Seeking GUI refuge

2013-05-26 Thread Jan Lambertz 
Hi Patrick,

My Gui problem is (was) quite similar. I was searching intensivly for a
correct,fast,non bloated desktop manager for years. I have checked at least
10 products ( non windows ) and in the end i felt depressed,like you.
So what saved my live ?
At work i had to build an environment for java and db developers that works
on an enterprise linux distro. These distros came typically with gnome2.
Being a terminal server and doing some more intense compiling tasks, system
became slow. Developers were angry because they were only used to ms
windows. Then i remembered openbsd and fvwm. I took a deep dive into fvwm
and figured out that it can do nearly anything. I build my config (
beginning from a large sample config that ships with it. Ms windows 95
style). I cleaned out about 50% i dont need. I integrated the development
tools and  then everything went like tux on crack. It took some time but i
was happy with the achieved. After that fvwm became the wm of my choice and
i am still happy.
I really can recommend fvwm. Even if it looks a little bit oldschool and
hard to understand in first place,this is the window manager with coolness
(correctness) in mind. I even think it the openbsd of the window managers.

P.s. Good to see thomas adam around at openbsd . Great work !

Unable to get ftp-proxy to work as expected when using authpf

2013-05-26 Thread Steven 

Hi,

Over my wired network (not using authpf) I can connect to ftp sites
over ftp-proxy fine.  Similarly when connecting to ftp sites over my
wifi without authpf.  However, using authpf on my wifi gives me
errors when connecting to ftp sites over ftp-proxy.

In man authpf(8) the following configuration lines are given for
/etc/authpf/authpf.rules to use ftp-proxy over wifi.

 # rdr ftp for proxying by ftp-proxy(8)
 match in on $internal_if proto tcp from $user_ip to any port 21 \
 rdr-to 127.0.0.1 port 8021
 
 # allow out ftp, ssh, www and https only, and allow user to negotiate

 # ipsec with the ipsec server.
pass in log quick on $internal_if proto tcp from $user_ip to any \
port { 21, 22, 80, 443 }

However, using similar rules

match in on #wifi_if proto tcp from $user_ip to any port ftp \
rdr-to 127.0.0.1 port 8021
...
pass in quick on $wifi_if proto tcp from $user_ip to any \
port $macro_here synproxy state queue(queue1, queue2)

gets me a connection refused error.

Using

pass in quick on $wifi_if proto tcp from $user_ip to any \
port $macro_here synproxy state queue(queue1, queue2)
...
pass in quick on $wifi_if inet proto tcp from $user_ip to \
port ftp divert-to 127.0.0.1 port 8021

gets me a data port error.

I'm beating head against the wall on this one.  Any pointers would
be nice.  Thanks.

/etc/pf.conf (My apologies in advance if this hurts anybody's eyes)

# pf.conf   
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or 
# net.inet6.ip6.forwarding=1 in /etc/sysctl.conf if packets are to

# be forwarded between interfaces.

##
# Macros #
##

# Interfaces
#
ext_if="dc0"
int_if="rl0"
#tun_if="gif0"
wifi_if="ral0"

# Important IPs or URLs
#
non_routables="{ 0/8, 10/8 127/8, 172.16/12, 192.0.2/24, 192.168/16, \
240/4, 255.255.255.255/32 }"  # see RFC 1918
modem_noise="255.255.255.255"

int_network=$int_if:network
wifi_network=$wifi_if:network
gateway="xxx.xxx.xxx.xxx"
gemini="xxx.xxx.xxx.xxx"
diane="xxx.xxx.xxx.xxx"
portable_lc="xxx.xxx.xxx.xxx"
ps_ip="xxx.xxx.xxx.xxx"
wii_ip="xxx.xxx.xxx.xxx"
haley="xxx.xxx.xxx.xxx"
comsat0="xxx.xxx.xxx.xxx"

# Outgoing Mail servers
mail_out="{ 204.209.205.51,199.185.220.249,198.161.96.4, \
206.75.213.45 }"

# Incoming Mail Servers
mail_in="{ 129.128.5.73,66.112.177.187,204.209.205.53,\
199.185.220.248,74.125.0.0/16,209.191.69.2,209.85.199.109,\
209.85.199.111,198.161.96.4,209.85.147.109,74.125.127.109,\
198.161.97.58,173.194.0.0/16 }"

