Dealing with Seagate's problematic 7200.11 firmware.
Recovering from Seagate's problematic 7200.11 firmware. Most of you have read about the problems with Seagate's 7200.11 disks. For those of you that haven't, the firmware on many of these drives is buggy, and can "brick" the drive when powering up or rebooting the system. Thus far, Seagate's response has been less than wonderful. We need a FLOSS solution. Goals: 1) Ability to read the number of log entries. 2) Ability to change the number of log entries. 3) Ability to install new firmware from Unix. We need for this to work with any flavor of Unix, on any CPU arch, without reboot or power cycle. We need for this to work on one drive without affecting other drives. I don't expect to be able to write FLOSS firmware for the drives, so this isn't listed as a goal. If you think you can, please feel free. The problem: "IF the drive is powered down when there are 320 entries in this journal or log, then when it is powered back up, the drive errors out on init and won't boot properly - to the point that it won't even report it's information to the BIOS." Maxtorman, slashdot discussion [2] If Maxtorman is correct, then once the drive has been operating awhile, we have a 1 in 320 chance that the circular log is at entry 320. We want to be able to find out how many log entries the disk currently has, and we want to be able to change the number of log entries away from 320, while we wait for Seagate to get its act together and release firmware that works properly. Since Seagate's solution will require attaching the drive to an x86 system and booting a FreeDOS ISO from CD, if the log is at 320 that boot will brick the drive. There are other firmware problems with the 7200.11 series, but this is the biggie. Once Seagate releases working firmware, we want to be able to install it from Unix, on any CPU arch. Seagate's release can only install on x86 using FreeDOS. *ATA Commands that may be useful: command namecommand code in hex page [1] pdf page [1] Read Log Ext0x2F27 33 S.M.A.R.T. Read Log Sector 0xB0 / 0xD5 28,34 34,40 S.M.A.R.T. Write Log Sector 0xB0 / 0xD6 28,34 34.40 Write Log Extended 0x3F28 34 Download Microcode 0x9227 33 Questions: Is Maxtorman correct about the 320 log entries? Are the commands listed above the ones we need? What is the difference between the "Log Extended" and the S.M.A.R.T. Log Sector? Is "Microcode" the same as "firmware"? (Seagate uses the term firmware elsewhere in the manual, but I don't find any sort of "write firmware" command.) Where can we get more detailed info about these commands and how to use them? References: [1] Seagate Barracuda 7200.11 Serial ATA Product Manual rev C August 2008 http://www.seagate.com/staticfiles/support/disc/manuals/desktop/Barracuda%207200.11/100507013c.pdf [2] http://it.slashdot.org/article.pl?sid=09/01/21/0052236
Re: Cannot FTP to ftp.openbsd.org
Thanks for the response Stuart. You maybe right there as , I setup another box (different network - same os (obsd)) but saw slowness only on one and not the other. Also weird thing was as the slowness was only it getting back the user prompt. After that login and file transfers were all fast. Thanks for looking into this. -Parvinder Bhasin On Jan 23, 2009, at 5:35 PM, Stuart Henderson wrote: On 2009-01-23, Parvinder Bhasin wrote: Never mind this email...it turns out the server was REALY slow in responding and I was impatient (i guess). not sure about this particular occasion, but delays at that point are often caused by broken reverse dns for the client's IP address.
Re: Apache file upload
pcnico...@freesurf.fr wrote: > Hi > > I need a very simple web page to upload files on my Apache web server. > I found some cgi script like this one > http://www.raditha.com/megaupload/ but I always face "internal server > error" message. > > Did anyone done some like that ? I had an application like this myself a while back... I found an application called "file upload" by Jeffery Carnahan. GNU license, and currently seems to be proof that GNU does NOT mean "can't disappear". Danged if I can find the original source on the 'net. Original domain has been abandoned and grabbed by a squatter. Lots of references to it...but can't find a mirror. (I only spent a few minutes looking through google, admittedly) The good news is I found what I Think is all three original files on an archival copy of one of my old machines, unfortunately the .tar or .tgz file is missing (why keep it? I could always download it again!) and I've stuck it on one of my machines. It is a whopping 9k in size, so I don't think it will hurt my DSL line too badly... :) So...file-upload.cgi, upload.html, and a README file from Jeff Carnahan, Copyright 1996 - 1998 (his, not mine!) can be grabbed here: http://www.holland-consulting.net/upload.tgz if you find any files are missing, let me know, I'm sure it is on one of my systems..somewhere. Anyway..relatively easy to get working. Needed no other packages, just uses perl (included with base OpenBSD). I didn't use a chroot on the uploading task, as it was writing to disk and on a dedicated machine, figured it wouldn't be worth the false sense of security and complexity. If you find any security issues with the app, let me know, though, the app I wrote was pretty nifty... One quirk I found, but didn't really understand, is it appears to write a temporary file to /var/tmp, then after the upload is complete, it copies it to your destination directory (imagine my surprise with my /var partition filled, when I thought it was all in my /var/www partition! :). This proved to be a little strange to the users when using a slow machine to gather big files -- the user uploads a 1G file, the upload is complete, but the thing just sits there for a minute or so as it copies the file to its ultimate destination. I didn't understand the script as well as I'd like to, but it did work, and worked quite nicely for me. Note: it would be wise to remember my role with the OpenBSD project is documenter, not code quality person, so do NOT put too much faith in my recommendation here! This script could have security holes big enough to drive a Windows Vista workstation though..use at YOUR own risk, etc. I just spent too much time trying to find something like this that worked well and simply enough that it could be maintained easily...and this did it much better(=easier) than the several other things I looked at. Nick.
Re: Cannot FTP to ftp.openbsd.org
On 2009-01-23, Parvinder Bhasin wrote: > Never mind this email...it turns out the server was REALY slow in > responding and I was impatient (i guess). not sure about this particular occasion, but delays at that point are often caused by broken reverse dns for the client's IP address.
