Re: Need help with reflection (nat and rdr) on the same interface
On 2011-04-07, rancor wrote: > I want to reflect all IP from a client to a server via another machine > called mirror. client and server can't access each other and there is > nothing I can do about that. How ever the mirror can access both > client and server so I want all traffic from client to mirror be > reflected to server and all responses from the server should be > reflected back to the client via the mirror. this is probably the simplest way: pass in from $client to $mirror rdr-to $server tag mirrored pass out tagged mirrored nat-to $mirror if someone has time to write this up for www/faq/pf/rdr.html, please send me a diff. also related: binat-to (*without* setting the interface) also happens to put rules in place which allow you to connect from a client in the same subnet as the server. (credit to phessler for this tip).
mysql problem
Hi,
i'v installed postfix-mysql + mysql-server + courier-imap and imap-ssl +
courier-pop and pop-ssl on OpenBSD 4.8-Stable
But now i have a problem with vmail and mysql, i'v created the database for
postfix users
Pastebin link of database: http://pastebin.com/70qd43AZ
And i insert my account into database mail with:
mysql> INSERT INTO users (login, name, password, maildir)
-> VALUES ('gdrm@my_domain.org', 'Gianluca', ENCRYPT('my_password'),
-> '/my_site.org/gdrm/');
When i connect with mutt: mutt -f imaps://my_u...@example.com@localhost
the password does not match!
Or when i try: sudo -u vmail mutt -f /var/vmail/mydomain.org/user_name
I don't know where is the problem, can u help me??
Tks vvm
---
--
Caselle da 1GB, trasmetti allegati fino a 3GB e in piu' IMAP, POP3 e SMTP
autenticato? GRATIS solo con Email.it http://www.email.it/f
Sponsor:
Vuoi farti o vuoi fare un regalo originale? Visita MisterCupido.com e
personalizza con foto: quadri, tazze, puzzle, cuscini, magliette, peluche,
borse, portachiavi...
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=11025&d=8-4
Re: mysql problem
On Fri, 8 Apr 2011 09:52:15 +0200
"Gianluca D'Auri Muscelli" wrote:
> Hi,
> i'v installed postfix-mysql + mysql-server + courier-imap and
> imap-ssl + courier-pop and pop-ssl on OpenBSD 4.8-Stable
>
> But now i have a problem with vmail and mysql, i'v created the
> database for postfix users
> Pastebin link of database: http://pastebin.com/70qd43AZ
>
> And i insert my account into database mail with:
>
> mysql> INSERT INTO users (login, name, password, maildir)
> -> VALUES ('gdrm@my_domain.org', 'Gianluca', ENCRYPT('my_password'),
> -> '/my_site.org/gdrm/');
>
>
> When i connect with mutt: mutt -f
> imaps://my_u...@example.com@localhost the password does not match!
> Or when i try: sudo -u vmail mutt
> -f /var/vmail/mydomain.org/user_name
>
> I don't know where is the problem, can u help me??
> Tks vvm
This is postfix related, not OpenBSD. You are on bad list.
jirib
Re: Force Internet traffic out IPSec VPN
On 2011-04-07, Andrew Klettke wrote: > We have a working IPSec VPN between two 4.8 endpoints. One of them is at > a remote location, and the other at the main office. The remote location > has its own external, routable IP (to establish the VPN), and an > internal subnet behind it. The main office has its own external IP, > though which it is NATing its own internal subnet. > > Basically, I want to force all internet traffic from the remote, > internal subnet through the main office's internal gateway so it can NAT > out from there. > > I've been attempting to accomplish this with "route-to" and "reply-to" > rules on the remote box, but have had no luck. I know IPSec keeps its > own routing table, is this interfering? Is this possible to do with PF? OpenBSD's IPsec implementation uses flows which must strictly match the traffic's source/destination(/port/protocol) in order for it to be handled by IPsec (the "first approach" as described in rfc3884 2.3; see the paragraphs at the end of that section). So if you want the traffic to be directly handled by IPsec, the flows you configure must match all internet traffic, i.e. they must be between the remote subnet and 0.0.0.0/0. (You will have additional considerations due to the natting if the VPN endpoint is also the router for internet traffic). The alternative is to have IPsec protect just a gif(4) or gre(4) tunnel between the VPN endpoints, and use route table entries to pass internet traffic over that tunnel. This is easier to grasp as the usual PF/routing operations work with it. For this to work you'll need OpenBSD or an OS with a compatible tunnel device (e.g. gif or gre) at both ends and I think you probably also need static IP addresses at both ends. I strongly recommend testing on a non-production network especially if you will be attempting to use 0.0.0.0/0 flows. Get it wrong and you'll send *all* traffic from the main office's VPN endpoint to the remote location. (this is amusing, but not while it's happening :-)
Re: Need help with reflection (nat and rdr) on the same interface
Thank you
How ever, you example was not valid
/etc/pf.conf:x: nat-to can only be used outbound
/etc/pf.conf:x: skipping rule due to errors
/etc/pf.conf:x: rule expands to no valid combination
The nat-to must be out but it did not work anyway.
ext_if= "{ vic0 }"
client= "{ 10.10.15.30 }"
mirror= "{ 10.40.20.5 }"
server= "{ 10.50.43.7 }"
# Rules
block in log
pass quick on lo0
pass out keep state
pass in quick from $client to $mirror rdr-to $server
pass out quick from $client to $server nat-to $mirror
There was a lot of work done with pf and nat. It's maybe not possible
to do any more =(
Best regards
2011/4/8 Muhammad Muntaza :
> 2011/4/7, rancor :
>> Hi.
