Re: not known intel ethernet card

[Holger Glaess]

hi


so restart with a blank paper ;)

i did an

rm -r /usr/src

then
cd /usr
cvs -qd anon...@ftp5.eu.openbsd.org:/cvs get -P src

cd /usr/src/sys/dev
patch -p1 < /home/glaess/EP80579_debug.diff

then i got some reject

i modify all rejected files by hand ( with the missing lines )

cd /usr/src/sys/arch/i386/conf
config GENERIC
cd ../compile/GENERIC
make depend && make

then i copy the new bsd kernel files to the EP80579 Hardware by scp
and restart them.

holger





# dmesg
OpenBSD 5.7-current (GENERIC) #0: Mon Apr 20 21:16:06 CEST 2015
root@DAF.rocki.intern:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Genuine Intel(R) processor 1.20GHz ("GenuineIntel" 686-class) 1.21 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,PBE,PERF

real mem  = 1072041984 (1022MB)
avail mem = 1042243584 (993MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 07/06/09, BIOS32 rev. 0 @ 0xfa530, SMBIOS rev. 
2.2 @ 0xf0800 (39 entries)
bios0: vendor Phoenix Technologies, LTD version "ANSA 3020 R01  
Jul,2,2009" date 07/06/2009

acpi0 at bios0: rev 0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP MCFG APIC
acpi0: wakeup devices EPA0(S3) EPA1(S3) PEX0(S5) PEX1(S5) PEX2(S5) 
PEX3(S5) HUB0(S5) PCI0(S5)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 133MHz
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (EPA1)
acpiprt2 at acpi0: bus -1 (BR10)
acpiprt3 at acpi0: bus -1 (BR11)
acpiprt4 at acpi0: bus -1 (BR12)
acpiprt5 at acpi0: bus -1 (BR13)
acpiprt6 at acpi0: bus -1 (BR14)
acpiprt7 at acpi0: bus 3 (P0P1)
acpiprt8 at acpi0: bus -1 (PEX0)
acpiprt9 at acpi0: bus -1 (PEX1)
acpiprt10 at acpi0: bus -1 (PEX2)
acpiprt11 at acpi0: bus -1 (PEX3)
acpiprt12 at acpi0: bus -1 (HUB0)
acpicpu0 at acpi0
acpitz0 at acpi0: critical temperature is 75 degC
acpibtn0 at acpi0: PWRB
bios0: ROM list: 0xc8000/0x4000! 0xcc000/0x2200! 0xef000/0x1000!
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
em_probe: begin
pchb0 at pci0 dev 0 function 0 "Intel EP80579 Host" rev 0x01
em_probe: begin
"Intel EP80579 Memory" rev 0x01 at pci0 dev 0 function 1 not configured
em_probe: begin
"Intel EP80579 EDMA" rev 0x01 at pci0 dev 1 function 0 not configured
em_probe: begin
ppb0 at pci0 dev 2 function 0 "Intel EP80579 PCIE" rev 0x01: apic 2 int 16
pci1 at ppb0 bus 1
em_probe: begin
em0 at pci1 dev 0 function 0 "Intel 82574L" rev 0x00em_attach: begin
: msiem_hardware_init: begin
em_check_phy_reset_block
em_setup_linkem_check_phy_reset_block
em_detect_gig_phyPhy ID = 1410cb0
em_setup_copper_linkem_copper_link_mgp_setupem_check_phy_reset_block
em_setup_interface: begin
will ifmedia_init
did ifmedia_init
before if_attach
before ether_ifattach
, address 00:14:b7:00:61:63
em_check_phy_reset_block
em_attach: end
em_probe: begin
ppb1 at pci0 dev 3 function 0 "Intel EP80579 PCIE" rev 0x01: apic 2 int 16
pci2 at ppb1 bus 2
em_probe: begin
ppb2 at pci0 dev 4 function 0 "Intel EP80579" rev 0x01
pci3 at ppb2 bus 3
em_probe: begin
em1 at pci3 dev 0 function 0 "Intel EP80579 LAN" rev 0x01em_attach: begin
EP80579 ith dev_id 0: apic 2 int 16em_hardware_init: begin
em_check_phy_reset_block
em_setup_linkem_check_phy_reset_block
em_detect_gig_phy
Hardware Initialization Deferred
, address 00:14:b7:00:61:64
em_check_phy_reset_block
em_attach: end
em_probe: begin
em2 at pci3 dev 1 function 0 "Intel EP80579 LAN" rev 0x01em_attach: begin
EP80579 ith dev_id 1: apic 2 int 17em_hardware_init: begin
em_check_phy_reset_block
em_setup_linkem_check_phy_reset_block
em_detect_gig_phy
Hardware Initialization Deferred
, address 00:14:b7:00:61:65
em_check_phy_reset_block
em_attach: end
em_probe: begin
em3 at pci3 dev 2 function 0 "Intel EP80579 LAN" rev 0x01em_attach: begin
EP80579 ith dev_id 2: apic 2 int 18em_hardware_init: begin
em_check_phy_reset_block
em_setup_linkem_check_phy_reset_block
em_detect_gig_phy
Hardware Initialization Deferred
, address 00:14:b7:00:61:66
em_check_phy_reset_block
em_attach: end
em_probe: begin
gcu0 at pci3 dev 3 function 0 "Intel EP80579 GCU" rev 0x01
em_probe: begin
"Intel EP80579 CANbus" rev 0x01 at pci3 dev 4 function 0 not configured
em_probe: begin
"Intel EP80579 CANbus" rev 0x01 at pci3 dev 5 function 0 not configured
em_probe: begin
"Intel EP80579 Serial" rev 0x01 at pci3 dev 6 function 0 not configured
em_probe: begin
"Intel EP80579 1588" rev 0x01 at pci3 dev 7 function 0 not configured
em_probe: begin
"Intel EP80579 LEB" rev 0x01 at pci3 dev 8 function 0 not configured
em_probe: begin
vendor "Intel", unknown product 0x502d (class processor subclass 
Co-processor, rev 0x01) at pci3 dev 9 function 0 not configured

em_probe: begin
"Intel EP80579 Reserved" rev 0x

Re: pf.conf something is VERY wrong here, need advice.

