>> panic: mii_phy_setmedia
>> Stopped at
>> Debugger+0x4:popl %ebp 
>> 
>> a "show panic" at the ddb prompt:
>> mii_phy_setmedia
> 
> You can try this patch. Apply, run 'cd /sys/dev/mii && make', then build
> a new kernel. Obviously you will need to get the new kernel on to the
> machine somehow; you can probably get it to boot with "boot -c",
> "disable bge", "quit" - then you will need to either use a USB ethernet
> device to get the source tree onto the machine, or copy a kernel built
> on another machine via USB storage.
> 
> Index: brgphy.c
> ===
> RCS file: /cvs/src/sys/dev/mii/brgphy.c,v
> retrieving revision 1.93
> diff -u -p -r1.93 brgphy.c
> --- brgphy.c  24 May 2010 21:23:23 -  1.93
> +++ brgphy.c  19 Dec 2011 12:43:02 -
> @@ -174,6 +174,8 @@ static const struct mii_phydesc brgphys[
> MII_STR_xxBROADCOM2_BCM5709S },
>   { MII_OUI_xxBROADCOM2,  MII_MODEL_xxBROADCOM2_BCM5709CAX,
> MII_STR_xxBROADCOM2_BCM5709CAX },
> + { MII_OUI_xxBROADCOM3,  MII_MODEL_xxBROADCOM3_BCM57765,
> +   MII_STR_xxBROADCOM3_BCM57765 },
>   { MII_OUI_xxBROADCOM3,  MII_MODEL_xxBROADCOM3_BCM57780,
> MII_STR_xxBROADCOM3_BCM57780 },
>   { MII_OUI_BROADCOM2,MII_MODEL_BROADCOM2_BCM5906,
> Index: miidevs
> ===
> RCS file: /cvs/src/sys/dev/mii/miidevs,v
> retrieving revision 1.116
> diff -u -p -r1.116 miidevs
> --- miidevs   21 Jan 2011 09:46:13 -  1.116
> +++ miidevs   19 Dec 2011 12:43:02 -
> @@ -159,6 +159,7 @@ model xxBROADCOM2 BCM5709C0x003c  BCM570
>  model xxBROADCOM2 BCM57610x003d  BCM5761 10/100/1000baseT PHY
>  model xxBROADCOM2 BCM5709S   0x003f  BCM5709S 1000/2500baseSX PHY
>  model xxBROADCOM3 BCM57780   0x0019  BCM57780 10/100/1000baseT PHY
> +model xxBROADCOM3 BCM57765   0x0024  BCM57765 10/100/1000baseT PHY
>  model BROADCOM BCM5400   0x0004  BCM5400 1000baseT PHY
>  model BROADCOM BCM5401   0x0005  BCM5401 1000baseT PHY
>  model BROADCOM BCM5411   0x0007  BCM5411 1000baseT PHY
> 
> Actually I don't see any reason why not to commit this as-is.
> It may not work but it's certainly not going to make things worse.
> Any OKs for this?
> 
>> I can't note "trace" message, i have no serial port on the mac... :(
> 
> Yes you can, just re-type it from the text on-screen. But in this case
> the ramdisk dmesg you included is enough.

Re: kernel panic (mii_phy_setmedia) on mac mini A1347 with trace and ps picture url

[Wesley M.]

On Mon, 19 Dec 2011 10:33:56 -0200, Daniel Bolgheroni 
wrote:
> On Mon, Dec 19, 2011 at 04:10:16PM +0400, Wesley M. wrote:
>> 
>> Here is the ps message : http://i43.tinypic.com/mkufyo.jpg
>> Here is the
>> trace message : http://i40.tinypic.com/25syfxf.jpg 
> 
> Have you tried to disable whatever it is on boot>?

i tried disable bge0, boot, i still have a kernel panic just after
"Starting Network"

kernel panic (mii_phy_setmedia) on mac mini A1347 with trace and ps picture url

[Wesley M.]

Hi, 

I tried to install OpenBSD 4.9 on an Apple mac mini (new
generation).
Model : A1347 ;
Core i5, thunderbolt Technology, HD 500Go 

At
installation using 4.9 RELEASE :
It takes a long time to format slides.


At the reboot : i have a kernel panic just after "starting network"

So i
tried to use 5.0 RELEASE.
This time, it formats quickly. But it is the same
way : kernel panic when it starts the network.

The following message
appear :
Starting network
panic: mii_phy_setmedia
Stopped at
Debugger+0x4:popl %ebp 

a "show panic" at the ddb prompt:
mii_phy_setmedia


I can't note "trace" message, i have no serial port on the mac... :(


Here is the ps message : http://i43.tinypic.com/mkufyo.jpg
Here is the
trace message : http://i40.tinypic.com/25syfxf.jpg 

here is the dmesg
issue : boot on bsd.rd : 

OpenBSD 5.0 (RAMDISK_CD) #36: Wed Aug 17
10:27:31 MDT 2011

dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD
RTC BIOS
diagnostic error a9
cpu0: Intel(R) Core(TM) i5-2415M CPU @ 2.30GHz
("GenuineIntel" 686-class) 2.30 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,XSAVE,AVX
real
mem = 2047619072 (1952MB)
avail mem = 2007117824 (1914MB)
mainbus0 at
root
bios0 at mainbus0: AT/286+ BIOS, date 07/29/05, SMBIOS rev. 2.4 @
0xe (61 entries)
bios0: vendor Apple Inc. version
"MM51.88Z.0075.B00.1106271442" date 06/27/2011
bios0: Apple Inc.
Macmini5,1
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0:
tables DSDT FACP HPET APIC SBST ECDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT
SSDT SSDT MCFG SSDT SSDT SSDT
acpimadt0 at acpi0 addr 0xfee0: PC-AT
compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running
at 99MHz
cpu at mainbus0: not configured
cpu at mainbus0: not
configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 2 pa
0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped
to apid 2
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1
(P0P2)
acpiprt2 at acpi0: bus 5 (PEG1)
acpiprt3 at acpi0: bus 2
(RP01)
acpiprt4 at acpi0: bus -1 (RP02)
acpiprt5 at acpi0: bus 3
(RP03)
bios0: ROM list: 0xc/0xee00
memory map conflict
0xe00f8000/0x1000
memory map conflict 0xfed1c000/0x4000
memory map conflict
0xffed/0x3
pci0 at mainbus0 bus 0: configuration mode 1
(bios)
pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09
ppb0 at
pci0 dev 1 function 0 "Intel Core 2G PCIE" rev 0x09: apic 2 int 16
pci1 at
ppb0 bus 1
ppb1 at pci0 dev 1 function 1 "Intel Core 2G PCIE" rev 0x09:
apic 2 int 16
pci2 at ppb1 bus 5
ppb2 at pci2 dev 0 function 0 vendor
"Intel", unknown product 0x1513 rev 0x00
pci3 at ppb2 bus 6
ppb3 at pci3
dev 0 function 0 vendor "Intel", unknown product 0x1513 rev 0x00: apic 2
int 17
pci4 at ppb3 bus 7
vendor "Intel", unknown product 0x1513 (class
system subclass miscellaneous, rev 0x00) at pci4 dev 0 function 0 not
configured
ppb4 at pci3 dev 3 function 0 vendor "Intel", unknown product
0x1513 rev 0x00: apic 2 int 16
pci5 at ppb4 bus 8
ppb5 at pci3 dev 4
function 0 vendor "Intel", unknown product 0x1513 rev 0x00: apic 2 int
17
pci6 at ppb5 bus 9
ppb6 at pci3 dev 5 function 0 vendor "Intel", unknown
product 0x1513 rev 0x00: apic 2 int 18
pci7 at ppb6 bus 58
ppb7 at pci3 dev
6 function 0 vendor "Intel", unknown product 0x1513 rev 0x00: apic 2 int
19
pci8 at ppb7 bus 107
vga1 at pci0 dev 2 function 0 "Intel GT2+ Video"
rev 0x09
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
"Intel
6 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
uhci0 at
pci0 dev 26 function 0 vendor "Intel", unknown product 0x1c2c rev 0x05:
apic 2 int 21
ehci0 at pci0 dev 26 function 7 "Intel 6 Series USB" rev
0x05: apic 2 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel
EHCI root hub" rev 2.00/1.00 addr 1
"Intel 6 Series HD Audio" rev 0x05 at
pci0 dev 27 function 0 not configured
ppb8 at pci0 dev 28 function 0 "Intel
6 Series PCIE" rev 0xb5: apic 2 int 16
pci9 at ppb8 bus 2
bge0 at pci9 dev
0 function 0 "Broadcom BCM57765" rev 0x10, unknown BCM57765 (0x57785100):
apic 2 int 16, address 3c:07:54:0c:6b:b7
ukphy0 at bge0 phy 1: Generic IEEE
802.3u media interface, rev. 4: OUI 0x00d897, model 0x0024
"Broadcom SD
Host Controller" rev 0x10 at pci9 dev 0 function 1 not configured
ppb9 at
pci0 dev 28 function 2 "Intel 6 Series PCIE" rev 0xb5: apic 2 int 18
pci10
at ppb9 bus 3
ppb10 at pci10 dev 0 function 0 vendor "TI", unknown product
0x823e rev 0x01
pci11 at ppb10 bus 4
vendor "TI", unknown product 0x823f
(class serial bus subclass Firewire, rev 0x01) at pci11 dev 0 function 0
not configured
uhci1 at pci0 dev 29 function 0 vendor "Intel", unknown
product 0x1c27 rev 0x05: apic 2 int 19
ehci1 at pci0 dev 29 function 7
"Intel 6 Series USB" rev 0x05: apic 2 int 22
usb1 at ehci1: USB revision
2.0
uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
pcib0 at pci0
dev

kernel panic (mii_phy_setmedia) on mac mini A1347

[Wesley M.]

