Re: systrace insecure [was: Re: chroot browser]

[Edd Barrett]

Howdy,

On Thu, Mar 26, 2009 at 09:12:42AM -0600, Theo de Raadt wrote:
 That said, this is not enough reason to entirely delete the code.  It
 still has uses.

It's useful for checking ports are not dumping junk all over the
file-system. Please keep it.

Best Regards

Edd Barrett
(Freelance software developer / technical writer / open-source developer)

http://students.dec.bmth.ac.uk/ebarrett

pkg_add via proxy

[Chris]

My pkg_add gets blocked by the web based authentication system I use
at work. Every time I try pkg_add -iv honeyd, I get the following
error:

Error from ftp://rt.fm/pub/OpenBSD/snapshots/packages/i386/
Redirected to https://company.com:443//portal/login?__dest=rt.fm
Requesting https://company.com:443//portal/login?__dest=rt.fm
No packages available in the PKG_PATH
Can't resolve honeyd

Is there any way to tell pkg_add my user name and password for the web
authentication system? I'm only using the base system.

Thanks.

Re: VPN client-to-site over IPSec

[Toni Mueller]

Hi,

On Fri, 03.04.2009 at 18:26:45 -0300, Marcello Cruz marcello.c...@globo.com 
wrote:
 Do you mean a VPN where only a HOST will access an entire NETWORK? If so, 
 then the answer is YES.

I don't need anything specifically right now which would fit into
this thread, but asked questions to better understand what the original
poster wanted to achieve.

 For instance, I have some OpenBSD servers acting as VPN Server and they  
 allow me to connect from home to the networks behind those OpenBSD 
 servers.

Me too.

 PC -- Internet -- OpenBSD  LAN
 PC  IPSec Tunnel -- LAN

 I also have other situations where I need an entire LAN communicate with  
 other LAN, like:

 LAN -- OpenBSD/Other -- Internet --- OpenBSD -- LAN
 LAN --- IPSec Tunnel --- LAN

I just wanted to say that, network-wise, configuring the first
scenario, assuming that you mean transport mode, almost never makes
sense, or at least not to me, and that the the second scenario should
be the default configuration, even if LAN and OpenBSD/Other might
collapse into only one computer.


Kind regards,
--Toni++

Re: git0 tunnel with any remote endpoint

[Jeroen Massar]

Garry Dolley wrote:
 On Fri, Apr 03, 2009 at 02:17:41PM +, Stuart Henderson wrote:
 On 2009-04-03, Garry Dolley gdol...@arpnetworks.com wrote:
 Dear misc,

 Is it possible to have a git0 tunnel that accepts a remote endpoint
 of any address?  I'm trying to set up a 6to4 anycast relay router.
 6to4 is not gif.

 Weird, because it works as 6to4.  I'm tunneling IPv6 packets over it
 from a Linux box (static endpoint) that has a 6to4 tunnel whose
 endpoint is my OpenBSD box.

That is because 6to4 (http://en.wikipedia.org/wiki/6to4) uses proto-41
(http://en.wikipedia.org/wiki/6in4).

The major difference and also the concern for security is that the
remote endpoint (where the packet will be forwarded to) is determined
from the IPv6 address, eg 2002:aabb:ccdd:: becomes aa.bb.cc.dd.
There are a lot of security pitfalls in 6to4 and if I recall correctly
that is the reason why OpenBSD does not support 6to4. IMHO that was a
just decision.

As a side-note, there has been talk in the IETF to deprecate 6to4,
especially the anycast version. Mostly though due to the many many many
issues that come along with actually operating 6to4 anycast on a larger
scale. (Try debugging 6to4 anycasted when there are 10 networks between
you and the remote site, and you can only do traceroutes from your hosts
and don't have a view at all at any of the other hosts/routers in the
middle: impossible)

Proto-41 itself is also easily subjective to spoofing as long as one can
spoof IPv4 packets anywhere on a connected network and can get them to
the host.

 OpenBSD does not support 6to4.

 Can a gif0 tunnel be set up with dynamic endpoints?