[Ton Muller]

all of them, inc no route to host.
Wel, i was it a bit tirred, i simply reinstalled bsd (glad it was still
empty) ,entered STATIC ip's, and i was still able to ping after seting
up pf.conf.

now the weard thing..
still no dns on background machines, bcouse transfering my named config
was to long, i temporary installed maradns (bcouse these configs where
small) ,and guess ,now it works.
well, still need to figure out what the real isue is, i guess its my
modem that couses the problem, doesnt mather, for now it works, now i
can setup ftp for transfering my named stuff and test with that.


Tony.
On 20-4-2015 15:00, Dale Lindskog wrote:
> On Mon, 20 Apr 2015, Ton Muller wrote:
> 
>> Dale.
>> I did both.
>> as on openbsd, as on my local machines behind it.
>> i only noticed on litle thingie last night (yes it was very late for me)
>> when i do sh /etc/netstart ,changes i made to my IP config it didnt
>> aplied, i kep the the old stuff, so a reboot was needed, oh wel, its on
>> the todo list for finding it out all again, didnt work for 2 years with
>> openbsd :(
> 
> What kind of ping(1) error do you get?  Is it like this:
> 
>   $ ping www.yorku.ca
>   PING optera.ccs.yorku.ca (130.63.236.137): 56 data bytes
>   --- optera.ccs.yorku.ca ping statistics ---
>   3 packets transmitted, 0 packets received, 100.0% packet loss
> 
> Or like this:
> 
>   $ ping www.yorku.ca
>   ping: unknown host: www.yorku.ca
> 
> If it is like the second one, then perhaps you are not running a DNS 
> server on your firewall.  Your /etc/resolv.conf file sets your DNS server 
> to the IP address of the external interface on your firewall.  Is one 
> listening on that interface?  -- Dale

Re: Custom rc.d startup script for sslsplit doesn't stops the process 8SOLVED)

[C.L. Martinez]

On 04/20/2015 12:15 PM, C.L. Martinez wrote:

On 04/20/2015 11:50 AM, Antoine Jacoutot wrote:

On Mon, Apr 20, 2015 at 11:44:59AM +, C.L. Martinez wrote:

Hi all,

  I have created a custom rc.d script to launch sslsplit at startup
and stop
it at shutdown. Start option works without problems, but this script
doesn't
stop process.

  Here it is:

#!/bin/sh -x
#


daemon="/usr/local/bin/sslsplit"

. /etc/rc.d/rc.subr

rc_reload=NO

rc_cmd $1

Options in rc.conf.local are:

sslsplit_flags="-d -Z -l /var/log/sslsplit -S /tmp -k
/root/configs/sslsplit/ca.key -p /var/run/sslsplit.pid -c
/root/configs/sslsplit/ca.crt -u proxy ssl 127.0.0.1 8443"


You need a pexp variable that patches the process table.


+ pexp=/usr/local/bin/sslsplit -d -Z -l /var/log/sslsplit -S /tmp -k
/root/configs/sslsplit/ca.key -p /var/run/sslsplit.pid -c
/root/configs/sslsplit/ca.crt -u proxy ssl 127.0.0.1 8443


versus


17658 ??  Ss  0:04.65 /usr/local/bin/sslsplit -d -Z -l
/var/log/sslsplit
-S /tmp -k /root/configs/sslsplit/ca.key -p /var/run/sslsplit.pid -c





Uhmm .. I am trying some variants, but it doesn't works:

+ daemon=/usr/local/bin/sslsplit -d -u proxy
+ daemon_flags=-Z -l /var/log/sslsplit -S /tmp -k
/root/configs/sslsplit/ca.key -c /root/configs/sslsplit/ca.crt ssl
127.0.0.1 8443
+ . /etc/rc.d/rc.subr
+ [ -n  ]
+ [ -n /usr/local/bin/sslsplit -d -u proxy ]
+ unset _RC_DEBUG _RC_FORCE
+ getopts df c
+ shift 0
+ basename /etc/rc.d/sslsplit
+ _name=sslsplit
+ _RC_RUNDIR=/var/run/rc.d
+ _RC_RUNFILE=/var/run/rc.d/sslsplit
+ _rc_do _rc_parse_conf
+ eval _rcflags=${sslsplit_flags}
+ _rcflags=
+ eval _rcuser=${sslsplit_user}
+ _rcuser=
+ eval _rctimeout=${sslsplit_timeout}
+ _rctimeout=
+ getcap -f /etc/login.conf sslsplit
+ > /dev/null
+ 2>&1
+ [ -z  ]
+ daemon_class=daemon
+ [ -z  ]
+ daemon_user=root
+ [ -z  ]
+ daemon_timeout=30
+ [ -n  ]
+ [ -n  ]
+ [ -n  ]
+ [ -n  ]
+ printf  %s -Z -l /var/log/sslsplit -S /tmp -k
/root/configs/sslsplit/ca.key -c /root/configs/sslsplit/ca.crt ssl
127.0.0.1 8443
+ daemon_flags= -Z -l /var/log/sslsplit -S /tmp -k
/root/configs/sslsplit/ca.key -c /root/configs/sslsplit/ca.crt ssl
127.0.0.1 8443
+ daemon_flags=-Z -l /var/log/sslsplit -S /tmp -k
/root/configs/sslsplit/ca.key -c /root/configs/sslsplit/ca.crt ssl
127.0.0.1 8443
+ readonly daemon_class
+ unset _rcflags _rcuser
+ pexp=/usr/local/bin/sslsplit -d -u proxy -Z -l /var/log/sslsplit -S
/tmp -k /root/configs/sslsplit/ca.key -c /root/configs/sslsplit/ca.crt
ssl 127.0.0.1 8443
+ rcexec=su -l -c daemon -s /bin/sh root -c
+ rc_reload=NO
+ rc_cmd stop

pexp result is correct now, but daemon is not stopped ...


