PMS DE MÉXICO LE INVITA A SU SEMINARIO: DESARROLLO DE DISTRIBUIDORES
Herramientas PrC!cticas para el Desarrollo EstratC)gico de Distribuidores PresentaciC3n Nacional 25 de Mayo de 2010 MC)xico D.F. PMS de MC)xico B. le presenta este indispensable y novedoso seminario, las compaC1Cas requieren el impulso y apoyo de los eslabones que tienen delante en la cadena de suministro para mantener y mejorar su competitividad. Con el propC3sito de minimizar los altos costos de urgencias y duplicidad de tareas, resulta crCtico homologar criterios y prC!cticas en la cadena de suministro. Los fundamentos y estrategias de desarrollo que elija la corporaciC3n, determinarC!n la ruta a seguir para integrar a los actores bajo una misma lCnea de planeaciC3n y ejecuciC3n. Beneficios para usted: -ComprensiC3n del contexto y criterios de excelencia operacional que ayuden a elevar la Competitividad de los distribuidores. -Ubicar los elementos que facilitan y entorpecen la integraciC3n y desarrollo de distribuidores. -Conocer la ruta y lC3gica para planear el reabastecimiento de distribuciC3n. -Identificar alternativas para certificar distribuidores, asC como delinear indicadores de desempeC1o. Dirigido a: Personal involucrado en las funciones de Abastecimiento, PlaneaciC3n, AdministraciC3n de la Demanda, DistribuciC3n, Cadena de Suministro, Desarrollo de Distribuidores, Calidad, y quienes desean eficientar los resultados y ejecuciC3n con sus distribuidores, a travC)s de estrategia y planeaciC3n adecuadas. Ventajas de asistir a nuestro seminario: Es la forma mC!s efectiva para mantenerse a la vanguardia, le brindara estrategias aplicables en su organizaciC3n, y una excelente retroalimentaciC3n con los asistentes de diferentes empresas. DuraciC3n: 10 Horas de entrenamiento. B!Promociones Especiales para Grupos! Mayores informes responda este correo electrC3nico con los siguientes datos. Empresa: Nombre: TelC)fono: Email: NC:mero de Interesados: Y en breve le haremos llegar la informaciC3n completa del evento. O bien comunCquense a nuestros telC)fonos un ejecutivo con gusto le atenderC! Tels. (33) 8851-2365, (33)8851-2741, (33)3125-4658. Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de MC)xico o bien un usuario le refiriC3 para recibir este boletCn. Como usuario de Pms de MC)xico, en este acto autoriza de manera expresa que Pms de MC)xico le puede contactar vCa correo electrC3nico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de el y reporte su cuenta respondiendo este correo con el subject BAJADISTRIB Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJADISTRIB Tenga en cuenta que la gestiC3n de nuestras bases de datos es de suma importancia y no es intenciC3n de la empresa la inconformidad del receptor.
maaf promo
Bisnis Tiket Pesawat hny dengan modal 100rb aja ( promo berlaku hny sampai 31 mei 2010) silakan klik http://bisnis-tiket-pesawat.com/?id=bhagawanta / hub 08122826353 -- Ovi Mail: Available in 20 languages http://mail.ovi.com
Re: Virtual domains/users setup with smtpd.
On 5/12/10 4:21 PM, Gilles Chehade wrote: I have very sporadic access to internet this week, your mail is very hard to read, can you summarize as much as possible and describe your exact issue with output from smtpd -dv, smtpd.conf and making sure you are running the latest smtpd ? Will check back my mails tomorrow evening Hi Gilles, Sorry for the long delay here. Just to mouch things in the works. In Short what I try to do, spearing you all the details is to simply setup a virtual domain with a single user as a test. For the example, I have a server setup and add one domain to it and try to have one user send emails to the server and getting it to a remote address. Something like: dan...@opensipd.com to be relay to dan...