Re: Just want to say thanks to all OpenBSD developers
Dear Leonardo Don't forget donate to keep rock and solid :) On Fri, Oct 30, 2015 at 9:01 AM, Leonardo Santagostini < lsantagost...@gmail.com> wrote: > Hello @all, today i have upgraded from 5.7 to 5.8 on a VPS with a WordPress > for my personal site. > > Following the guide at http://www.openbsd.org/faq/upgrade58.html > everything > went fine. > > Wow i was surprised because documentation was 100% accurated and the > process was staightforward > > At work we use linux, and the upgrade process its a pain in the ass. So > guys, you rock and OpenBSD for me its a breath of fresh air. > > Thanks thanks thanks. > > Kind regards, one happy user ! > > PS: Sorry for my english but is not my mothers tongue. > > Saludos.- > Leonardo Santagostini > > <http://ar.linkedin.com/in/santagostini> > > -- best regards sonjaya
installed java form ports
Dear all, i try install java in openbsd 4.8 , i'm installed form port and get error at bellow. i try using powerdns with interface java Here error i get : Create /usr/ports/packages/i386/all/apache-ant-1.7.1p1.tgz Link to /usr/ports/packages/i386/ftp/apache-ant-1.7.1p1.tgz Link to /usr/ports/packages/i386/cdrom/apache-ant-1.7.1p1.tgz === apache-ant-1.7.1p1 depends on: javaPathHelper-* - found === apache-ant-1.7.1p1 depends on: jdk-=1.5.0|kaffe-* - not found === Verifying install for jdk-=1.5.0|kaffe-* in devel/jdk/1.5 === jdk-1.5.0.16p2 is marked as broken: You must read and accept Sun's JRL license located at /usr/ports/devel/jdk/1.5/files/JavaResearchLicense.txt To indicate your acceptance of the JRL add ACCEPT_JRL_LICENSE=Yes to /etc/mk.conf and restart the build. *** Error code 1 Stop in /usr/ports/devel/apache-ant (line 1765 of /usr/ports/infrastructure/mk/b sd.port.mk). *** Error code 1 Stop in /usr/ports/devel/apache-ant (line 1611 of /usr/ports/infrastructure/mk/b sd.port.mk). *** Error code 1 Stop in /usr/ports/devel/apache-ant (line 2116 of /usr/ports/infrastructure/mk/b sd.port.mk). *** Error code 1 Stop in /usr/ports/java/junit (line 1765 of /usr/ports/infrastructure/mk/bsd.por t.mk). *** Error code 1 Stop in /usr/ports/java/junit (line 2168 of /usr/ports/infrastructure/mk/bsd.por t.mk). *** Error code 1 Stop in /usr/ports/java/junit (line 1580 of /usr/ports/infrastructure/mk/bsd.por t.mk). *** Error code 1 Stop in /usr/ports/java/junit (line 2136 of /usr/ports/infrastructure/mk/bsd.por t.mk). *** Error code 1 Stop in /usr/ports/java/junit (line 2116 of /usr/ports/infrastructure/mk/bsd.por t.mk). *** Error code 1 Stop in /usr/ports/java/junit (line 1611 of /usr/ports/infrastructure/mk/bsd.por t.mk). *** Error code 1 Stop in /usr/ports/java/junit (line 2116 of /usr/ports/infrastructure/mk/bsd.por t.mk). === Exiting java/junit with an error *** Error code 1 Stop in /usr/ports/java (line 135 of /usr/ports/infrastructure/mk/bsd.port.subdi r.mk). # any clue ? -- sonjaya http://www.idadv.com
e-procurement application in openbsd
dear all, i looking e-procurement who working in OpenBSD also license is BSD or GPL sonjaya http://farmproxy.com
asterisk in openbsd
dear All i have machine openbsd 4.5 , because hardware failuer i change with another machine with same version ( openbsd 4.5 ) . but i have trouble in asterisk i can't activate sip and extension , any body here where know to find solutions ? before and after thanks sonjaya
Re: Installing OpenBSD from Linux Xen VPS
i try install in my xen at opensuse , when install success but when reboot after finish installation blank and try againt same happen againt. On Tue, Sep 21, 2010 at 12:25 PM, Stephano Zanzin m...@zan.st wrote: Hello, I was wondering if anyone had installed OpenBSD from a Linux VPS running over a Xen hosting(like slicehost, linode, etc). So, someone tried it? -- stephano -- sonjaya http://www.sharenupload.com http://www.farmproxy.com
Re: Premature end of archive
i get solusion why this happent. me using sonicwall ass gateway ... here i capture log in server and sonicwall # wget ftp://anga.funkfeuer.at/pub/OpenBSD/4.6/packages/i386/clamav-0.95.2.tgz --2010-04-22 17:53:03-- ftp://anga.funkfeuer.at/pub/OpenBSD/4.6/packages/i386/clamav-0.95.2.tgz = `clamav-0.95.2.tgz.1' Resolving anga.funkfeuer.at... 78.41.115.130, 2a02:60:1:1::9 Connecting to anga.funkfeuer.at|78.41.115.130|:21... connected. Logging in as anonymous ... Logged in! == SYST ... done.== PWD ... done. == TYPE I ... done. == CWD /pub/OpenBSD/4.6/packages/i386 ... done. == SIZE clamav-0.95.2.tgz ... 1516336 == PASV ... done.== RETR clamav-0.95.2.tgz ... done. Length: 1516336 (1.4M) 24% [ ] 376,480 40.4K/s in 9.6s 2010-04-22 17:53:18 (38.2 KB/s) - Data connection: Connection reset by peer; Control connection closed. Retrying. --2010-04-22 17:53:19-- ftp://anga.funkfeuer.at/pub/OpenBSD/4.6/packages/i386/clamav-0.95.2.tgz (try: 2) = `clamav-0.95.2.tgz.1' Connecting to anga.funkfeuer.at|78.41.115.130|:21... connected. Logging in as anonymous ... Logged in! == SYST ... done.== PWD ... done. == TYPE I ... done. == CWD /pub/OpenBSD/4.6/packages/i386 ... done. == SIZE clamav-0.95.2.tgz ... 1516336 == PASV ... done.== REST 376480 ... REST failed, starting from scratch. == RETR clamav-0.95.2.tgz ... done. Length: 1516336 (1.4M), 1139856 (1.1M) remaining 24% [ ] 376,480 38.8K/s in 9.6s 2010-04-22 17:53:34 (38.1 KB/s) - Data connection: Connection reset by peer; Control connection closed. Retrying. then i check in sonicwall 12 UTC 04/22/2010 10:52:56.032 Alert Security Services Gateway Anti-Virus Alert: Mytob.Crypter (Worm) blocked 78.41.115.130, 51671, X3 192.168.xxx.10, 13305, X5 ha ha so the trouble maker is sonicwall On Thu, Nov 5, 2009 at 4:54 PM, J.C. Roberts list-...@designtools.org wrote: On Wed, 4 Nov 2009 17:49:55 +0700 sonjaya sonj...@gmail.com wrote: Dear all i try install clamav from packages but get error like this , how to solved ? - i try another mirror still same - try donwload to local pc still same # export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.6/packages/i386/ # pkg_add -i clamav Premature end of archive clamav-0.95.2: complete Adjusting sha for /usr/local/lib/libclamav.a from k3C2K5oQcz5KJ1wrU0uLgN9h6iZ1w6MYh5gIYM02On4= to orCLZWKfCRHFq1lVJcXljBP3QjUq2trZIlRJ49Np5zk= /usr/sbin/pkg_add: Installation of clamav-0.95.2 failed, partial installation recorded as partial-clamav-0.95.2 ^ You need to delete the *PARTIALLY* installed package. As for why this does not happen by default on all failed installation attempts, I don't know, but that fact that failed installation attempts leave non-working junk on the system can cause problems. $ sudo pkg_delete partial-clamav-0.95.2 -- J.C. Roberts -- sonjaya http://www.sharenupload.com http://www.farmproxy.com
maia in openbsd 4.6
hi all ... i have problem installed maia in openbsd 4.6 , problem module perl file(1). Application/Module Version Status Perl : 5.10.0 : OK file(1) : N/A : NOT INSTALLED (required by Maia Mailguard) Archive::Tar : 1.58 : OK # file -v file-4.24 magic file from /etc/magic # whereis file /usr/bin/file # ln -s /usr/bin/file /usr/local/bin/ any clue how to solved this , -- sonjaya http://sicute.blogspot.com http://www.pojokdomain.com(sell buy domain with free )
Re: Blocking Teamviewer
i try update this threads in my network using squid proxy for all internet access after capture the access.log teamviewer have several server main server teamviewer 1. http://ping3.dyngate.com 2. masterxx.teamviewer.com where xxx = 1 until 17 so become master1.teamviewer.com until master17.teamviewer.com so i made block dst domain in squid.conf . and teamviewer client can't working. i try scan port was using for teamviewer server # nmap ping3.dyngate.com Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:06 WIT Warning: Hostname ping3.dyngate.com resolves to 4 IPs. Using 85.25.143.69. Interesting ports on server340.teamviewer.com (85.25.143.69): Not shown: 997 filtered ports PORT STATE SERVICE 80/tcp open http 843/tcp open unknown 3389/tcp open ms-term-serv Nmap done: 1 IP address (1 host up) scanned in 17.25 seconds # nmap master1.teamviewer.com Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:06 WIT Interesting ports on master.dyngate.com (87.230.73.23): Not shown: 998 filtered ports PORTSTATE SERVICE 80/tcp open http 843/tcp open unknown ini hasil scan client teamviewer # nmap 124.217.230.1xx Starting Nmap 4.76 ( http://nmap.org ) at 2010-03-26 23:12 WIT Interesting ports on server404.teamviewer.com (124.217.230.174): Not shown: 997 filtered ports PORT STATE SERVICE 80/tcp open http 843/tcp open unknown 3389/tcp open ms-term-serv Nmap done: 1 IP address (1 host up) scanned in 24.82 seconds so add in pf for blockerd port 843 3389 just that and teamviewer client can't working i hope this will be blocked teamviewer. On Sat, Mar 20, 2010 at 1:22 AM, Siju George sgeorge...@gmail.com wrote: On Fri, Mar 19, 2010 at 10:14 PM, Steve Shockley steve.shock...@shockley.net Presumably you're trying to block it with an OpenBSD firewall. Yes :-) Analyze the protocol, you can probably stop it with a transparent proxy that disallows CONNECT requests. Could you please explain? Or, http://lmgtfy.com/?q=teamviewer+blockl=1 The first thing I did :-) thanks --Siju -- sonjaya http://www.sharenupload.com
reconfigure squid on packages
hi ... i using squid in my openbsd box , i need reconfigure squid to support useragent acl ( team viewer problem ) . i'm installed from port. how to do that to make squid working with acl useragent ? can do that without recomplie from source -- sonjaya http://www.sharenupload.com http://www.airportindonesia.info
update packages error
dev 31 function 0 Intel 82801DB LPC rev 0x02: 24-bit timer at 3579545Hz pciide0 at pci0 dev 31 function 1 Intel 82801DB IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: ST340015A wd0: 16-sector PIO, LBA, 38166MB, 78165360 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: channel 1 disabled (no drives) ichiic0 at pci0 dev 31 function 3 Intel 82801DB SMBus rev 0x02: irq 3 iic0 at ichiic0 iic0: addr 0x2f 00=01 01=07 02=01 03=00 04=07 05=00 06=08 07=00 14=14 15=62 16=03 17=02 words 00=01ff 01=07ff 02=01ff 03=00ff 04=07ff 05=00ff 06=08ff 07=00ff 08= 09= 0a= 0b= 0c= 0d= 0e= 0f= spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM non-parity PC2100CL2.5 spdmem1 at iic0 addr 0x51: 256MB DDR SDRAM non-parity PC3200CL2.5 auich0 at pci0 dev 31 function 5 Intel 82801DB AC97 rev 0x02: irq 3, ICH4 AC97 ac97: codec id 0x414c4780 (Avance Logic ALC658 rev 0) ac97: codec features 20 bit DAC, 18 bit ADC, No 3D Stereo audio0 at auich0 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 wbsio0 at isa0 port 0x2e/2: W83627THF rev 0x83 lm1 at wbsio0 port 0x290/8: W83627THF npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 2.88MB 80 cyl, 2 head, 36 sec biomask eb6d netmask ff6d ttymask ffef mtrr: Pentium Pro MTRR support softraid0 at root root on wd0a swap on wd0b dump on wd0b -- sonjaya http://jenar.us(webproxy) http://clienttracking.info(web proxy)