Ok, now it works... I have removed /var/run/rc.d/sslplit file and now it 
is working ...

Re: not known intel ethernet card

[Dariusz Swiderski]

Hi

Could you to apply the attached diff on a clean tree and send me full
dmesg output? it seems there are 2 problems to be fixed:

1. link detection does not work well on th original box i developped the
support for.
2. the first phy on your hardware seems to behave wierdly, and i need to
find out why.

greets


On Sat, 18 Apr 2015, Holger Glaess wrote:

> hi
>
> dont worry , i'm happy that you care about this problem so fast.
>
> holger
>
> Am 17.04.2015 um 22:18 schrieb Dariusz Swiderski:
> > Hi,
> >
> > was not quite expecting that, new diff is being cooked up, but expect it
> > later this night
> >
> > greets
> > --
> > Maciej 'sfires' Swiderski
> > ---
> > SysAdm | SecOff  | DS14145-RIPE| DS11-6BONE
> > 193.178.161.0/24 | 3ffe:8010:7:2a::/64 | AS16288
> > ---
> > A mouse is a device used to point at the xterm you want to type in.
> >
> > > On 17 kwi 2015, at 18:45, Holger Glaess  > > > wrote:
> > >
> > > hi
> > >
> > > Am 17.04.2015 um 13:28 schrieb Dariusz Swiderski:
> > > > hi
> > > >
> > > > is this only on em1?
> > > yes just em1
> > > > and can you try plugging each of this port to a switch and see in
> > > > ifconfig if
> > > > media gets
> > > > negotiated?
> > > i did and no negoation ,
> > > ifconfig says no link because the link led is on.
> > >
> > > if i do an "ifconfig em3 up"
> > >
> > > em3: flags=8843 mtu 1500
> > >lladdr 00:14:b7:00:61:66
> > >priority: 0
> > >media: Ethernet autoselect (1000baseT full-duplex)
> > >status: active
> > >
> > > if i pull the cable
> > >
> > > same result like ahead.
> > >
> > > holger
> > >
> > >
> > >
> > > >
> > > > greets
> > > > --
> > > > Maciej 'sfires' Swiderski
> > > > ---
> > > > SysAdm | SecOff  | DS14145-RIPE| DS11-6BONE
> > > > 193.178.161.0/24 | 3ffe:8010:7:2a::/64 | AS16288
> > > > ---
> > > > A mouse is a device used to point at the xterm you want to type in.
> > > >
> > > > > On 17 kwi 2015, at 13:21, Holger Glaess  > > > > > wrote:
> > > > >
> > > > > hi
> > > > >
> > > > > looks good , but this "unable to read" is coming from
> > > > > not connected port ?
> > > > >
> > > > > Holger
> > > > >
> > > > >
> > > > > # dmesg | grep "^em"
> > > > > em0 at pci1 dev 0 function 0 "Intel 82574L" rev 0x00: msi, address
> > > > > 00:14:b7:00:61:63
> > > > > em1 at pci3 dev 0 function 0 "Intel EP80579 LAN" rev 0x01: apic 2
int
> > > > > 16,
> > > > > address 00:14:b7:00:61:64
> > > > > em2 at pci3 dev 1 function 0 "Intel EP80579 LAN" rev 0x01: apic 2
int
> > > > > 17,
> > > > > address 00:14:b7:00:61:65
> > > > > em3 at pci3 dev 2 function 0 "Intel EP80579 LAN" rev 0x01: apic 2
int
> > > > > 18,
> > > > > address 00:14:b7:00:61:66
> > > > > em1: unable to read phy 0 reg 2
> > > > > em1: unable to read phy 0 reg 3
> > > > > em1: unable to read phy 0 reg 2
> > > > > em1: unable to read phy 0 reg 3
> > > > > em1: unable to read phy 0 reg 2
> > > > > em1: unable to read phy 0 reg 3
> > > > > em1: unable to read phy 0 reg 1
> > > > > em1: unable to read phy 0 reg 1
> > > > > em1: unable to read phy 0 reg 1
> > > > > em1: unable to read phy 0 reg 1
> > > > >
> > > > >
> > > > >
> > > > > > hi
> > > > > >
> > > > > > please apply attached patch on top of the previous one, build and
> > > > > > reboot
> > > > > > :)
> > > > > >
> > > > > > greets
> > > > > > dms
> > > > > >
> > > > > > On Fri, 17 Apr 2015, Holger Glaess wrote:
> > > > > >
> > > > > > > hi
> > > > > > >
> > > > > > > after build and boot the a patched kernel
> > > > > > > i see now the em interface but
> > > > > > > he show an eeprom error.
> > > > > > >
> > > > > > >
> > > > > > > see demsg
> > > > > > >
> > > > > > > Holger
> > > > > > >
> > > > > > > OpenBSD 5.7-stable (GENERIC) #10: Fri Apr 17 10:48:45 CEST 2015
> > > > > > > root@DAF.rocki.intern
> > > > > > >
:/usr/src/sys/arch/i386/compile/GENERIC
> > > > > > > cpu0: Genuine Intel(R) processor 1.20GHz ("GenuineIntel"
> > > > > > > 686-class) 1.21
> > > > > > GHz
> > > > > > > cpu0:
> > > > > > >
> > > >
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,A
> > > > > > CPI,MMX,FXSR,SSE,SSE2,SS,TM,PBE,PERF
> > > > > > > real mem  = 1072041984 (1022MB)
> > > > > > > avail mem = 1042157568 (993MB)
> > > > > > > mpath0 at root
> > > > > > > scsibus0 at mpath0: 256 targets
> > > > > > > mainbus0 at root
> > > > > > > bios0 at mainbus0: date 07/06/09, BIOS32 rev. 0 @ 0xfa530,
SMBIOS
> > > > > > > rev.
> > > > > > > 2.2
> > > > > > > @ 0xf0800 (39 entries)
> > > > > > > bios0: vendor Phoenix Technologies, LTD version "ANSA 3020
> > > > > > > R01
> > > > > > > Jul,2,2009" date 07/06/2009
> > > > > > > acpi0 at bios0: rev 0
> > > > > > > acpi0: sleep states S0 S3 S4 S5
> > > > > > > acpi0: tables DSD

Re: Custom rc.d startup script for sslsplit doesn't stops the process

[C.L. Martinez]

On 04/20/2015 11:50 AM, Antoine Jacoutot wrote:

On Mon, Apr 20, 2015 at 11:44:59AM +, C.L. Martinez wrote:

Hi all,

  I have created a custom rc.d script to launch sslsplit at startup and stop
it at shutdown. Start option works without problems, but this script doesn't
stop process.