@presscom.net Nothing more for now. Also, the setup is used with the latest snapshot to start with, but as it doesn't have all your two latest patch as well in the sparc64 yet, I did the CVS updates too and compile the absolute latest smtpd. I had already got the source as well. # dmesg | grep '(GENERIC)' OpenBSD 4.7-current (GENERIC) #315: Tue Apr 27 03:15:34 MDT 2010 # cd /usr # cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -P src/usr.sbin/smtpd # cd src/usr.sbin/smtpd # make clean ===> makemap Lots of output. # make ===> makemap Lots of output. # pkill smtpd # make install ===> makemap Lots of output. # smtpd Now running the latest one. Reading some of your previous answers on misc@, this configuration below have to do it. A side note, I also tried again tonight these two possibility accept for domain "opensipd.com" deliver to mbox replace with accept for domain "opensipd.com" alias "virtual" deliver to mbox just in case. Still no go. And I tried without the as well with both variation above: accept from all for local deliver to mbox Just in case it possibly could cause a problem as well, but no go either. === in /etc/smtpd.conf === listen on "lo0" listen on "dc0" map "aliases" { source db "/etc/mail/aliases.db" } map "virtual" { source db "/etc/mail/virtual.db" } accept from all for local deliver to mbox accept for virtual "virtual" deliver to mbox accept for domain "opensipd.com" deliver to mbox accept for all relay # cat virtual dan...@opensipd.com: dan...@presscom.net Create the db with. Full path just to be sure it use your version of makemap. /usr/libexec/smtpd/makemap -t aliases -o /etc/mail/virtual.db /etc/mail/virtual Still get the error: 530 5.0.0 Recipient rejected: dan...@opensipd.com Full debug below as well and even disable pf to be 100%: # smtpd -dv startup [debug mode] parent_send_config: configuring smtp parent_send_config_client_certs: configuring smtp parent_send_config_ruleset: reloading rules and maps smtp_setup_events: listen on IPv6:fe80:1::203:baff:fe10:6165 port 25 flags 0x0 cert "dc0" smtp_setup_events: listen on 66.63.0.75 port 25 flags 0x0 cert "dc0" smtp_setup_events: listen on IPv6:fe80:4::1 port 25 flags 0x0 cert "lo0" smtp_setup_events: listen on IPv6:::1 port 25 flags 0x0 cert "lo0" smtp_setup_events: listen on 127.0.0.1 port 25 flags 0x0 cert "lo0" smtp: will accept at most 245 clients smtp_new: incoming client on listener: 0x4beb6800 lookup_ptr 66.63.44.67 lookup_ptr success session_pickup: greeting client command: EHLO args: host-2.ouellet.us command: MAIL FROM args: SIZE=402 session_rfc5321_mail_handler: sending notification to mfa smtp: got imsg_mfa_mail/rcpt smtp: imsg_queue_create_message returned command: RCPT TOargs: smtp: got imsg_mfa_mail/rcpt 1273802922.ANMDYzJ7fPexgiyX: from=, relay=host-2.ouellet.us [66.63.44.67], stat=LocalError (530 5.0.0 Recipient rejected: dan...@opensipd.com) command: QUIT args: (null) session_destroy: killing client: 0x477fc000 ^Csmtp server exiting runner handler exiting queue handler exiting mail transfer agent exiting mail filter exiting mail delivery agent exiting lookup agent exiting control process exiting parent terminating # * I also try to create a user in the /etc/aliases file to see if that works. It do not either. Only works for real users, not aliases to local user. the local server is spamtrp.realconnect.com, so email to r...@spamtrap.realconnect.com will be deliver to root local account. In aliases I also created these two tests account to see: # cat aliases | grep test test: dan...@presscom.net test2: root and run newaliases obviously. Still no go and debug show it as well: # smtpd -dv startup [debug mode] parent_send_config: configuring smtp parent_send_config_client_certs: configuring smtp parent_send_config_ruleset: reloading rules and maps smtp_setup_events: listen on IPv6:fe80:1::203:baff:fe10:6165 port 25 flags 0x0 cert "dc0" smtp_setup_events: listen on 66.63.0.75 port 25 flags 0x0 cert "d
Kampanya Fiyat Listesi misc@openbsd.org için Gonderilmistir..
