Comments for tech notes http://bsd.dischaos.com just some random notes on BSDs, linux and web development Tue, 10 Mar 2009 10:36:40 +0000 http://wordpress.org/?v=2.9.1 hourly 1 Comment on Running OpenBSD in read-only mode by mjda http://bsd.dischaos.com/2008/10/06/running-openbsd-in-read-only-mode/comment-page-1/#comment-551 mjda Tue, 10 Mar 2009 10:36:40 +0000 http://bsd.dischaos.com/?p=37#comment-551 tnx tnx

]]> Comment on logging cisco ios messages to external freebsd syslog by admin http://bsd.dischaos.com/2009/02/25/logging-cisco-ios-messages-to-external-freebsd-syslog/comment-page-1/#comment-541 admin Sat, 07 Mar 2009 21:07:59 +0000 http://bsd.dischaos.com/?p=86#comment-541 Thanks for your comment. I have to admit that I skipped that option when I was looking at syslog's configuration and didn't even think DNS can affect syslog's decisions on whether to log a message or not. thanks again! Thanks for your comment.

I have to admit that I skipped that option when I was looking at syslog’s configuration and didn’t even think DNS can affect syslog’s decisions on whether to log a message or not.

thanks again!

]]> Comment on logging cisco ios messages to external freebsd syslog by martin42 http://bsd.dischaos.com/2009/02/25/logging-cisco-ios-messages-to-external-freebsd-syslog/comment-page-1/#comment-538 martin42 Fri, 06 Mar 2009 17:31:14 +0000 http://bsd.dischaos.com/?p=86#comment-538 Thanks for those notes. There's an issue that can stop syslog messages appearing: reverse DNS lookups. Example 1: You specify "+10.0.0.1". RDNS resolves to "cisco.example.org". Messages from 10.0.0.1 are not logged. Example 2: You specify "+cisco.example.org", which resolves to 10.0.0.1. But the RDNS for 10.0.0.1 is "gw.example.org". Messages from 10.0.0.1 are not logged. I guess it's hard for syslog to get it right. If it resolved all the hostnames in its config at boot time, they would get stale. If it resolved them all each time a message came in, that could get expensive. If you add the syslogd option: "-n : Disable dns query for every request." then you can safely use IP addresses in /etc/syslog.conf regardless of any reverse DNS entries that might exist. Regards, - Martin Thanks for those notes.

There’s an issue that can stop syslog messages appearing: reverse DNS lookups.

Example 1: You specify “+10.0.0.1″. RDNS resolves to “cisco.example.org”. Messages from 10.0.0.1 are not logged.

Example 2: You specify “+cisco.example.org”, which resolves to 10.0.0.1. But the RDNS for 10.0.0.1 is “gw.example.org”. Messages from 10.0.0.1 are not logged.

I guess it’s hard for syslog to get it right. If it resolved all the hostnames in its config at boot time, they would get stale. If it resolved them all each time a message came in, that could get expensive.

If you add the syslogd option: “-n : Disable dns query for every request.” then you can safely use IP addresses in /etc/syslog.conf regardless of any reverse DNS entries that might exist.

Regards,

- Martin

]]> Comment on jabberd SASL problems by Recent Faves Tagged With "sasl" : MyNetFaves http://bsd.dischaos.com/2008/02/19/jabberd-sasl-problems/comment-page-1/#comment-417 Recent Faves Tagged With "sasl" : MyNetFaves Sat, 08 Nov 2008 21:50:18 +0000 http://bsd.dischaos.com/?p=12#comment-417 [...] public links >> sasl jabberd SASL problems First saved by jcyrus | 1 days ago Policy Daemon 2.0.3 (2.x (Cluebringer) branch) First saved [...] [...] public links >> sasl jabberd SASL problems First saved by jcyrus | 1 days ago Policy Daemon 2.0.3 (2.x (Cluebringer) branch) First saved [...]

]]> Comment on Running OpenBSD 4.2 on the Soekris net 5501 by tech notes » OpenBSD 4.3 on the Soekris net 5501 http://bsd.dischaos.com/2008/04/28/running-openbsd-42-on-the-soekris-net-5501/comment-page-1/#comment-7 tech notes » OpenBSD 4.3 on the Soekris net 5501 Thu, 01 May 2008 10:51:52 +0000 http://bsd.dischaos.com/2008/04/28/running-openbsd-42-on-the-soekris-net-5501/#comment-7 [...] it on a net 5501. The installation procedure is exactly the same as  for OpenBSD 4.2 described here. The only exception is that I couldn’t find pxeboot on the install43.iso file downloaded from [...] [...] it on a net 5501. The installation procedure is exactly the same as  for OpenBSD 4.2 described here. The only exception is that I couldn’t find pxeboot on the install43.iso file downloaded from [...]

