Re: Sparc Openbsd install

2011-09-20 Thread David Astua 
On Tue, Sep 20, 2011 at 8:58 AM, hvom .org  wrote:
> Hi all
>
> I'm one server sunfire V100 for 10$, i'm look list hardware openbsd is
> good, v100 is supported. I'm not installed, no VGA, no CD, four
> ethernet.
>
> Help me, install OpenBSD please ?
>
> Tanks !
>
>

Hi;

I've a v100 too, the easiest way for the install is to plug a CDROM in
one of the HD (IDE) ports.
This servers are a bit tricky and not all the CDROMs will work.

Another important thing... You don't have 4 Ethernet ports, there are
just 2 Ethernet and the other 2 are LOM ports that you are gonna need
for the server management.

Here the pinouts for the cable you have to build (you can buy the
cable too but is more $$).
http://www.sunhelp.org/unix-serial-port-resources/serial-pinouts/#netrat1105.link

Some basic info about how to handle the LOM
http://www.sheepguardingllama.com/2007/09/sunfire-v100-server/

Everything else goes as usual.


Best regards;
 -- David A.

Re: My pf.conf and an nmap scan

2010-11-12 Thread David Astua 
2010/11/12 xSAPPYx :
> Try:
> set block-policy return
>
> You should get your proper closed messages in nmap
>
>
> On Fri, Nov 12, 2010 at 13:27, woolsherpahat 
wrote:
>> (please see my in-line comments)
>>
>> On Fri, Nov 12, 2010 at 12:09 PM, Kenneth Gober  wrote:
>>> is it this?
# redirect external ssh traffic from ?
pass in log on $ext_if inet proto tcp to ($ext_if) port ?\
 B  B  B  rdr-to 127.0.0.1 port 22
>>> to me, that rule looks like it will accept any inbound traffic on the
>>> external interface and redirect it to 127.0.0.1:22. B but I don't know
> what
>>> the question marks do; I've never seen them used in a pf rule before. B
my
>>> guess is, if pf accepts them at all, it treats them as a wildcard.
>>> -ken
>>
>> The ? marks are just replacements for the actual port number. This
>> rule should forward outside traffic from port ? to the SSH server
>> but I think you are probably on the right track. I really don't
>> understand the new rdr-to and match nat-to rules as well as the older
>> pre 4.6 syntax.
>>
>> However, if I comment that rule out, an nmap still shows a bunch open
>> ports. If I try manually connecting to one of the ports that are
>> listed as open by nmap I get a "Could not open connection to the host,
>> on port 7800: Connect failed". Is it possible that nmap is just full
>> of crap?
>>
>>> On Fri, Nov 12, 2010 at 3:41 PM, woolsherpahat 
>>> wrote:

 Hello @misc!

 I have a lovely little Soekris 4501 running OpenBSD 4.7 (Release).
 However, I get some strange results if I run a nmap scan on it from
 work. I get hundreds of ports listed as open. Now it's likely that I
 have mis-configured my firewall but I can' see exactly where.
 Hopefully someone here on @misc can hit me with the clue stick.

 $ext_if (sis0) is my external facing interface. $int_if and $apple_if
 (sis1 and sis2, respectively) are my internal subnets. The Soekris is
 obviously doing NAT for all my internal subnets -- NAT works, as does
 the restrictions on sis1 and sis2 from being able to send traffic to
 sis0's subnet. Now unless I am terribly mistaken the 'block in log'
 should by default block any inbound packets on any interface unless
 there is a subsequent rule that matches that packet as the packet will
 do whatever the last matching rule told it too. So all inbound traffic
 will either A) be blocked or B) match an "exception" later on in the
 ruleset right? So how come a scan from the "outside", reveals hundreds
 of unfiltered ports?

 Advice would be much welcome.
 Thank you!



