Apache + PHP + FreeTDS
Hello, I am trying to connect to a Microsoft SQL Server with an Apache+PHP but always get an error. This are the packages on my system (OpenBSD 3.7). Only this 3 packages (it's a new box) freetds-0.62.4p0project to document and implement the TDS protocol libiconv-1.9.2 character set conversion library libxml-2.6.16p0 XML parsing library I have download PHP 5.1.2 and compile with this commands: # cd /tmp # ftp # tar -xvzf php-5.1.2.tar.gz # ./configure --with-apxs=/usr/sbin/apxs --with-mssql # make # make install # vi /var/www/conf/httpd.conf I add: LoadModule php5_module/usr/lib/apache/modules/libphp5.so AddType application/x-httpd-php .php # apachectl start put phpinfo.php file in /var/www/htdocs/ this is the result of mssql section: mssql MSSQL Support enabled Active Persistent Links 0 Active Links 0 Library version FreeTDS Directive Local Value Master Value mssql.allow_persistent On On mssql.batchsize 0 0 mssql.charset no value no value mssql.compatability_mode Off Off mssql.connect_timeout 5 5 mssql.datetimeconvert On On mssql.max_links Unlimited Unlimited mssql.max_persistent Unlimited Unlimited mssql.max_procs Unlimited Unlimited mssql.min_error_severity 10 10 mssql.min_message_severity 10 10 mssql.secure_connection Off Off mssql.textlimit Server default Server default mssql.textsize Server default Server default mssql.timeout 60 60 but when I try to connect to the SQL server with a simple command the response is: Warning: mssql_connect() [function.mssql-connect]: Unable to connect to server: 192.168.81.52:1433 in /htdocs/index2.php on line 2 Ping and telnet works fine. # ping 192.168.81.52 # telnet 192.168.81.52 1433. Also I can connect executing '# tsql -H 192.168.81.52 -p 1433 -U user' But from the script PHP it doesn't work. Apache is chrooted (by default in OBSD). But if I download Apache and compile Apache2, then compile PHP (and leave Apache not chrooted) the script works fine... My question: I have to do something with chroot and FreeTDS? (I don't know what to do). Or this is a known problem of Apache 1.3.29? (I don't find anything in google about a problem) and Apache can't be chrooted? Thanks in advance. Helio.
Re: Auto start KDE in OBSD 3.7
Sorry, I found this document... http://www.openbsdsupport.org/KDM.html and my KDE is working ok as the default login manager. Thanks, Helio. El lun, 24-10-2005 a las 14:03 +0200, Jasper Lievisse Adriaanse escribiC3: > On Mon, 24 Oct 2005 12:51:55 +0100 > Helio Santana <[EMAIL PROTECTED]> wrote: > > > Hello, > > I am newbie on OBSD. I've installed a new system (3.7), afterboot and > > adduser... then I changed xdm_flags to "" in /etc/rc.conf. When my > > system starts, show me the login screen. All is ok. WHOW, it's very > > easy... :) I feel happy. > > > > Now, I decided to install KDE, and login again in text mode > > (xdm_flags=NO). When my kdebase package is downloaded an installed on my > > system, I do "startkde". WONDERFULL! KDE is working on my system. All is > > working OK. Really it's very easy. > > > > My problems started when I try to auto-start KDE on my system. > > I searched in google, but nothing of the solutions I've found works... > > How can I do this?... I think this must be trivial... but I don't know > > what to do. > > > > Thanks in advance, > > Helio. > > > If I remember correctly you should use KDM as your login manager, and then > enable auto-login in KDM. > > Cheers, > Jasper
Re: Auto start KDE in OBSD 3.7
> If I remember correctly you should use KDM as your login manager, and then > enable auto-login in KDM. Thanks, but how can I do KDM my default login manager? Cheers, Helio.
