On Tue, Mar 11, 2008 at 06:57:41PM +0100, Jordi Prats wrote:
Hi all,
Have anyone tried to run OpenBSD with pf on a Jetway J7F2 (or similar)
motherboard to act as a firewall and do NAT?
Any inputs will be welcome! Thanks,
--
Jordi
I'm using exactly this board (see dmesg below), a couple
Hi,
I cleaned up my attic and found some kind of hardware I do not need
any more. I'm not at home at the moment, but AFAIR there is a Sun
Sparc 2 and a Sun Ultra 5. Perhaps there is an DEC Alpha Workstation
II, too.
Can be picked up in Duisburg / Germay. If you like you can spend some
How are zombies best dealt with, correctively?
My OBSD 4.2 x86 machine is showing memory and CPU utilization are a
negligable fraction of the total capacity. Yet, it is getting maxed out
in regards to number of processes, apparently due to the zombies.
kill -KILL seems to have no effect.
Some
Thanks.
Paul de Weerd wrote:
...
Zombies are part of unix, you *need* them in cases. Leaving them
dangling (for too long) is not good of course, clean-up is required.
That's what's happening. I see that one work-around would be to have
cron periodically send a kill signal to the parent. But
On Wed, Mar 12, 2008 at 2:18 AM, Lars Noodin [EMAIL PROTECTED]
wrote:
Or what are the major reasons 4.3 is going to still use 1.3x?
Licensing.
On Wed, Mar 12, 2008 at 10:36:23AM +0200, Lars Nood??n wrote:
How are zombies best dealt with, correctively?
My OBSD 4.2 x86 machine is showing memory and CPU utilization are a
negligable fraction of the total capacity. Yet, it is getting maxed out
in regards to number of processes,
Looking ahead, what is the timeline for moving to Apache2?
Likely never, unless they decide to change their license.
Or what are the major reasons 4.3 is going to still use 1.3x?
apache2 is not free enough.
How are zombies best dealt with, correctively?
Sorry to answer my own question. The solution was to find the parent
process and kill it.
But the second question still stands, is there a generic way to prevent
the formation of zombies? The cause in this specific case is a
perl-based CGI script
On Wed, Mar 12, 2008 at 10:36:23AM +0200, Lars Nood??n wrote:
| How are zombies best dealt with, correctively?
By fixing the bugs in the parent.
| My OBSD 4.2 x86 machine is showing memory and CPU utilization are a
| negligable fraction of the total capacity. Yet, it is getting maxed out
| in
On 12 March 2008, Lars NoodC)n [EMAIL PROTECTED] wrote:
[...]
And, is there a generic way to prevent them? The cause is a perl CGI
called by apache2
Depending on what you're doing, make the parent wait(2) for the
processes or setsid(3).
Regards,
Liviu Daia
--
Dr. Liviu Daia
Hi,
Does anyone know the status of IPHC over PPP as per RFC2507 and
RFC3508 (TCP compression as described in RFC2507 is though not needed)
on OpenBSD ?
Thanks in advance.
Mehdi
* Theo de Raadt [EMAIL PROTECTED] [2008-03-12 10:36]:
Looking ahead, what is the timeline for moving to Apache2?
Likely never, unless they decide to change their license.
even then... I don't see any advatages in apache2, but lots of
disadvantages and a gigantic design fault. No, not one,
On Wed, Mar 12, 2008 at 1:13 AM, Stuart Henderson [EMAIL PROTECTED] wrote:
On 2008-03-11, nicodache [EMAIL PROTECTED] wrote:
Now, the question is : is there any way to remotely (my box is in a
remote securized datacenter with double code) jump from raidframe to
softraid, as I've
Hi!
On Wed, Mar 12, 2008 at 12:05:29PM +0200, Liviu Daia wrote:
On 12 March 2008, Lars NoodC)n [EMAIL PROTECTED] wrote:
[...]