Re: Cannot FTP to ftp.openbsd.org
Never mind this email...it turns out the server was REALY slow in responding and I was impatient (i guess). Thx. On Jan 23, 2009, at 3:58 PM, Parvinder Bhasin wrote: Cannot ftp to ftp.openbsd.org from my openbsd machine. This is not in front of firewall , this machine is actually connected to the internet directly. Here is where it stops: ftp> open ftp.openbsd.org Connected to openbsd.sunsite.ualberta.ca. If I try to ftp to some other ftp site, they all work fine. I have disabled pf on this for testing with same result. Any suggestions? Thanks
Cannot FTP to ftp.openbsd.org
Cannot ftp to ftp.openbsd.org from my openbsd machine. This is not in front of firewall , this machine is actually connected to the internet directly. Here is where it stops: ftp> open ftp.openbsd.org Connected to openbsd.sunsite.ualberta.ca. If I try to ftp to some other ftp site, they all work fine. I have disabled pf on this for testing with same result. Any suggestions? Thanks
Re: Router ping one way only
2009/1/23 duxbuz > Made some progress, in fact probably a school boy error, the 172.16.0.6 > vista > machine uses wireless. I placed a wired maching on 172.16.0.0/24 and one > on > 192.168.0.0/24 subnets and they can communicate via ping. Phew. > > But it seems 192168.0.0/24 subnet gets no dns resolved, it has dns > settings > for my ISP which work on the 172 range. Also a traceroute only resolves > fully one way. > > Dont know if the pf needs to nat to get the DNS working. Any ideas and > thanks. > Hi, as before it smells like nasty firewall or PLUG AND PRAY wireless, access, router point problem > > > > duxbuz wrote: > > > > Sorry, ip 172.16.0.6 is the address of the vista machine on otherside of > > router. > > > > I will post the results of the pupil-laptop pinging the server: > > > > pu...@pupil-laptop:~$ sudo tcpdump -i eth0 > > tcpdump: verbose output suppressed, use -v or -vv for full protocol > decode > > listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes > > 21:59:18.983781 IP pupil-laptop.local.ssh > 172.16.0.6.53471: P > > 1475800150:1475800266(116) ack 4280506126 win 566 > > 22:00:03.989533 IP 172.16.0.6.53471 > pupil-laptop.local.ssh: . ack 116 > > win 63 > > 22:00:03.989668 IP pupil-laptop.local.ssh > 172.16.0.6.53471: P > > 116:232(116) ack 1 win 566 > > 21:59:18.985065 IP pupil-laptop.local.48762 > 212.23.3.100.domain: 26768+ > > PTR? 6.0.16.172.in-addr.arpa. (41) > > 21:59:19.188086 IP 172.16.0.6.53471 > pupil-laptop.local.ssh: . ack 232 > > win 62 > > 21:59:21.377730 IP 172.16.0.6.53460 > pupil-laptop.local.ssh: P > > 3443212094:3443212146(52) ack 179455010 win 62 > > 21:59:21.378147 IP pupil-laptop.local.ssh > 172.16.0.6.53460: P 1:53(52) > > ack 52 win 566 > > 21:59:21.710276 IP 172.16.0.6.53460 > pupil-laptop.local.ssh: P > 52:104(52) > > ack 53 win 68 > > 21:59:21.710635 IP pupil-laptop.local.ssh > 172.16.0.6.53460: P > 53:105(52) > > ack 104 win 566 > > 21:59:22.041935 IP 172.16.0.6.53460 > pupil-laptop.local.ssh: . ack 105 > > win 68 > > 21:59:22.043072 IP 172.16.0.6.53460 > pupil-laptop.local.ssh: P > > 104:156(52) ack 105 win 68 > > 21:59:22.043358 IP pupil-laptop.local.ssh > 172.16.0.6.53460: P > > 105:157(52) ack 156 win 566 > > 21:59:22.261685 IP 172.16.0.6.53460 > pupil-laptop.local.ssh: . ack 157 > > win 68 > > > > > > Thats with this command running on another ssh session: > > > > pu...@pupil-laptop:~$ ping 172.16.0.254 > > PING 172.16.0.254 (172.16.0.254) 56(84) bytes of data. > > 64 bytes from 172.16.0.254: icmp_seq=1 ttl=255 time=0.194 ms > > 64 bytes from 172.16.0.254: icmp_seq=2 ttl=255 time=0.183 ms > > > > Seems to be no icmp in there, dont know if thats significant. > > > > I am still not knowing why I cant ping both ways or why dns wont resolve > > on the 192.168.0.0/24 subnet. > > > > > > > > > > > > Christiano Farina Haesbaert wrote: > >> > >> On 22/01/2009, at 07:11, duxbuz wrote: > >> > >>> Still no joy with this issue. > >>> > >>> I was asked to try: > >>> > Try this, > >>> . > Go the the ubuntu machine (network 192...) and listen to icmp > packets in > >>> the interface connected to the >172... network. > > Then get a machine from network 172... and try to ping it. > > You did a tcpdump on the pf pseudo-interface before but you're > problem > >>> doesn't seem to be routing and >or pf filter rules. > >>> > If you see ICMP requests coming from another ip, you have a nat in > between > >>> and that would justify >your "one way ping". > >>> > >>> I got these results from this: > >>> > >>> tcpdump: verbose output suppressed, use -v or -vv for full protocol > >>> decode > >>> > >>> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes > >>> > >>> 08:30:28.359774 IP pupil-laptop.local.ssh > 172.16.0.6.49797: P > >>> 1505958084:15059 > >>> 58280(196) ack 379641432 win 566 > >>> > >> Whats the ip of pupil-laptop.local ? > >>> > >>> 08:30:28.361092 IP pupil-laptop.local.50398 > 212.23.3.100.domain: > >>> 33472+ > >>> PTR? 6 > >>> .0.16.172.in-addr.arpa. (41) > >>> > >>> 08:30:28.361960 IP 172.16.0.6.49797 > pupil-laptop.local.ssh: . ack > >>> 196 win > >>> 66 > >>> > >>> 08:30:28.375114 IP pupil-laptop.local > 172.168.0.6: ICMP echo > >>> request, id > >>> 4893 > >>> , > >>> seq 5, > >>> length 64 > >> > >> Is 172.168.0.6 the correct ip for the server ? > >> Is that what you typed in pupil-laptop ? > >> You can say that the pupil-laptop packets are arriving at the > >> destination, but they get there with ip 172.168.0.6, which seems not > >> to be the server, so it passes the packet forward to the default route. > >> > >>> 08:30:29.375137 IP pupil-laptop.local > 172.168.0.6: ICMP echo > >>> request, id > >>> 4893 > >>> , > >>> seq 6, > >>> length 64 > >>> > >>> 08:30:30.375146 IP pupil-laptop.local > 172.168.0.6: ICMP echo > >>> request, id > >>> 4893 > >>> , > >>> seq 7, > >>> length 64 > >>> > >>> 08:30:31.375134 IP pupil-laptop.local > 172.168.0.6: ICMP echo > >>> request, id >
Re: Router ping one way only
