DNS and PF
Hello Everyone; dmz_ip=192.168.1.1 dmz_block=192.168.1.0/24 #DNS 1 scarlett=192.168.1.2 pub_scarlett=64.142.102.9 #DNS 2 shelly=192.168.1.3 pub_shelly=64.142.102.10 #WWW 1 www_ip=192.168.1.4 pub_www=64.142.102.11 #Normalizing scrub in all #NAT and Binat nat on rl0 from $int_block to any - $ext_ip binat on rl0 from $scarlett to any - $pub_scarlett binat on rl0 from $shelly to any - $pub_shelly binat on rl0 from $www_ip to any - $pub_www #Redirection rdr on rl1 proto tcp from any to $pub_www port 80 - $www_ip #Default block policy block all #Anti-spoofing block in quick from urpf-failed #vr0 traffic pass in on vr0 proto tcp from $int_block to any port 6112 pass in on vr0 proto tcp from $int_block to any port 80 pass in on vr0 proto tcp from $int_block to 207.212.58.16 pass in on vr0 proto tcp from $int_block to any port 443 pass in on vr0 proto tcp from $int_block to any port 5190 pass in on vr0 proto { udp, icmp } from $int_block to any #pass in all #pass out all #rl1 traffic pass in on rl1 proto { tcp, udp } from $dmz_block port 1024:65535 to any port 53 pass in on rl1 proto icmp from $scarlett to any pass in on rl1 proto tcp from $www_ip to any port 80 pass in on rl1 proto { udp, icmp } from $www_ip to any #rl0 traffic pass out on rl0 proto { tcp, udp, icmp } all modulate state # ifconfig -A rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:50:bf:3a:2e:66 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet 64.142.102.8 netmask 0xff00 broadcast 64.142.102.255 inet6 fe80::250:bfff:fe3a:2e66%rl0 prefixlen 64 scopeid 0x1 inet 64.142.102.9 netmask 0x broadcast 64.142.102.9 inet 64.142.102.10 netmask 0x broadcast 64.142.102.10 inet 64.142.102.11 netmask 0x broadcast 64.142.102.11 rl1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:13:46:30:0b:b2 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255 inet6 fe80::213:46ff:fe30:bb2%rl1 prefixlen 64 scopeid 0x2 I'm currently running DJBDNS 1.05 and cannot resolve my NS records whenever my PF firewall is on a default blocking policy. The commened line, rl1 traffic, contains the pass rule for any DNS traffic, but, even with that line, I cannot resolve the NS records. Whenever the pass in all and pass out all rules are set and loaded, DNS resolves just fine so it would seem that, somewhere in my rules, a problem exists. Anyone who is familiar with PF or DNS and has a thought on how to solve this problem, their input is much appreciated. Thank you; Bray.
