Enterprise Unified Communications

[B R I D G E Communications]

[https://www.bridgeoc.com/banners/email-pk3.png]



Attendant Console Solutions for Cisco, RingCentral, Avaya, AT, TELUS, BT and 
Microsoft



RingCentral



The Bridge Cloud Suite for RingCentral includes our flagship attendant console 
solution Bridge Operator Console. Bridge Operator Console is the premiere tool 
for enhancing the productivity of your receptionists and operators. Bridge 
Operator Console is also available for RC partners including Avaya, AT, 
TELUS, and BT.



[header 
image]

[header 
image]



Cisco



The Bridge Cloud Suite for Cisco includes our flagship attendant console 
solution Bridge Operator Console. Bridge Operator Console is the premiere tool 
for enhancing the productivity of your receptionists and operators.



[header 
image]

The Bridge Cloud Suite for Cisco includes our flagship attendant console 
solution Bridge Operator Console. Bridge Operator Console is the premiere tool 
for enhancing the productivity of your receptionists and operators. We also 
have a legacy desktop version for Windows desktop users.

[header image]



Microsoft



The Bridge Operator Console for Skype for Business is the premiere enterprise 
attendant console for Microsoft UC.



[header 
image]



[header image]

[header image]

[header image]

Manage Email 
Subscription

Bridge Communications
1830 52nd St S
Fargo, ND 58103
+17012124797

Re: Qubes-OS is "fake" security

[I love OpenBSD]

Both OpenBSD and Qubes OS don't guarantee
perfect security.
Qubes OS has a different take on security
than OpenBSD. Both have different
advantages and disadvantages.
Physical separation is more expensive
and you need to transport more devices
from place to place.
Qubes OS lets you run mainstream OSes.
OpenBSD is a OS and is a great tool to
get to know Unix-like OSes. It is also
a great environment to practise programming
in C language. See "Developing Software
in a Hostile Environment". There is a
"The J for junk option", pledge(2).

Intel's Management Technology is indeed vulnerable

[I love OpenBSD]

INTEL-SA-00075
There is an escalation of privilege vulnerability in Intel® Active Management 
Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small 
Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 
11.5, and 11.6 that can allow an unprivileged attacker to gain control of the 
manageability features provided by these products.

Can I preview a bitlink before clicking on it?
https://support.bitly.com/hc/en-us/articles/230650447-Can-I-preview-a-bitlink-before-clicking-on-it-

Arstechnica:
http://bit.ly/2qyHCQn

Semiaccurate:
http://bit.ly/2pB2MjO

Intel's PDF:
http://intel.ly/2qAK4G0

Re: Topics for revised PF and networking tutorial

[I love OpenBSD]

I second to more IPv6 related information.
I am curious about blocking port scanning in IPv6 Web. Does pf let me put a 
CIDR into the named table based on offending IPv6 address and 64-bit mask? I 
mean something similar to 'overload ' option.

Re: Encryption

[I love BSDs]

>planning to install -current on my Thinkpad T450s (SSD).
>
>I need to have several data directories encrypted, however would not mind
>whole-disk encryption. Which method would be more supported / recommended?
>Whole-disk encryption or creating a container file, loop device and then
>virtual device with the encryption layer on it?

You would need to encrypt directories with secret data, but also make sure
other places like /tmp and swap are encrypted. /tmp can be mounted in ram
and swap is encrypted by default, but keep in mind that you need
to know every place your files could be copied by system and program working
on that file.

I would use FDE. Actually I am using it and works great (BIOS-compatible
UEFI's mode). Especially if you use SSD. Often you don't know how 
firmware inside SSD works, but we know that there commonly is large
reserved space for reallocating data on most intensive used cells.
You can't be sure overwriting data inside file would actually destroy data.
The best software only way to destroy data is to never let SSD
see plaintext data. Just encrypt, use and when you would want to sell
laptop, SSD to somebody - just destroy key.

https://www.backblaze.com/blog/how-to-securely-recycle-or-dispose-of-your-ssd/
Shorter link:
https://tinyurl.com/zo4d7yc

Modern HDDs contains microcontrollers powerful enough to run Linux:
http://spritesmods.com/?art=hddhack=7
Shorter:
https://tinyurl.com/mubtdhe

Re: File Server with OpenBSD?

[I love BSDs]

>> mtree(8) with -K sha1digest might be enough, and is in the base
>> system.
>It's a bit more complicated. You have a bitrot  if the file checksum 
>changed
>AND the modification time hasn't changed. Files that are updated will be
>reported as corrupted, which may be boring.
>If you have archiving static data, the mtree method works though.

There is also ./archivers/par2cmdline which lets you create redundancy for 
files. It is a lot higher in system (above file system), so you would need to 
make scripts to use frequently. It also doesn't create redundancy for 
filesystem's metadata. It would not harden your file system.

Re: For the super paranoid

[I love BSDs]

>In order for me to trust AMD's implementation, they first need to can
>that ridiculous Platform "Security" Processor. It is as useless and
>dangerous as Intel Management Engine, running unknown code.

Who know, maybe they are going to open source their firmware?
https://news.slashdot.org/story/17/03/10/2048236/message-for-amd-open-psp-will-improve-security-hinder-intel

Anyway I recommend "Wait and see".

Re: For the super paranoid

[I love BSDs]

Do you mean Cold boot attack?
For Linux there are patches called TRESOR. There are also other cache-based key 
storage solutions.
Anyway it means implementing complicated kernel solution to address one, very 
specific and uncommon threat.

Contacto con Dto Comercial y Ventas

[Contacto I-A]

Si tienes una Empresa, Comercio, Institución. Etc. Deberías mirar esto

Ver con audio

http://www.youtube.com/watch?v=jowa1ZCy_pQ /p

Para arrancar con todo este 2013, Curso de Administraci{on y Control de Proyectos

[Mario I. Hernandez]

Si no puede visualizar correctamente este correo, le pedimos que lo arrastre a
su Bandeja de Entrada

Apreciable Ejecutivo:

TIEM de México
Empresa Líder en Capacitación y Actualización de Capital Humano

Ponemos a su disposición este excelente curso denominado:
“Administración y Control de Proyectos”




Ciudad de México, el día  29 de Octubre de 2012

Inscríbase 5 días antes de la fecha del Curso y obtenga un descuento del 15%
con Inversión Inmediata
O bien, por cada dos participantes inscritos en tarifa de Inversión normal, el
tercero es completamente gratis

No deje pasar esta oportunidad e Invierta en su Desarrollo Personal y
Profesional

Desde hace mucho tiempo y con relación a los proyectos, los responsables de
llevarlos a cabo y los teóricos de la administración tanto publica como
privada han comprobado que muchos de los procedimientos, herramientas y
principios básicos de la administración se manifiestan poco efectivos para
poder hacer frente a los problemas que se presentan, y lo que es peor aún, que
cada vez que se presenta alguno, cuya magnitud rebasa las condiciones
normales, requiere de recursos adicionales, y de una infraestructura de buen
nivel, surgen entonces problemas de organización o de coordinación, y la
infraestructura, que funcionaba de maravilla en un proceso normal, se ve
deformada, débil y con resultados negativos en un proyecto.

Objetivo del Curso:
Que los participantes, apliquen las herramientas de administración y de
control de proyectos   desde sus etapas de planeación, diseño y control, hasta
la terminación e implementación y de los mismos.

Método Didáctico:

Altamente participativo, con predominio de la práctica, a través de ejercicios
y dinámicas estructuradas para facilitar el aprendizaje.
Al principio del proceso se lleva a cabo un proceso de evaluación  inicial
para diagnosticar el grado de conocimientos sobre el tema por parte de los
participantes, a efecto de ajustar el nivel de diálogo y ejercicios durante el
taller.
Al finalizar el evento se aplican  reactivos de evaluación y de aprendizaje.
Análisis de Casos, entre otras y role playing
Dirigido a: Todas aquellas personas que tengan dentro de sus funciones y tramo
de responsabilidad la administración y control de proyectos.

Duración: 10 horas

Para mayor información, favor de responder este correo con los siguientes
datos:
• Empresa:
• Nombre:
• Ciudad:
• Teléfono:

O si lo prefiere comuníquese a los teléfonos:

Del DF al 5611-0969 con 10 líneas
Interior del País Lada sin Costo
01 800 900 TIEM (8436)
Aceptamos todas las TDC y Débito.
**Promoción: 3 meses sin Intereses pagando con American Express
**Aplica solo con Inversión Normal

®Todos los Derechos Reservados ©2011 TIEM Talento e Innovación Empresarial
de México
Este Mensaje le ha sido enviado como usuario de TIEM de México o bien un
usuario le refirió para recibir este boletín.
Como usuario de TIEM de México, en este acto autoriza de manera expresa que
TIEM de México le puede contactar vía correo electrónico u otros medios.
Si usted ha recibido este mensaje por error, haga caso omiso de él y reporte
su cuenta respondiendo este correo con el subject BAJABD
Tenga en cuenta que la gestión de nuestras bases de datos es de suma
importancia y no es intención de la empresa la inconformidad del receptor.

RE:TE:360-0416/360-3673-SOL-PISCINAS-RESTAURANTS--BUNGALOWS-SALONES DE CONFERENCIAS-ESPARCIMIENTO-PVBLIC_I_DAD

[i...@bladecenter.sells-it.net]

[IMAGE]

VIERNES,SABADO,DOMINGO
VENGAN A PASAR EL DIA CON NOSOTROS HAGA SU RESERVA.
(Dias de semana, previa llamada telefonica)

360-0416 /360-3673 /360-2189

* VEINTE MIL M2 DE AREAS VERDES
* ALQUILER DE BUNGALOWS
* RESTAURANT,BAR,POLLOS A LA LEÑA,ALQUILER DE PARRILLAS
* PISCINAS,PISCINA PARA NIÑOS,CANCHA DE FULBITO,PALETA FRONTON,VOLEY
* PING PONG,BILLAR,FULBITO DE MANO,JUEGOS DE MESA
* SUBIBAJA,CAMA ELASTICA,COLUMPIOS,PASAMANOS
* EXCELENTE MICROCLIMA Y SOL TODO EL AÑO

· DISPONEMOS DE EQUIPO DE KARAOKE
* AREA DE CAMPING,CONSULTENOS

INVITA A TU FAMILIA Y/O AMIGOS.
ATENDEMOS COLEGIOS,RETIROS,CUMPLEAÑOS,FIESTAS INFANTILES,
ALMUERZOS DE CAMARADERÍA,CONVENCIONES O EMPRESAS

LOS ESTAREMOS ESPERANDO GUSTOSOS DE PODER ATENDERLOS.

DIRECCION:AV EL BOSQUE 401 URBANIZACION CALIFORNIA ALTA,PASANDO
CHACLACAYO
ANTES DEL PUENTE LOS ANGELES NO LO CRUCE, SIGA DE FRENTE,PARALELO AL RIO.
SIGA 2KM (TENEMOS SEÑALIZACION CARTELES FLECHAS DESDE 3.3KM ANTES.
TELEFONOS:3603673,3600416

SI USTED TIENE INTERES EN QUE LE ENVIEMOS VISTAS DE NUESTRO LOCAL
ENVIENOS
UN E-MAILS SOLICITANDO FOTOS

E-MAIL:

laderasdecajidornia@yahoo,com

si solo desea pasar el día, hay un consumo mínimo de S/. 30.00 por
persona
adulta.
El alquiler de parrilla:75 SOLES ( Carbon, utensilios y todo tipo de
salsas )
Aceptamos Tarjetas de Crédito ( Master Card, Visa, Diners Club.American
Express y Ripley ).
Para mayor información y reservaciones sírvase llamar a nuestros
teléfonos
3603673 - 3600416

Atentamaente
jonattan otero

LIMA-PERU

LAS LADERAS DE CALIFORNIA

AGRADECE LA RECEPCION DE NUESTRO E-MAIL.

Para no volver a recibir estos mensajes responda por favor escribiendo a:
laderasremo...@mixmail.com

REMOVER
Y SERA REMOVIDO A LA BREVEDAD
MUCHAS GRACIAS

question about radeon

[Onat I.]

I have Radeon HD 6520G card. I can only use it with vesa.
I don't care about acceleration but vesa doesn't support 16:9 aspect.
Everything looks fat. It's annoying. So I added appropriate lines to
/usr/src/sys/dev/pci/drm/radeon_drv.c and compiled the kernel.
When I rebooted, kernel recognized radeondrm. But Xorg still selects
vesa. If I create an /etc/X11/xorg.conf file. Screen freezes on running
startx. What other files do I need to edit? Or is it about the xorg driver?

Re: question about radeon

[Onat I.]

Thanks for quick reply. Yes, it works on linux but it's not my favorite
OS unfortunately.

On 17 September 2012 00:28, Stefan Sperling s...@openbsd.org wrote:
 On Sun, Sep 16, 2012 at 10:47:24PM +0300, Onat I. wrote:
 I have Radeon HD 6520G card. I can only use it with vesa.
 I don't care about acceleration but vesa doesn't support 16:9 aspect.
 Everything looks fat. It's annoying. So I added appropriate lines to
 /usr/src/sys/dev/pci/drm/radeon_drv.c and compiled the kernel.
 When I rebooted, kernel recognized radeondrm. But Xorg still selects
 vesa. If I create an /etc/X11/xorg.conf file. Screen freezes on running
 startx. What other files do I need to edit? Or is it about the xorg driver?

 The problem is that the radeon driver supports newer radeon chips
 only with kernel mode setting (KMS), which OpenBSD does not support.
 OpenBSD only supports traditional user mode setting right now.
 AFAIK only Linux supports KMS. It seems upstream is removing all user
 mode setting support with the next release of the radeon driver:
 http://cgit.freedesktop.org/xorg/driver/xf86-video-ati/commit/?id=50689ec8dbd4a68527b2ac16cecac298b8d441d0

 I have a similar ATI card in a notebook (ATI Radeon HD 6320).
 The radeon driver comes up with the full display resolution.
 However, it's unaccelerated and once the X server exits the
 screen stays black. So it's not much better than vesa which
 is stuck at 1024x768. No xvideo or 3D either way.

 That's gonna be the situation until someone with the necessary
 skills, and time to spend, fixes it.

Excelente curso de Comunicación Asertiva con PNL Nueva Fecha

[Mario Hern�ndez I.]

¡Muy Importante!
Si no puede visualizar correctamente este correo, le pedimos que lo arrastre a
su Bandeja de Entrada

Apreciable Ejecutivo:

TIEM de México
Empresa Líder en Capacitación y Actualización de Capital Humano

Pone nuevamente a su disposición este exitoso curso denominado:
“Comunicación Asertiva con PNL”

Que se llevará a cabo el día:
 27 de Septiembre en la Ciudad de México

Inscríbase antes del 22 de Septiembre y obtenga un descuento del 15% con
Inversión Inmediata
No deje pasar esta nueva oportunidad y reserve sus lugares con anticipación

La Asertividad es una forma de comunicación que permite decir lo que uno
piensa y actuar en consecuencia, haciendo lo que se considera más apropiado,
sin agredir u ofender a nadie, ni permitir ser agredido u ofendido y evitando
situaciones conflictivas,   por esta razón la comunicación asertiva en el
trabajo es sumamente importante para lograr relaciones agradables aunado a un
ambiente de trabajo sano en donde puedan fluir las ideas sin discrepancias y
así llegar con éxito al objetivo de cualquier organización.

La comunicación asertiva en el área laboral tiene que ver en la interpretación
de la información Jefe subordinado, en ocasiones cuando la comunicación no es
clara y asertiva se llega a mal interpretar las indicaciones, por lo tanto las
actividades que se hicieron no llevaron el enfoque esperado, dando como
resultado un conflicto entre personas y organización, vienen las discusiones,
que pudiesen evitarse con una comunicación clara que no contenga ruidos que se
interpongan en una asimilación exacta, que coadyuvara a que todas las
estrategias que ha desarrollado la empresa se cumplan conforme a lo esperado.

Durante este curso los participantes:

Desarrollarán habilidades que les permitan comunicarse de manera  asertiva y
solidaria en sus relaciones interpersonales usando técnicas y herramientas de
Programación Neurolingüística.
Logrará un manejo productivo de las situaciones conflictivas en cualquier
ámbito de su vida personal y/o profesional.
Si al momento de recibir este correo ya realizo su confirmación le pedimos
haga caso omiso.