  Here it is:

#!/bin/sh -x
#


daemon="/usr/local/bin/sslsplit"

. /etc/rc.d/rc.subr

rc_reload=NO

rc_cmd $1

Options in rc.conf.local are:

sslsplit_flags="-d -Z -l /var/log/sslsplit -S /tmp -k
/root/configs/sslsplit/ca.key -p /var/run/sslsplit.pid -c
/root/configs/sslsplit/ca.crt -u proxy ssl 127.0.0.1 8443"


You need a pexp variable that patches the process table.


+ pexp=/usr/local/bin/sslsplit -d -Z -l /var/log/sslsplit -S /tmp -k
/root/configs/sslsplit/ca.key -p /var/run/sslsplit.pid -c
/root/configs/sslsplit/ca.crt -u proxy ssl 127.0.0.1 8443


versus


17658 ??  Ss  0:04.65 /usr/local/bin/sslsplit -d -Z -l /var/log/sslsplit
-S /tmp -k /root/configs/sslsplit/ca.key -p /var/run/sslsplit.pid -c





Uhmm .. I am trying some variants, but it doesn't works:

+ daemon=/usr/local/bin/sslsplit -d -u proxy
+ daemon_flags=-Z -l /var/log/sslsplit -S /tmp -k 
/root/configs/sslsplit/ca.key -c /root/configs/sslsplit/ca.crt ssl 
127.0.0.1 8443

+ . /etc/rc.d/rc.subr
+ [ -n  ]
+ [ -n /usr/local/bin/sslsplit -d -u proxy ]
+ unset _RC_DEBUG _RC_FORCE
+ getopts df c
+ shift 0
+ basename /etc/rc.d/sslsplit
+ _name=sslsplit
+ _RC_RUNDIR=/var/run/rc.d
+ _RC_RUNFILE=/var/run/rc.d/sslsplit
+ _rc_do _rc_parse_conf
+ eval _rcflags=${sslsplit_flags}
+ _rcflags=
+ eval _rcuser=${sslsplit_user}
+ _rcuser=
+ eval _rctimeout=${sslsplit_timeout}
+ _rctimeout=
+ getcap -f /etc/login.conf sslsplit
+ > /dev/null
+ 2>&1
+ [ -z  ]
+ daemon_class=daemon
+ [ -z  ]
+ daemon_user=root
+ [ -z  ]
+ daemon_timeout=30
+ [ -n  ]
+ [ -n  ]
+ [ -n  ]
+ [ -n  ]
+ printf  %s -Z -l /var/log/sslsplit -S /tmp -k 
/root/configs/sslsplit/ca.key -c /root/configs/sslsplit/ca.crt ssl 
127.0.0.1 8443
+ daemon_flags= -Z -l /var/log/sslsplit -S /tmp -k 
/root/configs/sslsplit/ca.key -c /root/configs/sslsplit/ca.crt ssl 
127.0.0.1 8443
+ daemon_flags=-Z -l /var/log/sslsplit -S /tmp -k 
/root/configs/sslsplit/ca.key -c /root/configs/sslsplit/ca.crt ssl 
127.0.0.1 8443

+ readonly daemon_class
+ unset _rcflags _rcuser
+ pexp=/usr/local/bin/sslsplit -d -u proxy -Z -l /var/log/sslsplit -S 
/tmp -k /root/configs/sslsplit/ca.key -c /root/configs/sslsplit/ca.crt 
ssl 127.0.0.1 8443

+ rcexec=su -l -c daemon -s /bin/sh root -c
+ rc_reload=NO
+ rc_cmd stop

pexp result is correct now, but daemon is not stopped ...

Re: Custom rc.d startup script for sslsplit doesn't stops the process

[Antoine Jacoutot]

On Mon, Apr 20, 2015 at 11:44:59AM +, C.L. Martinez wrote:
> Hi all,
> 
>  I have created a custom rc.d script to launch sslsplit at startup and stop
> it at shutdown. Start option works without problems, but this script doesn't
> stop process.
> 
>  Here it is:
> 
> #!/bin/sh -x
> #
> 
> 
> daemon="/usr/local/bin/sslsplit"
> 
> . /etc/rc.d/rc.subr
> 
> rc_reload=NO
> 
> rc_cmd $1
> 
> Options in rc.conf.local are:
> 
> sslsplit_flags="-d -Z -l /var/log/sslsplit -S /tmp -k
> /root/configs/sslsplit/ca.key -p /var/run/sslsplit.pid -c
> /root/configs/sslsplit/ca.crt -u proxy ssl 127.0.0.1 8443"

You need a pexp variable that patches the process table.

> + pexp=/usr/local/bin/sslsplit -d -Z -l /var/log/sslsplit -S /tmp -k
> /root/configs/sslsplit/ca.key -p /var/run/sslsplit.pid -c
> /root/configs/sslsplit/ca.crt -u proxy ssl 127.0.0.1 8443

versus

> 17658 ??  Ss  0:04.65 /usr/local/bin/sslsplit -d -Z -l /var/log/sslsplit
> -S /tmp -k /root/configs/sslsplit/ca.key -p /var/run/sslsplit.pid -c

-- 
Antoine

Custom rc.d startup script for sslsplit doesn't stops the process

[C.L. Martinez]

Hi all,

 I have created a custom rc.d script to launch sslsplit at startup and 
stop it at shutdown. Start option works without problems, but this 
script doesn't stop process.


