From lists at rensseltucky.com Mon Jan 4 17:20:28 2010 From: lists at rensseltucky.com (Ed D.) Date: Mon, 04 Jan 2010 11:20:28 -0500 Subject: embarq (Centurylink) DSL Static IP Message-ID: <4B42154C.18076.7CDE3F@lists.rensseltucky.com> Hi, I will soon need to get a 2 static IP Embarq/Centurylink DSL account going. The person has a modem/router called a "660" I think may be a Zyxel. I'm going to use an OpenBSD 4.6 system as my router/firewall. I've googled in an attempt to find others using OpenBSD who've had experience with doing this and found nothing useful. I would like to use the 660 in bridge mode and have the OpenBSD 4.6 system handle the logon and connection, like I have my own system on my network. Has anybody done this with Embark/Centurylink? Thanks, Ed From marmot at pennswoods.net Tue Jan 5 02:51:30 2010 From: marmot at pennswoods.net (Woodchuck) Date: Mon, 4 Jan 2010 20:51:30 -0500 Subject: embarq (Centurylink) DSL Static IP In-Reply-To: <4B42154C.18076.7CDE3F@lists.rensseltucky.com> References: <4B42154C.18076.7CDE3F@lists.rensseltucky.com> Message-ID: <97b0e1031001041751m4e0cfacfp92911f13491539c6@mail.gmail.com> On Mon, Jan 4, 2010 at 11:20 AM, Ed D. wrote: > Hi, > ? ? ? I will soon need to get a 2 static IP Embarq/Centurylink DSL > account going. > The person has a modem/router called a "660" I think may be a > Zyxel. > > I'm going to use an OpenBSD 4.6 system as my router/firewall. > > I've googled in an attempt to find others using OpenBSD who've > had experience with doing this and found nothing useful. > > I would like to use the 660 in bridge mode and have the > OpenBSD 4.6 system handle the logon and connection, > like I have my own system on my network. > > Has anybody done this with Embark/Centurylink? > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?Thanks, ?Ed I use embarq with dhcp if that would help. Putting the embarq supplied modem in bridge mode was not a problem, you use a browser to do this. (How stupid is that?) The embarq modem runs some sort of lame embedded Linux (version 1.x.x kernel) and has crude firewall capability (iptables, some NAT, very limited by a "friendly" clicky-point interface to a braindead wizard... so I went to bridge mode without even bothering with that penguin cruft). Embarq, here in central-south Pennsylvania is just crappy service. My line is down 25-50% of the time, and although I pay for megabit I have seldom seen it dload at over maybe 100Kbit, usually more like 64Kbit, i.e. just above dialup speed. I haven't called their customer service. What can they possibly do? Anyway, if my dhcp stuff is of any interest, let me know. dave > Openbsd-newbies mailing list > Openbsd-newbies at sfobug.org > http://mailman.theapt.org/listinfo/openbsd-newbies > -- This email address is hosted by gmail. Privacy is not an issue with gmail. From WSampson at kmpdesigns.com Mon Jan 11 20:02:39 2010 From: WSampson at kmpdesigns.com (Sampson, Warren) Date: Mon, 11 Jan 2010 14:02:39 -0500 Subject: Update pf with new private IP segment added behind internal router Message-ID: <83C397860A527642B9611EA263562D3755873E@kmpdc1.kmpdesigns.com> Hi, We've added an new internal network segment for training, testing and what-not. I'm having trouble trying to figure out what in my pf.conf is blocking machines in that segment from communicating with my OpenBSD machine (and vice-versa). My internal network is 192.168.1.0/24 and I've added 172.16.0.0/24. The default gateway is 192.168.1.254. I've used the following command on the OBSD machine: route add -inet 172.16.0.0/24 192.168.1.254 Once I disable the pf (pfctl -d) the machines can talk fine. I have a feeling it's these two lines from the bottom of my pf.conf: pass in on $int_if from $int_if:network to any keep state pass out on $int_if from any to $int_if:network keep state I'm guessing int_if is picking up the 192.168.1.0 address but not the 172.16.0.0 piece that I have added a route for manually. Can anyone take a look at my pf.conf and suggest entires I would need to add/modify? Thanks for the help. Warren # $OpenBSD: pf.conf,v 1.27 2004/03/02 20:13:55 