Re: update packages error
thank's for the info i think you right i must upgrade fully no only packages On Sat, Jan 9, 2010 at 10:30 PM, Marc Espie es...@nerim.net wrote: On Sat, Jan 09, 2010 at 07:09:03PM +0700, sonjaya wrote: hi all i have openbsd 4.3 as mx server , i try update packages i try ^^^ following this from this link http://www.openbsd.org/faq/upgrade44.html before update to new one i try update packages You have things backwards. Update your system first. Unknown element: @sha Xa85ahS78Iy3rRgoKHOU0sN1WHkU+5HDvW8OSf1Cm9w= in SCALAR(0x81180c9c), at /usr/libdata/perl5/OpenBSD/PackingList.pm line We changed from md5 to sha256 in packages. You really need a new pkg_add for this to work. -- sonjaya http://jenar.us(webproxy) http://clienttracking.info(webproxy)
Premature end of archive
Dear all i try install clamav from packages but get error like this , how to solved ? - i try another mirror still same - try donwload to local pc still same # export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.6/packages/i386/ # pkg_add -i clamav Premature end of archive clamav-0.95.2: complete Adjusting sha for /usr/local/lib/libclamav.a from k3C2K5oQcz5KJ1wrU0uLgN9h6iZ1w6MYh5gIYM02On4= to orCLZWKfCRHFq1lVJcXljBP3QjUq2trZIlRJ49Np5zk= /usr/sbin/pkg_add: Installation of clamav-0.95.2 failed, partial installation recorded as partial-clamav-0.95.2 -- sonjaya http://sicute.blogspot.com
Re: Premature end of archive
yes already pkg_delete but still same show up that problem On Wed, Nov 4, 2009 at 7:11 PM, Nick Guenther kou...@gmail.com wrote: On Wed, Nov 4, 2009 at 5:49 AM, sonjaya sonj...@gmail.com wrote: Dear all i try install clamav from packages but get error like this , how to solved ? - i try another mirror still same - try donwload to local pc still same # export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.6/packages/i386/ # pkg_add -i clamav Premature end of archive clamav-0.95.2: complete Adjusting sha for /usr/local/lib/libclamav.a from k3C2K5oQcz5KJ1wrU0uLgN9h6iZ1w6MYh5gIYM02On4= to orCLZWKfCRHFq1lVJcXljBP3QjUq2trZIlRJ49Np5zk= /usr/sbin/pkg_add: Installation of clamav-0.95.2 failed, partial installation recorded as partial-clamav-0.95.2 Did you make sure to pkg_delete the partial install before trying again? -- sonjaya http://sicute.blogspot.com http://www.pojokdomain.com(sell buy domain with free )
Re: squid stabel 7
at the end back to aufs and working fine today , but how to make my squid become parent cache so i can control policy for one machine to another machine . Because i have several squid with openbsd in head n branch. thank's
squid stabel 7
: bus 2 (PCI1) acpiprt2 at acpi0: bus 5 (PCI2) acpiprt3 at acpi0: bus 7 (PCI3) acpiprt4 at acpi0: bus 9 (PCI4) acpicpu0 at acpi0 bios0: ROM list: 0xc/0x8000 0xc8000/0x4000 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 ServerWorks CNB20-HE Host (GC-LE) rev 0x33 pchb1 at pci0 dev 0 function 1 ServerWorks CNB20-HE Host (GC-LE) rev 0x00 pci1 at pchb1 bus 2 bge0 at pci1 dev 8 function 0 Broadcom BCM5703X rev 0x02, BCM5703 A2 (0x1002): apic 13 int 13 (irq 1 1), address 00:09:6b:a5:d1:f3 brgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2 pchb2 at pci0 dev 0 function 2 ServerWorks CNB20-HE Host (GC-LE) rev 0x00 pci2 at pchb2 bus 7 fxp0 at pci0 dev 1 function 0 Intel 8255x rev 0x08, i82559: apic 13 int 0 (irq 10), address 00:90:27 :e6:c6:14 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 vga1 at pci0 dev 9 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) piixpm0 at pci0 dev 15 function 0 ServerWorks CSB5 rev 0x93: polling iic0 at piixpm0 spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM registered ECC PC2100CL2.5 spdmem1 at iic0 addr 0x51: 512MB DDR SDRAM registered ECC PC2100CL2.5 pciide0 at pci0 dev 15 function 1 ServerWorks CSB5 IDE rev 0x93: DMA ohci0 at pci0 dev 15 function 2 ServerWorks OSB4/CSB5 USB rev 0x05: apic 14 int 11 (irq 11), version 1.0, legacy support pcib0 at pci0 dev 15 function 3 ServerWorks CSB5 LPC rev 0x00 pchb3 at pci0 dev 16 function 0 ServerWorks CIOB-X2 PCIX rev 0x05 pchb4 at pci0 dev 16 function 2 ServerWorks CIOB-X2 PCIX rev 0x05 pci3 at pchb4 bus 5 mpi0 at pci3 dev 7 function 0 Symbios Logic 53c1030 rev 0x07: apic 13 int 11 (irq 9) scsibus0 at mpi0: 16 targets, initiator 7 sd0 at scsibus0 targ 0 lun 0: IBM-ESXS, DTN036C3UCDY10FN, S27P SCSI3 0/direct fixed sd0: 34715MB, 512 bytes/sec, 71096640 sec total sd1 at scsibus0 targ 1 lun 0: IBM-ESXS, DTN036C3UCDY10FN, S27P SCSI3 0/direct fixed sd1: 34715MB, 512 bytes/sec, 71096640 sec total safte0 at scsibus0 targ 8 lun 0: IBM, 02R0962a S320 1, 1 SCSI2 3/processor fixed mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1 mpi0: target 1 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1 mpi1 at pci3 dev 7 function 1 Symbios Logic 53c1030 rev 0x07: apic 13 int 12 (irq 9) scsibus1 at mpi1: 16 targets, initiator 7 pchb5 at pci0 dev 17 function 0 ServerWorks CIOB-X2 PCIX rev 0x05 pchb6 at pci0 dev 17 function 2 ServerWorks CIOB-X2 PCIX rev 0x05 pci4 at pchb6 bus 9 usb0 at ohci0: USB revision 1.0 uhub0 at usb0 ServerWorks OHCI root hub rev 1.00/1.00 addr 1 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec mtrr: Pentium Pro MTRR support softraid0 at root root on sd0a swap on sd0b dump on sd0b sonjaya
Re: OpenBSD as MX server
because mx server will be replace is production server in next time will be use it like your recomended. thank' for all recomendation On Wed, Sep 30, 2009 at 3:44 PM, Stephan A. Rickauer stephan.ricka...@startek.ch wrote: On Wed, 2009-09-30 at 13:30 +0700, sonjaya wrote: it will be helpful if want share tutorial . man smtpd || man sendmail man spamd -- sonjaya http://sicute.blogspot.com http://www.pojokdomain.com(sell buy domain with free )
Re: ALIX and PC Engines CompactFlash
i using generic cf ( vgen) for obsd 4.5 and mother board via epia , main problem is only DMA and can handle it with setup manualy adn problem missing. On Fri, Oct 2, 2009 at 2:26 AM, Daniel Melameth dan...@melameth.com wrote: With the positive response of OpenBSD on this hardware, I'm considering purchasing these in preparation for a proof of concept. As such, if anyone has purchased the 4GB COMPACTFLASH CARDS THAT PC ENGINES SELLS (http://www.pcengines.ch/cf4dp.htm or http://www.pcengines.ch/cf4slc.htm), would you please share the RELEVANT PORTION OF YOUR DMESG for the card (and your opinions if you'd like)? I'm particularly interested in what's reported for x-sector PIO and related. While I know I can purchase CompactFlash cards from anywhere, I try to support those companies that support OpenBSD (that and it's easier just to get everything from one vendor). Thanks. -- sonjaya
Re: OpenBSD as MX server
Dear Christ, my linux box running postfix and amavisd and cbl for spam , but today that box hard to manage and update it . i see in obsd default have been tools to take care about spam that is mine consern also security problem. because this production server and log all email to trace and trace i must make sure everything good enough before replace it. On Wed, Sep 30, 2009 at 10:43 PM, Matthew Weigel uni...@idempot.net wrote: Chris wrote: Hi Sonjaya, You ask a very open-ended question here. To get into specifics would be too difficult in one email. But here is a rough outline to get you started. A rough outline of... something, certainly. Definitely something mail related. Setting up an MX server? Not so sure. Some people use Dovecot, but the version included in 4.5 does not include encryption (though you could probably use stunnel to address that...). Wait, what? $ uname -mrsv OpenBSD 4.5 GENERIC.MP#108 i386 $ grep imaps /etc/dovecot.conf # Protocols we want to be serving: imap imaps pop3 pop3s protocols = imaps pop3s $ pkg_info | grep dovecot dovecot-1.1.11p1-ldap compact IMAP/POP3 server Original author wants to replace a Linux MX with an OpenBSD MX? I think the logical approach is to - at least as a first step - look at what the Linux MX is doing now. In all probability that involves using the same MTA as is already in use on the Linux machine, the same antispam software, and mostly the same configuration files. Learning about OpenBSD's spamd would be a good idea once that's done, but at no point does it really involve dumping everything and just doing what someone on a mailing list said. -- Matthew Weigel hacker unique idempot . ent --
OpenBSD as MX server
hi i try setup obsd 4.5 become MX server , i have plan replace my linux box with obsd. i looking tutorial in kernel-panic.it i can found spamassin in application package obsd 4.5. my target is obsd 4.5 will become as mx server ( antivirus + antispam ) it will be helpful if want share tutorial . my regards sonjaya
slip cable
hi ... i want using slip as my network interface, for cable layout what kind recomended and working in openbsd. i search null modem cable rs232 a have some type: - null modem without handshaking - null modem with loop back handshaking - null modem with partial handshaking - null modem with full handshaking which one compatible for openbsd network ? my plan that cable will be transfer file between openbsd server ( 3 openbsd server ) for syncronise file each server at least more than 10 G transfer with that cable every day. sonjaya http://idsale.blogspot.com
Re: slip cable
[snip] On Mon, Sep 21, 2009 at 5:59 PM, Paul M l...@no-tek.com wrote: This has nothing to do with openbsd, it's determined by your hardware. Use a cable with full handshaking. The hw can then use it if it needs to. thank's i will create null modem with full handshaking.if that best options for all choice
Re: slip cable
[snip] On Mon, Sep 21, 2009 at 5:25 PM, Paul de Weerd we...@weirdnet.nl wrote: 10G/day is almost 1Mbit per second average (without encapsulation overhead). Not really suitable for serial lines (or do you want to bundle several 115kbit lines together for super serial speed ?). Why are you avoiding a dedicated ethernet interface (or VLAN) between the two machines ? yes the best options is using switch and vlan , buat is my problem in my place no switch support vlan also no pci socket avaliable for another ethernet card.i have try using usb to network but have poor link.
