Re: PF: clock upd packets that allready have a state
On 25 jun 2012, at 15:36, Matthias Cramer wrote: > After clearing all states with pfctl -F states the connection is blocked. > > Is there a way to: > - clear a single state? > - to block a packet even with a established state ? Hi Matthias, The pfctl -K/-k options allow you to "kill" specific state entries. /Johan
Re: pf and traceroute
On 16 jan 2011, at 18:49, Mike. wrote: > In any case, now that I've moved to OpenBSD 4.8 for the firewall/router > everything is working as expected now. I can traceroute from the > FreeBSD client, and Windows without a problem. This was fixed between 4.7 and 4.8: http://marc.info/?l=openbsd-misc&m=128218328308200&w=2 /Johan
Re: Another carp problem.
On 30 dec 2010, at 19:58, Alessandro Baggi wrote: > Hi list. I've installed two firewall, 1 master and 1 backup. Trying some test to see if carp and pfsync works, I get this issue: fw master works, all network connection works, then I disconnect che external interface cable of fw1 and carp0 go in INIT, carp1 in BACKUP and carp2 in BACKUP, on fw 2, carp0, carp1 and carp2 become MASTER. After 5/10 seconds, always with cable disconnected, the carp0 of firewall 1 is in INIT, carp1 and carp2 return to MASTER, and on fw2 the carp0 is MASTER and carp1, carp2 become BACKUP, and each 5/10 seconds fw1: carp0 INIT carp1 MASTER carp2 MASTER, after 5/10 seconds fw1 become carp0 INIT carp1 BACKUP carp2 BACKUP and so on. [.. snip ..] > FW1 [MASTER]: net.inet.carp.preempt=1 > FW2 [BACKUP]: net.inet.carp.preempt=0 (tried also with 1) [.. snip ..] > I don't understand why carp0 carp1 and carp2 switch every 5/10 sec between master and backup.some issue? > > thanks in advance Afaik, the sysctl value net.inet.carp.preempt should be set to the same value on both nodes. Are you sure you see the same behavior if you set that value to 0 on both nodes, or alternatively to 1? /Johan
Re: trunks and vlan madness
On 09-07-23 17.07, Marian Hettwer wrote: Right now, I configured the box like that: # cat /etc/hostname.bge0 up # cat /etc/hostname.bge1 up # cat /etc/hostname.trunk0 trunkproto failover trunkport bge0 trunkport bge1 up # cat /etc/hostname.trunk1 trunkproto failover trunkport bge0 trunkport bge1 up # cat /etc/hostname.vlan24 inet 10.46.24.101 255.255.255.0 10.46.24.255 vlan 24 vlandev trunk0 # cat /etc/hostname.vlan25 inet 10.46.25.101 255.255.255.0 10.46.25.255 vlan 25 vlandev trunk1 But after boot, it really looks like that is wrong -- ifconfig output: [.. snip ..] I noticed trunk1 isn't lucky. And I'm just plain puzzled how a correct configuration should look like. There's no need to use two trunk interfaces when you configure them like that. Setup trunk0, and then use that interface as vlandev for both your vlans. I guess it could make sense to have two trunk interfaces in a scenario where you'd like one interface to be master for one vlan, and the other interface as master for the other vlan. But I wouldn't complicate stuff. /Johan
Re: OT: 10GbE Physical Network Taps
On 09-05-07 05.00, J.C. Roberts wrote: If anyone here mistakenly thinks they can actually run *ANALYSIS* at these speeds with off the shelf components... BAWAHAHAHAHAHAHAHA! Well, depends on what you mean by "off the shelf". Procera Networks is doing layer 7 analysis at 40Gbps FD with their PacketLogic PL10k. The hardware used for this is sourced from companies that anyone can by hardware from as far as I know. Of course it's not x86 stuff, but it's off the shelf. :) /Johan
Re: trunk and real MAC of interface
On 08-11-28 12.54, Michael wrote: Hi, when using trunk (in failover mode) the MAC addresses of the network interfaces change. Is there any way, if using trunk, to read the real MAC address as mentioned in dmesg (even much later when the kernel boot dmesg got spammed away)? grep address /var/run/dmesg.boot /Johan
Re: HP DL180 hangs on boot
On 08-11-06 14.44, Alexander Hall wrote:
Hi!
I have issues booting a HP ProLiant DL180 G5 ("456830-421") [1] which I
hope someone can shed some light on.
