Can't reach www.openbsd.org
Hello, I can't reach www.openbsd.org (from 3 locations in Portugal). Is www.openbsd.org down? $ telnet www.openbsd.org 80 Trying 142.244.12.42... telnet: Unable to connect to remote host: No route to host Thanks, Ari Constancio
Re: Can't reach www.openbsd.org
2010/11/2 Guillaume Duali g.du...@otasc.org: On Tue, 2 Nov 2010 12:26:47 +, Ari Constancio ari.constan...@gmail.com wrote: Hello, I can't reach www.openbsd.org (from 3 locations in Portugal). Is www.openbsd.org down? $ telnet www.openbsd.org 80 Trying 142.244.12.42... telnet: Unable to connect to remote host: No route to host Thanks, Ari Constancio Hi, try it : http://openbsd.org Guillaume. Let me rephrase: I want to get man pages, and the link is http://www.openbsd.org/cgi-bin/man.cgi . Regards, Ari Constancio
Re: Multi-Port SSH brute force protection
On Mon, Nov 1, 2010 at 2:30 PM, onteria onte...@scarletdevil.net wrote: I was checking my authlog today and noticed the following series of brute force login attempts: Nov 1 01:37:04 solar sshd[8173]: Failed password for root from 58.211.1.163 port 8895 ssh2 Nov 1 01:37:04 solar sshd[10692]: Received disconnect from 58.211.1.163: 11: Bye Bye Nov 1 01:37:06 solar sshd[6273]: Failed password for root from 58.211.1.163 port 9052 ssh2 Nov 1 01:37:06 solar sshd[21047]: Received disconnect from 58.211.1.163: 11: Bye Bye First off login as root is disabled, so not much they can do here, but I'd like to try and setup up some kind of throttling protection for these sorts of attacks. Unfortunately they keep changing ports, so the traditional port 22 protection isn't going to work. I'm wondering if there's something similar to spamd for sshd that can handle this sort of throttling before handing off to the real server, or if sshd has some functionality to do that on its own. Thanks ahead of time for any suggestions. Hi, You have pf :) . Check max-src-conn-rate number / seconds on the man page. Regards, Ari Constancio
Re: PF rdr question
On Wed, Sep 23, 2009 at 5:59 PM, Matthew Young myoung24...@gmail.com wrote: Hello, Ive been trying to do redirection , this time with a very minimal procedure as follows. # cat /etc/pf.conf t_externa = re0 server = 208.99.249.95 rdr on $t_externa proto tcp from any to any port 80 - $server # cat /etc/sysctl.conf net.inet.ip.forwarding=1 net.inet6.ip6.forwarding=1 This is the state log: STATES: all tcp 208.99.249.95:80 (77.46.79.232:80) - 180.10.98.2:60011 CLOSED:SYN_SENT 180.10.98.2 is my IP, 77.46.79.232 is the box with pf.. and 208 is the box iam trying to redirect to. Why would this be failing? Thank you --Matt Hello, From http://www.openbsd.org/faq/pf/rdr.html : NOTE: Translated packets must still pass through the filter engine and will be blocked or passed based on the filter rules that have been defined. Regards, Ari Constancio
Re: Squid/authpf with lookups on Active Directory
Mark, Thanks for replying. I found some material about Squid but I'd really like also to include authpf. Cheers, Ari Constancio On 10/19/07, Mark Rolen [EMAIL PROTECTED] wrote: It's been over two years now, so specific steps are fuzzy now (I'd have to start from scratch to do it again), but I implemented two squid boxes (redundant via carp) that did authentication against a windows 2003 server for a church here. It simply required squid and samba (I do recall that I had to build samba from ports to get some feature I needed, the openbsd package didn't include it... however, this was on 3.8, things may be different now). So yes, it's very doable and was pretty simple. There are how-tos/tutorials to be found that will get you running in no time. Regards, Mark Ari Constancio wrote: Hi, I'm looking for a MS-ISA server replacement, and I'm thinking specifically in an OpenBSD-based setup with authpf and Squid (NTLM auth) on Active Directory. Does anyone have a similar setup? Thanks in advance, Ari Constancio
Re: Squid/authpf with lookups on Active Directory
Thanks to all for the replies. Everything is clear now; squid with ntlm auth and authpf with login_ldap will do the trick (sorry, Stuart, I didn't really read your message - now I have). Steven, I'm looking for a general gateway setup - not only web traffic. Cheers, Ari Constancio On 10/19/07, Steven Surdock [EMAIL PROTECTED] wrote: Ari Constancio wrote: Hi again, Sorry if I'm not being clear. I need this box to be a firewall and a proxy server. Squid, as it seems, can use NTLM auth to get account info from AD. But what about pf? How can I authenticate users from AD to get through pf? Thanks, Ari Constancio Define get through pf. What services (protocols ports) will they need to access after authenticating? I was assuming web traffic, which you would drive through squid, so no need for authpf. -Steve S.