dma problem in VIA Nehemiah
# dmesg OpenBSD 4.5-stable (LESCHACO) #0: Mon Aug 10 15:49:13 WIT 2009 r...@localhost:/usr/src/sys/arch/i386/compile/LESCHACO cpu0: VIA Nehemiah (CentaurHauls 686-class) 1 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,SEP,MTRR,PGE,CMOV,PAT,MMX,FXSR,SSE real mem = 502824960 (479MB) avail mem = 477851648 (455MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 05/19/04, BIOS32 rev. 0 @ 0xfb210, SMBIOS rev. 2.2 @ 0xf0800 (26 entries) bios0: vendor Award Software International, Inc. version 6.00 PG date 05/19/2004 bios0: VIA Technologies, Inc. VT8623-8235 apm0 at bios0: Power Management spec V1.2 (slowidle) apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0xdf44 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfded0/112 (5 entries) pcibios0: PCI Exclusive IRQs: 5 10 11 12 pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT8235 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xec00 0xd/0x8000! cpu0 at mainbus0: (uniprocessor) cpu0: RNG AES pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 VIA VT8623 PCI rev 0x00 viaagp0 at pchb0: v2 agp0 at viaagp0: aperture at 0xe600, size 0xe80 ppb0 at pci0 dev 1 function 0 VIA VT8633 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 VIA CLE266 rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) VIA VT6306 FireWire rev 0x80 at pci0 dev 13 function 0 not configured uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x80: irq 11 uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x80: irq 12 uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x80: irq 10 ehci0 at pci0 dev 16 function 3 VIA VT6202 USB rev 0x82: irq 5 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 VIA EHCI root hub rev 2.00/1.00 addr 1 viapm0 at pci0 dev 17 function 0 VIA VT8235 ISA rev 0x00 iic0 at viapm0 spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM non-parity PC2100CL2.5 pciide0 at pci0 dev 17 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) wd0 at pciide0 channel 1 drive 0: ST320413A wd0: 16-sector PIO, LBA, 19092MB, 39102336 sectors wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5 auvia0 at pci0 dev 17 function 5 VIA VT8233 AC97 rev 0x50: irq 10 ac97: codec id 0x49434552 (ICEnsemble VIA VT1616i) ac97: codec features headphone, 18 bit DAC, 18 bit ADC, KS Waves 3D audio0 at auvia0 vr0 at pci0 dev 18 function 0 VIA RhineII-2 rev 0x74: irq 11, address 00:40:63:dd:74:6a ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 8: OUI 0x004063, model 0x0032 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 VIA UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 VIA UHCI root hub rev 1.00/1.00 addr 1 isa0 at mainbus0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 viasio0 at isa0 port 0x2e/2: VT1211 rev 0x02, HM, WDG not activated npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask ff65 netmask ff65 ttymask softraid0 at root root on wd0a swap on wd0b dump on wd0b wd0a: aborted command, interface CRC error reading fsbn 24063776 of 24063776-24063807 (wd0 bn 24063839; cn 1591 tn 125 sn 44), retrying wd0: transfer error, downgrading to Ultra-DMA mode 4 wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 4 wd0a: aborted command, interface CRC error reading fsbn 24063776 of 24063776-24063807 (wd0 bn 24063839; cn 1591 tn 125 sn 44), retrying wd0: transfer error, downgrading to Ultra-DMA mode 3 wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 3 wd0a: aborted command, interface CRC error reading fsbn 24063776 of 24063776-24063807 (wd0 bn 24063839; cn 1591 tn 125 sn 44), retrying wd0: soft error (corrected) # any clue to make this problem dma mising, i think problem of hard disk but not sonjaya http://idsale.blogspot.com
Fping smokeping 2.0 problem in obsd 4.5
Hi i success installed smokeping in openbsd 4.5. i made some custom config as i need when i try running always get error message like this : #smokeping --debug Dropping privilges to _smokeping ... ERROR: Fping must be installed setuid root or it will not work at (eval 29) line 1 any ide to solved this problem sonjaya http://idsale.blogspot.com http://videopingpong.blogspot.com
openbsd in virtualization
Hi... My boss ask how to move current obsd server to virtualiaztion ( such as openvz, vmare , etc ) . anyone in here sucsess moving obsd to Environment virtualization ( openvz , vmware etc ) , may be want share to me ? So obsd become guest OS ? ps: i'm so sory to ask this because Efficiency and reduce IT cost . thank's
Re: openbsd in virtualization
what virtualization you use (vmware , openvz , etc )? On Wed, Mar 18, 2009 at 3:34 PM, Michiel van Baak mich...@vanbaak.info wrote: On 15:13, Wed 18 Mar 09, sonjaya wrote: Hi... My boss ask how to move current obsd server to virtualiaztion ( such as openvz, vmare , etc ) . anyone in here sucsess moving obsd to Environment virtualization ( openvz , vmware etc ) , may be want share to me ? So obsd become guest OS ? ps: i'm so sory to ask this because Efficiency and reduce IT cost . thank's I'm running OpenBSD 4.4 and -current under KVM here at home. I wont run it in production tho. Real hardware is much more stable. -- Michiel van Baak mich...@vanbaak.eu http://michiel.vanbaak.eu GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x71C946BD Why is it drug addicts and computer aficionados are both called users? -- sonjaya http://sicute.blogspot.com http://www.pojokdomain.com(sell buy domain with free )
Re: openbsd in virtualization
ye that is my point , if i using obsd as guest os will be reduce benefit of OBSD . so now only two candidate - XEN - qemu - vmware server ( price is high 0 - virtualbox SUN may be i will try taht candidate . Thank's for all sharing :) On Wed, Mar 18, 2009 at 4:01 PM, Daniel Ouellet dan...@presscom.net wrote: Hi... My boss ask how to move current obsd server to virtualiaztion ( such as openvz, vmare , etc ) . anyone in here sucsess moving obsd to Environment virtualization ( openvz , vmware etc ) , may be want share to me ? So obsd become guest OS ? ps: i'm so sory to ask this because Efficiency and reduce IT cost . thank's I run it under VMWare with MAC OSX as the host just for fun. Nothing real heavy and to do tests. My Son is running it under qemu on his MAC laptop and keep barging about it to me as I haven't done it yet. Well, to give him credit, I haven't figure out how to yet and didn't spend time doing it, but he is using it every day and created himself a workstation just like his mac under qemu with OpenBSD until he is happy with the final final results and then he will only use OpenBSD then. It's been pretty stable for about a year now or so. So, you can run it under about anything you want really, but you do loose the benefit of OpenBSD itself and become slave of the host OS as well as the virtualization layer you use. In short I wouldn't use it, but again, there is plenty of comments on this same subject in the archive, so just use google and search for it. You will find plenty. Daniel -- sonjaya http://sicute.blogspot.com http://www.pojokdomain.com(sell buy domain with free )
IBM Xseries 235 and OBSD 4.4
Dear all i have old machine ibm Xseries 235 and storage with raid. I try to install openbsd 4.4 but getting problem when intialize disk , obsd 4.4 instalation disk can't detect raid . any clue how to make it working with raid ? thank's sonjaya http://sicute.blogspot.com http://www.pojokdomain.com(sell buy domain with free )
Re: IBM Xseries 235 and OBSD 4.4
Thank's is working no 2009/3/17 Alexander Yurchenko gra...@disorder.ru: On Tue, Mar 17, 2009 at 06:02:07PM +0700, sonjaya wrote: Dear all i have old machine ibm Xseries 235 and storage with raid. I try to install openbsd 4.4 but getting problem when intialize disk , obsd 4.4 instalation disk can't detect raid . any clue how to make it working with raid ? try this: ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/i386/install45.iso thank's sonjaya http://sicute.blogspot.com http://www.pojokdomain.com(sell buy domain with free ) -- Alexander Yurchenko -- sonjaya http://sicute.blogspot.com http://www.pojokdomain.com(sell buy domain with free )
error ping
Dear all i have problem when ping between server openbsd below my diagram internet1openbsd01|---lan1 |switch| internet2openbsd02|--lan02 have been 1 month like this , pf using only for nat and transparent proxy . bellow result ping ... # ping 192.168.2.2 PING 192.168.2.2 (192.168.2.2): 56 data bytes 64 bytes from 192.168.2.2: icmp_seq=5 ttl=255 time=0.308 ms 64 bytes from 192.168.2.2: icmp_seq=11 ttl=255 time=0.189 ms 64 bytes from 192.168.2.2: icmp_seq=12 ttl=255 time=0.219 ms 64 bytes from 192.168.2.2: icmp_seq=21 ttl=255 time=0.191 ms 64 bytes from 192.168.2.2: icmp_seq=28 ttl=255 time=0.193 ms 64 bytes from 192.168.2.2: icmp_seq=29 ttl=255 time=0.191 ms 64 bytes from 192.168.2.2: icmp_seq=32 ttl=255 time=0.185 ms 64 bytes from 192.168.2.2: icmp_seq=34 ttl=255 time=0.185 ms wrong data byte #19 should be 0xb but was 0xa 49 8b f4 7a 0 c aa 42 8 9 a a c d e f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 64 bytes from 192.168.2.2: icmp_seq=37 ttl=255 time=0.188 ms 64 bytes from 192.168.2.2: icmp_seq=45 ttl=255 time=0.189 ms 64 bytes from 192.168.2.2: icmp_seq=48 ttl=255 time=0.202 ms 64 bytes from 192.168.2.2: icmp_seq=49 ttl=255 time=0.216 ms -- sonjaya http://sicute.blogspot.com http://www.pojokdomain.com(sell buy domain with free )
Generate CA Certificates key
dear all how to generating certificates keys and CA in openbsd ? i will use certificates and keys for server also for the client . last time follow openvpn script not working. -- sonjaya http://idsale.blogspot.com http://videopingpong.blogspot.com
E220 as 3G Internet Access
Dear all i have E220 from Huawei for mobile internet connection . Now i want using E220 as internet sharing from my obsd 4.4 box. i have found good link obsd 4.4 and E220 http://www.jensolsson.se/?p=123 when i try connect get error like this bellow : Jan 9 13:54:15 bsd pppd[28000]: pppd 2.3.5 started by root, uid 0 Jan 9 13:54:20 bsd pppd[28000]: Connect: ppp0 -- /dev/ttyU0 Jan 9 13:54:23 bsd pppd[28000]: Could not determine remote IP address Jan 9 13:54:23 bsd pppd[28000]: Connection terminated. Jan 9 13:54:25 bsd pppd: Exit. here my ppp conf : # cat /etc/ppp/qiandra /dev/ttyU0 crtscts defaultroute noauth connect '/usr/sbin/chat -v -f /etc/ppp/qiandra.chat' # chat # cat /etc/ppp/qiandra.chat ABORT NO CARRIER ABORT NO DIALTONE ABORT ERROR ABORT NO ANSWER ABORT BUSY ABORT Username/Password Incorrect TIMEOUT 15 ATZ OK ATE1 OK ATQ0V1E1S0=0C1D2+FCLASS=0 OK 'AT+CGDCONT=1,IP,apnisp' OK ATDT*99***1# TIMEOUT 30 CONNECT \d\c # options # cat /etc/ppp/options modem defaultroute netmask 255.255.255.0 ipcp-accept-local ipcp-accept-remote noipdefault lock auth usehostname # basic my isp using dhcp for ip address and i must set static dns for tunning. so how to solved my problem with E220 and OBSD 4.4 do i missing something ? -- sonjaya http://idsale.blogspot.com http://videopingpong.blogspot.com -- learning trik play table tenis form expert
Re: voip card