[ While writing thie email I've done some more testing and realized
that the behaviour is not really consistent, but what I describe
below is a typical case ]
1. The machine takes loong pauses (usually two; sometimes more) while
loading the kernel.
- The first long pause is after "entry point at ..." line,
and is about 90s. [noticed now that pressing any key on the
keyboard makes it go on... interrupt issues?]
See if the BIOS have an option to disable "8042 Emulation". That cured
the "entry point" hang for me on a DL140 G3 system.
/Johan
Re: How to filter based on application protocol being used
On 08-05-09 08.25, Reyk Floeter wrote: On Fri, May 09, 2008 at 10:40:18AM +0530, Srikant Tangirala wrote: for all the common protocols? With my little bit of knowledge what I figure is that we need some piece of software(s) which understands each protocol thoroughly, can look at raw packets in real-time and detect the protocol being used. Even then, ah, i'm just looking at your mail again - you a are kidding, there is no way to do content inspection in "real-time". go and use linux where you can use stupid and dangerous stuff in the kernel. this is not what openbsd is about. There are actually commercial products that can do this. The ones I know about is Sandvine, Allot and Procera Networks. I know at least Sandvine does the bandwidth limiting in a very ugly way with the spoofed RST's that we've heard about from Comcast in the US. The only product I've had hands on experience with is PacketLogic from Procera Networks (disclamer: I work for them). In one case it had no problem identifying the traffic in real time on two links pushing a total of 2,5Gbps (~6-700Gbps in both directions over four interfaces). This was in sweden, so the traffic pattern is pretty easy, a looot of BitTorrent. In cases with a lot of short lived connections, a system like this has a hard time keeping up with 2,5Gbps. I know there are a lot of buzzwords that you have to see through in this market of DPI/DFI, but there are actually systems capable of identifying traffic on layer7 in realtime, although commercial. /Johan
Re: Usefull info for a bug report regarding carp/pfsync?
On 08-03-31 10.44, Simon Kammerer wrote: Hi! after several years without any problems, we upgraded the hardware of our carp/pfsync gateway about four week ago. Two weeks ago, the gateway crashed completely: Both nodes were unreachable on all network interfaces, we had to reset both machines. Same problem last night. I can't find anything strange in the logs. Its 4.2 from the official CD set, AMD64. Did you update your system with patch 004 from http://www.openbsd.org/errata42.html? I believe that bug has been known to lock up machines like yours did. /Johan
Initio 162X SATA controller up for grabs
Hi all,
I bought a PCI SATA controller off the shelf at a local store last week.
It was so cheap I didn't bother checking the chipset on it. It's a
rebranded Sunix card:
http://www.sunix.com.tw/it/en/Product_Detail.php?cate=2&class_a_id=34&sid=447
When I plugged it in I realised it uses a Initio chip, not supported by
OpenBSD:
vendor "Initio", unknown product 0x1622 (class mass storage subclass
SATA, rev 0x02) at pci0 dev 7 function 0 not configured
(Full dmesg below)
This is what 'lspci -vvx' has to say about the card:
00:07.0 SATA controller: Initio Corporation Unknown device 1622 (rev 02)
(prog-if 00 [Vendor specific])
Subsystem: Initio Corporation Unknown device 1622
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop-
ParErr- Stepping- SERR+ FastB2B-
Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium
>TAbort- SERR-
Latency: 32, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 5
Region 0: I/O ports at e400
