fatal page fault in supervisor mode

2014-12-07 Thread pavel pocheptsov 
 Hi list, I've got this error and I don't what it is about.
Is something wrong with my hardware, like RAM?
Could someone point me in right direction to resolve this error?

Dec  7 11:35:33 gw /bsd: uvm_fault(0xd0a2, 0xcfc0, 0, 3) - e
Dec  7 11:35:33 gw /bsd: fatal page fault (6) in supervisor mode
Dec  7 11:35:33 gw /bsd: trap type 6 code 2 eip d056f4a8 cs 50 eflags 210256 
cr2 cfc0 cpl 40
Dec  7 11:35:33 gw /bsd: panic: trap type 6, code=2, pc=d056f4a8
Dec  7 11:35:33 gw /bsd: Starting stack trace...
Dec  7 11:35:33 gw /bsd: panic(d08d35a6,dc7deabc,d08d6f9e,dc7deabc,2) at 
panic+0x6a
Dec  7 11:35:33 gw /bsd: panic(d08d6f9e,6,2,d056f4a8,50) at panic+0x6a
Dec  7 11:35:33 gw /bsd: trap() at trap+0x38f
Dec  7 11:35:33 gw /bsd: --- trap (number -809500672) ---
Dec  7 11:35:33 gw /bsd: 0x2:
Dec  7 11:35:33 gw /bsd: End of stack trace.
Dec  7 11:35:33 gw /bsd: panic: mtx_enter: locking against myself
Dec  7 11:35:33 gw /bsd: Starting stack trace...
Dec  7 11:35:33 gw /bsd: panic(d08d35a6,dc7de72c,dc7de720,d020476c,c0) at 
panic+0x6a
Dec  7 11:35:33 gw /bsd: panic(d02036a2,dc7de75c,d03ee791,d0a181a0,17) at 
panic+0x6a
Dec  7 11:35:33 gw /bsd: mtx_enter(d0a181a0,17,d0a162c0,dc7de780,d02043fc) at 
mtx_enter+0x62
Dec  7 11:35:33 gw /bsd: pool_get(d0a181a0,2,d6872a18,dc7de8f8,2) at 
pool_get+0x31
Dec  7 11:35:33 gw /bsd: pf_test_rule(dc7de8d0,dc7de8cc,1,d1ea3900,dc8dab00) 
at pf_test_rule+0x1ab9
Dec  7 11:35:33 gw /bsd: pf_test(2,1,d1eba030,dc7de9d4,0) at pf_test+0xd4c
Dec  7 11:35:33 gw /bsd: ipv4_input(dc8dab00,6,dc7de9ec,d0445b55,d0203776) at 
ipv4_input+0x20c
Dec  7 11:35:33 gw /bsd: ipintr(d0203776,d1e98440,dc7dea0c,d057569f,0) at 
ipintr+0x73
Dec  7 11:35:33 gw /bsd: netintr(0,200292,0,0,d0202232) at netintr+0xc5
Dec  7 11:35:33 gw /bsd: softintr_dispatch(1) at softintr_dispatch+0x4f
Dec  7 11:35:33 gw /bsd: Xsoftnet() at Xsoftnet+0x17
Dec  7 11:35:33 gw /bsd: --- interrupt ---
Dec  7 11:35:33 gw /bsd: end(100,dc7deabc,d08d6f9e,dc7deabc,2) at 0xdc7deabc
Dec  7 11:35:33 gw /bsd: panic(d08d6f9e,6,2,d056f4a8,50) at panic+0x65
Dec  7 11:35:33 gw /bsd: trap() at trap+0x38f
Dec  7 11:35:33 gw /bsd: --- trap (number -809500672) ---
Dec  7 11:35:33 gw /bsd: 0x2:
Dec  7 11:35:33 gw /bsd: End of stack trace.
Dec  7 11:35:33 gw /bsd: OpenBSD 5.0 (GENERIC.MP) #59: Wed Aug 17 10:19:44 MDT 
2011