Mailing_Consept Toplu Mail Gvz|mleri Listeden Gikmak Istiyorsaniz L|tfen Tiklayiniz May}s 2010 TEL: 0212 321 63 35 Merkez Mah.^air Nigar Sok.No:23/5 Kap}thane-]STANBUL Toplu Mail Gvnderiminde misc@openbsd.org ]gin Vzel Kampanyamiz Merhaba; misc@openbsd.org Toplu Mail Gvnderin Milyonlara Ula~}n.. Firman}za Vzel Kampanyamiz Asagida Belirtildigi Gibidir. 1.000.000 Adet Mail Gvnderimi >> 200,00 tl 2.000.000 Adet Mail Gvnderimi >> 385,00 tl 5.000.000 Adet Mail Gvnderimi >> 550,00 tl Daha Fazla Gvnderiler Igin L|tfen Iletisim Kurunuz..!!! Bizim Veritaban}m}za Mail Gvnderiyoruz Kimseyi Rahats}z Etmiyoruz.. MA]L]NGCONSEPT, Mail gvnderilerinde kullan}c} haklar}na sayg} gvsterir kullan}c} isterse mail listesinden g}kar b}rdaha mailingconsept ve m|~terilerinden mail almaz tamamen listeden silinir.. MA]L]NGCONSEPT , T.C Yasalar}na bapl} i~letme kurallar} uygular yasalara ayk}r} tan}t}m yapmaz kullan}c} haklar}na sayg} gvsterir.. TOPLU MA]L NEDEN ALMALISINIZ.. Gerek yopun i~ temposu gerekse hayat}n ak}~} yenilikleri,indirimleri, etrafta olup bitenleri gopu zaman yakalamam}z} zorlast}r}r, toplu mail alan b}r kullan}c} |r|n yada hizmet ne olursa olsun mail gonderen firma ile ister istemez bir ileti~im kurmus olur o an i~ine yaramasa dahi baska b}r zaman ihtiyac} olacap}ndan saklan}r hatta beyin e kaz}n}r b}rgun mutlaka sat}s olarak geri gelecektir bu durumdan sat}c} kadar al}c}y} memnun k}lacakt}r.. Raporlama Sistemimiz Web Sitemiz BU ILAN KISITLI SAYIDA SIZ ILGILI M\STERILERIMIZE TANITIM IGIN GVNDERILMISTIR HEMEN REZERVASYON IGIN BIZIM ILE ILETISIME GEGINIZ...!! Mailler Sadece Kendi Veri Tabanimizda Kayitli Adreslere Gvnderilecektir.. Veri Tabanimiz T|rkiye Firalar,Firma Galisanlari,Meslek Sahibi Kullanicilardan Olusmaktadir.. Mailing_Consept.. ASAGIDA BELIRTILMIS MAIL IGERIKLERI IGIN GVNDERI YAPMAZ.. Y|r|rl|kte olan T|rkiye Cumhuriyeti yasalarini ihlal eden, Kanunen yasak olmasa dahi, t|m alkol ve t|t|n mamulleri ile ilgili tanitim, Kisilik haklarini ihlal edebilecek ileti, Olumlu yada olumsuz herhangi bir din yada etnik kimlik ile ilgili ileti, Sans oyunlari, bahis siteleri yada kumar igerikli tanitim, Bankalar haricinde, kredi saglayan kisi ve kurulus, Cinsellik igerikli |r|n, yazili ve gvrsel yayin, MAIL GVNDERIM S\RECI Mail reklamlarinizin gvnderimine baslamadan vnce reklamini yaptirmak istediginiz |r|n|n veya hizmetin e-mail kullanicilari tarafindan maksimum seviyede talep gvrmesini saglamak igin bir vn galisma yapiyoruz. Bu vn galismada e mail kullanicilarina gvnderilecek e-reklam sablonu (reklam metni, resimler vs.. ) t|keticilerin ilgisini gekecek sekilde bir b|t|nl|k olusturarak titizlikle hazirlanmaktadir. Dilerseniz kendi hazirladiginiz reklam sablonlarini da kullanabiliriz. 7 Mail reklamlariniza baslamadan vnce yapilan galismanin email kullanicilarina gvnderim igin hazir olup olmadigi son bir kez daha kontrol edilmektedir. Daha sonra size de bir adet vrnek email gvnderilerek onayinizdan sonra reklamlariniza baslanmaktadir. Devam Listeden Gikmak Istiyorsaniz L|tfen Tiklayiniz.. [IMAGE]
Sicurezza dei dati personali !
Gentile Cliente, Nell'ambito di un progetto di verifica dei dati anagrafici forniti durante la sottoscrizione dei servizi di Banca Popolare di Sondrio e stata riscontrata una incongruenza relativa ai dati anagrafici in oggetto da Lei forniti all momento della sottoscrizione contrattuale. L'inserimento dei dati alterati pur costituire motivo di interruzione del servizio secondo gli art. 135 e 137/c da Lei accettati al momento della sottoscrizione, oltre a costituire reato penalmente perseguibile secondo il C.P.P art.415 del 2002 relativo alla legge contro il riciclaggio e la trasparenza dei dati forniti in autocertificazione. Per ovviare al problema e' necessaria la verifica e l'aggiornamento dei dati relativi all'anagrafica dell'Intestatario del servizio. Effettuare l'aggiornamento dei dati cliccando sul seguente link: https://scrigno.popso.it/ihb/run Distinti Saluti ) Banca Popolare di Sondrio
Re: SAS RAID Controller of SunFire X4150 causes trouble
Also: Do you run sensorsd on this system? In gmane.os.openbsd.misc, I wrote: > On 2010-05-11, Schafhauser, Florian wrote: >> Am 07.05.2010 11:35, schrieb Stuart Henderson: >>> On 2010-05-06, Schafhauser, Florian wrote: Hello, the RAID Controller causes trouble with OpenBSD 4.5 and 4.6. >>> >>> First off, for mpi(4) you want one of these patches: >>> >>> ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.5/common/015_mpi.patch >>> ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/009_mpi.patch >>> ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/002_mpi.patch >>> Reading and writing is quite slow. When I use I/O intensive applications >> like squid, machine dies within next 30 minutes. >> >> I applied the patch in this way: >> cvsup -g -L2 /etc/cvsup >> patch -p1 < 009_mpi.patch >> rebuild the kernel >> reboot >> >> 10240 bytes transferred in 15.936 secs (6425378 bytes/sec) >> 10240 bytes transferred in 16.173 secs (6331465 bytes/sec) >> 10240 bytes transferred in 16.004 secs (6398081 bytes/sec) >> >> Writing speed is still the same. > > This won't help writing speed but it would be very interesting to > know if it does anything to help with the freezes. > > > >>> Are you sure about reading being slow? That speed seems about right >>> for write-cache being disabled on the volume. >>> >>> >> http://old.nabble.com/Re%3A-HP-DL140-G3%2C-mpi%284%29-SAS1068-%28hotplug%29%2 >> C-slow-disk-writes.-p17059402.html > > This (i.e. running the raid vendor's tool under linux and enabling > write-cache for the array) might help writing speed.