Auto start KDE in OBSD 3.7
Hello, I am newbie on OBSD. I've installed a new system (3.7), afterboot and adduser... then I changed xdm_flags to "" in /etc/rc.conf. When my system starts, show me the login screen. All is ok. WHOW, it's very easy... :) I feel happy. Now, I decided to install KDE, and login again in text mode (xdm_flags=NO). When my kdebase package is downloaded an installed on my system, I do "startkde". WONDERFULL! KDE is working on my system. All is working OK. Really it's very easy. My problems started when I try to auto-start KDE on my system. I searched in google, but nothing of the solutions I've found works... How can I do this?... I think this must be trivial... but I don't know what to do. Thanks in advance, Helio.
PF for OpenVPN
Hello,
My pf.conf doesn't work for an OpenVPN connection: I don't know why...
My VPN works fine with pf disabled, but when I enable PF... this is the response
PING 192.168.6.102 (192.168.6.102): 56 data bytes
ping: sendto: No route to host
ping: wrote 192.168.6.102 64 chars, ret=-1
ping: sendto: No route to host
ping: wrote 192.168.6.102 64 chars, ret=-1
--- 192.168.6.102 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
I dont know what I am doing wrong.
Thsnks in advance,
Helio.
IFCONFIG
lo0: flags=8049 mtu 33224
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
ne3: flags=8863 mtu 1500
address: 00:c0:df:e0:d8:de
media: Ethernet autoselect (10baseT)
inet 192.168.41.101 netmask 0xff00 broadcast 192.168.41.255
inet6 fe80::2c0:dfff:fee0:d8de%ne3 prefixlen 64 scopeid 0x1
xl0: flags=8843 mtu 1500
address: 00:50:04:46:60:06
media: Ethernet autoselect (none)
status: no carrier
inet 192.168.4.102 netmask 0xff00 broadcast 192.168.4.255
inet6 fe80::250:4ff:fe46:6006%xl0 prefixlen 64 scopeid 0x2
pflog0: flags=0<> mtu 33224
pfsync0: flags=0<> mtu 2020
enc0: flags=0<> mtu 1536
tun0: flags=8051 mtu 1500
inet 192.168.100.1 --> 192.168.100.2 netmask 0x
PF.CONF
# macros
int_if = "xl0"
ext_if = "ne3"
icmp_types = "{ echorep, echoreq, timex, unreach }"
# GATEWAY_A = Machine A External IP
# GATEWAY_B = Machine B External IP
# NETWORK_A = Machine A Internal Network
# NETWORK_B = Machine B Internal Network
GATEWAY_A = "a.b.c.d/32"
GATEWAY_B = "w.x.y.z/32"
NETWORK_A = "192.168.4.0/24"
NETWORK_B = "192.168.6.0/24"
# scrub
scrub in all
# nat/rdr
nat on $ext_if from $int_if:network to any -> $ext_if
pass in quick on $ext_if proto tcp from any to any port=22
# filter rules
block in log on { tun0, ne3} all
block out on { tun0, ne3 } all
pass quick on lo0 all
pass in on $ext_if inet proto icmp from any to $ext_if icmp-type
$icmp_types keep state
pass in on $int_if from $int_if:network to any keep state
pass out on $int_if from any to $int_if:network keep state
pass out on $ext_if proto tcp all modulate state
pass out on $ext_if proto { udp, icmp } all keep state
# VPN Rules
# Passing in encrypted traffic from security gateways
pass in quick on $ext_if from $GATEWAY_B to $GATEWAY_A
pass out quick on $ext_if from $GATEWAY_A to $GATEWAY_B
# Need to allow ipencap traffic on enc0.
pass in quick on tun0 all
# Passing in traffic from the designated subnets.
pass in quick on tun0 from $NETWORK_B to $NETWORK_A
pass out quick on tun0 from $NETWORK_A to $NETWORK_B
# Passing in isakmpd(8) traffic from the security gateways
pass in quick on $ext_if proto udp from $GATEWAY_B to $GATEWAY_A port 1194
pass out quick on $ext_if proto udp from $GATEWAY_A to $GATEWAY_B port 1194
Thanks again,
Helio.
VPN behind a router, now with OpenVPN
Hi, I've disabled AH in my sysctl.conf but it doesn't work... No I have been trying to do with OpenVPN. After read all how-to, and some samples the connection successfull with 2 obsd behind routers. It's very simple to do... I can see servers, but, how can I do to check my connections is encrypted? Last days with IPSEC, doing an tcpdump -i enc0 gives me 'private/confidential)... but now, how can I do? Thanks in advance, Helio.