>>
>> I need help with a problem of mine.
>>
>> I want to reflect all IP from a client to a server via another machine
>> called mirror. client and server can't access each other and there is
>> nothing I can do about that. How ever the mirror can access both
>> client and server so I want all traffic from client to mirror be
>> reflected to server and all responses from the server should be
>> reflected back to the client via the mirror.
>>
>> One upon a time this worked but since the PF has changed in the latest
>> version this does not longer work in 4.8
>>
>> ext_if= "{ vic0 }"
>> client= "{ 10.10.15.30 }"
>> mirror= "{ 10.40.20.5 }"
>> server= "{ 10.50.43.7 }"
>>
>> rdr on $ext_if from $client to $mirror -> $server
>> nat on $ext_if from $client to $server -> $mirror
>>
>> block in log
>> pass out keep state
>>
>> pass quick on lo0
>> pass in quick inet from $client to self keep state
>> pass in quick inet from $server to self keep state
>> pass in quick inet from $server to $client keep state
>> pass in quick inet from $client to $server keep state
>>
>>
>> I have read man page of pf.conf and
>> http://www.openbsd.org/faq/pf/rdr.html#rdrnat and I have tried many
>> combinations but I can't make it work
>>
>> This is one example of many that I have tried with no success.
>>
>> The syntax is OK but there is no redirection from the mirror server to
>> the target
>
>
>
> ext_if= "{ vic0 }"
> client= "{ 10.10.15.30 }"
> mirror= "{ 10.40.20.5 }"
> server= "{ 10.50.43.7 }"
>
> # Rules
> block in log
> pass quick on lo0
> pass out keep state
>
> pass in quick from $client to $mirror rdr-to $server
> pass in quick from $client to $server nat-to $mirror
>
>> pass in quick inet from $client to self keep state
>> pass in quick inet from $server to self keep state
>> pass in quick inet from $server to $client keep state
>> pass in quick inet from $client to $server keep state
>
>
> Muhammad Muntaza bin Hatta
> --
> Indonesia
> http://muntaza.wordpress.com
Re: Force Internet traffic out IPSec VPN
It is not demand of PF... It's about IPSec behavior. IPSec tunnels could be established between exact 2 IPs, or exact 2 IP networks. You can't have IP net on one side of tunnel and rest of Internet on other side, which is case you wrote about. Solutions: 1. Build IP-IP IPSec and then build GRE tunnel on those 2 IP. You could route anything over GRE tunnel. Beware of encapsulation overhead, cause it is tunnel in tunnel. 2. Use OpenVPN instead of IPSec. It is far less painful. I. On Thu, 2011-04-07 at 16:51 -0700, Andrew Klettke wrote: > We have a working IPSec VPN between two 4.8 endpoints. One of them is at > a remote location, and the other at the main office. The remote location > has its own external, routable IP (to establish the VPN), and an > internal subnet behind it. The main office has its own external IP, > though which it is NATing its own internal subnet. > > Basically, I want to force all internet traffic from the remote, > internal subnet through the main office's internal gateway so it can NAT > out from there. > > I've been attempting to accomplish this with "route-to" and "reply-to" > rules on the remote box, but have had no luck. I know IPSec keeps its > own routing table, is this interfering? Is this possible to do with PF?
Re: Need help with reflection (nat and rdr) on the same interface
rancor writes: > How ever, you example was not valid That's odd. But then again the devil is in the details, it's easy to trip up on something if you don't understand the mechanics of nat and redirection. Try and compare with the examples in The Book of PF 2nd ed and the the tutorial at http:/home.nuug.no/~peter/pf/, they've worked for me(tm) in a few different settings. - p -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: OSPFD: No buffer space available
Solved, it was indeed high volume traffic from windows machine on inside network that generated 200+ mbit of UDP traffic, possible a member of bot network :) Thanks guys :) From: Mindless Gr To: misc@openbsd.org Sent: Fri, April 1, 2011 2:12:04 PM Subject: OSPFD: No buffer space available Hello List :) i came through a problem and i need your opinion about it, i have noticed that some times i get this type of errors in my /var/log/daemon file and these times my ospf adjacency goes to loading and full again as you see on the logs a little research over the internet didnt came with any results, when this message appears on the logs, i have tried to do netstat -m and gave me 5032 Kbytes allocated to network (77% in use) which normaly is 6 - 15%, how can i increase this buffer? or this problem came from somewhere else? if you need any additional information please ask :) Apr 1 06:41:51 brdr0 ospfd[21953]: send_packet: error sending packet on interface em1: No buffer space available Apr 1 06:43:01 brdr0 last message repeated 3 times Apr 1 06:43:21 brdr0 ospfd[21953]: recv_db_description: seq num mismatch, bad flags Apr 1 06:43:21 brdr0 ospfd[21953]: send_packet: error sending packet on interface em1: No buffer space available Apr 1 06:43:27 brdr0 bgpd[22462]: nexthop 192.168.10.36 now valid: via 192.168.10.21 Apr 1 