headers
bsd user | 1 Jul 2002 02:02
Picon
Favicon

Help: Creating installable OpenBSD-stable archives / CDs?

Hi all.

Well I started with the 3.1 release CD set and installed in on a system
intended to be a server not a build machine.  But since there were many
updates / patches I ended up rebuilding the kernel and OS to go from
3.1 to -stable.

In the future I want to do patch/update builds on another machine, 
and just make archives of the newly built binaries in the same form as 
the -release installable files are, so I can just (I)nstall / (U)pgrade 
production machines and not have to build on them.

Where are the scripts, Makefiles, or other docs. that would help me take
the newly built -stable or -current OS files and package them to be installed
on other machines?

I didn't see any such options in /usr/src/Makefile or any scripts there.

Surely this is something many people would wish to do.

Thanks!
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
Permalink | Reply | 1 comment |
headers
bsd user | 1 Jul 2002 02:26
Picon
Favicon

Example working 2 NIC PF / NAT configurations intranet <-> internet ?

Hi all.

Anyone have a collection of example pf.conf/nat.conf files for OpenBSD 3.1?
** I've seen the ones in the nat.conf/pf.conf man pages, and in the openbsd.org FAQ,
but somehow when I adapt them to my local configuration it's just not working yet.

I don't doubt that it works well for many people, though I really had quite
unexpected difficulty in getting even trivial network connectivity with the
PF/NAT active with the most simple / permissive rules.

In the end I got the OpenBSD box itself to talk to the internet, and nothing
at all successfully working bidirectionally from the NATed intranet machines.

Just as a quick test I tried:

Intranet 10.x.x.N/30  private address space
Internet a.b.c.N/30   internet address pool

10.x.x.N/24 intranet <-> (10.x.x.N vr0) OBSD box (a.b.c.N aue0 static ip) <-> inet

Most simply:

I tried doing 'pass all' pf.conf rules.
I tried 1:1 'binat' rules in nat.conf for each host mapping between 10.x.x.N <-> a.b.c.N
...three NAT rules lines for each host IP (one for tcp, udp, icmp).

anyway looking in the mailing lists and with google I spent a few hours to find only a couple
threads that gave concrete tips, and much of that for configurations more complex than what
I need, or for other versions of OpenBSD (-current or 3.0, 2.9).
(Continue reading)

Permalink | Reply | 1 comment |
headers
Joe Kellner | 1 Jul 2002 02:53

Re: Example working 2 NIC PF / NAT configurations intranet <-> internet ?

It sounds like you're setting up everything fine. Of course I'm guessing you
have
net.inet.ip.forwarding=1  set in your /etc/sysctl.conf and you've set your
OpenBSD machine as the default gateway for the machines that you're running
NAT for? You'll also need pf=YES in /etc/rc.conf.

basically I do
nat on external_if from 192.168.1.0/24 to any -> mynetip

in nat.conf.

Hope this helps,
-Joe Kellner

----- Original Message -----
From: "bsd user" <fbibsd <at> yahoo.com>
To: <misc <at> openbsd.org>
Sent: Sunday, June 30, 2002 8:26 PM
Subject: Example working 2 NIC PF / NAT configurations intranet <-> internet
?

> Hi all.
>
> Anyone have a collection of example pf.conf/nat.conf files for OpenBSD
3.1?
> ** I've seen the ones in the nat.conf/pf.conf man pages, and in the
openbsd.org FAQ,
> but somehow when I adapt them to my local configuration it's just not
working yet.
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Ben Chodoroff | 1 Jul 2002 02:57
Picon
Favicon

Re: Help: Creating installable OpenBSD-stable archives / CDs?

* bsd user (fbibsd <at> yahoo.com) wrote:
> Hi all.
> 
> Well I started with the 3.1 release CD set and installed in on a system
> intended to be a server not a build machine.  But since there were many
> updates / patches I ended up rebuilding the kernel and OS to go from
> 3.1 to -stable.
> 
> In the future I want to do patch/update builds on another machine, 
> and just make archives of the newly built binaries in the same form as 
> the -release installable files are, so I can just (I)nstall / (U)pgrade 
> production machines and not have to build on them.
> 
> Where are the scripts, Makefiles, or other docs. that would help me take
> the newly built -stable or -current OS files and package them to be installed
> on other machines?
> 
> I didn't see any such options in /usr/src/Makefile or any scripts there.
> 
> Surely this is something many people would wish to do.
>
>
man 8 release has information about this. It's also been discussed on
misc <at>  before iirc.

--
http://michiganimc.org/ :: Michigan Indymedia Center
http://bc.multics.org/ :: Personal homepage
bc at sdf.lonestar.org
(Continue reading)

Permalink | Reply | 0 comments |
headers
Lawrence W. Smith | 1 Jul 2002 02:55

Re: Help: Creating installable OpenBSD-stable archives / CDs?