De lo contrario, favor de responder este correo con los siguientes datos:
• Empresa:
• Nombre:
• Ciudad:
• Teléfono:

O si lo prefiere comuníquese a los teléfonos:

Del DF al 5611-0969 con 10 líneas
Interior del País Lada sin Costo
01 800 900 TIEM (8436)
Aceptamos todas las TDC y Débito.
**Promoción: 3 meses sin Intereses pagando con American Express
**Aplica solo con Inversión Normal

®Todos los Derechos Reservados ©2011 TIEM Talento e Innovación Empresarial
de México
Este Mensaje le ha sido enviado como usuario de TIEM de México o bien un
usuario le refirió para recibir este boletín.
Como usuario de TIEM de México, en este acto autoriza de manera expresa que
TIEM de México le puede contactar vía correo electrónico u otros medios.
Si usted ha recibido este mensaje por error, haga caso omiso de él y reporte
su cuenta respondiendo este correo con el subject BAJABD
Tenga en cuenta que la gestión de nuestras bases de datos es de suma
importancia y no es intención de la empresa la inconformidad del receptor.

RE:TE:360-0416/360-3673-SOL-PISCINAS-BUNGALOWS-SALONES DE CONFERENCIAS-ESPARCIMIENTO-PVBLIC_I_DAD

[i...@bladecenter.sells-it.net]

[IMAGE]

VIERNES,SABADO,DOMINGO
VENGAN A PASAR EL DIA CON NOSOTROS HAGA SU RESERVA.
(Dias de semana, previa llamada telefonica)

360-0416 /360-3673 /360-2189

HABITACIONES PARA 2 PERSONAS DESDE 120 SOLES
* VEINTE MIL M2 DE AREAS VERDES
* ALQUILER DE BUNGALOWS
* RESTAURANT,BAR,POLLOS A LA LEÑA,ALQUILER DE PARRILLAS
* PISCINAS,PISCINA PARA NIÑOS,CANCHA DE FULBITO,PALETA FRONTON,VOLEY
* PING PONG,BILLAR,FULBITO DE MANO,JUEGOS DE MESA
* SUBIBAJA,CAMA ELASTICA,COLUMPIOS,PASAMANOS
* EXCELENTE MICROCLIMA Y SOL TODO EL AÑO

· DISPONEMOS DE EQUIPO DE KARAOKE
* AREA DE CAMPING,CONSULTENOS

INVITA A TU FAMILIA Y/O AMIGOS.
ATENDEMOS COLEGIOS,RETIROS,CUMPLEAÑOS,FIESTAS INFANTILES,
ALMUERZOS DE CAMARADERÍA,CONVENCIONES O EMPRESAS

LOS ESTAREMOS ESPERANDO GUSTOSOS DE PODER ATENDERLOS.

DIRECCION:AV EL BOSQUE 401 URBANIZACION CALIFORNIA ALTA,PASANDO
CHACLACAYO
ANTES DEL PUENTE LOS ANGELES NO LO CRUCE, SIGA DE FRENTE,PARALELO AL RIO.
SIGA 2KM (TENEMOS SEÑALIZACION CARTELES FLECHAS DESDE 3.3KM ANTES.
TELEFONOS:3603673,3600416

SI USTED TIENE INTERES EN QUE LE ENVIEMOS VISTAS DE NUESTRO LOCAL
ENVIENOS
UN E-MAILS SOLICITANDO FOTOS

E-MAIL:

las.prader...@hotmail.com

Si solo desea pasar el día, hay un consumo mínimo de S/. 30.00 por
persona
adulta.
El alquiler de parrilla: US. $ 10.00 ( Carbon, utensilios y todo tipo de
salsas )
Aceptamos Tarjetas de Crédito ( Master Card, Visa, Diners Club.American
Express y Ripley ).
Para mayor información y reservaciones sírvase llamar a nuestros
teléfonos
3603673 - 3600416

Atentamaente
jonattan otero

LIMA-PERU

LAS LADERAS DE CALIFORNIA

AGRADECE LA RECEPCION DE NUESTRO E-MAIL.

Para no volver a recibir estos mensajes responda por favor escribiendo a:
laderasremo...@mixmail.com

REMOVER
Y SERA REMOVIDO A LA BREVEDAD
MUCHAS GRACIAS

RE:TE:360-0416/360-3673-SOL-PISCINAS-RESTAURANTS-BUNGALOWS-SALONES DE CONFERENCIAS-ESPARCIMIENTO-PVBLIC_I_DAD1

[i...@bladecenter.sells-it.net]

[IMAGE]

VIERNES,SABADO,DOMINGO
VENGAN A PASAR EL DIA CON NOSOTROS HAGA SU RESERVA.
(Dias de semana, previa llamada telefonica)

360-0416 /360-3673 /360-2189

HABITACIONES PARA 2 PERSONAS DESDE 120 SOLES
* VEINTE MIL M2 DE AREAS VERDES
* ALQUILER DE BUNGALOWS
* RESTAURANT,BAR,POLLOS A LA LEÑA,ALQUILER DE PARRILLAS
* PISCINAS,PISCINA PARA NIÑOS,CANCHA DE FULBITO,PALETA FRONTON,VOLEY
* PING PONG,BILLAR,FULBITO DE MANO,JUEGOS DE MESA
* SUBIBAJA,CAMA ELASTICA,COLUMPIOS,PASAMANOS
* EXCELENTE MICROCLIMA Y SOL TODO EL AÑO

· DISPONEMOS DE EQUIPO DE KARAOKE
* AREA DE CAMPING,CONSULTENOS

INVITA A TU FAMILIA Y/O AMIGOS.
ATENDEMOS COLEGIOS,RETIROS,CUMPLEAÑOS,FIESTAS INFANTILES,
ALMUERZOS DE CAMARADERÍA,CONVENCIONES O EMPRESAS

LOS ESTAREMOS ESPERANDO GUSTOSOS DE PODER ATENDERLOS.

DIRECCION:AV EL BOSQUE 401 URBANIZACION CALIFORNIA ALTA,PASANDO
CHACLACAYO
ANTES DEL PUENTE LOS ANGELES NO LO CRUCE, SIGA DE FRENTE,PARALELO AL RIO.
SIGA 2KM (TENEMOS SEÑALIZACION CARTELES FLECHAS DESDE 3.3KM ANTES.
TELEFONOS:3603673,3600416

SI USTED TIENE INTERES EN QUE LE ENVIEMOS VISTAS DE NUESTRO LOCAL
ENVIENOS
UN E-MAILS SOLICITANDO FOTOS

E-MAIL:

las.lade...@hotmail.com

Si solo desea pasar el día, hay un consumo mínimo de S/. 30.00 por
persona
adulta.
El alquiler de parrilla: US. $ 10.00 ( Carbon, utensilios y todo tipo de
salsas )
Aceptamos Tarjetas de Crédito ( Master Card, Visa, Diners Club.American
Express y Ripley ).
Para mayor información y reservaciones sírvase llamar a nuestros
teléfonos
3603673 - 3600416

Atentamaente
jonattan otero

LIMA-PERU

LAS LADERAS DE CALIFORNIA

AGRADECE LA RECEPCION DE NUESTRO E-MAIL.

Para no volver a recibir estos mensajes responda por favor escribiendo a:
laderasremo...@mixmail.com

REMOVER
Y SERA REMOVIDO A LA BREVEDAD
MUCHAS GRACIAS

Propuesta

[I-A]

Ver con Audio

http://www.youtube.com/watc h?v=X06Ng8K1tmA

Necesita incrementar sus ventas?

[i...@manadmon.com]

?Encontrar nuevos clientes? ?Llegar a mas gente?

E-mail Marketing 1.0 es un software capaz de encontrar contactos y
enviarles email.

Con ello usted tendra mas compradores para sus productos o servicios.

http://www.emailmasivo.com

Entre a nuestra web para probar gratis el software o plantear cualquier
duda que tenga*

* use el formulario de contacto que esta en nuestra pagina web.

Votre Carte Bancaire vient d\'�tre suspendue

[i...@visa.fr]

VerifedbyvisaVerifedbyvisa

  Chhre client

  Nous vous informons que votre Carte Bancaire vient d'jtre suspendue
  par nos services suite au nouvelles mesure de securite mise en place
  pour lutter contre les fraudes, Les achats sur Internet sont devenus
  monnaie courante. Avec eux est apparu un besoin croissant de
  Securisation des paiements tant pour les consommateurs que pour les
  sites Commerce.

  Nous vous invitons a effectuer la mise a jour ou la Criation de votre
  compte Verified by visa . Pour votre sicuriti, nous avons suspendue
  votre Carte de Cridit. Pour lever cette suspension suivez la
  procidure indiquer pour Mettre a jour votre Carte Cridit.

 Cliquez ici pour activer votre compte 

  Note: Si vous N'effectuez aucune actions, nous serons contraints de
  suspendre votre carte difinitivement auprhs de votre banque
  imettrice. Nous vous remercions de votre Coopiration dans le cadre de
  votre dossier 0182940622.Visa et MasterCard vous propose un
  dispositif dauthentification capable de lutter contre d'utilisation
  frauduleuse de votre carte bancaire sur Internet Support Clients
  Service.
  _
  Copyright 2011  Verifed by Visa . Tous droits Reserves.

Instrucciones para adoptar factura electronica. Evento sin costo

[Lic. Patricia Parra Contpaq i]

Asiste al seminario:

Instrucciones para adoptar la Factura Electronica.
Incluye Reconocimiento avalado por la Secretaria del Trabajo.

Si todavia  no facturas electrC3nicamente, eres fabricante,  o comerciante,
 das servicios, o  tienes un punto de venta y tienes dudas, este seminario
es para ti.
Es mas sencillo de lo que parece, asi de facil lo vamos a explciar.

Asi de facil Asi de Contpaq i.

Fecha:  Mayo 11 del 2011
Registro:  9:30.  Evento 10:00 a.m  a 12: 30
En la tarde:
Registro: 3:30  Evento 4:00 pm a 6:30
Lugar:  Av. Ejercito Nacional 613 Mezzanine.  Col. Polanco.  Hospital
EspaC1ol.


Registrate al 55571186 con Pamela Herrera o envC-a tu  nombre, telefono y
empresa a even...@peysa.com.mx
Solicita tu codigo de acceso al evento por estos medios.

El objetivo de este correo es informativo.  No deseamos molestarte.  Si no
deseas recibir mas informacion, da click aqui: 
http://www.consultoriamx.info/infinitomail034/unsubscribe.php?M=23647C=48d5529628ec7534a68b5c435de438a8L=3N=5
www.mdemex.com / Marketing Web al alcance de todos

информация для Вас

[i n f o]

Aag{ Damm{u dk cep|egm{u k~dei
 
 dk ohqel: burt...@bk.ru
 
 -Hlo.npr/}jqon.pr - Sjp`hm` h PT (r`l.nfm) dn 2010 bjk.
 -Bqe opedo.phrh Sjp`hm{ 31.12.2010
 -Naz.el{ opnhgbndqrb` 2007, 2008, 2009
 -A`k`m.q{ h thmpegsk|r`r{
 -thgk.hv`
 -reke.tnmm{e aag{
 -Wep.m{e qohqjh - dnkfmhjh, opnakelm{e ^p h Thgkhv`.
 -Ge.lk: Jheb h Nak`qr|
 -Tnmdnb{i p{mnj
 ===

You have a new Greeting

[i...@greetings.com]

Hello friend !
You have just recieved a postcard Greeting from your friend.

Click here if you want to download your Animated Greeting !

Thank you for using www.Greetings.com services.
Please take this opportunity to let your friends hear about us by sending
them a postcard from our collection !

Un petit coup d'oeil !

[i...@elixirpublicite.fr]

Si vous ne visualisez pas cet e-mail correctement, cliquez ici. Si vous
disirez vous disabonner, cliquez ici

Re: tmux vs screen questions

[i meltp]

On Sun, Jul 12, 2009 at 7:54 PM, Nicholas
Marriottnicholas.marri...@gmail.com wrote:
  What is copy mode missing?

 nothing, i just put it on the list what is needed for tmux
 to dehtrone screen :]

 I don't understand. What is tmux copy mode missing?

Since you're asking, I kinda miss the H/M/L commands in copy mode
with vi-keys, for jumping to the top/middle/last line on the screen.

Bigger problem is: I often accidentally hit Space instead of Enter for
``copy selection'' with mode-keys vi --- and then catch myself and
hit Enter.  Seems to me this /should/ copy nothing at all; but if I try
to paste this non-selection, tmux dies with a ``[lost server]''
message.  Tested with version 0.7 (from openbsd 4.5 packages)
and whatever's in -current.

You have a new Greeting

[i...@greetings.com]

Hello friend !
You have just recieved a postcard Greeting from your friend.

Click here if you want to download your Animated Greeting !

Thank you for using www.Greetings.com services.
Please take this opportunity to let your friends hear about us by sending
them a postcard from our collection !

1 + 1 = 3

[i...@univantagens.pt]

MAIL ERROR

[demime 1.01d removed an attachment of type image/jpeg]

wireless pci bwi0 bcm4036c on compaq presario rc3204 amd64

[K H A I]

Hello,
Is any has experience on this bwi0?
I have it setup with it only work with dhcp only . One problem I can not run 
lynx or
web browser like firefox. It just hung. FTP is working but it's very slow 
reponse.
dig command works fine. Is it problem with the driver or do i missing any?

basicly the configuration like this:
hostname.bwi0 : dhcp NONE NONE NONE nwkey=0x1234554321 chan 11

resolv.conf : nameserver 192.168.0.1

when boot it create ip 192.168.0.106 

Cheers, 
K. Dao

Router pf one way ping

[I smell the pain on the breath..... of the lust and the lonely....]

Hi,
I have an openbsd router running pf. Using a 'pass all' rule set.
pass in log all keep state pass out log all keep state
I manage to ping one way! But not the other.
I originally had a wireless laptop running vista on 172.0.0.6, trying to ping
Server 2003 on 192.168.0.4.
default Gateways set in both these machines to:
 Laptop: 172.16.0.254 (router em0)
 Server 2003: 192.168.0.254 (router rl0)

I thought it was the Server preventing pings even though windows firewall
service was off, so tried a Ubuntu machine, same
problem.

Output from pinging from laptop to ubuntu:

# tcpdump -n -e -ttt -i pflog0
tcpdump: listening on pflog0, link-type PFLOG Jan 20 09:00:34.514535 rule
0/(match) pass in on em0: 172.16.0.6  192.168.0.10: icmp: echo request Jan 20
09:00:34.514551 rule 1/(match) pass out on rl0: 172.16.0.6  192.168.0.10:
icmp: echo request 2 packets received by filter 0 packets dropped by kernel
This ping does not work from linux ubuntu to laptop:
# tcpdump -n -e -ttt -i pflog0 tcpdump: listening on pflog0, link-type PFLOG
Jan 20 09:00:46.735139 rule 0/(match) pass in on rl0: 192.168.0.10 
172.16.0.6: icmp: echo request (DF) Jan 20 09:00:46.735156 rule 1/(match) pass
out on em0: 192.168.0.10  172.16.0.6: icmp: echo request (DF) 2 packets
received by filter 0 packets dropped by kernel
I wonder if it is a static route issue on the client?
Or is it a static route issue on the router?
I added route add default gw 192.168.0.254 on ubuntu and also route add
-net 172.16.0.0 mask 255.255.255.0 gw 192.168.0.254

Not sure what I am doing wrong.

Can anyone help me?

Thanks
my net diagram:
clients(laptop wireless) -172.16.0.0 /24--- hub --- openbsd
router  hub  192.168.0.0 /24-- client (ubuntu or server
2003)
_
Imagine a life without walls.  See the possibilities
http://clk.atdmt.com/UKM/go/122465943/direct/01/

Where have you been? Happy Holidays!!!

[I design for you]

Hello Happy Holidays!! I'm looking to meet new people and network.  I know alot of 
people and I want to create a strong new movement of networking for 2009!  Maybe 
you are looking for a new graphic designer and/or a webdesigner to help you with 
upcoming projects!  Let me know I can help you!  I also create FLASH and ANIMATIONS 
for web promotions.  I have a bachelors in Interactive Media  Design from the 
ART INSTITUTE and looking to network with YOU!!!