If you add the heartbeat protocol this can work. Otherwise proto-41
doesn't have support for dynamic endpoints (unless you manually script
it, then again, heartbeat is not that far away from that in some cases ;)

Greets,
 Jeroen

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Anyone using munin?

[Cezary Morga]

Marc Runkel wrote:
 Trying to set up munin work with OpenBSD and was wondering if anyone had
 some plugins pre-written?  In particular interface statistics but I'll take
 just about anything.

I think munin comes with a bunch of plugins already. If not you can grab some 
Linux package (like Debian's munin-node) and extract them from it. These are 
simple scripts (shell, perl, python) so they might run on OpenBSD even without 
any modifications.
-- 
Cezary Morga
Man forgives woman anything save the wit to outwit him. (Minna Thomas 
Antrim)

Re: pkg_add via proxy

[Stuart Henderson]

On 2009-04-04, Chris atst...@gmail.com wrote:
 My pkg_add gets blocked by the web based authentication system I use
 at work. Every time I try pkg_add -iv honeyd, I get the following
 error:

 Error from ftp://rt.fm/pub/OpenBSD/snapshots/packages/i386/
 Redirected to https://company.com:443//portal/login?__dest=rt.fm
 Requesting https://company.com:443//portal/login?__dest=rt.fm
 No packages available in the PKG_PATH
 Can't resolve honeyd

 Is there any way to tell pkg_add my user name and password for the web
 authentication system? I'm only using the base system.

I don't know what's going to be involved with this portal you
get redirected to... Is there any chance that you just need to login
via a web browser first and then it unblocks access from your IP
address?

If it can do the usual HTTP proxy authentication, your best option
is probably to install curl via manual download (you will also need
libiconv, gettext  libidn), set FETCH_CMD to use curl with the
appropriate flags to login to your proxy, and use an _HTTP_ mirror.

Re: git0 tunnel with any remote endpoint

[Henning Brauer]

* Garry Dolley gdol...@arpnetworks.com [2009-04-03 21:39]:
 Weird, because it works as 6to4.  I'm tunneling IPv6 packets over it
 from a Linux box (static endpoint)

that is not 6to4, that is v6 over v4.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Friend check this out.

[sarahledes]

Hi Friend, it's me, Apple. I just visited this web page,
and I wanted to share it with you.
Please click on this link below to see it:

http://tinyurl.com/dbl8gs

 - Apple

Re: pkg_add via proxy

[Marco Peereboom]

I use ntlm and then i add http_proxy=localhost:myport pkg_add stuff.

On Sat, Apr 04, 2009 at 02:42:02AM -0700, Chris wrote:
 My pkg_add gets blocked by the web based authentication system I use
 at work. Every time I try pkg_add -iv honeyd, I get the following
 error:
 
 Error from ftp://rt.fm/pub/OpenBSD/snapshots/packages/i386/
 Redirected to https://company.com:443//portal/login?__dest=rt.fm
 Requesting https://company.com:443//portal/login?__dest=rt.fm
 No packages available in the PKG_PATH
 Can't resolve honeyd
 
 Is there any way to tell pkg_add my user name and password for the web
 authentication system? I'm only using the base system.
 
 Thanks.

Re: F5 FirePass SSL VPN on OpenBSD

[Mikolaj Kucharski]

On Fri, Apr 03, 2009 at 10:18:56PM +0800, Pui Edylie wrote:
 Hi Mikolaj,

 Here is the Perl script on F5 Dev Central which is used for *nix system

 http://devcentral.f5.com/Default.aspx?tabid=63articleType=ArticleViewarticleId=32

 I have used it with great success on Linux but it should very pretty  
 straight forward for *BSD

Thanks Pui!

Cool stuff. That's what I was looking for. Works fine with ppp(8). Only
thing which I'm not able to make work is `set authkey' with script.