WWW to go public, if pf would let me
Hello Everyone; # ifconfig -A rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:50:bf:3a:2e:66 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::250:bfff:fe3a:2e66%rl0 prefixlen 64 scopeid 0x1 inet 64.142.102.8 netmask 0xff00 broadcast 64.142.102.255 inet 64.142.102.9 netmask 0xff00 broadcast 64.142.102.255 inet 64.142.102.10 netmask 0xff00 broadcast 64.142.102.255 inet 64.142.102.11 netmask 0xff00 broadcast 64.142.102.255 rl1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:13:46:30:0b:b2 media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::213:46ff:fe30:bb2%rl1 prefixlen 64 scopeid 0x2 inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255 vr0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:19:5b:3d:12:12 media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::219:5bff:fe3d:1212%vr0 prefixlen 64 scopeid 0x3 inet 192.168.0.1 netmask 0xff00 broadcast 192.168.0.255 # cat /etc/pf.conf # $OpenBSD: pf.conf,v 1.31 2006/01/30 12:20:31 camield Exp $ # See pf.conf(5) and /usr/share/pf for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. #Macros # 192.168.0.1 subnet ext_ip=64.142.102.8 int_ip=192.168.0.1 int_block=192.168.0.0/24 #DMZ subnet #Interface dmz_ip=192.168.1.1 dmz_block=192.168.1.0/24 #DNS 1 scarlett=192.168.1.2 pub_scarlett=64.142.102.9 #DNS 2 shelly=192.168.1.3 pub_shelly=64.142.102.10 #WWW 1 www_ip=192.168.1.4 pub_www=64.142.102.11 #DMZ Services services={ domain, www, smtp, } #Normalizing scrub in all #NAT and Binat nat on rl0 from $int_block to any - $ext_ip binat on rl0 from $scarlett to any - $pub_scarlett binat on rl0 from $shelly to any - $pub_shelly binat on rl0 from $www_ip to any - $pub_www #Redirection rdr on rl1 proto tcp from any to 64.142.102.11 port 80 - $www_ip port 8000 rdr on rl1 proto udp from any to any port domain - $shelly rdr on rl1 proto udp from any to any port domain - $scarlett #Default block policy block all #Anti-spoofing block in quick from urpf-failed #vr0 traffic pass in on vr0 proto tcp from $int_block to any port 6112 pass in on vr0 proto tcp from $int_block to any port 80 pass in on vr0 proto tcp from $int_block to 207.212.58.16 port 25 pass in on vr0 proto { udp, icmp } from $int_block to any #rl1 traffic pass in log on rl1 proto tcp from $dmz_block to $www_ip port 80 pass in log on rl1 proto udp from $dmz_block to $shelly port domain pass in log on rl1 proto udp from $dmz_block to $scarlett port domain pass out on rl1 proto tcp from $www_ip to any port 80 pass out on rl1 proto udp from $shelly to any port domain pass out on rl1 proto udp from $scarlett to any port domain #rl0 traffic pass in on rl0 inet proto { tcp, udp } all modulate state pass out on rl0 proto { tcp, udp, icmp } all modulate state pass in log on rl0 proto tcp from any to $www_ip port 80 pass in log on rl0 proto udp from any to $shelly port domain pass in log on rl0 proto udp from any to $scarlett port domain #dmesg OpenBSD 4.1 (GENERIC) #1435: Sat Mar 10 19:07:45 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class) 931 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 401108992 (391708K) avail mem = 357941248 (349552K) using 4278 buffers containing 20180992 bytes (19708K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 10/14/00, BIOS32 rev. 0 @ 0xfd8a0 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd8a0/0x760 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf50/144 (7 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xa000 acpi at mainbus0 not configured cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82810E rev 0x03: rng active, 7Kb/sec vga1 at pci0 dev 1 function 0 Intel 82810E Graphics rev 0x03: aperture at 0xf800, size 0x400 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb0 at pci0 dev 30 function 0 Intel 82801AA Hub-to-PCI rev 0x02 pci1 at ppb0 bus 1 rl0 at pci1 dev 11 function 0 Realtek 8139 rev 0x10: irq 5, address 00:50:bf:3a:2e:66 rlphy0 at rl0 phy 0: RTL internal PHY rl1 at pci1 dev 13 function 0 D-Link Systems 530TX+ rev 0x10: irq 9, address 00:13:46:30:0b:b2 rlphy1 at rl1 phy 0: RTL internal PHY vr0 at pci1 dev 14 function 0 VIA VT6105 RhineIII rev 0x86: irq 10, address
Re: How to run and manage a DNS server.
Tom Van Looy wrote: http://lifewithdjbdns.org (henning@ wrote this ;-) It's not about bind but it has stuff about mysql and ISP-Environments. So it may be of your interest. Sam Fourman Jr. wrote: well here is a question, I was wondering if there would be anyway to make OpenBSD based DNS servers have a PostgreSQL backend. (I know there will be a performance hit) and does anyone know of a gtk front end for DNS management? or maybe a web based solution that is just DNS not like a full install of webmin. Sam Fourman Jr. On 6/6/07, Open Phugu [EMAIL PROTECTED] wrote: On 6/6/07, Bray Mailloux [EMAIL PROTECTED] wrote: Hello; This is my first time managing anything larger than a simple dhcp or pf box and I'm wondering if there is anyone available on this list who can answer a few questions I have concerning the creation and management of DNS servers. Give us details of what you want to accomplish and your questions. Everyone; Wow, thanks for all the information, I really appreciate it. Thanks, again; Bray.