Here are some sites I've designed recently
Oh and add me on myspace!!
http://www.myspace.com/onlineaboutmusic

HYPERLINK http://www.linkupmedia.com; www.linkupmedia.com
HYPERLINK http://www.onlineaboutmusic.com/RobVasquez/Layout.html; 
www.onlineaboutmusic.com/RobVasquez/Layout.html
HYPERLINK http://www.onlineaboutmusic.com; www.onlineaboutmusic.com
HYPERLINK http://www.jamrockmagazine.com; www.jamrockmagazine.com
HYPERLINK http://www.fmdance.com; www.fmdance.com
HYPERLINK http://www.nywizardcarsgonewild.com; www.nywizardcarsgonewild.com
HYPERLINK http://www.myspace.com/onlineaboutmusic; 
www.myspace.com/onlineaboutmusic
HYPERLINK http://www.sciologix.com; www.sciologix.com
HYPERLINK http://www.winmychevy.com; www.winmychevy.com



Portfolio Links
www.onlineaboutmusic.com/RobVasquez/Layout.html
http://onlineaboutmusic.com/images/Robs/PORTFOLIOGRAPHICS.jpg
http://onlineaboutmusic.com/images/Robs/Bulldog.gif
http://onlineaboutmusic.com/images/Robs/DEC12THADPOSTFOLIO.gif


Well it would be nice to hear from you!
I am interested in creating some Eye Catching graphics for you and/or company.
Send me a message if you are interested and we'll discuss your project..

If you do not have any need for my services at the moment, Please save my email 
for future reference.

aboutdesign...@gmail.com


Talk to you soon,
Rob V
631-922-1287

Happy Holidays,
Mr. Vasquez
desi...@onlineaboutmusic.com


Happy Holidays,
Robert Vasquez
desi...@onlineaboutmusic.com

Re: JDK 1.7

[K H A I]

--- On Tue, 11/25/08, Denny White [EMAIL PROTECTED] wrote:
From: Denny White [EMAIL PROTECTED]
Subject: Re: JDK 1.7
To: K H A I [EMAIL PROTECTED]
Cc: OpenBSD Questions misc@openbsd.org
Date: Tuesday, November 25, 2008, 3:02 AM

 --- On Wed, 11/19/08, Stuart Henderson [EMAIL PROTECTED] wrote:
 From: Stuart Henderson [EMAIL PROTECTED]
 Subject: Re: JDK 1.7
 To: Marco Peereboom [EMAIL PROTECTED]
 Cc: misc@openbsd.org
 Date: Wednesday, November 19, 2008, 8:55 AM
 
 On 2008/11/19 07:51, Marco Peereboom wrote:
  If you rely on that plugin it is a little more than a not a big
 deal.
  I for one would love to see it.  yay kurt!
 
  On Wed, Nov 19, 2008 at 11:45:38AM +, Stuart Henderson wrote:
   On 2008-11-19, Steve Shockley
[EMAIL PROTECTED]
 wrote:
I tried installing the JDK 1.7 package on a -current
machine,
 but
couldn't find how to add the plugin to Firefox.  Does
JDK
 1.7 include
the plugin?
  
   It doesn't.
  
   It's not a big deal, 1.6 works just fine, just wondering.
  
 
 oops, trimmed the  prefix to the quote. the It's not a big
 deal was
 from the original poster.
 
On Mon, Nov 24, 2008 at 07:10:40AM -0800, K H A I spoke thusly:
 I;ve just compiled jdk-1.5.0.4
 I cannot not make plugin works
 /usr/local/jdk-1.5.0/jre/plugin has 2 files .so  cannot remember the name
 I have copied to to /usr/local/lib/mozilla-plugin
 also when i exec manually /usr/local/jdk-1.5.0/bin/ControlPanel,
 I see the table which has:
 /usr/local/jdk-1.5.0/jre/bin/java  enable
 /usr/local/jdk-1.5.0/bin/java   enable
 
 When I start firefox, I cannot see java plugin
 How do i create it?
 Any help would be greatlly appreciated.
 Cheers.
 K.D

K.D.
Moved your post to the bottom. Makes it a LOT easier to follow a
thread as in 'please don't top post'. I don't care but most
others do.
I built 1.6.0 but it works on the same the principle for you in 1.5.0.
Do you mean you copied the actual files there? I'd get rid of them
first to keep from any confusion. You have to link back to the actual
binary as it needs other stuff which isn't in your plugins directory.
Then:

ln -fs /usr/local/jdk-1.5.0/jre/plugin/i386/ns7/libjavaplugin_oji.so \
~/.mozilla/plugins/

Open firefox  in the address bar type 'about:plugins' (minus
quotes).
Mine looks like so:

Java(TM) Plug-in 1.6.0_03-p4-b00

File name: libjavaplugin_oji.so
Java(TM) Plug-in 1.6.0_03

Lots of java specs follow below that.

Okay? [ Chuc may man! (minus diacritics - just guessing ]
Apologies if I'm wrong. ;)

-- 

Denny White

===
GnuPG key  : 0x1644E79A  |  http://wwwkeys.nl.pgp.net
Fingerprint: D0A9 AD44 1F10 E09E 0E67  EC25 CB44 F2E5 1644 E79A
===

Denny,
Thanks for feedback.
The way you setup I already did but it did not work for mine.
I want to copy to /usr/local/lib/mozilla/plugin for global use.
it works the same thing , one is per user , the other is for everyone.
to access the plugin.

cheers
(not may man yet)
K.D

Re: JDK 1.7

[K H A I]

I;ve just compiled jdk-1.5.0.4
I cannot not make plugin works
/usr/local/jdk-1.5.0/jre/plugin has 2 files .so  cannot remember the name
I have copied to to /usr/local/lib/mozilla-plugin
also when i exec manually /usr/local/jdk-1.5.0/bin/ControlPanel,
I see the table which has:
/usr/local/jdk-1.5.0/jre/bin/java  enable
/usr/local/jdk-1.5.0/bin/java   enable

When I start firefox, I cannot see java plugin
How do i create it?
Any help would be greatlly appreciated.
Cheers.
K.D



--- On Wed, 11/19/08, Stuart Henderson [EMAIL PROTECTED] wrote:
From: Stuart Henderson [EMAIL PROTECTED]
Subject: Re: JDK 1.7
To: Marco Peereboom [EMAIL PROTECTED]
Cc: misc@openbsd.org
Date: Wednesday, November 19, 2008, 8:55 AM

On 2008/11/19 07:51, Marco Peereboom wrote:
 If you rely on that plugin it is a little more than a not a big
deal.
 I for one would love to see it.  yay kurt!

 On Wed, Nov 19, 2008 at 11:45:38AM +, Stuart Henderson wrote:
  On 2008-11-19, Steve Shockley [EMAIL PROTECTED]
wrote:
   I tried installing the JDK 1.7 package on a -current machine,
but
   couldn't find how to add the plugin to Firefox.  Does JDK
1.7 include
   the plugin?
 
  It doesn't.
 
  It's not a big deal, 1.6 works just fine, just wondering.
 

oops, trimmed the  prefix to the quote. the It's not a big
deal was
from the original poster.

sunfire v100 hardware

[K H A I]

Hello,

I receive sunfire V100 hardware wifh 512K RAM , IDE cdrom  without hard disk.

Does any one know it support regular ide hard drive?

what bsd architecture support it? is it sparc 64 or sun ?
if any one has experience helps to make it work is greatly appreciated since i
have no ideas.

Cheers,
KD

chaplIn...

[T e z Z i A m . . .]

.

.

.

out of all

the lies

said to mE

i love you

was my favouriTe

.

.

.

[EMAIL PROTECTED]

.

.

.

Re: facts about OpenBSD

[Thordur I. Bjornsson]

Lots of whining.

Where are your diffs to fix these issues ?

Oh, no wait. you want *other* people todo the work for you,
its not enough that you got what they gave already you want
more, you ungrateful whining dick.

-- 
Wer nicht liebt Wein, Weib und Gesang / Der bleibt ein Narr sein Lebelang.
(Who does not love wine, women, and song, Remains a fool his whole life long.)
-- Johann Heinrich Voss

Re: Code signing in OpenBSD

[Jeff I. Ragland]

On 06 NN5N: 2007, at 5:39 NN, bofh wrote:


You forgot one option.  Invite Theo to give a talk, and ask him to
bring the CDs.  If you can't trust Theo's CDs, all hope is lost.


And how would you know that it is indeed Theo and not someone that
looks like him? I think that blood samples and DNA tests is the only
way to go here.





Just need to make sure there're some mountains around for Theo to go
climb.  If you live on a flatland, then, sorry, you're doomed.


On 12/6/07, Douglas A. Tutty [EMAIL PROTECTED] wrote:

On Thu, Dec 06, 2007 at 11:48:55AM +0100, Hannah Schroeter wrote:


One risk would be the plans of online surveillance of computers
e.g.
in Germany. One way to install surveillance even on OpenBSD would
be to
actively interfere with the internet connection with the surveilled
person, in the man-in-the-middle sense, and inject trojanned code
(Bundestrojaner) into the updates of the victim.


Using software from any source without interference from an
all-pervasive government is a very special, but unfortunatly today, a
very real issue for many people around the world.  To be secure, you
have to get pieces of the puzzle over multiple paths.  It all can't
come
via the net since then you're open to man-in-the-middle.

Key-revocation announcements could come over the net (via an announce
list) but the new key would then have to come over a second channel.

One second-channel option is the q6mth CD issue, which could
include a
new public key and e.g. known-hosts fingerprints.  This is
vulnerable to
a very determined man-in-the-middle who can replicate and then
alter the
CD before it arrives to you in the mail.

Another option is a trusted courier flying to Alberta and get a CD
from
the OpenBSD store  (yeah, right).

In fact, likely any other technological option (e.g. an answering
machine in Alberta that spits out the alphanumerics of the current
master public key) is still suceptible.

If every piece of information you receive is filter through your
government, is there any hand-shaking protocol that can allow you to
establish a verified information connection (not necessarily
encrypted)?
I don't think so.

Sure, Debian has signed .debs that use gpg as a back end (the
system is
called apt-key), it relies on you trusting the fist key that you get
from them.  Since Debian doesn't actually mail out its own CDs,
everything is off its mirrors.  apt-key only 'protects' you from a
later
man-in-the-middle.

I think that this is the central 'problem' that people are dancing
around.

Personally, if this thread is to continue, I would like to see it
move
from a Why doesn't OpenBSD do things this way? to a What are the
threat models for OpenBSD identity theft and how can we protect
ourselves?.

Doug.





--
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
This officer's men seem to follow him merely out of idle curiosity.
-- Sandhurst officer cadet evaluation.
Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted.  -- Gene Spafford

usb printer speed

[Onat I#350;IK]

My usb printer works very slow under OpenBSD,
I mean, when compared to other operating systems.
According to dmesg, the printer operates through
usb version 1. Is there any way, like kernel
configuration or so, to make it operate under
usb version 2?

I'm asking because I want to erase that other
operating system from my hard drive. Currently
I only need it to print faster.

Send instant messages to your online friends http://uk.messenger.yahoo.com 

uxterm problem

[Onat I#350;IK]

I'm using a recent snapshot. I used to be able to type in
unicode characters using vim-no_x11 or even using
ed(1) under uxterm. It is no longer possible. The
characters I was able to type was Turkish characters
dotless i, g breve and s cedilla. I have the line
XkbLayout tr in xorg.conf. I think the problem is
related to uxterm.

 Send instant messages to your online friends http://uk.messenger.yahoo.com 

Re: finding out physical memory size after boot ?

[S t i n g r a y]

thanks ..

 

*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
  



- Original Message 
From: Paul de Weerd [EMAIL PROTECTED]
To: S t i n g r a y [EMAIL PROTECTED]
Cc: openbsd misc@openbsd.org
Sent: Friday, January 26, 2007 11:58:55 AM
Subject: Re: finding out physical memory size after boot ?

On Thu, Jan 25, 2007 at 07:10:00PM -0800, S t i n g r a y wrote:
| How can i find out the size of physical memory after boot, my system
| has 512MB ram  this is what dmesg shows , but top commands reviles
| otherwise
| 
| 
| load averages:  0.26,  0.35,  0.30 
21:15:47
| 49 processes:  48 idle, 1 on processor
| CPU states:  2.0% user,  0.0% nice,  1.1% system,  4.2% interrupt, 92.7% idle
| Memory: Real: 300M/359M act/tot  Free: 137M  Swap: 0K/800M used/tot
| 
| gets me confused.

Try `sysctl hw.physmem` or `grep ^real\ mem /var/run/dmesg.boot`.

Cheers,

Paul 'WEiRD' de Weerd

-- 
[++-]+++.+++[---].+++[+
+++-].++[-]+.--.[-]
 http://www.weirdnet.nl/ 





 

Sucker-punch spam with award-winning protection. 
Try the free Yahoo! Mail Beta.
http://advision.webevents.yahoo.com/mailbeta/features_spam.html

multiple external links working .. (Solved)

[S t i n g r a y]

Yes it was exactly this  thanks Soner Tari  Stuart Henderson for Helping me 
(newbie) in so detail that now finally i have succeeded in making  multiple 
external connection  serving them as one.
lush it feels so good ..

Thank you.
I owe you one.

p.s  is it possible to  have a 3rd internet connection join this ? :) 


*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
  



- Original Message 
From:  [EMAIL PROTECTED]
To: S t i n g r a y [EMAIL PROTECTED]
Cc: openbsd misc@openbsd.org
Sent: Wednesday, January 24, 2007 12:53:40 AM
Subject: Re: multiple external links not working ..

Hi, I'm using two external interfaces myself, and I believe I had the
same problem you describe in your message. I bet when you do:

netstat -rnf inet | grep default

you will see that your (ext_if2 ext_gw2) comes on top. Thus, my theory
is that the kernel is preferring your second external interface due to
your routing table (i.e. the order of your default routes).

Since I don't know how to handle this in pf.conf for connections
originating from my firewall, such as an http proxy running on the
firewall, just as in your case too (otherwise route-to and reply-to work
fine), I change my routing table in rc files.

Specifically, I rearrange the order of my default routes to have my
first external interface/gateway on top:

route add default -ifp ext_if1 -mpath ext_gw1
route add default -ifp ext_if2 -mpath ext_gw2

Accordingly, I removed the similar shell commands in hostname.if(5)
files.

Hope this helps,

On Tue, 2007-01-23 at 08:36 -0800, S t i n g r a y wrote:
 Well thanks to everyone who help me coming close to using multiple external 
 links for internet.
 but its still not working, my scenario is that i have 2 ISP's connection  now 
 the main internet connection  is the powerful one which i only want  to use 
 for specific  protocols  which i have defined  in a macro called ports  now 
 rest is supposed to goto to my 2nd internet connection which is a weak  
 cheap connection basically there to allow p2p applications access.
 Main internet is ext_if1 (xl0)
 slow internet is ext_if2 (xl2)
 LAN is int_if (xl1) 
 now the problem is that when ever i apply my pf.conf file all the traffic 
 goes to 2nd slow internet connection.
 
 my pf.conf file
 lan_net = 10.0.0.0/16
 int_if  = xl1
 ext_if1 = xl0
 ext_if2 = xl2
 ext_gw1 = 192.168.0.1
 ext_gw2 = 203.81.235.1
 chadd = 10.0.0.1
 ports =  22 25 53 80 110 119 123 143 443 465 554 900 995 1755 1863
 table allowedclients persist file /etc/allowedclients
 
 nat on $ext_if1 inet proto {tcp, udp } from allowedclients to any port \
 { $ports } - ($ext_if1)
 nat on $ext_if2 inet proto {tcp, udp } from allowedclients to any \
  - ($ext_if2)
 
 rdr on $int_if proto tcp from allowedclients to any port 80 - $chadd port 
 8080
 
 pass out log on $int_if from any to $lan_net
 
 pass in log quick on $int_if from $lan_net to $int_if
 pass in log on $int_if route-to { ($ext_if2 $ext_gw2) } from \
 $lan_net to any flags S/SA keep state
 pass in log on $int_if route-to { ($ext_if1 $ext_gw1) } inet proto tcp from \
 $lan_net to any port {$ports} flags S/SA keep state
 
 pass out log on $ext_if2 proto tcp from any to any flags S/SA modulate state
 pass out log on $ext_if2 proto { udp, icmp } from any to any keep state
 pass out log on $ext_if1 proto tcp from any to any flags S/SA modulate state  
 pass out log on $ext_if1 proto { udp, icmp } from any to any keep state
 
 pass out log on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any 
 pass out log on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
 
 this is what happens
 
 bash-3.1# tcpdump -nettipflog0
 tcpdump: WARNING: pflog0: no IPv4 address assigned
 tcpdump: listening on pflog0, link-type PFLOG
 1169566778.398818 rule 18/(match) pass out on xl2: 203.81.235.185.5698  
 8.7.232.215.80: [|tcp] (DF)
 1169566778.553623 rule 18/(match) pass out on xl2: 203.81.235.185.13550  
 66.249.91.83.80: [|tcp] (DF)
 1169566779.005110 rule 18/(match) pass out on xl2: 203.81.235.185.16245  
 209.0.144.87.80: [|tcp] (DF)
 1169566779.102642 rule 1/(match) pass in on xl1: 10.0.2.41.1601  
 10.0.0.1.8080: [|tcp] (DF)
 1169566779.105302 rule 18/(match) pass out on xl2: 203.81.235.185.5672  
 216.143.70.77.80: [|tcp]
 1169566779.167718 rule 1/(match) pass in on xl1: 10.0.1.24.2402  
 10.0.0.1.8080: [|tcp] (DF)
 1169566779.170640 rule 18/(match) pass out on xl2: 203.81.235.185.11598  
 64.40.101.40.80: [|tcp] (DF)
 1169566779.457058 rule 2/(match) pass in on xl1: 10.0.2.7.2328  
 125.23.47.31.3460: [|tcp] (DF)
 1169566779.457112 rule 21/(match) pass out on xl0: 10.0.2.7.2328  
 125.23.47.31.3460: [|tcp] (DF)
 1169566779.615288 rule 18/(match) pass out on xl2: 203.81.235.185.33595  
 209.0.144.88.80: [|tcp] (DF)
 1169566779.700708 rule 18/(match) pass out on xl2: 203.81.235.185.42575  
 72.14.209.85.80: [|tcp] (DF)
 1169566779.994302 rule 1/(match) pass in on xl1: 10.0.2.8.4265  
 10.0.0.1.8080: [|tcp] (DF)
 1169566780.005425

finding out physical memory size after boot ?