]]> Comment on IPsec synchronization with OpenBSD by abnamro.chris http://bsd.dischaos.com/2008/04/10/ipsec-synchronization-with-openbsd/comment-page-1/#comment-6 abnamro.chris Mon, 14 Apr 2008 01:38:06 +0000 http://bsd.dischaos.com/2008/04/10/ipsec-synchronization-with-openbsd/#comment-6 I am trying to get a similar setup to work. I have two BSD behind a BSD external gateway, and an IPSec peer establishes connection to at the moment one BSD peer behind that BSD external gateway, we use pf to pass the traffic straight through to the internal BSD machine. The new work mainly focuses on building a failover IPSec peer using another BSD machine. I have some plans as what I needed to do. But at the moment it is quite unclear yet. Maybe you can shed some light if you could please. I think there are three things I needed to do. 1. setup the failover BSD machine with CARP 2. copy all IPSec conf from the first BSD peer behind that external BSD firewall to this new BSD to be built 3. change the pf (NAT) rule on the external gateway, such that when traffic comes from the peer outside the external gateway, forward the traffic to the virtual address. (shared between the old BSD peer and the new one) 4. change the destination address on the outside BSD peer to the virtual address Is there anything else I missed out? Thanks for writing this up by the way, there is a severe shortage of howto on IPSec+CARP. I am trying to get a similar setup to work. I have two BSD behind a BSD external gateway, and an IPSec peer establishes connection to at the moment one BSD peer behind that BSD external gateway, we use pf to pass the traffic straight through to the internal BSD machine. The new work mainly focuses on building a failover IPSec peer using another BSD machine.

I have some plans as what I needed to do. But at the moment it is quite unclear yet. Maybe you can shed some light if you could please. I think there are three things I needed to do.
1. setup the failover BSD machine with CARP
2. copy all IPSec conf from the first BSD peer behind that external BSD firewall to this new BSD to be built
3. change the pf (NAT) rule on the external gateway, such that when traffic comes from the peer outside the external gateway, forward the traffic to the virtual address. (shared between the old BSD peer and the new one)
4. change the destination address on the outside BSD peer to the virtual address

Is there anything else I missed out? Thanks for writing this up by the way, there is a severe shortage of howto on IPSec+CARP.

]]> Comment on jabberd SASL problems by admin http://bsd.dischaos.com/2008/02/19/jabberd-sasl-problems/comment-page-1/#comment-5 admin Thu, 10 Apr 2008 00:24:19 +0000 http://bsd.dischaos.com/?p=12#comment-5 Hi, thanks for your comment. Did you actually have any problems with your jabberd compiled with GSASL library? I was told by the port maintainer that GSASL is the only officially supported library at the moment and Cyrus SASL had been disabled some time ago due to some problems. I ended up thinking that it was a problem with my config even that it used to run on a different server for quite a long time. Hi, thanks for your comment.

Did you actually have any problems with your jabberd compiled with GSASL library? I was told by the port maintainer that GSASL is the only officially supported library at the moment and Cyrus SASL had been disabled some time ago due to some problems. I ended up thinking that it was a problem with my config even that it used to run on a different server for quite a long time.

]]> Comment on jabberd SASL problems by slava http://bsd.dischaos.com/2008/02/19/jabberd-sasl-problems/comment-page-1/#comment-4 slava Sat, 22 Mar 2008 08:13:39 +0000 http://bsd.dischaos.com/?p=12#comment-4 hi, thanks for litl tutorial :) my steps of install where different, beside the third one. I didn't found in jabberd's Makefile the lines you pointed out, yes i had to mention that i compiled the 2.1.23 version of jabberd. CD to jabberd directory 1. edit the jabberd-2.1.23/sx/sasl_cyrus.c 2. configure [code] ./configure --enable-mysql --enable-debug --with-sasl=cyrus --enable-ssl \ --with-extra-include-path=/usr/local/include:/usr/local/include/mysql \ --with-extra-library-path=/usr/local/lib:/usr/local/lib/mysql [/code] 3. make and isntall [code]make make install make clean[/code] hi, thanks for litl tutorial :)
my steps of install where different, beside the third one. I didn’t found in jabberd’s Makefile the lines you pointed out, yes i had to mention that i compiled the 2.1.23 version of jabberd.

CD to jabberd directory

1. edit the jabberd-2.1.23/sx/sasl_cyrus.c

2. configure

./configure –enable-mysql –enable-debug –with-sasl=cyrus –enable-ssl \
–with-extra-include-path=/usr/local/include:/usr/local/include/mysql \
–with-extra-library-path=/usr/local/lib:/usr/local/lib/mysql

3. make and isntall

make
make install
make clean
]]> Comment on vim key mappings for php/symfony by Symfony.es » Blog Archive » Una semana con Symfony #31 (4-10 febrero 2008) http://bsd.dischaos.com/2008/02/06/vim-key-mappings-for-phpsymfony/comment-page-1/#comment-3 Symfony.es » Blog Archive » Una semana con Symfony #31 (4-10 febrero 2008) Sun, 17 Feb 2008 19:10:04 +0000 http://bsd.dischaos.com/?p=9#comment-3 [...] vim key mappings for php/symfony [...] [...] vim key mappings for php/symfony [...]

]]> Comment on vim key mappings for php/symfony by rpsblog.com » A week of symfony #58 (4->10 february 2008) http://bsd.dischaos.com/2008/02/06/vim-key-mappings-for-phpsymfony/comment-page-1/#comment-2 rpsblog.com » A week of symfony #58 (4->10 february 2008) Sun, 10 Feb 2008 23:26:03 +0000 http://bsd.dischaos.com/?p=9#comment-2 [...] vim key mappings for php/symfony [...] [...] vim key mappings for php/symfony [...]

]]>