have you try in openbsd 4.3 or 4.4 ? I try make one small box for voip service with openbsd 4.3/4.4 thank's On Tue, Dec 2, 2008 at 2:04 PM, Zafer Da:tan [EMAIL PROTECTED] wrote: Stuart Henderson yazm}~: On 2008-12-01, sonjaya [EMAIL PROTECTED] wrote: Dear all do you have anyone here using voip card ( digium , sangoma etc ) in openbsd , i will be thank's if someone share no, but there are PSTN/SIP gateways which cost about the same as the cards (e.g. patton) I used Sangoma FXS/FXO+asterisk cards in 3.8 in experimental network and it worked well. if zaptel is ported properly, I think there will be no problem. (one point voip cards are no longer supported for OpenBSD) -- Zafer Da~tan *Z-Sistem* *]nternet Serv. Bili~im Tekno. Veri G|v. San Tic. Ltd. ^ti.* Adres : Beyler Cad. Dost Kent Yan} No:4 Gayyolu / ANKARA TR 06530 Tel : +90 (0) 312 238 24 15 Faks : +90 (0) 312 238 24 18 GSM : +90 (0) 532 548 28 30 http://www.z-sistem.com http://www.z-sistem.com/ http://www.i-bekci.com http://www.i-bekci.com/ -- sonjaya http://idsale.blogspot.com
openvpn error PKI on obsd 4.4
. # This is OK for an SSL server. # nsCertType= server # For an object signing certificate this would be used. # nsCertType = objsign # For normal client use this is typical # nsCertType = client, email # and for everything including object signing: # nsCertType = client, email, objsign # This is typical in keyUsage for a client certificate. # keyUsage = nonRepudiation, digitalSignature, keyEncipherment # This will be displayed in Netscape's comment listbox. nsComment = Easy-RSA Generated Certificate # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always extendedKeyUsage=clientAuth keyUsage = digitalSignature # This stuff is for subjectAltName and issuerAltname. # Import the email address. # subjectAltName=email:copy # Copy subject details # issuerAltName=issuer:copy #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem #nsBaseUrl #nsRevocationUrl #nsRenewalUrl #nsCaPolicyUrl #nsSslServerName [ server ] # JY ADDED -- Make a cert with nsCertType set to server basicConstraints=CA:FALSE nsCertType = server nsComment = Easy-RSA Generated Server Certificate subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always extendedKeyUsage=serverAuth keyUsage = digitalSignature, keyEncipherment [ v3_req ] # Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment [ v3_ca ] # Extensions for a typical CA # PKIX recommendation. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always # This is what PKIX recommends but some broken software chokes on critical # extensions. #basicConstraints = critical,CA:true # So we do this instead. basicConstraints = CA:true # Key usage: this is typical for a CA certificate. However since it will # prevent it being used as an test self-signed certificate it is best # left out by default. # keyUsage = cRLSign, keyCertSign # Some might want this also # nsCertType = sslCA, emailCA # Include email address in subject alt name: another PKIX recommendation # subjectAltName=email:copy # Copy issuer details # issuerAltName=issuer:copy # DER hex encoding of an extension: beware experts only! # obj=DER:02:03 # Where 'obj' is a standard or added object # You can even override a supported extension: # basicConstraints= critical, DER:30:03:01:01:FF [ crl_ext ] # CRL extensions. # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. # issuerAltName=issuer:copy authorityKeyIdentifier=keyid:always,issuer:always [ engine_section ] # # If you are using PKCS#11 # Install engine_pkcs11 of opensc (www.opensc.org) # And uncomment the following # verify that dynamic_path points to the correct location # #pkcs11 = pkcs11_section [ pkcs11_section ] engine_id = pkcs11 dynamic_path = /usr/lib/engines/engine_pkcs11.so MODULE_PATH = $ENV::PKCS11_MODULE_PATH PIN = $ENV::PKCS11_PIN init = 0 so what should i do :) any way any link to make PKI for openvpn with working openssl.cnf for openbsd as gateway vpn. thank's so sory for basic question -- sonjaya http://idsale.blogspot.com http://www.pojokdomain.com(sell buy domain with free )
Re: Record for total number of rigs running OpenBSD
On Fri, Oct 17, 2008 at 11:42 PM, Vivek Ayer [EMAIL PROTECTED] wrote: Hi guys, Just wanted to let you folks know that my lab, due to my insistence, is now running OpenBSD on 5 rigs: 2 CARP/pfsync firewalls 1 DNS Server 2 CARP/pfsync/load-sharing web servers (sparc64) I'm sure there's people out there that have more rigs running it. I'd just like to know. If things go smoothly with these, I'll definitely pitch in money for the 4.5 release (put 4.3 to the test first). Cheers from Berkeley, the birthplace of BSD, Vivek hii .. 1 dns server on compaq desktop pro 2 gateway on compaq desktop pro 2 proxy on compaq deskto pro 1 vpn gateway on compaq desktop pro 1 web server + proxy + database ( radius mysql ) on mac mini intel . -- sonjaya http://idsale.blogspot.com http://www.pojokdomain.com(sell buy domain with free )
obsd 4.3 for phpmotion
Dear all who have successfully running phpmotion in obsd 4.3 machine , can i get share story , i try always error extension_dir does not exists /var/www/lib/php/module also phpmotion need PHP 4.3 and above (including support of CLI) - MySQL database server - LAME MP3 Encoder - Libogg + Libvorbis - Mencoder and also Mplayer - FFMpeg-PHP - GD Library 2 or higher - CGI-BIN - Be able to run background processes where i get memcoder sonjaya http://idsale.blogspot.com http://www.pojokdomain.com(sell buy domain with free )
Re: halt -p not working in mac mini
halt with option -ph is unknow option , and shutdown -hp now still not working always restart On Tue, Sep 9, 2008 at 2:07 PM, ropers [EMAIL PROTECTED] wrote: 2008/9/9 Lars Noodin [EMAIL PROTECTED]: sonjaya wrote: I have been susccess full install openbsd 4.3 at mac mini ( intel base), but i have problem when halt -p , the mac mini don't halt and power off only restart bellow dmesg from mac mini : Have you tried halt -ph ? -Lars That reminds me: Personally, I always derive enjoyment from typing shutdown -hp now. I'm easily amused. --ropers -- sonjaya http://sicute.blogspot.com http://www.pojokdomain.com(sell buy domain with free )
halt -p not working in mac mini
codes wskbd0 at ukbd0: console keyboard, using wsdisplay0 uhidev1 at uhub4 port 1 configuration 1 interface 1 Apple Computer ADB device rev 2.00/19.65 addr 2 uhidev1: iclass 3/1 ums0 at uhidev1: 5 buttons wsmouse0 at ums0 mux 0 uhidev2 at uhub3 port 1 configuration 1 interface 0 KYE Optical Mouse rev 1.10/2.00 addr 2 uhidev2: iclass 3/1 ums1 at uhidev2: 3 buttons and Z dir. wsmouse1 at ums1 mux 0 uhidev3 at uhub4 port 2 configuration 1 interface 0 Apple Computer, Inc. IR Receiver rev 2.00/1.10 addr 3 uhidev3: iclass 3/0, 38 report ids uhid0 at uhidev3 reportid 36: input=4, output=0, feature=0 uhid1 at uhidev3 reportid 37: input=4, output=0, feature=0 uhid2 at uhidev3 reportid 38: input=4, output=0, feature=0 uhidev4 at uhub3 port 2 configuration 1 interface 0 LITEON Technology USB Keyboard rev 1.10/1.09 addr 3 uhidev4: iclass 3/1 ukbd1 at uhidev4: 8 modifier keys, 6 key codes wskbd1 at ukbd1 mux 1 wskbd1: connecting to wsdisplay0 uhidev5 at uhub3 port 2 configuration 1 interface 1 LITEON Technology USB Keyboard rev 1.10/1.09 addr 3 uhidev5: iclass 3/0, 2 report ids uhid3 at uhidev5 reportid 1: input=1, output=0, feature=0 uhid4 at uhidev5 reportid 2: input=3, output=0, feature=0 softraid0 at root root on wd0a swap on wd0b dump on wd0b # Best regards sonjaya http://idsale.blogspot.com http://www.pojokdomain.com(sell buy domain with free )
apc Back-UPS ES 525
Dear all, i have small ups seri APC / Back-UPS ES 525 , how to joint and control with openbsd , i try using apc-upsd when test not working. then i try nut but unknown driver. if any sucsess story can share to me :) -- sonjaya http://sicute.blogspot.com
acer aspire m1610
Dear all, I have acer aspire M1610 and M1641 and try install openbsd 4.3 the result is : - acer aspire M1610 can't detect the onboard landcard - acer aspire M1641 is totaly blank after detect nvidia chipset . and my question how to make it work acer Aspire M1610 ( working with onboard lan card ) and for Acer Aspire M1641 can use for Openbsd . Thank's -- sonjaya http://sicute.blogspot.com
Re: openbsd with cf
wow great is working not show up the message , i found in manual link : WD(4) OpenBSD Programmer's ManualWD(4) NAME wd - WD100x compatible hard disk driver SYNOPSIS wd* at wdc? flags 0x wd* at pciide? flags 0x DESCRIPTION The wd driver supports hard disks which emulate the Western Digital WD100x. This includes standard MFM, RLL, ESDI, IDE, and EIDE drives, as well as Serial ATA drives, and PCMCIA/CF storage media. The flags are used only with controllers that support DMA operations and mode settings (like some pciide(4) controllers). The lowest order (rightmost) nibble of the flags define the PIO mode to use. The next four bits indicate the DMA mode and the third nibble the UltraDMA mode. For each set of four bits, the 3 lower bits define the mode to use and the last bit must be set to 1 for this setting to be used. For DMA and UltraDMA, 0xf () means ``disable''. For example, a flags value of 0x0fac ( 1010 1100) means ``use PIO mode 4, DMA mode 2, disable UltraDMA''. The special setting 0x means ``use whatever the drive claims to support''. But PIO mode is more slowest than udma , how to chek perfomance the cf card in linux using hdparm how about in openbsd ( test cf card ) . On Mon, Jun 30, 2008 at 2:46 PM, Stuart Henderson [EMAIL PROTECTED] wrote: On 2008-06-30, sonjaya [EMAIL PROTECTED] wrote: I have CF ( compact Flash ) Vgen 1G , and converter ide to cf . I try install openbsd 4.3 in cf and succesfully and try first boot i get error message like this bellow: how to solved this ? Your CF card supports DMA transfers, but the adapter doesn't have the correct lines wired up. http://marc.info/?l=soekris-techm=117879934817861w=2 pciide0:0:0: bus-master DMA error: missing interrupt, status=0x21 wd0: transfer error, downgrading to PIO mode 4 wd0(pciide0:0:0): using PIO mode 4 wd0c: device timeout reading fsbn 0 (wd0 bn 0; cn 0 tn 0 sn 0), retrying wd0: soft error (corrected) root on wd0a swap on wd0b dump on wd0b Ah good, at least your card implements the RESET command so the automatic downgrade to PIO works. -- sonjaya http://sicute.blogspot.com
openbsd with cf
1 wskbd1: connecting to wsdisplay0 uhidev1 at uhub0 port 2 configuration 1 interface 1 LITEON Technology USB Keyboard rev 1.10/1.09 addr 2 uhidev1: iclass 3/0, 2 report ids uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0 uhid1 at uhidev1 reportid 2: input=3, output=0, feature=0 softraid0 at root wd0(pciide0:0:0): timeout type: ata c_bcount: 512 c_skip: 0 pciide0:0:0: bus-master DMA error: missing interrupt, status=0x21 wd0c: device timeout reading fsbn 0 (wd0 bn 0; cn 0 tn 0 sn 0), retrying wd0(pciide0:0:0): timeout type: ata c_bcount: 512 c_skip: 0 pciide0:0:0: bus-master DMA error: missing interrupt, status=0x21 wd0: transfer error, downgrading to PIO mode 4 wd0(pciide0:0:0): using PIO mode 4 wd0c: device timeout reading fsbn 0 (wd0 bn 0; cn 0 tn 0 sn 0), retrying wd0: soft error (corrected) root on wd0a swap on wd0b dump on wd0b -- sonjaya http://sicute.blogspot.com