[S t i n g r a y]

How can i find out the size of physical memory after boot, my system
has 512MB ram  this is what dmesg shows , but top commands reviles
otherwise


load averages:  0.26,  0.35,  0.30 21:15:47
49 processes:  48 idle, 1 on processor
CPU states:  2.0% user,  0.0% nice,  1.1% system,  4.2% interrupt, 92.7% idle
Memory: Real: 300M/359M act/tot  Free: 137M  Swap: 0K/800M used/tot

gets me confused.

  

*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
  






 

Don't get soaked.  Take a quick peak at the forecast
with the Yahoo! Search weather shortcut.
http://tools.search.yahoo.com/shortcuts/#loc_weather

Compiling OpenBSD Kernel With Generic SMP

[Demuel I. Bendano, R.E.E]

All,

I have a machine, Dell 1855, that has one SATA hard disk drive but with
two Pentium Xeon 2.0Ghz processor. Now, I have both the stable/current
source code both for the kernel and the userland. I suppose that the
GENERIC kernel supports only one processor whereas the GENERIC.SMP
supports multiple processor. The FAQ deals with the GENERIC processor and
I cannot get anything under it that tells what to do if one will compile
from the source code with a GENERIC.SMP kernel.

Any tips and sidecomments are welcome.


Regards,
Demuel

Re: Compiling OpenBSD Kernel With Generic SMP

[Demuel I. Bendano, R.E.E]

Hi,

As you can see, there are only few entries in the GENERIC.MP and if it
compiles indeed how about the device drivers usually found in the GENERIC?
Would it be included when GENERIC.MP compiles?


Regards,
Demuel

Josh Grosse
 On Wed, Jan 24, 2007 at 10:24:17PM +0800, Demuel I. Bendano, R.E.E wrote:

 ...I have a machine, Dell 1855, that has one SATA hard disk drive but
 with
 two Pentium Xeon 2.0Ghz processor. Now, I have both the stable/current
 source code both for the kernel and the userland. I suppose that the
 GENERIC kernel supports only one processor whereas the GENERIC.SMP
 supports multiple processor. The FAQ deals with the GENERIC processor
 and
 I cannot get anything under it that tells what to do if one will compile
 from the source code with a GENERIC.SMP kernel.

 It's GENERIC.MP -- to create a -stable version of that kernel, make
 three
 changes to the step-by-step instructions in FAQ 5:

 1) use config GENERIC.MP instead of config GENERIC
 2) cd to ../compile/GENERIC.MP instead of ../compile/GENERIC
 3) when copying the bsd kernel to your root partition, either copy it to
/bsd or /bsd.mp depending on how you manage your -release bsd.mp
 kernel.

Re: Compiling OpenBSD Kernel With Generic SMP

[Demuel I. Bendano, R.E.E]

Hi,

The GENERIC.MP kernel contains the following:

#   $OpenBSD: GENERIC.MP,v 1.6 2006/11/27 18:50:59 marco Exp $
#
#   GENERIC.MP - sample multiprocessor kernel
#

include arch/i386/conf/GENERIC

option  MULTIPROCESSOR  # Multiple processor support

cpu*at mainbus?
ioapic* at mainbus?
acpimadt*   at acpi?
~
~

Whereas, the GENERIC kernel contains:


#   $OpenBSD: GENERIC,v 1.546 2007/01/22 19:54:24 mk Exp $
#
# For further information on compiling OpenBSD kernels, see the config(8)
# man page.
#
# For further information on hardware support for this architecture, see
# the intro(4) man page.  For further information about kernel options
# for this architecture, see the options(4) man page.  For an explanation
# of each device driver in this file see the section 4 man page for the
# device.

machine i386
include ../../../conf/GENERIC
maxusers32  # estimated number of users

option  I386_CPU# CPU classes; at least one is REQUIRED
option  I486_CPU
option  I586_CPU
option  I686_CPU

option  USER_PCICONF# user-space PCI configuration

#option VM86# Virtual 8086 emulation
option  KVM86   # Kernel Virtual 8086 emulation
option  USER_LDT# user-settable LDT; see i386_set_ldt(2)
option  APERTURE# in-kernel aperture driver for XFree86

#option KGDB# Remote debugger support; exclusive of DDB
#option KGDB_DEVNAME=\pccom\,KGDBADDR=0x2f8,KGDBRATE=9600

option  COMPAT_SVR4 # binary compatibility with SVR4
option  COMPAT_IBCS2# binary compatibility with SCO and ISC
option  COMPAT_LINUX# binary compatibility with Linux
option  COMPAT_FREEBSD  # binary compatibility with FreeBSD
option  COMPAT_BSDOS# binary compatibility with BSD/OS
option  COMPAT_AOUT # a.out binaries are emulated

option  PROCFS  # /proc
#option NTFS# Experimental NTFS support

# or useroot on nfs swap on nfs
config  bsd swap generic

mainbus0 at root

cpu0at mainbus?
bios0   at mainbus0
apm0at bios0 flags 0x   # flags 0x0101 to force protocol version 1.1
pcibios0 at bios0 flags 0x  # use 0x30 for a total verbose
ipmi0   at mainbus? # IPMI
esm0at mainbus? # Dell Embedded Server Management

isa0at mainbus0
isa0at pcib?
isa0at ichpcib?
isa0at gscpcib?
eisa0   at mainbus0
pci*at mainbus0

#option ACPIVERBOSE
#option ACPI_ENABLE

acpi0   at mainbus? disable
#acpitimer* at acpi?
#acpihpet*  at acpi?
#acpiac*at acpi?
#acpibat*   at acpi?
#acpibtn*   at acpi?
#acpicpu*   at acpi?
#acpidock*  at acpi?
acpiec* at acpi?disable
acpiprt*at acpi?
#acpitz*at acpi?

option  PCIVERBOSE
option  EISAVERBOSE
option  USBVERBOSE

pchb*   at pci? # PCI-Host bridges
ppb*at pci? # PCI-PCI bridges
pci*at ppb?
pci*at pchb?
pcib*   at pci? # PCI-ISA bridge
ichpcib* at pci?# Intel ICHx/ICHx-M LPC bridges
gscpcib* at pci?# NS Geode SC1100 PCI-ISA bridge
gpio*   at gscpcib?

# power management and other environmental stuff
elansc* at pci? # AMD Elan SC520 System Controller
gpio*   at elansc?
geodesc* at pci?# Geode SC1100/SCx200 IAOC
#gscpm* at pci? # NS Geode SC1100 SMI/ACPI module
#ichwdt* at pci?# Intel 6300ESB ICH watchdog timer
wdt0at pci? # Ind Computer Source PCI-WDT50x driver
pwdog0  at pci? # Quancom PWDOG1 watchdog timer

# National Semiconductor LM7[89] and compatible hardware monitors
lm0 at isa? port 0x290
#lm1at isa? port 0x280
#lm2at isa? port 0x310
nsclpcsio* at isa? port 0x2e# NS PC87366 LPC Super I/O
nsclpcsio* at isa? port 0x4e
gpio*   at nsclpcsio?
gscsio* at isa? port 0x2e   # NS Geode SC1100 Super I/O
gscsio* at isa? port 0x15c
iic*at gscsio?  # ACCESS.bus 1  2
piixpm* at pci? # Intel PIIX power management
iic*at piixpm?
alipm*  at pci? # Acer Labs M7101 power management
iic*at alipm?
ichiic* at pci? # Intel ICH SMBus controller
iic*at ichiic?
viapm*  at pci? # VIA VT8237 power management
iic*at viapm?
amdiic* at pci? # AMD-8111 SMBus controller
iic*at amdiic?
nviic*  at pci? # NVIDIA nForce2/3/4 SMBus controller
iic*at nviic?
amdpm*  at pci? # AMD-7xx/8111 and NForce SMBus
controller
iic*at amdpm?

it0 at isa? port 0x290  # IT8705F, IT8712F and SiS970
hardware
it1

multiple external links not working ..

[S t i n g r a y]

Well thanks to everyone who help me coming close to using multiple external 
links for internet.
but its still not working, my scenario is that i have 2 ISP's connection  now 
the main internet connection  is the powerful one which i only want  to use for 
specific  protocols  which i have defined  in a macro called ports  now rest is 
supposed to goto to my 2nd internet connection which is a weak  cheap 
connection basically there to allow p2p applications access.
Main internet is ext_if1 (xl0)
slow internet is ext_if2 (xl2)
LAN is int_if (xl1) 
now the problem is that when ever i apply my pf.conf file all the traffic goes 
to 2nd slow internet connection.

my pf.conf file
lan_net = 10.0.0.0/16
int_if  = xl1
ext_if1 = xl0
ext_if2 = xl2
ext_gw1 = 192.168.0.1
ext_gw2 = 203.81.235.1
chadd = 10.0.0.1
ports =  22 25 53 80 110 119 123 143 443 465 554 900 995 1755 1863
table allowedclients persist file /etc/allowedclients

nat on $ext_if1 inet proto {tcp, udp } from allowedclients to any port \
{ $ports } - ($ext_if1)
nat on $ext_if2 inet proto {tcp, udp } from allowedclients to any \
 - ($ext_if2)

rdr on $int_if proto tcp from allowedclients to any port 80 - $chadd port 
8080

pass out log on $int_if from any to $lan_net

pass in log quick on $int_if from $lan_net to $int_if
pass in log on $int_if route-to { ($ext_if2 $ext_gw2) } from \
$lan_net to any flags S/SA keep state
pass in log on $int_if route-to { ($ext_if1 $ext_gw1) } inet proto tcp from \
$lan_net to any port {$ports} flags S/SA keep state

pass out log on $ext_if2 proto tcp from any to any flags S/SA modulate state
pass out log on $ext_if2 proto { udp, icmp } from any to any keep state
pass out log on $ext_if1 proto tcp from any to any flags S/SA modulate state  
pass out log on $ext_if1 proto { udp, icmp } from any to any keep state

pass out log on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any 
pass out log on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any

this is what happens

bash-3.1# tcpdump -nettipflog0
tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: listening on pflog0, link-type PFLOG
1169566778.398818 rule 18/(match) pass out on xl2: 203.81.235.185.5698  
8.7.232.215.80: [|tcp] (DF)
1169566778.553623 rule 18/(match) pass out on xl2: 203.81.235.185.13550  
66.249.91.83.80: [|tcp] (DF)
1169566779.005110 rule 18/(match) pass out on xl2: 203.81.235.185.16245  
209.0.144.87.80: [|tcp] (DF)
1169566779.102642 rule 1/(match) pass in on xl1: 10.0.2.41.1601  
10.0.0.1.8080: [|tcp] (DF)
1169566779.105302 rule 18/(match) pass out on xl2: 203.81.235.185.5672  
216.143.70.77.80: [|tcp]
1169566779.167718 rule 1/(match) pass in on xl1: 10.0.1.24.2402  
10.0.0.1.8080: [|tcp] (DF)
1169566779.170640 rule 18/(match) pass out on xl2: 203.81.235.185.11598  
64.40.101.40.80: [|tcp] (DF)
1169566779.457058 rule 2/(match) pass in on xl1: 10.0.2.7.2328  
125.23.47.31.3460: [|tcp] (DF)
1169566779.457112 rule 21/(match) pass out on xl0: 10.0.2.7.2328  
125.23.47.31.3460: [|tcp] (DF)
1169566779.615288 rule 18/(match) pass out on xl2: 203.81.235.185.33595  
209.0.144.88.80: [|tcp] (DF)
1169566779.700708 rule 18/(match) pass out on xl2: 203.81.235.185.42575  
72.14.209.85.80: [|tcp] (DF)
1169566779.994302 rule 1/(match) pass in on xl1: 10.0.2.8.4265  10.0.0.1.8080: 
[|tcp] (DF)
1169566780.005425 rule 18/(match) pass out on xl2: 203.81.235.185.31337  
72.14.209.86.80: [|tcp] (DF)
1169566780.174899 rule 18/(match) pass out on xl2: 203.81.235.185.27385  
8.2.96.67.80: [|tcp] (DF)
1169566780.475037 rule 2/(match) pass in on xl1: 10.0.1.19.138  
10.0.255.255.138: udp 201
1169566780.475089 rule 22/(match) pass out on xl0: 10.0.1.19.138  
10.0.255.255.138: udp 201
1169566780.652249 rule 18/(match) pass out on xl2: 203.81.235.185.44777  
8.7.232.215.80: [|tcp] (DF)
1169566780.884663 rule 1/(match) pass in on xl1: 10.0.2.8.4266  10.0.0.1.8080: 
[|tcp] (DF)
1169566780.889225 rule 18/(match) pass out on xl2: 203.81.235.185.44736  
72.14.217.189.80: [|tcp] (DF)
1169566780.920559 rule 2/(match) pass in on xl1: 10.0.3.6.3273  
64.182.172.11.8585: [|tcp] (DF)
1169566780.920608 rule 21/(match) pass out on xl0: 10.0.3.6.3273  
64.182.172.11.8585: [|tcp] (DF)
1169566780.927934 rule 18/(match) pass out on xl2: 203.81.235.185.2945  
66.249.91.18.80: [|tcp] (DF)
1169566781.046297 rule 2/(match) pass in on xl1: 10.0.1.11.137  
10.0.255.255.137: udp 50
1169566781.046351 rule 22/(match) pass out on xl0: 10.0.1.11.137  
10.0.255.255.137: udp 50
1169566781.141521 rule 18/(match) pass out on xl2: 203.81.235.185.6110  
209.0.144.87.80: [|tcp] (DF)
1169566781.389933 rule 2/(match) pass in on xl1: 10.0.4.19.137  
10.0.255.255.137: udp 68
1169566781.390009 rule 22/(match) pass out on xl0: 10.0.4.19.137  
10.0.255.255.137: udp 68
1169566781.505436 rule 18/(match) pass out on xl2: 203.81.235.185.12893  
66.249.91.19.80: [|tcp] (DF)
1169566781.634241 rule 18/(match) pass out on xl2: 203.81.235.185.3396  
209.0.144.88.80: [|tcp] (DF)
1169566782.052176 rule 1

L2TP/FreeRadius In OpenBSD

[Demuel I. Bendano, R.E.E]

All,

Has anyone did a successful implementation of L2TP+FreeRadius in OpenBSD?
It appears to me that the FAQ and googling produced an almost absence of
references related to OpenBSD.

Demuel

updating openbsd to current ...

[S t i n g r a y]

Can anyone guide me in updating my 4.0 version to current  ? 
i have installed CVS source from my CD, but which running any cvs command i get 
this error ..
what should i do ?