Re: Bidirectional translation for DNS and WWW servers
Matt Rowley wrote: rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:50:bf:3a:2e:66 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet 64.142.102.8 netmask 0xff00 broadcast 64.142.102.255 inet6 fe80::250:bfff:fe3a:2e66%rl0 prefixlen 64 scopeid 0x1 binat on rl0 from $scarlett to any - $pub_scarlett binat on rl0 from $shelly to any - $pub_shelly binat on rl0 from $www_ip to any - $pub_www the external addresses you're pointing to in your binat statements, you have them configured as aliases to your external interface (rl0), right? (one can't tell from ifconfig output unless you run 'ifconfig rl0' explicitly) --Matt No, I did not. I removed them in the past for reasons unknown. Thank you for your help, everyone.
Bidirectional translation for DNS and WWW servers
Misc Users; I'm having NAT problems; could someone examine my pf file and make some recommendations? (Yes, Nat is well documented. I'm not here because of issues with clarity. Thanks; Bray. PS: My pf.conf file #Macros # 192.168.0.1 subnet ext_ip=64.142.102.8 int_ip=192.168.0.1 int_block=192.168.0.0/24 #DMZ subnet #Interface dmz_ip=192.168.1.1 #DNS 1 scarlett=192.168.1.2 pub_scarlett=64.142.102.9 #DNS 2 shelly=192.168.1.3 pub_shelly=64.142.102.10 #WWW 1 www_ip=192.168.1.4 pub_www=64.142.102.11 #Normalizing #scrub in all table natclients { $int_ip, !$scarlett, !$shelly, !$www_ip } #NAT and Binat nat on rl0 from $int_block to any - $ext_ip nat on rl0 from $scarlett to any - $pub_scarlett nat on rl0 from $shelly to any - $pub_shelly nat on rl0 from $www_ip to any - $pub_www #Default block policy #block all #Anti-spoofing #block in quick from urpf-failed #Traffic passing through pass in all #pass out all #External interfaces #pass in on rl0 inet proto { tcp, udp } all modulate state pass out on rl0 proto { tcp, udp, icmp } all modulate state
SSH-login is slow to connect with remote computer
Hello; I'm experiencing some network trouble. Two problems exist and they are as thus; My DNS server, which has the ip 192.168.1.2, which is translated through my router to 64.142.102.10, cannot connect to the internet. And, whenever puTTY attempts to remote control the server, the login process is very slow between inputting the user name then password. My gut tells me the problems may be related. My pf rules on my router are as such: # $OpenBSD: pf.conf,v 1.31 2006/01/30 12:20:31 camield Exp $ # # See pf.conf(5) and /usr/share/pf for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. #Macros ext_ip=64.142.102.8 local_int_ip=192.168.0.1 local_int_block=192.168.0.0/24 dmz_ip=192.168.1.1 dmz_block={ 192.168.1.1, 192.168.1.2, 192.168.1.3, 192.168.1.4, 192.168.1.5 } dmz_www_ip=64.142.102.9 local_www_ip=192.168.1.4 #DNS Server dmz_scarlett_ip=64.142.102.10 dmz_shelly_ip=64.142.102.11 local_scarlett_ip=192.168.1.2 local_shelly_ip=192.168.1.3 dmz_qmail_ip=64.142.102.12 local_qmail_ip=192.168.1.4 tcp_services= ( ssh, smtp, domain, www, pop3 ) udp_services= ( domain ) #normalizing #scrub in all #NAT and Binat nat on rl0 from $local_int_block to any - $ext_ip binat on rl0 from $local_www_ip to any - $dmz_www_ip binat on rl0 from $local_scarlett_ip to any - $dmz_scarlett_ip binat on rl0 from $local_shelly_ip to any - $dmz_shelly_ip binat on rl0 from $local_qmail_ip to any - $dmz_qmail_ip #Default block policy #block all #Anti-spoofing #block in quick from urpf-failed #Traffic passing through pass in all pass out all #External interfaces #pass in on rl0 inet proto { tcp, udp } all modulate state #pass out on rl0 proto { tcp, udp, icmp } all modulate state The block and external interface rules are commented for troubleshooting operations as I've been working with this problem to try and resolve it.