3g Modem
Dear all I'm looking modem 3G ( hsdpa,usb ) compatible for openbsd 4.3 ? thank's -- sonjaya http://sicute.blogspot.com
Re: replacement pix firewall with pf
i want make NAT from ip public to server inside ( with non Ip public )/dmz without make ip alias. replacement PIX Fw cisco with PF in openbsd the main point . On Mon, May 12, 2008 at 12:35 PM, Almir Karic [EMAIL PROTECTED] wrote: On Mon, May 12, 2008 at 6:40 AM, sonjaya [EMAIL PROTECTED] wrote: so i have some question : - In PIX FW cisco i just make translate ipublic to ip dmz , so how do it in pf without ip alias in wan interface? AFAIK you can't. why would you want to do that? -- For far too long, power has been concentrated in the hands of root and his wheel oligarchy. We have instituted a dictatorship of the users. All system administration functions will be handled by the People's Committee for Democratically Organizing the System (PC-DOS). -- sonjaya http://sicute.blogspot.com
Re: replacement pix firewall with pf
i try using binat : ### interface ## ## wan interface ( ip public-01 )## ext_if=fxp0 LAN Interface ( 192.168.0.0/24) prv_if=fxp1 DMZ Interface ( 192.168.2.0/24) dmz_if=xl0 ip public LAN ## ext_ad01=ipublic-01 ext_ad02=ipublic-02 prv_ad=192.168.1.0/24 dmz_ad=192.168.2.0/24 # DMZ server ip dmz_www_ad =192.168.0.2/32 dmz_mail_ad =192.168.0.3/32 # # NAT section nat log on $ext_if from $prv_ad to any - $ext_if nat log on $ext_if from $dmz_ad to any - $ext_if binat on $ext_if from $dmz_www_ad to any - $ext_ad01 binat on $ext_if from $dmz_mail_ad to any - $ext_ad02 ---cut-- I made some test : 1. NAT from ipublic01 to 192.168.0.2/32 succsess . 2. NAT from ipublic02 to 192.168.0.3/32 not succses event no respond ? so i made change make ip alias( ipublic02) in interface fxp0 and made tes againt : 1. NAT from ipublic01 to 192.168.0.2/32 succsess . 2. NAT from ipublic02 to 192.168.0.3/32 succsess. so i have some question : - In PIX FW cisco i just make translate ipublic to ip dmz , so how do it in pf without ip alias in wan interface? thank's ... On Fri, May 9, 2008 at 5:27 PM, Mikel Lindsaar [EMAIL PROTECTED] wrote: On Fri, May 9, 2008 at 6:46 PM, sonjaya [EMAIL PROTECTED] wrote: i have old pix firewall ( End Of Lifetime ) and now i want replacement with openbsd . bellow my network layout : |---lan[192.168.1.0/24] internetpix-fw |-DMZ[192.168.0.0/24] Bassicly nat from interface ip public to server (dmz zone) what should i use nat,binat or rdr . i have 5 ip public for 5 server with 1 obsd server. any exsample and good start point . The FAQ? http://www.openbsd.org/faq/pf/index.html Mikel -- sonjaya http://sicute.blogspot.com
replacement pix firewall with pf
Dear all i have old pix firewall ( End Of Lifetime ) and now i want replacement with openbsd . bellow my network layout : |---lan[192.168.1.0/24] internetpix-fw |-DMZ[192.168.0.0/24] Bassicly nat from interface ip public to server (dmz zone) what should i use nat,binat or rdr . i have 5 ip public for 5 server with 1 obsd server. any exsample and good start point . thq
Re: Just for info and for dreaming :-) Vaio UX and OpenBSD
How about Thomas donate for Obsd so the dream will be come true :) On Tue, May 6, 2008 at 3:15 PM, Tomas Bodzar [EMAIL PROTECTED] wrote: Hi, Someone tried OpenBSD on this beast? http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay?catalogId= 10551storeId=10151langId=-1categoryId=577parentCategoryId=16154 I think,that it will be real killer-terminal-pocketPC with Puffy :-) PS: Some pages from Google search looks like nobody tried it.Maybe it's problem of price as for me :-) -- sonjaya http://sicute.blogspot.com
cacti on obsd 4.2
Dear all I try install cacti 0.8.7b in my obsd 4.2 , i using rrdtool 1.0.49 and get error in cacti like this bellow: RRDTool Version ERROR: Installed RRDTool version does not match configured version. Please visit the Configuration Settings and select the correct RRDTool Utility Version. then i try update with cvsup to rrdtool 2.0 with port , bellow my cvsup-config : # cat /root/cvsup-port # Defaults that apply to all the collections *default release=cvs *default delete use-rel-suffix *default umask=002 *default host=anoncvs1.usa.openbsd.org *default base=/usr *default prefix=/usr *default tag=OPENBSD_4_2 # If your network link is a T1 or faster, comment out the following line. # *default compress OpenBSD-ports #OpenBSD-all #OpenBSD-src #OpenBSD-www #OpenBSD-x11 #OpenBSD-xenocara # after finish update the port i chek is still using rrdtool 1.0.49 then i chek in openports.se already using rrdtool 2.0 . my question how to update rrdtool to 2.0 ? thank's -- sonjaya http://sicute.blogspot.com
OOT: Read hardisk Mac OS on Openbsd
Dear all How to make Openbsd 4.2 can read hardisk contain Mac OS-X, i need to read data in Harddisk which installed Mac OS-X Thank's for the sharing .. -- sonjaya http://sicute.blogspot.com
openbsd ( ipsec ) with clinet nokia IP40
Dear all Anyone here sucsess implemention ipsec in obsd 4.2 with nokia ip40 ( appliacne vpn client). Now i have obsd 4.2 and ipsec and try with obsd 4.2 as client working fine , but with nokia ip40 isn't beloow simple ipsec.conf in my obsd 4.2 a_lan=192.168.1.0/24 b_lan=192.168.2.0/24 vpn_gw=202.93.222.32 ike esp from $b_lan to $a_lan peer $vpn_gw psk mypassword ike esp from egress to $a_lan peer $vpn_gw psk mypassword ike esp from egress to $vpn_gw -- sonjaya http://sicute.blogspot.com
Re: openbsd ( ipsec ) with clinet nokia IP40
= LIFE_QUICK_MODE [QM-ESP-AES-128-SHA-PFS-XF] TRANSFORM_ID= AES ENCAPSULATION_MODE= TUNNEL AUTHENTICATION_ALGORITHM= HMAC_SHA GROUP_DESCRIPTION= MODP_1024 KEY_LENGTH= 128 Life= LIFE_QUICK_MODE [QM-ESP-AES-128-SHA-TRP-XF] TRANSFORM_ID= AES ENCAPSULATION_MODE= TRANSPORT AUTHENTICATION_ALGORITHM= HMAC_SHA KEY_LENGTH= 128 Life= LIFE_QUICK_MODE # AES-192 [QM-ESP-AES-192-SHA-XF] TRANSFORM_ID= AES ENCAPSULATION_MODE= TUNNEL AUTHENTICATION_ALGORITHM= HMAC_SHA KEY_LENGTH= 192 Life= LIFE_QUICK_MODE [QM-ESP-AES-192-SHA-PFS-XF] TRANSFORM_ID= AES ENCAPSULATION_MODE= TUNNEL AUTHENTICATION_ALGORITHM= HMAC_SHA GROUP_DESCRIPTION= MODP_1024 KEY_LENGTH= 192 Life= LIFE_QUICK_MODE [QM-ESP-AES-192-SHA-TRP-XF] TRANSFORM_ID= AES ENCAPSULATION_MODE= TRANSPORT AUTHENTICATION_ALGORITHM= HMAC_SHA KEY_LENGTH= 192 Life= LIFE_QUICK_MODE # AES-256 [QM-ESP-AES-256-SHA-XF] TRANSFORM_ID= AES ENCAPSULATION_MODE= TUNNEL AUTHENTICATION_ALGORITHM= HMAC_SHA KEY_LENGTH= 256 Life= LIFE_QUICK_MODE [QM-ESP-AES-256-SHA-PFS-XF] TRANSFORM_ID= AES ENCAPSULATION_MODE= TUNNEL AUTHENTICATION_ALGORITHM= HMAC_SHA GROUP_DESCRIPTION= MODP_1024 KEY_LENGTH= 256 Life= LIFE_QUICK_MODE [QM-ESP-AES-256-SHA-TRP-XF] TRANSFORM_ID= AES ENCAPSULATION_MODE= TRANSPORT AUTHENTICATION_ALGORITHM= HMAC_SHA KEY_LENGTH= 256 Life= LIFE_QUICK_MODE # AH [QM-AH-MD5-XF] TRANSFORM_ID= MD5 ENCAPSULATION_MODE= TUNNEL AUTHENTICATION_ALGORITHM= HMAC_MD5 Life= LIFE_QUICK_MODE [QM-AH-MD5-PFS-XF] TRANSFORM_ID= MD5 ENCAPSULATION_MODE= TUNNEL GROUP_DESCRIPTION= MODP_1024 Life= LIFE_QUICK_MODE [Sample-Life-Time] LIFE_TYPE= SECONDS LIFE_DURATION= 3600,1800:7200 [Sample-Life-Volume] LIFE_TYPE= KILOBYTES LIFE_DURATION= 1000,768:1536ISAKMP-peer-west] On Wed, Apr 2, 2008 at 1:31 PM, sonjaya [EMAIL PROTECTED] wrote: Dear all Anyone here sucsess implemention ipsec in obsd 4.2 with nokia ip40 ( appliacne vpn client). Now i have obsd 4.2 and ipsec and try with obsd 4.2 as client working fine , but with nokia ip40 isn't beloow simple ipsec.conf in my obsd 4.2 a_lan=192.168.1.0/24 b_lan=192.168.2.0/24 vpn_gw=202.93.222.32 ike esp from $b_lan to $a_lan peer $vpn_gw psk mypassword ike esp from egress to $a_lan peer $vpn_gw psk mypassword ike esp from egress to $vpn_gw -- sonjaya http://sicute.blogspot.com -- sonjaya http://sicute.blogspot.com
DNSRBl
Dear all haloo everyone, how to make my openbsd machine working like opendns or rbldns ... -- sonjaya http://sicute.blogspot.com
minimac on openbsd
Dear all anyone have implementation openbsd 4.2 in minimac ( intel proc ), i have plant to install as internet server ( web, mail, simple firewall n database), because problem in electricity in my place to need install server with low power. Also default minimac is only 1 ethernet how to add another ethernet can support in minimac and openbsd. -- sonjaya http://sicute.blogspot.com
Re: minimac on openbsd
any other device sugesstion? On Sun, Mar 23, 2008 at 8:34 PM, Jussi Peltola [EMAIL PROTECTED] wrote: On Sun, Mar 23, 2008 at 08:15:34PM +0700, sonjaya wrote: Also default minimac is only 1 ethernet how to add another ethernet can support in minimac and openbsd. USB? Slow, but works pretty well if there's a driver (see the lists on the man pages). -- sonjaya http://sicute.blogspot.com
ifstated
Dear all i have been implentated equal-cost multipath routing , i see the manual more efficient combine with ifstated. i read manual , ifstated sample is using crap . my question is do i must implentation carp too if want using ifstated to chek link ? also anybody have a sample ifstated for equal-cost multipath routing ? thq a lot
pararels server
Dear all anyone here suscess implemention openvz or any can pararels kernel ... in Openbsd Because i see almost pararels server only working in linux family not BSD. -- sonjaya http://sicute.blogspot.com
Re: ucasterisk in openbsd
i mean porting to packages of openbsd . :) On Dec 18, 2007 5:22 PM, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/12/18 09:19, sonjaya wrote: Any possible to join ucasterisk in openbsd system . What do you mean by join? I haven't heard of it before but google tells me that uCasterisk (you-see-Asterisk) is a set of scripts, makefiles and patches to build Asterisk for uClinux. -- sonjaya http://sicute.blogspot.com
smokeping in obsd 4.2
Dear all i have ready installed packages smokeping from packages bellow my steep : # pkg_add smokeping-2.1.1p1.tgz smokeping-2.1.1p1: complete --- smokeping-2.1.1p1 --- To have smokeping start at boot time, you have to adapt /etc/smokeping/config and insert the following into /etc/rc.local. if [ -x /usr/local/bin/smokeping ]; then install -d -o _smokeping /var/run/smokeping echo -n ' smokeping'; /usr/local/bin/smokeping fi # then i edit the smokeping config # cat /etc/smokeping/config | more # Note that all IP addresses in this file are false, to prevent some # machine falling under a deadly DOS storm because all users keep # the same addresses in their config. *** General *** owner= me and may domain contact = [EMAIL PROTECTED] mailhost = 192.168.1.2 sendmail = /usr/sbin/sendmail imgcache = /var/www/htdocs/noc/smokeping/img/ imgurl = /smokeping/img/ pagedir = /var/www/htdocs/noc/smokeping/ datadir = /var/db/smokeping piddir = /var/run/smokeping cgiurl = http://192.168.1.1/smokeping/smokeping.cgi smokemail = /etc/smokeping/smokemail tmail = /etc/smokeping/tmail # specify this to get syslog logging syslogfacility = local0 # each probe is now run in its own process # disable this to revert to the old behaviour # concurrentprobes = no *** Alerts *** to = [EMAIL PROTECTED] from = [EMAIL PROTECTED] +bigloss type = loss # in percent pattern = ==0%,==0%,==0%,==0%,0%,0%,0% comment = suddenly there is packet loss - Then running the smokeping and get email confirmation about smokeping . But where i must access and see the image. i sett some folder create by smokeping /var/db/smokeping -- result of rrdtools in config smoke ping /var/www/smokeping/cgi-bin/smokeping.cgi i see in smokeping.cgi : use lib qw(/usr/pack/rrdtool-1.0.33-to/lib/perl); and use lib qw(/home/oetiker/public_html/smokeping/lib); and Smokeping::cgi(/home/oetiker/.smokeping/config); where i can find all taht file , when i try access direct page not found ( http://localhost/cgi-bin/smokeping.cgi or http://localhost/smokeping/cgi-bin/smokeping.cgi thq -- sonjaya http://sicute.blogspot.com