Made some progress, in fact probably a school boy error, the 172.16.0.6 vista machine uses wireless. I placed a wired maching on 172.16.0.0/24 and one on 192.168.0.0/24 subnets and they can communicate via ping. Phew. But it seems 192168.0.0/24 subnet gets no dns resolved, it has dns settings for my ISP which work on the 172 range. Also a traceroute only resolves fully one way. Dont know if the pf needs to nat to get the DNS working. Any ideas and thanks. duxbuz wrote: > > Sorry, ip 172.16.0.6 is the address of the vista machine on otherside of > router. > > I will post the results of the pupil-laptop pinging the server: > > pu...@pupil-laptop:~$ sudo tcpdump -i eth0 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes > 21:59:18.983781 IP pupil-laptop.local.ssh > 172.16.0.6.53471: P > 1475800150:1475800266(116) ack 4280506126 win 566 > 22:00:03.989533 IP 172.16.0.6.53471 > pupil-laptop.local.ssh: . ack 116 > win 63 > 22:00:03.989668 IP pupil-laptop.local.ssh > 172.16.0.6.53471: P > 116:232(116) ack 1 win 566 > 21:59:18.985065 IP pupil-laptop.local.48762 > 212.23.3.100.domain: 26768+ > PTR? 6.0.16.172.in-addr.arpa. (41) > 21:59:19.188086 IP 172.16.0.6.53471 > pupil-laptop.local.ssh: . ack 232 > win 62 > 21:59:21.377730 IP 172.16.0.6.53460 > pupil-laptop.local.ssh: P > 3443212094:3443212146(52) ack 179455010 win 62 > 21:59:21.378147 IP pupil-laptop.local.ssh > 172.16.0.6.53460: P 1:53(52) > ack 52 win 566 > 21:59:21.710276 IP 172.16.0.6.53460 > pupil-laptop.local.ssh: P 52:104(52) > ack 53 win 68 > 21:59:21.710635 IP pupil-laptop.local.ssh > 172.16.0.6.53460: P 53:105(52) > ack 104 win 566 > 21:59:22.041935 IP 172.16.0.6.53460 > pupil-laptop.local.ssh: . ack 105 > win 68 > 21:59:22.043072 IP 172.16.0.6.53460 > pupil-laptop.local.ssh: P > 104:156(52) ack 105 win 68 > 21:59:22.043358 IP pupil-laptop.local.ssh > 172.16.0.6.53460: P > 105:157(52) ack 156 win 566 > 21:59:22.261685 IP 172.16.0.6.53460 > pupil-laptop.local.ssh: . ack 157 > win 68 > > > Thats with this command running on another ssh session: > > pu...@pupil-laptop:~$ ping 172.16.0.254 > PING 172.16.0.254 (172.16.0.254) 56(84) bytes of data. > 64 bytes from 172.16.0.254: icmp_seq=1 ttl=255 time=0.194 ms > 64 bytes from 172.16.0.254: icmp_seq=2 ttl=255 time=0.183 ms > > Seems to be no icmp in there, dont know if thats significant. > > I am still not knowing why I cant ping both ways or why dns wont resolve > on the 192.168.0.0/24 subnet. > > > > > > Christiano Farina Haesbaert wrote: >> >> On 22/01/2009, at 07:11, duxbuz wrote: >> >>> Still no joy with this issue. >>> >>> I was asked to try: >>> Try this, >>> . Go the the ubuntu machine (network 192...) and listen to icmp packets in >>> the interface connected to the >172... network. Then get a machine from network 172... and try to ping it. You did a tcpdump on the pf pseudo-interface before but you're problem >>> doesn't seem to be routing and >or pf filter rules. >>> If you see ICMP requests coming from another ip, you have a nat in between >>> and that would justify >your "one way ping". >>> >>> I got these results from this: >>> >>> tcpdump: verbose output suppressed, use -v or -vv for full protocol >>> decode >>> >>> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes >>> >>> 08:30:28.359774 IP pupil-laptop.local.ssh > 172.16.0.6.49797: P >>> 1505958084:15059 >>> 58280(196) ack 379641432 win 566 >>> >> Whats the ip of pupil-laptop.local ? >>> >>> 08:30:28.361092 IP pupil-laptop.local.50398 > 212.23.3.100.domain: >>> 33472+ >>> PTR? 6 >>> .0.16.172.in-addr.arpa. (41) >>> >>> 08:30:28.361960 IP 172.16.0.6.49797 > pupil-laptop.local.ssh: . ack >>> 196 win >>> 66 >>> >>> 08:30:28.375114 IP pupil-laptop.local > 172.168.0.6: ICMP echo >>> request, id >>> 4893 >>> , >>> seq 5, >>> length 64 >> >> Is 172.168.0.6 the correct ip for the server ? >> Is that what you typed in pupil-laptop ? >> You can say that the pupil-laptop packets are arriving at the >> destination, but they get there with ip 172.168.0.6, which seems not >> to be the server, so it passes the packet forward to the default route. >> >>> 08:30:29.375137 IP pupil-laptop.local > 172.168.0.6: ICMP echo >>> request, id >>> 4893 >>> , >>> seq 6, >>> length 64 >>> >>> 08:30:30.375146 IP pupil-laptop.local > 172.168.0.6: ICMP echo >>> request, id >>> 4893 >>> , >>> seq 7, >>> length 64 >>> >>> 08:30:31.375134 IP pupil-laptop.local > 172.168.0.6: ICMP echo >>> request, id >>> 4893 >>> , >>> seq 8, >>> length 64 >>> >>> 08:30:32.375144 IP pupil-laptop.local > 172.168.0.6: ICMP
Re: Router ping one way only
Sorry, ip 172.16.0.6 is the address of the vista machine on otherside of router. I will post the results of the pupil-laptop pinging the server: pu...@pupil-laptop:~$ sudo tcpdump -i eth0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 21:59:18.983781 IP pupil-laptop.local.ssh > 172.16.0.6.53471: P 1475800150:1475800266(116) ack 4280506126 win 566 22:00:03.989533 IP 172.16.0.6.53471 > pupil-laptop.local.ssh: . ack 116 win 63 22:00:03.989668 IP pupil-laptop.local.ssh > 172.16.0.6.53471: P 116:232(116) ack 1 win 566 21:59:18.985065 IP pupil-laptop.local.48762 > 212.23.3.100.domain: 26768+ PTR? 6.0.16.172.in-addr.arpa. (41) 21:59:19.188086 IP 172.16.0.6.53471 > pupil-laptop.local.ssh: . ack 232 win 62 21:59:21.377730 IP 172.16.0.6.53460 > pupil-laptop.local.ssh: P 3443212094:3443212146(52) ack 179455010 win 62 21:59:21.378147 IP pupil-laptop.local.ssh > 172.16.0.6.53460: P 1:53(52) ack 52 win 566 21:59:21.710276 IP 172.16.0.6.53460 > pupil-laptop.local.ssh: P 52:104(52) ack 53 win 68 21:59:21.710635 IP pupil-laptop.local.ssh > 172.16.0.6.53460: P 53:105(52) ack 104 win 566 21:59:22.041935 IP 172.16.0.6.53460 > pupil-laptop.local.ssh: . ack 105 win 68 21:59:22.043072 IP 172.16.0.6.53460 > pupil-laptop.local.ssh: P 104:156(52) ack 105 win 68 21:59:22.043358 IP pupil-laptop.local.ssh > 172.16.0.6.53460: P 105:157(52) ack 156 win 566 21:59:22.261685 IP 172.16.0.6.53460 > pupil-laptop.local.ssh: . ack 157 win 68 Thats with this command running on another ssh session: pu...