cedric Exp $ # # See pf.conf(5) and /usr/share/pf for syntax and examples. ext_if = "fxp1" int_if = "fxp0" lan_net = "192.168.1.0/24" wan_net = "66.225.151.192/27" tcp_services = "{ 25, 113, 53 }" icmp_types = "echoreq" priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }" #table persist #table persist # options set block-policy return set loginterface $ext_if #scrub in scrub in all nat on $ext_if from $int_if:network to any -> ($ext_if) rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 \ port 8021 #Redirect any mail from our internal, trusted servers to port 10025 rdr on $int_if proto tcp from 192.168.1.0/24 to any port 25 -> 127.0.0.1 port 10025 # filter rules block all pass quick on lo0 all #block in #pass out keep state #pass quick on { lo $int_if } #antispoof quick for { lo $int_if } block drop in quick on $ext_if from $priv_nets to any block drop out quick on $ext_if from any to $priv_nets pass in on $ext_if inet proto tcp from any to ($ext_if) \ port $tcp_services flags S/SA keep state pass in on $ext_if inet proto tcp from port 20 to ($ext_if) \ user proxy flags S/SA keep state pass in on $ext_if inet proto udp from any to ($ext_if) \ port 53 keep state pass in inet proto icmp all icmp-type $icmp_types keep state pass in on $int_if from $int_if:network to any keep state pass out on $int_if from any to $int_if:network keep state pass out on $ext_if proto tcp all modulate state flags S/SA pass out on $ext_if proto { udp, icmp } all keep state From WSampson at kmpdesigns.com Tue Jan 12 17:52:34 2010 From: WSampson at kmpdesigns.com (Sampson, Warren) Date: Tue, 12 Jan 2010 11:52:34 -0500 Subject: Update pf with new private IP segment added behind internal router References: <83C397860A527642B9611EA263562D3755873E@kmpdc1.kmpdesigns.com> <20100112081624.EMBQ17673.viefep17-int.chello.at@edge04.upc.biz> Message-ID: <83C397860A527642B9611EA263562D37558754@kmpdc1.kmpdesigns.com> -----Original Message----- > From: Remco [mailto:remco at d-compu.dyndns.org] > Sent: January-12-10 3:16 AM > To: Sampson at chello.at; Sampson, Warren; openbsd-newbies at sfobug.org > Subject: Re: Update pf with new private IP segment added behind internal router > >> >> I've used the following command on the OBSD machine: >> route add -inet 172.16.0.0/24 192.168.1.254 >> > > I don't expect this to be necessary if your default gateway is > 192.168.1.254. My default gateway is an outside IP on another NIC >> pass in on $int_if from $int_if:network to any keep state >> pass out on $int_if from any to $int_if:network keep state >> >> I'm guessing int_if is picking up the 192.168.1.0 address but not the >> 172.16.0.0 piece that I have added a route for manually. >> > > '$int_if:network' translates to the subnet 'int_if' is connected to. (my > guess is 192.168.1.0/24) You should be able to see that using 'pfctl -sr'. > > If I consider both 192.168.1.0/24 and 172.16.0.0/24 part of your LAN, maybe > replacing: > pass in on $int_if from $int_if:network to any keep state > pass out on $int_if from any to $int_if:network keep state > > with something like: > lan_net = "{ 192.168.1.0/24, 172.16.0.0/24 }" > > pass in on $int_if from $lan_net to any keep state > pass out on $int_if from any to $lan_net keep state > > will help. That indeed was the ticket. I adjusted as you suggested and everything is working fine. Thanks for your help. Warren From forumdaybreak at yahoo.com Wed Jan 20 09:27:42 2010 From: forumdaybreak at yahoo.com (Daybreak Breakdaze) Date: Wed, 20 Jan 2010 00:27:42 -0800 (PST) Subject: Recommendation for low-power server hardware to run OpenBSD. Message-ID: <961014.97344.qm@web54104.mail.re2.yahoo.com> Hi, I am already running a Web Proxy cache on an old PC, but I would like to also run a low volume web and mail server. However, it would be nice to get another system that was low on wattage, yet had hardware supported by OpenBSD. Hopefully it wouldn't be too noisy either. So, if anyone knows of anything like that and knows it can run OpenBSD, please comment. Thanks in advance. -db -------------- next part -------------- An HTML attachment was scrubbed... URL: From jjhartley at gmail.com Wed Jan 20 13:47:19 2010 From: jjhartley at gmail.com (James Hartley) Date: Wed, 20 Jan 2010 04:47:19 -0800 Subject: Recommendation for low-power server hardware to run OpenBSD. In-Reply-To: <961014.97344.qm@web54104.mail.re2.yahoo.com> References: <961014.97344.qm@web54104.mail.re2.yahoo.com> Message-ID: On Wed, Jan 20, 2010 at 12:27 AM, Daybreak Breakdaze < forumdaybreak at yahoo.com> wrote: > ...it would be nice to get another system that was low on wattage, yet had > hardware supported by OpenBSD. Hopefully it wouldn't be too noisy either. > > So, if anyone knows of anything like that and knows it can run OpenBSD, > please comment. > > One alternative are Alix systems as described at the following: http://www.pcengines.ch/alix.htm They are cheap & silent. Search OpenBSD's misc@ archives for previous discussions: http://marc.info/?l=openbsd-misc&w=2&r=1&s=alix&q=b > _______________________________________________ > Openbsd-newbies mailing list > Openbsd-newbies at sfobug.org > http://mailman.theapt.org/listinfo/openbsd-newbies > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rainer_t at gmx.de Wed Jan 20 16:45:55 2010 From: rainer_t at gmx.de (Rainer Thierfelder) Date: Wed, 20 Jan 2010 16:45:55 +0100 Subject: Recommendation for low-power server hardware to run OpenBSD. In-Reply-To: <961014.97344.qm@web54104.mail.re2.yahoo.com> References: <961014.97344.qm@web54104.mail.re2.yahoo.com> Message-ID: <20100120154555.307240@gmx.net> Hi, -------- Original-Nachricht -------- > Datum: Wed, 20 Jan 2010 00:27:42 -0800 (PST) > Von: Daybreak Breakdaze > An: openbsd-newbies at sfobug.org > Betreff: Recommendation for low-power server hardware to run OpenBSD. > Hi, I am already running a Web Proxy cache on an old PC, but I would like > to also run a low volume web and mail server. However, it would be nice to > get another system that was low on wattage, yet had hardware supported by > OpenBSD. Hopefully it wouldn't be too noisy either. > > So, if anyone knows of anything like that and knows it can run OpenBSD, > please comment. I could recommend the net5501-70 by soekris [1]: ------------------------------------------- # dmesg | head OpenBSD 4.5 (GENERIC) #1749: Sat Feb 28 14:51:18 MST 2009 deraadt at i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 586-class) 500 MHz cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX real mem = 536440832 (511MB) avail mem = 510427136 (486MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 20/70/03, BIOS32 rev. 0 @ 0xfac40 # uptime 4:40PM up 97 days, 21:35, 3 users, load averages: 0.12, 0.11, 0.08 # ps uax | grep squid root 19121 0.0 0.2 1136 1192 ?? Is 14Oct09 0:00.01 /usr/local/sbin/squid _squid 3033 0.0 5.7 26976 29632 ?? S 14Oct09 82:38.58 (squid) (squid) _squid 14203 0.0 0.1 208 560 ?? Is 14Oct09 0:59.67 (unlinkd) (unlinkd) root 1975 0.0 0.1 464 768 p2 S+ 4:40PM 0:00.01 grep squid ------------------------------------- It's configured as router between intranet and dsl-router and runs a transparent squid-proxy. Installed via tftp and dhcp. You need a serial cable for console-redirection. The hardware has no fan, so it's very quiet. I run it with a 2.5" sata-harddisk but it is still quiet. Greetings, Rainer [1] http://www.soekris.com/net5501.htm -- --------------------------------------------------------------------- Rainer Thierfelder email: rainer_t at gmx.de site: http://www.rainers-welt.de geeks feinde: sonne, frische luft und das unertraegliche gebruell der voegel! --------------------------------------------------------------------- Hilfe f?r Haiti! Spende per SMS: Sende UI HAITI an die Nummer 81190. Von 5 Euro je SMS (zzgl. SMS-Geb?hr) gehen 4,83 Euro an UNICEF. From shamim at languid.org Wed Jan 20 21:15:31 2010 From: shamim at languid.org (Rev. Shamim Mohamed, D.D., LFHCfS) Date: Wed, 20 Jan 2010 12:15:31 -0800 Subject: Recommendation for low-power server hardware to run OpenBSD. In-Reply-To: <961014.97344.qm@web54104.mail.re2.yahoo.com> References: <961014.97344.qm@web54104.mail.re2.yahoo.com> Message-ID: <3fa0e6d71001201215k1c2885baj17cbfd1c6275e2f8@mail.gmail.com> On