Hi, 

I tried to install OpenBSD 4.9 on an Apple mac mini (new
generation).
Model : A1347
Core i5, thunderbolt Technology, HD 500Go 

At
installation using 4.9 RELEASE :
It takes a long time to format slides.


At the reboot : i have a kernel panic just after "starting network"

So i
tried to use 5.0 RELEASE.
This time, it formats quickly. But it is the same
way : kernel panic when it starts the network.

The following message
appear :
Starting network
panic: mii_phy_setmedia
Stopped at
Debugger+0x4:popl %ebp 

a "show panic" at the ddb prompt:
mii_phy_setmedia


I can't note "trace" message, i have no serial port on the mac... :(
So
you can see the trace message attached (picture)
and the "ps" message
attached (picture)

here is the dmesg issue : boot on bsd.rd : 

OpenBSD
5.0 (RAMDISK_CD) #36: Wed Aug 17 10:27:31 MDT 2011

dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD
RTC BIOS
diagnostic error a9
cpu0: Intel(R) Core(TM) i5-2415M CPU @ 2.30GHz
("GenuineIntel" 686-class) 2.30 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,XSAVE,AVX
real
mem = 2047619072 (1952MB)
avail mem = 2007117824 (1914MB)
mainbus0 at
root
bios0 at mainbus0: AT/286+ BIOS, date 07/29/05, SMBIOS rev. 2.4 @
0xe (61 entries)
bios0: vendor Apple Inc. version
"MM51.88Z.0075.B00.1106271442" date 06/27/2011
bios0: Apple Inc.
Macmini5,1
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0:
tables DSDT FACP HPET APIC SBST ECDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT
SSDT SSDT MCFG SSDT SSDT SSDT
acpimadt0 at acpi0 addr 0xfee0: PC-AT
compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running
at 99MHz
cpu at mainbus0: not configured
cpu at mainbus0: not
configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 2 pa
0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped
to apid 2
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1
(P0P2)
acpiprt2 at acpi0: bus 5 (PEG1)
acpiprt3 at acpi0: bus 2
(RP01)
acpiprt4 at acpi0: bus -1 (RP02)
acpiprt5 at acpi0: bus 3
(RP03)
bios0: ROM list: 0xc/0xee00
memory map conflict
0xe00f8000/0x1000
memory map conflict 0xfed1c000/0x4000
memory map conflict
0xffed/0x3
pci0 at mainbus0 bus 0: configuration mode 1
(bios)
pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09
ppb0 at
pci0 dev 1 function 0 "Intel Core 2G PCIE" rev 0x09: apic 2 int 16
pci1 at
ppb0 bus 1
ppb1 at pci0 dev 1 function 1 "Intel Core 2G PCIE" rev 0x09:
apic 2 int 16
pci2 at ppb1 bus 5
ppb2 at pci2 dev 0 function 0 vendor
"Intel", unknown product 0x1513 rev 0x00
pci3 at ppb2 bus 6
ppb3 at pci3
dev 0 function 0 vendor "Intel", unknown product 0x1513 rev 0x00: apic 2
int 17
pci4 at ppb3 bus 7
vendor "Intel", unknown product 0x1513 (class
system subclass miscellaneous, rev 0x00) at pci4 dev 0 function 0 not
configured
ppb4 at pci3 dev 3 function 0 vendor "Intel", unknown product
0x1513 rev 0x00: apic 2 int 16
pci5 at ppb4 bus 8
ppb5 at pci3 dev 4
function 0 vendor "Intel", unknown product 0x1513 rev 0x00: apic 2 int
17
pci6 at ppb5 bus 9
ppb6 at pci3 dev 5 function 0 vendor "Intel", unknown
product 0x1513 rev 0x00: apic 2 int 18
pci7 at ppb6 bus 58
ppb7 at pci3 dev
6 function 0 vendor "Intel", unknown product 0x1513 rev 0x00: apic 2 int
19
pci8 at ppb7 bus 107
vga1 at pci0 dev 2 function 0 "Intel GT2+ Video"
rev 0x09
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
"Intel
6 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
uhci0 at
pci0 dev 26 function 0 vendor "Intel", unknown product 0x1c2c rev 0x05:
apic 2 int 21
ehci0 at pci0 dev 26 function 7 "Intel 6 Series USB" rev
0x05: apic 2 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel
EHCI root hub" rev 2.00/1.00 addr 1
"Intel 6 Series HD Audio" rev 0x05 at
pci0 dev 27 function 0 not configured
ppb8 at pci0 dev 28 function 0 "Intel
6 Series PCIE" rev 0xb5: apic 2 int 16
pci9 at ppb8 bus 2
bge0 at pci9 dev
0 function 0 "Broadcom BCM57765" rev 0x10, unknown BCM57765 (0x57785100):
apic 2 int 16, address 3c:07:54:0c:6b:b7
ukphy0 at bge0 phy 1: Generic IEEE
802.3u media interface, rev. 4: OUI 0x00d897, model 0x0024
"Broadcom SD
Host Controller" rev 0x10 at pci9 dev 0 function 1 not configured
ppb9 at
pci0 dev 28 function 2 "Intel 6 Series PCIE" rev 0xb5: apic 2 int 18
pci10
at ppb9 bus 3
ppb10 at pci10 dev 0 function 0 vendor "TI", unknown product
0x823e rev 0x01
pci11 at ppb10 bus 4
vendor "TI", unknown product 0x823f
(class serial bus subclass Firewire, rev 0x01) at pci11 dev 0 function 0
not configured
uhci1 at pci0 dev 29 function 0 vendor "Intel", unknown
product 0x1c27 rev 0x05: apic 2 int 19
ehci1 at pci0 dev 29 function 7
"Intel 6 Series USB" rev 0x05: apic 2 int 22
usb1 at ehci1: USB revision
2.0
uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
pcib0 at pci0
dev 31 function 0 "Intel HM65 LPC" rev

Re: roundcubemail on openbsd 5.0

[Wesley M.]

Hi,

I tried to blank tables in roundcubemail database, done.
But it still doesn't work. I can't login with user@domain
I can only with : username
And mails are sent with @localhost

I let you my main.inc.php file attached
And the file /var/www/roundcubemail/virtusertable contain :
user@domain  user
userx@domainx userx

Thank you for your replies and your help.
Wesley M.

PS : OpenBSD 5.0 / rouncubemail package 0.5.3p1

 Original Message 
Subject: Re: roundcubemail on openbsd 5.0
Date: Wed, 14 Dec 2011 21:35:49 +
From: Stuart Henderson 
To: "Wesley M." 
Cc: misc@openbsd.org, mwlu...@blackhelicopters.org, po...@openbsd.org
Reply-To: po...@openbsd.org

I have just tested this method with roundcube 0.7 on OpenBSD with
a blank database and it works fine there, logging in with the full
email address as specified in the left-hand column of the
virtusertable file uses the username on the right-hand-side as
the imap login name, and in prefs/identities it shows up the
full list of sender addresses with a matching entry.

Have you tried it with a blank database?

Reply-to set to ports@, though you might do better with a roundcube
forum instead if you still have problems..



On 2011/12/14 10:33, Wesley M. wrote:
> Hi,
> 
> I use sendmail 8.14.15 with virtusertable and procmail for multiple
> domains and
> dovecot 2.0; and Apache (chrooted in /var/www)
> MAILDIR : /var/mailserver/%u/
> IMAP/POP3/IMAPS/POP3S works.
> I just want :
> 
> At the Roundcube login page, type user1@domain1 and 
> send emails from this email :user1@domain1 without @localhost
> 
> Actually i can only log in with user1 and when i send email, i have
> user1@localhost
> 
> I tried this :
> add these 2 lines
> in main.inc.php and cp /etc/mail/virtusertable in
/var/www/roundcubemail/
> 
> $rcmail_config['plugins'] = array('virtuser_file');
> $rcmail_config['virtuser_file'] = '/roundcubemail/virtusertable'; 
> add a new user, try to connect with
> user_new@domain1 : no success
> try to connect with user_new : OK but always
> send emails with @localhost 
> 
> I read man pages, a lot of documents in
> Internet, it doesn't work for me.
> Any idea ? 
> 
> Thank you very much for your
> replies, your helps. 
> 
> Wesley. 
> 
> www.mouedine.net
> 
> On Tue, 13 Dec 2011 20:48:16 +, Stuart Henderson

> wrote:
> > On 2011/12/13 15:28, Michael W. Lucas wrote:
> >> I have Roundcube elsewhere.  It basically runs like any other
> >> IMAP/pop3 client, e.g., communicates over port 110/995/whatever.  My
> >> roundcube install isn't actually on my mail server.
> >> 
> >> This leads me to think that copying system files into the chroot
isn't
> >> going to help.
> > 
> > It has some special support for looking up usernames from a file
> > in virtusertable format. Can't say I've used it myself though..
> > 
> >> Using a mail client other than roundcube, can you authenticate to the
> >> server using user@domain, and send mail from user@domain?
> > 
> > Had Wesley followed the advice in my email about where to look
> > in the config file etc. he would probably have it working by now.
> > 
> >> > > See the config file, where it says "This domain will be used to
> >> > > form e-mail addresses of new users". Note that it says *new*;
> >> > > existing users will need to be changed in the database.

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of main.inc.php]

Re: roundcubemail on openbsd 5.0

[Wesley M.]