@pupil-laptop:~$ ping 172.16.0.254 PING 172.16.0.254 (172.16.0.254) 56(84) bytes of data. 64 bytes from 172.16.0.254: icmp_seq=1 ttl=255 time=0.194 ms 64 bytes from 172.16.0.254: icmp_seq=2 ttl=255 time=0.183 ms Seems to be no icmp in there, dont know if thats significant. I am still not knowing why I cant ping both ways or why dns wont resolve on the 192.168.0.0/24 subnet. Christiano Farina Haesbaert wrote: > > On 22/01/2009, at 07:11, duxbuz wrote: > >> Still no joy with this issue. >> >> I was asked to try: >> >>> Try this, >> . >>> Go the the ubuntu machine (network 192...) and listen to icmp >>> packets in >> the interface connected to the >172... network. >>> >>> Then get a machine from network 172... and try to ping it. >>> >>> You did a tcpdump on the pf pseudo-interface before but you're >>> problem >> doesn't seem to be routing and >or pf filter rules. >> >>> If you see ICMP requests coming from another ip, you have a nat in >>> between >> and that would justify >your "one way ping". >> >> I got these results from this: >> >> tcpdump: verbose output suppressed, use -v or -vv for full protocol >> decode >> >> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes >> >> 08:30:28.359774 IP pupil-laptop.local.ssh > 172.16.0.6.49797: P >> 1505958084:15059 >> 58280(196) ack 379641432 win 566 >> > Whats the ip of pupil-laptop.local ? >> >> 08:30:28.361092 IP pupil-laptop.local.50398 > 212.23.3.100.domain: >> 33472+ >> PTR? 6 >> .0.16.172.in-addr.arpa. (41) >> >> 08:30:28.361960 IP 172.16.0.6.49797 > pupil-laptop.local.ssh: . ack >> 196 win >> 66 >> >> 08:30:28.375114 IP pupil-laptop.local > 172.168.0.6: ICMP echo >> request, id >> 4893 >> , >> seq 5, >> length 64 > > Is 172.168.0.6 the correct ip for the server ? > Is that what you typed in pupil-laptop ? > You can say that the pupil-laptop packets are arriving at the > destination, but they get there with ip 172.168.0.6, which seems not > to be the server, so it passes the packet forward to the default route. > >> 08:30:29.375137 IP pupil-laptop.local > 172.168.0.6: ICMP echo >> request, id >> 4893 >> , >> seq 6, >> length 64 >> >> 08:30:30.375146 IP pupil-laptop.local > 172.168.0.6: ICMP echo >> request, id >> 4893 >> , >> seq 7, >> length 64 >> >> 08:30:31.375134 IP pupil-laptop.local > 172.168.0.6: ICMP echo >> request, id >> 4893 >> , >> seq 8, >> length 64 >> >> 08:30:32.375144 IP pupil-laptop.local > 172.168.0.6: ICMP echo >> request, id >> 4893 >> , >> seq 9, >> length 64 >> >> 08:30:33.359178 IP pupil-laptop.local.50845 > 212.23.6.100.domain: >> 33472+ >> PTR? 6 >> .0.16.172.in-addr.arpa. (41) >> >> 08:30:33.375117 IP pupil-laptop.local > 172.168.0.6: ICMP echo >> request, id >> 4893 >> , seq >> 10, length 64 >> >> 08:30:34.375156 IP pupil-laptop.local > 172.168.0.6: ICMP echo >> request, id >> 4893, >> >> >> >> Does this look irregular? >> >> >> >> >> >> Martin Toft-2 wrote: >>> >>> What happens when you ping from the OpenBSD router?
Promiscuous interfaces forward multicast packets
The short version: -- When an interface is put into promiscuous mode, inbound multicast traffic is forwarded according to the host's routing table regardless of net.inet.ip.mforwarding. Details: -- gw1 has vr0 (external) and vr1 (internal) gw2 has em0 (external) and em1 (internal) vr0 and em0 plug into a switch, which plugs into my provider vr1 and em1 plug into my internal switch. vr0 has carp1 running on top of it. em0 does not. The other interfaces do not have carp (yet). gw2 is new, and has a default route to my ISP. It does not have routes for all my internal networks. Some of those networks have a lot of multicast traffic. I placed em1 into promiscuous mode via tcpdump and crashed gw1. After testing for a while, I found that the machine was getting overwhelmed by cascading multicasts. Basically, it would fire a multicast out of vr1. em1 would catch it, but did not have a route to the destination IP. The multicast was forwarded out em0. vr0 catches it, and because it's in promiscuous mode, forwards it out vr1, feeding the loop. To give you an idea of scale, gw2 forwarded 107k multicast packets out em0 in the space of 15 seconds. Both machines have net.inet.ip.mforwarding set to 0 and net.inet.ip.forwarding set to 1. If I set net.inet.ip.forwarding to 0, the problem disappears. Likewise, if I blackhole all multicast traffic in question on gw2, things are fine. Is this expected behavior? Should promiscuous mode affect the forwarding of multicast packets? Thanks for the help. -HKS gw1 is a Soekris 5501 running 4.3 gw2 is a Dell Poweredge 2850 running 4.4 dmesg for gw2 follows. Let me know if you want dmesg for gw1. OpenBSD 4.4-stable (GENERIC) #0: Thu Jan 22 08:04:26 EST 2009 r...@gw2.local:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 3.00GHz ("GenuineIntel" 686-class) 3 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16,xTPR real mem = 2146795520 (2047MB) avail mem = 2067439616 (1971MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 09/22/05, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.3 @ 0xf9920 (87 entries) bios0: vendor Dell Computer Corporation version "A04" date 09/22/2005 bios0: Dell Computer Corporation PowerEdge 2850 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC SPCR HPET MCFG acpi0: wakeup devices PCI0(S5) PALO(S5) PBLO(S5) VPR0(S5) PBHI(S5) VPR1(S5) PICH(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (PALO) acpiprt2 at acpi0: bus 2 (DOBA) acpiprt3 at acpi0: bus 3 (DOBB) acpiprt4 at acpi0: bus 4 (PBLO) acpiprt5 at acpi0: bus 5 (PBHI) acpiprt6 at acpi0: bus 6 (PXB1) acpiprt7 at acpi0: bus 7 (PXB2) acpiprt8 at acpi0: bus 8 (VPR1) acpiprt9 at acpi0: bus 9 (PXC1) acpiprt10 at acpi0: bus 10 (PXC2) acpiprt11 at acpi0: bus 11 (PICH) acpicpu0 at acpi0 bios0: ROM list: 0xc/0xb000! 0xcb000/0x1000 0xcc000/0x1000 0xcd000/0x3c00 0xd1000/0x2200 0xd3800/0x600 0xec000/0x4000! ipmi at mainbus0 not configured cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel E7520 Host" rev 0x09 ppb0 at pci0 dev 2 function 0 "Intel E7520 PCIE" rev 0x09 pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 "Intel IOP332 PCIE-PCIX" rev 0x06 pci2 at ppb1 bus 2 ami0 at pci2 dev 14 function 0 "Dell PERC 4e/Di" rev 0x06: irq 7 ami0: Dell 16d, 32b, FW 521S, BIOS vH430, 256MB RAM ami0: 2 channels, 0 FC loops, 1 logical drives scsibus0 at ami0: 40 targets, initiator 40 sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct fixed sd0: 139900MB, 17834 cyl, 255 head, 63 sec, 512 bytes/sec, 286515200 sec total scsibus1 at ami0: 16 targets, initiator 16 safte0 at scsibus1 targ 6 lun 0: SCSI2 3/processor fixed scsibus2 at ami0: 16 targets, initiator 16 ppb2 at pci1 dev 0 function 2 "Intel IOP332 PCIE-PCIX" rev 0x06 pci3 at ppb2 bus 3 ppb3 at pci0 