And, is there a generic way to prevent them? The cause is a perl CGI
called by apache2
Depending on what you're doing, make the parent wait(2) for the
processes or
On 2008-03-12, nicodache [EMAIL PROTECTED] wrote:
On Wed, Mar 12, 2008 at 1:13 AM, Stuart Henderson [EMAIL PROTECTED] wrote:
On 2008-03-11, nicodache [EMAIL PROTECTED] wrote:
Now, the question is : is there any way to remotely (my box is in a
remote securized datacenter with double code)
Hi all,
I bought a PCI SATA controller off the shelf at a local store last week.
It was so cheap I didn't bother checking the chipset on it. It's a
rebranded Sunix card:
http://www.sunix.com.tw/it/en/Product_Detail.php?cate=2class_a_id=34sid=447
When I plugged it in I realised it uses a
Hey chaps,
I have a pair of OpenBSD firewalls running CARP
$ uname -a
OpenBSD ns-gs-fw2.host.nativ-systems.com 4.2 NS-GS-FW#0 i386
They both have internal and external addresses and an internal carp and
external carp address shared.
Now, they are protecting an FTP server that I want to allow
On 12 March 2008, Hannah Schroeter [EMAIL PROTECTED] wrote:
Hi!
On Wed, Mar 12, 2008 at 12:05:29PM +0200, Liviu Daia wrote:
On 12 March 2008, Lars NoodC)n [EMAIL PROTECTED] wrote:
[...]
And, is there a generic way to prevent them? The cause is a perl
CGI called by apache2
Depending
On 3/12/08, Lars NoodC)n [EMAIL PROTECTED] wrote:
Looking ahead, what is the timeline for moving to Apache2?
Or what are the major reasons 4.3 is going to still use 1.3x?
Take a look at http://nginx.net/ BSD license, seems to work, but I
don't know about its security profile. I'm sure it's
Otto == Otto Moerbeek [EMAIL PROTECTED] writes:
Otto zombie state happend if a child process exits, but its parent did not
Otto execute a wait(2) system call (or one if its alternatives) for the
Otto process (yet). So this seem a bug in the handling of CGIs.
Most likely a bug in a Perl script
On Wed, Mar 12, 2008 at 08:39:07AM -0500, Gregg Reynolds wrote:
On 3/12/08, Lars NoodC)n [EMAIL PROTECTED] wrote:
Looking ahead, what is the timeline for moving to Apache2?
Or what are the major reasons 4.3 is going to still use 1.3x?
Take a look at http://nginx.net/ BSD license, seems
On Wed, Mar 12, 2008 at 09:57:16AM +0100, Otto Moerbeek wrote:
zombie state happend if a child process exits, but its parent did not
execute a wait(2) system call (or one if its alternatives) for the
process (yet). So this seem a bug in the handling of CGIs.
I'd like to add a bit to the above
Am 12.03.2008 um 13:28 schrieb Joe Warren-Meeks:
Hey chaps,
Hey,
Ideally, I'd have ftp-proxy bind to the CARP address, so that if there
was a failover event, inbound ftp would still work.
I set up an local ip address via interface lo1 and redirects all
incoming ftp requests to ftp-proxy
Joe,
You can bind your reverse ftp-proxy to the carp addresses.
BTW, a problem you might eventually see is when the firewalls fail over.
Current connections to the ftp server will die when the backup firewall
takes over because it does not have ftp-proxy anchors from the first
firewall. The
Theo de Raadt wrote:
apache2 is not free enough.
Ok. There were some additional reasons mentioned, but licensing is
enough on its own. I found the old announcement now that I know what to
look for:
http://archives.neohapsis.com/archives/openbsd/2004-06/0448.html
Apache 1.3.29 is decent
Randal L. Schwartz wrote:
Most likely a bug in a Perl script that forks but doesn't wait for its kid.
I generally *don't* see zombies in well-written Perl programs.
;)
Was this FastCGI by any chance?
No. I think it's the perl script, but now that gets added to my list of
things to do.