Hi,
Very funny, i already know this tips.
But when i add a new user and try to connect on, i always have @localhost.
At Roundcube login prompt : type username@specificdomainuser doesn't work.
And type just the username work, try to send a mail, it sends with
@localhost
I know i can modify manually this. But the goal is to have this
automatically
for new users.

Wesley

On Wed, 14 Dec 2011 08:38:18 +, nick  wrote:
> Wesley, I think once you've logged in with a user, you're stuck
> with whatever was in the config file as has been previously said as it's
> created the roundcube entries in the database. 
> 
> What you'll need to do
> now for that user is to log into roundcube, click Personal Settings at
> the top, then click identities and change the email address manually for
> them. 
> 
> If you've a lot of users you could probably open up the database
> manually and change the records directly. 
> 
> Regards. 
> 
> On 14/12/2011
> 06:33, Wesley M. wrote: 
> 
>> Hi,
>> 
>> I use sendmail 8.14.15 with
> virtusertable and procmail for multiple
>> domains and
>> dovecot 2.0; and
> Apache (chrooted in /var/www)
>> MAILDIR : /var/mailserver/%u/
>>
> IMAP/POP3/IMAPS/POP3S works.
>> I just want :
>> 
>> At the Roundcube login
> page, type user1@domain1 and 
>> send emails from this email
> :user1@domain1 without @localhost
>> 
>> Actually i can only log in with
> user1 and when i send email, i have
>> user1@localhost
>> 
>> I tried this
> :
>> add these 2 lines
>> in main.inc.php and cp /etc/mail/virtusertable
> in /var/www/roundcubemail/
>> 
>> $rcmail_config['plugins'] =
> array('virtuser_file');
>> $rcmail_config['virtuser_file'] =
> '/roundcubemail/virtusertable'; 
>> add a new user, try to connect with
>>
> user_new@domain1 : no success
>> try to connect with user_new : OK but
> always
>> send emails with @localhost 
>> 
>> I read man pages, a lot of
> documents in
>> Internet, it doesn't work for me.
>> Any idea ? 
>> 
>>
> Thank you very much for your
>> replies, your helps. 
>> 
>> Wesley. 
>> 
>>
> www.mouedine.net [1]
>> 
>> On Tue, 13 Dec 2011 20:48:16 +, Stuart
> Henderson 
>> wrote:
>> 
>>> On 2011/12/13 15:28, Michael W. Lucas wrote:
> 
>>> 
>>>> I have Roundcube elsewhere. It basically runs like any other
> IMAP/pop3 client, e.g., communicates over port 110/995/whatever. My
> roundcube install isn't actually on my mail server. This leads me to
> think that copying system files into the chroot isn't going to help.
>>>
> It has some special support for looking up usernames from a file in
> virtusertable format. Can't say I've used it myself though.. 
>>> 
>>>>
> Using a mail client other than roundcube, can you authenticate to the
> server using user@domain, and send mail from user@domain?
>>> Had Wesley
> followed the advice in my email about where to look in the config file
> etc. he would probably have it working by now. 
>>>> 
>>>>> See the config
> file, where it says "This domain will be used to form e-mail addresses
> of new users". Note that it says *new*; existing users will need to be
> changed in the database.
> 
>   
> 
> Links:
> --
> [1]
> http://www.mouedine.net
> [2] mailto:s...@spacehopper.org

Re: roundcubemail on openbsd 5.0

[Wesley M.]

Hi,

I use sendmail 8.14.15 with virtusertable and procmail for multiple
domains and
dovecot 2.0; and Apache (chrooted in /var/www)
MAILDIR : /var/mailserver/%u/
IMAP/POP3/IMAPS/POP3S works.
I just want :

At the Roundcube login page, type user1@domain1 and 
send emails from this email :user1@domain1 without @localhost

Actually i can only log in with user1 and when i send email, i have
user1@localhost

I tried this :
add these 2 lines
in main.inc.php and cp /etc/mail/virtusertable in /var/www/roundcubemail/

$rcmail_config['plugins'] = array('virtuser_file');
$rcmail_config['virtuser_file'] = '/roundcubemail/virtusertable'; 
add a new user, try to connect with
user_new@domain1 : no success
try to connect with user_new : OK but always
send emails with @localhost 

I read man pages, a lot of documents in
Internet, it doesn't work for me.
Any idea ? 

Thank you very much for your
replies, your helps. 

Wesley. 

www.mouedine.net

On Tue, 13 Dec 2011 20:48:16 +, Stuart Henderson 
wrote:
> On 2011/12/13 15:28, Michael W. Lucas wrote:
>> I have Roundcube elsewhere.  It basically runs like any other
>> IMAP/pop3 client, e.g., communicates over port 110/995/whatever.  My
>> roundcube install isn't actually on my mail server.
>> 
>> This leads me to think that copying system files into the chroot isn't
>> going to help.
> 
> It has some special support for looking up usernames from a file
> in virtusertable format. Can't say I've used it myself though..
> 
>> Using a mail client other than roundcube, can you authenticate to the
>> server using user@domain, and send mail from user@domain?
> 
> Had Wesley followed the advice in my email about where to look
> in the config file etc. he would probably have it working by now.
> 
>> > > See the config file, where it says "This domain will be used to
>> > > form e-mail addresses of new users". Note that it says *new*;
>> > > existing users will need to be changed in the database.

Re: roundcubemail on openbsd 5.0

[Wesley M.]

I tried this :
cp /etc/mail/virtusertable /var/www/roundcubemail/
And changed in /var/www/roundcubemail/main.inc.php this line to 
$rcmail_config['virtuser_file'] = '/roundcubemail/virtusertable';
Add a new user.

Try it, only works with his username, and when i try to send emails, it
comes from username@localhost
Any idea ?


> My first guess here would be that httpd is probably chrooted in which
> case you're trying to access a file that is not available
> 
>> When i try to connect using user@domain :
>> error authentification
>> and when i use just the username, there's @localhost
>> attached to the username. 
> 
> See the config file, where it says "This domain will be used to
> form e-mail addresses of new users". Note that it says *new*;
> existing users will need to be changed in the database.

roundcubemail on openbsd 5.0

[Wesley M.]

Hi,
I use sendmail with procmail(for maildir) and dovecot on OpenBSD
5.0
And a virtusertable /etc/mail/virtusertable for multiple domains.
All
works fine, i can send and receive emails. 

When i use roundcube, if i
type a username, try to send an email, it is from username@localhost
So, i
modified the file /var/www/roundcubemail/config/main.inc.php and add the
following : 

$rcmail_config['plugins'] =
array('virtuser_file');
$rcmail_config['virtuser_file'] =
'/etc/mail/virtusertable'; 

When i try to connect using user@domain :
error authentification
and when i use just the username, there's @localhost
attached to the username. 

If someone can help me on.
Thank you very much.


Wesley. 

Re: maildir in sendmail

[Wesley M.]

Hi Stuart,

Yes, i wish to use sendmail, and dovecot for pop3s/imaps
But the big problem, i want to have only one Maildir folder : /var/mail/%u
And then use roundcubemail to access the maildir.
That's all. I read a lot of documents, man pages on sendmail.
The only way i found is add this : feature (`local_procmail')dnl in my .mc
config file
pkg_add -vim procmail;
and configure .procmailrc in each /home/%u
There's no easiest way to have it (maildir)?

Thank you.

Wesley.

On Thu, 8 Dec 2011 11:03:31 + (UTC), Stuart Henderson
 wrote:
> You were going to use dovecot weren't you? It comes with its own
delivery
> agent, which can be fed over LMTP, and supports maildir/mbox/mdbox etc
> using the same choice of directory layout as dovecot pop3/imap daemons.
> 
> 
> On 2011-12-08, Wesley M.  wrote:
>> I noticed that sendmail use by default mbox : /var/mail/%u
>> Is there a
>> easy way to have maildir ? without procmail feature ?
>> Or there's no other
>> way except using procmail ? 
>>
>> I don't want to use procmail, because, i will
>> need a second large slide /home.
>> I just want that all emails are in
>> /var/mail/%u (maildir). 
>>
>> And then use roundcubemail package. 
>>
>> Thank you
>> very much for your help.
>>
>> Wesley.

maildir in sendmail

[Wesley M.]

I noticed that sendmail use by default mbox : /var/mail/%u
Is there a
easy way to have maildir ? without procmail feature ?
Or there's no other
way except using procmail ? 

I don't want to use procmail, because, i will
need a second large slide /home.
I just want that all emails are in
/var/mail/%u (maildir). 

And then use roundcubemail package. 

Thank you
very much for your help.

Wesley. 

USB to ethernet adapter

[Wesley M.]

Hi, 

I'm going to build a small firewall with proxy cache for web.
Using an Apple Mac mini. For the second ethernet, i will use :
- Trendnet TU2-ETG OR Apple MC704ZM.
What is better ? using trendnet or Apple Adapter ?
And is it enough stable to use a USB Adapter ? 

Thank you very much for your answers. 

Wesley.

Re: roundcubemail packet

[Wesley M.]

Hi,

First, thank you for your email.
I use it at work, a purchased version(75$) (allard mail server) : v4.7.6
I want to build my own mail server with sendmail, because, mailserv
doesn't work
on OpenBSD 5.0, for example :
there's no dovecot-sieve ; dovecot 2 is a big update; and especially
install script
doesn't work well, precompiled package like php5-core,dovecot--mysql, the
name has changed.
There's a lot of bugs to correct...
Perhaps, someone can correct them here ;-)

That said, it is a very good product, and i use already the 4.7.6 mail
server.

Cheers,

Wesley.