# Usenet Servers
usenet="{85.214.90.228,88.198.0.0/16,85.214.105.209,188.40.43.245 }"

# IRC Servers
chat="{ 64.161.254.20,82.96.64.4,85.188.1.26,89.16.176.16,\
128.237.157.136,130.237.188.200,130.239.18.172,140.211.166.3,\
140.211.166.4,204.11.244.21,207.158.1.150,209.177.146.34,\
213.219.240.0/20,216.155.130.130,213.92.0.0/17,93.152.160.0/20, \
140.211.0.0/16,78.40.120.0/21,86.64.0.0/12,174.143.119.91, \
82.96.64.0/18,91.232.181.0/24,213.92.0.0/17,66.225.192.0/18, \
67.218.96.0/19,85.236.96.0/19,216.218.128.0/17,217.17.32.0/20, \
216.193.192.0/18,208.167.224.0/19,208.51.40.2,205.209.6.0/24, \
205.209.5.0/24,205.188.0.0/16,198.252.144.0/24,198.3.192.0/18, \
198.3.144.0/20,198.3.160.0/19,194.109.0.0/16,193.163.220.0/24, \
193.109.122.0/24,192.116.224.0/19,141.213.238.252,85.236.96.0/19, \
128.39.0.0/16,128.40.0.0/15,195.140.202.0/24,209.222.22.22, \
184.104.0.0/15,149.9.0.0/16,108.61.0.0/16,67.198.128.0/17, \
194.0.0.0/8,192.94.73.0/24,64.18.217.205,67.220.66.113 }"

# Telnet Servers
rem_clear="{ 64.127.116.166,64.127.116.163,69.31.40.34,\
69.64.155.122,72.55.163.50,192.94.73.1,193.202.115.241,\
64.127.112.98,94.142.240.0/21,10.0.1.7,207.167.16.46,\
195.234.11.64,152.2.217.100,74.3.128.0/18,192.94.73.0/24,\
70.164.23.220,66.85.147.90 }"

# Gopher Servers
rodent="{ 72.1.4.61,87.227.31.168,128.112.67.152,128.112.128.152,\
128.112.232.152,137.208.3.37,140.180.128.152,149.20.20.133,\
149.20.54.77,157.181.2.1,192.94.73.1,198.30.120.11,193.225.12.74,\
204.152.191.37,83.248.0.0/13,70.164.23.220 }"

# Tunnel Brokers
ip4_v6tunnel="{ 64.86.88.116, 81.171.72.11, 116.197.146.63,\
 202.169.175.23, 81.171.72.10, 116.197.146.62 }"

# Dumbass zombies wasting my time, let's waste theirs.
dumbass="{ 89.149.195.31,89.149.208.221,89.149.209.100,195.24.76.220 }"

# Keyservers
keyservers="{ 18.9.60.141,116.240.198.71,195.113.19.83,202.125.45.72,\
192.146.137.11,80.90.43.16,116.240.198.71,217.197.135.103,176.9.51.79,\
208.77.198.101,94.142.241.93,195.111.98.30,5.39.15.226,78.46.117.99,\
209.234.253.170 }"

# Web Radio Servers
#radio="{ 159.253.145.179 }"

# Network Services and ICMP Types
#
# Add ICMP unreach when other nodes on network have reachable IPs
icmp_types="{ echoreq, timex, trace }"

# in-bound services on the external interface
# No-Ip service: 8245 (TCP only)
# BT clients: 6881:6889,6972,65534
# VNC: 5900
# Traceroute(6) UDP: 33433 >< 33626
# Vuze TCP/UDP: 65534
in_tcp_services_ext_if="{ smtp spamd auth gopher sip 5228:5230 6972 8245 4 65534 
}"
in_udp_ser

Re: Route Bad address or network unreacheable

2013-05-26 Thread Stuart Henderson 
On 2013/05/26 12:52, Cesar Calvo wrote:
> Hi, thanks for sharing
> 
> >http://marc.info/?l=openbsd-misc&m=134643340822363
> >hostname.if:
> >   !route add -llinfo -iface -net 10.255.0.0/16 10.255.255.1 -ifp nfe0
> >   inet 1.2.3.4 255.255.255.255
> >   inet 1.2.4.3 255.255.255.255
> >   ...
> >
> >mygate:
> >   10.255.255.1
> 
> 
> I change all inet values for sanbox testing before apply settings in 
> production machine
> 
> 
> 
> 
> PF=no
> net.inet.ip.forwarding=1
> 
> My test ip is 10.1.1.1 in a usb wireless nic (urtwn0), and the gateway must 
> be 192.168.1.1 where is a linksys router/gateway

You do realise that having a gateway outside of your own subnet is a totally
broken setup normally only done by some "root server" operators to avoid
using an additional IP address? As well as needing special setup on their
customers machines they will most likely be doing something special on
their side of the network too which you'll also need to replicate if
you're trying to emulate this for a test...