Dec  7 11:35:33 gw /bsd:     
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
Dec  7 11:35:33 gw /bsd: cpu0: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz 
(GenuineIntel 686-class) 2 GHz
Dec  7 11:35:33 gw /bsd: cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM
Dec  7 11:35:33 gw /bsd: real mem  = 1064431616 (1015MB)
Dec  7 11:35:33 gw /bsd: avail mem = 1036947456 (988MB)
Dec  7 11:35:33 gw /bsd: mainbus0 at root
Dec  7 11:35:33 gw /bsd: bios0 at mainbus0: AT/286+ BIOS, date 08/12/08, 
BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.5 @ 0x9f800 (28 entries)
Dec  7 11:35:33 gw /bsd: bios0: vendor American Megatrends Inc. version 
080014 date 08/12/2008
Dec  7 11:35:33 gw /bsd: bios0: ICP / iEi KINO-9652
Dec  7 11:35:33 gw /bsd: acpi0 at bios0: rev 0
Dec  7 11:35:33 gw /bsd: acpi0: sleep states S0 S1 S4 S5
Dec  7 11:35:33 gw /bsd: acpi0: tables DSDT FACP APIC MCFG OEMB ASF! SSDT
Dec  7 11:35:33 gw /bsd: acpi0: wakeup devices P0P2(S4) P0P1(S4) PS2K(S4) 
PS2M(S4) USB0(S4) USB1(S4) USB2(S4) USB3(S4) EUSB(S4) P0P4(S4) P0P5(S4) 
P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) HDAC(S4) USB4(S4) USB5(S4) USBE(S4) GBEC(S4)
Dec  7 11:35:33 gw /bsd: acpitimer0 at acpi0: 3579545 Hz, 24 bits
Dec  7 11:35:33 gw /bsd: acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
Dec  7 11:35:33 gw /bsd: cpu0 at mainbus0: apid 0 (boot processor)
Dec  7 11:35:33 gw /bsd: cpu0: apic clock running at 201MHz
Dec  7 11:35:33 gw /bsd: cpu1 at mainbus0: apid 1 (application processor)
Dec  7 11:35:33 gw /bsd: cpu1: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz 
(GenuineIntel 686-class) 2.02 GHz
Dec  7 11:35:33 gw /bsd: cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM
Dec  7 11:35:33 gw /bsd: ioapic0 at mainbus0: apid 2 pa 0xfec0, version 
20, 24 pins
Dec  7 11:35:33 gw /bsd: acpimcfg0 at acpi0 addr 0xe000, bus 0-255
Dec  7 11:35:33 gw /bsd: acpiprt0 at acpi0: bus 0 (PCI0)
Dec  7 11:35:33 gw /bsd: acpiprt1 at acpi0: bus -1 (P0P2)
Dec  7 11:35:33 gw /bsd: acpiprt2 at acpi0: bus 1 (P0P1)
Dec  7 11:35:33 gw /bsd: acpiprt3 at acpi0: bus 2 (P0P4)
Dec  7 11:35:33 gw /bsd: acpiprt4 at acpi0: bus 3 (P0P5)
Dec  7 11:35:33 gw /bsd: acpiprt5 at acpi0: bus -1 (P0P6)
Dec  7 11:35:33 gw /bsd: acpiprt6 at acpi0: bus -1 (P0P7)
Dec  7 11:35:33 gw /bsd: acpiprt7 at acpi0: bus -1 (P0P8)
Dec  7 11:35:33 gw /bsd: acpiprt8 at acpi0: bus -1 (P0P9)
Dec  7 11:35:33