Region 1: I/O ports at e000
Region 2: I/O ports at dc00
Region 3: I/O ports at d800
Region 4: I/O ports at d400
Region 5: Memory at fe123000 (32-bit, non-prefetchable)
Expansion ROM at fe00 [disabled]
Capabilities: [dc] Power Management version 2
Flags: PMEClk+ DSI- D1+ D2+ AuxCurrent=0mA
PME(D0-,D1+,D2+,D3hot+,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00: 01 11 22 16 17 01 b8 02 02 00 06 01 10 20 00 00
10: 01 e4 00 00 01 e0 00 00 01 dc 00 00 01 d8 00 00
20: 01 d4 00 00 00 30 12 fe 00 00 00 00 01 11 22 16
30: 00 00 00 fe dc 00 00 00 00 00 00 00 05 01 00 00
Looks like Linux got support last year:
http://marc.info/?l=linux-ide&m=116781318032241&w=2
I'll ship this card off to a developer in Europe willing to give an
OpenBSD driver a go. After reading the comments from the linux developer
about the chip, I understand if you're hesitant. :)
/Johan
OpenBSD 4.3 (GENERIC) #696: Thu Mar 6 05:09:01 MST 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) CPU 1.80GHz ("GenuineIntel" 686-class) 1.80 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM
real mem = 804814848 (767MB)
avail mem = 769646592 (733MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 10/19/04, BIOS32 rev. 0 @ 0xffe90,
SMBIOS rev. 2.3 @ 0xfadf0 (78 entries)
bios0: vendor Dell Computer Corporation version "A09" date 10/19/2004
bios0: Dell Computer Corporation PowerEdge 600SC
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC SPCR
acpi0: wakeup devices RTC_(S5) NIC_(S5) PCI0(S5)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x8000
0xd1000/0x1000 0xd2000/0x800 0xe3000/0x7800! 0xec000/0x4000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "ServerWorks GCNB-LE Host" rev 0x32
pchb1 at pci0 dev 0 function 1 "ServerWorks GCNB-LE Host" rev 0x00
em0 at pci0 dev 2 function 0 "Intel PRO/1000MT (82540EM)" rev 0x02: irq
10, address 00:c0:9f:21:b8:7a
puc0 at pci0 dev 3 function 0 "Sunix 40XX" rev 0x01: ports: 2 com, 1 lpt
pccom3 at puc0 port 0 irq 5: ti16750, 64 byte fifo
pccom3: probed fifo depth: 32 bytes
pccom4 at puc0 port 1 irq 5: ti16750, 64 byte fifo
pccom4: probed fifo depth: 32 bytes
lpt3 at puc0 port 2: interrupting at irq 5
puc1 at pci0 dev 4 function 0 "Sunix 40XX" rev 0x01: ports: 2 com, 1 lpt
pccom5 at puc1 port 0 irq 3: ti16750, 64 byte fifo
pccom5: probed fifo depth: 32 bytes
pccom6 at puc1 port 1 irq 3: ti16750, 64 byte fifo
pccom6: probed fifo depth: 32 bytes
lpt4 at puc1 port 2: interrupting at irq 3
xl0 at pci0 dev 5 function 0 "3Com 3c905C 100Base-TX" rev 0x74: irq 10,
address 00:01:02:9e:d4:e6
bmtphy0 at xl0 phy 24: Broadcom 3C905C internal PHY, rev. 6
vendor "Initio", unknown product 0x1622 (class mass storage subclass
SATA, rev 0x02) at pci0 dev 7 function 0 not configured
vga1 at pci0 dev 8 function 0 "ATI Rage XL" rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
piixpm0 at pci0 dev 15 function 0 "ServerWorks CSB6" rev 0xa0: SMBus
disabled
pciide0 at pci0 dev 15 function 1 "ServerWorks CSB6 RAID/IDE" rev 0xa0: DMA
wd0 at pciide0 channel 0 drive 0:
wd0: 16-sector PIO, LBA, 38146MB, 78125000 sectors
wd1 at pciide0 channel 0 drive 1:
wd1: 16-sector PIO, LBA, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 5
wd1(pciide0:0:1): using PIO mode 4, DMA mode 2, Ultra-DMA mode 5
wd2 at pciide0 channel 1 drive 0:
wd2: 16-sector PIO, LBA48, 190782MB, 390721968 sectors
wd2(pciide0:1:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 5
pcib0 at pci0 dev 15 function 3 "ServerWorks GCLE-2 Host" rev 0x00
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x
Re: hotplugd(8) mount flash drive
On 08-02-01 07:40, Chris wrote: JetFlash*) [.. snip ..] + disklabel=TS8GJFV30 Change "JetFlash*)" to "TS8GJFV30)" /Johan
Re: carped trunk or trunked carp or what?