> hostname.urtwn0:
> 
>   nwid wifi
>   wpakey 
>   inet 10.1.1.1 255.255.255.255
>   !route add -llinfo -iface -net 192.168.1.0/24 192.168.1.1 -ifp urtwn0
> 
> mygate:
> 192.168.1.1
> 
> 
> And the result is... Network is Unreachable and ping icmp packets are lost.
> 
> 
> urtwn0: flags=8843 mtu 1500
> lladdr f8:1a:67:18:16:eb
> priority: 4
> 
> groups: wlan egress
> media: IEEE802.11 autoselect (OFDM54 mode 11g)
> status: active
> ieee80211: nwid wifi chan 1 bssid 00:25:9c:2f:43:a0 198dB wpakey  displayed> wpaprotos wpa1,wpa2 wpaakms psk wpaciphers tkip,ccmp 
> wpagroupcipher tkip
> 
> inet 10.1.1.1 netmask 0xff00 broadcast 10.255.255.255
> 
> 
> 
> Thanks all for comments.
> 
> 
> 
> 2013/5/26 Stuart Henderson 
> 
> On 2013-05-25, Cesar Calvo  wrote:
> > Hi people.
> > I have a linux server a try to migrate to openbsd 5.3/amd64. I am
> totatly
> > new in this amazing OS.
> >
> > In linux I have:
> >
> >    - ip addr 200.124.200.125/32 dev net1
> >    - ip route add 190.64.x.x dev net1
> >    - ip route add default via 190.64.x.x
> >
> > All packets from net1 ip are delivery via 190.64.x.x gateway.
> > But on openbsd, route syntax is different.
> > I have hostname.em0 with:
> > inet 200.124.200.125 255.255.255.248 none
> > !route add 190.64.x.x -iface em0
> >
> > And in mygate I put only 190.64.x.x
> >
> > The result is bad address and network is unreachable.
> >
> >
> 
> See http://marc.info/?l=openbsd-misc&m=134643340822363 for an
> example
> of one way you might work around this broken network configuration.

Re: Seeking GUI refuge

2013-05-26 Thread Riccardo Mottola 

Hi,

On 05/26/13 05:21, Patrick Mc(avery wrote:


I am still on Linux on my primary desktop. I loaded a few GNUstep apps 
from the repos, your right, they don't look that bad and yes, I am 
sure they can be tweaked even if they did.


Your sleek theme looks very promising.


:) good.

Yes plotting widgets are really helpful. I just need to target X86 or 
64 bit cousin.


I hope yo may find a use for them. I'm not a fan of HTML-5 interfaces or 
any stuff going through a browser, I prefer traditional stuff :)


GNUstep is well tested on 32 and 64bit, it has recently undergone 
thorough testing and upgrading for that. little and big-endina work fine 
too.


OresmeKit follows the same rule and is programmed with care, should you 
however use it and experience 64bit problems, just tell me, since I 
mainly develop on 32bit.

Thanks for all your time and help
A pleasure. Perhaps you will find it useful. Currently, since I need to 
display 24h monitoring data which is not strictly "x-y" I am working on 
extending the Kit's charting capability, including grid drawing with 
auto-resizing.


Have fun.

Riccardo

Re: updated shared X libs missing in sparc64 snapshots from 2013-05-26

2013-05-26 Thread Zoran Kolic 
The same seems to be the case for amd64. Anyway, spite error
warnings, X works.

   Zoran

Re: divert-to with bridge

2013-05-26 Thread Patrick Wildt 
Hi Luiz,

I actually have seen that on a bridge setup I had, too.

Although the divert-to points to localhost, I see the packet trying to pass out 
on the interface to the original destination, as your data shows, too.
No idea why that's happening though.