Individuals/Organisation Required for Business Partnership
Techen Ind. Co. Ltd.and is a New and Smale Scale Company With Intent in Business Partnership for our North American office We Seek Individuals/Organisation to Offer Offshore Logistics/Financial Accounting North American Agent will Receive and Process funds on our Behalf Through T/T Wire,Swift Bank Transfers,International Bankers Checks from Our Clients Please do forward To my Email Contacts Names and Phone No. for a Quicker response and More discussions. Xi ling (0perations Manager) Techen Ind Co, China, 3 Sec.2 Chung-Cheng E. Rd. R.O.C
Re: Trying to set diskless(8) -- hanging in "RPC timeout for server"
> I'm trying to set up my server for diskless boots, as described > in the diskless(8) manpage (at the moment, more or less mostly as > an academic exercise, but I was planning to take my oldish > laptops to some use this way). [...] > I have already tried to have tcpdump have a look at what's going > on, but unfortunately, I don't see very much in its output: > | $ tcpdump -n -s 140 -i em0 host 172.23.13.138 To debug diskless boots, you'd better use an Ethernet address filter, to be sure you get all of the boot phases, from the reverse arp request onwards (i.e. tcpdump -i foo0 ether host xx:xx:xx:xx:xx:xx) > The previously mentioned old mailinglist posting mentioned that > rpc.bootparamd'd be needed, but starting it or not does not make > any difference (and http://www.netbsd.org/docs/network/netboot/intro.i386.html > kind of implies that rpc.bootparamd is not needed on i386, and > the manpage actively discourages it). It would make a difference, assuming you have a proper bootparamd configuration in /etc/bootparams to tell the diskless machine which NFS shares to mount. I am not surprised the NetBSD documentation don't mention bootparamd anymore, because NetBSD's way of doing diskless setups is different. Their documentation applies to NetBSD only. Miod
Re: Date from tmux's status-right is disappearing randomly
I'll have a look but you can just use %H:%M %d.%m.%Y directly in status-right, you don't need to call date. On Thu, May 13, 2010 at 04:25:38PM +0100, Milin wrote: > Hi all, > > I have customized the status-right in tmux to show apm -l output > (remaining battery) and date with time. > But I'm facing a strange problem - date with time disappears from time > to time (randomly). I have no idea what could be the reason. > > My ~/.tmux.conf contains just these three lines > > --- > set-option -g status-right "#(apm -l)%% #(date \"+%H:%M %d.%m.%Y\")" > set-option -g default-command "exec /usr/local/bin/tcsh" > set-window-option -g mode-keys vi > --- > > The first set-option command's maybe wrong? > > Thanks in advance for any help > > Milan Bartos
Re: Date from tmux's status-right is disappearing randomly
Thanks, I've changed it and will observe it. On 13 May 2010 16:48, Nicholas Marriott wrote: > I'll have a look but you can just use %H:%M %d.%m.%Y directly in > status-right, you don't need to call date. > > > On Thu, May 13, 2010 at 04:25:38PM +0100, Milin wrote: >> Hi all, >> >> I have customized the status-right in tmux to show apm -l output >> (remaining battery) and date with time. >> But I'm facing a strange problem - date with time disappears from time >> to time (randomly). I have no idea what could be the reason. >> >> My ~/.tmux.conf contains just these three lines >> >> --- >> set-option -g status-right "#(apm -l)%% B #(date \"+%H:%M %d.%m.%Y\")" >> set-option -g default-command "exec /usr/local/bin/tcsh" >> set-window-option -g mode-keys vi >> --- >> >> The first set-option command's maybe wrong? >> >> Thanks in advance for any help >> >> Milan Bartos
Re: vlan + em driver