Re: SSH-login is slow to connect with remote computer
Bray Mailloux wrote: Hello; I'm experiencing some network trouble. Two problems exist and they are as thus; My DNS server, which has the ip 192.168.1.2, which is translated through my router to 64.142.102.10, cannot connect to the internet. And, whenever puTTY attempts to remote control the server, the login process is very slow between inputting the user name then password. My gut tells me the problems may be related. My pf rules on my router are as such: # $OpenBSD: pf.conf,v 1.31 2006/01/30 12:20:31 camield Exp $ # # See pf.conf(5) and /usr/share/pf for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. #Macros ext_ip=64.142.102.8 local_int_ip=192.168.0.1 local_int_block=192.168.0.0/24 dmz_ip=192.168.1.1 dmz_block={ 192.168.1.1, 192.168.1.2, 192.168.1.3, 192.168.1.4, 192.168.1.5 } dmz_www_ip=64.142.102.9 local_www_ip=192.168.1.4 #DNS Server dmz_scarlett_ip=64.142.102.10 dmz_shelly_ip=64.142.102.11 local_scarlett_ip=192.168.1.2 local_shelly_ip=192.168.1.3 dmz_qmail_ip=64.142.102.12 local_qmail_ip=192.168.1.4 tcp_services= ( ssh, smtp, domain, www, pop3 ) udp_services= ( domain ) #normalizing #scrub in all #NAT and Binat nat on rl0 from $local_int_block to any - $ext_ip binat on rl0 from $local_www_ip to any - $dmz_www_ip binat on rl0 from $local_scarlett_ip to any - $dmz_scarlett_ip binat on rl0 from $local_shelly_ip to any - $dmz_shelly_ip binat on rl0 from $local_qmail_ip to any - $dmz_qmail_ip #Default block policy #block all #Anti-spoofing #block in quick from urpf-failed #Traffic passing through pass in all pass out all #External interfaces #pass in on rl0 inet proto { tcp, udp } all modulate state #pass out on rl0 proto { tcp, udp, icmp } all modulate state The block and external interface rules are commented for troubleshooting operations as I've been working with this problem to try and resolve it. DNS resolution does seem probably, neither DNS computers nor my WWW computer can ping their respective name servers, but the ssh connection that exists between my computer and the servers is still shaky besides the long response time. For instance, the servers sometimes unexpectedly close the connections. Do you have any other ideas?
4.0 and 4.1 issues
Hello; Are there any network issues or problems that are known to exist between the 4.0 packet filter and 4.1 systems trying to access the internet or communicate across the network? I'm having a large ammount of trouble getting my 4.1 computers to communicate with others on my network.