On 08-01-30 22:43, Kent Watsen wrote: I've set up boxes this way, but without the trunk. And it was completely transparent to your switch? - you had both carped boxes plugged into the same switch? Yep, two boxes with one cable each to the switch. Both with a bunch of vlans and carp interfaces on top of that. This is from one of the machines: vlan10: flags=8943 mtu 1500 lladdr 00:13:46:6a:2d:76 description: VLAN foo vlan: 10 priority: 0 parent interface: sk0 groups: vlan inet6 fe80::213:46ff:fe6a:2d76%vlan10 prefixlen 64 scopeid 0x6 inet 10.1.0.7 netmask 0xff00 broadcast 10.255.255.255 vlan20: flags=8943 mtu 1500 lladdr 00:13:46:6a:2d:76 description: VLAN bar vlan: 20 priority: 0 parent interface: sk0 groups: vlan inet6 fe80::213:46ff:fe6a:2d76%vlan20 prefixlen 64 scopeid 0x7 inet 172.16.0.7 netmask 0x broadcast 172.16.255.255 carp10: flags=8843 mtu 1500 lladdr 00:00:5e:00:01:6e carp: BACKUP carpdev vlan10 vhid 110 advbase 1 advskew 100 groups: carp inet6 fe80::200:5eff:fe00:16e%carp10 prefixlen 64 scopeid 0xb inet 10.0.0.1 netmask 0xff00 broadcast 10.255.255.255 carp20: flags=8843 mtu 1500 lladdr 00:00:5e:00:01:78 carp: BACKUP carpdev vlan20 vhid 120 advbase 1 advskew 100 groups: carp inet6 fe80::200:5eff:fe00:178%carp20 prefixlen 64 scopeid 0xc inet 172.16.0.1 netmask 0x broadcast 172.16.255.255 /Johan
Re: carped trunk or trunked carp or what?
On 08-01-30 17:50, Kent Watsen wrote: hme0 \ hme1 \ /- vlan0 --- carp0 --- trunk0 - vlan1 --- carp1 hme2 / \- valn2 --- carp2 hme3 / I say this is the way to go. You can consider trunk0 a physical interface (consisting of four underlaying interfaces). Since you probably want to have different IP networks on the different vlans you add carp on top of the vlans. I've set up boxes this way, but without the trunk. /Johan
Re: hotplugd(8) mount flash drive
On 08-01-29 11:01, Chris wrote: #!/bin/sh DEVCLASS=$1 DEVNAME=$2 case $DEVCLASS in 2) # disk devices disklabel=`/sbin/disklabel $DEVNAME 2>&1 | \ sed -n '/^label: /s/^label: //p'` case $disklabel in JetFlash) Without ever having played around with hotplugd, I'd try: "JetFlash*)" instead of "JetFlash)" that you have there now.
Re: aliases with carp
Gustavo A. Baratto wrote: [.. snip ..] FW2 hostname.carpX (3.8) --- fw2# cat /etc/hostname.carp0 inet 1.2.3.2 255.255.255.0 1.2.3.255 vhid 1 pass foo carpdev em0 advskew 127 inet alias 1.2.3.6 255.255.255.0 1.2.3.255 vhid 1 pass foo carpdev em0 advskew 127 inet alias 1.2.3.7 255.255.255.0 1.2.3.255 vhid 1 pass foo carpdev em0 advskew 127 inet alias 1.2.3.8 255.255.255.0 1.2.3.255 vhid 1 pass foo carpdev em0 advskew 127 inet alias 1.2.3.9 255.255.255.0 1.2.3.255 vhid 1 pass foo carpdev em0 advskew 127 -- fw2# /etc/hostname.carp1 inet 10.10.0.1 255.255.0.0 10.10.255.255 vhid 2 pass foo carpdev em1 advskew 127 - This works for me: carpdev sk0 vhid 100 advskew 10 pass foo inet 212.xxx.78.161 255.255.255.192 NONE inet alias 212.xxx.78.162 255.255.255.255 NONE inet alias 212.xxx.78.166 255.255.255.255 NONE You need to use a /32 netmask on aliases that are on the same subnet as the "master" address. /Johan
Sysctls for message queues?
Hello People,
I've just setup a squid proxy at a local school. It's been humming along
fine for two weeks now. Today it started to work rather sporadically.
I'm using squid-2.5.STABLE10-transparent from ports, on an OpenBSD
snapshot from 1st september (too be upgraded to -stable on Nov 1st).
/var/squid/logs/cache.log tells me this:
2005/10/14 08:56:55| storeDiskdSend OPEN: (35) Resource temporarily
unavailable
2005/10/14 08:56:55| storeDiskdSend: msgsnd: (35) Resource temporarily
unavailable
So for some reason diskd is choking. Through google I found this thread,
discussing the same symptoms:
http://squid.bilkent.edu.tr/mail-archive/squid-users/200212/0354.html
As told there, it's problably IPC settings that should be adjusted. The
squid FAQ tells me to fiddle in the kernel config:
http://www.squid-cache.org/Doc/FAQ/FAQ-22.html#ss22.6
But since GENERIC is holy for me, I'd rather not poke around and have to
run a custom kernel. Is there any other way to change these values?