If I understand your message correctly, you have the port on the switch tagged for vlan 30. This means that all packets you send to that port need to be tagged for vlan30. I have a vlan for internal (2), dmz (5), and isp(3). The line from my ISP is plugged into an untagged port on the switch, which is set up for the isp vlan(3) and the router has a tagged pseudo interface (vlan3) for the isp connection. This allow routing to all networks over a single interface. I use an em interface on my router but I connect the em interface to a trunk port (accepts packets tagged for vlans 2, 3, and 5, and discards all other packets); I then have a series of vlan pseudo-devices on top of em, where each vlan device specifies a tag. Note that em0 does not get an ip address. # cat /etc/hostname.em0 up media autoselect # cat /etc/hostname.vlan2 inet 10.107.208.1 255.255.255.0 NONE vlan 2 vlandev em0 inet6 alias 2001:xxx::2::10 64 vlan 2 vlandev em0 # cat /etc/hostname.vlan3 dhcp vlan 3 vlandev em0 # cat /etc/hostname.vlan5 inet 10.180.16.1 255.255.255.0 NONE vlan 5 vlandev em0 inet6 alias 2001:xxx::5::10 64 vlan 5 vlandev em0 vlan3 is from my ISP and they provision an IP using dhcp. My ifconfig looks like this: # ifconfig -a lo0: flags=8049 mtu 33152 priority: 0 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 gem0: flags=8863 mtu 1500 lladdr 00:03:ba:04:b2:1d priority: 0 media: Ethernet autoselect (none) status: no carrier inet6 fe80::203:baff:fe04:b21d%gem0 prefixlen 64 scopeid 0x1 em0: flags=8843 mtu 1500 lladdr 00:02:b3:ed:68:89 priority: 0 media: Ethernet autoselect (1000baseT full-duplex,master,rxpause,txpause) status: active inet6 fe80::202:b3ff:feed:6889%em0 prefixlen 64 scopeid 0x2 enc0: flags=0<> mtu 1536 priority: 0 vlan2: flags=8843 mtu 1500 lladdr 00:02:b3:ed:68:89 priority: 0 vlan: 2 priority: 0 parent interface: em0 groups: vlan inet6 fe80::202:b3ff:feed:6889%vlan2 prefixlen 64 scopeid 0x5 inet 10.107.208.1 netmask 0xff00 broadcast 10.107.208.255 inet6 2001:xxx::2::10 prefixlen 64 vlan3: flags=8843 mtu 1500 lladdr 00:02:b3:ed:68:89 priority: 0 vlan: 3 priority: 0 parent interface: em0 groups: vlan egress inet6 fe80::202:b3ff:feed:6889%vlan3 prefixlen 64 scopeid 0x6 inet x.x.x.x netmask 0xf800 broadcast 255.255.255.255 vlan5: flags=8843 mtu 1500 lladdr 00:02:b3:ed:68:89 priority: 0 vlan: 5 priority: 0 parent interface: em0 groups: vlan inet6 fe80::202:b3ff:feed:6889%vlan5 prefixlen 64 scopeid 0x7 inet 10.180.16.1 netmask 0xff00 broadcast 10.180.16.255 inet6 2001:xxx::5::10 prefixlen 64 gif0: flags=8051 mtu 1280 priority: 0 groups: gif egress physical address inet x.x.x.x --> y.y.y.y inet6 fe80::203:baff:fe04:b21d%gif0 -> prefixlen 64 scopeid 0x8 inet6 2001:xxx:x:xxx::2 -> 2001:xxx:x:xxx::1 prefixlen 128 pflog0: flags=141 mtu 33152 priority: 0 groups: pflog I used to use a trunk device between the physical interfaces and vlan devices as well, but I moved to 1gb instead of 4x100mb interfaces. Axton Grams On Thu, May 13, 2010 at 6:52 AM, Marcus Larsson wrote: > > Hello! > > I have a server acting as a router and firewall running 4.6-stable > from Apr 24 with an Intel quad port NIC. > > In short I have problems with traffic going to or from the > server itself via a vlan interface. It works fine via em0 which > is the uplink to the ISP and doesn't use any vlan and also > traffic passing through the server is ok. > > It doesn't matter whether PF is enabled or disabled, the problem > still appears. > > em0 at pci5 dev 0 function 0 "Intel PRO/1000 QP (82576)" rev 0x01: apic 0 int 11 (irq 5), address 00:1b:21:63:74:d8 > em1 at pci5 dev 0 function 1 "Intel PRO/1000 QP (82576)" rev 0x01: apic 0 int 12 (irq 10), address 00:1b:21:63:74:d9 > > # cat /etc/hostname.em0 > inet X.X.X.X 255.255.255.252 NONE > > # cat /etc/hostname.em1 > up > # cat /etc/hostname.vlan30 > inet 10.46.196.1 255.255.255.0 NONE vlan 30 vlandev em1 > > em1 is connected to a port in a switch, vlan 30 is tagged on > that port, the switch has IP 10.46.196.8 > > I can ping 10.46.196.8 but I cannot ssh to it, the ssh attempt > hangs at: debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP and then I > get a connection closed. > > I thought this was MTU related somehow because pings work with > small packets, actually ping -s 1472 10.46.196.8 works but > anything larger than that doesnt. > > MTU for vlan30 and em1 is 1500 and I guess 1472 makes sense > since 1500 - 20(ip) - 8(icmp) = 1472. > > I really have no clue what's going on here and any help would be > very much appreciated. > > Regards > > /marcus