Fragment from ppp(8):
 set [auth]key value
 ... 
 If the first character of value is an exclamation mark (`!'), ppp
 treats the remainder of the string as a program that must be exe-
 cuted to determine the ``authname'' and ``authkey'' values.
 ... 

but that doesn't work for me. Currently I'm copy-pasting authkey from
modified version of perl script[ref#1] output each time I want to
connect to VPN, but that's little bit annoying.

Anybody has cule how to make authname/authkey work with scripts?


$ sysctl -n kern.version
OpenBSD 4.5-current (GENERIC) #14: Fri Mar 27 06:57:10 MDT 2009
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC


# /etc/ppp/ppp.conf
firepass:
 set device !/usr/sbin/openssl s_client -quiet -ign_eof -host 
VPN-SERVER-DOT-COM -port 443
 set authkey COOKIE-FROM-HTTP-HEADERS
 set dial \\ 
GET\\s/myvpn?sess=\\P\\sHTTP/1.0\\r\\nCookie:\\sMRHSession=\\P\\r\\n\\r\\n
 set timeout 0
 set dns DNS-SERVER-TAKEN-FROM-WINDOWS
 enable dns
 accept dns
 resolv reload
 resolv readonly
 add! VPN-SERVER-DOT-COM CURRENT-DEFAULT-GATEWAY
 bg ifconfig INTERFACE description LABEL CONNECTING


# /etc/ppp/ppp.linkup
firepass:
 add! default HISADDR
 resolv rewrite
 shell ifconfig INTERFACE description LABEL is UP


# /etc/ppp/ppp.linkdown
firepass:
 shell ifconfig INTERFACE description LABEL is DOWN
 resolv restore
 resolv reload


References
 1. http://devcentral.f5.com/SDK/sslvpn.public.pl.txt
 2. http://devcentral.f5.com/weblogs/dctv/archive/2006/10/30/fploginscript.aspx
 3. http://fuhm.net/software/f5vpn-login/

-- 
best regards
q#

Re: pkg_add via proxy

[ropers]

2009/4/4 Marco Peereboom sl...@peereboom.us:
 I use ntlm and then i add http_proxy=localhost:myport pkg_add stuff.

You mean ntlmaps?
http://www.openbsd.org/4.4_packages/i386/ntlmaps-0.9.9.0.1.tgz-long.html

 On Sat, Apr 04, 2009 at 02:42:02AM -0700, Chris wrote:
 My pkg_add gets blocked by the web based authentication system I use
 at work. Every time I try pkg_add -iv honeyd, I get the following
 error:

 Error from ftp://rt.fm/pub/OpenBSD/snapshots/packages/i386/
 Redirected to https://company.com:443//portal/login?__dest=rt.fm
 Requesting https://company.com:443//portal/login?__dest=rt.fm
 No packages available in the PKG_PATH
 Can't resolve honeyd

 Is there any way to tell pkg_add my user name and password for the web
 authentication system? I'm only using the base system.

 Thanks.

About the OS - The basics

[Manuel Carrasco]

Hi, i just installed Openbsd 4.4 and the first thing i have seen is that
there isn't a normal gui. I have put startx, but i have several
problems (probably i am too novice):

- The drivers of my graphic card aren't load.
- The gui (x server) only has five options and the rest is unknown (i
don't know what exactly is).

I don't know too much, so i am here, asking if somebody can help me, the
basics.

Thank you very much.

Re: About the OS - The basics

[patrick keshishian]

On Sat, Apr 4, 2009 at 1:01 PM, Manuel Carrasco manuc.li...@gmail.com wrote:
 Hi, i just installed Openbsd 4.4 and the first thing i have seen is that
 there isn't a normal gui. I have put startx, but i have several
 problems (probably i am too novice):

 - The drivers of my graphic card aren't load.
 - The gui (x server) only has five options and the rest is unknown (i
 don't know what exactly is).

 I don't know too much, so i am here, asking if somebody can help me, the
 basics.

Probably a good place to start is to include /var/log/Xorg.0.log file
and output of the command `dmesg'. you'll need to include these
inline; attachments get stripped off by misc@ mailing-list. Including
those will get more people interested in helping you solve your
problem(s).