 Here it is:

#!/bin/sh -x
#


daemon="/usr/local/bin/sslsplit"

. /etc/rc.d/rc.subr

rc_reload=NO

rc_cmd $1

Options in rc.conf.local are:

sslsplit_flags="-d -Z -l /var/log/sslsplit -S /tmp -k 
/root/configs/sslsplit/ca.key -p /var/run/sslsplit.pid -c 
/root/configs/sslsplit/ca.crt -u proxy ssl 127.0.0.1 8443"


When I try to stop it:

+ daemon=/usr/local/bin/sslsplit
+ . /etc/rc.d/rc.subr
+ [ -n  ]
+ [ -n /usr/local/bin/sslsplit ]
+ unset _RC_DEBUG _RC_FORCE
+ getopts df c
+ shift 0
+ basename /etc/rc.d/sslsplit
+ _name=sslsplit
+ _RC_RUNDIR=/var/run/rc.d
+ _RC_RUNFILE=/var/run/rc.d/sslsplit
+ _rc_do _rc_parse_conf
+ eval _rcflags=${sslsplit_flags}
+ _rcflags=-d -Z -l /var/log/sslsplit -S /tmp -k 
/root/configs/sslsplit/ca.key -p /var/run/sslsplit.pid -c 
/root/configs/sslsplit/ca.crt -u proxy ssl 127.0.0.1 8443

+ eval _rcuser=${sslsplit_user}
+ _rcuser=
+ eval _rctimeout=${sslsplit_timeout}
+ _rctimeout=
+ getcap -f /etc/login.conf sslsplit
+ > /dev/null
+ 2>&1
+ [ -z  ]
+ daemon_class=daemon
+ [ -z  ]
+ daemon_user=root
+ [ -z  ]
+ daemon_timeout=30
+ [ -n  ]
+ [ -n -d -Z -l /var/log/sslsplit -S /tmp -k 
/root/configs/sslsplit/ca.key -p /var/run/sslsplit.pid -c 
/root/configs/sslsplit/ca.crt -u proxy ssl 127.0.0.1 8443 ]
+ daemon_flags=-d -Z -l /var/log/sslsplit -S /tmp -k 
/root/configs/sslsplit/ca.key -p /var/run/sslsplit.pid -c 
/root/configs/sslsplit/ca.crt -u proxy ssl 127.0.0.1 8443

+ [ -n  ]
+ [ -n  ]
+ printf  %s -d -Z -l /var/log/sslsplit -S /tmp -k 
/root/configs/sslsplit/ca.key -p /var/run/sslsplit.pid -c 
/root/configs/sslsplit/ca.crt -u proxy ssl 127.0.0.1 8443
+ daemon_flags= -d -Z -l /var/log/sslsplit -S /tmp -k 
/root/configs/sslsplit/ca.key -p /var/run/sslsplit.pid -c 
/root/configs/sslsplit/ca.crt -u proxy ssl 127.0.0.1 8443
+ daemon_flags=-d -Z -l /var/log/sslsplit -S /tmp -k 
/root/configs/sslsplit/ca.key -p /var/run/sslsplit.pid -c 
/root/configs/sslsplit/ca.crt -u proxy ssl 127.0.0.1 8443

+ readonly daemon_class
+ unset _rcflags _rcuser
+ pexp=/usr/local/bin/sslsplit -d -Z -l /var/log/sslsplit -S /tmp -k 
/root/configs/sslsplit/ca.key -p /var/run/sslsplit.pid -c 
/root/configs/sslsplit/ca.crt -u proxy ssl 127.0.0.1 8443

+ rcexec=su -l -c daemon -s /bin/sh root -c
+ rc_reload=NO
+ rc_cmd stop

It doesn't works:

 8916 ??  Is  0:00.01 sshd: secit [priv] (sshd)
24626 ??  S   0:01.29 sshd: secit@ttyp0 (sshd)
 5118 ??  Is  0:00.01 sshd: secit [priv] (sshd)
 1098 ??  I   0:00.55 sshd: secit@ttyp1 (sshd)
17658 ??  Ss  0:04.65 /usr/local/bin/sslsplit -d -Z -l 
/var/log/sslsplit -S /tmp -k /root/configs/sslsplit/ca.key -p 
/var/run/sslsplit.pid -c /root/configs/sslsplit/ca.crt -u proxy ssl 127

 1814 p0  Is  0:00.00 -ksh (ksh)
 3346 p0  S   0:00.13 -ksh (ksh)

What am I doing wrong??

Re: pf.conf something is VERY wrong here, need advice.

[Ton Muller]

Hello, and good morning.
Yes i know, but assay'd , i used my default config to test becouse this
one normaly alway's worked here.
Well, DID work, i can try with not the egress, but need to find out how
thatworked again.
for the dns inbound, as say's, was for test only, after i know all was
working i could work on a perm solution.
as for DNS, i am gonna use named here, that is, if my working zone
configs keep working, and i downloaded fresh zone files.)