With config -e /bsd I found that SHMSEG and SHMMAXPGS could be changed,
but I'm not sure these are the ones I should touch? In sysctl there
seems to be a bunch of values in kern.seminfo. But again, those are not
named like the values in the squid FAQ.
Any tips/pointers on how to make squid a more happy fish?
squid.conf:
http_port 8080
icp_port 0
cache_mem 64 MB
cache_effective_user _squid
cache_effective_group _squid
logfile_rotate 0
pid_filename /var/run/squid.pid
visible_hostname proxy.media.sundsvall.se
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
cache_dir diskd /var/squid/cache 4096 16 256
cache_access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
acl net-media src 192.168.5.0/24
acl net-hvfoto src 192.168.4.0/24
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80
acl CONNECT method CONNECT
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
http_access allow net-media
http_access allow net-hvfoto
http_access allow localhost
http_access deny all
==
dmesg:
OpenBSD 3.8 (GENERIC) #137: Thu Sep 1 17:41:20 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) CPU 2.53GHz ("GenuineIntel" 686-class) 2.53 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,TM2,CNXT-ID
real mem = 258084864 (252036K)
avail mem = 228601856 (223244K)
using 3176 buffers containing 13008896 bytes (12704K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 02/09/05, BIOS32 rev. 0 @ 0xffe90
apm0 at bios0: Power Management spec V1.2
apm0: APM get power status: unknown error code? (83)
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfeb00/240 (13 entries)
pcibios0: no compatible PCI ICU found: ICU vendor 0x8086 product 0x2640
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc/0xa800! 0xca800/0x1800!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 915G/P/GV Host" rev 0x04
ppb0 at pci0 dev 1 function 0 "Intel 915G/P/GV PCIE" rev 0x04
pci1 at ppb0 bus 1
vga1 at pci0 dev 2 function 0 "Intel 915G/P/GV Video" rev 0x04: aperture
at 0xdff0, size 0x800
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
vendor "Intel", unknown product 0x2782 (class display subclass
miscellaneous, rev 0x04) at pci0 dev 2 function 1 not configured
ppb1 at pci0 dev 28 function 0 "Intel 82801FB PCIE" rev 0x04
pci2 at ppb1 bus 2
bge0 at pci2 dev 0 function 0 "Broadcom BCM5751" rev 0x01, BCM5750 A1
(0x4001): irq 11 address 00:11:43:7d:7f:0d
brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb2 at pci0 dev 28 function 1 "Intel 82801FB PCIE" rev 0x04
pci3 at ppb2 bus 3
uhci0 at pci0 dev 29 function 0 "Intel 82801FB USB" rev 0x04: irq 9
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801FB USB" rev 0x04: irq 5
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801FB USB" rev 0x04: irq 3
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.
Re: pf syntax error (nat tag)
On Thu, 4 Aug 2005, Roland Penner wrote: I am setting up new firewall running OpenBSD 3.7. I am trying to implement rules using tagging. I ran into trouble with the following line: nat on $ext_if tagged LAN_INET tag LAN_INET_NAT -> ($ext_if) I get the following error: /etc/pf.conf:16: syntax error I am starting with a sample rule set on the OpenBSD website. The problem line is taken verbatim from the OpenBSD PF documentation: http://www.openbsd.org/faq/pf/tagging.html#policy See http://marc.theaimsgroup.com/?l=openbsd-bugs&m=112276608602981&w=2 I noticed this error just a couple of days ago. Change your nat line to: nat on $ext_if tag LAN_INET_NAT tagged LAN_INET -> ($ext_if) /Regards, Johan
Re: Is there a problem with multiple catp interfaces on one net?
On Fri, 29 Jul 2005, stan wrote: Now, I suspect that might be because I have an existing pair of 3.5 machines doing carp, which are my firwall. Can I not have 2 different carp0's on one netwokr, if they have different virtyal, and real addresses? Just make sure you use different vhid's on the carp0 pairs.