Re: NAT with PF
Jonathan A. Lindsey wrote: Here is what mine reads: nat on fxp0 inet from 192.168.0.0/24 to any - 69.254.129.192 BradenM - Sonoma Computer wrote: Hi; My knowledge of PF has grown a tad but, despite whatever I may or may-not have learned, NAT still does not seem to be functioning and my internal lan computers cannot access the internet. The NAT rule is as such: pfctl -sn nat on rl0 inet from 192.168.0.0/24 to 192.168.0.1 - 64.142.102.8 The computers on my workgroup are receiving dynamic addresses from rl1, an ethernet card in my OpenBSD box. Ip fowarding is enabled in /etc/sysctl.conf and pf=YES in /etc/rc.conf I greatly appreciate any help in resolving this issue. If any further details are required to diagnose the problem, please contact me by email at [EMAIL PROTECTED] Thank you; Bray [demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a name of jlindsey.11442DEFANGED-vcf] Everyone; Thank you for the quick response. I reviewed the messages and used the advice from all posts to develop a solution that has solved my lack of internet problem. Thank you; Bray
DJBDNS woes
So, I recently installed daemontools, ucspi and djbdns. But, to my demise, after compiling the source and configuring the system, I've found that the directory /service/tinydns/root does not exist! Have anyone experienced a similar problem?
default routes
I'm setting up an OpenBSD box and need some advice on what my setup should reflect. I have static ip address, specifically 64.142.102.8 which is going to be used as a primary internet connection for my home network. There are three ethernet cards in my box; rl0 will be the external card, rl1 will be the internal card with dhcpd enabled. Nat will need to be used, correct? However, in the past, I've been using configurations that have yielded no results so my desperation is reaching the point of baldness. Please help, Bray.
Static Ip's: Routing and Fowarding
I have one static ip address which is assigned to one of my ethernet cards, specifically rl0. Ip fowarding is turned on and dhcp is active and listening on another ethernet card, specifically rl1. Route and routed man pages have offered some tidbits of information but not enough to answer my troubleshooting questions. For example, dhcp is distributed address and internal network computers are receiving the dynamic address but cannot resolve any name servers or an internet connection. Now, I'm new to setting up networks and OpenBSD but feel like this is as good an opportunity to learn the system from the ground up. Here is some system information to guide anyone along. rl0 = 64.142.102.8 rl1 = 192.168.0.1 workgroup client #1 = dynamic 192.168.1.20 dhcpd.conf shared-network LOCAL-NET { option domain-name theamericanbray.com; option domain-name-servers 208.204.224.11, 208.204.224.33; subnet 192.168.0.0 netmask 255.255.0.0 { option routers 192.168.0.1; range 192.168.0.14 192.168.0.23; } } Routing Table Internet: Destination Gateway Flags Refs Use Mtu Interface 64.142.102/24 link#1UC 1 0 -rl0 allen 00:50:bf:3a:2e:66 UHLc 1 0 - lo0 localhost localhost UH 0 033224 lo0 192.168.0/24link#2UC 1 0 - rl1 192.168.0.1allen UGHS 0 0 - rl0 192.168.0.20 00:0d:61:03:8f:f6UHLc 0 20 - rl1 To recap, my workgroup clients using dynamic addressing cannot use the internet. Please and Thank You PS. I want ipv6 turned off and if anyone has a link to using IPsec on OpenBSD in the form of some tutorial would be just dynamite. Explosive, ya know? Potentially dangerous. Red. Bang. Bye, Love, Bray.