--patrick

Re: About the OS - The basics

[Gaby Vanhegan]

On 4 Apr 2009, at 21:01, Manuel Carrasco wrote:

 I don't know too much, so i am here, asking if somebody can help me,  
 the
 basics.


Try this:

http://openbsd.org/faq/

This will serve you very well.

--
When I die I want to go peacefully in my sleep like my Grandfather,  
not screaming in terror like his passengers.
http://playr.co.uk/

Re: About the OS - The basics

[Maxime DERCHE]

On Sat, 4 Apr 2009 21:32:34 +0100
Gaby Vanhegan g...@vanhegan.net wrote:

 On 4 Apr 2009, at 21:01, Manuel Carrasco wrote:
 
  I don't know too much, so i am here, asking if somebody can help
  me, the basics.
 
 
 Try this:
 
   http://openbsd.org/faq/
 
 This will serve you very well.

+1

http://www.openbsd101.com/ and http://openbsd-wiki.org/ can be
interesting too.


-- 
Maxime DERCHE
GnuPG public key ID : 0x9A85C4C0
(fingerprint : 0FDC 16AF 5A5B 1908 786C  2B85 2D3C C83E 9A85 C4C0)
http://www.mouet-mouet.net/maxime/blog/index.php

Re: pkg_add via proxy

[Marco Peereboom]

yeah

On Sat, Apr 04, 2009 at 09:01:37PM +0200, ropers wrote:
 2009/4/4 Marco Peereboom sl...@peereboom.us:
  I use ntlm and then i add http_proxy=localhost:myport pkg_add stuff.
 
 You mean ntlmaps?
 http://www.openbsd.org/4.4_packages/i386/ntlmaps-0.9.9.0.1.tgz-long.html
 
  On Sat, Apr 04, 2009 at 02:42:02AM -0700, Chris wrote:
  My pkg_add gets blocked by the web based authentication system I use
  at work. Every time I try pkg_add -iv honeyd, I get the following
  error:
 
  Error from ftp://rt.fm/pub/OpenBSD/snapshots/packages/i386/
  Redirected to https://company.com:443//portal/login?__dest=rt.fm
  Requesting https://company.com:443//portal/login?__dest=rt.fm
  No packages available in the PKG_PATH
  Can't resolve honeyd
 
  Is there any way to tell pkg_add my user name and password for the web
  authentication system? I'm only using the base system.
 
  Thanks.

Re: Donations (was, sadly, European orders)

[Diana Eichert]

On Thu, 2 Apr 2009, Bob Beck wrote:


Others are trying to do it too, but they are just more quiet about it.

And then there's the other catagory... the breeders...



No, you're forgetting the third category - the titanium clipped,
whose ungrateful spawn are now 18 and will soon be old enough to be
capable of leaving the house...

Quick marco.. snip 'em before it gets worse!


Yeah, them damn breeders, I've been saying that for years, but then
people always blamed it on radical feminism.  :-)

diana

Re: pkg_add via proxy

[Marc Espie]

A few months ago, we added the ability for ftp to handle proxies with
password, so this ought to work more or less...

Of course, you need to be able to get a package list, so you will have to
use http mirrors (since the nlist command won't go through proxies, as far
as I know).

Publique os seus Anúncios GRÁTIS

[Classificados GRATIS portaldanet.com]

Se nco visualizar esta pagina correctamente , clique aqui

Classificados GRATIS do portaldanet.com

* Conhega as diferentes formas de publicitar o seu produto ou negscio *

Anzncios online de publicagco imediata. Faga a sua prspria gestco,  e
modificagco dos anzncios online. Publique GRATIS no portaldanet.com , com
fotos e texto da sua empresa, negscio ou produtos nas categorias do site.

Esta mensagem esta de acordo com a legislagco Europeia sobre o envio de
mensagens comerciais. Destina-se unicamente a clientes, potenciais
clientes e parceiros e nco pode ser considerada SPAM porque tem inclumdo
contacto e instrugues para remogco da nossa lista de emails. Qualquer
mensagem devera estar claramente identificada com os dados do emissor e
devera proporcionar ao receptor a hipstese de ser removida da lista
(Directiva 2000/31/CE do Parlamento Europeu; Relatsrio A5-0270/2001 do
Parlamento Europeu). , Clique aqui. Obrigado!