# cvs checkout -P src
cvs checkout: No CVSROOT specified!  Please use the `-d' option
cvs [checkout aborted]: or set the CVSROOT environment variable.

regards
 

*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
  






 

Get your own web address.  
Have a HUGE year through Yahoo! Small Business.
http://smallbusiness.yahoo.com/domains/?p=BESTDEAL

Re: Is this possible or not ?

[S t i n g r a y]

Hello Stuart

Well during the past few days i was busy trying to make it work , i upgraded to 
version 4.0 also changed all the Ethernet cards .as according to some mailing 
lists this error comes cause of some Ethernet nic's. only changing the CPU is 
left , now gonna try make it work on a SEP cpu ..
do you think it would work ?
if it doesn't bother you much can you see my pf.conf  check if there aren't 
any logical mistakes .. that is causing this.

thanks once again 


lan_net = 10.0.0.0/16
int_if  = xl1
ext_if1 = xl0
ext_if2 = xl2
ext_gw1 = 192.168.0.1
ext_gw2 = 203.81.235.1
chadd = 10.0.0.1
ports = 22 25 53 80 110 119 123 143 443 465 554 900 995 1755 1863 1999 2090 
2091 2095 3000 3020 2020 3389 5000 5001 5050 5100 5190 6667 

11999 14360
table allowedclients persist file /etc/allowedclients

#  nat outgoing connections on each internet interface
nat on $ext_if1 from $lan_net to allowedclients - ($ext_if1) 
nat on $ext_if2 from $lan_net to allowedclients - ($ext_if2)

rdr on $int_if proto tcp from allowedclients to any port 80 - $chadd port 
8080

#  pass all outgoing packets on internal interface
pass out on $int_if from any to $lan_net

#  pass in quick any packets destined for the gateway itself

pass in quick on $int_if from $lan_net to $int_if
pass in on $int_if route-to { ($ext_if1 $ext_gw1) } inet proto tcp from \
$lan_net to any port {$ports} keep state

pass in on $int_if route-to { ($ext_if2 $ext_gw2) } from \
$lan_net flags S/SA keep state

#  general pass out rules for external interfaces

pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to any keep state
pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if2 proto { udp, icmp } from any to any keep state

#  route packets from any IPs on $ext_if1 to $ext_gw1 and the same for
#  $ext_if2 and $ext_gw2

pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any 
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any 




*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
  



- Original Message 
From: Stuart Henderson [EMAIL PROTECTED]
To: S t i n g r a y [EMAIL PROTECTED]
Cc: openbsd misc@openbsd.org
Sent: Monday, January 8, 2007 4:52:11 PM
Subject: Re: Is this possible or not ?

On 2007/01/08 01:39, S t i n g r a y wrote:
 but now i have another problem which is whenever i load this file my server 
 crashes with a kernel:  page fault the whole error is
 epic0: lost carrier
 kernel:  page fault trap, code=0
 stopped at  pf_route +0x248 : movl
 
 do you know why is this ?
 
 i am using OpenBSD 3.9

I don't know why, but my suggestions are:

- first, try 4.0 or a -current snapshot (-current is best)
in case it's already fixed;

- if it still crashes, try and get the information from trace
and ps - if you're lucky, it will still be in dmesg after
you reboot (type boot r at the ddb prompt, don't power-cycle).
Otherwise, copy it by hand or better, if you have a null modem
cable, capture the whole lot: openbsd.org/faq/faq7.html#SerCon
has instructions.






 

Never miss an email again!
Yahoo! Toolbar alerts you the instant new Mail arrives.
http://tools.search.yahoo.com/toolbar/features/mail/

Re: VOIP NAT

[Demuel I. Bendano, R.E.E]

In this kind of discussion, it is pretty safe to assume that the VOIP PABX
used is an asterisk running either SIP/IAX2/H323/RTP protocols. Googling
will provide us with the corresponding range of ports in each of them
either in UDP or in TCP.

Now, it is easy to get this working. In the IP phones, one has to enable
the NAT feature and for the asterisk server running OpenBSD it is
educational to allow first both incoming/outgoing traffic as pass in as
well as pass all.

The major easy here is on how the voice traffic from OBSD-VPN-A to
OBSD-VPN-B and vice versa encrypted. That is, an encryption of the voice
traffic as full-duplex.

Any comments?

Jeroen Massar
 Bob DeBolt wrote:
 [ Note your PGP armor was broken in the previous message, please check
 and fix if possible, it could be of course that the mailinglist peeped
 it up somewhere. Best solution: don't use inline PGP signing, but use
 the MIME variant, which is available in enigmail, eg I use it :) ]

 If anyone reading this understands the VOIP / NAT issue, preferably via
 experience, and has an answer to what is involved making VOIP work
 through a pf enabled OpenBSD 4.0 stable firewall, Could you please lend
 a hand, offer direction?

 It all depends on what exact components you have and how strict the
 firewall is. I wonder how related it is for misc@openbsd.org but

 Questions:
  - Which exact protocols are being used
  - What is the client (software/hardware/version)
  - What is the server (software/hardware/version)
  - What does the network look like
  and probably some other info I forget ;)

 Generic VoIP (read: SIP) over NAT solutions:
 http://www.voip-info.org/wiki/view/STUN
 http://www.voip-info.org/wiki/view/MediaProxy
 http://www.voip-info.org/wiki/view/Asterisk+SIP+NAT+solutions
 ... rest of that site ;)

 and of course throwing any VPN tunnel over the NAT to get a public
 address and using that for everything.

 Greets,
  Jeroen

 [demime 1.01d removed an attachment of type application/pgp-signature
 which had a name of signature.asc]

Re: Is this possible or not ?

[S t i n g r a y]

Thanks Stuart really appriciate your help 
now the config file i have written keeps giving syntax
error on the following line can you help me sort this
as well , i cant seem to find anything wrong with this

..

pass in on $int_if proto tcp route-to { ($ext_if1
$ext_gw1) } from \
$lan_net port {$ports} flags S/SA keep state


Here is my new pf.conf
thanks again ..

lan_net = 10.0.0.0/16
int_if  = epic0
ext_if1 = pcn0
ext_if2 = fxp0
ext_gw1 = 192.168.0.1
ext_gw2 = 203.81.235.1
chadd = 10.0.0.1
ports = 21 22 25 53 80 110 119 123 143 443 465 554
900 995 1755 1863 1999 2090 2091 2095 3000 3020 2020
3389 5000 5001 5050 5100 5190 6667 

11999 14360
table allowedclients persist file
/etc/allowedclients

#  nat outgoing connections on each internet interface
nat on $ext_if1 from $lan_net to allowedclients -
($ext_if1)
nat on $ext_if2 from $lan_net to allowedclients -
($ext_if2)

rdr on $int_if proto tcp from allowedclients to any
port 80 - $chadd port 8080

#  pass all outgoing packets on internal interface
pass out on $int_if from any to $lan_net

#  pass in quick any packets destined for the gateway
itself

pass in quick on $int_if from $lan_net to $int_if
pass in on $int_if inet tcp route-to { ($ext_if1
$ext_gw1) } from \
$lan_net to any port {$ports} keep state

pass in on $int_if route-to { ($ext_if2 $ext_gw2) }
from \
$lan_net flags S/SA keep state

#  general pass out rules for external interfaces

pass out on $ext_if1 proto tcp from any to any flags
S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to
any keep state
pass out on $ext_if2 proto tcp from any to any flags
S/SA modulate state
pass out on $ext_if2 proto { udp, icmp } from any to
any keep state

#  route packets from any IPs on $ext_if1 to $ext_gw1
and the same for
#  $ext_if2 and $ext_gw2

pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from
$ext_if2 to any 
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from
$ext_if1 to any  
--- Stuart Henderson [EMAIL PROTECTED] wrote:

 On 2007/01/05 23:56, S t i n g r a y wrote:
  Well few days ago i mailed a problem of mine which
 was
  that i have purchased multiple internet
 connections 
  now would like to divide spcific protocoles
 between
  them , now i tried searching the internet for
 this,
  but couldent  find anything encouraging .. most of
 the
  people out there are confused as me, now i want to
  know is this possible or not with openbsd  pf ?
 
 In the ruleset you posted, you have nothing to tell
 PF which
 connection to use to send packets, so the default
 route is used.
 
 See
 http://www.openbsd.org/faq/pf/pools.html#outgoing
 for a
 basic setup to use two internet connections and
 balance traffic
 between them. The 'pass in on $int_if route-to'
 rules in the
 examples there use round-robin like this:
 
   route-to { ($ext_if1 $ext_gw1), ($ext_if2
 $ext_gw2) } round-robin 
 
 this shares traffic between two connections.
 
 Since you just want a set of protocols using one
 connection without
 balancing, you'll need two pass rules, first the
 general case without
 listing ports, then the rule for the particular
 protocols that you
 want using the other connection.
 
   pass in on $int_if route-to { ($ext_if2 $ext_gw2)
 } from \
 $lan to any port { $ports } flags S/SA keep
 state
 
   pass in on $int_if route-to { ($ext_if1 $ext_gw1)
 } from \
 $lan flags S/SA keep state
 
  is there anyone out there who like sharing his
 pf.conf
  with me ? i would be much greatful.
 
 You should have enough information to write this
 yourself now.
 That's much better than using somebody else's
 ruleset so you can
 understand how it works.
 
 If you're still confused, read pf.conf(5) about
 route-to and
 reply-to and experiment.
 
 If you use 'log' on all of your rules, then you can
 check which
 rules are matching with 'tcpdump -nettipflog0' (use
 pfctl -sr -vv
 to identify rule numbers).
 
 If you use 'tcpdump -nifxp0' and 'tcpdump -nipcn0'
 you can check
 which packets are being sent via which interface and
 whether they
 have been NATted to the correct address for that
 connection.
 
 


*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Is this possible or not ?

[S t i n g r a y]

Well few days ago i mailed a problem of mine which was
that i have purchased multiple internet connections 
now would like to divide spcific protocoles between
them , now i tried searching the internet for this,
but couldent  find anything encouraging .. most of the
people out there are confused as me, now i want to
know is this possible or not with openbsd  pf ?

is there anyone out there who like sharing his pf.conf
with me ? i would be much greatful.

i am tense as i told (defending *inx Firewalls) people
around me that OpenBSD can do this  your windows
firewall cant .. :-S  not am stuck.
So for the love of OpenBSD help me out here .. :)

regards

my pf.conf

intif=epic0
extif=pcn0
extif2=fxp0
extad=192.168.0.2
chadd=10.0.0.1
ports = 22 53 80 443 

nat on $extif inet proto {tcp, udp } from any to
192.168.0.1 port { $ports } - (pcn0)
nat on $extif2 inet proto {tcp, udp } from any to any
- (fxp0)

pass out on $extif inet proto { tcp, udp } from any to
any 
pass in on $extif inet proto { tcp, udp } from any to
any

pass out on $extif2 inet proto { tcp, udp } from any
to any 
pass in on $extif2 inet proto { tcp, udp } from any to
any

  

*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Net-SNMP In OpenBSD 4.0-Stable

[Demuel I. Bendano, R.E.E]

Hi,

I been googling with regards to installing/configuring snmpd under
OpenBSD. So far, I have success in installing net-snmp for OpenBSD
ports.

Then I execute the following commands to see if it is working or not.


$sudo /usr/local/bin/snmpconf -i -g basic_setup

Would you like me to read them in? Their content will be merged with
the
output files created by this session.

Valid answer examples: all, none,3,1,2,5

Read in which (default = all): all, lub po prostu sam [ENTER]

Do you want to properly set the value of the sysServices.0 OID (if you
don't know, just say no)? (default = y):
does this host offer physical services (eg, like a repeater) [answer 0
or 1]: 0
does this host offer datalink/subnetwork services (eg, like a bridge):
0
does this host offer internet services (eg, supports IP): 1
does this host offer end-to-end services (eg, supports TCP): 1
does this host offer application services (eg, supports SMTP): 1
Do you want to allow SNMPv1/v2c read-only community access (default =
y): y

Configuring: rocommunity
Description:
a SNMPv1/SNMPv2c read-only access community name
arguments: community [default|hostname|network/bits] [oid]
The community name to add read-only access for: emf-obsd
The hostname or network address to accept this community name from
[RETURN for all]: localhost
The OID that this community should be restricted to [RETURN for
no-restriction]: [ENTER]
Do another rocommunity line? (default = y):n
Do you want to configure where and if the agent will send traps?
(default = y):n
Do you want to configure the agent's ability to monitor various aspects
of your system? (default = y):y
Do you want to configure the agents ability to monitor processes?
(default = y): n
Do you want to configure the agents ability to monitor disk space?
(default = y):y
Configuring: disk
Description:
Check for disk space usage of a partition.
The agent can check the amount of available disk space, and make
sure it is above a set limit.

disk PATH [MIN=10]

PATH: mount path to the disk in question.
MIN: Disks with space below this value will have the Mib's errorFlag
set.
Can be a raw byte value or a percentage followed by the %
symbol. Default value = 10.

The results are reported in the dskTable section of the UCD-SNMP-MIB
tree

Enter the mount point for the disk partion to be checked on: /var
Enter the minimum amount of space that should be available on /var: 5%

Finished Output: disk /var 5%
Do another disk line? (default = y): n
Do you want to configure the agents ability to monitor load average?
(default = y): n
Do you want to configure the agents ability to monitor file sizes?
(default = y): n

The following files were created:

snmpd.conf installed in /usr/local/share/snmp

$sudo cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak
$sudo cp /usr/local/share/snmp/snmpd.conf /etc/snmp/snmpd.conf

/usr/local/sbin/snmpd -c /etc/snmp/snmpd.conf

$ sudo snmpwalk -v 1 -c emf-obsd localhost .1.3.6.1.4.1.2021.11.9.0
Timeout: No Response from localhost
$

What went wrong with my configuration?

Regards,
Demuel

Using more then One External Link with PF ?

[S t i n g r a y]

Well i have purchased another Internal Connection to provide my client computer 
more speed to specific protocols  also its cheaper this way :)
Now i want to use my previous internet link DSL to provide only access to 
specific protocols like Http, Https  Dns etc etc. and use this one for all 
protocols
but my current pf.conf doesn't provide this i try searching the web  could 
only figure out this ...

intif=epic0
extif=pcn0
extif2=fxp0
extad=192.168.0.2
chadd=10.0.0.1
ports = 22 53 80 443 
table allowedclients persist file /etc/allowedclients

nat on $extif inet proto {icmp, tcp, udp } from servers to any  - $extad
nat on $extif inet proto {tcp, udp } from allowedclients to 192.168.0.1 port 
{ $ports } - (pcn0)
nat on $extif2 inet proto {tcp, udp } from allowedclients to any - (fxp0)

rdr on $intif proto tcp from allowedclients to any port 80 - $chadd port 8080

pass out on $extif inet proto { tcp, udp } from allowedclients to any port { 
$ports }


now the problem is that traffic is only directed to one link either cable or 
dsl both links arent being used at a time.
 
Thank you 
Happy New Year


*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Conexant USB/PCI ADSL Modem Under OpenBSD

[Demuel I. Bendano, R.E.E]

All,

From the results of my googling, it appers to me that an a cxacru
4-2:1.0(Conexant USB ADSL modem) works only on the linux 2.6.x kernel.
I just like to know if there is anyone who has a success experience
with either the Conexant PCI ADSL modem or the Conexant USB ADSL modem
in an OpenBSD platform?

Thanks,
Demuel

Re: apache and mysql5.022 on openBSD

[K H A I]

Thanks for the info.
Minh

--- Robert [EMAIL PROTECTED] wrote:

 K H A I wrote:
  Dear Friends,
   
  I have problem running php script with querry and
 mysql. under
  openbsd4.0
  php sqlqurery.php works fine.
  but when i run over web browser, it
  does not recognise the hostname which return
 mysql_error() function.
  unknown
  hostname xx.yyy.zzz How do i tackle this issue?
  for openbsd
  the config file
  for apache under /var/www/conf/httpd.conf
  and by default mysql is under
  /var/mysql
  and the socket is /var/run/mysql/myqsl.sock
  I have change for
  my.conf to reflect the new socket connection to
  /var/www/run/mysql/mysql.sock
  and the problems still exists.
   
  Any info is greatly appreciated.
   
  Minh.
 
 I'll leave the mysql-user jokes to someone else.
 
 
 You should do your homework first, before crying for
 help on the ml!
 Check mailinglist-archives, man pages, faq... google
 and even the apache 
 or mysql-docs would have helped you!
 
 
 You know your problem... Apache cannot resolve
 hostnames.
 