Re: Static Ip's: Routing and Fowarding
BradenM - Sonoma Computer wrote: - Original Message - From: Bryan Vyhmeister [EMAIL PROTECTED] To: Bray Mailloux [EMAIL PROTECTED] Cc: misc@openbsd.org Sent: Tuesday, April 17, 2007 9:08 AM Subject: Re: Static Ip's: Routing and Fowarding On Apr 17, 2007, at 8:30 AM, Bray Mailloux wrote: Shouldn't the internet connection be passed around to other hosts on the network without the use of nat and pf? Ip forwarding is on, isn't that enough? I'm just trying to get the internet connection out to other computers, filtering comes afterwards. No. You can't do that without using all publicly routable IP addresses (no 192.168.0.0/16, 172.16.0.0/12, or 10.0.0.0/8). NAT is Network Address Translation and has nothing to do with filtering. Basically nat takes connections from 192.168.0.0/24 (your internal network) and sends them out as if they were actually coming from 64.142.102.8 and then keeps track so that when data comes back from other places, it actually keeps track of who asked for what and then puts the internal IP address back in the destination. The PF FAQ has an excellent explanation of how NAT works in more details: http://www.openbsd.org/faq/pf/nat.html In any case, you have to use NAT in the scenario. There are some examples in pf.conf that you can use but the basic idea is: set ext_if=rl0 and int_if=rl1 at the top of pf.conf and then use the following nat statement near the examples: nat on $ext_if from ($int_if) - ($ext_if:0) This is basically saying translate at the external interface (rl0) for anything coming from addresses on the internal interface (rl1) and use the external interface public IP address. Add those changes to pf.conf and then run these commands: pfctl -f /etc/pf.conf pfctl -e Don't forget to fix the netmask typo in dhcpd.conf and then you should be off and running. Sorry if the explanation was too basic and you already understand most of this. In any case, I hope this answers the question. Bryan Thank you for your help. OK, I've tried your nat rule and am using a completely open pass rule to allow in all traffic but cannot ping the internet. Any other ideas? What are some trouble shooting techniques I could try?
Re: Printing using a network printer
Darren Spruell wrote: On 4/2/07, Darren Spruell [EMAIL PROTECTED] wrote: On 4/2/07, Bray Mailloux [EMAIL PROTECTED] wrote: With cups installed, I've run the lpadmin command to install a network printing but the console returns this error: Unable to connect to server: connection refused. I believe its because there is no port open for the printing and computer to communicate through. So, my question is how do I open a port for cups and get them to talk? I'm using an HP laserjet 2200dn with PCL 6. You probably need to start cupsd. It should open a TCP port on 636. Scratch that, cupsd uses port 631. Typo... DS Well, the printer is installed and now, whenever a test page is spooled, cups will cancel it and offers this message via the web administration tool: client-error-not-possible
To Theo De Radt, if he is listening.
The picture on your main website contains a number of servers of various models and makes, however, most of them have labels, but the smallest of the computers cannot be made out. What are they?
Printing using a network printer
With cups installed, I've run the lpadmin command to install a network printing but the console returns this error: Unable to connect to server: connection refused. I believe its because there is no port open for the printing and computer to communicate through. So, my question is how do I open a port for cups and get them to talk? I'm using an HP laserjet 2200dn with PCL 6.
Re: OpenBSD webserver partitioning schemes
Bray Mailloux wrote: Mispunt wrote: I don't think it is a good idea to do that when you want to use PHP and some sort of database. PHP requires a /tmp and I would put that on a seperate partition. Beside that I think it is also a good idea to give the database a partition. The rest of /var/www could be on the same partition. On 3/23/07, Bray Mailloux [EMAIL PROTECTED] wrote: I'm not too knowledgeable in the security arena so this question may prompt flogging. My server has three hard drives, one contains the OpenBSD system and the other two are blank and will be a raid mirror of the /var/www directory. Is it wise to give over the entire drive for the mount point /var/www or should I not be assigning mount points to entire drives? Well, I'm using a raid mirror to store all of my http and database data and a seperate disk to house my openbsd installation. Are you certain that I should not just have the database and http data stored on the raid mirror on two seperate partitions?
Re: OpenBSD webserver partitioning schemes
Mispunt wrote: My suggestion would be this: 1 disk - OpenBSD install raid disks: 1 partition - /var/mysql 1 partition - /var/www On 3/24/07, Bray Mailloux [EMAIL PROTECTED] wrote: Bray Mailloux wrote: Mispunt wrote: I don't think it is a good idea to do that when you want to use PHP and some sort of database. PHP requires a /tmp and I would put that on a seperate partition. Beside that I think it is also a good idea to give the database a partition. The rest of /var/www could be on the same partition. On 3/23/07, Bray Mailloux [EMAIL PROTECTED] wrote: I'm not too knowledgeable in the security arena so this question may prompt flogging. My server has three hard drives, one contains the OpenBSD system and the other two are blank and will be a raid mirror of the /var/www directory. Is it wise to give over the entire drive for the mount point /var/www or should I not be assigning mount points to entire drives? Well, I'm using a raid mirror to store all of my http and database data and a seperate disk to house my openbsd installation. Are you certain that I should not just have the database and http data stored on the raid mirror on two seperate partitions? Ok, my next question is: Do my disks need any sort of special labeling through disklabel to use RAID?
