Log in


Recent Entries

You are viewing 10 entries, 10 into the past

July 31st, 2006

bryanpi @ 11:42 am: Fun with PF, Squid, and ImageMagick

While browsing Slashdot last week, I stumbled upon someone being rather silly with their wireless access point. (For those who'd rather not check the link, he leaves the AP open, then either forwards all port 80 traffic to one particular server or mogrifies any image they view.)

It seemed like a fun way to get my feet wet on a few new tools, so I adapted the instructions to OpenBSDCollapse )

To get to an actual serious question in this post, Squid seemed to have some problems early on where it was waiting to talk to PF, but since it couldn't get a response, it bottlenecked. I noticed in one of the instructions for using it on OpenBSD, they suggest changing the ownership and permissions of /dev/pf (to :_squid and g+rw, respectively). I was just curious if there are any alternatives that anyone else uses?

For reference, the changes I made to the squid.conf file are:

redirect_program /usr/local/bin/redirector
http_access deny to_localhost
acl our_networks src [my wireless subnet]
http_access allow our_networks
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on


appendixCollapse )

June 23rd, 2006

smitty1e @ 07:55 pm: No joy with Seagate
I've rolled back to an older 17G Maxtor drive.
Spent about $50 between a new IDE controller and cable trying to make the Seagate work. It just sucked.
Good learning experience, though.

June 17th, 2006

smitty1e @ 07:28 pm: New IDE cable no DMA fix-fix
Request recommendations for motherboard.
I have a working dc interface, and some crappy video card, so a minimal m/b is fine.
I saw a list of 64 bit m/b on freebsd, but that isn't a requirement at the moment.
Cheap is good.

smitty1e @ 05:45 am: DMA blues
I keep getting write errors to wd0, (which is really a 300GB SeaGate drive).
Found the FAQ page on it, and reset the flags using the UKC to 0xff8, which should turn off UltraDMA, DMA, and set the PIC mode to 0 (I think).
Still getting beat down after ~20 minutes of heavy usage (compiling Gnome, so that it's a nice fat job).
I guess I can try it on the slave channel, but my fear is that the drive is new enough and the motherboard is old enough that there just isn't going to be any joy.
Any troubleshooting suggestions?

May 29th, 2006

smitty1e @ 09:19 pm: Newby question on axe driver
I have installed 3.9 on a box that has a Linksys USB interface.
This gadget uses the axe driver.
I guess I need to do the config script for the kernel to enable this device in /dev (as lo0?) before setting up ifconfig and DHCP?
Can someone point me to the relevant references?

March 31st, 2006

sinistertim101 @ 10:41 pm: Solarisx86 as a hobbiest OS?
Does anyone use SolarisX86 on a regular pc that is a non server?

I am a former BSD user and I do not like Linux in its current state. Dont mean to flame the linux fanatics out there but its alot of work compared to my FreeBSD experience to install and maintain a system with ease with a degree in stability in its packages.

I need Java and 3d support so NetBSd and OpenBSD is not an option. FreeBSD is too unstable and no longer works wiht my hardware well like 4.x did.

I need Java5 for school and the only non Microsoft OS I can think of is solaris. I intend to use www.blastwave.com or is it www.blastwave.net? ... to update solaris10 with modern packages. I am aware there is opensolaris but it seems like alot of work from the beta builds of solaris11 with tons of patches so I am skeptical.

I would like to use something more modern than gnome 2.8 as that is what blastwave includes. Any suggestions on how to upgrade?

Also for those who have used solaris on the desktop is it really worth it? What are the differences over Linux?


January 1st, 2006

al1us @ 02:38 pm: Anybody knows software to playback video in console. (I have minimal install of OpenBSD without X)

July 19th, 2005

zeitgeek @ 10:42 am: iskampd gurus?
I'm having a problem with my VPN setup that I just can't seem to figure out.

I have a Debian box at home and an OpenBSD box at work. They are both running isakmpd to set up a VPN connection between the two. The Debian box is just a single computer, while the OpenBSD box acts as a gateway for our office network. The Debian box is behind a NAT so they connect in IPSec NAT Traversal mode.

For the most part, everything works great. TCP and ICMP packets get through fine. UDP packets going from the OpenBSD box (or the network behind it) to the Debian box get through fine. But UDP packets going from the Debian box to the OpenBSD box get dropped.

I've sniffed the link and watched the encrypted traffic generated by sending the UDP packets arriving at the OpenBSD box, so I'm pretty sure they're not getting blocked on the Debian side. I don't have any packet filter rules to drop either incoming or outgoing UDP packets (in fact, I've tried adding rules specifically to allow UDP packets, and it didn't help).
A friend of mine suggested it might be a problem with the MTU settings on the network interface, but TCP packets aren't affected and the size of the packet doesn't seem to matter, so I don't think that's it. It's like the encrypted traffic arrives, doesn't get blocked by the firewall, presumably gets decrypted and then just disappears.

Does anyone have any other ideas on what else might be blocking the UDP packets? Are there any sysctl variables to look at? Are there any isakmpd configuration variables that might affect only UDP packets?

I could post complete isakmpd config files, but I'm not really looking for someone to solve my problem completely, just ideas on what else to look for. Where else could UDP packets be getting lost?

June 29th, 2005

aisa0 @ 02:03 pm: ftp+ssl client?
i'm looking for an ftp client that supports ssl. does anyone have any experience with any of the ftp+ssl clients (not servers) on openbsd?

June 28th, 2005

detritus @ 06:13 pm: I'm running 3.7 and for some reason I'm having a complete spaz while trying to figure out how to get openvpn to run at boot.

OVPN runs fine from the commandline, and is in the $PATH.

I have this in rc.conf
openvpn="--config /etc/openvpn/server.conf"

I have also tried:
snip snipCollapse )

I've tried a few variations on that, and have gotten nowhere. Any help/guidence would be greatly appreciated.

Powered by LiveJournal.com