Tony.
On 20-4-2015 3:07, System Administrator wrote:
> On 20 Apr 2015 at 0:11, Ton Muller wrote:
> 
>> i have last week setup my old asus laptop, model A6000 ,1GB ram, 80GB HDD.
>>
>> SK0 is the internal interface.
>> RE0 is the WAN interface
>>
>> i kept my pf.conf as simple posible to get it start
>>  START CONFIG ##
>> #
>> int_if = "sk0"
>> ext_if = "re0"
>>
>> tcp_services="{ 22,53,113 }"
>> icmp_types="echoreq"
>>
>> # options
>> # increase default state limit from 10'000 states on busy systems
>> #set limit states 10
>>
>> set block-policy return
>> set loginterface egress
>> set skip on lo
>>
>> # match rules
>> match out on egress inet from !(egress:network) to any nat-to (egress:0)
>> #
>> # filter rules
>> block in log
>> pass out quick
>> antispoof quick for { lo $int_if }
>>
>> pass in on egress inet proto tcp from any to (egress) port $tcp_services
>> #
>> pass in inet proto icmp all icmp-type $icmp_types
>> pass in on $int_if
>>
>> # end config ##
>>
>> this is my resolv.conf
>> # Generated by re0 dhclient
>> search xs4non.nl
>> nameserver 192.168.1.240
>> lookup file bind
>>
>> RE0 ip 192.168.1.240
>> SK0 ip 192.168.0.240
>>
>> mygate 192.168.1.240
>>
>> Well, as far i can remember ,if i set RE0 to dhcp ,it would get its ip
>> from the DHCP server from modem, that works (192.168.1.1) and mygate
>> would not be used.
>>
>> here comes the isue.
>> what ever combination i do, forced or not.
>> i can ping a host, and i get NO result back.
>> ping i its IP adres, i get a result back.
>> so my question is, what am i doing wrong here.
>>
>> i never changed my basic configs so i knowed that i would work.
>> but for some reasen this time i get a masive headache from it.
>>
>> anyone ideas?
>>
>> Tony.
>>
>>
> 
> Here are some ideas that may (or may not) resolve your issues. 
> Hopefully, they will at least get you started in the right direction:
> 
> 1) Since you are using the 'egress' interface group name rather than 
> the explicitly defined $ext_if macro variable, make sure that it is 
> defined and for the correct interface. I know it works well when 
> /etc/mygate is correctly defined, but never had the need to test with 
> dhclient controlled interfaces.
> 
> 2) You seem to want to allow DNS (port 53) traffic inbound, but are you 
> aware that most DNS communication is over UDP? TCP DNS is used mostly, 
> if not only, for zone transfers.
> 
> 3) Similarly, for ICMP (used by ping) you are allowing in only the 
> query subtype and not the reply (icmp-type echorep).
> 
> Good luck!

Re: dwb port

[Raf Czlonka]

On Mon, Apr 20, 2015 at 11:43:40AM BST, Joseph Oficre wrote:

> Hi all,
> I have a question about dwb port.
> I can see it here http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/www/dwb/
> and here http://openports.se/www/dwb
> 
> but there is no such port in my ports tree.
> Is it something wrong with my local tree?
> 
> cvs -q up -rOPENBSD_5_6 -Pd does nothing, unfortunately,,

That's because it's not available in OPENBSD_5_6 branch as it has been
included post-5.6 code/ports freeze.

[0] 
http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/www/dwb/distinfo?rev=1.1&content-type=text/x-cvsweb-markup

Regards,

Raf

more missing -e option during snapshot upgrade (Apr 14 & 19 amd64)

[Adam Wolk]

Hi misc@

I reported a similar issue previously though it was about less and the
installer code was changed:

http://marc.info/?l=openbsd-misc&m=142817044404891&w=2

This time the installer complains about '-e' option not being present in
more.

My upgrade process is as follows.
 - backup bsd* to bsd*.b
 - reboot
 - boot bsd.rd
 - perform upgrade
 - sysmerge & package updates

During the install trying to use the ? option when picking set locations
results in an error instead of receiving a enumerated list of mirrors to
pick from.

This has so far happened on two amd64 snapshot upgrades:
 - Apr 14
 - Apr 19
both obtained from mirrors.nycbug.org.

Regards,
-- 
  Adam Wolk
  adam.w...@koparo.com

Re: dwb port

[Joseph Oficre]

Oh, got it, ty a lot, my friends!

2015-04-20 14:52 GMT+04:00 Antoine Jacoutot :

> On Mon, Apr 20, 2015 at 02:43:40PM +0400, Joseph Oficre wrote:
> > Hi all,
> > I have a question about dwb port.
> > I can see it here
> http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/www/dwb/
> > and here http://openports.se/www/dwb
> >
> > but there is no such port in my ports tree.
> > Is it something wrong with my local tree?
> >
> > cvs -q up -rOPENBSD_5_6 -Pd does nothing, unfortunately,,
>
>
> It was imported after  5.6 was tagged.
> --
> Antoine

Re: dwb port

[Antoine Jacoutot]

On Mon, Apr 20, 2015 at 02:43:40PM +0400, Joseph Oficre wrote:
> Hi all,
> I have a question about dwb port.
> I can see it here http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/www/dwb/
> and here http://openports.se/www/dwb
> 
> but there is no such port in my ports tree.
> Is it something wrong with my local tree?
> 
> cvs -q up -rOPENBSD_5_6 -Pd does nothing, unfortunately,,


It was imported after  5.6 was tagged.
-- 
Antoine

Re: dwb port

[Peter Hessler]

www/dwb was added after 5.6, so it won't show up there.  You either need
to upgrade to 5.7 (scheduled to be released on May 1), or upgrade to
-current.



On 2015 Apr 20 (Mon) at 14:43:40 +0400 (+0400), Joseph Oficre wrote:
:Hi all,
:I have a question about dwb port.
:I can see it here http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/www/dwb/
:and here http://openports.se/www/dwb
:
:but there is no such port in my ports tree.
:Is it something wrong with my local tree?
:
:cvs -q up -rOPENBSD_5_6 -Pd does nothing, unfortunately,,
:

-- 
The right to revolt has sources deep in our history.
-- Supreme Court Justice William O. Douglas

dwb port

[Joseph Oficre]

Hi all,
I have a question about dwb port.
I can see it here http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/www/dwb/
and here http://openports.se/www/dwb

but there is no such port in my ports tree.
Is it something wrong with my local tree?

cvs -q up -rOPENBSD_5_6 -Pd does nothing, unfortunately,,

Re: pf.conf something is VERY wrong here, need advice.

[Peter Hessler]

You need to show: ifconfig -A, netstat -rnf inet.  I'm fairly certain
there is a configuration problem.



On 2015 Apr 20 (Mon) at 00:11:56 +0200 (+0200), Ton Muller wrote:
:i have last week setup my old asus laptop, model A6000 ,1GB ram, 80GB HDD.
:
:SK0 is the internal interface.
:RE0 is the WAN interface
:
...
:
:RE0 ip 192.168.1.240
:SK0 ip 192.168.0.240
:
:mygate 192.168.1.240
:

-- 
Don't be humble ... you're not that great.
-- Golda Meir

Re: pf.conf something is VERY wrong here, need advice.