On Mon, 05 Dec 2011 08:30:40 -0500 (EST), Dewey Hylton
 wrote:

> my recommendation would be to look at a finished product which seems to
do
> everything you're looking for. since it's open source, you can poke
around
> and find how it is put together. or of course you can just use it as-is
- i
> used it for several years for myself and a couple of my customers, and
was
> completely satisfied with it.
> 
> http://mailserv.github.com/

Re: roundcubemail packet

[Wesley M.]

I modified mail_location in dovecot.conf :
mail_location = mbox:~/mail:INBOX=/var/mail/%u

but still not working :-(
Have this in maillog :

Dec  5 16:22:53 mailserver dovecot: imap-login: Login: user=,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=14593, secured
Dec  5 16:22:53 mailserver dovecot: imap(wesley): Disconnected: Logged out
bytes=29/399


On Mon, 5 Dec 2011 14:10:03 +0200, Gregory Edigarov
 wrote:
> On Mon, 05 Dec 2011 15:47:23 +0400
> "Wesley M."  wrote:
> 
>> in my /etc/dovecot/dovecot.conf
>> i added this line :
>> mail_location = mbox:/var/mail/%u
>> 
>> when i atempt to connect using webmail (roundcube) and do a "tail -f
>> /var/log/maillog", i have :
>> 
>> Dec  5 15:45:19 mailserver dovecot: imap-login: Login: user=,
>> method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=1502, secured
>> Dec  5 15:45:19 mailserver dovecot: imap(wesley): Error: user wesley:
>> Initialization failed: Initializing mail storage from mail_location
>> setting failed: mbox: mbox root directory can't be a
>> file: /var/mail/wesley (http://wiki2.dovecot.org/MailLocation/Mbox)
>> Dec  5 15:45:19 mailserver dovecot: imap(wesley): Error: Invalid user
>> settings. Refer to server log for more information.
>> 
>> Also, mail are in : /var/mail/%u (mbox)
>> If i add a user, does it need a home directory ?
>> 
>> If someone can help me.
> actually, if you read your log message carefully -  you will be able to
> solve it yourself. 
> http://wiki2.dovecot.org/MailLocation/mbox 
> gives you the right syntax.
>  
>> 
>> 
>> On Mon, 5 Dec 2011 12:26:55 +0100, Vitali  wrote:
>> > On Mon, Dec 5, 2011 at 11:56 AM, Wesley M. 
>> wrote:
>> >> Hi,
>> >>
>> >> Thank you for your reply.
>> >> Already done. But still doesn't work.
>> >> I have "connection error on imap server"
>> >>
>> >> I have 3 users created, with 3 2 domains hosted.
>> >> 993, 143 dovecot ports (imaps,imap) listen OK.
>> >>
>> >> ?
>> > 
>> > Please, try to connect to your IMAP port manually to see what it's
>> > going to reply.
>> > 
>> > # telnet your.imap.host 143
>> > here there will be imap server messages...
>> > you then type:
>> > a001 login username passwd
>> > here must imap server's messages...
>> > a002 logout
>> > #
>> > 
>> > V.

Re: roundcubemail packet

[Wesley M.]

in my /etc/dovecot/dovecot.conf
i added this line :
mail_location = mbox:/var/mail/%u

when i atempt to connect using webmail (roundcube) and do a "tail -f
/var/log/maillog", i have :

Dec  5 15:45:19 mailserver dovecot: imap-login: Login: user=,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=1502, secured
Dec  5 15:45:19 mailserver dovecot: imap(wesley): Error: user wesley:
Initialization failed: Initializing mail storage from mail_location setting
failed: mbox: mbox root directory can't be a file: /var/mail/wesley
(http://wiki2.dovecot.org/MailLocation/Mbox)
Dec  5 15:45:19 mailserver dovecot: imap(wesley): Error: Invalid user
settings. Refer to server log for more information.

Also, mail are in : /var/mail/%u (mbox)
If i add a user, does it need a home directory ?

If someone can help me.


On Mon, 5 Dec 2011 12:26:55 +0100, Vitali  wrote:
> On Mon, Dec 5, 2011 at 11:56 AM, Wesley M. 
wrote:
>> Hi,
>>
>> Thank you for your reply.
>> Already done. But still doesn't work.
>> I have "connection error on imap server"
>>
>> I have 3 users created, with 3 2 domains hosted.
>> 993, 143 dovecot ports (imaps,imap) listen OK.
>>
>> ?
> 
> Please, try to connect to your IMAP port manually to see what it's
> going to reply.
> 
> # telnet your.imap.host 143
> here there will be imap server messages...
> you then type:
> a001 login username passwd
> here must imap server's messages...
> a002 logout
> #
> 
> V.

Re: roundcubemail packet

[Wesley M.]

# netstat -anf inet
Active Internet connections (including servers)
Proto   Recv-Q Send-Q  Local Address  Foreign Address   
(state)

tcp  0  0  *.993  *.*   
LISTEN
tcp  0  0  *.143  *.*   
LISTEN
tcp  0  0  *.995  *.*   
LISTEN
tcp  0  0  *.110  *.*   
LISTEN
tcp  0  0  *.3306 *.*   
LISTEN
tcp  0  0  *.80   *.*   
LISTEN
tcp  0  0  *.443  *.*   
LISTEN
tcp  0  0  *.37   *.*   
LISTEN
tcp  0  0  *.13   *.*   
LISTEN
tcp  0  0  *.113  *.*   
LISTEN
tcp  0  0  *.587  *.*   
LISTEN
tcp  0  0  *.25   *.*   
LISTEN


My pf.conf :
set skip on lo
block log all
pass in on egress inet proto tcp from any to any port \
  {imap,imaps,http,https,pop3,pop3s,smtp,smtps}

So my configuration : OpenBSD 5.0
dovecot-2.0.13p5
roundcubemail-0.5.3p1
sendmail
mysql-server
php





On Mon, 5 Dec 2011 13:18:02 +0200, Gregory Edigarov
 wrote:
> On Mon, 05 Dec 2011 14:56:20 +0400
> "Wesley M."  wrote:
> 
>> Hi,
>> 
>> Thank you for your reply.
>> Already done. But still doesn't work.
>> I have "connection error on imap server"
>> 
>> I have 3 users created, with 3 2 domains hosted.
>> 993, 143 dovecot ports (imaps,imap) listen OK.
>> 
>> ?
> 
> is server really listening on 127.0.0.1?
> 
>> 
>> On Mon, 5 Dec 2011 10:59:24 +0200, Gregory Edigarov
>>  wrote:
>> > On Mon, 05 Dec 2011 12:38:46 +0400
>> > "Wesley M."  wrote:
>> > 
>> >> Thank you very much. It works.
>> >> 
>> >> Except i can't connect to my imap server. :-(
>> >> I use dovecot. Ports are opened. 
>> >> ??
>> >> 
>> > again, search your roundcube config file for 'localhost'
>> > pattern, and replace it with 127.0.0.1.
>> > but better still, add "127.0.0.1 localhost" to your /etc/hosts file,
>> > and check man resolv.conf, looking specifically for 'lookup' option 
>> >> 
>> >> On Mon, 05 Dec 2011 21:15:08 +1300, Richard Toohey
>> >>  wrote:
>> >> > On 5/12/2011, at 9:03 PM, Wesley M. wrote:

Re: roundcubemail packet

[Wesley M.]

Hi,

Thank you for your reply.
Already done. But still doesn't work.
I have "connection error on imap server"

I have 3 users created, with 3 2 domains hosted.
993, 143 dovecot ports (imaps,imap) listen OK.

?


On Mon, 5 Dec 2011 10:59:24 +0200, Gregory Edigarov
 wrote:
> On Mon, 05 Dec 2011 12:38:46 +0400
> "Wesley M."  wrote:
> 
>> Thank you very much. It works.
>> 
>> Except i can't connect to my imap server. :-(
>> I use dovecot. Ports are opened. 
>> ??
>> 
> again,search your roundcube config file for 'localhost'
> pattern, and replace it with 127.0.0.1.
> but better still, add "127.0.0.1 localhost" to your /etc/hosts file,
> and check man resolv.conf, looking specifically for 'lookup' option 
>> 
>> On Mon, 05 Dec 2011 21:15:08 +1300, Richard Toohey
>>  wrote:
>> > On 5/12/2011, at 9:03 PM, Wesley M. wrote:

Re: roundcubemail packet

[Wesley M.]

Thank you very much. It works.

Except i can't connect to my imap server. :-(
I use dovecot. Ports are opened. 
??