06:43:27 brdr0 bgpd[22462]: nexthop 192.168.10.38 now valid: via 192.168.10.21 Apr 1 06:43:27 brdr0 bgpd[22462]: nexthop 192.168.10.36 now valid: via 192.168.10.21 Apr 1 06:43:27 brdr0 bgpd[22462]: nexthop 192.168.10.38 now valid: via 192.168.10.21 Apr 1 06:43:31 brdr0 ospfd[21953]: send_packet: error sending packet on interface em1: No buffer space available Apr 1 06:43:40 brdr0 ospfd[21953]: send_packet: error sending packet on interface em1: No buffer space available Apr 1 06:55:34 brdr0 ospfd[21953]: send_packet: error sending packet on interface em0: No buffer space available Apr 1 06:55:54 brdr0 ospfd[21953]: send_packet: error sending packet on interface em0: No buffer space available Apr 1 06:56:04 brdr0 ospfd[21953]: recv_db_description: seq num mismatch, bad flags Apr 1 06:56:04 brdr0 ospfd[21953]: send_packet: error sending packet on interface em0: No buffer space available Apr 1 06:56:05 brdr0 bgpd[22462]: nexthop 192.168.10.36 now valid: via 192.168.10.25 Apr 1 06:56:05 brdr0 bgpd[22462]: nexthop 192.168.10.38 now valid: via 192.168.10.25 Apr 1 06:56:09 brdr0 ospfd[21953]: send_packet: error sending packet on interface em1: No buffer space available Apr 1 06:56:10 brdr0 bgpd[22462]: nexthop 192.168.10.36 now valid: via 192.168.10.25 Apr 1 06:56:10 brdr0 bgpd[22462]: nexthop 192.168.10.38 now valid: via 192.168.10.25 Apr 1 06:56:10 brdr0 bgpd[22462]: nexthop 192.168.10.36 now valid: via 192.168.10.25 Apr 1 06:56:10 brdr0 bgpd[22462]: nexthop 192.168.10.38 now valid: via 192.168.10.25 Apr 1 06:56:11 brdr0 ospfd[21953]: send_packet: error sending packet on interface em1: No buffer space available Apr 1 06:56:32 brdr0 last message repeated 6 times Apr 1 06:56:44 brdr0 ospfd[21953]: send_packet: error sending packet on interface em0: No buffer space available Apr 1 06:57:54 brdr0 ospfd[21953]: send_packet: error sending packet on interface em0: No buffer space available brdr0:~# netstat -m 188 mbufs in use: 180 mbufs allocated to data 2 mbufs allocated to packet headers 6 mbufs allocated to socket names and addresses 156/2146/6144 mbuf 2048 byte clusters in use (current/peak/max) 0/8/6144 mbuf 4096 byte clusters in use (current/peak/max) 0/8/6144 mbuf 8192 byte clusters in use (current/peak/max) 0/8/6144 mbuf 9216 byte clusters in use (current/peak/max) 0/8/6144 mbuf 12288 byte clusters in use (current/peak/max) 0/8/6144 mbuf 16384 byte clusters in use (current/peak/max) 0/8/6144 mbuf 65536 byte clusters in use (current/peak/max) 5032 Kbytes allocated to network (7% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines Thanks in advance
Re: Need help with reflection (nat and rdr) on the same interface
Thanks of your reply. It does still not work. I can't see any data
leaving the mirror to the server.
Nothing is blocked in pflog0 and tcpdump does not show any connections
to 74.125.43.99
This is my pf.conf
[snipp]
# Macro
admin= "{ xxx xxx }"
ext_if= "{ vic0 }"
client= "{ 10.10.15.30 }"
mirror= "{ 10.40.20.5 }"
server= "{ 74.125.43.99 }"
# Rules
block in log
pass quick on lo0
pass out keep state
pass in from $client to $mirror rdr-to $server tag mirrored
pass out tagged mirrored nat-to $mirror
block in log inet proto icmp to self icmp-type redir
pass in inet proto icmp from $admin to self
pass in proto tcp from $admin to self port ssh
[/snipp]
74.125.43.99 is a ordinary Google server for search that I'm using for my
test.
I'm trying to use http and targeting mirror from a browser. I should
see outgoing connections from mirror to server but there is only data
between client and mirror.
This is a short tcpdump of a http request
# tcpdump -n not port ssh
tcpdump: listening on vic0, link-type EN10MB
10:49:09.509062 10.10.15.30.44142 > 10.40.20.5.80: S
341929812:341929812(0) win 64240 [tos 0x88]
10:49:16.307710 10.10.15.30.44142 > 10.40.20.5.80: S
341929812:341929812(0) win 64240 [tos 0x88]
10:49:28.269764 10.10.15.30.43624 > 10.40.20.5.80: S
677212245:677212245(0) win 64240 [tos 0x88]
10:49:31.003629 10.10.15.30.43624 > 10.40.20.5.80: S
677212245:677212245(0) win 64240 [tos 0x88]
There is nothing that are blocked in plflog0 at the same time
This is the running pf rules
# pfctl -srules
block drop in log all
pass quick on lo0 all flags S/SA keep state
pass out all flags S/SA keep state
pass in inet from 10.10.15.30 to 10.40.20.5 flags S/SA keep state tag
mirrored rdr-to 74.125.43.99
pass out inet all flags S/SA keep state tagged mirrored nat-to 10.40.20.5
block drop in log inet proto icmp from any to 127.0.0.1 icmp-type redir
block drop in log inet proto icmp from any to 10.40.20.5 icmp-type redir
pass in inet proto icmp from xx to 127.0.0.1 keep state
pass in inet proto icmp from xx to 10.40.20.5 keep state
pass in inet proto icmp from xx to 127.0.0.1 keep state
pass in inet proto icmp from xx to 10.40.20.5 keep state
pass in inet proto tcp from xx to 127.0.0.1 port = ssh flags S/SA keep state
pass in inet proto tcp from xx to 10.40.20.5 port = ssh flags S/SA keep state
pass in inet proto tcp from xx to 127.0.0.1 port = ssh flags S/SA keep state
pass in inet proto tcp fromxx to 10.40.20.5 port = ssh flags S/SA keep state
Thanks for trying helping me.