 How does dns resolving work on a unix-like operating
 system?
 (simple version...)
 - look at /etc/resolv.conf - man resolv.conf
first line usualy is: lookup file bind
 - what file?
/etc/hosts - man hosts
 - bind?
that points to the nameserver line in
 /etc/resolv.conf
 - there is a nameserver some ip line in
 /etc/resolv.conf?
usualy there is
 
 So your system has all this? But why doesn't it
 work? It works for other 
 stuff. Whats different?
 Oy! Apache is chrooted in /var/www by default. -
 man chroot
 Where does Apache look for the resolv.conf?
 Right! /etc/resolv.conf
 
 *the register making its sound repeatedly* (or not)
 
 By now you have read the chroot manpage and/or by
 looking at the faq 
 know that for the chrooted apache / is /var/www and
 when it looks for 
 /etc/resolv.conf it actualy tries the files
 /var/www/etc/resolv.conf ...
 
 
 Feel educated!
 (If you are guessing, the educative part was: Do
 your homework first! )
 
 -Robert
 
 [Sorry list, but perhaps such an explenation will be
 found easier in the 
 futur by uneducated searches. ;)]
 
 
 If you are still reading, short copy'n'pastable
 version:
 
 sudo mkdir -p /var/www/etc
 sudo cp /etc/resolv.conf /var/www/etc/
 sudo cp /etc/resolv.conf /var/www/etc/
 
 



 

Want to start your own business?
Learn how on Yahoo! Small Business.
http://smallbusiness.yahoo.com/r-index

Re: pkg_add -r -F update

[K H A I]

I have try to run pkg_add -r  -F but it did not work for me.
I remebered
correctly I did try  to delete pkg_delete with that  - i option to ask you to
remove the package and its dependents,
I did removed the package and its
dependents and re-add the package. with pkgadd.
It may have some bug? but i
works around with it.

Have a nice day everyone.
Minh


- Original Message

From: Marc Espie [EMAIL PROTECTED]
To: Karel Kulhavy
[EMAIL PROTECTED]
Cc: OpenBSD misc@openbsd.org
Sent: Tuesday, December
5, 2006 5:41:17 AM
Subject: Re: pkg_add -r -F update


On Tue, Dec 05, 2006 at
10:13:38AM +0100, Karel Kulhavy wrote:
 The manpage further says use -F
update to force the replacement
 When I use pkg_add -r -F update
transcode-1.0.2p0.tgz, I get the same errors.
 
 Why doesn't pkg_add do
what's written in the manpage?

It does, but you can't read.


The manpage
says:

Among other things, pkg_add will refuse to replace packages as 
soon as
it needs to run scripts that might fail (use -F update to force the
replacement); 

Why do you assume the parenthesized comment, which is plainly
part of a
longer sentence, stands on its own ?



In that specific case,
you're trying to mix up stuff you installed manually
with packages. pkg_add
chooses not to do anything. The rationale is, if
you're smart enough to
install stuff on your own, then you're smart enough
to remove them on your
own. It's even helpful enough to give you a full list
of colliding files.



I
should add that I'm *really* getting fed up fast of your messages here.

I
don't know, maybe you don't really speak english, but you come across
as
downright insulting to the people who actually put together the system
you're
using.  Maybe our documentation isn't perfect, but since you don't
even bother
to read it for real, you can't really grasp what's going on.

How about you
start with an apology and simple questions ?

Don't assume you `know', this
system does work just fine for a big bunch
of people... but it's not
debian/redhat/whatever, so it does things 
differently.

You don't like what
you see ? go away ! see if we care...
_
___
Any questions? Get answers on any topic at www.Answers.yahoo.com.  Try
it now.

apache and mysql5.022 on openBSD

[K H A I]

Dear Friends,
 
I have problem running php script with querry and mysql. under
openbsd4.0
php sqlqurery.php works fine.
but when i run over web browser, it
does not recognise the hostname which return mysql_error() function.
unknown
hostname xx.yyy.zzz How do i tackle this issue?
for openbsd
the config file
for apache under /var/www/conf/httpd.conf
and by default mysql is under
/var/mysql
and the socket is /var/run/mysql/myqsl.sock
I have change for
my.conf to reflect the new socket connection to
/var/www/run/mysql/mysql.sock
and the problems still exists.
 
Any info is greatly appreciated.
 
Minh.
_
___
Any questions? Get answers on any topic at www.Answers.yahoo.com.  Try
it now.

Re: Which tools the OpenBSD developers are using?

[Demuel I. Bendano, R.E.E]

Their development operating system is DOS with  no remote  hole in the
default install, in more than 20 years and counting! The one remote whole
in the default install happened only when they created OpenBSD.

 On Tue, Nov 28, 2006 at 02:48:27PM -0600, Alvaro Mantilla Gimenez wrote:
 Hi OpenBSD developers,


   Which are your preferred tools for develop? (For C, C++, Java,
 etcno matter the language)

   It is good to know which tools and why...


   Thanks,


   Alvaro

 I'm assuming you mean software tools and not hardware (just got a Dell
 2405FPW that I'm lovin').

 Here's a typical list in no particular order:

 1)  visual editor -- ed, vi, emacs
 2)  revision control system -- RCS, CVS, Subversion
 3)  portability tools -- autotools (autoconf, automake, libtool)
 4)  build system -- make, gmake, bmake
 5)  packaging system -- pkgsrc, Open and FreeBSD ports systems
 6)  debugger -- ddb, gdb
 7)  decompiler -- jad (for fixing Java bytecode)
 8)  bug tracking/feature request system -- gnats, bugzilla
 9)  team collaboration tools -- email, IRC
 10) typesetting tools -- teTeX
 11) Web browser -- lynx, w3m, Mozilla

 Apologies to the list for the lack of snide comments.

 -Damian

 ps. Two items regarding the AK47.  I've heard that the majority of these
 are being produced illegally (manufacturer didn't get the required
 license from the Soviet inventor) and that, besides the gun barrel, most
 parts can be stamped out of sheet metal instead of having to be machined.

Re: network with pabx

[Demuel I. Bendano, R.E.E]

can u draw a ASCII rough sketch of what you are trying to do?

 guys i want to hear some comments / suggestions from you. we are planning
 to network a company. using a cat5e, the 2 pairs(4 wires) will be using
 for LAN and the remaining 2 pairs(4 wires) will be use for pabx.

Re: network with pabx

[Demuel I. Bendano, R.E.E]

I wonder why your question end up here in the OpenBSD mailing list. Anyways,
for the PC-to-Server, do a cross-over(1236-6321) at both ends. If you want
still, from PC-Switch-Server, two straight(1236-1236) wound do. For the
PABX to your telephone, please be specific if these are Asterisk and VOIP
phones. As a hint, crimp another cross-over and straight thru cables and
check. If the light is litting up and you can hear a dial-tone from the
phone to the pabx, then that is the cable connection.

Hope it helps.


 here's the diagram. -- http://203.177.22.150/lan_voice.jpg

 can u draw a ASCII rough sketch of what you are trying to do?

 guys i want to hear some comments / suggestions from you. we are
 planning
 to network a company. using a cat5e, the 2 pairs(4 wires) will be using
 for LAN and the remaining 2 pairs(4 wires) will be use for pabx.

Quagga and OpenBGP

[Demuel I. Bendano, R.E.E]

All,

I cannot still see the logic as to why Quagga is part of the OpenBSD ports
tree when it has OpenBGP at all in the default install? The documentation
of OpenBGP tells us that it is far superior in design as compared to
Zebra/Quagga.

Side comments?

dems

Re: Which tools the OpenBSD developers are using?

[Demuel I. Bendano, R.E.E]

From what I read of, they might be using some sort of machine language.


 Hi OpenBSD developers,


Which are your preferred tools for develop? (For C, C++, Java,
 etcno matter the language)

It is good to know which tools and why...


Thanks,


Alvaro

wirless LAN - DWL-G120 on OPENBSD 4.0

[K H A I]

Is any one working on this driver?
I have D-LINK DWL-G120 USB wireless.
dmesg shows some thing like this
-
ugen0 at uhub2 port 1
ugen0: D-Link product 0x3701, rev 2.00/2.03, addr 2

-
I run ifconfig -a  but cannot show it at all?

DO you have  any ideas to make this card work?
do I have to compile the kernel?
if yes , what to change?

Thanks
Minh



 

Want to start your own business?
Learn how on Yahoo! Small Business.
http://smallbusiness.yahoo.com/r-index

Re: building acpi kernel on current fails for me (on file dsdt.c ?)

[Thordur I. Bjornsson]

Didier Wiroth [EMAIL PROTECTED] wrote on Tue 31.Oct'06 at 13:11:32 +0100

 Hello,
 I'm trying to build acpi on current but it fails:
 
 cc  -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes
 -Wno-uninitialized -Wno-format -Wno-main  -Wstack-larger-than-2047
 -fno-builtin-printf -fno-builtin-log -O2 -pipe -nostdinc -I.
 -I/usr/src/sys/arch/i386/compile/GENERIC_acpi/../../../../arch
 -I/usr/src/sys/arch/i386/compile/GENERIC_acpi/../../../.. -DDDB
 -DDIAGNOSTIC -DKTRACE -DACCOUNTING -DKMEMSTATS -DPTRACE -DCRYPTO
 -DSYSVMSG -DSYSVSEM -DSYSVSHM -DUVM_SWAP_ENCRYPT -DCOMPAT_35 -DCOMPAT_43
 -DLKM -DFFS -DFFS_SOFTUPDATES -DUFS_DIRHASH -DQUOTA -DEXT2FS -DMFS -DXFS
 -DTCP_SACK -DTCP_ECN -DTCP_SIGNATURE -DNFSCLIENT -DNFSSERVER -DCD9660
 -DUDF -DMSDOSFS -DFIFO -DPORTAL -DINET -DALTQ -DINET6 -DIPSEC
 -DPPP_BSDCOMP -DPPP_DEFLATE -DMROUTING -DBOOT_CONFIG -DI386_CPU
 -DI486_CPU -DI586_CPU -DI686_CPU -DUSER_PCICONF -DUSER_LDT -DAPERTURE
 -DCOMPAT_SVR4 -DCOMPAT_IBCS2 -DCOMPAT_LINUX -DCOMPAT_FREEBSD
 -DCOMPAT_BSDOS -DCOMPAT_AOUT -DPROCFS -DACPIVERBOSE -DACPI_ENABLE
 -DPCIVERBOSE -DEISAVERBOSE -DUSBVERBOSE -DWSDISPLAY_COMPAT_USL
 -DWSDISPLAY_COMPAT_RAWKBD -DWSDISPLAY_DEFAULTSCREENS=6
 -DWSDISPLAY_COMPAT_PCVT -DPCIAGP -DONEWIREVERBOSE -D_KERNEL -Di386  -c
 /usr/src/sys/arch/i386/compile/GENERIC_acpi/../../../../dev/acpi/dsdt.c
 /usr/src/sys/dev/acpi/dsdt.c:1771: warning: no previous prototype for
 `aml_evalinteger'
 *** Error code 1
 
 Stop in /usr/src/sys/arch/i386/compile/GENERIC_acpi (line 3831 of Makefile)
 
 I noticed that the file dsdt.c has changed in the cvs tree on the 30th
 of october.
Yeah, missing prototype.
fixed now in r1.62 of dsdt.c
thanks for the report. 

testing HFCS

[S t i n g r a y]

sorry for bothering you guys again. but something seems wrong .

i have a 640Kbps internet connection  as you can see i have limit Http traffic 
to 188Kb upperlimit

altq on $extif hfsc bandwidth 640Kb queue {others www msn https smtp}
queue others bandwidth 128Kb hfsc( default realtime(128Kb 1000 128Kb) linkshare 
1Kb upperlimit 128Kb)
queue msn bandwidth 64Kb hfsc( realtime(64Kb 1000 64Kb) linkshare 1Kb 
upperlimit 64Kb)
queue https bandwidth 100Kb hfsc( realtime(100Kb 1000 100Kb) linkshare 1Kb 
upperlimit 100Kb)
queue smtp bandwidth 32Kb hfsc( realtime(32Kb 1000 32Kb) linkshare 1Kb 
upperlimit 32Kb)
queue www bandwidth 188Kb hfsc( realtime(188Kb 1000 32Kb) linkshare 1Kb 
upperlimit 188Kb)

 after 10 seconds it should goto 32Kb just for testing, 

but its doesnt work , i start getting speeds up to 512Kbps before  after the 
time limit expires.

whats happening ? should it limit it to 188Kb fixed ? as i set the upperlimit.  

guess good times dont last forever :-(

help greatly appriciated.  

*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$

problems using HFSC with pf

[S t i n g r a y]

 i am facing problems using hfsc with PF.

pfctl -f /etc/pf.conf
pfctl: the sum of the child bandwidth higher than parent root_fxp0
pfctl: linkshare sc exceeds parent's sc
/etc/pf.conf:21: errors in queue definition
pfctl: Syntax error in config file: pf rules not loaded

althoug my pf.conf looks like this ..

intif=epic0
intnet=10.0.0.0/16
extif=fxp0
extad=192.168.0.2
intad=10.0.0.1
chadd=10.0.0.1
servers=10.0.0.2, 10.0.0.3, 10.0.0.4, 10.0.0.5, 10.0.0.6
mailserver=10.0.0.2
vip=10.0.4.8
ports = 21 22 25 53 80 110 119 123 143 443 465 554 900 995 1755 1863 1999 3000
3020 2020 3389 5000 5001 5050 5100 5190 6667 11999
allif={$extif, intif}
table allowedclients persist file /etc/allowedclients
table blockedclients persist file /etc/blockedclients
table servers persist file /etc/servers
scrub in all
altq on $extif hfsc bandwidth 512Kb queue { www, msn, https, smtp, def }
queue www bandwidth 20%
queue msn bandwidth 20%
queue https bandwidth 20%
queue smtp bandwidth 20%
queue def hfsc(default)
nat on $extif inet proto {icmp, tcp, udp } from servers to any  - $extad
nat on $extif inet proto {tcp, udp } from allowedclients to any port \
{ $ports } - $extad
rdr on $intif proto tcp from allowedclients to any port 80 - $chadd port 8080
rdr on $extif proto tcp from any to $extad port 110 - $mailserver port 110
rdr on $extif proto tcp from any to $extad port 25 - $mailserver port 25
rdr on $extif proto tcp from any to $extad port 4661 - $vip port 4661
rdr on $extif proto udp from any to $extad port 4672 - $vip port 4672
rdr on $extif proto tcp from any to $extad port 80 - $mailserver port 80
rdr on $intif proto tcp from any to $intad port 80 - $mailserver port 80
pass out on $extif inet proto { tcp, udp } from allowedclients to any port { $
ports }
pass out on $extif inet proto { tcp, udp } from $vip to any
pass in on extif proto tcp from allowedclients to any port msn queue msn
pass in on extif proto tcp from allowedclients to any port www queue https
pass in on extif proto tcp from allowedclients to any port www queue www
pass in on extif proto tcp from allowedclients to any port smtp queue smtp
pass out on extif inet proto udp from any to allowedclients port msn queue msn
pass out on extif inet proto udp from any to allowedclients port www queue \
https
pass out on extif inet proto udp from any to allowedclients port www queue www
pass out on extif inet proto udp from any to allowedclients port smtp queue \
smtp

do you see anything wrong with this ? is there a bug in this ?


regards



*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$

Re: Getting custom code to execute on an invalid password

[Thordur I. Bjornsson]

[EMAIL PROTECTED] wrote on Thu 12.Oct'06 at 15:37:38 -0700

 Hello everyone.
 
 My question is simple:
 
 For each user on my system I have a list of passwords which they 
 should never, ever enter.  If someone enters a password which is on 
 this list I know that their passwords have been compromised and 
 their account should be immediately disabled.  I'd like to write a 
 program which checks this automatically whenever a user logs in, 
 but I don't really know where to start.
Thats not really a good idea, think about denial of service attacks.

 
 If someone could just point me in the right direction (e.g. a man 
 page or two) I'm sure I could figure it out.  I have experiance 
 with UNIX, just not OpenBSD and the login protocols.
login(1) and source!
 
 Thanks a bunch, and keep up the good work.
 
 Kishita Sakura
 
 
 
 Concerned about your privacy? Instantly send FREE secure email, no account 
 required
 http://www.hushmail.com/send?l=480
 
 Get the best prices on SSL certificates from Hushmail
 https://www.hushssl.com?l=485

Re: problems using HFSC with pf

[S t i n g r a y]

i am currently using  CBQ but i wanted a feature like wanted to shif the que 
from high priority to lower after a spec period of time, as i have some dirty 
users which have nothing to do but download HTTP contents from internet.