On Mon, 05 Dec 2011 21:15:08 +1300, Richard Toohey
 wrote:
> On 5/12/2011, at 9:03 PM, Wesley M. wrote:
> 
>> Hi,
>> 
>> I have the following error : 
>> 
>> Check DB config
>> DSN (write):  NOT OK(MDB2 Error: connect failed)
>> Make sure that the configured database exists and that the user has
write
>> privileges
>> DSN: mysql://roundcube:pass@localhost/roundcubemail
>> 
> 
> Try 127.0.0.1
> 
> http://www.openbsd.org/faq/faq10.html#httpdchroot
> 
>> Using http://mailserver_ip/roundcubemail/installer/
>> I have a user roundcube in mysql, with a "roundcubemail" database.
>> I don't understand why it stops here... If someone can help me?
>> 
>> What is installed on this machine (OpenBSD 5.0) :
>> aspell-0.60.6p4; bzip2-1.0.6; curl-7.21.7; cvsps-2.1
>> dovecot-2.0.13p5; femail-0.97p1; femail-chroot-0.97p3;
>> gettext-0.18.1p0; git-1.7.6p0; libiconv-1.13p2; libidn-1.22
>> libltdl-1.5.26p0; libmagic-5.00; libmcrypt-2.5.8p1; libxml-2.7.8p2
>> mysql-client-5.1.54p0; mysql-server-5.1.54p9; p5-Clone-0.31p1;
>> p5-DBD-mysql-4.019
>> p5-DBI-1.616; p5-Error-0.17016p0; p5-FreezeThaw-0.43p2; p5-MLDBM-2.04
>> p5-Net-Daemon-0.43p0; p5-Params-Util-1.00p2; p5-PlRPC-0.2018p1;
>> p5-SQL-Statement-1.33
>> pecl-fileinfo-1.0.4p0; php-5.2.17p5; php-mcrypt-5.2.17p3;
>> php-mysql-5.2.17p3
>> php-pspell-5.2.17p3; roundcubemail-0.5.3p1; rsync-3.0.8p0
>> 
>> Also, i want to buil a mailserver (multi-domains) using sendmail(with
>> virtusertable)
>> and dovecot. But i want to use pop3/pop3s does this working with
>> roundcubemail-0.5.3p1 ?
>> 
>> Thank you very much for your help.
>> 
>> Cheers,
>> 
>> Wesley.

roundcubemail packet

[Wesley M.]

Hi,

I have the following error : 

Check DB config
DSN (write):  NOT OK(MDB2 Error: connect failed)
Make sure that the configured database exists and that the user has write
privileges
DSN: mysql://roundcube:pass@localhost/roundcubemail

Using http://mailserver_ip/roundcubemail/installer/
I have a user roundcube in mysql, with a "roundcubemail" database.
I don't understand why it stops here... If someone can help me?

What is installed on this machine (OpenBSD 5.0) :
aspell-0.60.6p4; bzip2-1.0.6; curl-7.21.7; cvsps-2.1
dovecot-2.0.13p5; femail-0.97p1; femail-chroot-0.97p3;
gettext-0.18.1p0; git-1.7.6p0; libiconv-1.13p2; libidn-1.22
libltdl-1.5.26p0; libmagic-5.00; libmcrypt-2.5.8p1; libxml-2.7.8p2
mysql-client-5.1.54p0; mysql-server-5.1.54p9; p5-Clone-0.31p1;
p5-DBD-mysql-4.019
p5-DBI-1.616; p5-Error-0.17016p0; p5-FreezeThaw-0.43p2; p5-MLDBM-2.04
p5-Net-Daemon-0.43p0; p5-Params-Util-1.00p2; p5-PlRPC-0.2018p1;
p5-SQL-Statement-1.33
pecl-fileinfo-1.0.4p0; php-5.2.17p5; php-mcrypt-5.2.17p3;
php-mysql-5.2.17p3
php-pspell-5.2.17p3; roundcubemail-0.5.3p1; rsync-3.0.8p0

Also, i want to buil a mailserver (multi-domains) using sendmail(with
virtusertable)
and dovecot. But i want to use pop3/pop3s does this working with
roundcubemail-0.5.3p1 ?

Thank you very much for your help.

Cheers,

Wesley.

Re: sendmail(failed)

[Wesley M.]

> Change in startup procedure for Postfix and exim: The base OS has moved 
> to using scripts in /etc/rc.d to start all daemons. The script for 
> sendmail does not function fully for alternative MTAs (in particular it 
> will display "failed" at startup, although the daemon will still be 
> started, and "/etc/rc.d/sendmail reload" or "...stop" will not work as 
> expected). If you were using Postfix or exim and starting it using the 
> standard method of setting sendmail_flags in rc.conf.local, you should 
> set sendmail_flags=NO and start the relevant daemon via pkg_scripts,
e.g.
> 
>  pkg_scripts="${pkg_scripts} postfix"

I'm agree, but how to start sendmail with pkg_scripts using flags : "-bd
-q30m" ??

Thank you for your reply.

Wesley.

sendmail(failed)

[Wesley M.]

Hi

I upgraded my mailserver to OpenBSD 5.0

Now at startup i have :
Starting Network Daemons : sshd sendmail(failed) inetd
failed ? why ? Normal ?
And in rc.local we have a script that execute postfix with the option
set-permissions
If i do : netstat -anf inet ; i can see that the box listen well in 25 587
... smtp ports

If i remove : sendmail_flags="-bd -q30m" in /etc/rc.conf.local
restart the computer
and try manually : sendmail -bd -q30m tell me that postfix is running.

If i remove : sendmail_flags="-bd -q30m" in /etc/rc.conf.local
and also remove the script in rc.local (needed to start postfix) ; restart
the box
and try manually : sendmail -bd -q30m, things works well, therefore, just
after that,
postfix start automatically.

So ?

Thank you very much for your help.

Wesley.

Re: original sendmail.cf, mc ?

[Wesley M.]

Thank you very much for your help !
Now all works fine.

I just configured the smart host my mc file.

On Thu, 24 Nov 2011 10:12:17 +0100, Antoine Jacoutot
 wrote:
> On Thu, Nov 24, 2011 at 09:54:17AM +0100, Paul de Weerd wrote:
>> Looking more closely at how I set this up, hostname.mc is actually in
>> /etc/mail with a symlink to /usr/share/sendmail/cf and sendmail.cf is
>> a symlink to /usr/share/sendmail/cf/hostname.cf.  This way, my /etc
>> backup backs up the configuration (mc file) and not its parsed output
>> (cf file, which still gets backed up to /var/backups).
> 
> Your mc file should be appended at the end of your cf file; so you only
> need to backup your cf file ;)

original sendmail.cf, mc ?

[Wesley M.]

Hi, 

I use OpenBSD 5.0
I know the *.mc files are in :
/usr/share/sendmail/cf/
And sendmail.cf file is in /etc/mail, but it comes
from which mc file ? 

I just want to modify the origin mc file to allow me
to send email from a real domain instead of his hostname.
Or perhaps, there
an easiest way to do that... Wrong ? 

Thank you very much for your help.


Cheers, 

Wesley

Re: What is wrong with this pf config

[Wesley M.]

Hi,

Please read again : http://www.openbsd.org/faq/pf/example1.html
Or you can take a look here : http://mouedine.net/ruleset5.aspx

Cheers,

Wesley

On Mon, 21 Nov 2011 19:15:06 +1100, John Tate  wrote:
> I am having troubles with this pf configuration, it seems when loaded
> nothing can access my server on the internal interface for the LAN, I
> cannot see why, and it's pretty much based off the very standard
> example in the OpenBSD faq.
> 
> When I unload the configuration, I can access the DNS server on the
> firewall running this configuration. It seems to forward everything
> through to the Internet, but blocks DNS which makes it pretty useless.
> I've looked at it at least five times...
> 
> [john@baal ~$ cat /etc/pf.conf
> int_if="xl0"
> ext_if="tun0"
> 
> rothbard="10.0.0.10"
> baal="10.0.0.2"
> smass="10.0.0.1"
> 
> tcp_services="{22}"
> icmp_types="echoreq"
> 
> set block-policy return
> set loginterface $ext_if
> set skip on lo
> 
> match out on egress inet from !(egress:network) to any nat-to (egress:0)
> 
> block in log
> pass out quick
> 
> antispoof quick for { lo $int_if }
> 
> pass in on egress inet proto tcp from any to (egress) \
> port $tcp_services
> #After this goes forwarded ports... Probably just use ssh tunnels.
> 
> pass in inet proto icmp all icmp-type $icmp_types
> 
> What is wrong?
> 
> Also can you tell me how to do this so it only needs to load once, and
> not be loaded by a shell script after userland pppoe successfully
> connects?

opensmtpd

[Wesley M.]

Hi, 

I seen http://www.opensmtpd.org 

Does exist a "stable" version ?
can we put it on production ? 

And what's about your handbook :
https://www.poolp.org/OpenSMTPD/ 

Possible to have this hanbook in french
? 

Thank you very much for replies. 

All the best, 

Wesley M.

optimize adsl bandwidth

[Wesley M.]

Hi,

I use OpenBSD 5.0, what is better between use "prio" or altq on em0 priq
bandwidth 200Kb queue {q_def,q_pri}" ?
I explain : 

altq on em0 priq bandwidth 200Kb queue {q_def,q_pri}
queue q_def priority 1
queue q_pri priority 7 priq(default)
...
pass out on egress inet proto tcp queue(q_def,q_pri)
...

OR

pass out on egress inet proto tcp prio (1,7)

What is better, or perhaps, it works on the same way...
If someone can help on ...
Thank you very much.

Wesley

Re: jeu de règles PF/ PF Ruleset - OpenBSD 5.0

[Wesley M.]

Je prends note ;-)
Merci.

On Fri, 4 Nov 2011 19:37:46 +0100, "hvom .org"  wrote:
> Le 4 novembre 2011 19:14, Wesley M.  a C)crit :
>> Hi,
>>
>> See here :
>>
>> http://mouedine.net/ruleset5.aspx
>>
>> (with divert/tag use)
>>
>> All the best,
>>
>> Wesley MOUEDINE ASSABY
>>
>>
> 
> Faire un copier/coller serait plus juste. Vous C*tes sur une ML de
> partage, votre dC)marche est cordiale. Mais fait un peu marketing ici.
> 
> 100% libre, 0% obscur :)

jeu de règles PF/ PF Ruleset - OpenBSD 5.0

[Wesley M.]

Hi, 

See here : 

http://mouedine.net/ruleset5.aspx 

(with divert/tag use) 

All the best, 

Wesley MOUEDINE ASSABY 

post-Altq

[Wesley M.]

Hi, 

What's about the post-Altq ? 