OpenBSD webserver partitioning schemes
I'm not too knowledgeable in the security arena so this question may prompt flogging. My server has three hard drives, one contains the OpenBSD system and the other two are blank and will be a raid mirror of the /var/www directory. Is it wise to give over the entire drive for the mount point /var/www or should I not be assigning mount points to entire drives?
make build crashing
I am updating my 4.0 system to the latest ~stable build and each time my make build is crashing. What information should I post in order to insure maximum clarity with the problem?
An introduction of sorts
The name's Bray. So far, I've been a windows technician for a little under a year. My first computer was a Mac SE which resided in my mothers room, it had a Shareware version of Carbon Copy and proved somewhat entertaining. The name OpenBSD has floated around my vernacular for some time, but only in reference to types of operating systems or whenever someone mentioned open-source. To be Frank, (you can be Jim), I'm a new kid on the block and would like to be introduced to the community in a formal sense; which is why I'm writing this letter in hopes of become embedded in the community as opposed to another face in the crowd. Anyhow, its nice to meet you all and I would shake your hand but that appears impossible as I cannot yet fax or email my hand. Bray (\/). [EMAIL PROTECTED]
Daylight savings fix with OpenNTPD
Have a patch been issued? It might just be the time servers, but date is reporting 11:04:31 when it is 12:05.
DHCP server issues.
I've been toying with the DHCP server options but cannot seem to bring up the process; everytime I run ps there is no dhcpd process to be found and no computers on my network are pulling down addresses from the server. My DHCPD.conf file looks as such. -bash-3.1# nano /etc/dhcpd.conf GNU nano 1.2.5File: /etc/dhcpd.conf # $OpenBSD: dhcpd.conf,v 1.1 1998/08/19 04:25:45 form Exp $ # # DHCP server options. # See dhcpd.conf(5) and dhcpd(8) for more information. # # Network: 192.168.1.0/255.255.255.0 # Domain name: none # Name servers: 68.94.156.1 and 68.94.157.1 # Default router: 192.168.1.1 # Addresses:192.168.1.20 - 192.168.1.35 # shared-network LOCAL-NET { option domain-name example.com; option domain-name-servers 68.94.156.1, 68.94.157.1; subnet 192.168.1.0 netmask 255.255.255.0 { option routers 192.168.1.1; range 192.168.1.20 192.168.1.35; } } And my interfaces are configured as such. cat /etc/hostname.rl0 External interface inet 192.168.1.2255.255.255.0 NONE cat /etc/hostname.rl1 Internal Interface 192.168.1.3 255.255.255.0 nano rc.conf.local reads as such dhcpd_flags=
Save ports
I ran an nmap -sS localhost which output port state service 13/tcp open daytime 22/tcp open ssh 25/tcp open smtp 37/tcp open time 53/tcp open domain 113/tcpopen auth 587/tcpopen submission This BSD box will be serving solely as a router so few of the above services are needed (submission, auth, domain, smtp). How do I begin closing down these services?
Kernel Compile errors
I installed cvsup and ran cvsup -g -L 2 cvsup-file-src (my configuration file). Afterwards, I began the compile process using make clean make depend make make install . However, when the commands were running, this returned: rm -f bsd ld -Ttext 0xD0200120 -e start -N -S -x -o bsd ${SYSTEM_OBJ} vers.o text data bss dec hex 5298463 217920 867984 6384367 616aef rm -f/obsd ln/bsd /obsd ln: /obsd: Operation not permitted *** Error code 1