Best regards
2011/4/8 Stuart Henderson :
> On 2011-04-07, rancor wrote:
>> I want to reflect all IP from a client to a server via another machine
>> called mirror. client and server can't access each other and there is
>> nothing I can do about that. How ever the mirror can access both
>> client and server so I want all traffic from client to mirror be
>> reflected to server and all responses from the server should be
>> reflected back to the client via the mirror.
>
> this is probably the simplest way:
>
> pass in from $client to $mirror rdr-to $server tag mirrored
> pass out tagged mirrored nat-to $mirror
>
> if someone has time to write this up for www/faq/pf/rdr.html,
> please send me a diff.
>
> also related: binat-to (*without* setting the interface) also
> happens to put rules in place which allow you to connect from a
> client in the same subnet as the server. (credit to phessler for
> this tip).
/dev/pf permission for squid 3.2.0.6 on openbsd 4.8
Hi list, I am trying to test squid 3.2.0.6 on OpenBSD 4.8 (amd64) in transparent mode. I can browse internet. But, I get the below error. 2011/04/08 17:43:11 kid1| Intercept.cc(305) PfInterception: PF open failed: (13) Permission denied 2011/04/08 17:43:11 kid1| Intercept.cc(305) PfInterception: PF open failed: (13) Permission denied 2011/04/08 17:44:20 kid1| Intercept.cc(305) PfInterception: PF open failed: (13) Permission denied 2011/04/08 17:44:53 kid1| Intercept.cc(305) PfInterception: PF open failed: (13) Permission denied 2011/04/08 17:44:54 kid1| Intercept.cc(305) PfInterception: PF open failed: (13) Permission denied 2011/04/08 17:44:55 kid1| Intercept.cc(305) PfInterception: PF open failed: (13) Permission denied Then, I did below steps. I got it from http://www.benzedrine.cx/transquid.html (PF founder's link) are the below 2 commnads okay for OpenBSD 4.8? # chgrp _squid /dev/pf # chmod g+rw /dev/pf but, for squid 2.7.9 on OpenBSD 4.8, I have the default. Pls see .I did NOT change /dev/pf # ls -al /dev/pf crw--- 1 root wheel 73, 0 Dec 17 16:33 /dev/pf any comments? -- Thank you Indunil Jayasooriya
Vmail perm
Hi, i cant read my /var/vmail/mysitre.org/gdrm perms vmail vmail Siti mutt i can read email but i can't send: permission denied Anyone say why??? Tks vvm o#? Da iPhone
install on softraid
Do you planning to remake installer script to allow install system to software raid from it ?
Testing new Thinkpad Edge
Hi,
A very kind shop in the south of the Netherlands allows me currently to
test a new Lenovo ThinkPad Edge at home for a week with OpenBSD before
buying it. If things aren't working I am allowed to give it back.
I experience the following strangeness, and maybe people either
recognize it or can give some sort of advice.
Installed OpenBSD-current as of Thu 7 Apr 10:18:50 CEST 2011
(dmesg{mp,sp}, xorg.conf.new, Xorg.0.log, sysctl | grep sensors follows
below)
* At times the machine seems to wait a few seconds.
For example quitting a man page viewed with less, doing an ls -l ~
sometimes takes seconds. Repeating it in another time gives a
normal behavior.
* X does not start. Screen size: 1366x768.
I searched for the last problem and it seems that Xorg radeon drivers
support for the Radeon HD 4500 card is still experimental.
The first problem seems more strange. Maybe the RAM is simply too
big, or the HD to large? Or is it a CPU bug?
Suspend works, Audio is fine.
Regards,
Ludo
== dmesg.mp
OpenBSD 4.9-current (GENERIC.MP) #0: Thu Apr 7 10:18:50 CEST 2011
r...@gold.xs4all.nl:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz ("GenuineIntel"
686-class) 2.67 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT
real mem = 2671226880 (2547MB)
avail mem = 2617364480 (2496MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 10/14/10, BIOS32 rev. 0 @ 0xfdbd0,
SMBIOS rev. 2.6 @ 0xe0010 (44 entries)
bios0: vendor LENOVO version "80ET42WW (1.19 )" date 10/14/2010
bios0: LENOVO 0301J6G
acpi0 at bios0: rev 4
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP HPET MCFG APIC BOOT SLIC SSDT
acpi0: wakeup devices P0P2(S4) P0P1(S4) EHC1(S3) USB1(S3) USB2(S3)
USB3(S3) USB4(S3) EHC2(S3) USB5(S3) USB6(S3) USB7(S3) HDEF(S4) PXSX(S4)
RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4)
RP05(S4) RP06(S4) BLAN(S4) PXSX(S4) RP07(S4) PXSX(S4) RP08(S4) LID_(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 132MHz
cpu1 at mainbus0: apid 4 (application processor)
cpu1: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz ("GenuineIntel"
686-class) 2.66 GHz
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz ("GenuineIntel"
686-class) 2.66 GHz
cpu2:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT
cpu3 at mainbus0: apid 5 (application processor)
cpu3: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz ("GenuineIntel"
686-class) 2.66 GHz
cpu3:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (P0P2)
acpiprt2 at acpi0: bus 12 (P0P1)
acpiprt3 at acpi0: bus 2 (RP01)
acpiprt4 at acpi0: bus 3 (RP02)
acpiprt5 at acpi0: bus 4 (RP03)
acpiprt6 at acpi0: bus 5 (RP04)
acpiprt7 at acpi0: bus 8 (RP05)
acpiprt8 at acpi0: bus 9 (RP06)
acpiprt9 at acpi0: bus -1 (RP07)
acpiprt10 at acpi0: bus -1 (RP08)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C1, PSS
acpicpu1 at acpi0: C3, C1, PSS
acpicpu2 at acpi0: C3, C1, PSS
acpicpu3 at acpi0: C3, C1, PSS
acpitz0 at acpi0: critical temperature 105 degC
acpithinkpad0 at acpi0
acpiac0 at acpi0: AC unit online
acpibat0 at acpi0: BAT1 model "42T4848" serial 21399 type LION oem "LGC"
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: PWRB
bios0: ROM list: 0xc/0xf800 0xcf800/0x1000 0xe/0x1000!