Squid/authpf with lookups on Active Directory
Hi, I'm looking for a MS-ISA server replacement, and I'm thinking specifically in an OpenBSD-based setup with authpf and Squid (NTLM auth) on Active Directory. Does anyone have a similar setup? Thanks in advance, Ari Constancio
Re: Squid/authpf with lookups on Active Directory
Hi again, Sorry if I'm not being clear. I need this box to be a firewall and a proxy server. Squid, as it seems, can use NTLM auth to get account info from AD. But what about pf? How can I authenticate users from AD to get through pf? Thanks, Ari Constancio On 10/19/07, Mark Rolen [EMAIL PROTECTED] wrote: Steven Surdock wrote: To perform integrated NTLM auth I believe you'll need winbind from samba and windbind support for Squid. I'm not sure I understand the authpf requirement. http://marc.info/?l=openbsd-portsm=119081356508513w=2 -Steve S. I have to agree with Steven here, I don't understand why you want both NTLM auth and authpf. Doing NTLM auth makes for easy and transparent authentication for users on windows machines, adding authpf to the mix seems to take away that ease and transparency. Is the authpf supposed to be your real authentication piece, and you want the NTLM bit just so the usernames show up in squid's logs, for accountability reasons?
Asus WL-107G card on Compaq Presario 920EA laptop
Hello, I can't enable an Asus WL-107G wireless card (Ralink-based) with OpenBSD 4.0 on a Compaq Presario 920EA laptop. The card works with non-BSD OS's in the same machine. I have been told the problem actually could be the PCMCIA interface, rather than the card - I did try a different card with no results. I appreciate any help on this. The dmesg output is: OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Mobile AMD Athlon(tm) XP 2000+ (AuthenticAMD 686-class, 256KB L2 cache) 1.66 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 788029440 (769560K) avail mem = 710303744 (693656K) using 4256 buffers containing 39505920 bytes (38580K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(75) BIOS, date 10/24/02, BIOS32 rev. 0 @ 0xfd760, SMBIOS rev. 2.3 @ 0xdf010 (16 entries) bios0: Compaq Presario 900 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd760/0x8a0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf10/208 (11 entries) pcibios0: PCI Interrupt Router at 000:07:0 (Acer Labs M1533 ISA rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0xf000 0xdf000/0x1000! 0xe/0x4000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 ATI RS100 AGP rev 0x13 ppb0 at pci0 dev 1 function 0 ATI RS100 PCI rev 0x01 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 ATI Radeon IGP 320M rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ohci0 at pci0 dev 2 function 0 Acer Labs M5237 USB rev 0x03: irq 11, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: Acer Labs OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered pcib0 at pci0 dev 7 function 0 Acer Labs M1533 ISA rev 0x00 autri0 at pci0 dev 8 function 0 Acer Labs M5451 Audio rev 0x02: irq 5 ac97: codec id 0x41445363 (Analog Devices AD1886A) ac97: codec features headphone, Analog Devices Phat Stereo audio0 at autri0 midi0 at autri0: 4DWAVE MIDI UART cbb0 at pci0 dev 10 function 0 TI PCI1410 CardBus rev 0x02pci_intr_map: no mapping for pin A : couldn't map interrupt re0 at pci0 dev 11 function 0 Realtek 8139 rev 0x20: chip is is in D1 power mode -- setting to D0: irq 11, address 00:0b:cd:15:bf:8a rlphy0 at re0 phy 0: RTL internal PHY Conexant HSF 56k HSFi rev 0x01 at pci0 dev 12 function 0 not configured ohci1 at pci0 dev 15 function 0 Acer Labs M5237 USB rev 0x03: irq 11, version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: Acer Labs OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 4 ports with 4 removable, self powered pciide0 at pci0 dev 16 function 0 Acer Labs M5229 UDMA IDE rev 0xc4: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: IC25N030ATCS04-0 wd0: 16-sector PIO, LBA, 28615MB, 58605120 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TOSHIBA, DVD-ROM SD-R2102, 1A16 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 alipm0 at pci0 dev 17 function 0 Acer Labs M7101 Power rev 0x00: 74KHz clock iic0 at alipm0 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi1 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec pcic0 at isa0 port 0x3e0/2 iomem 0xd/16384 pcic0 controller 0: Intel 82365SL rev 2 has sockets A and B pcmcia0 at pcic0 controller 0 socket 0 pcic_chip_socket_enable: status c pcic_wait_ready: ready never happened, status = 0c pccom3 at pcmcia0 function 0: can't allocate i/o space pcmcia1 at pcic0 controller 0 socket 1 pcic_chip_socket_enable: status c pcic_wait_ready: ready never happened, status = 0c pccom4 at pcmcia1 function 0: can't allocate i/o space pcic0: irq 3, polling enabled biomask ef55 netmask ef55 ttymask ffdf pctr: user-level cycle counter enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 Regards, Ari Constancio
Re: Asus WL-107G card on Compaq Presario 920EA laptop
Hello,
The message I get is the same that appears in dmesg:
pcic_chip_socket_enable: status c
pcic_wait_ready: ready never happened, status = 0c
pccom3 at pcmcia0 function 0: can't allocate i/o space
pcmcia1 at pcic0 controller 0 socket 1
pcic_chip_socket_enable: status c
pcic_wait_ready: ready never happened, status = 0c
pccom4 at pcmcia1 function 0: can't allocate i/o space
Each time the card is reinserted, the message appears (pccom* incremented):
pcic_chip_socket_enable: status c
pcic_wait_ready: ready never happened, status = 0c
pccom{5,6,...} at pcmcia0 function 0: can't allocate i/o space
So, I believe the card is not really the issue but rather the interface.