Re: ucasterisk in openbsd
i interest obsd for embeded device plus voip(ucasterisk) machine, i see ucastersick have been support fro small device . :) On Dec 18, 2007 7:07 PM, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/12/18 17:59, sonjaya wrote: i mean porting to packages of openbsd . :) Why would we want a package for a uClinux port of asterisk 1.2? -- sonjaya http://sicute.blogspot.com
ucasterisk in openbsd
Dear all Any possible to join ucasterisk in openbsd system . -- sonjaya http://sicute.blogspot.com
route to vpn network by vpn link
Dear all I have 3 subnetwork in my lan ( 192.168.1.0/24 ( net_a), 192.168.2.0/24(net_b), 172.16.0.0/16(net_c)). I made vpn tunelin from net_a to net_b also to net_c. net_b--(vpn-client_b_to_a)--internet ---((vpn_gw_a)net_a)---lan--(vpn_client_a_to_c)---internet--((net_c)vpn_gw_c) Bellow network skema: - vpn_client_b_to_a : ip: 192.168.2.1 ipsec.conf : a_lan=192.168.1.0./24 b_lan=192.168.2.0./24 vpn_gw=my ip pubcli vpn_gw ike esp from $b_lan to $a_lan peer $vpn_gw pask mypassword ike esp from egress to $a_lan peer $vpn_gw pask mypassword ike esp from egress to $vpn_gw static routing : route add 192.168.1.0/24 192.168.2.1 --- - vpn_gw_a : ip: 192.168.1.5 ipsec.conf : a_lan=192.168.1.0./24 b_lan=192.168.2.0./24 vpn_gw=my ip pubcli vpn_gw ike esp from $a_lan to any srcid $vpn_gw pask mypassword static routing : route add 172.16.0.0/16 192.168.1.3 --- - vpn_client_a_to_c : ip: 192.168.1.3 Nokia-ip60 (setup vendor ) static routing : route add 192.168.2.0/24 192.168.1.5 --- == I can akses comp in net_a from net_b ( ping running application etc) I can remote comp in net_b from net_a ( ping , remote , print ( jetdirect ), etc ) I can remote desktop citrix in net_a to net_c === Then i want net_b can acces remote citrix in net_c , so i made static routing : --- 192.168.1.3 ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 3.759/3.906/4.054/0.160 ms #route add 172.16.0.0/16 192.168.1.3 #error network can be reached so how i cant made net_c access able from net_b ? for detail my network please see in http://sonjaya.web.id/boboko/vpnsitensite.pdf -- sonjaya http://sicute.blogspot.com
obsd for storage hosting
dear all i try setup my obsd 4.1 to storage hosting i need advice : - how to limit user to use server enveroment - how to quota , they any quota system web base . - any thing else ? thq sonjaya http://sicute.blogspot.com
looking some package
Dear all i looking this package : - clamav-0.9.1.1.tgz - smtp-gated-1.4.15.1.tgz - dansguardians-2.9.8.5.clamd.tgz -imspector-0.3.tgz -pmacct-0.11.4.tgz This package need for comixwall , i try using comix in i386 because the source is amd64 -- sonjaya http://sicute.blogspot.com
help ipsec
Dear all i try follow the tutorial http://www.openbsd.org/papers/asiabsdcon07-ipsec/mgp00065.html but still no working . i need sample ipsec.conf for vpn gw client with client dynamic ip such as adsl connection site to site 192.168.0.0/24-vpn(gw)---internet---obsd(dynamic-ip)192.168.3.0/24 sonjaya http://sicute.blogspot.com
ipsec.conf error
hi all i try follow this tutorial : http://openbsd.org/papers/asiabsdcon07-ipsec/mgp00065.html what i want ask : 1. what mean egress ? 2. why user [EMAIL PROTECTED] ( this user or name host) ? 3. when i try parse in laptop get error ( config error), where is wrong ? 4. here my net plan (b_lan)---vpn-client--adsl---internet--vpn-gw---(a_lan) --snip -- my laptop # cat /etc/ipsec.conf vpn_gw=ip-public-vpn-gw a_lan=192.168.0.0/24 b_lan=192.168.2.0/24 ike esp from egress to $a_lan peer $vpn_gw \ srcid [EMAIL PROTECTED] dstid $vpn_gw my vpn -gw # cat /etc/ipsec.conf gw_vpn=my-ip-public-vpn-gw a_lan=192.168.0.0/24 b_lan=192.168.2.0/24 ike dynamic esp from $a_lan to any srcid $gw_vpn here log mesage Jul 31 14:53:49 secure isakmpd[28167]: udp_create: no address configured for peer-default Jul 31 14:53:49 secure isakmpd[28167]: exchange_establish: transport udp for peer peer-default could not be created -- sonjaya http://sicute.blogspot.com
Re: ipsec.conf error
ok i change , how about laptop script still error when parse.. On 7/31/07, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/07/31 14:55, sonjaya wrote: hi all i try follow this tutorial : http://openbsd.org/papers/asiabsdcon07-ipsec/mgp00065.html what i want ask : 1. what mean egress ? 2. why user [EMAIL PROTECTED] ( this user or name host) ? 3. when i try parse in laptop get error ( config error), where is wrong ? 4. here my net plan (b_lan)---vpn-client--adsl---internet--vpn-gw---(a_lan) --snip -- my laptop # cat /etc/ipsec.conf vpn_gw=ip-public-vpn-gw a_lan=192.168.0.0/24 b_lan=192.168.2.0/24 ike esp from egress to $a_lan peer $vpn_gw \ srcid [EMAIL PROTECTED] dstid $vpn_gw my vpn -gw # cat /etc/ipsec.conf gw_vpn=my-ip-public-vpn-gw a_lan=192.168.0.0/24 b_lan=192.168.2.0/24 ike dynamic esp from $a_lan to any srcid $gw_vpn here log mesage Jul 31 14:53:49 secure isakmpd[28167]: udp_create: no address configured for peer-default Jul 31 14:53:49 secure isakmpd[28167]: exchange_establish: transport udp for peer peer-default could not be created Wrong way round. The laptop should be dynamic, the gateway should not. -- sonjaya http://sicute.blogspot.com
Re: VPN site to site with ipsec
yhx have been working now , my notebook antivirus blocking ping request .
but how i can make the server vpn in host(a) can accepy any connection
from dynamic ip , and mobile user .
thx
On 7/23/07, John Jackson [EMAIL PROTECTED] wrote:
Have you tried tcpdumping on the enc0 interface on both gateways to see
what happens on when pinging? tcpdump -n -s 1600 -i enc0
Is there a firewall enabled on the non-responsive end hosts? I've seen
recent versions of Windows block or drop icmp echo requests, maybe some
recent service pack release? I know our Windows admins swear they
didn't do it themselves.
On Mon, Jul 23, 2007 at 04:40:40PM +0700, sonjaya wrote:
thx daniel , i have follow the link and still get ping reply from
pc(a) to pc(b) , below my ipsec.conf and pf.conf
in host(a)
# cat /etc/ipsec.conf
ike esp from 192.168.0.0/24 to 192.168.2.0/24 peer host(b)
ike esp from host(a) to 192.168.2.0/24 peer host(b)
ike esp from host(a) to host(b)
#
# cat /etc/pf.conf
ext_if=xl0
int_if=xl1
set skip on { lo0 $int_if enc0 }
nat on $ext_if from !($ext_if) - ($ext_if:0)
block in
pass out keep state
pass quick on $ext_if from host(b)
in host(b)
# cat /etc/ipsec.conf
ike esp from 192.168.2.0/24 to 192.168.0.0/24 peer host(a)
ike esp from host(b) to 192.168.0.0/24 peer host(a)
ike esp from host(b) to host(a)
#
# cat /etc/pf.conf
ext_if=xl0
int_if=xl1
set skip on { lo0 $int_if enc0 }
nat on $ext_if from !($ext_if) - ($ext_if:0)
block in
pass out keep state
pass quick on $ext_if from host(a)
i try traceroute at both host
#pc(b) to pc(a)
c:\Document and Settings\User.notebook\tracert 192.168.0.4
Tracing route to 192.168.0.4 over a maximun of 30 hops
1. 1ms1ms 1ms 192.168.2.1
2. 2 ms 1 ms 1 ms host(b) [219.83.xx.xx]
3. 2 ms 1 ms 2 ms 192.168.0.4
#pc(a) to pc(b)
[EMAIL PROTECTED] root]# traceroute 192.168.2.12
traceroute to 192.168.2.12 (192.168.2.12), 30 hops max, 38 byte packets
1 192.168.0.151 (192.168.0.151) 0.226 ms 0.181 ms 0.136 ms
2 host(b) (219.83.xx.xx) 1.742 ms 1.736 ms 1.591 ms
3 * *
so where is wrong , my pf / my ipsect ...?
all fresh installed from obsd 4.1 .
On 7/23/07, Daniel Ouellet [EMAIL PROTECTED] wrote:
sonjaya wrote:
http://www.openbsdsupport.org/vpn-ipsec.html
May be you could also have a look at this nice presentation that show
many changes done on OpenBSD.
You can start here to see some OpenBSD suggestions, but you can look it
all as well as it's nice. (;
http://openbsd.org/papers/asiabsdcon07-ipsec/mgp00057.html
--
sonjaya
http://sicute.blogspot.com
!DSPAM:1,46a479a0220011806319350!
--
sonjaya
http://sicute.blogspot.com
VPN site to site with ipsec
Dear all i have network lite this pc(b)host(b)---internet-host(a)-pc(a) i follow tutorial from this link : http://www.openbsdsupport.org/vpn-ipsec.html then i try test : 1. Ping from host(b) to host(a) or host(a) to host(b) working ( reply ) . 2. Ping from pc(b) to host (a) reply , mean working . 3. Ping from pc(b) to pc(a) reply , mean working . 4. Ping from pc(a) to host(b) reply , mean working . 5. Ping from pc(a) to pc(b) not reply here my ipsec.conf in host(a) # cat /etc/ipsec.conf ike esp from 192.168.0.0/24 to 192.168.2.0/24 peer host(b) ike esp from host(a) to 192.168.2.0/24 peer host(b) ike esp from host(a) to host(b) # in host(b) # cat /etc/ipsec.conf ike esp from 192.168.2.0/24 to 192.168.0.0/24 peer host(a) ike esp from host(b) to 192.168.0.0/24 peer host(a) ike esp from host(b) to host(a) # my question : - how i can ping and get reply both from pc(a) and pc(b) ? - i install as fresh install from openbsd 4.1 sonjaya http://sicute.blogspot.com
Re: VPN site to site with ipsec
thx daniel , i have follow the link and still get ping reply from
pc(a) to pc(b) , below my ipsec.conf and pf.conf
in host(a)
# cat /etc/ipsec.conf
ike esp from 192.168.0.0/24 to 192.168.2.0/24 peer host(b)
ike esp from host(a) to 192.168.2.0/24 peer host(b)
ike esp from host(a) to host(b)
#
# cat /etc/pf.conf
ext_if=xl0
int_if=xl1
set skip on { lo0 $int_if enc0 }
nat on $ext_if from !($ext_if) - ($ext_if:0)
block in
pass out keep state
pass quick on $ext_if from host(b)
in host(b)
# cat /etc/ipsec.conf
ike esp from 192.168.2.0/24 to 192.168.0.0/24 peer host(a)
ike esp from host(b) to 192.168.0.0/24 peer host(a)
ike esp from host(b) to host(a)
#
# cat /etc/pf.conf
ext_if=xl0
int_if=xl1
set skip on { lo0 $int_if enc0 }
nat on $ext_if from !($ext_if) - ($ext_if:0)
block in
pass out keep state
pass quick on $ext_if from host(a)
i try traceroute at both host
#pc(b) to pc(a)
c:\Document and Settings\User.notebook\tracert 192.168.0.4
Tracing route to 192.168.0.4 over a maximun of 30 hops
1. 1ms1ms 1ms 192.168.2.1
2. 2 ms 1 ms 1 ms host(b) [219.83.xx.xx]
3. 2 ms 1 ms 2 ms 192.168.0.4
#pc(a) to pc(b)
[EMAIL PROTECTED] root]# traceroute 192.168.2.12
traceroute to 192.168.2.12 (192.168.2.12), 30 hops max, 38 byte packets
1 192.168.0.151 (192.168.0.151) 0.226 ms 0.181 ms 0.136 ms
2 host(b) (219.83.xx.xx) 1.742 ms 1.736 ms 1.591 ms
3 * *
so where is wrong , my pf / my ipsect ...?
all fresh installed from obsd 4.1 .