cpu0: Enhanced SpeedStep 2660 MHz: speeds: 2667, 2666, 2533, 2399, 2266,
2133, 1999, 1866, 1733, 1599, 1466, 1333, 1199 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
mem address conflict 0xf070a000/0x1000
pchb0 at pci0 dev 0 function 0 "Intel Core Host" rev 0x02
ppb0 at pci0 dev 1 function 0 "Intel 3400 PCIE" rev 0x02: apic 2 int 16
(irq 10)
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Mobility Radeon HD 4500" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
radeondrm0 at vga1: apic 2 int 16 (irq 10)
drm0 at radeondrm0
azalia0 at pci1 dev 0 function 1 "ATI Radeon HD 4000 HD Audio" rev 0x00:
apic 2 int 17 (irq 10)
azalia0: no supported codecs
azalia0: initialization failure, detac
Re: /dev/pf permission for squid 3.2.0.6 on openbsd 4.8
On Fri, Apr 08, 2011 at 03:25:55PM +0530, Indunil Jayasooriya wrote: > I am trying to test squid 3.2.0.6 on OpenBSD 4.8 (amd64) in > transparent mode. I can browse internet. But, I get the below error. > > # chgrp _squid /dev/pf > # chmod g+rw /dev/pf > scary. squid should not touch /dev/pf at all. we have a new method in pf that does not require access to /dev/pf: divert-to. you can try the following: - revert /dev/pf to the old 0600 permissions - recompile squid _without_ --enable-pf-transparent (disable it) - update your pf.conf to use divert-to instead of rdr-to divert-to provides the real destination address inline via the standard getsockname() call which is done by squid by default if no other transparent mode is configured (as far as I understand the code in squid's client_side.c). the `traditional' rdr-to method had to do an out-of-band call on /dev/pf to retrieve this information. reyk
Re: install on softraid
this time, to list! What a concept On 04/08/2011 06:15 AM, irix wrote: Do you planning to remake installer script to allow install system to software raid from it ? no. why? you can do that now. boot install kernel drop to shell configure softraid devices type "install" note that your softraid devices are now places you can install to. done. Nick.
Re: Testing new Thinkpad Edge
On Fri, Apr 8, 2011 at 2:30 PM, Ludo Smissaert wrote:
> Hi,
>
> A very kind shop in the south of the Netherlands allows me currently to
> test a new Lenovo ThinkPad Edge at home for a week with OpenBSD before
> buying it. If things aren't working I am allowed to give it back.
>
> I experience the following strangeness, and maybe people either
> recognize it or can give some sort of advice.
>
> Installed OpenBSD-current as of Thu 7 Apr 10:18:50 CEST 2011
> (dmesg{mp,sp}, xorg.conf.new, Xorg.0.log, sysctl | grep sensors follows
> below)
>
> * At times the machine seems to wait a few seconds.
>
> For example quitting a man page viewed with less, doing an ls -l ~
> sometimes takes seconds. Repeating it in another time gives a
> normal behavior.
>
> * X does not start. Screen size: 1366x768.
>
> I searched for the last problem and it seems that Xorg radeon drivers
> support for the Radeon HD 4500 card is still experimental.
>
> The first problem seems more strange. Maybe the RAM is simply too
> big, or the HD to large? Or is it a CPU bug?
>
> Suspend works, Audio is fine.
>
>
> Regards,
>
>Ludo
>
> == dmesg.mp
> OpenBSD 4.9-current (GENERIC.MP) #0: Thu Apr 7 10:18:50 CEST 2011
>r...@gold.xs4all.nl:/usr/src/sys/arch/i386/compile/GENERIC.MP
You should try amd64 on it...
ciao,
David
Re: install on softraid
The last time i have done it i remember that was a little tricky from install to initialize second disk from the shell Dont remember how have done it though From: Nick Holland To: misc@openbsd.org Sent: Fri, April 8, 2011 4:31:22 PM Subject: Re: install on softraid this time, to list! What a concept On 04/08/2011 06:15 AM, irix wrote: > Do you planning to remake installer script to allow install system to > software >raid from it ? no. why? you can do that now. boot install kernel drop to shell configure softraid devices type "install" note that your softraid devices are now places you can install to. done. Nick.