See here :
http://bsdly.blogspot.com/2011/07/anticipating-post-altq-world.html 

Does
someone have any news about that? 

Cheers, 

Wesley.

Full ruleset Packet filter OpenBSD 5.0

[Wesley M.]

Hi, 

See here : 

http://mouedine.net/ruleset49.aspx 

(with divert/tag
use) 

All the best, 

Wesley MOUEDINE ASSABY 

Re: limit ftp download

[Wesley M.]

I tried this :
added a second ftpproxy_flags in my /etc/rc.conf.local

So in the file, we have :
ftpproxy_flags="-q ilimit" # Listen by default on 8021
ftpproxy_flags="-q istd" # 

It doesn't work, it use the last line in /etc/rc.conf.local : istd queue
I suppose that it doesn't listen on the same port 8021 for 2 queue.

So i try this, add this line to /etc/rc.local :
ftpproxy_flags="-q istd -p8022"
And in my /etc/rc.conf.local :
ftpproxy_flags="-q ilimit"
Restart the box, and do : netstat -anf inet
Listen on 127.0.0.1:8021 and 127.0.0.1:8022, seem to work
But the limit user download now 10Ko/s instead of 20Ko/s.

I think, it is not the right way to do it.
Is there someone who have a sample ? using -T option for ftp-proxy ?
Thank you very much.

Wesley.

> On Thu, 03 Nov 2011 09:02:32 +0100, Camiel Dobbelaar 
wrote:

> Run two ftp-proxies: one with the -q ilimit and one with the -q istd.
> 
> Then redirect the limited user to one proxy and the rest to the other.

Re: Packet Tagging issues with NAT in pf OBSD 4.9

[Wesley M.]

Hi, try this sample

_int = "re0"
_ext = "fxp1"
int_net = "192.168.200.0/24"
set block-policy drop
set skip on lo
match in all scrub (no-df max-mss 1440)
match out on $_ext inet from $int_net to any nat-to (egress)
block log all
pass in on $_int inet proto udp from $int_net to any port domain
pass in on $_int inet proto tcp from $int_net to any port \
{ www, https, ssh, pop3, imap, imaps, pop3s, submission, smtps }
pass out on $_ext inet proto tcp all
pass out on $_ext inet proto udp all


All the best,

Wesley MOUEDINE ASSABY.


> _int = "re0"
> _ext = "fxp1"
> int_net = "192.168.200.0/24"
> 
> pass out on $_ext tag LAN_NAT_TO_INET tagged LAN_TO_INET
> pass in on $_int from $int_net tag LAN_TO_INET
> 
> ..
> 
> pass out quick on $_ext tagged LAN_NAT_TO_INET  nat-to ($_ext)
> 
> 
> 
> Any reason why at the bottom of my .conf file where nat-to is in my
"quick"
> rule it would work but when it's at the first filter rule it does not? 
> I've
> read over the man page and have the book of pf v.2 and still am
confused. 
> Any
> tought is greatly appreciated.
> 
> 
> 
> Regards,
> 
> Dain

Re: limit ftp download

[Wesley M.]

Thank you for your reply.
I read the man page of ftp-proxy.
There's an option like you said, "-q queue".
But in my way, i have 2 queue : ilimit and istd
ilimit : bandwidth -> 20Ko/s
istd : bandwidth -> 128 Ko/s

So i just modified to my /etc/rc.conf.local :
ftpproxy_flags="" to ftpproxyflags="-q ilimit"
Restart the box.

Now, when this limited user download files using ftp, it downloads at
20Ko/s.
But the others download also at 20Ko/s ; How can i fix the others to
download files at 128 Ko/s ?
How can i have 2 ftp stream like one 20Ko/s and 128 Ko/s ?

Thank you very much for your help.

Wesley.

On Thu, 03 Nov 2011 07:04:04 +0100, Camiel Dobbelaar  wrote:
> On 3-11-2011 6:07, Wesley M. wrote:
>> I suppose it is because traffic are redirect to 127.0.0.1 (ftpproxy)
>> 
>> sample of my pf.conf:
>> ...
>> anchor "ftp-proxy/*"
>> pass in on $lan inet proto tcp from $limithost \
>> to port 21 divert-to 127.0.0.1 port 8021 queue ilimit
>> ...
>> 
>> Is there a way to solve this problem?
> 
> ftp-proxy has a '-q' option to set a queue.

limit ftp download

[Wesley M.]

Hi, 

I'm using OpenBSD 5.0 
I'm testing traffic shapping using altq. 
I can limit a user (his Ip address) to a 160Kb/s, it works great.
But when this user try to download a file using ftp, he downloads it at
1024Kb/s. 

I suppose it is because traffic are redirect to 127.0.0.1 (ftpproxy)

sample of my pf.conf:
...
anchor "ftp-proxy/*"
pass in on $lan inet proto tcp from $limithost \
to port 21 divert-to 127.0.0.1 port 8021 queue ilimit
...

Is there a way to solve this problem?
I want also that the others can download on ftp at full speed*

Thank you very much.
Cheers,

Wesley.

Re: NIDS on OpenBSD

[Wesley M.]

I'm not agree,

Using PF, and only PF, we can feed a table using some parameters and it is
filtered on one/several ports.

PF can't detect Network scan like nmap or ... So it is why i use scanlogdb
(it is in the OpenBSD Ports).
And some people use Snort also for this kind of things. 

PF is a good firewall, we can play with QoS/IP,Ports filter/NAT/ Src NAT/
Statefull/Load Balancing/scrub
But it is not a NIDS. ;-)

All the best,

Wesley M.

On Wed, 19 Oct 2011 10:05:33 +0300, Gregory Edigarov
 wrote:
> I think it is bad practice to use something that's not even in the
> base, when you have the feature in pf readily available.
> 
> pass in on vr0 inet proto tcp from any to (vr0) port ssh keep state \
> (max-src-conn-rate 1/60, overload  flush global)
> 
> 
> On Wed, 19 Oct 2011 10:04:09 +0400
> "Wesley M."  wrote:
> 
>> I added this :
>> 
>> in pf.conf
>> ...
>> table  persist file "/etc/black"
>> ...
>> block quick from 
>> ...
>> 
>> Added to crontab
>> pfctl -t black -T add $(cat /var/log/alert | awk '{print $6}')
>> 
>> What do you think about that ?
>> Perhaps, you have easiest way to do it ?
>> Now i'm looking for a small web monitor to view alerts provided by
>> scanlogd. Any idea ?
>> 
>> cheers,
>> 
>> Wesley.
>> 
>> 
>> On Wed, 19 Oct 2011 09:31:35 +0400, "Wesley M."
>>  wrote:
>> > Hi, 
>> > 
>> > I use OpenBSD 4.9, i'm looking for a good nids. 
>> > 
>> > I found
>> > "scanlogd" in ports, works very well. 
>> > 
>> > But is there a way to work this
>> > last one with pf ? For example add the ip-address detected by
>> > scanlogd
>> to a
>> > "Blacklist" table ? 
>> > 
>> > Also, is there a way to have a web monitor to view
>> > alert? 
>> > 
>> > Perhaps, you use something else ... what ? ;-) snort ? 
>> > 
>> > Thank you
>> > very much ! 
>> > 
>> > All the best, 
>> > 
>> > Wesley.

Re: NIDS on OpenBSD

[Wesley M.]

I added this :

in pf.conf
...
table  persist file "/etc/black"
...
block quick from 
...

Added to crontab
pfctl -t black -T add $(cat /var/log/alert | awk '{print $6}')

What do you think about that ?
Perhaps, you have easiest way to do it ?
Now i'm looking for a small web monitor to view alerts provided by
scanlogd. Any idea ?

cheers,

Wesley.


On Wed, 19 Oct 2011 09:31:35 +0400, "Wesley M." 
wrote:
> Hi, 
> 
> I use OpenBSD 4.9, i'm looking for a good nids. 
> 
> I found
> "scanlogd" in ports, works very well. 
> 
> But is there a way to work this
> last one with pf ? For example add the ip-address detected by scanlogd
to a
> "Blacklist" table ? 
> 
> Also, is there a way to have a web monitor to view
> alert? 
> 
> Perhaps, you use something else ... what ? ;-) snort ? 
> 
> Thank you
> very much ! 
> 
> All the best, 
> 
> Wesley.

NIDS on OpenBSD

[Wesley M.]

Hi, 

I use OpenBSD 4.9, i'm looking for a good nids. 

I found
"scanlogd" in ports, works very well. 

But is there a way to work this
last one with pf ? For example add the ip-address detected by scanlogd to a
"Blacklist" table ? 

Also, is there a way to have a web monitor to view
alert? 

Perhaps, you use something else ... what ? ;-) snort ? 

Thank you
very much ! 

All the best, 

Wesley. 

Re: Help setting up a PF NAT gateway

[Wesley M.]