 

*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
  



- Original Message 
From: Jon Simola [EMAIL PROTECTED]
To: S t i n g r a y [EMAIL PROTECTED]
Cc: Open BSD misc@openbsd.org
Sent: Friday, October 13, 2006 12:17:12 AM
Subject: Re: problems using HFSC with pf

On 10/12/06, S t i n g r a y [EMAIL PROTECTED] wrote:
  i am facing problems using hfsc with PF.

That would be the first problem. Mention of HFSC was scrubbed from the
PF FAQ at http://www.openbsd.org/faq/pf/queueing.html for good reason.
Everything I learned about HFSC was from other web sites and lots of
experimentation. I have working configs, but in the time I've spent
figuring them out I've also figured out that HFSC is not a better
method of queueing. It solves a couple of *very* specific problems
that the vast majority of people will never run across.

 pfctl -f /etc/pf.conf
 pfctl: the sum of the child bandwidth higher than parent root_fxp0
 pfctl: linkshare sc exceeds parent's sc
 /etc/pf.conf:21: errors in queue definition
 pfctl: Syntax error in config file: pf rules not loaded

 althoug my pf.conf looks like this ..

 altq on $extif hfsc bandwidth 512Kb queue { www, msn, https, smtp, def }
 queue www bandwidth 20%
 queue msn bandwidth 20%
 queue https bandwidth 20%
 queue smtp bandwidth 20%
 queue def hfsc(default)

I can see a couple potential problems, your queues have no hfsc
definitions. Be careful with %'s in any bandwidth, as it may not be
taken as a percent of what you wanted (interface, root queue, parent
queue). I'd suggest using CBQ for this as you are defining 4 classes
of traffic. HFSC, if you get it working, will be far more complex than
you need for something simple like this.

-- 
Jon

Re: Oldest Server you run

[S t i n g r a y]

i am currently running OpenBSD server on a 933MHZ 512MB RAM with PF + squid + 
squidguard + ALTQ
with users upto 200 + with easy, one of the primary reasons i switch to OpebBSD 
from windows.
such great resourse managment :)

regards
 

*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
  



- Original Message 
From: Falk Husemann [EMAIL PROTECTED]
To: misc@openbsd.org
Sent: Thursday, October 12, 2006 11:54:35 PM
Subject: Oldest Server you run

Hello List!
We're trying to put an old server to good use again and would like to  
know what's exactly the oldest machine running OpenBSD?


As machine we defined something with processor, ram, network, hard  
disk and a connection to the internet. So no Newton or toaster (at  
least not if there's no disk being toasted).


Thank you in advance,
Falk

Re: problems using HFSC with pf

[S t i n g r a y]

yes, but you have to understand my problem , i am very new to openbsd  PF and 
have no unix admins in surroundings, neither has any unix training places , all 
my learning comes from google  mailing lists such as this.
i do try googling before posting  only port if have have many doubts.
curreltly using CBQ technique.
trying to learn HPSC
hope you understand , will try not to post as much in the future.


 

*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
  



- Original Message 
From: Kian Mohageri [EMAIL PROTECTED]
To: S t i n g r a y [EMAIL PROTECTED]
Cc: Open BSD misc@openbsd.org
Sent: Thursday, October 12, 2006 11:17:32 PM
Subject: Re: problems using HFSC with pf

On 10/12/06, S t i n g r a y [EMAIL PROTECTED] wrote:

 i am facing problems using hfsc with PF.



do you see anything wrong with this ? is there a bug in this ?



I don't mean to be rude but you *really* need to start learning how to look
into these things by yourself.  It will help you out a lot in the long run.
People grow very tired of seeing people post their entire pf.conf time after
time with new problems and no indication that you've even tried googling the
error message from pfctl yourself.

Kian

Problems with traffic shaping

[S t i n g r a y]

my internet bandwith is getting slower  slower i have doubts about my traffic 
shaping .
how to find out whats wrong ?  which clients is doing what with my bandwith .

also have a look at my traffic shaping is it ok ?

intif=epic0
intnet=10.0.0.0/16
extif=fxp0
extad=192.168.0.2
intad=10.0.0.1
chadd=10.0.0.1
servers=10.0.0.2, 10.0.0.3, 10.0.0.4, 10.0.0.5, 10.0.0.6
mailserver=10.0.0.2
vip=10.0.4.8
ports = 21 22 25 53 80 110 119 123 143 443 465 554 900 995 1755 1863 1999 3000 
3020 2020 3389 5000 5001 5050 5100 5190 6667 
allif={$extif, intif}
table allowedclients persist file /etc/allowedclients
table blockedclients persist file /etc/blockedclients
table servers persist file /etc/servers
scrub in all
altq on $extif cbq bandwidth 500Kb queue { def, msn, www, https, smtp, ssh, ftp 
}
queue ftp bandwidth 5% cbq(borrow red)
queue www bandwidth 30% cbq(borrow red)
queue msn bandwidth 20% cbq(borrow red)
queue https bandwidth 20% cbq(borrow red)
queue ssh bandwidth 5% cbq(borrow red) 
queue def bandwidth 10% cbq(default borrow red)
queue smtp bandwidth 10% cbq
nat on $extif inet proto {icmp, tcp, udp } from servers to any  - $extad
nat on $extif inet proto {tcp, udp } from allowedclients to any port \
{ $ports } - $extad
rdr on $intif proto tcp from allowedclients to any port 80 - $chadd port 8080
rdr on $extif proto tcp from any to $extad port 110 - $mailserver port 110
rdr on $extif proto tcp from any to $extad port 25 - $mailserver port 25
rdr on $extif proto tcp from any to $extad port 4661 - $vip port 4661
rdr on $extif proto udp from any to $extad port 4672 - $vip port 4672
rdr on $extif proto tcp from any to $extad port 80 - $mailserver port 80
#rdr on $intif proto tcp from any to $intad port 80 - $mailserver port 80
pass out on $extif inet proto { tcp, udp } from allowedclients to any port { 
$ports }
pass out on $extif inet proto { tcp, udp } from $vip to any 
pass in on extif proto tcp from allowedclients to any port msn queue msn
pass in on extif proto tcp from allowedclients to any port ssh queue ssh
pass in on extif proto tcp from allowedclients to any port www queue https
pass in on extif proto tcp from allowedclients to any port www queue www
pass in on extif proto tcp from allowedclients to any port smtp queue smtp
pass in on extif proto tcp from allowedclients to any port ftp queue ftp
pass out on extif inet proto udp from any to allowedclients port msn queue msn
pass out on extif inet proto udp from any to allowedclients port ssh queue ssh
pass out on extif inet proto udp from any to allowedclients port www queue \
https
pass out on extif inet proto udp from any to allowedclients port www queue www
pass out on extif inet proto udp from any to allowedclients port smtp queue \
smtp
pass out on extif inet proto udp from any to allowedclients port ftp queue ftp


thanks

 

*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$

Re: Problems with traffic shaping

[S t i n g r a y]

it is asymmetric 

*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
  



- Original Message 
From: Joe Gibbens [EMAIL PROTECTED]
To: Open BSD misc@openbsd.org
Sent: Saturday, October 7, 2006 1:21:41 AM
Subject: Re: Problems with traffic shaping

What is your Internet connection?  Is it symmetric or asymmetric?

Joe


On 10/6/06, Andreas Bihlmaier [EMAIL PROTECTED] wrote:

 On Fri, Oct 06, 2006 at 09:57:16AM -0700, S t i n g r a y wrote:
  my internet bandwith is getting slower  slower i have doubts about my
 traffic shaping .
  how to find out whats wrong ?  which clients is doing what with my
 bandwith .

 snip

 Watch the numbers in pfctl -vvsq and see if everything is in the
 correct queues.

 
  thanks
  *:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$

 Regards,
 ahb

Adding another external link.

[S t i n g r a y]

I have a firewall running on a 512k external link .. everything is running fine 
..
now i want to add another 512k external link to the same machine. for some 
reasons i cannot upgrade my link,
Will i run into problems doing 2 external link in i machine ? 
how should i configure my pf ? any hints ?
also can i have fault tolarance in this senario ?


thank you 

 
 *B:B$., B8B8,.B$B:*B(B(B(*B$ Stingray *B:B$., B8B8,.B$B:*B(B(*B$

Re: ssh problem

[Thordur I. Bjornsson]

Leonard Jacobs [EMAIL PROTECTED] wrote on Mon  4.Sep'06 at 22:22:30 -0400

 I've configured a Soekris running OpenBSD 3.9  pf as a firewall, with a 
   read only CF. I am using the default sshd_config file except to run 
 sshd on port 222.
/dev mounted read only ?

If so, then thats your proplem. Load it as an mfs on boot. (image + vnd
? maybe or sth)
 
 My problem is that I cannot connect remotely to this box via ssh except 
 as root. When a legit user who has an account on that box attempts 
 connection, I get  Failed password for invalid user lj from 
 192.168.1.13 port 10962 ssh2. Is there anything obvious that you can 
 suggest that might be causing this problem? I did try changing the file 
 system to read/write, but it did not resolve the problem.
 
 Thanks.

is this logically correct ?

[S t i n g r a y]

Sorry for reposting but as no one answered ,  i need to confirm urgent.
here is my first traffic shaping pf.conf file .. although there werent any 
syntax mistakes  but can you have a look to it  see if there is any logical 
mistake ?

would be very greatfull

regards


intif=epic0
intnet=10.0.0.0/16
extif=fxp0
extad=192.168.0.2/32
chadd=10.0.0.1/32
servers=10.0.0.2, 10.0.0.3, 10.0.0.4, 10.0.0.5, 10.0.0.6
mailserver=10.0.0.2
vip=10.0.0.5
ports = 21 22 25 53 80 110 119 123 143 443 554 1755 1863 3389 5000 5001 5050 51
00 5190 6667 11999
allif={$extif, intif}
table allowedclients persist file /etc/allowedclients
table blockedclients persist file /etc/blockedclients
scrub in all
altq on $extif cbq bandwidth 500Kb queue { def, msn, www, https, smtp, ssh, ftp 
}
queue ftp bandwidth 10% cbq(borrow red)
queue www bandwidth 30% cbq(borrow red)
queue https bandwidth 30% cbq(borrow red)
queue ssh bandwidth 10% cbq(borrow red) 
queue def bandwidth 10% cbq(default borrow red)
queue smtp bandwidth 10% cbq
nat on $extif inet proto {tcp, udp } from allowedclients to any port { $ports
} - $extad
rdr on $intif proto tcp from allowedclients to any port 80 - $chadd port 8080
rdr on $extif proto tcp from any to $extad port 25 - $mailserver port 25
rdr on $extif proto tcp from any to $extad port 80 - $mailserver port 80
pass out on $extif inet proto { tcp, udp } from allowedclients to any port { 
$ports }
pass in on extif proto tcp from allowedclients to any port msn queue msn
pass in on extif proto tcp from allowedclients to any port ssh queue ssh
pass in on extif proto tcp from allowedclients to any port www queue https
pass in on extif proto tcp from allowedclients to any port www queue www
pass in on extif proto tcp from allowedclients to any port smtp queue smtp
pass in on extif proto tcp from allowedclients to any port ftp queue ftp
pass out on extif inet proto udp from any to allowedclients port msn queue msn
pass out on extif inet proto udp from any to allowedclients port ssh queue ssh
pass out on extif inet proto udp from any to allowedclients port www queue htt
ps
pass out on extif inet proto udp from any to allowedclients port www queue www
pass out on extif inet proto udp from any to allowedclients port smtp queue sm
tp
pass out on extif inet proto udp from any to allowedclients port ftp queue ftp





 
 *B:B$., B8B8,.B$B:*B(B(B(*B$ Stingray *B:B$., B8B8,.B$B:*B(B(*B$

first time traffic shaping..

[S t i n g r a y]

here is my first traffic shaping pf.conf file .. although there werent any 
syntax mistakes  but can you have a look to it  see if there is any logical 
mistake ?

would be very greatfull

regards


intif=epic0
intnet=10.0.0.0/16
extif=fxp0
extad=192.168.0.2/32
chadd=10.0.0.1/32
servers=10.0.0.2, 10.0.0.3, 10.0.0.4, 10.0.0.5, 10.0.0.6
mailserver=10.0.0.2
vip=10.0.0.5
ports = 21 22 25 53 80 110 119 123 143 443 554 1755 1863 3389 5000 5001 5050 51
00 5190 6667 11999
allif={$extif, intif}
table allowedclients persist file /etc/allowedclients
table blockedclients persist file /etc/blockedclients
scrub in all
altq on $extif cbq bandwidth 500Kb queue { def, msn, www, https, smtp, ssh, ftp 
}
queue ftp bandwidth 10% cbq(borrow red)
queue www bandwidth 30% cbq(borrow red)
queue https bandwidth 30% cbq(borrow red)
queue ssh bandwidth 10% cbq(borrow red) 
queue def bandwidth 10% cbq(default borrow red)
queue smtp bandwidth 10% cbq
nat on $extif inet proto {tcp, udp } from allowedclients to any port { $ports
} - $extad
rdr on $intif proto tcp from allowedclients to any port 80 - $chadd port 8080
rdr on $extif proto tcp from any to $extad port 25 - $mailserver port 25
rdr on $extif proto tcp from any to $extad port 80 - $mailserver port 80
pass out on $extif inet proto { tcp, udp } from allowedclients to any port { 
$ports }
pass in on extif proto tcp from allowedclients to any port msn queue msn
pass in on extif proto tcp from allowedclients to any port ssh queue ssh
pass in on extif proto tcp from allowedclients to any port www queue https
pass in on extif proto tcp from allowedclients to any port www queue www
pass in on extif proto tcp from allowedclients to any port smtp queue smtp
pass in on extif proto tcp from allowedclients to any port ftp queue ftp
pass out on extif inet proto udp from any to allowedclients port msn queue msn
pass out on extif inet proto udp from any to allowedclients port ssh queue ssh
pass out on extif inet proto udp from any to allowedclients port www queue htt
ps
pass out on extif inet proto udp from any to allowedclients port www queue www
pass out on extif inet proto udp from any to allowedclients port smtp queue sm
tp
pass out on extif inet proto udp from any to allowedclients port ftp queue ftp





 
 *B:B$., B8B8,.B$B:*B(B(B(*B$ Stingray *B:B$., B8B8,.B$B:*B(B(*B$

Check my PF

[S t i n g r a y]

Can you please take a look at my pf.conf ?

is there anything wrong with it ? everything seem to work fine, how about 
traffic shaping ? how can i chack it ?

intif=epic0
intnet=10.0.0.0/16
extif=fxp0
extad=192.168.0.2/32
chadd=10.0.0.1/32
servers=10.0.0.2, 10.0.0.3, 10.0.0.4, 10.0.0.5, 10.0.0.6
mailserver=10.0.0.2
vip=10.0.0.5
ports = 22 25 53 80 110 119 123 143 443 554 1755 1863 3389 5000 5001 5050 5100 
5190 6667 11999
allif={$extif, intif}
table allowedclients persist file /etc/allowedclients
table blockedclients persist file /etc/blockedclients
scrub in all
altq on $extif priq bandwidth 500Kb queue{msn, www, https, smtp, ftp, ssh}
queue msn priority 14
queue ssh priority 15 
queue https priority 13
queue www priority 10
queue smtp priority 8
queue ftp priority 7 priq(default)
nat on $extif inet proto {tcp, udp } from allowedclients to any port { $ports 
} - $extad
rdr on $intif proto tcp from allowedclients to any port 80 - $chadd port 8080
rdr on $extif proto tcp from any to $extad port 25 - $mailserver port 25
rdr on $extif proto tcp from any to $extad port 80 - $mailserver port 80
pass out on $extif inet proto { tcp, udp } from allowedclients to any port { 
$ports }
pass in on extif proto tcp from allowedclients to any port msn queue msn
pass in on extif proto tcp from allowedclients to any port ssh queue ssh
pass in on extif proto tcp from allowedclients to any port www queue https
pass in on extif proto tcp from allowedclients to any port www queue www
pass in on extif proto tcp from allowedclients to any port smtp queue smtp
pass in on extif proto tcp from allowedclients to any port ftp queue ftp
pass out on extif inet proto udp from any to allowedclients port msn queue msn
pass out on extif inet proto udp from any to allowedclients port ssh queue ssh
pass out on extif inet proto udp from any to allowedclients port www queue 
https
pass out on extif inet proto udp from any to allowedclients port www queue www
pass out on extif inet proto udp from any to allowedclients port smtp queue 
smtp
pass out on extif inet proto udp from any to allowedclients port ftp queue ftp
 
 *B:B$., B8B8,.B$B:*B(B(B(*B$ Stingray *B:B$., B8B8,.B$B:*B(B(*B$

rule help

[S t i n g r a y]

can you please help me out here ..

below is my pf.conf file which allow all ourbound traffice , now i want it to 
only allow specific protocols like only http,https,ftp,.

need a hint.

intif=epic0
intad=10.0.0.0/16
extif=fxp0
extad=192.168.0.6/32
chadd=10.0.0.1/32
allif={$extif, intif}
table allowedclients persist file /etc/allowedclients
table blockedclients persist file /etc/blockedclients
scrub in all
rdr on $intif proto tcp from $intad to any port 80 - $chadd port 8080
nat on $extif inet from $intad - $extad
pass out on $extif inet proto { icmp, udp, tcp } keep state


 
 *B:B$., B8B8,.B$B:*B(B(B(*B$ Stingray *B:B$., B8B8,.B$B:*B(B(*B$

protocole defination in ALTQ ?