dev 4 function 0 "Intel E7520 PCIE" rev 0x09 pci4 at ppb3 bus 4 ppb4 at pci0 dev 5 function 0 "Intel E7520 PCIE" rev 0x09 pci5 at ppb4 bus 5 ppb5 at pci5 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09 pci6 at ppb5 bus 6 em0 at pci6 dev 7 function 0 "Intel PRO/1000MT (82541GI)" rev 0x05: irq 11, address 00:14:22:17:d9:85 ppb6 at pci5 dev 0 function 2 "Intel PCIE-PCIE" rev 0x09 pci7 at ppb6 bus 7 em1 at pci7 dev 8 function 0 "Intel PRO/1000MT (82541GI)" rev 0x05: irq 3, address 00:14:22:17:d9:86 ppb7 at pci0 dev 6 function 0 "Intel E7520 PCIE" rev 0x09 pci8 at ppb7 bus 8 ppb8 at pci8 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09 pci9 at ppb8 bus 9 re0 at pci9 dev 4 function 0 "Realtek 8169" rev 0x10: RTL8169S (0x0400), irq 7, address 00:0f:b5:85:29:cc rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 0 ppb9 at pci8 dev 0 function 2 "Intel PCIE-PCIE" rev 0x09 pci10 at ppb9 bus 10 uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02: irq 11 uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02: irq
Re: ftp-proxy on a nat firewall
On Fri, Jan 23, 2009 at 8:49 AM, Daniel A. Ramaley wrote: > I've gotten a couple of off-list replies with suggestions to try. I > greatly appreciate any ideas, but still have not had any luck so far. > I've trimmed my ruleset and adjust some of it to be more permissive. > Any ideas as to why ftp-proxy still doesn't work? > > > > ext_if = "vr0" > int_if = "fxp0" > > icmp_types = "{ echoreq, unreach }" > > # options > set block-policy return > set loginterface $ext_if > set skip on lo > > # packet hygiene > scrub in all fragment reassemble > > # nat > nat on $ext_if from !($ext_if) -> ($ext_if) > nat-anchor "ftp-proxy/*" > rdr-anchor "ftp-proxy/*" > rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021 > > # filter rules > #block in all > #block quick inet6 all > anchor "ftp-proxy/*" > pass out keep state > > pass out quick proto tcp from lo to any port ftp > > pass in inet proto icmp all icmp-type $icmp_types keep state > #pass from !($ext_if) to any keep state > pass from any to any keep state Running ftp-proxy with the args "-r -d -D 6", can you do a packet capture when you run ls? You'll want to find all packets that involve the internal host, and all packets that involve your external destination, so you'll probably need to do two separate captures. This should at least give an idea of what's breaking. -HKS
Re: SSH and ProxyCommand (was Re: rdr and authpf)
Lars Nooden wrote: > >> +--E > >> | > >> AB--+--C > >> | > >> +--D Juan Miscaro wrote: > Host B > HostName host-B > User user-B > IdentityFile key-B > > Host C > HostName host-C > User user-C > IdentityFile key-C > ProxyCommand ssh B nc %h %p Yes, thanks very much. Also, instead of using ssh_config, the same can be done via shell: ssh -o "ProxyCommand ssh B nc %h %p" C > Note: Investigate ssh-agent if you do not already use it. I use it but freely admit that it is under-utilized. -Lars
[NEWS] January 23rd, 2009 I want to network with you
AboutMusic, LLC PRESS RELEASEJanuary 23rd, 2009 For Immediate Release Contact:AboutMusic, LLCSat36oSun26oMon26oTue30oWed34oThu36oFri37oJanuary 23rd, 2009 Thank you for reading ournewsletter If you are looking to be part o f this newsletter orneed a graphic/web designer email: desi...@onlineabout music.com Model of the Week"Marissa Jade"Event of the Week"Hip Hop Inaugural Ball, President Obama A A Inaugural Ball"WHO TO WATCH"ROCKMOBB" LOCAL SERVICES"Rocky Construction" Affiliates"Advertising" TODAY'S SPECIALHistory in the making: VASQUEZ Designs is proud to bring you thePresidenti al Inauguration. Watch live from Washington D.C. as BarackObama is sworn i n as the 44th American President in the presence ofmillionsHello Happy Holidays.. I'm looking to meet new people and network. Iknow a lot of people and I want to create a strong new movement ofnetworking fo r 2009. Maybe you are looking for a new graphic designerand/or a web designer to help you with upcoming projects. Let me know Ican help you . I also create FLASH and ANIMATIONS for webpromotions. I have a bachelors in Interactive Media & Design from theART INSTITUTE and looking to networ k with YOUHere are some sites I've designed recentlyOh and add me to yourMYSPACEhttp://www.myspace.com/onlineaboutmusic andFACEBOOK http://www.facebook.com/home.php#/profile.php?id=535801954&ref=profilehttp://www.onlineaboutmusic.com/RobVasquez/Layout.htmlhttp://www.onlineaboutmusic.comhttp://www.fmdance.comhttp://www.jamrockmagazine.comhttp://www.linkupmedia.comhttp://www.nywizardcarsgonewild.comhttp://www.myspace.com/onlineaboutmusichttp://www.sciologix.comhttp://www.winmychevy.comhttp://www.myspace.com/therockmobPortfolio Linkshttp://onlineaboutmusic.com/RobVasquez/Layout.htmlhttp://onlineaboutmusic.com/images/Robs/PORTFOLIOGRAPHICS.jpghttp://onlineaboutmusic.com/images/Robs/DEC12THADPOSTFOLIO.gifI am interested in creating some Eye Catching graphics for you and/orcompa ny. Send me a message if you are interested and we'lldiscuss your project..&nb sp;If you do not have any need for my services at the moment, Please savemy e mail for future reference.EMAIL OR CALL NOW50 Graphic design 100 Website page50 Flash banner ad30 Weekly Newsletter Entry75 Customized Myspace design60 Website Intros45 Business card designJust email or call me (9am - 10pm Eastern Time) with your details.Reply to this posting, or email me directly desi...@onlineaboutmusic.comthanks I look forward to hearing from you.OFFICE: 631-922-1287 NEED RUSH SERVICE??Need your images yesterday?Rush service is available at double the normal price.I start working on your project as soon as I receive it.Websites | Email Blasts | Electro nic Presskits | Business CardsFlyers | Banners | Apparel | Promotional ads Flash Ads for yourwebsites | Sponsorship Packages Posters | Brochures | Direct Mailers |Logos NEWS LI businesses say they're counti ng on Oba! ma for help(01/22/09) MERRICK - President Barack Obama met with key advisersThursday to get down to work on fixing the struggling economy,something many small bus iness owners say is reassuring. MargaretMueller, owner of R.S. Jones Restaurant in Merrick, says she's feeling the impact of the economic slowdown. "Our numbers are down," shesays. "Everybody's numbers are down."Play the video Obama's 825 billion stimulus package just passed theHouse Ap propriations Committee, but has many more hurdles andpossible changes ahea d. The plan earmarks money for infrastructure,health care, schools and tax relief just to name a few. Muller saysshe hopes the stimulus plan puts mo re money back in shoppers'pockets, so they can turn around and spend it.Natalie Iovino says customers at her Merrick gift shop, What's-N-Store,are sticking to the necessities instead of the handmade, specialtyitems her s hop sells.House Speaker Nancy Pelosi expects the Obama stimulus bill to come upfor a vote on or after Jan. 28.Click Here to Listen to Shaka Dee ATTENTION DESIGNERS want to makeReply to this email for more details This Newsletter is Powered by AboutMusic, LLC To Advertise with us Click Here Happy Holidays, Mr. Vasquez desi...@onlineaboutmusic.com