Hi,

see my sample, it is well explained.
http://mouedine.net/ruleset49.aspx

All the best,

Wesley MOUEDINE ASSABY
www.mouedine.net


On Mon, 10 Oct 2011 17:38:26 +0200, Stefan Midjich 
wrote:
> Simplest of things but I'm failing miserably.
> 
> $ sudo cat /etc/hostname.vic2 # External NIC with static public IPv4
> address
> inet 50.50.50.59 255.255.255.0 50.50.50.255
> 
> $ sudo cat /etc/hostname.vic3 # Internal NIC used as gateway by two
> machines on same network
> inet 10.221.181.10 255.255.255.0 10.221.181.255
> 
> For troubleshooting I have removed the block all rule, to confirm that
> it is in fact my NAT related rules that don't work.
> 
> These are my first and only NAT rules. The other rules work fine and
> are just to allow SSH to my management interface and ICMP response
> from the external IP and from the internal gateway IP. Besides I've
> removed the block all so the other rules don't matter much now.
> 
> match out on vic2 inet from 10.221.181.0/24 to any nat-to (vic2)
> round-robin
> pass inet from 10.221.181.0/24 to any flags S/SA keep state
> 
> With tcpdump I can see packets going to vic3, but no further.
> 
> With block all commented out I can fully test the network around and
> everything is working just fine, I can nc -kl 50.50.50.59 65535 and
> connect to that port from anywhere on the internet. I just can't
> connect out from the private network through the gateway. The systems
> in the private network have 10.221.181.10 as their default gateway.
> 
> I even have the Book of PF 2nd edition here but it's of no use, the
> rules are mostly from there. Just for troubleshooting I can also nc
> -kl 10.221.181.10 65535 on the gateway and connect to that port from
> the private network machines without issues.
> 
> So please tell me, what am I missing in this nat-to rule?
> 
> --
> 
> 
> Med vdnliga hdlsningar / With kind regards
> 
> Stefan Midjich

Re: problem routing

[Wesley M.]

INTERNETsis1sis2---(server,ISP_ROUTER,workstations)

sis2:10.100.1.250
ISP_ROUTER:10.100.1.254
server:10.100.1.150 , gateway : 10.100.1.254
worskstations 10.100.1.0/24 , gateway : 10.100.1.250

I already tried isakmpd ikev1 vpn :
ping 10.100.1.250 ok ssh ok 
can't ping 10.100.1.150, rdp doesn't work also
can't ping 10.100.1.254

Is it possible to access my server using rdomain ?
route -T 1 add 0.0.0.0/0 10.100.1.254
ifconfig enc0 rdomain 1

any idea ?
Thank you very very much.

Wesley.

Re: routing problem

[Wesley M.]

On Wed, 28 Sep 2011 15:42:05 +0400, pavel pocheptsov
 wrote:
> 28 Q
P5P=QQP1QQ 2011, 15:28 P>Q "Wesley M."
:
>> The VPN is between a fictif ip address(gives by the_green_bow) to
>> 10.100.1.0/24
>> 
>> Using VPN, i can ping 10.100.1.250 and use also ssh on the box but
pings
>> doesn't work for  : 10.100.1.100, and 10.100.1.254.
>> 
>> On the OpenBSD SIDE : ipsec.conf
>> 
>> ike dynamic from 10.100.1.0/24 to any \
>> main auth hmac-sha1 enc aes-256 group modp1024 \
>> quick auth hmac-sha1 enc aes-256 psk demokey
>> 
> maybe add to ipsec.conf "from any to 10.100.."

I don't think that it will solve my mistake. Because VPN works, and ready
to 10.100.1.0/24
The problem is that the server 10.100.1.100 has a different gateway
(10.100.1.254)

> on remote side "route add 10.100.1.0 mask 255.255.255.0
> IP_addres_of_your_vpn_gateway(not real gateway)"
it doesn't work. :-(

Re: routing problem

[Wesley M.]

The VPN is between a fictif ip address(gives by the_green_bow) to
10.100.1.0/24

Using VPN, i can ping 10.100.1.250 and use also ssh on the box but pings
doesn't work for  : 10.100.1.100, and 10.100.1.254.

On the OpenBSD SIDE : ipsec.conf 

ike dynamic from 10.100.1.0/24 to any \
main auth hmac-sha1 enc aes-256 group modp1024 \
quick auth hmac-sha1 enc aes-256 psk demokey


On Wed, 28 Sep 2011 15:05:52 +0400, pavel pocheptsov
 wrote:
> what settings on client/home side?
> B ipconfig /all, route print..etc
> 
> 
> 28 Q
P5P=QQP1QQ 2011, 11:18 P>Q "Wesley M."
:
>  
>  
>   
>   
> Hi, 
> 
> I have at work: 
> TS Server : 10.100.1.100 his gateway is 10.100.1.254 (router for private
> network)
> Firewall : 10.100.1.250 (OpenBSD 4.9, ADSL : sis0, Lan (10.100.1.0/24)
> :sis2 
> 
> On the firewall, i can ping 10.100.1.100 and telnet 10.100.1.100 3389 ->
> OK
> 
> When i am at home, i connect to firewall using "thegreenbow" vpn is ok,
i
> can ping 10.100.1.250, use ssh on the firewall, but i can't ping
> 10.100.1.100 and can't use rdp on this address. 
> 
> my pf rules: 
> ...
> set skip on {lo,enc0} 
> pass out on sis2 inet proto tcp from $remote to 10.100.1.100 port 3389 
> pass out inet proto icmp all icmp-type echoreq
> ...
> 
> Any idea ?
> thank you very much.
> Wesley

Re: routing problem

[Wesley M.]

On Wed, 28 Sep 2011 06:49:59 -0400, Nick Holland
 wrote:
> On 09/28/11 03:13, Wesley M. wrote:
>> Hi, 
>> 
>> I have at work: 
>> TS Server : 10.100.1.100 his gateway is 10.100.1.254 (router for
private
>> network)
> 
> bzzt.  Bad.
> (I'm guessing that's a windows terminal server)
Yes, it is (RDS, Windows 2008 R2)

>> Firewall : 10.100.1.250 (OpenBSD 4.9, ADSL : sis0, Lan (10.100.1.0/24)
>> :sis2 
>> 
>> On the firewall, i can ping 10.100.1.100 and telnet 10.100.1.100 3389
->
>> OK
> 
> right. no gateway involved.
Yes, it doesn't need the gateway : 10.100.1.254

> 
>> When i am at home, i connect to firewall using "thegreenbow" vpn is ok,
i
>> can ping 10.100.1.250, use ssh on the firewall, but i can't ping
>> 10.100.1.100 and can't use rdp on this address. 
>> 
>> my pf rules: 
>> ...
>> set skip on {lo,enc0} 
>> pass out on sis2 inet proto tcp from $remote to 10.100.1.100 port 3389 
>> pass out inet proto icmp all icmp-type echoreq
>> ...
> 

To resume :

INTERNET---sis0-sis1---LAN---

On the LAN side :
There's the TS SERVER and the ISP ROUTER (need it to connect the 4 others
locations)

> 
> Fixes: 1) fix the default gateway on the TS Server machine, add a custom
> route for whatever that "private network" thingie is.

I can't change the gateway, because the others locations (there are 4)
won't connect on TS.


> 2) instead of your VPN, use an SSH tunnel to your firewall, then
> redirect 3389 to the TS Server.  This way, your remote desktop session
> is between the gateway and the firewall, which are both on the same
subnet.

Seem's a good solution. But there's no other way to connect TS using VPN ?


> 
> Nick.

routing problem

[Wesley M.]

Hi, 

I have at work: 
TS Server : 10.100.1.100 his gateway is 10.100.1.254 (router for private
network)
Firewall : 10.100.1.250 (OpenBSD 4.9, ADSL : sis0, Lan (10.100.1.0/24)
:sis2 

On the firewall, i can ping 10.100.1.100 and telnet 10.100.1.100 3389 ->
OK

When i am at home, i connect to firewall using "thegreenbow" vpn is ok, i
can ping 10.100.1.250, use ssh on the firewall, but i can't ping
10.100.1.100 and can't use rdp on this address. 

my pf rules: 
...
set skip on {lo,enc0} 
pass out on sis2 inet proto tcp from $remote to 10.100.1.100 port 3389 
pass out inet proto icmp all icmp-type echoreq
...

Any idea ?
thank you very much.
Wesley

configure lan ports and wifi like a switch

[Wesley M.]

Hi, 

I use an appliance with OpenBSD 4.9, there are 3 network
ports(sis0-2), and a wifi port (ral0)
sis0 : egress (internet) 

sis1,
sis2, ral0 : lan i configure a hostname.trunk0 : trunkport sis2 trunkport
sis1 trunkport ral0 trunkproto loadbalance inet 10.100.1.50 255.255.255.0
hostname.sis1, hostname.sis2 : up hostname.ral0 inet 10.100.1.241
255.255.255.0 NONE media autoselect mode 
 11g mediaopt hostap nwid SSID
wpakey mypassword chan 11 up It seems to me that it doesn't work. Any
advice, or ideas ? Thank you a lot for your replies !! 
Wesley.

Re: IPsec+rdomain

[Wesley M.]

Hi,

I already had the same problem. You need to use a Ipsec VPN and NAT.
See here : http://www.undeadly.org/cgi?action=article&sid=20090127205841

Becare with your pf.conf syntax * many changes on recent OpenBSD Release.

Cheers,

Wesley MOUEDINE ASSABY
www.mouedine.net


On Wed, 14 Sep 2011 22:15:36 -0300, Rodrigo Mosconi
 wrote:
> I would like to know how integrated/related IPsec tools are integrated
> with the routing domains?
> Is possible to configure ipsec tunnels as a vpn concentrator to
> private classes?  An example:
> 
> At my side I have 2 private network (suppose 172.16.1.0/24 and
> 172.16.2.0/24), and I have 2 partners that their network are the same
> 10.10.10.0/24.
> Both partners refuses to change the network.
> 
> How can I distinguish both partners?  Theoretically the partner A can
> belong to  rdomain 1 and partner B to rdomain 2?
> 
> Just to simplify:
> partner A access network 172.16.1.0/24
> and
> partner B access network 172.16.2.0/24
> 
> Thanks for any help,
> 
> Mosconi

Re: Starting popa3d ...

[Wesley M.]