npppd as pptpdserver

2012-10-16 Thread pavel pocheptsov 
I'm trying to setup npppd as change for poptop.
I'm able connect to server from Internet,
but I'm not able to get access to resources
behind server and even server.
I repeat all step from here except 1, 2, 3, 6:
http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.sbin/npppd/Attic/HOWTO_PIPEX_NPPPD.txt?rev=1.3;content-type=text%2Fplain

tun0 used for openvpn, but I need pptp for mobile devices.

# uname -vrp
5.1 GENERIC.MP#188 i386
# npppd -d
2012-10-16 22:18:07:NOTICE: Starting npppd pid=25397 version=5.0.0
2012-10-16 22:18:07:NOTICE: Load configuration from='/etc/npppd/npppd.conf' 
successfully.
2012-10-16 22:18:07:INFO: tun1 Started ip4addr=10.0.0.1
2012-10-16 22:18:07:INFO: Listening /var/run/npppd_ctl (npppd_ctl)
2012-10-16 22:18:07:INFO: pool name=default dyn_pool=[10.0.0.0/25] 
pool=[10.0.0.0/24]
2012-10-16 22:18:07:INFO: Added 2 routes for new pool addresses
2012-10-16 22:18:07:INFO: Loading pool config successfully.
2012-10-16 22:18:07:INFO: realm name=local(local) Loaded users 
from='/etc/npppd/npppd-users.csv' successfully.  1 users
2012-10-16 22:18:07:INFO: pptpd Listening 0.0.0.0:1723/tcp (PPTP PAC) [PPTP]
2012-10-16 22:18:07:INFO: pptpd Listening 0.0.0.0:gre (PPTP PAC)
2012-10-16 22:18:07:INFO: tun1 is using ipcp=default(1 pools).
2012-10-16 22:18:34:INFO: pptpd ctrl=0 Starting peer=77.52.3x.x:4411/tcp 
sock=194.106.x.x:1723/tcp
2012-10-16 22:18:34:INFO: pptpd ctrl=0 RecvSCCRQ protocol_version=1.0 
framing=async bearer=analog max_channels=0 firmware_revision=2600(0x0a28) 
host_name= vendor_string=Microsoft Windows NT
2012-10-16 22:18:34:INFO: pptpd ctrl=0 SendSCCRP protocol_version=1.0 result=1 
error=0 framing=sync bearer=digital max_channels=4 
firmware_revision=1282(0x0502) host_name= vendor_string=
2012-10-16 22:18:34:INFO: pptpd ctrl=0 call=0 RecvOCRQ call_id=0 
call_serial_number=37740 max_bps=300 min_bps=1 bearer=analog,digital 
framing=async,sync recv_winsz=64 packet_proccessing_delay=0 phone_nunmber= 
subaddress=
2012-10-16 22:18:34:INFO: pptpd ctrl=0 call=65160 SendOCRP call_id=65160 
peers_call_id=0 result=1 error=0 cause=0 conn_speed=1000 recv_winsz=64 
packet_proccessing_delay=0 physical_channel_id=65160
2012-10-16 22:18:34:NOTICE: pptpd ctrl=0 call=65160 logtype=PPPBind ppp=0
2012-10-16 22:18:34:INFO: ppp id=0 layer=base logtype=Started 
tunnel=PPTP(77.52.x.x:4411)
2012-10-16 22:18:34:INFO: pptpd ctrl=0 call=65160 RecvSLI accm=:
2012-10-16 22:18:34:INFO: ppp id=0 layer=lcp logtype=Opened mru=1400/1400 
auth=MS-CHAP-V2 magic=c4655616/38d539d0
2012-10-16 22:18:34:INFO: ppp id=0 layer=lcp RecvId magic=38d539d0 
text=MSRASV5.10
2012-10-16 22:18:34:INFO: ppp id=0 layer=lcp RecvId magic=38d539d0 
text=MSRAS-0-ASUS-A6J
2012-10-16 22:18:34:INFO: ppp id=0 layer=chap proto=mschap_v2 logtype=Success 
username=admin realm=local
2012-10-16 22:18:34:INFO: pptpd ctrl=0 call=65160 RecvSLI accm=:
2012-10-16 22:18:34:INFO: ppp id=0 layer=mppe mismatch our=128bit,stateless 
peer=mppc,40bit,128bit,56bit,stateless
2012-10-16 22:18:34:INFO: ppp id=0 layer=ipcp IP Address peer=0.0.0.0 
our=10.0.0.5.
2012-10-16 22:18:34:INFO: ppp id=0 layer=mppe logtype=Opened 
our=128bit,stateless peer=128bit,stateless
2012-10-16 22:18:34:INFO: ppp id=0 layer=ipcp logtype=Opened ip=10.0.0.5 
assignType=dynamic
2012-10-16 22:18:34:NOTICE: ppp id=0 layer=base logtype=TUNNELSTART 
user=admin duration=1sec layer2=PPTP layer2from=77.52.x.x:4411 
auth=MS-CHAP-V2  ip=10.0.0.5 iface=tun1
2012-10-16 22:18:34:NOTICE: ppp id=0 layer=base Using pipex=yes
# ifconfig
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33196
        priority: 0
        groups: lo
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet 127.0.0.1 netmask 0xff00
em0: flags=28843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,NOINET6 mtu 1500
        lladdr 00:18:7d:0e:f5:34
        priority: 0
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 192.168.5.80 netmask 0xff00 broadcast 192.168.5.255
em1: flags=28843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,NOINET6 mtu 1500
        lladdr 00:18:7d:0e:f5:33
        priority: 0
        groups: egress
        media: Ethernet autoselect (100baseTX 
full-duplex,rxpause,txpause)
        status: active
        inet 194.106.x.x netmask 0xfffc broadcast 194.106.218.99
enc0: flags=0
        priority: 0
        groups: enc
        status: active
rum0: flags=28802BROADCAST,SIMPLEX,MULTICAST,NOINET6 mtu 1500
        lladdr 6c:62:6d:12:5d:59
        priority: 4
        groups: wlan
        media: IEEE802.11 autoselect mode 11g hostap
        status: no network
        ieee80211: nwid OpenBSDwifi chan 2 bssid 6c:62:6d:12:5d:59 100dBm
        inet 192.168.55.1 netmask 0xff00 broadcast 192.168.55.255
tun0:

Re[2]: OpenVPN and OBSD 5.1

2012-10-16 Thread pavel pocheptsov 
Also in case of rejection adding route to your box, you have to
add source NAT for packets coming from vpn net on local_if.


Tue, 16 Oct 2012 13:08:23 -0600 от Luis Coronado lcoron...@ticoit.com:
   








No, you need to have that route rule in place @snapgear in order to get the

reply from the server.


-luis


On Tue, Oct 16, 2012 at 12:52 PM, Alessandro Baggi 
alessandro.ba...@gmail.com wrote:


 Hi list,

 i'm setting up a vpn with OpenVPN on OpenBSD 5.1 amd64. (Not IPSec because

 I still do not know how to use well, this will be the next study).

combine openvpn pptpd

2012-10-10 Thread pavel pocheptsov 
I already have hostname.tun0, that used for openvpn:

up
!/usr/local/sbin/openvpn --daemon --config /etc/openvpn/server.conf

how can I run pptpd on that machine in same time?
what interface should I create and how to map it
to pptpd for five concurrent pptp session?

thanks.

source ./vars and pkitool

2012-03-07 Thread pavel pocheptsov 
Hello misc, I know that it is terrible,
and many answers on this questions in past,
but construction with dot and space before ./vars
is work to make ./clean-all and ./build-dh.
and something went wrong with ./pkitool

# uname -a
OpenBSD openbsd 5.0 GENERIC.MP#59 i386
# pwd
/etc/openvpn/easy-rsa
# . ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on 
/etc/openvpn/easy-rsa/keys
# ./clean-all
# ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
+..++...
..
...+...++...+..+...
...+..+..++*++*++*
# ./pkitool --initca
Using CA Common Name: Ektos CA
B  Please edit the vars script to reflect your configuration,
B  then source it with source ./vars.
B  Next, to start with a fresh PKI configuration and to delete any
B  previous certificates and keys, run ./clean-all.
B  Finally, you can run this tool (pkitool) to build certificates/keys.

nut cgi-bin in apache chroot

2012-01-30 Thread pavel pocheptsov 
hello misc.
please help to understand how it work?
I install nut and nut-cgi from pakages.
nut work without any problem:

# upsc eaton@localhost
battery.charge: 100
battery.charge.low: 20
battery.runtime: 3216
device.mfr: MGE UPS SYSTEMS
device.model: EX 2200
device.serial: AQ0L39022
driver.name: mge-shut
...
input.frequency: 50
input.voltage: 227
...
ups.load: 11
..
ups.power.nominal: 2200
ups.serial: AQ0L39022
ups.status: OL CHRG
..

but I can't set up web for it.
I uncomment line in hosts.conf, and change line in upsset.conf to actual.
also try any settings in httpd.conf, but result - upsstats.html shows formatted 
page
with  @HOSTLINK@, @VAR ups.model@ and other macros from upsstats.html instead 
of real parameter.
what can be not right?



--

start daemon with rc.d

2011-12-21 Thread pavel pocheptsov 
Hello misc.
In old release of OBSD to start daemons with system was used rc.local. 
For example:
if [ -x /usr/local/bin/mysqld_safe ] ; then
   su -c _mysql root -c '/usr/local/bin/mysqld_safe /dev/null 21 '
   echo -n ' mysql'
 fi

In 5.0 have changes described here: http://www.openbsd.org/faq/faq10.html#rc
and in man rc.d and rc.conf.local.
The questions is how to start mysqld_safe or cupsd or any other daemon,
that was placed in /etc/rc.d?
Add the lines to rc.conf.local like this:
pkg_scripts=cupsd
pkg_scripts=mysqld

or something else?