Re: VPN behind a router
Hello, I have disabled AH in sysctl but... nothing... Thanks in advance, Helio. This are my sysctl.conf and isakmpd debug net.inet.ip.forwarding=1# 1=Permit forwarding (routing) of packets net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of packets #net.inet6.ip6.accept_rtadv=1 # 1=Permit IPv6 autoconf (forwarding must be 0) #net.inet.tcp.rfc1323=0 # 0=disable TCP RFC1323 extensions (for if tcp is slow) #net.inet.tcp.rfc3390=1 # 1=Enable RFC3390 for TCP window increasing net.inet.esp.enable=1 # 0=Disable the ESP IPsec protocol net.inet.ah.enable=0# 0=Disable the AH IPsec protocol #net.inet.esp.udpencap=0# 0=Disable ESP-in-UDP encapsulation #net.inet.ipcomp.enable=1 # 1=Enable the IPCOMP protocol #net.inet.tcp.ecn=1 # 1=Enable the TCP ECN extension #ddb.panic=0# 0=Do not drop into ddb on a kernel panic .. This is my Isakmpd debug (with -DA=40) 223813.154258 Default log_debug_cmd: log level changed from 0 to 40 for class 0 [priv] 223813.171634 Default log_debug_cmd: log level changed from 0 to 40 for class 1 [priv] 223813.172015 Default log_debug_cmd: log level changed from 0 to 40 for class 2 [priv] 223813.172390 Default log_debug_cmd: log level changed from 0 to 40 for class 3 [priv] 223813.172766 Default log_debug_cmd: log level changed from 0 to 40 for class 4 [priv] 223813.173147 Default log_debug_cmd: log level changed from 0 to 40 for class 5 [priv] 223813.173521 Default log_debug_cmd: log level changed from 0 to 40 for class 6 [priv] 223813.173896 Default log_debug_cmd: log level changed from 0 to 40 for class 7 [priv] 223813.174271 Default log_debug_cmd: log level changed from 0 to 40 for class 8 [priv] 223813.174647 Default log_debug_cmd: log level changed from 0 to 40 for class 9 [priv] 223813.175023 Default log_debug_cmd: log level changed from 0 to 40 for class 10 [priv] 223813.200708 Sdep 30 monitor_init: pid 0 my fd 5 [priv] 223813.200213 Sdep 30 monitor_init: pid 8969 my fd 6 [priv] 223813.204593 Misc 10 monitor_init: privileges dropped for child process 223814.018397 Timr 10 timer_add_event: event connection_checker(0x3c1e8b90) added last, expiration in 0s 223814.059768 Plcy 30 policy_init: initializing 223814.093068 Cryp 40 x509_read_from_dir: reading certs from /etc/isakmpd/ca/ 223814.101690 Cryp 40 x509_read_from_dir: reading certs from /etc/isakmpd/certs/ 223814.103574 Cryp 40 x509_read_crls_from_dir: reading CRLs from /etc/isakmpd/crls/ 223814.123039 Trpt 40 virtual_listen_lookup: no match 223814.124808 Misc 20 udp_make: transport 0x3c1eac80 socket 8 ip 127.0.0.1 port 500 223814.129443 Misc 20 udp_encap_make: transport 0x3c1eacc0 socket 9 ip 127.0.0.1 port 4500 223814.129855 Trpt 40 virtual_listen_lookup: no match 223814.131461 Misc 20 udp_make: transport 0x3c1ead40 socket 10 ip ::1 port 500 223814.133007 Misc 20 udp_encap_make: transport 0x3c1ead80 socket 11 ip ::1 port 4500 223814.133400 Trpt 40 virtual_listen_lookup: no match 223814.134976 Misc 20 udp_make: transport 0x3c1eae00 socket 12 ip fe80:6::1 port 500 223814.136478 Misc 20 udp_encap_make: transport 0x3c1eae40 socket 13 ip fe80:6::1 port 4500 223814.136872 Trpt 40 virtual_listen_lookup: no match 223814.138423 Misc 20 udp_make: transport 0x3c1eaec0 socket 14 ip 192.168.41.101 port 500 223814.139947 Misc 20 udp_encap_make: transport 0x3c1eaf00 socket 15 ip 192.168.41.101 port 4500 223814.140375 Trpt 40 