Re: install on softraid
Mindless Gr writes: > The last time i have done it i remember that was a little tricky from install > to > initialize second disk from the shell > > Dont remember how have done it though AFAICR, you have to cd to /dev/ and sh MAKEDEV the new devices. -- Manuel Giraud
Re: Vmail perm
On 04/08/11 05:00, Gianluca D'Auri Muscelli wrote: Hi, i cant read my /var/vmail/mysitre.org/gdrm perms vmail vmail Siti mutt i can read email but i can't send: permission denied Anyone say why??? Tks vvm o#? Da iPhone I can not find the part of the email where you describe your system and how it is openbsd related. It could be very well be my MUA fault. -luis
Re: Testing new Thinkpad Edge
On 2011-04-08 14.30, Ludo Smissaert wrote: > A very kind shop in the south of the Netherlands allows me currently to > test a new Lenovo ThinkPad Edge at home for a week with OpenBSD before > buying it. If things aren't working I am allowed to give it back. Excellent customer service. You should do all your shopping there. :-) > * At times the machine seems to wait a few seconds. > For example quitting a man page viewed with less, doing an ls -l ~ > sometimes takes seconds. Repeating it in another time gives a > normal behavior. Sounds like the HD went to sleep and takes a while to spin back up again. Regards, /Benny -- internetlabbet.se / work: +46 8 551 124 80 / "Words must Benny Lvfgren/ mobile: +46 70 718 11 90 / be weighed, / fax:+46 8 551 124 89/not counted." /email: benny -at- internetlabbet.se
Hotel Tanti Spa & Resort:::Mayo 3 Noches + una noche de Regalo:::Promo 4 noches pago anticipado:::
No puedes visualizar las imagenes? Versisn Online MAYO DE REGALO Sierras de Csrdoba - Tanti [IMAGE] [IMAGE] [IMAGE] !!! PROMOCISN 4 NOCHES!!! PAGO ANTICIPADO 3 NOCHES + UNA NOCHE DE REGALO Mayo 4 Noches (25, 26, 27, 28 y 29) Esta promo incluye 2 personas 3 personas 4 personas 5 personas Hab. Doble Hab. Triple Hab. cuadruple Hab. quintuple $1543 $2040 $2370 $2700 ; 4 Noches ; Media pensisn (desayuno y cena) ; Acceso a minipiscina climatizada cubierta ; Acceso a piscina al aire libre ; Cochera cubierta (media sombra) Importante: Tarifas por habitacisn No incluye servicios de spa [IMAGE] Disfruta de este emocionante evento en las sierras de Csrdoba Se aceptan tarjetas de cridito Visa MasterCard y American Express Nuestra area de spa Visite nuestro sitio web: www.hotel-tanti.com.ar | Reenviar a un amigo Nuestra area de spa Gral Paz 115 Tanti, Provincia de Csrdoba, Argentina Tel : (03541)49-7195 / 49-7196 Reservas: consul...@hotel-tanti.com.ar & reser...@hotel-tanti.com.ar [IMAGE] Nuestra area de spa !AVISO MUY IMPORTANTE! SI VIAJA EN AUTO, !!!NO OLVIDE!!! LAS RUTAS Y AUTOPISTAS TIENEN RADARES. ENCIENDA LAS LUCES BAJAS Y UTILICE CINTURONES DELANTEROS Y TRASEROS. En caso de no querer recibir mas estas comunicaciones, responda este correo con asunto REMOVER.
Re: Testing new Thinkpad Edge
> > * At times the machine seems to wait a few seconds. > > > > For example quitting a man page viewed with less, doing an ls -l ~ > > sometimes takes seconds. Repeating it in another time gives a > > normal behavior. > > > > The first problem seems more strange. Maybe the RAM is simply too > > big, or the HD to large? Or is it a CPU bug? > > No to all three. They are making BIGMEM related changes (so you can use physical RAM in excess of 4GB, the most was a dmesg pron posting for 128 GB) and you probably got a kernel which is having those changes for testing. Try 4.8 stable for now or the latest cvs sources which have some changes backed out. good luck. > > OpenBSD 4.9-current (GENERIC.MP) #0: Thu Apr 7 10:18:50 CEST 2011 > >r...@gold.xs4all.nl:/usr/src/sys/arch/i386/compile/GENERIC.MP > > You should try amd64 on it... > > ciao, > David
Re: Force Internet traffic out IPSec VPN
What about mobile VPN? For PUBKEY auth you can use UFQDN identities http://openbsd.org/papers/asiabsdcon07-ipsec/mgp00065.html and http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec.conf On Fri, Apr 8, 2011 at 10:41 AM, Ivan Nudzik wrote: > It is not demand of PF... It's about IPSec behavior. IPSec tunnels could > be established between exact 2 IPs, or exact 2 IP networks. You can't > have IP net on one side of tunnel and rest of Internet on other side, > which is case you wrote about. > Solutions: > 1. Build IP-IP IPSec and then build GRE tunnel on those 2 IP. You could > route anything over GRE tunnel. Beware of encapsulation overhead, cause > it is tunnel in tunnel. > 2. Use OpenVPN instead of IPSec. It is far less painful. > > I. > > On Thu, 2011-04-07 at 16:51 -0700, Andrew Klettke wrote: >> We have a working IPSec