Re[2]: start daemon with rc.d

2011-12-21 Thread pavel pocheptsov 
21 P4P5P:P0P1QQ 2011, 14:41 PQ Antoine Jacoutot ajacou...@bsdfrog.org:
 On Wed, Dec 21, 2011 at 02:26:32PM +0400, pavel pocheptsov wrote:
  Hello misc.
  In old release of OBSD to start daemons with system was used rc.local.
  For example:
  if [ -x /usr/local/bin/mysqld_safe ] ; then
 su -c _mysql root -c '/usr/local/bin/mysqld_safe /dev/null 21 '
 echo -n ' mysql'
   fi
 
  In 5.0 have changes described here: http://www.openbsd.org/faq/faq10.html#rc
  and in man rc.d and rc.conf.local.
  The questions is how to start mysqld_safe or cupsd or any other daemon,
  that was placed in /etc/rc.d?
  Add the lines to rc.conf.local like this:
  pkg_scripts=cupsd
  pkg_scripts=mysqld
 
  or something else?
 
 pkg_scripts=cupsd mysqld
 
 Order matters, since daemons will be started accordingly.
 
 --
 Antoine
 
 
Thanks, so old way is no longer needed or it use for daemons,
that not properly installed and not put own startup-script in /etc/rc.d?

spamd.black pfctl

2011-10-10 Thread pavel pocheptsov 
hello misc.
I have spamd before mail server. and it's work nice with liberal setting like 
this:
spamd_flags=-v -l 127.0.0.1 -G 10:4:864 -h mail.server

pf.conf:
table spamd-white persist
table spamd-bypass file /etc/mail/spamd.bypass
table spamd-black file /etc/mail/spamd.black
match in on $ext_if_a inet proto tcp from { spamd-bypass, spamd-white } to 
$ext_if_a port { smtp, smtps } rdr-to mail
match in on $ext_if_a inet proto tcp from { !spamd-bypass, !spamd-white } 
to $ext_if_a port { smtp, smtps } tag MAIL_A rdr-to 127.0.0.1 port spamd
block in log quick on { $ext_if_a, $ext_if_b } from { bruteforce, private, 
spamd-black } to any
pass in on $ext_if_a inet proto tcp from any to mail port { smtp, smtps } 
synproxy state reply-to ($ext_if_a $ext_gw_a)
pass in quick reply-to ($ext_if_a $ext_gw_a) tagged MAIL_A

Periodically I receive mail from spammers throuch spamd and antispam setting on 
mail server.
Then I copy-paste IP-adress of spam-sender from field Received to
spam.txt file on router and do something like this:

#cat spam.txt | uniq | sort  /etc/mail/spamd.black
or
#sort -u spam.txt  /etc/mail/spamd.black
and
#pfctl -f /etc/pf.conf

but I won't want to reload all rules. In best way I want to add in pf 
spamd-black table
only new IP, that I past in the top of spam.txt file.
Also I try to use
pfctl -t spamd-black -T flush
pfctl -t spamd-black -T add -f /etc/mail/spamd.black
to do not touch all pf.conf, but I think when spamd.black table will have big 
size,
the better way is add a new IP in table without reloading or loading big table.

Re: Help setting up a PF NAT gateway

2011-10-10 Thread pavel pocheptsov 
match out on vic2 inet from 10.221.181.0/24 to any nat-to (vic2) round-robin
in what reason you paste round-robin?
also you need
pass in on $local_if from $localnet to any
pass out on $ext_if from $localnet to any


10 PP:QQP1QQ 2011, 19:42 PQ Stefan Midjich sweh...@gmail.com:
 
 
  
  
Simplest of things but I'm failing miserably.

$ sudo cat /etc/hostname.vic2 # External NIC with static public IPv4 address
inet 50.50.50.59 255.255.255.0 50.50.50.255

$ sudo cat /etc/hostname.vic3 # Internal NIC used as gateway by two
machines on same network
inet 10.221.181.10 255.255.255.0 10.221.181.255

For troubleshooting I have removed the block all rule, to confirm that
it is in fact my NAT related rules that don't work.

These are my first and only NAT rules. The other rules work fine and
are just to allow SSH to my management interface and ICMP response
from the external IP and from the internal gateway IP. Besides I've
removed the block all so the other rules don't matter much now.

match out on vic2 inet from 10.221.181.0/24 to any nat-to (vic2) round-robin
pass inet from 10.221.181.0/24 to any flags S/SA keep state

With tcpdump I can see packets going to vic3, but no further.