[Ton Muller]

On 20-4-2015 5:15, Dale Lindskog wrote:
> On Mon, 20 Apr 2015, Ton Muller wrote:
> 
>> i can ping a host, and i get NO result back.
>> ping i its IP adres, i get a result back.
> 
> You are saying here, I think, that if you ping a hostname, e.g. 
> www.example.com, then you get no reply, but if you ping its IP address, 
> you get a reply.
> 
> Where are you pinging from?  From the firewall itself, or from a host 
> behind the firewall?  Try both.
> 

Dale.
I did both.
as on openbsd, as on my local machines behind it.
i only noticed on litle thingie last night (yes it was very late for me)
when i do sh /etc/netstart ,changes i made to my IP config it didnt
aplied, i kep the the old stuff, so a reboot was needed, oh wel, its on
the todo list for finding it out all again, didnt work for 2 years with
openbsd :(

Tony.

Re: headless glass console looses colours on reboot

[Craig Skinner]

OK folks,

Same results on a 3rd box with 5.6 release.

This machine's dmesg below, if that's of any relevance.

On 2015-04-10 Fri 14:12 PM |, Craig Skinner wrote:
> 
> 2 x i386 boxes, each with 2 serial cables cross connected from com1 to
> com0 on his neighbour. Normally used without monitor, nor keyboard.
> 
> When ssh'ing, colours work fine (man pages, vim, mutt, lynx, etc.)
> 
> After connecting a spare VGA CRT monitor & logging in locally, there
> were no colours. But when I rebooted with the monitor & keyboard
> connected, colours were back.
> 
> When I connect the monitor & keyboard to the other box & reboot over the
> serial line, then replug the monitor back into the origianl box, colours
> are gone, until I reboot it with the monitor connected (even though the
> boot output is over com0 to the other machine).
> 
> Setup:
> 
> $ uname -srvm
> OpenBSD 5.6 GENERIC#274 i386
> 
> 
> $ cat /etc/boot.conf
> stty com0 9600
> set tty com0
> 
> 
> $ ls -l /etc/boot.conf
> -r--r--r--  1 root  wheel  28 Aug 25  2007 /etc/boot.conf
> 
> 
> $ grep ^ttyC /etc/ttys | grep on$
> ttyC0 "/usr/libexec/getty std.9600"   pccon   on
> ttyC1 "/usr/libexec/getty std.9600"   pccon   on
> ttyC2 "/usr/libexec/getty std.9600"   pccon   on
> ttyC3 "/usr/libexec/getty std.9600"   pccon   on
> 
> 
> $ grep -v ^# /etc/wsconsctl.conf
> keyboard.encoding=uk  # Use United Kingdom keyboard encoding
> display.vblank=on # Enable vertical sync blank for screen burner
> display.screen_off=30 # Set screen burner timeout to 5 minutes
> display.msact=off # Disable screen unburn with mouse
> display.kbdact=on # Restore screen on keyboard input
> display.outact=off# Restore screen on display output
> 
> 
> $ printenv TERM
> pccon
> 
> 
> $ tput colors
> 8
> 
> 
> Any ideas on how to have console colours when connecting a monitor after
> booting?
> 


OpenBSD 5.6 (GENERIC) #274: Fri Aug  8 00:05:13 MDT 2014
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 349 MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PSE36,MMX,FXSR,PERF
real mem  = 133644288 (127MB)
avail mem = 119042048 (113MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 07/19/99, BIOS32 rev. 0 @ 0xfd861, SMBIOS 
rev. 2.1 @ 0xf7d95 (32 entries)
bios0: vendor IBM version "PDKT27AUS" date 07/19/99
bios0: IBM 6275500
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP
acpi0: wakeup devices PCI0(S5) PS2K(S1) PS2M(S1) COM1(S5) COM2(S5) USB0(S1)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0
bios0: ROM list: 0xc/0x8000
cpu0 at mainbus0: (uniprocessor)
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x03
intelagp0 at pchb0
agp0 at intelagp0: aperture at 0xec00, size 0x400
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 1 function 0 "S3 Trio3D AGP" rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
piixpcib0 at pci0 dev 2 function 0 "Intel 82371AB PIIX4 ISA" rev 0x02
pciide0 at pci0 dev 2 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 3079MB, 6306048 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
uhci0 at pci0 dev 2 function 2 "Intel 82371AB USB" rev 0x01: irq 10
piixpm0 at pci0 dev 2 function 3 "Intel 82371AB Power" rev 0x02: SMI
iic0 at piixpm0
spdmem0 at iic0 addr 0x50: 32MB SDRAM non-parity PC100CL3
spdmem1 at iic0 addr 0x51: 32MB SDRAM non-parity PC100CL3
spdmem2 at iic0 addr 0x52: 64MB SDRAM non-parity PC100CL3
spdmem3 at iic0 addr 0x55: 1GB DDR2 SDRAM PC2-5000CL4
xl0 at pci0 dev 16 function 0 "3Com 3c905B 100Base-TX" rev 0x64: irq 15, 
address 00:50:04:62:35:f8
bmtphy0 at xl0 phy 24: 3C905B internal PHY, rev. 0
xl1 at pci0 dev 18 function 0 "3Com 3c905B 100Base-TX" rev 0x30: irq 11, 
address 00:10:5a:f1:9d:b1
exphy0 at xl1 phy 24: 3Com internal media interface
isa0 at piixpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 "Intel UHCI root h

Re: pf.conf something is VERY wrong here, need advice.

[Ton Muller]

On 20-4-2015 2:08, Kevin Gerrard wrote:
> Version 5.6 here and this pf.conf is working fine, hope this helps. 
> You cannot have one of your interfaces also have the same ip as your gateway. 
> The 1.240 gateway has to be the next hop IP
> 
uh, define next ip hop ?


<-- snip -->


Tony.

Re: pf.conf something is VERY wrong here, need advice.