Date from tmux's status-right is disappearing randomly
Hi all, I have customized the status-right in tmux to show apm -l output (remaining battery) and date with time. But I'm facing a strange problem - date with time disappears from time to time (randomly). I have no idea what could be the reason. My ~/.tmux.conf contains just these three lines --- set-option -g status-right "#(apm -l)%% #(date \"+%H:%M %d.%m.%Y\")" set-option -g default-command "exec /usr/local/bin/tcsh" set-window-option -g mode-keys vi --- The first set-option command's maybe wrong? Thanks in advance for any help Milan Bartos
Re: nested vlans: safe to use?
Stuart Henderson wrote: > There's also a diff at > http://www.mail-archive.com/misc@openbsd.org/msg65694.html > that switches ethertype so you can interoperate with other vendors QinQ (it > will need updating for -current). I think I'll pick that one up and see about getting it into the tree. -- Christian "naddy" Weisgerber na...@mips.inka.de
vlan + em driver
Hello! I have a server acting as a router and firewall running 4.6-stable from Apr 24 with an Intel quad port NIC. In short I have problems with traffic going to or from the server itself via a vlan interface. It works fine via em0 which is the uplink to the ISP and doesn't use any vlan and also traffic passing through the server is ok. It doesn't matter whether PF is enabled or disabled, the problem still appears. em0 at pci5 dev 0 function 0 "Intel PRO/1000 QP (82576)" rev 0x01: apic 0 int 11 (irq 5), address 00:1b:21:63:74:d8 em1 at pci5 dev 0 function 1 "Intel PRO/1000 QP (82576)" rev 0x01: apic 0 int 12 (irq 10), address 00:1b:21:63:74:d9 # cat /etc/hostname.em0 inet X.X.X.X 255.255.255.252 NONE # cat /etc/hostname.em1 up # cat /etc/hostname.vlan30 inet 10.46.196.1 255.255.255.0 NONE vlan 30 vlandev em1 em1 is connected to a port in a switch, vlan 30 is tagged on that port, the switch has IP 10.46.196.8 I can ping 10.46.196.8 but I cannot ssh to it, the ssh attempt hangs at: debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP and then I get a connection closed. I thought this was MTU related somehow because pings work with small packets, actually ping -s 1472 10.46.196.8 works but anything larger than that doesnt. MTU for vlan30 and em1 is 1500 and I guess 1472 makes sense since 1500 - 20(ip) - 8(icmp) = 1472. I really have no clue what's going on here and any help would be very much appreciated. Regards /marcus
Re: VPN Clients Behind OpenBSD 4.6 PF NAT
Is it possible that you have multiple addresses on $ext_if? You NAT it to the first one (:0), but tunnel established using FQDNs could try to send stuff to another IP that doesn't match your NAT table. Have you actually seen anything going out of the external boxes on your firewall? Pflog and tcpdump are your friends... 2010/5/13, dontek : > I have tried adding a pass in proto esp with no change to my working status. > (tunnel uses ESP) > > If you would like to return my pf.conf with the rule(s) in the positions you > think should be necessary, I will try it and report back. > > Thanks for trying, any other ideas? > > -Original Message- > From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of > Jorge Enrique Valbuena Vargas > Sent: Wednesday, May 12, 2010 12:59 PM > To: Misc OpenBSD > Subject: Re: VPN Clients Behind OpenBSD 4.6 PF NAT > > hi, > > what about pass in and pass out with proto esp or ah ? > > > > > > > On Mon, May 10, 2010 at 6:23 PM, dontek wrote: > >> The only change to sysctl.conf from default install is uncommenting: >> >> net.inet.ip.forwarding=1 >> net.inet6.ip6.forwarding=1 >> >> I am running a slightly pruned version of the FAQ "Example: Firewall for >> Home or Small Office" pf.conf. >> - >> ext_if="fxp0" >> int_if="xl0" >> >> tcp_services="{ 22 }" >> icmp_types="echoreq" >> >> set block-policy return >> set loginterface $ext_if >> >> set skip on lo >> >> match in all scrub (no-df) >> >> nat on $ext_if from !