 /etc/pf.conf:

 # macros
 ext_if="sis0"
 int_if="sis1"
 apple_if="sis2"
 wifi_if="ral0"

 table  persist file "/etc/bogon-bn-agg.txt"

 # options
 set require-order yes
 set block-policy drop
 set optimization normal
 set skip on lo0



 # flag packets from all internal interfaces for NAT
 match out on $ext_if inet from !($ext_if:network) to any nat-to
 ($ext_if:0)

 # policy: default deny on all inbound traffic on all interfaces
 block in log

 # immediately pass out traffic on external interface, modulate state to
 make
 # ISNs (initial sequence numbers) harder to guess
 pass out quick on $ext_if proto tcp modulate state

 # policy: default allow on all outbound traffic on all interfaces
 pass out

 # antispoofing for internal interfaces
 antispoof quick for { $int_if $apple_if $wifi_if }

 # ingress/egress bogon filtering
 block in quick log on $ext_if from 
 block out quick log on $ext_if from 

 # allow internal traffic in, except from untrusted --> trusted
 pass in on $int_if from $int_if:network
 pass in on $apple_if from $apple_if:network to !$int_if:network
 pass in on $wifi_if from $wifi_if:network to !$int_if:network

 # allow ssh traffic on trusted interface
 pass in log on $int_if inet proto tcp from $int_if:network to $int_if
> port
 22

 # redirect external ssh traffic from ?
 pass in log on $ext_if inet proto tcp to ($ext_if) port ?\
 B  B  B  B rdr-to 127.0.0.1 port 22
>
>

Yep exactly...

Check this:
http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject

Re: OpenBSD PPC on iBook G3 -- Wireless alternatives?

2010-11-07 Thread David Astua 
2010/11/7 Dmitrij Czarkoff :
> On Sun, Nov 7, 2010 at 4:32 PM, David Astua  wrote:
>> I would try it if my first choose fails (a 3COM 3CRUSB10075 with zyd)
>> mostly for pricing reasons.
>
> As far as I know, the zyd driver supports short preamble only, while
> some router hardware is configured to long preamble only by default.
>
> --
> Dmitrij D. Czarkoff
>

Mmm, that's sounds odd, i've just read your tread about this problem.
http://marc.info/?l=openbsd-misc&m=128013859714330&w=2

Thanks for the pointer!

My choice was based mostly on this presentation (a bit old):
http://www.openbsd.org/papers/brhard2007/mgp00012.html

So which is the best choice? Right now I'm seriously thinking about
the D-Link DWA-130 (AR9001U/otus) over the D-Link DWA-130 , even if
the 802.11n capabilities aren't supported right now.

Thanks in advance!

  -- David A.

Re: OpenBSD PPC on iBook G3 -- Wireless alternatives?

2010-11-07 Thread David Astua 
2010/11/7 Nicolas P. M. Legrand :
> Hello,
>
> On Sat, Nov 06, 2010 at 08:30:54PM -0600, David Astua wrote:
>> I've just got an old iBook G3, and want to run OpenBSD on it, so
>> there's some recommendation about which USB wireless adapter would
>> work better on this PPC laptop?
>> The idea is to to learn PPC assembly and do some C code on it, there's
>> no need for X or sound, a minimal install and some developer tools
>> would be enough for me.
>>
>> So all I need on this box is OpenBSD/Vi/Wifi/OpenBSD sticker to cover
>> the Apple Logo.
>
> I have a D-Link DWA-110 I have plugged in various G3/G4 PPC systems
> that works very well.
>
> rum0 at uhub1 port 4 "Ralink 802.11 bg WLAN" rev 2.00/0.01 addr 2
> rum0: MAC/BBP RT2573 (rev 0x2573a), RF RT2528, address ba:ba:ba:ba:ba:ba
>
> cheers,
>
> --
> nicolas
>

Thanks Nicolas, I'm going to take this into account.

I would try it if my first choose fails (a 3COM 3CRUSB10075 with zyd)
mostly for pricing reasons.

Best regards;

  -- David A.

OpenBSD PPC on iBook G3 -- Wireless alternatives?

2010-11-06 Thread David Astua 
I've just got an old iBook G3, and want to run OpenBSD on it, so
there's some recommendation about which USB wireless adapter would
work better on this PPC laptop?
The idea is to to learn PPC assembly and do some C code on it, there's
no need for X or sound, a minimal install and some developer tools
would be enough for me.

So all I need on this box is OpenBSD/Vi/Wifi/OpenBSD sticker to cover
the Apple Logo.

Thanks in advance!
  -- David A.