Can anyone check on this?
Ari Constancio
Wireless card Asus WL-107G not working
Hello, My wireless card (Asus WL-107G - Ralink RT2500 based) isn't detected at boot time, even though it works in the same laptop *Compaq Presario 920EA) under other OS's. Here's the dmesg output (suggesting some problem with PCMCIA): OpenBSD 3.9-current (GENERIC) #0: Fri May 12 10:47:58 WEST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Mobile AMD Athlon(tm) XP 2000+ (AuthenticAMD 686-class, 256KB L2 cache) 1.66 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 788029440 (769560K) avail mem = 710823936 (694164K) using 4256 buffers containing 39505920 bytes (38580K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(75) BIOS, date 10/24/02, BIOS32 rev. 0 @ 0xfd760, SMBIOS rev. 2.3 @ 0xdf010 (16 entries) bios0: Compaq Presario 900 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd760/0x8a0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf10/208 (11 entries) pcibios0: PCI Interrupt Router at 000:07:0 (Acer Labs M1533 ISA rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0xf000 0xdf000/0x1000! 0xe/0x4000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 ATI RS100 AGP rev 0x13 ppb0 at pci0 dev 1 function 0 ATI RS100 PCI rev 0x01 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 ATI Radeon IGP 320M rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ohci0 at pci0 dev 2 function 0 Acer Labs M5237 USB rev 0x03: irq 11, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: Acer Labs OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered pcib0 at pci0 dev 7 function 0 Acer Labs M1533 ISA rev 0x00 autri0 at pci0 dev 8 function 0 Acer Labs M5451 Audio rev 0x02: irq 5 ac97: codec id 0x41445363 (Analog Devices AD1886A) ac97: codec features headphone, Analog Devices Phat Stereo audio0 at autri0 midi0 at autri0: 4DWAVE MIDI UART cbb0 at pci0 dev 10 function 0 Texas Instruments PCI1410 CardBus rev 0x02pci_intr_map: no mapping for pin A : couldn't map interrupt rl0 at pci0 dev 11 function 0 Realtek 8139 rev 0x20: irq 11, address 00:0b:cd:15:bf:8a rlphy0 at rl0 phy 0: RTL internal PHY Conexant HSF 56k HSFi rev 0x01 at pci0 dev 12 function 0 not configured ohci1 at pci0 dev 15 function 0 Acer Labs M5237 USB rev 0x03: irq 11, version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: Acer Labs OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 4 ports with 4 removable, self powered pciide0 at pci0 dev 16 function 0 Acer Labs M5229 UDMA IDE rev 0xc4: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: IC25N030ATCS04-0 wd0: 16-sector PIO, LBA, 28615MB, 58605120 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TOSHIBA, DVD-ROM SD-R2102, 1A16 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 alipm0 at pci0 dev 17 function 0 Acer Labs M7101 Power rev 0x00: 74KHz clock iic0 at alipm0 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi1 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec pcic0 at isa0 port 0x3e0/2 iomem 0xd/16384 pcic0 controller 0: Intel 82365SL rev 2 has sockets A and B pcmcia0 at pcic0 controller 0 socket 0 pcic_chip_socket_enable: status c pcic_wait_ready: ready never happened, status = 0c pccom3 at pcmcia0 function 0: can't allocate i/o space pcmcia1 at pcic0 controller 0 socket 1 pcic_chip_socket_enable: status c pcic_wait_ready: ready never happened, status = 0c pccom4 at pcmcia1 function 0: can't allocate i/o space pcic0: irq 3, polling enabled biomask ef55 netmask ef55 ttymask ffdf pctr: user-level cycle counter enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 I welcome any advice. Thank you, Ari Constancio