Hi,

See the file /etc/inetd.conf

cheers,

Wesley MOUEDINE ASSABY


On Tue, 13 Sep 2011 12:19:21 +0930, David Walker
 wrote:
> Hi.
> 
> uname -rsv
> OpenBSD 5.0 GENERIC#39
> 
> I'm gearing up to use popa3d and testing it on a machine.
> 
> I tried the following in rc.conf.local (where V is version number and
> exeunt) ...
> popa3d_flags="-D"
> popa3d_flags="-V"
> popa3d_flags="-D -V"
> 
> ... and it does not start.
> 
> Even though I see this in RC.D(8) ...
> 
> Services comprising OpenBSD base
> are
>  started by rc(8).
> 
> ... and this in RC.CONF(8) ...
> 
>  This file contains a series of Bourne-shell syntax assignments that
>  are
>  used to configure the system daemons.
> 
> ... and these in RC(8) ..
> 
>  rc is the command script that is invoked by init(8) when the system
>  starts up.  It performs system housekeeping chores and starts up
>  system
>  daemons.
> 
>  
Normal-
>  ly, rc.local contains commands and daemons that are not part of the
>  stock
>  installation.
> 
> A quick (quick) grep of rc (and rc.conf) shows that while other
> services in base are there popa3d is absent in both.
> Is this an oversight for popa3d (and perhaps others) that aren't
> included in rc but are in base?
> Is this intended by the use of "Normally" in rc(8) and do those other
> man pages warrant re-wording?
> 
> So I added popa3d to rc.local and that works although I'm not sure if
> the intended method is to merely pop the command in there ...
> popa3d -D
> ... bypassing rc.conf.local flags or some other method.
> Doing thiss I get no feedback on whether or not popa3d has started
> other than looking at ps -x ...
> 
> It doesn't seem to matter whether or not I have a popa3d file in rc.d
...
> This doesn't seem to be the intent of rc.d(8).
> If I mv some of the other files related to rc services in rc.d
> (notably ntpd and smtpd) I get an error message at boot when I try to
> start those services.
> Has popa3d or rc.local slipped through the cracks?
> 
> I added popa3d to pkg_scripts= in rc.conf and that appears to function
> as intended (rc.conf.local flags obeyed and requires file in rc.d).
> 
> Best wishes.

Re: Why aren't you running -current?

[Wesley M.]

Hi,

Need to cvs update and rebuild, so take time.
And configuration file can change.

Cheers,

Wesley.

>> i'm sorry :(
> 
> don't be sorry, just tell me why, i am just curious.

vpn ike1 ok, but can't access workstation

[Wesley M.]

Hi, 

I have a win7 with dynamic ip address connected using "green Bow
VPN". 

[road warrior]>[OpenBSD]>>>[192.168.0.0/24] 

The tunnel is
opened. I can ping the OpenBSD(4.9) gateway(192.168.0.249), but no
workstations in the lan. 

I try : "tcpdump -nettti pflog0" report me
nothing. 

I try : "tcpdump -i enc0", i can see icmp packet provening from
the win7 dynamic ip address. 

my ipsec.conf (openbsd box): 

ike dynamic
from 192.168.0.0/24 to any 
 main auth hmac-sha1 enc aes group modp1024 

quick auth hmac-sha1 enc aes psk testabcd 

My pf.conf (openbsd)


lan="sis2"
set skip on {lo, enc0} 

match out on egress inet from
$lan:network nat-to egress 

block log all 

pass in on egress proto {esp
ah}
pass in on egress proto udp to port {4500 500}
pass in on egress inet
proto tcp to port ssh 

pass 

So, any idea ? 

Thank you very much for
your help! 

cheers, 

Wesley.

ikev2

[Wesley M.]

Hi, 

sorry to post again this. 

Is there someone who have already
tried a vpn 

using ikev2 with EAP-MSCHAP-V2 support ? 

Thank you very
much. 

Cheers, 

Wesley.M

Re: vpn with a win7 workstation

[Wesley M.]

Ok, thank you a lot for your replay.
Have you ever try to use ikev2 ? using iked and so win7 have ikev2
support.
I tried to use it (iked) but no success... :(
If you can take a eye on it.

Cheers,

Wesley M.

On Wed, 31 Aug 2011 19:07:49 +0800, Zak Elep
 wrote:
> On Wed, Aug 31, 2011 at 6:30 PM, Wesley M. 
wrote:
>> What is the best way to build a vpn between an OpenBSD 4.9 gateway
>> and a Win7 workstation ?
> 
> I got this working here on our network, both for Win7 and Ubuntu
> clients going to an OpenBSD gateway.
> 
> On the gateway, have /etc/ipsec.conf say something like
> 
> # roadwarrior
> ike passive esp from any to gateway.ip.address peer any psk
> your-rand0m-password-here
> ike passive esp from gateway.ip.address to any psk
> your-rand0m-password-here
> 
> And on your Win7 client, get Shrew VPN[0] and add a configuration with
> the following auth:
> 
> Phase 1:
>   - Exchange type: main
>   - DH Exchange: group 2
>   - Cipher algorithm: aes
>   - Cipher key length: 256 Bits
>   - Hash algorithm: sha1
> 
> Phase 2:
>   - Transform length: aes
>   - Transform key length: 256 Bits
>   - HMAC algorithm: sha1
>   - PFS Exchange: group 2
>   - Compression algorithm: deflate
> 
> Policy:
>   - add a topology entry that matches your internal network
> 
> [0]  http://www.shrew.net/download/vpn

vpn with a win7 workstation

[Wesley M.]

Hi 

What is the best way to build a vpn between an OpenBSD 4.9 gateway
and a Win7 workstation ? 

Thank you very much for your advices. 

All the
best, 

Wesley M.

Re: ftpd server

[Wesley M.]

Hi,

You will find your solution here : http://www.openbsd.org/faq/pf/ftp.html

Best regards,

Wesley MOUEDINE ASSABY
http://mouedine.net/ruleset49.aspx



On Tue, 30 Aug 2011 23:38:41 -0700, fqui nonez 
wrote:
> Hello
> 
> I have a ftpd server box, OBSD-4.9, and pflog shows:
> 
> Aug 29 10:11:03.520900 rule 3/(match) pass in on rl0:
> 190.87.195.241.2732 > 192.168.5.2.21: S 2008995709:2008995709(0) win
> 65535 
> Aug 29 10:15:52.825409 rule 3/(match) pass in on rl0:
> 190.87.195.241.3190 > 192.168.5.2.21: S 409025537:409025537(0) win
> 65535 
> Aug 29 10:27:40.085461 rule 1/(match) block out on rl0: 192.168.5.2.21
>> 190.87.195.241.2732: FP 2719210498:2719210554(56) ack 2008995823 win
> 17424 (DF) [tos 0x10]
> Aug 29 10:28:44.085510 rule 1/(match) block out on rl0: 192.168.5.2.21
>> 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10]
> Aug 29 10:29:48.085560 rule 1/(match) block out on rl0: 192.168.5.2.21
>> 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
> Aug 29 10:30:52.085653 rule 1/(match) block out on rl0: 192.168.5.2.21
>> 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10]
> Aug 29 10:31:56.085655 rule 1/(match) block out on rl0: 192.168.5.2.21
>> 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
> Aug 29 10:32:29.475695 rule 1/(match) block out on rl0: 192.168.5.2.21
>> 190.87.195.241.3190: FP 2719185758:2719185814(56) ack 409025651 win
> 17424 [tos 0x10]
> Aug 29 10:33:00.085705 rule 1/(match) block out on rl0: 192.168.5.2.21
>> 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10]
> Aug 29 10:33:33.475738 rule 1/(match) block out on rl0: 192.168.5.2.21
>> 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
> Aug 29 10:34:04.085762 rule 1/(match) block out on rl0: 192.168.5.2.21
>> 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
> Aug 29 10:34:37.475788 rule 1/(match) block out on rl0: 192.168.5.2.21
>> 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10]
> Aug 29 10:35:08.085806 rule 1/(match) block out on rl0: 192.168.5.2.21
>> 190.87.195.241.2732: R 57:57(0) ack 1 win 0 (DF) [tos 0x10]
> Aug 29 10:35:41.475843 rule 1/(match) block out on rl0: 192.168.5.2.21
>> 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
> Aug 29 10:36:45.475901 rule 1/(match) block out on rl0: 192.168.5.2.21
>> 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10]
> Aug 29 10:37:49.475947 rule 1/(match) block out on rl0: 192.168.5.2.21
>> 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
> Aug 29 10:38:53.476001 rule 1/(match) block out on rl0: 192.168.5.2.21
>> 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10]
> Aug 29 10:39:57.476044 rule 1/(match) block out on rl0: 192.168.5.2.21
>> 190.87.195.241.3190: R 57:57(0) ack 1 win 0 [tos 0x10]
> 
> pf rules are:
> 
> set skip on lo
> block in log all
> block out log all
> pass out log quick on rl0
> pass in log quick on rl0 proto tcp from any to port {20 21 22}
> antispoof quick log for rl0
> pass  # to establish keep-state
> 
> It look for me, that somebody send code over port 21, then ftpd
> respond over port 21, and pf stops sftp!
> I have seen that normal behaviour of ftpd is logged on random ports;
> as effect of ftp_proxy.
> 
> Is it happening something weird here?
> 
> Thanks so much.

iked

[Wesley M.]

Hi,

Is there someone already use iked to build a vpn with a win7 ?
... And of course an OpenBSD gateway.

Thank you very much for your help and reply.

All the best,

Wesley.

PS : I already read man pages iked; ikectl and iked.conf