With block all commented out I can fully test the network around and
everything is working just fine, I can nc -kl 50.50.50.59 65535 and
connect to that port from anywhere on the internet. I just can't
connect out from the private network through the gateway. The systems
in the private network have 10.221.181.10 as their default gateway.

I even have the Book of PF 2nd edition here but it's of no use, the
rules are mostly from there. Just for troubleshooting I can also nc
-kl 10.221.181.10 65535 on the gateway and connect to that port from
the private network machines without issues.

So please tell me, what am I missing in this nat-to rule?

--


Med vdnliga hdlsningar / With kind regards

Stefan Midjich

Re: Php cannot connect to mysql

2011-10-06 Thread pavel pocheptsov 
Mik J P?P8QP5Q:

# ls /var/www/var/run/mysql/
mysql.sock

I hard linked it to /var/run/mysql/
#
ln /var/www/var/run/mysql/mysql.sock /var/run/mysql/mysql.sock


# ls -la /var/www/var/run/mysql
 total 8
 drwxr-xr-xB  2 _mysqlB  _mysqlB  512 Sep 21 21:14 .
 drwxr-xr-xB  3 rootB B B  daemonB  512 Apr 21B  2010 ..
 srwxrwxrwxB  1 _mysqlB  _mysqlB B B  0 Sep 21 21:14 mysql.sock
 
 use chmod to change owner to mysql-user

Re: routing problem

2011-09-28 Thread pavel pocheptsov 
what settings on client/home side?
B ipconfig /all, route print..etc


28 QP5P=QQP1QQ 2011, 11:18 PQ Wesley M. open...@e-solutions.re:
 
 
  
  
Hi, 

I have at work: 
TS Server : 10.100.1.100 his gateway is 10.100.1.254 (router for private
network)
Firewall : 10.100.1.250 (OpenBSD 4.9, ADSL : sis0, Lan (10.100.1.0/24)
:sis2 

On the firewall, i can ping 10.100.1.100 and telnet 10.100.1.100 3389 -
OK

When i am at home, i connect to firewall using thegreenbow vpn is ok, i
can ping 10.100.1.250, use ssh on the firewall, but i can't ping
10.100.1.100 and can't use rdp on this address. 

my pf rules: 
...
set skip on {lo,enc0} 
pass out on sis2 inet proto tcp from $remote to 10.100.1.100 port 3389 
pass out inet proto icmp all icmp-type echoreq
...

Any idea ?
thank you very much.
Wesley

Re[2]: routing problem

2011-09-28 Thread pavel pocheptsov 
28 QP5P=QQP1QQ 2011, 15:28 PQ Wesley M. open...@e-solutions.re:
 The VPN is between a fictif ip address(gives by the_green_bow) to
 10.100.1.0/24
 
 Using VPN, i can ping 10.100.1.250 and use also ssh on the box but pings
 doesn't work for  : 10.100.1.100, and 10.100.1.254.
 
 On the OpenBSD SIDE : ipsec.conf
 
 ike dynamic from 10.100.1.0/24 to any \
 main auth hmac-sha1 enc aes-256 group modp1024 \
 quick auth hmac-sha1 enc aes-256 psk demokey
 
maybe add to ipsec.conf from any to 10.100..
on remote side route add 10.100.1.0 mask 255.255.255.0 
IP_addres_of_your_vpn_gateway(not real gateway)

Re[2]: Load Balance Outgoing Traffic

2011-09-26 Thread pavel pocheptsov 
26 QP5P=QQP1QQ 2011, 19:50 PQ Gonzalo L. R. gonz...@x61.com.ar:
 Maybe you can use trunk(4)
 
so, I need this:

# ifconfig trunk0 trunkproto loadbalance  trunkport fxp0 trunkport fxp1 \
  trunkport fxp2 trunkport fxp3 \
   192.168.1.1 netmask 255.255.255.0

and in pf.conf

match out on trunk0 from $local_net to any nat-to $trunk0
set skip on $local_if
pass out on $ext0
pass out on $ext1
pass out on $ext2
pass out on $ext3
pass out on trunk0

I feel than something wrong in this way, isn't it?

man page say:

 The trunk protocols loadbalance and roundrobin require a switch which
 supports IEEE 802.3ad static link aggregation; otherwise protocols such
 as inet6(4) duplicate address detection (DAD) cannot properly deal with
 duplicate packets