Re: Simple bridge setup
On Mon, 16 May 2005, Greg Thomas wrote: Default install of 3.6 with patches. This is my first attempt at setting up a bridge: # cat /etc/bridgename.bridge0 add xl0 add xl1 up # ifconfig -a lo0: flags=8049 mtu 33224 inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 xl0: flags=8902 mtu 1500 address: 00:50:04:7b:9a:2d media: Ethernet autoselect (100baseTX full-duplex) status: active xl1: flags=8902 mtu 1500 address: 00:b0:d0:dd:0b:75 media: Ethernet autoselect (100baseTX full-duplex) status: active pflog0: flags=0<> mtu 33224 pfsync0: flags=0<> mtu 2020 enc0: flags=0<> mtu 1536 bridge0: flags=41 mtu 1500 Am I missing something? From reading the man pages I thought it was as simple as creating the bridgename.bridge0 file, and rebooting or brconfiging? I'm getting ready to set up pf but obviously need some connectivity through the bridge before I get to that point. I suspect it's because the two network interfaces xl0 and xl1 aren't 'up'. # ifconfig xl0 up # ifconfig xl1 up /Johan
WRAP 1E, sis0 with dhclient woes
Hello people
I've recently baught myself one of these small little WRAP boards
(http://www.pcengines.ch/wrap.htm), soekris-look-alike. After installing
-current on it, I noticed the following:
--
# dhclient sis0
DHCPDISCOVER on sis0 to 255.255.255.255 port 67 interval 6
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
DHCPOFFER from 10.0.0.1
DHCPREQUEST on sis0 to 255.255.255.255 port 67
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
DHCPACK from 10.0.0.1
bound to 10.0.0.23 -- renewal in 10800 seconds.
--
Looking though the archives I found these posts:
http://marc.theaimsgroup.com/?l=openbsd-misc&m=106059883119865
http://marc.theaimsgroup.com/?l=openbsd-tech&m=105760910331290
The patch in the last post seems to have been applied already. I remember
that nsphyter was added recently, could that have anything to do with
this?
Everything works, I just reacted on the "disagrees with bytes" part. IPv6
via rtsol works aswell, as I saw that Paul de Weerd in the last post had
problems with that. Just wanted to inform you, in case this is a driver
bug.
Full dmesg below.
/Johan
OpenBSD 3.7-current (GENERIC) #110: Mon May 2 20:07:58 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
RTC BIOS diagnostic error 80
cpu0: Geode(TM) Integrated Processor by National Semi ("Geode by NSC"
586-class) 267 MHz
cpu0: FPU,TSC,MSR,CX8,CMOV,MMX
cpu0: TSC disabled
real mem = 133804032 (130668K)
avail mem = 115552256 (112844K)
using 1658 buffers containing 6791168 bytes (6632K) of memory
RTC BIOS diagnostic error 80
mainbus0 (root)
bios0 at mainbus0: AT/286+(ac) BIOS, date 07/13/04, BIOS32 rev. 0 @ 0xfc554
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Cyrix GXm PCI" rev 0x00
sis0 at pci0 dev 14 function 0 "NS DP83815 10/100" rev 0x00: DP83816A, irq 10,
address 00:0d:b9:01:20:04
nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1
sis1 at pci0 dev 15 function 0 "NS DP83815 10/100" rev 0x00: DP83816A, irq 9,
address 00:0d:b9:01:20:05
nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1
sis2 at pci0 dev 16 function 0 "NS DP83815 10/100" rev 0x00: DP83816A, irq 11,
address 00:0d:b9:01:20:06
nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1
gscpcib0 at pci0 dev 18 function 0 "NS SC1100 ISA" rev 0x00
gpio0 at gscpcib0: 64 pins
"NS SC1100 SMI/ACPI" rev 0x00 at pci0 dev 18 function 1 not configured
pciide0 at pci0 dev 18 function 2 "NS SCx200 IDE" rev 0x01: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0:
wd0: 1-sector PIO, LBA, 245MB, 501760 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
"NS SCx200 AUDIO" rev 0x00 at pci0 dev 18 function 3 not configured
geodesc0 at pci0 dev 18 function 5 "NS SC1100 X-Bus" rev 0x00: iid 6 revision 3
wdstatus 0
isa0 at gscpcib0
isadma0 at isa0
pcppi0 at isa0 port 0x61
midi0 at pcppi0:
sysbeep0 at pcppi0
gscsio0 at isa0 port 0x2e/2: SC1100 SIO rev 1: ACB1 ACB2
iic0 at gscsio0
iic1 at gscsio0
lmtemp0 at iic1 addr 0x48: LM77
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
biomask f1e7 netmask ffe7 ttymask ffe7
pctr: no performance counters in CPU
nvram: invalid checksum
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
clock: unknown CMOS layout
WARNING: clock time much less than file system time
WARNING: using file system time
WARNING: CHECK AND RESET THE DATE!