On 7/23/07, Daniel Ouellet [EMAIL PROTECTED] wrote:
sonjaya wrote:
http://www.openbsdsupport.org/vpn-ipsec.html
May be you could also have a look at this nice presentation that show
many changes done on OpenBSD.
You can start here to see some OpenBSD suggestions, but you can look it
all as well as it's nice. (;
http://openbsd.org/papers/asiabsdcon07-ipsec/mgp00057.html
--
sonjaya
http://sicute.blogspot.com
dev tap
how to create device tap ( for openvpn bridge mode ) in OBSD 4.1 -- sonjaya http://sicute.blogspot.com
Re: dev tap
i try bridge mode but i think not support in obsd 4.1 , below log Thu Jul 12 14:56:45 2007 notebook/202.93.xx.xxx:62358 write to TUN/TAP : Address family not supported by protocol family (code=47) Thu Jul 12 14:56:46 2007 notebook/202.93.xx.xxx:62358 write to TUN/TAP : Address family not supported by protocol family (code=47) #ifconfig enc0: flags=0 mtu 1536 tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1500 groups: tun inet6 fe80::250:daff:fe80:63e1%tun0 - prefixlen 64 scopeid 0x6 #cat /etc/openvpn/bridgemode.conf dev tun0 dev-type tap server-bridge 192.168.2.1 255.255.255.0 192.168.2.2 192.168.2.3 On 7/12/07, Claudio Jeker [EMAIL PROTECTED] wrote: On Thu, Jul 12, 2007 at 01:50:51PM +0700, sonjaya wrote: how to create device tap ( for openvpn bridge mode ) in OBSD 4.1 Man tun(4) and look for link0 or layer 2 mode. For openvpn the magic is: dev tun0 dev-type tap -- :wq Claudio -- sonjaya http://sicute.blogspot.com
openvpn on openbsd 4.1
Dear all
i have installed openvpn from ports dan i try follow manual like this :
# pwd
/etc/openvpn/easy-rsa/2.0
# ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on
/etc/openvpn/easy-rsa/2.0/keys
# ./clean-all
# ./build-ca
Please edit the vars script to reflect your configuration,
then source it with source ./vars.
Next, to start with a fresh PKI configuration and to delete any
previous certificates and keys, run ./clean-all.
Finally, you can run this tool (pkitool) to build certificates/keys.
#
where is wrong ?
beloow my config
# cat vars
export EASY_RSA=`pwd`
export KEY_CONFIG=$EASY_RSA/openssl.cnf
export KEY_DIR=$EASY_RSA/keys
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
export KEY_SIZE=1024
export CA_EXPIRE=3650
export KEY_EXPIRE=3650
export KEY_COUNTRY=CA
export KEY_PROVINCE=USA
export KEY_CITY=california
export KEY_ORG=IT
export KEY_EMAIL=[EMAIL PROTECTED]
#
# cat clean-all
#!/bin/sh
export KEY_DIR=$EASY_RSA/keys
if [ $KEY_DIR ]; then
rm -rf $KEY_DIR
mkdir $KEY_DIR \
chmod go-rwx $KEY_DIR \
touch $KEY_DIR/index.txt \
echo 01 $KEY_DIR/serial
else
echo 'Please source the vars script first (i.e. source ./vars)'
echo 'Make sure you have edited it to reflect your configuration.'
fi
#
# cat build-ca
#!/bin/sh
#
# Build a root certificate
#
export EASY_RSA=${EASY_RSA:-.}
$EASY_RSA/pkitool --interact --initca $*
#
--
sonjaya
http://sicute.blogspot.com
Re: openvpn on openbsd 4.1
the all script is working when i try input manual env , all in vars . On 7/2/07, Mike Erdely [EMAIL PROTECTED] wrote: On Mon, Jul 02, 2007 at 07:19:23PM +0700, sonjaya wrote: i have installed openvpn from ports dan i try follow manual like this : # pwd /etc/openvpn/easy-rsa/2.0 # ./vars NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys # ./clean-all # ./build-ca Please edit the vars script to reflect your configuration, then source it with source ./vars. Next, to start with a fresh PKI configuration and to delete any previous certificates and keys, run ./clean-all. Finally, you can run this tool (pkitool) to build certificates/keys. # where is wrong ? Try running . ./vars so that the vars get read into your environment. -ME -- sonjaya http://sicute.blogspot.com
Re: openvpn on openbsd 4.1
yes i have ready run it , but i see in my env not show , so i put all manual in vars. On 7/2/07, Cezary Morga [EMAIL PROTECTED] wrote: Dear all i have installed openvpn from ports dan i try follow manual like this : # pwd /etc/openvpn/easy-rsa/2.0 # ./vars type source ./vars or . ./vars (note the dot and the space) Regards, -- Cezary Morga czarek(at)morga.net.pl cezarym(at)data.pl GG# 169903 ICQ# 328-700-565 Jabber therek(at)jabber.autocom.pl; therek(at)jabber.therek.net [=- http://www.therek.net/ -=][=- http://freebsd.therek.net/ -=] -- sonjaya http://sicute.blogspot.com
obsd 4.1 plsu squid
Dear all I will developt new server for my proxy server , i will try using squid with transparent with snmp . But i want know does squid-transparent-snmp support for delay_pools anda mac address acl ? Thx a lot sonjaya http://sicute.blogspot.com
Re: obsd 4.1 plsu squid
here error : # squid -k reconfigure 2007/05/31 01:39:34| parseConfigFile: line 3895 unrecognized: 'delay_pools 2' 2007/05/31 01:39:34| parseConfigFile: line 3896 unrecognized: 'delay_class 1 2' 2007/05/31 01:39:34| parseConfigFile: line 3897 unrecognized: 'delay_access 1 allow limited ' 2007/05/31 01:39:34| parseConfigFile: line 3898 unrecognized: 'delay_access 2 allow fileblok' 2007/05/31 01:39:34| parseConfigFile: line 3899 unrecognized: 'delay_parameter 2 4000/4000 -1/-1 2000/4000' # that mean do not support delay_pools ? On 5/30/07, sonjaya [EMAIL PROTECTED] wrote: Dear all I will developt new server for my proxy server , i will try using squid with transparent with snmp . But i want know does squid-transparent-snmp support for delay_pools anda mac address acl ? Thx a lot sonjaya http://sicute.blogspot.com -- sonjaya http://sicute.blogspot.com
Re: vpn in OBSD 4.1
so i must using ipsec for security reason , how about the client ( such us Microsoft ) can they use ipsec too. On 5/11/07, Lars D. Noodin [EMAIL PROTECTED] wrote: On Fri, 11 May 2007, Adam Hawes wrote: You're well advised to go do some reading on your own. If you had you would have discovered that OpenVPN ahs a tutorial page for configuring the server, as does the readily available PPTP server. It's not a funny joke to be recommending PPTP to anybody. Some may miss the sarcasm and actually try to deploy it. Any further amount of reading (if done) would reveal that PPTP can't really be called secure and should be avoided. Its successor, L2TP, can be improved somewhat, at least the connections, by tunnelling over SSL. But then why not cut out the middleman and use SSL to begin with? Fewer parts that way. IPsec and SSL are your two options: http://www.vpnc.org/vpn-standards.html I'm wondering that since IPsec is part fo IPv6, the equivalent to an IPsec-on-IPv4 VPN could be made using IPv6 instead. Maybe that would be smarter in the long run. -Lars Lars Noodin ([EMAIL PROTECTED]) Ensure access to your data now and in the future http://opendocumentfellowship.org/about_us/contribute -- sonjaya http://sicute.blogspot.com
vpn in OBSD 4.1
Dear all i looking tutorial for install vpn in obsd 4.1 with client microsoft xp or mac also support netbios for file or print sharing so what can i use openvpn , ipsec , vpn ? -- sonjaya http://sicute.blogspot.com
chillispot in OBSD 4.0
Dear all i try install chillispot in OBSD 4.0 , it try follow step in http://www.geeklan.co.uk/?p=72 i try patch -p1 nothing show , so i try compile manualy # ./configure --prefix=/usr/local/chillispot # make make all-recursive Making all in src if gcc -DHAVE_CONFIG_H -I. -I. -I.. -D_GNU_SOURCE -fno-builtin -DSBINDIR='/usr/local/chilli/sbin' -g -O2 -MT chilli.o -MD -MP -MF .deps/chilli.Tpo -c -o chilli.o chilli.c; then mv -f .deps/chilli.Tpo .deps/chilli.Po; else rm -f .deps/chilli.Tpo; exit 1; fi chilli.c: In function `process_options': chilli.c:734: warning: passing arg 2 of `inet_aton' from incompatible pointer type chilli.c:802: warning: passing arg 2 of `inet_aton' from incompatible pointer type chilli.c:820: warning: passing arg 2 of `inet_aton' from incompatible pointer type if gcc -DHAVE_CONFIG_H -I. -I. -I.. -D_GNU_SOURCE -fno-builtin -DSBINDIR='/usr/local/chilli/sbin' -g -O2 -MT tun.o -MD -MP -MF .deps/tun.Tpo -c -o tun.o tun.c; then mv -f .deps/tun.Tpo .deps/tun.Po; else rm -f .deps/tun.Tpo; exit 1; fi tun.c:369:29: missing binary operator before token defined tun.c:427:2: #error Unknown platform! tun.c:448:28: missing binary operator before token defined tun.c:500:28: missing binary operator before token defined tun.c:508:2: #error Unknown platform! tun.c:588:28: missing binary operator before token defined tun.c:649:2: #error Unknown platform! tun.c:677:28: missing binary operator before token defined tun.c:690:2: #error Unknown platform! tun.c:725:28: missing binary operator before token defined tun.c:824:2: #error Unknown platform! *** Error code 1 Stop in /root/chillispot-1.1.0/src. *** Error code 1 Stop in /root/chillispot-1.1.0 (line 268 of Makefile). *** Error code 1 Stop in /root/chillispot-1.1.0 (line 173 of Makefile). # i try looking in port not found ? sonjaya http://sicute.blogspot.com
Re: OBS 4.0 at Device
may be remaster obsd 4.0 to for device or something like that On 2/28/07, Joachim Schipper [EMAIL PROTECTED] wrote: On Wed, Feb 28, 2007 at 11:05:32AM +0700, sonjaya wrote: Dear all any change to make OBSD 4.0 running in device , such as wrt54G (linksys ). Definitely possible in theory, and OpenBSD already runs on some appliances - Soekris and WRAP are mentioned often, and a lot of work is being done on the Landisk architecture. Joachim -- sonjaya http://sicute.blogspot.com
OBS 4.0 at Device
Dear all any change to make OBSD 4.0 running in device , such as wrt54G (linksys ). sonjaya http://sicute.blogspot.com
hot spot with OBSD 4.0
Dear all Very newbie question : How to setup OBSD 4.0 become hotspot machine , any link to start over beside google. Thx -sonjaya- http://sicute.blogspot.com
Re: hot spot with OBSD 4.0
ok i will be waiting good news from your.Thx before On 2/22/07, Andreas Maus [EMAIL PROTECTED] wrote: On 2/22/07, sonjaya [EMAIL PROTECTED] wrote: more secure more better , i would happy if you want share to all . Thats the right attitude! ;) O.K. I will dump my /dev/brain into a documentation and put it online today or tomorrow. Andreas. -- Hobbes : Shouldn't we read the instructions? Calvin : Do I look like a sissy? -sonjaya- http://sicute.blogspot.com
Re: squid , apache n PF
sory have been solved , only set need set in squid.conf On 2/16/07, sonjaya [EMAIL PROTECTED] wrote: Dear all I have machine running squid n apache at OBSD also set as transparent proxy with pf . Now i have limit who can use that proxy ( of course limit by ip in squid conf). The problem show when ip non allow acces the proxy access webserver at that machine proxy always get denied. int---proxy (192.168.0.8)-ip allow int---proxy(192.168.0.7)-ip allow2 ipallow2 using gateway = 192.168.0.7 ipallow using gateway = 192.168.0.8 here my squid.conf acl parno url_regex -i /usr/local/squid/etc/parno.txt acl ipallow src /usr/local/squid/etc/ip-allow.txt http_access deny parno http_access allow ipallow http_access deny all then i change squid.conf like this : acl ipallow2 src /usr/local/squid/etc/ip-allow2.txt acl parno url_regex -i /usr/local/squid/etc/parno.txt acl ipallow src /usr/local/squid/etc/ip-allow.txt http_access allow ipallow2 http_access deny parno http_access allow ipallow http_access deny all with second squid.conf that is working , but another problem show , when ipallow2 change ip gateway to 192.168.0.8 they can access internet by proxy in 192.168.0.8. so how to configure ipallow2 can access the webserver in 192.168.0.8 without allow ipallow2 using proxy when change the gateway to 192.168.0.8 -sonjaya- htpp://sicute.blogspot.com -- -sonjaya-