But I know nothing about what devices run after several my $ext_if.

write spamd log to another file

2011-09-21 Thread pavel pocheptsov 
OpenBSD 4.7-stable (GENERIC) #3: Mon Sep 27 15:35:17 EEST 2010

# touch /var/log/spamd
# cat /etc/syslog.conf | grep spamd
!spamd
*.*   /var/log/spamd
# kill -HUP `cat /var/run/syslog.pid`
# cat /var/log/spamd
# tail /var/log/daemon
Sep 21 21:25:42 www spamd[21550]: 74.52.75.222: connected (1/0)
Sep 21 21:25:42 www spamd[21550]: 194.88.152.1: connected (2/0)
Sep 21 21:25:44 www spamd[21550]: 194.88.152.1: connected (3/0)
Sep 21 21:25:53 www spamd[21550]: (GREY) 194.88.152.1: dostavka.k...@list.ru 
- s...@khaer.com.ua
Sep 21 21:25:53 www spamd[21550]: 194.88.152.1: disconnected after 11 seconds.
Sep 21 21:25:54 www spamd[21550]: (GREY) 74.52.75.222: kievskaya@list.ru 
- ad...@khaer.com.ua
Sep 21 21:25:54 www spamd[21550]: 74.52.75.222: disconnected after 12 seconds.
Sep 21 21:25:55 www spamd[21550]: (GREY) 194.88.152.1: dostavka.k...@list.ru 
- in...@khaer.com.ua
Sep 21 21:25:55 www spamd[21550]: 194.88.152.1: disconnected after 11 seconds.
Sep 21 21:26:22 www spamd[21550]: 78.46.56.77: connected (1/0)
#
reboot don't help.
what is wrong?

Re[2]: write spamd log to another file

2011-09-21 Thread pavel pocheptsov 
 See syslog.conf(5) and try !!spamd instead.


# ps -ax | grep spamd
 8690 ??  Is  0:00.21 spamd: (pf spamd-white update) (spamd)
21550 ??  S   0:04.81 spamd: [priv] (greylist) (spamd)
12647 ??  S   0:00.11 spamd: (/var/db/spamd update) (spamd)
14455 p0  S+  0:00.00 grep spamd
# ps -ax | grep spamlogd
26048 ??  Ss  0:00.13 /usr/libexec/spamlogd
# ps -ax | grep syslogd
10054 ??  Ss  0:00.01 syslogd: [priv] (syslogd)
13536 ??  S   0:00.05 syslogd -a /var/www/dev/log -a /var/named/dev/log -a
# cat /etc/syslog.conf | grep spamd
!!spamd
daemon.info   /var/log/spamd
you have mail in /var/mail/root
# cat /etc/rc.conf | grep spamd
spamd_flags=NO  # for normal use:  and see spamd(8)
spamd_black=NO  # set to YES to run spamd without greylisting
# cat /etc/rc.conf | grep spamlogd
spamlogd_flags=   # use eg. -i interface and see spamlogd(8)
# cat /etc/rc.conf.local | grep spamd
spamd_flags=-v -l 127.0.0.1 -G 10:4:864 -h myhostname
# kill -HUP `cat /var/run/syslog.pid`
# cat /var/log/spamd
# tail /var/log/daemon
Sep 21 22:14:24 www spamd[21550]: 89.230.147.133: disconnected after 67 
seconds. lists: uatraps
Sep 21 22:14:24 www spamd[21550]: 89.230.147.133: disconnected after 67 
seconds. lists: uatraps

still don't work.

Re[2]: write spamd log to another file

2011-09-21 Thread pavel pocheptsov 
 You grepped out some useful information; most likely you added it to
 the end so the previous blocks match first. This might make it clearer:


look's like this:

# cat /etc/syslog.conf
# $OpenBSD: syslog.conf,v 1.17 2005/05/25 07:35:38 david Exp $
#
!!spamd
daemon.info /var/log/spamd
#
*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages
kern.debug;syslog,user.info /var/log/messages
auth.info /var/log/authlog
authpriv.debug /var/log/secure
cron.info /var/cron/log
daemon.info /var/log/daemon
ftp.info /var/log/xferlog
lpr.debug /var/log/lpd-errs
mail.info /var/log/maillog
#uucp.info /var/log/uucp

