Relaying or redirecting access to another IP/Port

I have a machine with two cards: xl0 (192.168.168.168 and it's alias 10.10.10.10)
xl1 (222.xx.xx.xx). They would serve an internal and external connection respectively to a web server named test.fer.com. Every web access from internet will be passed to xl1, and xl0 for intranet use, and the real web server run on another machine (10.10.10.11) will serve any request.

For this configuration to work, a port must be listening on www port. I have use Apache and applied virtual host, it works fine.

I would try another way, using relayd on OpenBSD 4.7.
relayd is a daemon to relay and dynamically redirect incoming connections to a target host. Its main purposes are to run as a load-balancer, application layer gateway, or transparent proxy.

The daemon is able to monitor groups of hosts for availability, which is determined by checking for a specific service common to a host group. When availability is confirmed, layer 3 and/or layer 7 forwarding services are set up by relayd.

Layer 3 redirection happens at the packet level; to configure it, relayd communicates with pf.
To allow relayd to properly set up pfrules, the following line is required in the filter section of pf.conf:

anchor "relayd/*"

Layer 7 relaying happens at the application level and is handled by relayd itself.
Various application level filtering and protocol-specific-balancing options are available for relays.

Here an example of relayd.conf or relay daemon configuration file
#
# Macros
relayd_lokal="10.10.10.10"
relayd_lokal_int="xl0"
relayd_ip="222.xx.xx.xx"
relayd_port ="80"
relayd_int="xl1"
mywebserver ="10.10.10.11"

table { $mywebserver }
serverku_port="80"

# Global Options
interval 10
timeout 1000
prefork 5

log updates

redirect anchor_name {
listen on $relayd_ip port $relayd_port interface $relayd_int
# tag every packet that goes thru the rdr rule with RELAYD
tag RELAYD
sticky-address
forward to port $serverku_port mode roundrobin check tcp
}


http protocol "www_service" {
tcp { nodelay, socket buffer 65536 }
header append "$REMOTE_ADDR" to "X-Forwarded-For"
header append "$SERVER_ADDR:$SEVER_PORT" to "X-Forwarded-By"
}

relay "www_forwarder" {
listen on $relayd_lokal port $relayd_port
protocol "www_service"
forward to $mywebserver port $serverku_port
}


Remind that in pf.conf to put rule something like this:
pass in log on $ext_if inet proto tcp from any to $mywebserver port 80 flags S/SA synproxy state tagged RELAYD

Adding a file set later on OpenBSD

I have to install the gd library that requires the X components and experiencing this error
=================================
#cd /usr/ports/graphics/gd
#make install
===> Checking files for gd-2.0.35p0
>> Fetch http://www.libgd.org//releases/gd-2.0.35.tar.gz
..
installation failed (I forgot the error messages)
After installing xbase47.tgz and repeat the installation of gd, pieces of the following error appears

===> Verifying specs: jpeg.>=62 png.>=2 iconv.>=2 jpeg.>=62 png.>=2 iconv.>=2 c expat fontconfig freetype m z
Missing library for fontconfig
Missing library for freetype
=================================

Previously, I chose file sets without X components. Lately, I have to install some package that requires one or more files sets that are not selected before.
As you recall, when installing OpenBSD, we select the following file sets to be installed:

bsd - This is the Kernel. REQUIRED.
bsd.mp - Multi-processor (SMP) kernel
bsd.rd - RAM disk kernel
base47.tgz - Contains the base OpenBSD system. REQUIRED.
etc47.tgz - Contains all the files in /etc. REQUIRED.
comp47.tgz - Contains the compiler and its tools, headers and libraries.
man47.tgz - Contains man pages
misc47.tgz - Contains misc info, setup documentation
game47.tgz - Contains the games for OpenBSD
xbase47.tgz - Contains the base libraries and utilities for X11
xetc47.tgz - Contains the /etc/X11 and /etc/fonts configuration files
xfont47.tgz - Contains X11's font server and fonts
xserv47.tgz - Contains X11's X servers
xshare47.tgz - Contains manpages, locale settings, includes, etc. for X

For the case above, there are two ways I can do:
First, use the installation media such as CD-ROM, and choose Upgrade (rather than Install).
Second, use tar command to install the file on the root of the filesystem.

I chose the last way and do these:
1. Download these file sets and save them into the directory /home/binsar.
# wget -nd -P /home/binsar http://ftp.jaist.ac.jp/pub/OpenBSD/4.7/i386/xbase47.tgz
# wget -nd -P /home/binsar http://ftp.jaist.ac.jp/pub/OpenBSD/4.7/i386/xshare47.tgz
--2011-01-05 05:38:15-- http://ftp.jaist.ac.jp/pub/OpenBSD/4.7/i386/xshare47.tgz
Connecting to ftp.jaist.ac.jp (ftp.jaist.ac.jp)|150.65.7.130|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2946170 (2.8M) [application/x-gzip]
Saving to: `/home/binsar/xshare47.tgz'
100%[======================================>] 2,946,170 135K/s in 22s
2011-01-05 05:38:37 (131 KB/s) - `/home/binsar/xshare47.tgz' saved [2946170/2946170]

2. Install the file sets into root directory (The 'p' option in the tar command in order to restore the file permissions properly!!!).