IPSEC works well if you blissfully ignore the hassle of setting up
IPSEC on every possible client you want to support in your network. OS
X' native configuration panels does not deal with IPSEC, but, comes
with Racoon so that one can take the trouble to set it up without
having to compile
Ok. There were some additional reasons mentioned, but licensing is
enough on its own. I found the old announcement now that I know what to
look for:
http://archives.neohapsis.com/archives/openbsd/2004-06/0448.html
Apache 1.3.29 is decent enough and has the functionality, name brand
If you want to serve http content via IPv6, then perhaps you can run
httpd on your (IPv4) loopback interface, and have relayd listen on
your public IPv6 interface, and forward requests over IPv4 to it ?
/Pete
On 12 Mar 2008, at 4:22 PM, Lars Noodin wrote:
Theo de Raadt wrote:
apache2 is not
Op Wed, 12 Mar 2008 17:05:01 +0100 schreef Pete Vickers
[EMAIL PROTECTED]:
If you want to serve http content via IPv6, then perhaps you can run
httpd on your (IPv4) loopback interface, and have relayd listen on
your public IPv6 interface, and forward requests over IPv4 to it ?
And then what
Lars NoodC)n wrote:
Would something like this be appropriate at the tail end of the httpd
man page for v 1.3.29?
Due to licensing changes, the version of Apache shipped with
OpenBSD will stay at version 1.3.29. Bugfixes will be provided,
but no further updates.
On Wed, Mar 12, 2008 at 11:58 AM, Theo de Raadt [EMAIL PROTECTED]
wrote:
A fork does not seem like a good return on investment, so v 1.3.29 will
probably go away sooner than later once the Apache Foundation drops
maintenance on the 1.3 series.
I'm just curious what is in 2.x that you
On 2008-03-12, Pete Vickers [EMAIL PROTECTED] wrote:
If you want to serve http content via IPv6, then perhaps you can run
httpd on your (IPv4) loopback interface, and have relayd listen on
your public IPv6 interface, and forward requests over IPv4 to it ?
Here's a better way: test the diffs at
bofh wrote:
On Wed, Mar 12, 2008 at 11:58 AM, Theo de Raadt [EMAIL PROTECTED]
wrote:
A fork does not seem like a good return on investment, so v 1.3.29 will
probably go away sooner than later once the Apache Foundation drops
maintenance on the 1.3 series.
I'm just curious what is in 2.x that
On Wed, Mar 12, 2008 at 07:52:15AM +0100, Andreas Bihlmaier wrote:
On Tue, Mar 11, 2008 at 06:57:41PM +0100, Jordi Prats wrote:
Hi all,
Have anyone tried to run OpenBSD with pf on a Jetway J7F2 (or similar)
motherboard to act as a firewall and do NAT?
Any inputs will be welcome!
Quoting Jonathan Weiss [EMAIL PROTECTED]:
bofh wrote:
On Wed, Mar 12, 2008 at 11:58 AM, Theo de Raadt [EMAIL PROTECTED]
wrote:
A fork does not seem like a good return on investment, so v 1.3.29 will
probably go away sooner than later once the Apache Foundation drops
maintenance on the 1.3
Markus Lude wrote:
mbalmer@ posted a diff for IPv6 support for the base apache back last
december: see http://mini.vnode.ch/
Excellent. What, in general, are the plans? (Any answer is fine.)
Knowing more reduces the unnecessary questions, experiments and
speculations that get in the way.
My
I still have plans to continue the WPA work in the near future.
No estimated time of arrival though, especially as I tend to become lazy
as I get older.
Damien
| Dear All,
|
| I would love to use OpenBSD on my laptop but the problems is that most of
| my work places use WPA encrypted wireless
Hi,
I need to transfer files via sftp (ssh ftp) from a Windows machine.
This files may contain Umlauts (vd|) and Spaces.
I made several tests and stuck with the following:
sftp [EMAIL PROTECTED]:'/file-withv|d.txt'
works, but
sftp [EMAIL PROTECTED]:'/file with spaces.txt'
doesn't work.