> Hi all.
> 
> Well I started with the 3.1 release CD set and installed in 
> on a system
> intended to be a server not a build machine.  But since there 
> were many
> updates / patches I ended up rebuilding the kernel and OS to go from
> 3.1 to -stable.
> 
> In the future I want to do patch/update builds on another machine, 
> and just make archives of the newly built binaries in the 
> same form as 
> the -release installable files are, so I can just (I)nstall / 
> (U)pgrade 
> production machines and not have to build on them.
> 
> Where are the scripts, Makefiles, or other docs. that would 
> help me take
> the newly built -stable or -current OS files and package them 
> to be installed
> on other machines?

man release(8)

L
Permalink | Reply | 0 comments |
headers
Nick Holland | 1 Jul 2002 03:36
Favicon

Re: what am i missing?

pickle wrote:
> 
> Hello,
> I have a OpenBSD box on a DSL and have had it running
> dchp for 2 years..  I decided to add another OBSD box
> on the network to play with and run another server.
> 
> I can ping IP addresses fine but when pingin a domain
> name i get the ol'e "Ping: Unknown host:" error.

DNS problem.  Your /etc/resolv.conf file isn't set up properly.  You
need it set up on each system.

 
<snip> 
> 
> [/etc/resolv.conf]
> $ tail resolv.conf
> search dsl-verizon.net
> nameserver 4.2.2.1
> nameserver 4.2.2.2
> nameserver 4.2.2.3

You know, I was about to yell at you for obscuring data, but by golly,
that *is* a valid set of name servers!

--

-- 
http://www.holland-consulting.net
(Continue reading)

Permalink | Reply | 1 comment |
headers
Theo de Raadt | 1 Jul 2002 03:42
Picon
Favicon

Re: rfc2228 in ftpd

Jason, please do not make false statements like this.

4 messages directly on topic were not sent through until I asked for
them to be sent through.  Then they were sent through.  Was sending
them through a mistake, or was blocking them a mistake?  Can you
please clarify?

Hugh's messages in port-vax with booting bug fixes were also censored
and he had to replace his email address.

This is a message which was blocked until after:

    http://mail-index.netbsd.org/tech-security/2002/06/27/0016.html

Was this above message not relevant?

It was in response to this message:

    http://mail-index.netbsd.org/tech-security/2002/06/27/0008.html

Does this above message meet the requirements, where mine doesn't?

> On Sun, Jun 30, 2002 at 07:01:36PM -0600, Theo de Raadt wrote:
> 
>  > Why are you bothering to have this witch-hunt conversation when our
>  > responses are censored?
> 
> If your responses would actually address the issues outlined, then the
> moderator of the list will certainly let them through.  However, it is
> precisely the fact that they consistently do NOT stay on-topic that
(Continue reading)

Permalink | Reply | 0 comments |
headers
Jeff Ross | 1 Jul 2002 03:45
Favicon

Help needed with Qwest/MSN DSL...

I've given a firewall (OpenBSD -current mid June) to a friend in St Paul,
MN on the Qwest/MSN DSL service, and I'm having trouble keeping it
on-line.  Once it drops off-line, I'm have to have my friend reboot the
firewall.  It is then online and functioning great for roughly 3 days,
when I lose the connection again.

Qwest/MSN DSL is rather bizarre in that they provide an Arescom modem that
NAT's the internal connection automatically, but none of the modem's
configuration is available on the model provided.  You get what Qwest/MSN
says and that's that.

Here is a rough picture of the network as I see it:

  63.229.208.60			sample external IP (changes regularly)
	|
	|
  192.168.1.1			NATed internal address of Arescom modem
	|				(constant)
	|
  192.168.1.2			dhclient established external address of
	|				firewall (also constant)
	|
     10.1.1.1			internal address of firewall
	|
	|
     10.1.1.5			address of WinME workstation
 					(dhcpd-server supplied)

A typical log entry from dhclient (logged through socklog, hence the
double time stamps):
(Continue reading)

Permalink | Reply | 3 comments |
headers
Fabio | 1 Jul 2002 03:47

Load Balancing

Hi..

How I make to place two the same NIC of net with IP and making load
balancing?
Permalink | Reply | 4 comments |
headers
Jason R Thorpe | 1 Jul 2002 04:02

Re: rfc2228 in ftpd

On Sun, Jun 30, 2002 at 07:42:23PM -0600, Theo de Raadt wrote:

 > 4 messages directly on topic were not sent through until I asked for
 > them to be sent through.  Then they were sent through.  Was sending
 > them through a mistake, or was blocking them a mistake?  Can you
 > please clarify?

Only the moderator of the list in question can clarify that.  You'll
have to ask that person.

 > Hugh's messages in port-vax with booting bug fixes were also censored
 > and he had to replace his email address.

Hugh's messages are not censored.  They are bounced to the moderator
if they originate from the openbsd.org domain.  The moderator of the
port-vax mailing list has historically approved all of Hugh's posts,
and I have received word that this is the case for all recent posts
(unfortunately, there was a backlog in that moderator's queue).

 > This is a message which was blocked until after:
 > 
 >     http://mail-index.netbsd.org/tech-security/2002/06/27/0016.html
 > 
 > Was this above message not relevant?

At the very least, I would certainly not classify the message you cite
as constructive.  It was certainly "relevant" to the subject at hand,
but was filled with accusatory remarks and has an overly-aggressive tone.
That's generally not the ways adults carry on a conversation.
(Continue reading)

Permalink | Reply | 0 comments |

Gmane