#tar xzvphf /home/binsar/xbase47.tgz -C /
#tar xzvphf /home/binsar/xshare47.tgz -C /

3. Update the shared library cache (without rebooting) by run ldconfig to add all the X libraries to the cache:
# ldconfig -m /usr/X11R6/lib


or simply reboot my system, and this will be done automatically by the rc startup script.

4. Try install the gd library
#cd /usr/ports/graphics/gd
#make install clean
# pkg_info
...
autoconf-2.61p3 automatically configure source code on many Un*x platforms
bzip2-1.0.5 block-sorting file compressor, unencumbered
cvsup-16.1hp2-no_x11 network file distribution system
db-4.6.21p0 Berkeley DB package, revision 4
gd-2.0.35p0 library for dynamic creation of images
gdbm-1.8.3p0 GNU dbm
...

Programs close very frequent for Data Execution Prevention

Data Execution Prevention (DEP) is a security feature that helps prevent damage from viruses and other security threats by monitoring your programs to make sure they use system memory safely.Harmful programs can try to attack Windows by attempting to run (also known as execute) code from system memory locations reserved for Windows and other authorized programs. These types of attacks can harm your programs and files.

DEP can help protect your computer by monitoring your programs to make sure that they use system memory safely. If DEP notices a program on your computer using memory incorrectly, it closes the program and notifies you.

This happened to me very frequent. For example, when using IE, FF and Opera, the web browser suddenly terminate, and closed. The same cases also appear, while working with Adobe, MSOffice, OpenOffice.

I open Task Manager and found strange program "in my opinion", DOIMEK.EXE.
The file reside in User's home directory. I watch another file exist with same size to ALG.EXE, with SHR attributes, and dated 2010-10-21.

I run msconfig, in Startup tab, unchecked Doimek.exe and one other name that I forgot, to not load at start.
After rebooting, still...CPU Usage is too high for long time, specially for doimek.exe


No relevant results while Googling doimek.exe and alg.exe, at time of writing this post, probably I am wrong with those file, but I have remove them from my machine, and CPU Usage is decrease.

Pinging General Failure after uninstalling Norton

My machine has Vista installed and Norton as anti virus and for internet security.
I just remove Norton by using Uninstall in Vista's Control Panel and could not found
any uninstallation program that come with it.
The anti virus has gone, but two Live Update still reside as Service and one service named like Symantec Application ... ( I forgot the complete name). They could not be uninstalled. I leave them as is, than try to work with my local web with results:

- My local web could not be reach.
- Try with three kinds of different software databases to test local connection, no success.
- Try a ping command to domain name, even localhost or 127.0.0.1, come with General Failure reply.
- As administrator try to reset winsock and IPv4:
C:\Windows\System32>netsh winsock reset catalog
C:\Windows\System32>netsh int ipv4 reset reset.log
C:\Windows\System32>netsh int ipv6 reset reset.log
restart the machine, still General Failure.

Then I arrived here and use it to completely remove Norton software.
It works again.

SQL math

What the result of these SQL Statements:

SELECT 1/2, 2 - (2 * (1/2));

SELECT 1 * 1.52, 1.0 * 1.52, 1.0 * 1.520, 1.00 * 1.520;

Please try with any kind of database software!

Using PHP Radius Extension

The FreeRADIUS server software package includes several tools to assist in testing and using the server, some pf them is Radclient and Radtest. To work with applications such as Web inventory Systems, the system has to connect with Radius server using Radius Client. Today I use PHP Radius Extension as Radius client.

PHP Radius client library
This package is PECL extension for Radius (Remote Authentication Dial In User Service). This extension is based on the libradius of FreeBSD. It allows clients to perform authentication and accounting by means of network requests to remote servers.


Auth_RADIUS
This package is a php wrapper around the php radius extension. There are different Classes for the different authentication methods available through RADIUS. If we are using CHAP-MD5 or MS-CHAP authentication, we will also need the Crypt_CHAP package. In addition, if using MS-CHAP authentication, we will need to enable the mhash and mcrypt extension in php.ini. Documentation of the radius extension is available through the PHP manual at http://www.php.net/radius

In previous install link, my sistem has these modules installed
# php -m
[PHP Modules]
Core
date
ereg
gd
libxml
mysql
mysqlnd
pcre
Reflection
session
SPL
standard

I started the installation with the following sequence:

1. Install Auth_Radius a PEAR wrapper classes for the RADIUS PECL.
#/usr/ports/net/pear-Auth_RADIUS
#make
===> Registering installation for pear-1.9.1
===> Returning to build of pear-Auth_RADIUS-1.0.6
===> Configuring for pear-Auth_RADIUS-1.0.6
===> Registering installation for pecl-radius-1.2.5
#make install
----------------------------------------------------------------------
Libraries have been installed in:
/usr/ports/net/pecl-radius/work/radius-1.2.5/modules
****************************************************************************
The following line has been added to your /usr/local/etc/php/extensions.ini
configuration file to automatically load the installed extension:
extension=radius.so
****************************************************************************
===> Returning to build of pear-Auth_RADIUS-1.0.6
===> Generating packing list
===> Generating temporary packing list
===> Checking if net/pear-Auth_RADIUS already installed
===> Installing examples in /usr/local/share/examples/pear/Auth_RADIUS.
install ok: channel://pear.php.net/Auth_RADIUS-1.0.6
===> Registering installation for pear-Auth_RADIUS-1.0.6

# make clean
===> Cleaning for pear-1.9.1 ###PEAR framework for PHP
===> Cleaning for php5-5.3.3_2
===> Cleaning for pecl-radius-1.2.5 ###Radius client library for PHP
===> Cleaning for php5-xml-5.3.3_2
===> Cleaning for pear-Auth_RADIUS-1.0.6 ###PEAR wrapper classes for the RADIUS PECL


2. Install additional package
#/usr/ports/security/pear-Crypt_CHAP
extension=mcrypt.so
extension=hash.so

3. List modules installed
# php -m
[PHP Modules]
Core
date
ereg
gd
hash
libxml
mcrypt
mhash
mysql
mysqlnd
pcre
radius
Reflection
session
SPL
standard
xml

# pear list
Installed packages, channel pear.php.net:
=========================================
Package Version State
Archive_Tar 1.3.7 stable
Auth_RADIUS 1.0.6 stable
Console_Getopt 1.2.3 stable
Crypt_CHAP 1.0.2 stable ### here version 1.0.2
PEAR 1.9.1 stable
Structures_Graph 1.0.3 stable


4.I have to upgrade Crypt_CHAP (replace mhash function to hash function, because I'm on php5.3)
# pear upgrade
downloading Crypt_CHAP-1.5.0.tar ...
Starting to download Crypt_CHAP-1.5.0.tar (Unknown size)
........done: 22,528 bytes
upgrade ok: channel://pear.php.net/Crypt_CHAP-1.5.0
Installed packages, channel pear.php.net:
=========================================
Package Version State
Archive_Tar 1.3.7 stable
Auth_RADIUS 1.0.6 stable
Console_Getopt 1.2.3 stable
Crypt_CHAP 1.5.0 stable
PEAR 1.9.1 stable
Structures_Graph 1.0.3 stable

5. Restart Apache service
#apachectl graceful

6. Start Radius in debug mode



7. Test authentication



8. Use sample number 2 from here and modify arguments as needed, and test it. It works.

Installation of Mondes' LAB1

Steps to install Mondes' LAB1. This was done remotely via telnet, from 11.50pm to 02.30am.

1. Install Apache web server with prefork MPM (apache-2.0.63_16)
#cd /usr/ports/www/apache20 (released 2008-01-19)
#make install clean
(current Apache is v2.2.16, released 2010-07-25)


2. Install current version of PHP5 (php5-5.3.3_2, released 2010-07-22)
#cd /usr/ports/lang/php5
#make install clean
***************************************************************
Make sure index.php is part of your DirectoryIndex.
You should add the following to your Apache configuration file:
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
***************************************************************
This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system.
/usr/local/libexec/apache2/libphp5.so
/usr/local/bin/php
/usr/local/bin/php-cgi

AddType application/x-httpd-php .php <<.html>>
AddType application/x-httpd-php-source .phps


3. Install mysql shared extension for php (php5-mysql-5.3.3_2)
#cd /usr/ports/databases/php5-mysql
#make install clean
***************************************************************
The following line has been added to your /usr/local/etc/php/extensions.ini configuration file to automatically load the installed extension:
extension=mysql.so
***************************************************************


4. Install session shared extension for php (php5-session-5.3.3_2)
#cd /usr/ports/www/php5-session
#make install clean
***************************************************************
The following line has been added to your /usr/local/etc/php/extensions.ini
configuration file to automatically load the installed extension:
extension=session.so
***************************************************************


5. Install gd shared extension for php (php5-session-5.3.3_2)
#cd /usr/ports/graphics/php5-gd
#make install clean
****************************************************************************
The following line has been added to your /usr/local/etc/php/extensions.ini
configuration file to automatically load the installed extension:
extension=gd.so
****************************************************************************

6. Install text-based web browser
#cd /usr/local/www/lynx
#make install clean
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/bin/lynx


7. Make FreeBSD reread the files in the path so it knows what's there
#rehash


8. Adding PHP5 module to Apache
#cd /usr/local/etc/apache2/
===>modify httpd.conf


9. Create test page

# echo ""  >> /usr/local/www/data/tester.php

10.Test the installation
#apachectl start
#lynx localhost/tester.php

ready for web management (RADIUS and Monitoring).