virtual_listen_lookup: no match 223814.141916 Misc 20 udp_make: transport 0x3c1eaf80 socket 16 ip fe80:1::2c0:dfff:fee0:d8de port 500 223814.143434 Misc 20 udp_encap_make: transport 0x3c1eafc0 socket 17 ip fe80:1::2c0:dfff:fee0:d8de port 4500 223814.143839 Trpt 40 virtual_listen_lookup: no match 223814.145372 Misc 20 udp_make: transport 0x3c06a100 socket 18 ip 192.168.4.102 port 500 223814.146864 Misc 20 udp_encap_make: transport 0x3c06a140 socket 19 ip 192.168.4.102 port 4500 223814.147299 Trpt 40 virtual_listen_lookup: no match 223814.148851 Misc 20 udp_make: transport 0x3c06a1c0 socket 20 ip fe80:2::250:4ff:fe46:6006 port 500 223814.150399 Misc 20 udp_encap_make: transport 0x3c06a200 socket 21 ip fe80:2::250:4ff:fe46:6006 port 4500 223814.151968 Misc 20 udp_make: transport 0x3c06a280 socket 22 ip 0.0.0.0 port 500 223814.153527 Misc 20 udp_encap_make: transport 0x3c06a2c0 socket 23 ip 0.0.0.0 port 4500 223814.155096 Misc 20 udp_make: transport 0x3c06a340 socket 24 ip :: port 500 223814.156599 Misc 20 udp_encap_make: transport 0x3c06a380 socket 25 ip :: port 4500 223814.160438 Timr 10 timer_handle_expirations: event connection_checker(0x3c1e8b90) 223814.160930 Timr 10 timer_add_event: event connection_checker(0x3c1e8b90) added last, expiration in 60s 223814.162090 Timr 10 timer_add_event: event exchange_free_aux(0x3c065800) added last, expiration in 120s 223814.163043 Exch 10 exchange_establish_p1: 0x3c065800 peer-machineB Default-main-mode policy initiator phase 1 doi 1 exchange 2 step 0 223814.163460 Exch 10 exch
Re: VPN behind a router
> Do you think that I must disable AH in sysctl.conf? > > net.inet.ah.enable=0 > > Only this? I can't try this now because I'm not at office. I'll try it > tomorow... > Thanks, > Helio. > Yes, you can use that setting to disable AH. Also, you need to make > sure that your NAT routers are forwarding port 500 for isakmpd traffic > to the openbsd computers. Thanks. I'm sure that my router forward all the traffic received on port 500 from internet to the OpenBSD because when I make a tcpdump listening on my OBSD external interface (with -i ne3 udp port 500), I see there is incoming traffic... Do you really think that if I disable AH in sysctl.conf will be enough?... :) Cheers, Helio.
VPN behind a router
Hi, first excuse my english, please. I'm trying to make a VPN between 2 computers with OpenBSD behind a router that connected to internet (See schema) Private LAN4 -- OBSD_4 Router_4 Internet Router_5 - OBSD_5 Private LAN5 Every OBSD has 2 net cards 1 connected to router, and the other to the hub in private lan. I have made all steps explained in "man vpn". My private Lan's are 192.168.4.0/24 and 192.168.5.0/24. The Lan between OBSD and router's are 192.168.41.0/24 and 192.168.51.0/24. Routers redirect all incoming trafic to his respective OBSD and have his Firewalls disabled. External IP Router_4 is A.B.C.D, External IP Router_5 is W.X.Y.Z All computers in LAN4 has access to internet and can make a ping to W.X.Y.Z... I can make an ssh connection from OBSD_4 to OBSD_5... even from an conection from Internet I can make a ping, etc. The only way I have make possible to connect the VPN is configuring routers as modems (I don't know whats the name of this in english, in spanish 'monopuesto'). But I need to do configuring both routers as routers (in spanish 'multipuesto'). Thanks in advance, Helio.