\Patrick

Am 23.05.2013 um 22:45 schrieb Luiz Gustavo S. Costa 
:

> Hi List !
> 
> I'm trying to implement a firewall with squid TPROXY in an environment with 
> bridge.
> 
> vio0 = external if
> vio1 = internal if
> bridge0 = (vio0 + vio1)
> 
> I have these rules, the connections pass through it, but nothing comes on the 
> side of the divert-to (did tests with nc -l 3128)
> 
> [17:31:25] root:logs # cat /etc/pf.conf
> pass in log quick on vio1 inet proto tcp from any to any port 80 divert-to 
> 127.0.0.1 port 3128
> 
> pass out log quick on vio0 inet proto tcp from any to any port 80 divert-reply
> 
> pass all
> 
> [17:39:40] root:~ # pfctl -vvsr
> @0 pass in log quick on vio1 inet proto tcp from any to any port = 80 flags 
> S/SA divert-to 127.0.0.1 port 3128
>  [ Evaluations: 92Packets: 194   Bytes: 43964   States: 1 
> ]
>  [ Inserted: uid 0 pid 22438 State Creations: 21]
> @1 pass out log quick on vio0 inet proto tcp from any to any port = 80 flags 
> S/SA divert-reply
>  [ Evaluations: 49Packets: 194   Bytes: 43964   States: 1 
> ]
>  [ Inserted: uid 0 pid 22438 State Creations: 21]
> @2 pass all flags S/SA
>  [ Evaluations: 50Packets: 93Bytes: 13453   States: 6 
> ]
>  [ Inserted: uid 0 pid 22438 State Creations: 50]
> 
> [17:35:54] root:~ # tcpdump -n -e -ttt -i pflog0
> tcpdump: WARNING: snaplen raised from 116 to 160
> tcpdump: listening on pflog0, link-type PFLOG
> May 23 17:36:13.429174 rule 0/(match) pass in on vio1: 192.168.15.13.38330 > 
> 74.125.234.238.80: S 2238109532:2238109532(0) win 14600  1460,sackOK,timestamp 45163358 0,nop,wscale 7> (DF)
> tcpdump: WARNING: compensating for unaligned libpcap packets
> May 23 17:36:13.429228 rule 1/(match) pass out on vio0: 192.168.15.13.38330 > 
> 74.125.234.238.80: S 2238109532:2238109532(0) win 14600  1460,sackOK,timestamp 45163358 0,nop,wscale 7> (DF)
> 
> but, command nc not receiving any packet or connection.
> 
> divert-to not working with bridge ?
> 
> My reference is this -> 
> http://wiki.squid-cache.org/ConfigExamples/Intercept/OpenBsdPf
> 
> Thanks
> 
> ---
> Luiz Gustavo Costa (Powered by BSD)
> *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+
> mundoUnix - Consultoria em Software Livre
> http://www.mundounix.com.br
> ICQ: 2890831 / MSN: cont...@mundounix.com.br
> Tel: 55 (21) 4063-7110 / 8194-1905 / (11) 4063-0407
> Blog: http://www.luizgustavo.pro.br

Re: Route Bad address or network unreacheable

2013-05-26 Thread Cesar Calvo 
Hi, thanks for sharing

>http://marc.info/?l=openbsd-misc&m=134643340822363
>hostname.if:
>   !route add -llinfo -iface -net 10.255.0.0/16 10.255.255.1 -ifp nfe0
>   inet 1.2.3.4 255.255.255.255
>   inet 1.2.4.3 255.255.255.255
>   ...
>
>mygate:
>   10.255.255.1

I change all inet values for sanbox testing before apply settings in
production machine


PF=no
net.inet.ip.forwarding=1

My test ip is 10.1.1.1 in a usb wireless nic (urtwn0), and the gateway
must be 192.168.1.1 where is a linksys router/gateway

hostname.urtwn0:
  nwid wifi
  wpakey 
  inet 10.1.1.1 255.255.255.255
  !route add -llinfo -iface -net 192.168.1.0/24 192.168.1.1 -ifp urtwn0

mygate:
192.168.1.1

And the result is... Network is Unreachable and ping icmp packets are lost.


urtwn0: flags=8843 mtu 1500
lladdr f8:1a:67:18:16:eb
priority: 4
groups: wlan egress
media: IEEE802.11 autoselect (OFDM54 mode 11g)
status: active
ieee80211: nwid wifi chan 1 bssid 00:25:9c:2f:43:a0 198dB
wpakey  wpaprotos wpa1,wpa2 wpaakms psk wpaciphers
tkip,ccmp wpagroupcipher tkip
inet 10.1.1.1 netmask 0xff00 broadcast 10.255.255.255


Thanks all for comments.