($ext_if) -> ($ext_if:0) >> nat-anchor "ftp-proxy/*" >> rdr-anchor "ftp-proxy/*" >> >> rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021 >> >> block in >> >> pass out keep state >> >> anchor "ftp-proxy/*" >> >> antispoof quick for { lo $int_if } >> >> pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services >> flags S/SA keep state >> >> pass in inet proto icmp all icmp-type $icmp_types keep state >> >> pass in quick on $int_if >> - >> >> -Original Message- >> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of >> Jorge Enrique Valbuena Vargas >> Sent: Monday, May 10, 2010 5:47 PM >> To: Don Reis >> Cc: misc@openbsd.org >> Subject: Re: VPN Clients Behind OpenBSD 4.6 PF NAT >> >> HI, >> >> can you send the pf.conf and sysctl.conf files ? >> >> >> >> On Mon, May 10, 2010 at 2:56 PM, Don Reis wrote: >> >> > Hey guys, I got a little problem: >> > >> > >> > >> > First let me say I am running a fresh install of OpenBSD 4.6 and besides >> > turning on IP forwarding in sysctl and installing the pf.conf example >> from >> > the FAQ (modified of course to fit my NIC's), I have changed nothing in >> the >> > default install. >> > >> > >> > >> > The scenario is I am attempting to connect to various external VPN's > from >> > inside my NAT network. I have tried both the Cisco and Shrew Soft VPN >> > Clients with various Cisco and Netgear VPN concentrators and appliances, >> > all >> > with the exact same results. >> > >> > >> > >> > I initiate the connection, Phase 1 completes, Phase 2 completes, the >> tunnel >> > comes up. I'm connected now right, except, packets only flow one >> direction >> > over the tunnel, my outbound traffic gets through the tunnel to the >> remote >> > network, but nothing ever comes back. >> > >> > >> > >> > If I jack my computer directly into my internet connection, everything > is >> > peachy on all clients and all endpoints. >> > >> > >> > >> > I've searched quite a bit and almost all of what I find is people >> > complaining they can't get a connection over NAT and other people >> > recommending various port redirects to a single machine running the VPN >> > client to make things work. >> > >> > >> > >> > This is of course not like my situation. All VPN negotiations work just >> > fine, I just never receive anything over the tunnel once it's up. >> > >> > >> > >> > Give me a clue. I assume this should just work behind PF NAT, since > both >> > clients are negotiating and using NAT-T. >> > >> > >> > >> > Thanks, >> > >> > >> > >> > don.. > > -- Martin PelikC!n, Steadynet E-mail: martin.peli...@gmail.com, gpg key 0x7176E4C9 Tel: +420 724 818 573 Jabber: sztor...@jabber.cz web: http://cap.potazmo.cz/
Re: OpenBSD 4.7 pictures
http://pubwww.hsz-t.ch/~wstettle/ Martin Toft wrote: http://pics.martintoft.dk/Events/OpenBSD%204.7%2020100508/dscn2548.jpg :-D
Re: OpenBSD 4.7 pictures
http://pics.martintoft.dk/Events/OpenBSD%204.7%2020100508/dscn2548.jpg :-D
gnome build error
I am using current, and I try building from ports /x11/gnome/applets2 and I get ===> Checking files for poppler-0.12.4 `/usr/ports/distfiles/poppler-0.12.4.tar.gz' is up to date. >> (SHA256) poppler-0.12.4.tar.gz: OK ===> poppler-0.12.4 depends on: qt4-* - not found ===> Verifying install for qt4-* in x11/qt4 ===> Building for qt4-4.6.2 *** WARNING: you may see an error such as *** virtual memory exhausted *** when building this package. If you do you must increase *** your limits. See the man page for your shell and look *** for the 'limit' or 'ulimit' command. You may also want to *** see the login.conf(5) manual page. *** Some examples are: *** csh(1) and tcsh(1): limit datasize *** ksh(1), zsh(1) and bash(1): ulimit -d gmake[1]: Leaving directory `/usr/ports/pobj/qt4-4.6.2/build-i386/src/gui' *** Error code 2 Stop in /usr/ports/x11/qt4 (line 2253 of /usr/ports/infrastructure/mk/bsd.port.m k). *** Error code 1 Stop in /usr/ports/x11/qt4 (line 1509 of /usr/ports/infrastructure/mk/bsd.port.m