If I
Apparently the Umlauts in my mail got mangled by majordomo, I meant german
latin1 characters, sometimes rewritten as 'ae' 'oe' and 'ue'.
benny
Hi,
I need to transfer files via sftp (ssh ftp) from a Windows machine.
This files may contain Umlauts (vd|) and Spaces.
I made several tests and
On Wed, Mar 12, 2008 at 12:19:18PM -0400, bofh wrote:
| A fork does not seem like a good return on investment, so v 1.3.29 will
| probably go away sooner than later once the Apache Foundation drops
| maintenance on the 1.3 series.
|
|
| I'm just curious what is in 2.x that you need, that
I ran a few tests, and OpenBSD seems perfectly capable of using those extended
characters have you tried using doubled quotes?
sftp [EMAIL PROTECTED]:file with spaces and Umlauts.txt
That should work.. but, spaces and extended characters are so unclean in
the Unix world, it was never
So, SMBus.
I've made a few attempts to get it to work, with precious little
success... but that isn't really surprising seeing as I have no idea
how to go about doing such a thing.
I've fiddled with the BIOS settings with no appreciable effect, and
I've tried using UKC to pass different flags to
Hello,
I there a way to support as non-developer ... Unfortunally I'm not a developer
so I can't help code, but if I can do something else let me know.
Regards
Hagen Volpers
-Urspr|ngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Im Auftrag von Damien Bergamini
I have a new-to-me dual P-133 Tyan board with 4 PCI slots and some ISA
slots. (see my low-MHz server thread)
I'll be wanting to add USB to it.
Checking Belkin's website, their current card is part# F5U220v1,
Hi-Speed USB 2.0 5-Port PCI Card.
I don't see it listed in the 4.2 install.i386.
Depends on the chip. As far as I can tell from that photo, it's an NEC
usb controller. The last add-on usb card I bought had an NEC
controller and it worked well enough...
On Wed, Mar 12, 2008 at 1:52 PM, Douglas A. Tutty [EMAIL PROTECTED] wrote:
I have a new-to-me dual P-133 Tyan board with 4
Marc Rene Arns wrote:
Hi,
I need to transfer files via sftp (ssh ftp) from a Windows machine.
This files may contain Umlauts (vd|) and Spaces.
I made several tests and stuck with the following:
sftp [EMAIL PROTECTED]:'/file-withv|d.txt'
works, but
sftp [EMAIL PROTECTED]:'/file with
[IMAGE]
Ultime da Poste Italiane:
Gentile Cliente,
Abbiamo ricevuto una segnalazione di accredito di Euro 270 da UFFICIO
POSTALE ROMA 12. L'accredito e' stato temporaneamente bloccato a causa
dell'incongruenza dei suoi dati, potra' ora verificare i suoi dati e
successivamente sara' accreditato
Does OpenBSD's OpenSSL use the FIPS 140-2 certified bits where
applicable?
Is it possible to enable DEBUG logging for internal-sftp in sshd?
Using -current (Mar 12, 2008) and enabling a chroot'd sftp server we can
get sshd to log initial connections. But, we would also like to log sftp
activity like uploads, downloads, and directory changes similar to what
vsftpd does.
I did a search around and found something called SmartStart, Apparently it's
a bootable configuration utility for your system that configures various
settings in NVRAM.
http://www.umpquanet.com/support/freebsd_setup.html --FreeBSD articble related
to your system...
Lars wrote:
But the second question still stands, is there a generic way to prevent
the formation of zombies? The cause in this specific case is a
perl-based CGI script called by apache2.
The easiest way might be to let perl auto-reap the children for you.
It's as simple as prepending this
So it must be an FreeBSD issue, sorry for the noise.
I ran a few tests, and OpenBSD seems perfectly capable of using those
extended characters have you tried using doubled quotes?
I tried *everything* (backslash, double quotes, single quotes,...)
BTW my ssh version is OpenSSH_4.5p1
The problem is clear, I think.
But a simple example:
You are an operator for e.g. a OBSD Firewall.