2013/5/26 Stuart Henderson 

> On 2013-05-25, Cesar Calvo  wrote:
> > Hi people.
> > I have a linux server a try to migrate to openbsd 5.3/amd64. I am totatly
> > new in this amazing OS.
> >
> > In linux I have:
> >
> >- ip addr 200.124.200.125/32 dev net1
> >- ip route add 190.64.x.x dev net1
> >- ip route add default via 190.64.x.x
> >
> > All packets from net1 ip are delivery via 190.64.x.x gateway.
> > But on openbsd, route syntax is different.
> > I have hostname.em0 with:
> > inet 200.124.200.125 255.255.255.248 none
> > !route add 190.64.x.x -iface em0
> >
> > And in mygate I put only 190.64.x.x
> >
> > The result is bad address and network is unreachable.
> >
> >
>
> See http://marc.info/?l=openbsd-misc&m=134643340822363 for an example
> of one way you might work around this broken network configuration.

updated shared X libs missing in sparc64 snapshots from 2013-05-26

2013-05-26 Thread Markus Lude 
Hi,

be careful with the latest x sets on sparc64 from 2013-05-26. The shared
X libs which were updated recently are missing.

Regards,
Markus

Re: Route Bad address or network unreacheable

2013-05-26 Thread Stuart Henderson 
On 2013-05-25, Cesar Calvo  wrote:
> Hi people.
> I have a linux server a try to migrate to openbsd 5.3/amd64. I am totatly
> new in this amazing OS.
>
> In linux I have:
>
>- ip addr 200.124.200.125/32 dev net1
>- ip route add 190.64.x.x dev net1
>- ip route add default via 190.64.x.x
>
> All packets from net1 ip are delivery via 190.64.x.x gateway.
> But on openbsd, route syntax is different.
> I have hostname.em0 with:
> inet 200.124.200.125 255.255.255.248 none
> !route add 190.64.x.x -iface em0
>
> And in mygate I put only 190.64.x.x
>
> The result is bad address and network is unreachable.
>
>

See http://marc.info/?l=openbsd-misc&m=134643340822363 for an example
of one way you might work around this broken network configuration.

Re: Hyper-V drivers?

2013-05-26 Thread Anders Berggren 
>> At the risk of sounding like an idiot, did you do anything particular in
>> the OpenBSD configuration to make Hyper-V's Legacy Network Adapter work?
>> I can't seem to make it do so--OpenBSD picks it up as de0, and I've
>> configured /etc/hostname.de0 appropriately.  The same Hyper-V setup
>> works okay for me for a Linux VM.
> I tried same thing (openbsd 5.3 on windows 8 hyper-v) last week and
> networking only worked under (openbsd) i386. It didn't work under
> amd64.


I was able to get legacy networking running on amd64 with something along the 
lines of

config -e -o /bsd /bsd
disable acpi
disable mpbios
disable ioapic

however, amd64 on hyperv was very unstable for me. I would simply freeze after 
a few minutes.

The commands above also seems to increase i386 performance on hyperv, as the 
cost of losing MP.

Re: Hyper-V drivers?

2013-05-26 Thread Edho Arief 
On Sat, May 25, 2013 at 11:28 PM, Carson Chittom  wrote:
> Guillaume Filion  writes:
>
>> I did some tests with OpenBSD 5.3 running as a Hyper-V 2012 virtual
>> machine and the performance is disappointing (see
>> http://guillaume.filion.org/blog/archives/2013/05/openbsd_networking_performance_hyperv_2012.php
>> for data).
>
> At the risk of sounding like an idiot, did you do anything particular in
> the OpenBSD configuration to make Hyper-V's Legacy Network Adapter work?
> I can't seem to make it do so--OpenBSD picks it up as de0, and I've
> configured /etc/hostname.de0 appropriately.  The same Hyper-V setup
> works okay for me for a Linux VM.
>

I tried same thing (openbsd 5.3 on windows 8 hyper-v) last week and
networking only worked under (openbsd) i386. It didn't work under
amd64.

--
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org