VPN between two 4.8 endpoints. One of them is at >> a remote location, and the other at the main office. The remote location >> has its own external, routable IP (to establish the VPN), and an >> internal subnet behind it. The main office has its own external IP, >> though which it is NATing its own internal subnet. >> >> Basically, I want to force all internet traffic from the remote, >> internal subnet through the main office's internal gateway so it can NAT >> out from there. >> >> I've been attempting to accomplish this with "route-to" and "reply-to" >> rules on the remote box, but have had no luck. I know IPSec keeps its >> own routing table, is this interfering? Is this possible to do with PF? > > -- -- With regards, Eugene Sudyr
Estudia un Master en España
Si no puede ver este mensaje correctamente, ponga en su navegador: http://www.bizbox.es/acciones/email.php?c=x514izvao3szad1q Si quiere darse de baja ponga: http://www.bizbox.es/contactos/baja.php?c=x514izvao3szad1q
Hospedaje Web y Correos para su Empresa. Registro o Transferencia de su dominio GRATIS
No puede ver la imagen correctamente? Si quiere ver una versiC3n online de este anuncio haga clic en el siguiente link: http://correomasivopanama.net/mail/display.php?M=176106&C=a06877512c93c0ea32e 1d55a89963a3d&S=3&L=1&N=2 Abril - 2011 Mantener SuscripciC3n Eliminar SuscripciC3n Le ofrecemos nuestros paquetes de hosting compartido al cambiarte de proveedor. Estamos tan seguros que se quedarC! con nosotros que le regalamos un aC1o gratis de Hospedaje Web y Correos al tomar un plan anual. Paquetes individuales o empresariales. Lo C:nico que necesitas es transferir tu cuenta desde otro proveedor. Con sC3lo cambiarte de proveedor y probar con nosotros le brindaremos todo un aC1o gratis de servicio. Y le garantizamos que su Web y Correos estarC!n funcionando todo el tiempo 24/7. Mira un poco de los planes que tenemos para ofrecerle totalmente gratis. Leer abajo... MicroKey Basic = us$29.99/aC1o Clic para leer mC!s Incluye: 10Gb de Espacio Web, 10 cuentas de e-mail, trC!fico ilimitado, Dominio Gratis. GarantC-a 60 dC-as devoluciC3n de su dinero. Capacidad de cada cuenta de correo hasta 10Gb/cuenta. MicroKey Hydro Economic = us$49.99/aC1o Clic para leer mC!s Incluye: 75Gb de Espacio Web, 100 cuentas de e-mail, trC!fico ilimitado, Dominio Gratis. Bases de Datos MySql. GarantC-a 60 dC-as devoluciC3n de su dinero. Capacidad de cada cuenta de correo hasta 10Gb/cuenta. CaracterC-sticas en todo los planes: - SIN COSTOS OCULTOS - 99.99% de Uptime garantizado. - Soporte a dominios ilimitados - Subdominios ilimitados. - Hosting EcolC3gico. - Backups. - EstadC-sticas. - Soporte a Php, XHTML, Flash, Java, CGI, Ruby on Rails. - WebMail. - Correo electrC3nico configurable con SmartPhones (Ej. BlackBerry). - ConfiguraciC3n fC!cil con su cliente de correo (Ej. Microsoft Outlook, Eudora). - Cuentas FTP Ilimitadas. - Dominio Gratis de por vida. - Cpanel o Plesk - Redirecciones de correos ilimitadas - Alianzas de correos ilimitadas - Compatible con extensiones FrontPage - VersiC3n de PhP 5.2.6 o superior - VersiC3n de Apache 2.2.9 o superior - Actualizamos nuestros servidores semanalmente. Su cuenta de hosting compartida incluye panel de Control Cpanel o Plesk en su C:ltima versiC3n. Sistema operativo Linux. El mC!s seguro y confiable hasta el momento. Le brindamos excelentes beneficios con nuestros planes y son totalmente escalables. Haga clic aquC- para conocer mC!s sobre nosotros MicroKey Group VC-a Ricardo J. Alfaro, The Century Tower, Piso #4 Tel. 360-5858 Usted ha recibido este correo porque en algC:n momento nos indicC3 su interC)s en recibir promociones o nos fue recomendado por otro de nuestros usuarios o web sites aliados.Respetamos su derecho de privacidad y le invitamos a darse de baja de nuestra lista de correos si no desea recibir promociones, favor hacer clic aquC- para eliminar permanentemente su suscripciC3n You have received this email because at some point we indicated interest in us promoting or recommended by other users or our partners web sites. We respect your right and invite you to unsubscribe from our mailing list if you want to receive promotions, Unsubscribe me from this list MicroKey IT maneja un estricto y seguro mail marketing en internet, cumpliendo con todas las polC-ticas Anti-Spam internacionales. http://correomasivopanama.net/mail/unsubscribe.php?M=176106&C=a06877512c93c0e a32e1d55a89963a3d&L=1&N=3
Re: install on softraid
When I try to build softraid0 during install with command bioctl -c 1 -l /dev/wd0a,/dev/wd1a softraid0 System return softraid0 invalid metadata format. How can I fix it ?