Yesterday everything was ok,
Today a person phoned me and want that I open a tcp port for him. Ok I open.
Tomorrow, I notice problems that I never have had before. But I have forgotten
the new open
On Thu, Mar 13, 2008 at 12:37:55AM +0100, Stephan Andreas wrote:
The problem is clear, I think.
But a simple example:
You are an operator for e.g. a OBSD Firewall.
Yesterday everything was ok,
Today a person phoned me and want that I open a tcp port for him. Ok I open.
Tomorrow, I notice
On Thu, Mar 13, 2008 at 12:37:55AM +0100, Stephan Andreas wrote:
The problem is clear, I think.
But a simple example:
You are an operator for e.g. a OBSD Firewall.
Yesterday everything was ok,
Today a person phoned me and want that I open a tcp port for him. Ok I open.
Tomorrow, I notice
Stephan Andreas wrote:
The problem is clear, I think.
But a simple example:
You are an operator for e.g. a OBSD Firewall.
Yesterday everything was ok,
Today a person phoned me and want that I open a tcp port for him. Ok I open.
Tomorrow, I notice problems that I never have had before. But I
Mr. Bihlmaier mentioned that there is no support for the sensors
on the Jetway J7F2 boards. I have written a driver for the Fintek
F71805F found on some of those boards. It is a modification of the
LM78 driver (lm78.c) a href=http://www.oat.com/fintek;here/a.
Several people have used it in 4.2.
On Wed, Mar 12, 2008 at 8:45 PM, Geoff Steckel [EMAIL PROTECTED] wrote:
Mr. Bihlmaier mentioned that there is no support for the sensors
on the Jetway J7F2 boards. I have written a driver for the Fintek
F71805F found on some of those boards. It is a modification of the
LM78 driver (lm78.c) a
On Wed, Mar 12, 2008 at 09:32:45PM +0100, openbsd misc wrote:
Hello,
I there a way to support as non-developer ... Unfortunally I'm not a developer
so I can't help code, but if I can do something else let me know.
you could always offer to pay damien for his development time.
--
Mathieu
On Wed, 12 Mar 2008, Ed Ahlsen-Girard wrote:
Does OpenBSD's OpenSSL use the FIPS 140-2 certified bits where
applicable?
No. Furthermore, there are no FIPS 140-2 certified bits - it is an
entire package that is certified, you don't get to pick and choose.
-d
On Wed, 12 Mar 2008, Calomel wrote:
Is it possible to enable DEBUG logging for internal-sftp in sshd?
Using -current (Mar 12, 2008) and enabling a chroot'd sftp server we can
get sshd to log initial connections. But, we would also like to log sftp
activity like uploads, downloads, and
On Thu, Mar 13, 2008 at 12:29:47PM +1100, Damien Miller wrote:
On Wed, 12 Mar 2008, Ed Ahlsen-Girard wrote:
Does OpenBSD's OpenSSL use the FIPS 140-2 certified bits where
applicable?
No. Furthermore, there are no FIPS 140-2 certified bits - it is an
entire package that is certified, you
bofh wrote:
On Wed, Mar 12, 2008 at 8:45 PM, Geoff Steckel [EMAIL PROTECTED] wrote:
Mr. Bihlmaier mentioned that there is no support for the sensors
on the Jetway J7F2 boards. I have written a driver for the Fintek
F71805F found on some of those boards. It is a modification of the
LM78 driver
Ryan,
You're right about the entire package needing to be FIPS 140-2
certified. Also, the other key component here is what
algorithms/components the system is FIPS 140-2 certified for, such as
3DES, TLS, SSL, RNG, or AES.
However, if you're attempting to do CA on a system, keep in mind that
the
What good is an OpenBSD system running with a FIPS 140-2 certified
cryptographic component handling SSL and SSH (using AES-256) if the
interfacing systems aren't also well-protected, and your applications
running on the system don't have safeguards against malicious usage?
You're right --
66 matches
Mail list logo