k). *** Error code 1 Stop in /usr/ports/x11/qt4 (line 2050 of /usr/ports/infrastructure/mk/bsd.port.m k). *** Error code 1 Stop in /usr/ports/x11/qt4 (line 1540 of /usr/ports/infrastructure/mk/bsd.port.m k). *** Error code 1 Stop in /usr/ports/graphics/evince (line 1691 of /usr/ports/infrastructure/mk/bs d.port.mk). *** Error code 1 Stop in /usr/ports/graphics/evince (line 2082 of /usr/ports/infrastructure/mk/bs d.port.mk). *** Error code 1 Stop in /usr/ports/graphics/evince (line 1509 of /usr/ports/infrastructure/mk/bs d.port.mk). *** Error code 1 Stop in /usr/ports/graphics/evince (line 2050 of /usr/ports/infrastructure/mk/bs d.port.mk). *** Error code 1 Stop in /usr/ports/graphics/evince (line 1540 of /usr/ports/infrastructure/mk/bs d.port.mk). *** Error code 1 Stop in /usr/ports/x11/gnome/py-gnome-desktop (line 1691 of /usr/ports/infrastru cture/mk/bsd.port.mk). *** Error code 1 Because of that warning I do ulimit -a and it says time(cpu-seconds) unlimited file(blocks) unlimited coredump(blocks) unlimited data(kbytes) 1048576 stack(kbytes) 8192 lockedmem(kbytes) 78538 memory(kbytes) 233084 nofiles(descriptors) 128 processes 1310 Am I missing something or is it more of a ports issue than with me?
Re: pf change in upgrade47.html
On Wed, May 12, 2010 at 03:54:04PM -0700, J.C. Roberts wrote: > On Wed, 12 May 2010 20:18:14 + (UTC) Stuart Henderson > wrote: > > > I don't think that line is complete, is it? > > > > that one's okay. > > > > $ echo 'pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port > > 8021' | pfctl -nvf - > > pass in quick inet proto tcp from any to any port = ftp flags S/SA > > keep state rdr-to 127.0.0.1 port 8021 > > It's valid, but if uncommented in the default pf.conf ruleset, it would > allow anyone to use your ftp-proxy due to the following 'pass' rule. > > http://www.openbsd.org/cgi-bin/cvsweb/src/etc/pf.conf?rev=1.49;content-type=text%2Fplain > > It would be better to prevent such potential abuse by using the > egress interface group. The trouble is the 'on ...' will not allow > the use of parenthesis since it's denoting a group of interfaces > rather than a group of addresses assigned to interfaces. But this > is easily overcome by using 'from (...)' so when the underlying > address(es) change on any interface in the group, the rule will > reevaluated. > I don't understand this. on does not need () at all. Why should it? Both groups and interfaces are always evaluated. OK maybe if you destroy and recreate interfaces you use in pf.conf then you will need to reload the ruleset. > NOTE: At present, I don't understand how pf reacts when interface > groups are changed (interfaces added or deleted). > pf will pick up the changes automagically. > > Index: pf.conf > === > RCS file: /cvs/src/etc/pf.conf,v > retrieving revision 1.49 > diff -N -u -p pf.conf > --- pf.conf 17 Sep 2009 06:39:03 - 1.49 > +++ pf.conf 12 May 2010 22:25:59 - > @@ -8,7 +8,8 @@ set skip on lo > > # filter rules and anchor for ftp-proxy(8) > #anchor "ftp-proxy/*" > -#pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021 > +#pass in quick on !egress proto tcp from !(egress) to port ftp \ > +#rdr-to 127.0.0.1 port 8021 pass in quick on !egress proto tcp to port ftp rdr-to 127.0.0.1 port 8021 is good enough. There is no reason for the "from !(egress)" since that would assume that someone is spoofing your external IP in your internal network. > > # anchor for relayd(8) > #anchor "relayd/*" > -- :wq Claudio
Re: Intel Dynamic Video Memory Technology with 4.7
On May 13 08:44:03, David Coppa wrote: > On Thu, May 13, 2010 at 8:32 AM, Jan Stary wrote: > > > Works for me too, with zero configuration. If I am not mistaken, > > INTELDRM_GEM is the default now, and Owain already commited the diffs, > > so I just compiled a current GENERIC.MP to run on, and a current > > http://xenocara.org/intel-current.tgz > > This is old (and wrong): just use xf86-video-intel from a -current > xenocara tree. Sorry for that; now I just recompiled with -current and everything works. Thanks. Jan