Playa del Carmen Sede de nuestra lV Convención de Secretarias y Asistentes 2011
[IMAGE] Pms Capacitacisn Efectiva de Mixico le presenta este programa: Convencisn Nacional Secretarmas Ejecutivas y Asistentes 2011 22-23 de Julio, Playa del Carmen Exclusivas conferencias presentadas por 3 Expertos Expositores Empresa Registrada ante la STPS Reg. COLG640205CP30005 Smguenos en Twitter@pmscapacitacion o bien en Facebook PMS de Mixico Solicite Mayores informes responda este correo electrsnico con los siguientes datos. Empresa: Nombre: Telifono: Email: Nzmero de Interesados: Y en breve le haremos llegar la informacisn completa del evento. O bien comunmquense a nuestros telifonos un ejecutivo con gusto le atendera Tels. (33) 8851-2365, (33)8851-2741. Copyright (C) 2010, PMS Capacitacisn Efectiva de Mixico S.C. Derechos Reservados. PMS de Mixico, El logo de PMS de Mixico son marcas registradas. ADVERTENCIA PMS de Mixico no cuenta con alianzas estratigicas de ningzn tipo dentro de la Republica Mexicana. NO SE DEJE ENGAQAR - DIGA NO A LA PIRATERIA. Todos los logotipos, marcas comerciales e imagenes son propiedad de sus respectivas corporaciones y se utilizan con fines informativos solamente. Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de Mixico o bien un usuario le refiris para recibir este boletmn. Como usuario de Pms de Mixico, en este acto autoriza de manera expresa que Pms de Mixico le puede contactar vma correo electrsnico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de el y reporte su cuenta respondiendo este correo con el subject BAJACONVENCION Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJACONVENCION Tenga en cuenta que la gestisn de nuestras bases de datos es de suma importancia y no es intencisn de la empresa la inconformidad del receptor. [demime 1.01d removed an attachment of type image/jpeg which had a name of playa2.jpg]
Re: install on softraid
On 04/08/11 18:14, irix wrote:
> When I try to build softraid0 during install with command bioctl -c 1 -l
> /dev/wd0a,/dev/wd1a softraid0
> System return softraid0 invalid metadata format. How can I fix it ?
You can't softraid your boot partition. I rather suspect you are going
to be booting from wd0a.
Make a small boot partition (wd0a), make an identical sized wd1a as an
altroot ("man daily"). Use some of the rest of each drive as your RAID
partitions, and softraid those.
Nick.
Licitaciones Públicas para Adquisiciones y Evaluación de Propuestas Técnicas
[IMAGE] Pms Capacitacisn Efectiva de Mixico presenta: Taller de Licitaciones Pzblicas, Preparacisn y Evaluacisn de propuestas Ticnicas y Econsmicas Para Adquisiciones, Arrendamientos y Servicios. 15 de Abril Ciudad de Mixico. Expositor: Mtro. Gerardo Coronado Lspez Empresa Registrada ante la STPS Reg. COLG640205CP30005 Smguenos en Twitter@pmscapacitacion o bien en Facebook PMS de Mixico Solicite Mayores informes responda este correo electrsnico con los siguientes datos. Empresa: Nombre: Telifono: Email: Nzmero de Interesados: Y en breve le haremos llegar la informacisn completa del evento. O bien comunmquense a nuestros telifonos un ejecutivo con gusto le atendera Tels. (33) 8851-2365, (33)8851-2741. Copyright (C) 2010, PMS Capacitacisn Efectiva de Mixico S.C. Derechos Reservados. PMS de Mixico, El logo de PMS de Mixico son marcas registradas. ADVERTENCIA PMS de Mixico no cuenta con alianzas estratigicas de ningzn tipo dentro de la Republica Mexicana. NO SE DEJE ENGAQAR - DIGA NO A LA PIRATERIA. Todos los logotipos, marcas comerciales e imagenes son propiedad de sus respectivas corporaciones y se utilizan con fines informativos solamente. Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de Mixico o bien un usuario le refiris para recibir este boletmn. Como usuario de Pms de Mixico, en este acto autoriza de manera expresa que Pms de Mixico le puede contactar vma correo electrsnico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de el y reporte su cuenta respondiendo este correo con el subject BAJAOBRA Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJAOBRA Tenga en cuenta que la gestisn de nuestras bases de datos es de suma importancia y no es intencisn de la empresa la inconformidad del receptor. [demime 1.01d removed an attachment of type image/jpeg which had a name of image002ad.jpg]
place xenocara compile output into /scratch
hi, how do i redirect a compile of xenocara to say /scratch? i can do that easily for userland using cd /usr/src/etc && env DESTDIR=/scratch make distrib-dirs i don't want to fiddle too much like changing X11BASE X11ETC just a simple way to do it. thanks
Nuevo Inicio: Postgrado en el Tratamiento de las Adicciones
[IMAGE] Director: Dr. Horacio Serebrinsky - Director Acadimico: Dr. Marcelo R. Ceberio La Escuela Sistimica Argentina es una institucisn que desarrolla actividades de formacisn de Terapeutas familiares sistimicos, investigacisn y asistencia psicolsgica. POSTGRADO EN EL TRATAMIENTO DE LAS ADICCIONES DESDE EL MODELO SISTEMICO Directora: Lic. Marina Perrone Equipo docente Duracisn: 2 aqos distribuidos en dos cuatrimestres. Frecuencia: quincenal 3hs. - Horario: Martes de 18 a 21hs Modalidad: Clases tesricas articuladas con casos clmnicos y videos/dvd de sesiones. Pasantmas en comunidad terapiutica y Hospital de Dma. Evaluacisn Anual Inicio: Martes 03 de mayo 2011 CUPOS LIMITADOS - Fecha lmmite de inscripcisn: Lunes 25 de abril INFORMES E INSCRIPCISN: Fray Justo S. M. de Oro 1843 (C1414DBC) Cap. Fed. Te/Fax: 4774-2875/6112 4899-1053 Web: i...@escuelasistemica.com.ar / www.escuelasistemica.com.ar