SSH cipher preference change (was: Re: CVS: cvs.openbsd.org: src)
Damien Miller wrote: > Modified files: > usr.bin/ssh: myproposal.h > > Log message: > prefer CTR modes and revised arcfour (i.e w/ discard) modes to CBC > modes; ok markus@ This means that ssh's default cipher will no longer profit from hifn(4) or glxsb(4) acceleration. People relying on such hardware acceleration will have to weigh that benefit against the risk associated with using AES-CBC: http://www.openssh.com/txt/cbc.adv In the absence of hardware acceleration, AES-CTR and AES-CBC perform the same. -- Christian "naddy" Weisgerber na...@mips.inka.de
Default with ripd
Greetings, I'm trying to get ripd to announce a default route, but it seems to not want to send any routes. I suspect the error is related to the "error sending packet on interface fxp1: Host is down" message. Here is some debug info. Any pointers would be appreciated. Thanks. r...@pwbgp# /usr/sbin/ripd -dv startup if_fsm: event 'UP' resulted in action 'START' and changing state for interface fxp1 from 'DOWN' to 'ACTIVE' send_packet: error sending packet on interface fxp1: Host is down recv_packet: cannot find a matching interface recv_packet: cannot find a matching interface recv_packet: cannot find a matching interface recv_packet: cannot find a matching interface nbr_new: neighbor ID 10.10.10.1, peerid 3 nbr_fsm: event 'RESPONSE RCVD' resulted in action 'START TIMER' and changing state for neighbor ID 10.10.10.1 from 'DOWN' to 'ACTIVE' recv_packet: cannot find a matching interface recv_packet: cannot find a matching interface recv_packet: cannot find a matching interface recv_packet: cannot find a matching interface send_packet: error sending packet on interface fxp1: Host is down send_packet: error sending packet on interface fxp1: Host is down send_packet: error sending packet on interface fxp1: Host is down send_packet: error sending packet on interface fxp1: Host is down recv_packet: cannot find a matching interface recv_packet: cannot find a matching interface recv_packet: cannot find a matching interface recv_packet: cannot find a matching interface recv_packet: cannot find a matching interface recv_packet: cannot find a matching interface recv_packet: cannot find a matching interface recv_packet: cannot find a matching interface ^Cif_del: interface fxp1 nbr_del: neighbor ID 10.10.10.1, peerid 3 nbr_fsm: event 'NBR KILL' resulted in action 'DELETE NBR' and changing state for neighbor ID 10.10.10.1 from 'ACTIVE' to 'DOWN' if_fsm: event 'DOWN' resulted in action 'RESET' and changing state for interface fxp1 from 'ACTIVE' to 'DOWN' if_del: interface fxp1 rip engine exiting route decision engine exiting kernel routing table decoupled terminating r...@pwbgp# /usr/sbin/ripd r...@pwbgp# ifconfig fxp1 fxp1: flags=8843 mtu 1500 lladdr 00:0d:48:27:05:73 description: Temp Radio MGMT media: Ethernet autoselect (100baseTX full-duplex) status: active inet 10.10.10.2 netmask 0xfff8 broadcast 10.10.10.7 inet6 fe80::20d:48ff:fe27:573%fxp1 prefixlen 64 scopeid 0x2 inet 172.30.19.201 netmask 0xff00 broadcast 172.30.19.255 PF is NOT enabled. -Steve S.
Re: Find - Sillyness
This worked! You da man! thanks much. -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org]on Behalf Of Daniel A. Ramaley Sent: Friday, January 23, 2009 9:56 AM To: misc@openbsd.org Subject: Re: Find - Sillyness On Friday January 23 2009 08:07, you wrote: >I am sure it's got something to do with the way I am quoting but it's >not making a lot of sense at this point. > >Here is the actual command I am trying to run and it's error >output. > >spider:/var/logtransfer/dc-fw1# find . -name pflog.*.gz -exec zcat {} > | tcpdump -entttv -r - \; >find: -exec: no terminating ";" >tcpdump: fread: Invalid argument You're right, the problem is quoting. The shell interprets everything after the pipe character ("|") as a separate command, so find never receives the semi-colon. For something this simple, i'd suggest moving the pipe outside of the find command: find . -name pflog.*.gz -exec zcat {} \; | tcpdump -entttv -r - For more complicated situations, you can use a structure more like this: find . -name pflog.*.gz -print0 | while read -d $'\0' file ; do \ echo "Now processing ${file}" \ zcat $file | tcpdump -entttv -r - \ done For your particular situation, not using a find at all might work: gunzip -c pflog.*.gz | tcpdump -entttv -r - That could fail if "pflog.*.gz" expands to so many files that it overflows the maximum command length, but otherwise should work the same. Dan RamaleyDial Center 118, Drake University Network Programmer/Analyst 2407 Carpenter Ave +1 515 271-4540Des Moines IA 50311 USA
Re: Find - Sillyness
spider:/var/logtransfer/dc-fw1# find . -name pflog.*.gz -exec zcat {} | tcpdump -entttv -r - \; find: -exec: no terminating ";" Find -exec invokes the command directly using exec(2). There's no shell underlying the command, so pipes are out (even if you had correctly escaped the '|'). The easiest way out of this is to put the compound command into a shell script and have find run that. E.g.: cat > scanlog << _HOOPY_FROOD #!/bin/sh zcat $1 | tcpdump -entttv -r - _HOOPY_FROOD chmod +x scanlog find . -name 'pflog.*.gz' -exec ./scanlog '{}' --lyndon Our users will know fear and cower before our software! Ship it! Ship it and let them flee like the dogs they are!