squid , apache n PF
Dear all I have machine running squid n apache at OBSD also set as transparent proxy with pf . Now i have limit who can use that proxy ( of course limit by ip in squid conf). The problem show when ip non allow acces the proxy access webserver at that machine proxy always get denied. int---proxy (192.168.0.8)-ip allow int---proxy(192.168.0.7)-ip allow2 ipallow2 using gateway = 192.168.0.7 ipallow using gateway = 192.168.0.8 here my squid.conf acl parno url_regex -i /usr/local/squid/etc/parno.txt acl ipallow src /usr/local/squid/etc/ip-allow.txt http_access deny parno http_access allow ipallow http_access deny all then i change squid.conf like this : acl ipallow2 src /usr/local/squid/etc/ip-allow2.txt acl parno url_regex -i /usr/local/squid/etc/parno.txt acl ipallow src /usr/local/squid/etc/ip-allow.txt http_access allow ipallow2 http_access deny parno http_access allow ipallow http_access deny all with second squid.conf that is working , but another problem show , when ipallow2 change ip gateway to 192.168.0.8 they can access internet by proxy in 192.168.0.8. so how to configure ipallow2 can access the webserver in 192.168.0.8 without allow ipallow2 using proxy when change the gateway to 192.168.0.8 -sonjaya- htpp://sicute.blogspot.com
set obsd 3.9 as dns server
Dear all i have obsd 3.9 , i want setup as dns name for my ip public and mydomain , i try follow step in openbsdsupport.org , but until now always get error lame server and etc , so where i get good tutorial about setup obsd as name server for my public ip and my domain . -sonjaya- http://sicute.blogspot.com
2 gateway in OBSD 4.0
Dear All Any posible way to using 2 gateway in n out without using routed protcol such as bgp/osf Because i have two connection to Internet basic diagram |-gw01---| internet | obsd 4.0 |---Lan |---gw02--| - 2 Ip public - 1 server obsd 4.0 with 3 Networkcard - 2 box gw I plan obsd 4.0 for : 1. ns server who have 2 ip public from 2 isp question iwant ask , how to set 2 gw without have bgp/osf access ? -sonjaya-
pf+altq
Dear All
here my altq+pf
##---queue+alq---###
altq on $ext_if cbq bandwidth 100Kb queue{q_std}
queue q_std bandwidth 100% cbq \
{q_def,q_pri,q_web,q_msc,q_dat,q_gms}
queue q_def bandwidth 25% priority 1 cbq(borrow default red ecn)
queue q_dat bandwidth 10% priority 0 cbq(red)
queue q_web bandwidth 25% priority 5 cbq(borrow)
queue q_msc bandwidth 15% priority 4 cbq(borrow)
queue q_gms bandwidth 25% priority 6 cbq(borrow)
queue q_pri priority 7
when i try to use it always get error :
demorate# pfctl -f /etc/pf.conf
pfctl: the sum of the child bandwidth higher than parent q_std
demorate#
when i try use this :
#queue q_pri priority 7
is working .
-sonjaya-
http://sicute.blogspot.com
Re: pf+altq
as far i know min bw 5,59 kbps .
now is working , i got from other queue.
i try to use cbq n hfsc witch better in shaping .
On 1/17/07, Lawrence Horvath [EMAIL PROTECTED] wrote:
Try defining q_pri with a bandwidth, you might even be able to set it as:
queue q_pri bandwidth 0% priority 7 cbq(borrow)
This way it wouldnt reserve any bandwidth but it shouldnt cause issues
with the bandwidth math either. If you get that working, please let me
know.
On 1/17/07, sonjaya [EMAIL PROTECTED] wrote:
Dear All
here my altq+pf
##---queue+alq---###
altq on $ext_if cbq bandwidth 100Kb queue{q_std}
queue q_std bandwidth 100% cbq \
{q_def,q_pri,q_web,q_msc,q_dat,q_gms}
queue q_def bandwidth 25% priority 1 cbq(borrow default red ecn)
queue q_dat bandwidth 10% priority 0 cbq(red)
queue q_web bandwidth 25% priority 5 cbq(borrow)
queue q_msc bandwidth 15% priority 4 cbq(borrow)
queue q_gms bandwidth 25% priority 6 cbq(borrow)
queue q_pri priority 7
when i try to use it always get error :
demorate# pfctl -f /etc/pf.conf
pfctl: the sum of the child bandwidth higher than parent q_std
demorate#
when i try use this :
#queue q_pri priority 7
is working .
-sonjaya-
http://sicute.blogspot.com
--
-Lawrence
-Student ID 1028219
-CCNA
--
-sonjaya-
webserver in OBS
Dear all I ussually use public html to allow user have space in out webserver, how to set in openbsd 3.9 because default i chroot. thx for advice
Re: webserver in OBS
Thx is working, but how to set every i adduser have automatic add in /var/www/user/simbloic link . thx On 1/16/07, Gilles Chehade [EMAIL PROTECTED] wrote: sonjaya a icrit : Dear all I ussually use public html to allow user have space in out webserver, how to set in openbsd 3.9 because default i chroot. thx for advice Look at UserDir in httpd.conf I usually create my web accounts as follow: 1- create /var/www/accounts/username and /var/www/accounts/username/public 2- link /var/www/users/username to /var/www/accounts/username/public 3- link ~username/www to /var/www/accounts/username that way each user has a www subdirectory in his home directory. files that are in ~/www are accessible inside the apache chroot but not through web access (nice for databases and configuration files), whereas files in ~/www/public are visible through web access. ++ Gilles Chehade -- -sonjaya-
squid for OBSD 4.0
Dear all I want create proxy server with OBSD 4.0 , what kind squid version support : - mac Address acl - delaypools also how to tuning OBSD 4.0 for proxy server with squid . -sonjaya-
squid for OBSD 4.0
Dear all I want create proxy server with OBSD 4.0 , what kind squid version support : - mac Address acl - delaypools also how to tuning OBSD 4.0 for proxy server with squid . -sonjaya- - -sonjaya-
Re: squid for OBSD 4.0
thx have been respond quick can i use diskd for cache , last time i use diskd for cache is more speed-up squid and if i using pkg-add they don't support acl mac address . On 1/9/07, Scott Radvan [EMAIL PROTECTED] wrote: On Tue, 9 Jan 2007 17:19:48 +0700 sonjaya [EMAIL PROTECTED] wrote: Dear all I want create proxy server with OBSD 4.0 , what kind squid version support : - mac Address acl - delaypools also how to tuning OBSD 4.0 for proxy server with squid . -sonjaya- The following site will help, read it from beginning to end, you will be much wiser: http://www.kernel-panic.it/openbsd/proxy/ -- Scott Radvan -- -sonjaya-
not working php5 + apache in OBSD 4.0
dear all i installl php by port with pkg_add , i follow all steep include put addtype in my httpd.conf than i try little script to know php working or not . ? phpinfo(); ? when i try browse from my web browser nothing show . Then i try using server-status they show have been installed php5 and try make some script ? echo tes; ? same nothing hapen when open from my internet browser so what is the problem ? nb : using Openbsd 4.0 adn install all with pkg_add -- -sonjaya-
how to redirect port to other server
Dear all I try to redirect port from server to comp in lan with pf , beloow my script : # xl0 interface to public IntIf =xl1 Extif=xl0 remotesrv=192.168.0.4/32 rdr on xl0 inet proto tcp from any to any port = https - $remotesrv port 22 when i try remote from public always network error connection timeout - -sonjaya-
update automaticly
i have script for update automaticly here: # cat /root/update_part1.sh #!/bin/csh cd /usr/src setenv CVS_CLIENT_PORT -1 setenv CVSROOT [EMAIL PROTECTED]:/cvs cvs -d $CVSROOT -q up -rOPENBSD_3_9 -Pd date /root/update_part1.log when i try run that script get error such like this : # sh /root/update_part1.sh /root/update_part1.sh[3]: setenv: not found /root/update_part1.sh[4]: setenv: not found cvs update: CVSROOT -q must be an absolute pathname cvs [update aborted]: Bad CVSROOT. please tell me to fix it . -- -sonjaya-
please chek my pf
i have bsd machine run as gateway + proxy ( running for internet acces
n dns forom my lan )
i want create rule , all internet request by proxy working fine , but
i see in pftop some protocol such as p2p aplication pass my gateway ,
how to block it .
p2p=edonkey and bittorent
bellow my script pf
ext_if=xl0
int_if=xl1
int_ip=127.0.0.1
ip_limited=192.168.0.50
tcp_allow={ 22, 80, 8080, 443, 113}
udp_allow={ 53, 113}
icmp_types=echoreq
set block-policy return
set skip on lo
scrub all
nat on $ext_if from !($ext_if) - ($ext_if:0)
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr pass on $int_if proto tcp to port 80 - $int_ip port 8080
rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021
rdr on $ext_if proto tcp from any to any port 110 - 192.168.0.1
block all
pass out keep state
pass in on $ext_if inet proto tcp from any to {$ext_if} \
port $tcp_allow flags S/SA keep state
pass in on $ext_if inet proto udp from any to {$ext_if} \
port $udp_allow keep state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in quick on $int_if
-sonjaya-
Re: Delaypools not working in squid transparant n snmp openbsd 3.9
Thx for all respond and i complie from source using squid-2.5 stable 14 ( but not support acl arp ), i try squid-2.6 not working get error ...
Delaypools not working in squid transparant n snmp openbsd 3.9
dear all i try activate my cache server ( squid 2.5 stable with tranparan proxy n snmp from package ) in my openbsd 3.9 server : here my spefication my server : 1. openbsd 3.9 - squid transparan + snmp from package 2. here my squid.conf # DELAY POLL curve --- acl magic_words1 url_regex -i 192.168. acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav delay_pools 2 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_access 1 allow magic_words1 delay_class 2 2 delay_parameters 2 5000/15 5000/12 delay_access 2 allow magic_words2 # 3. here my error log when i try : # /usr/local/sbin/squid -k parse 2006/08/06 04:09:49| parseConfigFile: line 3576 unrecognized: 'delay_pools 2' 2006/08/06 04:09:49| parseConfigFile: line 3580 unrecognized: 'delay_class 1 2' 2006/08/06 04:09:49| parseConfigFile: line 3582 unrecognized: 'delay_parameters 1 -1/-1 -1/-1' 2006/08/06 04:09:49| parseConfigFile: line 3584 unrecognized: 'delay_access 1 allow magic_words1' 2006/08/06 04:09:49| parseConfigFile: line 3587 unrecognized: 'delay_class 2 2' 2006/08/06 04:09:49| parseConfigFile: line 3595 unrecognized: 'delay_parameters 2 5000/15 5000/12' 2006/08/06 04:09:49| parseConfigFile: line 3596 unrecognized: 'delay_access 2 allow magic_words2' -sonjaya-