Wed, Jan 20, 2010 at 12:27 AM, Daybreak Breakdaze wrote: > > Hi, I am already running a Web Proxy cache on an old PC, but I would like to also run a low volume web and mail server. However, it would be nice to get another system that was low on wattage, yet had hardware supported by OpenBSD. Hopefully it wouldn't be too noisy either. Have you considered the Soekris boxes? www.soekris.com. -s -- "I hate to advocate drugs or alcohol to anyone, but they've always worked for me." From jfs.world at gmail.com Wed Jan 20 17:20:08 2010 From: jfs.world at gmail.com (Jeffrey 'jf' Lim) Date: Thu, 21 Jan 2010 00:20:08 +0800 Subject: Recommendation for low-power server hardware to run OpenBSD. In-Reply-To: References: <961014.97344.qm@web54104.mail.re2.yahoo.com> Message-ID: <4b3125cc1001200820u14903d76l323cb50edae26cc7@mail.gmail.com> On Wed, Jan 20, 2010 at 8:47 PM, James Hartley wrote: > On Wed, Jan 20, 2010 at 12:27 AM, Daybreak Breakdaze < > forumdaybreak at yahoo.com> wrote: > >> ...it would be nice to get another system that was low on wattage, yet >> had hardware supported by OpenBSD. Hopefully it wouldn't be too noisy >> either. >> >> >> So, if anyone knows of anything like that and knows it can run OpenBSD, >> please comment. >> >> One alternative are Alix systems as described at the following: > > http://www.pcengines.ch/alix.htm > > is the "integrated crypto accelerator" supported? -jf -- "Every nonfree program has a lord, a master -- and if you use the program, he is your master." --Richard Stallman "It's so hard to write a graphics driver that open-sourcing it would not help." -- Andrew Fear, Software Product Manager, NVIDIA Corporation http://kerneltrap.org/node/7228 -------------- next part -------------- An HTML attachment was scrubbed... URL: From stu at spacehopper.org Sat Jan 23 02:34:24 2010 From: stu at spacehopper.org (Stuart Henderson) Date: Sat, 23 Jan 2010 01:34:24 +0000 (UTC) Subject: Recommendation for low-power server hardware to run OpenBSD. References: <961014.97344.qm@web54104.mail.re2.yahoo.com> <3fa0e6d71001201215k1c2885baj17cbfd1c6275e2f8@mail.gmail.com> Message-ID: > On Wed, Jan 20, 2010 at 12:27 AM, Daybreak Breakdaze > wrote: >> >> Hi, I am already running a Web Proxy cache on an old PC, but I >> would like to also run a low volume web and mail server. However, >> it would be nice to get another system that was low on wattage, yet >> had hardware supported by OpenBSD. Hopefully it wouldn't be too >> noisy either. "Low volume web and mail server" means different things to different people. There's a world of difference between serving static webpages and taking whatever mail is received and putting it into a mailbox, and serving CGIs or some web scripting language and running mail through spamassassin. On 2010-01-20, Rev. Shamim Mohamed, D.D., LFHCfS wrote: > Have you considered the Soekris boxes? www.soekris.com. They're useful, but they're fairly slow. For some people, the serial console is a big win, for others it's a drawback. The pcengines boards make great firewalls, nameservers, timeservers etc. Soekris can do more (another nic, PCI port, somewhere you can put a 2.5" disk instead of just a CF) but they're significantly more expensive. There are also a bunch of atom- and via-based systems which mostly work ok (also slowish at a given clock speed compared to P3/Core systems, but quicker than the fastest current Soekris/pcengines systems and can take more RAM and disks, OTOH they do take a bit more power). e.g.: D945GCLF2, various Jetway, MSI, VIA and others. From stu at spacehopper.org Sat Jan 23 01:29:25 2010 From: stu at spacehopper.org (Stuart Henderson) Date: Sat, 23 Jan 2010 00:29:25 +0000 (UTC) Subject: Recommendation for low-power server hardware to run OpenBSD. References: <961014.97344.qm@web54104.mail.re2.yahoo.com> <4b3125cc1001200820u14903d76l323cb50edae26cc7@mail.gmail.com> Message-ID: On 2010-01-20, Jeffrey 'jf' Lim wrote: >> http://www.pcengines.ch/alix.htm >> > is the "integrated crypto accelerator" supported? yes, but in a number of cases it actually slows things down to use it.