Re: Find - Sillyness
On Friday January 23 2009 08:07, you wrote: >I am sure it's got something to do with the way I am quoting but it's >not making a lot of sense at this point. > >Here is the actual command I am trying to run and it's error >output. > >spider:/var/logtransfer/dc-fw1# find . -name pflog.*.gz -exec zcat {} > | tcpdump -entttv -r - \; >find: -exec: no terminating ";" >tcpdump: fread: Invalid argument You're right, the problem is quoting. The shell interprets everything after the pipe character ("|") as a separate command, so find never receives the semi-colon. For something this simple, i'd suggest moving the pipe outside of the find command: find . -name pflog.*.gz -exec zcat {} \; | tcpdump -entttv -r - For more complicated situations, you can use a structure more like this: find . -name pflog.*.gz -print0 | while read -d $'\0' file ; do \ echo "Now processing ${file}" \ zcat $file | tcpdump -entttv -r - \ done For your particular situation, not using a find at all might work: gunzip -c pflog.*.gz | tcpdump -entttv -r - That could fail if "pflog.*.gz" expands to so many files that it overflows the maximum command length, but otherwise should work the same. Dan RamaleyDial Center 118, Drake University Network Programmer/Analyst 2407 Carpenter Ave +1 515 271-4540Des Moines IA 50311 USA
Re: Find - Sillyness
Ok, I tried both and neither worked. Same error doh! -Original Message- From: Nick Bender [mailto:nben...@gmail.com] Sent: Friday, January 23, 2009 9:21 AM To: Morris, Roy Cc: misc@openbsd.org Subject: Re: Find - Sillyness On Fri, Jan 23, 2009 at 9:07 AM, Morris, Roy wrote: > Here is the actual command I am trying to run and it's error > output. > > spider:/var/logtransfer/dc-fw1# find . -name pflog.*.gz -exec zcat {} | > tcpdump -entttv -r - \; > find: -exec: no terminating ";" > tcpdump: fread: Invalid argument > Me thinks you need to quote you're pattern (or set noglob) and terminate your exec (just like find is telling you): find . -name 'pflog.*.gz' -exec zcat {} \; | ... -N
Re: Find - Sillyness
On Fri, Jan 23, 2009 at 9:07 AM, Morris, Roy wrote: > Here is the actual command I am trying to run and it's error > output. > > spider:/var/logtransfer/dc-fw1# find . -name pflog.*.gz -exec zcat {} | > tcpdump -entttv -r - \; > find: -exec: no terminating ";" > tcpdump: fread: Invalid argument > Me thinks you need to quote you're pattern (or set noglob) and terminate your exec (just like find is telling you): find . -name 'pflog.*.gz' -exec zcat {} \; | ... -N
Re: Find - Sillyness
Thanks for the help, however I must still be in stupid mode doh! the original command works but as soon as I add the rest of the command it dies. Basically what I am trying to do is go through three years worth of pflogs in gzip format and grep for a part of an ip address. It works on a command line, on a single file but when used with 'find -exec' it yaks. I am sure it's got something to do with the way I am quoting but it's not making a lot of sense at this point. Here is the actual command I am trying to run and it's error output. spider:/var/logtransfer/dc-fw1# find . -name pflog.*.gz -exec zcat {} | tcpdump -entttv -r - \; find: -exec: no terminating ";" tcpdump: fread: Invalid argument -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org]on Behalf Of John Jackson Sent: Thursday, January 22, 2009 3:12 PM To: misc@openbsd.org Subject: Re: Find - Sillyness On Thu, Jan 22, 2009 at 02:54:21PM -0500, Morris, Roy wrote: > I know this is more of a general 'huh' kind of thing, but I figured someone > could kick start my brain for me. Anyone know why this doesn't work? It > appears to find the files ok but the -exec part thinks it can't? > > > spider:/var/log# find . -name "daemon.*.gz" -exec "echo {}" \; > find: echo ./daemon.2.gz: No such file or directory > find: echo ./daemon.1.gz: No such file or directory > find: echo ./daemon.5.gz: No such file or directory > find: echo ./daemon.4.gz: No such file or directory > find: echo ./daemon.3.gz: No such file or directory > find: echo ./daemon.0.gz: No such file or directory > Try: find . -name "daemon.*.gz" -exec echo {} \; without the double quotes after exec. John
Re: ftp-proxy on a nat firewall
I've gotten a couple of off-list replies with suggestions to try. I greatly appreciate any ideas, but still have not had any luck so far. I've trimmed my ruleset and adjust some of it to be more permissive. Any ideas as to why ftp-proxy still doesn't work? ext_if = "vr0" int_if = "fxp0" icmp_types = "{ echoreq, unreach }" # options set block-policy return set loginterface $ext_if set skip on lo # packet hygiene scrub in all fragment reassemble # nat nat on $ext_if from !($ext_if) -> ($ext_if) nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021 # filter rules #block in all #block quick inet6 all anchor "ftp-proxy/*" pass out keep state pass out quick proto tcp from lo to any port ftp pass in inet proto icmp all icmp-type $icmp_types keep state #pass from !($ext_if) to any keep state pass from any to any keep state On Wednesday January 21 2009 09:33, you wrote: >Hello. I haven't gotten much response on my ftp-proxy issue, but i >realized that i forgot to include the all-important dmesg. I don't > know that it would help any, but it is below. Has anyone else gotten > ftp-proxy on 4.4-stable to work? > > >OpenBSD 4.4-stable (GENERIC) #1: Mon Jan 12 12:36:24 CST 2009 >r...@crufty.ramaley.net:/usr/src/sys/arch/i386/compile/GENERIC >cpu0: VIA Samuel 2 ("CentaurHauls" 686-class) 534 MHz >cpu0: FPU,DE,TSC,MSR,MTRR,PGE,MMX >real mem = 534278144 (509MB) >avail mem = 508186624 (484MB) >mainbus0 at root >bios0 at mainbus0: AT/286+ BIOS, date 11/14/02, BIOS32 rev. 0 @ > 0xfb370, SMBIOS rev. 2.2 @ 0xf0800 (29 entries) >bios0: vendor Award Software International, Inc. version "6.00 PG" > date 11/14/2002 >bios0: VIA TECHNOLOGIES, INC. EPIA >apm0 at bios0: Power Management spec V1.2 (slowidle) >apm0: AC on, battery charge unknown >acpi at bios0 function 0x0 not configured >pcibios0 at bios0: rev 2.1 @ 0xf/0xdce4 >pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdc70/112 (5 entries) >pcibios0: PCI Exclusive IRQs: 10 11 12 >pcibios0: PCI Interrupt Router at 000:17:0 ("VIA VT8231 ISA" rev 0x00) >pcibios0: PCI bus #1 is the last bus >bios0: ROM list: 0xc/0xc000 0xcc000/0xa000 >cpu0 at mainbus0 >pci0 at mainbus0 bus 0: configuration mode 1 (no bios) >pchb0 at pci0 dev 0 function 0 "VIA VT8601 PCI" rev 0x05 >ppb0 at pci0 dev 1 function 0 "VIA VT82C601 AGP" rev 0x00 >pci1 at ppb0 bus 1 >vga1 at pci1 dev 0 function 0 "Trident CyberBlade i1" rev 0x6a >wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) >wsdisplay0: screen 1-5 added (80x25, vt100 emulation) >agp0 at vga1: v2, aperture at 0xd000, size 0x1000 >drm at vga1 unsupported >pcib0 at pci0 dev 17 function 0 "VIA VT8231 ISA" rev 0x10 >pciide0 at pci0 dev 17 function 1 "VIA VT82C571 IDE" rev 0x06: ATA100, >channel 0 configured to compatibility, channel 1 configured to >compatibility >wd0 at pciide0 channel 0 drive 0: >wd0: 1-sector PIO, LBA, 999MB, 2047248 sectors >wd0(pciide0:0:0): using