# Uncomment this line to send important messages to the system
# console: be aware that this could create lots of output.
#*.err;auth.notice;authpriv.none;kern.debug;mail.crit /dev/console

# Uncomment this to have all messages of notice level and higher
# as well as all authentication messages sent to root.
#*.notice;auth.debug root

# Everyone gets emergency messages.
*.emerg *

# Uncomment to log to a central host named loghost. You need to run
# syslogd with the -u option on the remote host if you are using this.
# (This is also required to log info from things like routers and
# ISDN-equipment). If you run -u, you are vulnerable to syslog bombing,
# and should consider blocking external syslog packets.
#*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none @loghost
#auth,daemon,syslog,user.info;authpriv,kern.debug @loghost

# Uncomment to log messages from sudo(8) and chat(8) to their own
# respective log files. Matches are done based on the program name.
# Program-specific logs:
#!sudo
#*.* /var/log/sudo
#!chat
#*.* /var/log/chat
!ppp
*.* /var/log/ppp
#

maybe problem in this:
# ls -la /var/log/ | grep spamd
-rw-r--r-- 1 root wheel 0 Sep 21 21:24 spamd

tftp - no route to host

2011-04-29 Thread pavel pocheptsov 
openbsd 4.8

# cat inetd.conf | grep tftpd
tftpdgram   udp waitroot/usr/libexec/tftpd  
/usr/libexec/tftpd -s /tftpboot

# netstat -na | grep .69
udp  0  0  *.69   *.*

# cat /etc/pf.conf | grep tftp
pass in on $int_if inet proto udp from any to $int_if port tftp

# tftp 127.0.0.1
tftp get 123
Error code 1: File not found
tftp get ekey
Received 40 bytes in 0.0 seconds
tftp quit

then I try to connect from another machine,
and see this message in daemon-log:

Apr 29 13:52:35 ipsec2 tftpd[18767]: 127.0.0.1: denied read access to '123'
Apr 29 13:53:35 ipsec2 tftpd[24124]: send: No route to host
Apr 29 13:53:36 ipsec2 tftpd[15240]: send: No route to host

what does it mean?

l2tpd

2011-04-13 Thread pavel pocheptsov 
does openbsd have l2tpd-daemon in packages or ports?

Re[3]: match keyword in pf for no action

2011-01-22 Thread pavel pocheptsov 
Fri, 21 Jan 2011 23:14:05 +0200 ohq|ln nr Destan YILANCI dyila...@gmail.com:

Hi,

Use quick keyword and pass packets from spamd-bypass table to smtp service. 
At the second rule redirect packets from any source to spamd port.


2011/1/21 pavel pocheptsov lilit-aibo...@mail.ru
I know about changes in PF sintax:
###
   nat on $ext_if from 10/8 - ($ext_if)
   rdr on $ext_if to ($ext_if) - 1.2.3.4becomes
   match out on $ext_if from 10/8 nat-to ($ext_if)
   match in on $ext_if to ($ext_if) rdr-to 1.2.3.4


and all is work fine.
but how to use previosly used:

no rdr on $ext_if inet proto tcp from spamd-bypass to port smtp

actually how to use no key for nat and rdr rules?
I do this to connect goodgays directly to sendmail in next pass-rule.


So, I need to do this:

match in on $ext_if proto tcp from any to $ext_if port smtp rdr-to 127.0.0.1 
port spamd
pass in quick on $ext_if proto tcp from spam-bypass to $ext_if port smtp

instead of pvevios syntax:

no rdr on $ext_if inet proto tcp from spamd-bypass to $ext_if  port smtp
rdr on $ext_if inet proto tcp from any to $ext_if port smtp - 127.0.0.1 port 
spamd
pass on $ext_if inet proto tcp from any to $ext_if proto smtp

match keyword in pf for no action

2011-01-21 Thread pavel pocheptsov 
I know about changes in PF sintax:
###
   nat on $ext_if from 10/8 - ($ext_if)
   rdr on $ext_if to ($ext_if) - 1.2.3.4becomes
   match out on $ext_if from 10/8 nat-to ($ext_if)
   match in on $ext_if to ($ext_if) rdr-to 1.2.3.4


and all is work fine.
but how to use previosly used:

no rdr on $ext_if inet proto tcp from spamd-bypass to port smtp

actually how to use no key for nat and rdr rules?
I do this to connect goodgays directly to sendmail in next pass-rule.