[Ton Muller]

On 20-4-2015 7:43, dan mclaughlin wrote:
> On Sun, 19 Apr 2015 21:07:31 -0400 "System Administrator"  
> wrote:
>> On 20 Apr 2015 at 0:11, Ton Muller wrote:
>>
>>> i have last week setup my old asus laptop, model A6000 ,1GB ram, 80GB HDD.
>>>
>>> SK0 is the internal interface.
>>> RE0 is the WAN interface
>>>
>>> i kept my pf.conf as simple posible to get it start
>>>  START CONFIG ##
>>> #
>>> int_if = "sk0"
>>> ext_if = "re0"
>>>
>>> tcp_services="{ 22,53,113 }"
>>> icmp_types="echoreq"
>>>
>>> # options
>>> # increase default state limit from 10'000 states on busy systems
>>> #set limit states 10
>>>
>>> set block-policy return
>>> set loginterface egress
>>> set skip on lo
>>>
>>> # match rules
>>> match out on egress inet from !(egress:network) to any nat-to (egress:0)
>>> #
>>> # filter rules
>>> block in log
>>> pass out quick
>>> antispoof quick for { lo $int_if }
>>>
>>> pass in on egress inet proto tcp from any to (egress) port $tcp_services
>>> #
>>> pass in inet proto icmp all icmp-type $icmp_types
>>> pass in on $int_if
>>>
>>> # end config ##
>>>
>>> this is my resolv.conf
>>> # Generated by re0 dhclient
>>> search xs4non.nl
>>> nameserver 192.168.1.240
>>> lookup file bind
>>>
>>> RE0 ip 192.168.1.240
>>> SK0 ip 192.168.0.240
>>>
>>> mygate 192.168.1.240
>>>
>>> Well, as far i can remember ,if i set RE0 to dhcp ,it would get its ip
>>> from the DHCP server from modem, that works (192.168.1.1) and mygate
>>> would not be used.
>>>
>>> here comes the isue.
>>> what ever combination i do, forced or not.
>>> i can ping a host, and i get NO result back.
>>> ping i its IP adres, i get a result back.
>>> so my question is, what am i doing wrong here.
>>>
>>> i never changed my basic configs so i knowed that i would work.
>>> but for some reasen this time i get a masive headache from it.
>>>
>>> anyone ideas?
>>>
>>> Tony.
>>>
>>>
>>
>> Here are some ideas that may (or may not) resolve your issues. 
>> Hopefully, they will at least get you started in the right direction:
>>
>> 1) Since you are using the 'egress' interface group name rather than 
>> the explicitly defined $ext_if macro variable, make sure that it is 
>> defined and for the correct interface. I know it works well when 
>> /etc/mygate is correctly defined, but never had the need to test with 
>> dhclient controlled interfaces.
> 
> i use the explicit interface myself, rather than egress, which works fine
> for dhcp. for a simple setup like this it's probably best to go with the
> interface.
> 
> some relevant pf.conf lines from my gateway (which uses dhcp):
> 
> block in log on $intif
> #allow connections to my internal dns
> pass in log quick on $intif proto udp from $intif:network to ($intif) port 53
> #allow packets in destined for other places
> pass in log quick on $intif inet from $intif:network to !$intif:network
> 
> pass out log quick on $extif inet from $intif:network to any nat-to ($extif)
> 
>>
>> 2) You seem to want to allow DNS (port 53) traffic inbound, but are you 
>> aware that most DNS communication is over UDP? TCP DNS is used mostly, 
>> if not only, for zone transfers.
> 
> i think his 'pass out' rule should handle that. pf does treat udp protocols
> as having state, so it should recognize the return packet.
> 
>>
>> 3) Similarly, for ICMP (used by ping) you are allowing in only the 
>> query subtype and not the reply (icmp-type echorep).
>>
>> Good luck!
>>
> 
> a few more points to help. first you want to see if traffic is passing, so
> in one window do:
> 
> # tcpdump -np -i re0
> 
> (you especially need the -n option above if your dns is not working).
> 
> then try dns lookup
> 
> $ host www.openbsd.org
> www.openbsd.org has address 129.128.5.194
> 
> you should see something like the following in tcpdump:
> 
> tcpdump: listening on lo0, link-type LOOP
> 01:29:29.147252 127.0.0.1.10553 > 127.0.0.1.53: 48987+ A? www.openbsd.org. 
> (33)
> 01:29:29.147557 127.0.0.1.53 > 127.0.0.1.10553: 48987 1/9/2 A 129.128.5.194 
> (275)
> 01:29:29.149874 127.0.0.1.29232 > 127.0.0.1.53: 59987+ ? www.openbsd.org. 
> (33)
> 01:29:29.150050 127.0.0.1.53 > 127.0.0.1.29232: 59987 0/1/0 (79)
> 01:29:29.150495 127.0.0.1.29234 > 127.0.0.1.53: 57835+ MX? www.openbsd.org. 
> (33)
> 01:29:29.150609 127.0.0.1.53 > 127.0.0.1.29234: 57835 0/1/0 (79)
> 
> except you should see your nameserver (192.168.1.240) and host (192.168.0.240)
> instead of 127.0.0.1.
> 
> if that works, try ping again, first with the IP, then with the hostname and
> watch the tcpdump output.
> 
> hopefully that will get you some useful information.
> 
> 

Hmm, lets give it a try.
as say'd, 53 was defaultworking testfile. tweaking is for when i know it
all was working well.

Tony.

Re: pf.conf something is VERY wrong here, need advice.

[Tuyosi Takesima]

your pf.conf is veriy similar to me .
perhaps it comes from small office

different
> > # increase default state limit from 10'000 states on busy systems
> > #set limit states 10

mine
ext_if="urtwn0"
int_if="bge0"
tcp_services="{ 22, 80 }"
icmp_types="echoreq"
set block-policy return
set loginterface $ext_if
set skip on lo
match out on $ext_if inet from !($ext_if:network) to any nat-to ($ext_if:0)
set reassemble yes no-df
block in log
pass out quick
antispoof quick for { lo $int_if }
pass in  on  $ext_if   inet proto tcp from any to  ( $ext_if:0 ) port
$tcp_services
pass in inet proto icmp all icmp-type $icmp_types
pass in on $int_if
---
regards