PIO mode 4 >pciide0: channel 1 disabled (no drives) >uhci0 at pci0 dev 17 function 2 "VIA VT83C572 USB" rev 0x1e: irq 12 >uhci1 at pci0 dev 17 function 3 "VIA VT83C572 USB" rev 0x1e: irq 12 >viaenv0 at pci0 dev 17 function 4 "VIA VT8231 PMG" rev 0x10: 24-bit >timer at 3579545Hz >vr0 at pci0 dev 18 function 0 "VIA RhineII-2" rev 0x51: irq 10, > address 00:40:63:e2:00:8b >ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 10: OUI >0x004063, model 0x0032 >fxp0 at pci0 dev 20 function 0 "Intel 8255x" rev 0x08, i82559: irq 11, >address 00:03:47:40:45:95 >inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 >isa0 at pcib0 >isadma0 at isa0 >com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo >pckbc0 at isa0 port 0x60/5 >pckbd0 at pckbc0 (kbd slot) >pckbc0: using irq 1 for kbd slot >wskbd0 at pckbd0: console keyboard, using wsdisplay0 >pcppi0 at isa0 port 0x61 >midi0 at pcppi0: >spkr0 at pcppi0 >lpt0 at isa0 port 0x378/4 irq 7 >npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 >usb0 at uhci0: USB revision 1.0 >uhub0 at usb0 "VIA UHCI root hub" rev 1.00/1.00 addr 1 >usb1 at uhci1: USB revision 1.0 >uhub1 at usb1 "VIA UHCI root hub" rev 1.00/1.00 addr 1 >biomask f36d netmask ff6d ttymask >softraid0 at root >root on wd0a swap on wd0b dump on wd0b >vr0: watchdog timeout > >On Monday January 19 2009 14:46, you wrote: >>Hello. I'm setting up an OpenBSD (4.4-stable) NAT firewall (with a >>couple servers behind it) for the first time. Everything seems to >> work except for active ftp from machines behind the firewall. Active >> ftp connections made from the firewall itself do work, though. I do >> have net.inet.ip.forwarding turned on, and ftp-proxy enabled. >> >>I'll paste my full pf.conf at the end of this message, but here are >> the lines i believe are relevant to ftp-proxy: >> >>nat on $ext_if from !($ext_if) -> ($ext_if) >>nat-anchor "ftp-proxy/*" >>rdr-anchor "ftp-proxy/*" >>rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021 >>anchor "
Re: Accessing PostgreSQL using LedgerSMB with chrooted Apache
Markus Hennecke wrote: On Thu, 22 Jan 2009, Aaron Poffenberger wrote: You might try connecting via tcp/ip rather than Unix sockets. I haven't used LedgerSMB but I do use phpPgAdmin under chrooted Apache over tcp/ip. (Same thing with phpMysqlAdmin.) I tried getting phpMysqlAdmin to run over Unix sockets and that was an exercise in frustration. Tcp/ip is the way to go with chrooted Apache, though I'd be happy to learn how otherwise. Make sure you have /var/postgres/data/pg_hba.conf configured to allow connections over tcp/ip for localhost addresses. I think it does by default but review the section at the bottom of the file to be sure. And you should be using 127.0.0.1 for the cgi and not localhost. This is a perfect way to shoot yourself in the foot if the resolver is not available. BTDT. Kind regards, Markus I had noticed that in a few cgi scripts before, but I didn't understand why. Good thing to know! I'll stick to using 127.0.0.1 for now on.
Re: Router ping one way only
On 22/01/2009, at 07:11, duxbuz wrote: Still no joy with this issue. I was asked to try: Try this, . Go the the ubuntu machine (network 192...) and listen to icmp packets in the interface connected to the >172... network. Then get a machine from network 172... and try to ping it. You did a tcpdump on the pf pseudo-interface before but you're problem doesn't seem to be routing and >or pf filter rules. If you see ICMP requests coming from another ip, you have a nat in between and that would justify >your "one way ping". I got these results from this: tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 08:30:28.359774 IP pupil-laptop.local.ssh > 172.16.0.6.49797: P 1505958084:15059 58280(196) ack 379641432 win 566 Whats the ip of pupil-laptop.local ? 08:30:28.361092 IP pupil-laptop.local.50398 > 212.23.3.100.domain: 33472+ PTR? 6 .0.16.172.in-addr.arpa. (41) 08:30:28.361960 IP 172.16.0.6.49797 > pupil-laptop.local.ssh: . ack 196 win 66 08:30:28.375114 IP pupil-laptop.local > 172.168.0.6: ICMP echo request, id 4893 , seq 5, length 64 Is 172.168.0.6 the correct ip for the server ? Is that what you typed in pupil-laptop ? You can say that the pupil-laptop packets are arriving at the destination, but they get there with ip 172.168.0.6, which seems not to be the server, so it passes the packet forward to the default route. 08:30:29.375137 IP pupil-laptop.local > 172.168.0.6: ICMP echo request, id 4893 , seq 6, length 64 08:30:30.375146 IP pupil-laptop.local > 172.168.0.6: ICMP echo request, id 4893 , seq 7, length 64 08:30:31.375134 IP pupil-laptop.local > 172.168.0.6: ICMP echo request, id 4893 , seq 8, length 64 08:30:32.375144 IP pupil-laptop.local > 172.168.0.6: ICMP echo request, id 4893 , seq 9, length 64 08:30:33.359178 IP pupil-laptop.local.50845 > 212.23.6.100.domain: 33472+ PTR? 6 .0.16.172.in-addr.arpa. (41) 08:30:33.375117 IP pupil-laptop.local > 172.168.0.6: ICMP echo request, id 4893 , seq 10, length 64 08:30:34.375156 IP pupil-laptop.local > 172.168.0.6: ICMP echo request, id 4893, Does this look irregular? Martin Toft-2 wrote: What happens when you ping from the OpenBSD router? Does any of the other equipment reply? The Ubuntu machine's firewall settings can be seen by running 'sudo iptables -L -v -n'. Are you sure it doesn't block incoming ICMP requests? Martin -- View this message in context: http://www.nabble.com/Router-ping-one-way-only-tp21569634p21600393.html Sent from the openbsd user - misc mailing list archive at Nabble.com. Christiano Farina Haesbaert christiano...@gmail.com
cyrix 6x86 cpu owners wanted
if you have a machine with the following line in dmesg: cpu0: xchg bug workaround performed please contact me off-list. -- Alexander Yurchenko
Re: hoststated on OpenBSD
Janne Johansson a icrit : Pierre-Yves Ritschard wrote: * Beavis (pfu...@gmail.com) wrote: I would like to ask some folks here regarding hoststated is it still available for OpenBSD? hoststated is now called relayd, after being called hostated. I think we should name it 'The daemon formerly known as hoststated' Or use a macro to ease the changes ;-) Gilles
Re: hoststated on OpenBSD
Pierre-Yves Ritschard wrote: * Beavis (pfu...@gmail.com) wrote: I would like to ask some folks here regarding hoststated is it still available for OpenBSD? hoststated is now called relayd, after being called hostated. I think we should name it 'The daemon formerly known as hoststated'
Re: hoststated on OpenBSD
* Beavis (pfu...@gmail.com) wrote: > Greetings List, > >I would like to ask some folks here regarding hoststated is it > still available for OpenBSD? All i got through google is > http://cvs.openbsd.org/papers/eurobsdcon07/pyr-loadbalancing/ > > I'm looking for a tool that would be able me to setup OpenBSD as a > High-availability appliance where i place behind it win or *nix > webservers and have them load-balance through it. I know that pf(4) > would be able to aid me on this but getting info for hoststated would > really help me a lot. > > Hi, hoststated is now called relayd, after being called hostated. - pyr.