Se desejar  ser  retirado desta Mailing List

mounting Blu-ray/HD-DVD reader causes system lockup

[Bryan]

I have had this LG GGC-H20L Blu-ray/HD-DVD reader.  I got it because I
made the mistake of buying several HD-DVDs before the format wars were
over, plus I wanted to make backups of my HD movies.  I installed this
in my quad-core server, and booted the system.  in the dmesg, I see
the following:

cd0 at scsibus0 targ 4 lun 0: HL-DT-ST, BDDVDRW GGC-H20L, 1.03 ATAPI
5/cdrom removable

I did confirm that this the latest firmware, and it says ATAPI 5,
but it's connected via SATA connection.

I am able to mount DVD's and do a dump from mplayer to a VOB on the
harddrive.  I can view files on the DVD, and copy from it to the
harddrive.  The problem comes when I attempt to mount a blu-ray or
hd-dvd disc.  I put the disc in, and when I try to mount it using
mount /dev/cd0c /cdrom, the drive light flashes two or three times,
and then the system locks up.

I can no longer do anything lose my USB keyboard, and I have connected
a PS2 keyboard to the system.  I can do Ctrl-C, and Ctrl-Z, and I
see output on the screen, but no more prompt.  I lose network
connectivity, and cannot even ping the system.  I am using the
snapshots from 31 March, and I am still getting the same issue.

Is this an issue with the HD discs not being supported by the OS, or
is the drive not fully supported? Does OpenBSD support the UDF format
that these discs use?  Maybe that's the issue...  but it shouldn't
lock a system up when you try to mount the disc...

 I have included the GENERIC.MP dmesg below.

If I need to send anything else, please let me know...  I'm using just
the console, no window manager or program other than mount

regards,
Bryan




OpenBSD 4.5-current (GENERIC) #29: Tue Mar 31 09:58:34 MDT 2009
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz (GenuineIntel
686-class) 2.41 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,
DS-CPL,VMX,EST,TM2,CX16,xTPR
real mem  = 3488833536 (3327MB)
avail mem = 3384713216 (3227MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 10/23/08, BIOS32 rev. 0 @
0xf0010, SMBIOS rev. 2.5 @ 0xf06e0 (54 entries)
bios0: vendor American Megatrends Inc. version 5.32 date 10/23/2008
bios0: HP-Pavilion FK484AV-ABA m9400t
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC MCFG OEMB HPET GSCI SLIC SSDT
acpi0: wakeup devices P0P2(S4) P0P1(S4) PS2K(S3) PS2M(S3) USB0(S3)
USB1(S3) USB2(S3) USB5(S3) EUSB(S3) USB3(S3) USB4(S3) USBE(S3) GBE_(S
4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) SLPB(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 266MHz
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (P0P1)
acpiprt2 at acpi0: bus 3 (P0P4)
acpiprt3 at acpi0: bus -1 (P0P5)
acpiprt4 at acpi0: bus 2 (P0P6)
acpiprt5 at acpi0: bus -1 (P0P7)
acpiprt6 at acpi0: bus -1 (P0P8)
acpiprt7 at acpi0: bus -1 (P0P9)
acpicpu0 at acpi0
acpibtn0 at acpi0: SLPB
acpibtn1 at acpi0: PWRB
bios0: ROM list: 0xc/0xe200 0xce800/0x1000
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82G33 Host rev 0x02
ppb0 at pci0 dev 1 function 0 Intel 82G33 PCIE rev 0x02: apic 4 int 16 (irq 5)
pci1 at ppb0 bus 5
vga1 at pci1 dev 0 function 0 NVIDIA GeForce 9300 GE rev 0xa1
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x02: apic 4
int 16 (irq 5)
uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x02: apic 4
int 21 (irq 7)
ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x02: apic 4
int 18 (irq 10)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 Intel 82801I HD Audio rev 0x02:
apic 4 int 22 (irq 3)
azalia0: codecs: Realtek ALC888
audio0 at azalia0
ppb1 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x02: apic 4
int 17 (irq 11)
pci2 at ppb1 bus 3
ppb2 at pci2 dev 0 function 0 Creative Labs PCIE-PCI rev 0x00
pci3 at ppb2 bus 4
azalia1 at pci3 dev 0 function 0 Creative Labs SoundBlaster X-Fi
Xtreme rev 0x00: apic 4 int 16 (irq 5)
azalia1: codecs: Creative Labs/0x000a
audio1 at azalia1
ppb3 at pci0 dev 28 function 2 Intel 82801I PCIE rev 0x02: apic 4
int 18 (irq 10)
pci4 at ppb3 bus 2
re0 at pci4 dev 0 function 0 Realtek 8168 rev 0x02: RTL8168C/8111C
(0x3c00), apic 4 int 18 (irq 10), address 00:23:54:3b:67:88
rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2
uhci2 at pci0 dev 29 function 0 Intel 82801I USB rev 0x02: apic 4
int 23 (irq 14)
uhci3 at pci0 dev 29 function 1 Intel 82801I USB rev 0x02: apic 4
int 19 (irq 15)
uhci4 at pci0 dev 29 function 

Re: Odd problem, may be related to relayd

[Brian McCann]

I've seen similar problems...not with relayd, but it still may apply.  I had
a server that was behind a Linksys router on a DSL connection, being
accessed by a remote user .  The window size (iirc) at the remote user was
lower then usual, and the DSL provider was blocking the ICMP messages to
alter the window size.  We had to lower a setting in Windows at the server
side to fix this.

Something similar could be happening herewhen going through relayd, it
could be sending packets that are too large, and something is getting
dropped.  A packet capture at both ends could help reveal this.

Just an idea.
--Brian
On Fri, Apr 3, 2009 at 1:47 PM, Gary Thornock gthorn...@yahoo.com wrote:

 My company has a web application running on a set of web servers
 that we're load balancing with relayd.

 We've recently learned of a problem where end users who have:
 - Comcast cable internet connections,
 - Linksys cable routers provided by Comcast, and
 - the Linksys router's firewall protection setting enabled (as
  it is by default)
 can't access our load balanced servers.  We've watched the
 traffic, and it appears that our response packets are being
 dropped by the Linksys router.  To confirm this further, if
 the Linksys firewall protection setting is disabled, then
 everything works fine.

 To further complicate matters, the users *can* access any single
 one of the web servers just fine.  It's only when they try to use
 the relayd load balanced IP address that things break.

 More details, in case any of them help:

 relayd is running on a pair of stock Dell R200 machines, along
 with pf and carp.  The installed OpenBSD version is 4.4 i386,
 running the generic kernel.

 relayd.conf looks like this:

 -

 wsrv1=192.168.2.20
 wsrv2=192.168.2.21
 wsrv3=192.168.2.22

 interval 5
 timeout 200

 table wwwhosts { $wsrv1 $wsrv2 $wsrv3 }

 redirect wsrv {
  listen on a.b.c.d port 80
  tag RELAYD
  sticky-address
  forward to wwwhosts port 80 mode roundrobin check http /robots.txt
 code 200
 }

 redirect wsrv-https {
  listen on a.b.c.d port 443
  tag RELAYD
  sticky-address
  forward to wwwhosts port 443 mode roundrobin check https /robots.txt
 code 200
 }

 -

 We're not completely certain that relayd is causing the issue,
 but we've eliminated everything else we can think of (except of
 course the Linksys firewall, but we can't very well tell every
 single possible end user in the world who might have a Linksys
 cable router to turn off its firewall setting.)  If there's
 something obvious that we're doing wrong with the configuration,
 we'd love to know about it.

 Thanks!




-- 
_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_
Brian McCann

I don't have to take this abuse from you -- I've got hundreds of
people waiting to abuse me.
   -- Bill Murray, Ghostbusters