[S t i n g r a y]

Here is my pf.conf setrup basic traffic shapping for the first time ..

now my question how does pf inderstand what smtp or www protocole is ? how can 
i include custom protocoles ? like yahoo messenger, 5001 or msn messenger 1863 ?

regards





ext_if=fxp0
int_if=epic0
extad=192.168.0.6
altq on $int_if priq bandwidth 500Kb queue{smtp, www, ftp}
queue smtp priority 15
queue ftp priority 14
queue www priority 7 priq(default)
pass in on $int_if proto tcp from 10.0.0.0/16 to any port smtp queue smtp
pass in on $int_if proto tcp from 10.0.0.0/16 to any port www queue www
pass in on $int_if proto tcp from 10.0.0.0/16 to any port ftp queue ftp
pass out on $int_if inet proto udp from any to 10.0.0.0/16 port smtp queue smtp
pass out on $int_if inet proto udp from any to 10.0.0.0/16 port ssh queue www
pass out on $int_if inet proto udp from any to 10.0.0.0/16 port ftp queue ftp
~

 
 *B:B$., B8B8,.B$B:*B(B(B(*B$ Stingray *B:B$., B8B8,.B$B:*B(B(*B$

pf + altq syntax check plz

[S t i n g r a y]

I am configuring altq  pf for the first time ,  have a few problems here ..

well i need to traffic shape between diffrent protocols as you can see in my 
pf.conf

now i am stuck  confused what to do next as i have built this file with 
diffrent ref from web.

the im is the most common Instant messengers protocoles can you tell me how to 
make it right ?

also when running hte file as it is i get pfctl: SIOCGIFMTU: Device not 
configured error.

what does this mean ?

thanks


extad=192.168.0.6/32
chadd=10.0.0.6/32
scrub in all
altq on extif hfsc bandwidth 500Kb \
queue { www, dns, im, mail, other}
queue www bandwidth (linkshare 35%)
queue dns bandwidth (linkshare 10%)
queue im bandwidth (linkshare 25%)
queue mail bandwidth (linkshare 10%)
queue other hfsc (default)
rdr on $intif proto tcp from $intad to any port 80 - $chadd port 8080
nat on $extif inet from $intad - $extad
pass out on $extif inet proto { icmp, udp, tcp } keep state




regards 


 *B:B$., B8B8,.B$B:*B(B(B(*B$ Stingray *B:B$., B8B8,.B$B:*B(B(*B$

Re: basic dns server on openbsd

[S t i n g r a y]

Thanks buddy you solved my problem .

regards

 
 *B:B$., B8B8,.B$B:*B(B(B(*B$ Stingray *B:B$., B8B8,.B$B:*B(B(*B$
  

- Original Message 
From: Craig Skinner [EMAIL PROTECTED]
To: misc@openbsd.org
Sent: Tuesday, June 27, 2006 12:58:12 AM
Subject: Re: basic dns server on openbsd

On Mon, Jun 26, 2006 at 11:47:59AM -0700, S t i n g r a y wrote:
 Hello there , i cannot seem to configure a basic dns server it seem its not 
 resolving local domain names although i have 
 
 setup everything as told in the docs, please have a look.
 
 
 resolve.conf
 
 bash-3.1# cat /etc/resolv.conf 
 nameserver 127.0.0.1

You may also want to put upto 2 of your ISP's DNS servers in here as
well, so if named isn't running, *local* clients can still resolve
hosts.

 search clickonline.net
 
 
 
 named.conf
 
 bash-3.1# cat /var/named/etc/named.conf
 acl clients {
10.0.0.0/16;

What about localhost?

 };
 
 options {
 listen-on{ any; };
 allow-recursion { clients; };

Localhost processes can recurse because you've not granted access above.

 };
 
 zone . {
 type hint;
 file standard/root.hint;
 };
 
 zone localhost {
 type master;
 file standard/localhost;
 allow-transfer { localhost; };
 };
 
 zone 127.in-addr.arpa {
 type master;
 file standard/loopback;
 allow-transfer { localhost; };
 };
 zone clickonline.net IN {


zone clickonline.net {


   type master;
   file db.clickonline.net;

This format went out with BIND4, you're using BIND9, right?


   file clickonline.net;

   allow-update { none; };
 };
 
 
 cat /var/named/master/db.clickonline.net 

Should be:

/var/named/master/clickonline.net 
 $ORIGIN clickonline.net

The above is not needed, it is specified in named.conf

 $TTL 86400
 @ IN SOAdns.clickonline.net. [EMAIL PROTECTED] (
 2001062501 ; serial
 21600  ; refresh after 6 hours
 3600   ; retry after 1 hour
 604800 ; expire after 1 week
 86400 ); minimum TTL of 1 day
 IN  NS  dns.clickonline.net.
 IN  A   10.0.0.4
 webserver   IN  A   10.0.0.4
 mailserver  IN  A   10.0.0.2
 dns IN  A   10.0.0.6
 


Try this instead (your serial number should be today's date + 2 digits,
something from June 2001 is old an may not be reloaded if a more recent
copy of the zone is in memory):

Also, you had the @ sign in the address, this is not allowed:

IN is the default record type, (InterNet), so it is not needed.

$TTL 86400
@SOA (
dns
admin.clickonlinenetworks.com.
2006062600; serial
6H; refresh after 6 hours
1H; retry after 1 hour
1W; expire after 1 week
1D ); client negative caching [RFC 2308]

NS  dns

A10.0.0.4
MXmailserver

webserverA10.0.0.4
mailserverA10.0.0.2
dnsA10.0.0.6



I would update the serial number and then:

# tail -f /var/log/daemon 

# rndc reload clickonline.net

# dig @localhost clickonline.net SOA +short

# dig @localhost clickonline.net NS +short

Until you get sensible results on the localhost, don't even bother
jumping onto another box.

 
 client window
 
 C:\Documents and Settings\adminnslookup clickonline.net
 *** Can't find server name for address 10.0.0.6: Non-existent domain
 *** Default servers are not available
 Server:  UnKnown
 Address:  10.0.0.6


On windoze boxes do an ipconfig /all and look at the output. Also look
at ipconfig /renew, ipconfig /flushdns, and ipconfig /displaydns


 
 *** UnKnown can't find clickonline.net: Server failed
 
 
 what could be wrong ?

Shit loads.


-- 
Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED]

basic dns server on openbsd

[S t i n g r a y]

Hello there , i cannot seem to configure a basic dns server it seem its not 
resolving local domain names although i have 

setup everything as told in the docs, please have a look.


resolve.conf

bash-3.1# cat /etc/resolv.conf 
nameserver 127.0.0.1
search clickonline.net



named.conf

bash-3.1# cat /var/named/etc/named
cat: /var/named/etc/named: No such file or directory
bash-3.1# cat /var/named/etc/named.conf
acl clients {
   10.0.0.0/16;
};

options {
listen-on{ any; };
allow-recursion { clients; };
};

zone . {
type hint;
file standard/root.hint;
};

zone localhost {
type master;
file standard/localhost;
allow-transfer { localhost; };
};

zone 127.in-addr.arpa {
type master;
file standard/loopback;
allow-transfer { localhost; };
};
zone clickonline.net IN {
  type master;
  file db.clickonline.net;
  allow-update { none; };
};


db.clickonline.net

cat /var/named/master/db.clickonline.net 
$ORIGIN clickonline.net
$TTL 86400
@ IN SOAdns.clickonline.net. [EMAIL PROTECTED] (
2001062501 ; serial
21600  ; refresh after 6 hours
3600   ; retry after 1 hour
604800 ; expire after 1 week
86400 ); minimum TTL of 1 day
IN  NS  dns.clickonline.net.
IN  A   10.0.0.4
webserver   IN  A   10.0.0.4
mailserver  IN  A   10.0.0.2
dns IN  A   10.0.0.6


client window

C:\Documents and Settings\adminnslookup clickonline.net
*** Can't find server name for address 10.0.0.6: Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  10.0.0.6

*** UnKnown can't find clickonline.net: Server failed


what could be wrong ?

 
 *B:B$., B8B8,.B$B:*B(B(B(*B$ Stingray *B:B$., B8B8,.B$B:*B(B(*B$

Yahoo messenger not working

[S t i n g r a y]

My Yahoo Messenger on Clients isnt working .. please have a look at my rules  
tell whats wrong ?

regards


intif=epic0
intad=10.0.0.0/16
extif=fxp0
extad=192.168.0.6/32
chadd=10.0.0.6/32
dmzser=10.0.0.1/32
allif={$extif, intif}
table allowedclients persist file /etc/allowedclients
table blockedclients persist file /etc/blockedclients
scrub in all
nat on $extif from $intif to any - $extad
rdr on $intif proto tcp from $intad to any port 80 - $chadd port 8080
pass in all
pass out all



 *B:B$., B8B8,.B$B:*B(B(B(*B$ Stingray *B:B$., B8B8,.B$B:*B(B(*B$

Re: Cruxports for OpenBSD

[Thordur I. Bjornsson]

Marc Balmer [EMAIL PROTECTED] wrote on Sat 17.Jun'06 at 22:23:50 +0200

 * Han Boetes wrote:
 
  Yes, I love you too.
 
 too?  I don't love you...
Marc, please stop being a prick.

-- 
Thordur I. Bjornsson

Philosophy is to the real world as masturbation is to sex.
-- Karl Marx

combining 2 external interfaces ?

[S t i n g r a y]

Is it possible to combine 2 external interface into
one in openBsD ?
actually its cheaper for me to buy two smaller
internet connection then a big one.
so i was thinking ...

*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

blocking FastTrack traffic ?

[S t i n g r a y]

Can i some how block FastTrack traffic with pf ? so in
other words i want to block all the major p2p
softwares out there effeciently .. rather then
blocking each individually .

regards

*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: rate limiting an interface

[Thordur I. Bjornsson]

Lawrence Horvath [EMAIL PROTECTED] wrote on Thu 15.Jun'06 at 13:27:54 -0700

 On 6/15/06, John R. Shannon [EMAIL PROTECTED] wrote:
 Lawrence Horvath wrote:
  3.9 GENERIC#617 i386
 
  Wanted to know what are the possible ways to rate limit an ethernet
  interface, if queues in pf will do this, or is any other way, i have a
  2meg colo connection and dont wnat to go over it or ill get charged,
  and the ISP wont cap it, so i have to cap myself.
 
  Thanks
 
 You can rate limit with the altq built into pf.
 
 --
 John R. Shannon, CISSP
 [EMAIL PROTECTED]
 [EMAIL PROTECTED]
 [EMAIL PROTECTED]
 [EMAIL PROTECTED]
 
 
 Can i rate limit both ways, incomming and outgoing, the pf
 documentation for queues sd only one way, but is there a way to keep
 the system from downloading as much to it? so as to keep under my
 quota going both ways?
Think about this, a bit. If you dont realize whats wrong with the
notation of limiting incoming traffic to not download as much to it
then well, shit.
 
 -- 
 -Lawrence

-- 
Thordur I. Bjornsson

Philosophy is to the real world as masturbation is to sex.
-- Karl Marx

Spamd on DMZ servers ?

[S t i n g r a y]

Well i want to configure spamd to stop spam, but the
mail server is in my DMZ  its a non openbsd system,
so i was thinking will spamd work ? as i have an
openbsd firewall which is rdr redirecting traffic to
the internal mail server ?

i hope you  understood what i ment ?

regards
 

*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

traffic shaping question.

[S t i n g r a y]

I want to do traffic shaping as per protocol basis so
if i give a certian bandwith to HTTP protocole , isnt
there any way i can diffrenciate between HTTP webpages
 HTTP downloads of huge .iso files ?
i dont want users who are downloading huge files
effect userrs who are only checking their webmails.

is there any way ?

*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: traffic shaping question.

[S t i n g r a y]

Planck, can you shed some more light here ? or maybe
provide me a link with examples ?


regards
Faisal


--- Planck [EMAIL PROTECTED] wrote:

 S t i n g r a y napisaE(a):
  I want to do traffic shaping as per protocol basis
 so
  if i give a certian bandwith to HTTP protocole ,
 isnt
  there any way i can diffrenciate between HTTP
 webpages
   HTTP downloads of huge .iso files ?
  i dont want users who are downloading huge files
  effect userrs who are only checking their
 webmails.
  
  is there any way ?
 
 Use hfsc. Define upperlimit for queue, set higher
 initial bandwidth
 assignment and decrease that after some miliseconds.
 Something like that:
 queue http_q hfsc( ecn upperlimit($initial_bw
 $time_in_ms_d $w_after_time)
 br,
 Darek
 
 


*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

what is this ?

[S t i n g r a y]

Well i am learning OpenBSD PF from a book  in the
book when creating sample rules the author refers to
CIR's when defining Macros but in the form of 

prv_ad = p.p.p.p/24
ch_ad = w.w.w.w/32
prv_ad1 = p.p.1.p/24
prv_ad2 = p..p.2.p/24
ext_ad2 = e.e.e.f/32

there isnt any explanation of these anywhere in the
book
what are these ?
i am fimilier with notations as 

10.0.0.0/24
192.168.0.0/16

thank you .

*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: what is this ?

[S t i n g r a y]

No this book is only about openbsd PF no types of
networks


--- Peter Blair [EMAIL PROTECTED] wrote:

 Does the section of the book talk about frame relay?
  More context would help.
 
 On 5/15/06, S t i n g r a y [EMAIL PROTECTED]
 wrote:
  Well i am learning OpenBSD PF from a book  in the
  book when creating sample rules the author refers
 to
  CIR's when defining Macros but in the form of
 
  prv_ad = p.p.p.p/24
  ch_ad = w.w.w.w/32
  prv_ad1 = p.p.1.p/24
  prv_ad2 = p..p.2.p/24
  ext_ad2 = e.e.e.f/32
 
  there isnt any explanation of these anywhere in
 the
  book
  what are these ?
  i am fimilier with notations as
 
  10.0.0.0/24
  192.168.0.0/16
 
  thank you .
 
  *:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
  Tired of spam?  Yahoo! Mail has the best spam
 protection around
  http://mail.yahoo.com
 
 
 

*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

some commands running very slow in 3.9 ?

[S t i n g r a y]

Well when i try to login from remote host via ssh it
takes ages to login for the first time, 
also when i issue other networking commands such as
$ arp -a 
it takes almost 1 minute to start displaying records.

how can i find whats wrong ?


regards
 

*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Anti MAC spoofing in OpenBSD

[S t i n g r a y]

Ok i know PF dont filter using MAC address but can you
point me to package that has the feature of Anti MAC
Spoofing ?

regards



*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

network script on startup

[S t i n g r a y]

i have a network script that i want to execute before
any  host on the network connects to my computer.

thanks

*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

confusion in mac filtering ..

[S t i n g r a y]

ok sorry for that , but i think you totally
misunderstood my question, i wanted to know the
procedure i can use to allow a list of internal mac
addresses to access my NAT server to access internet.
all other mac's should be disallowed.

simple :)



*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

block ip MAC

[S t i n g r a y]

Hello there

i am looking for a solution that lets me have some
sort of allow mac address  ipaddress that will be
able to access my server or servers  use what ever
service they are offering.
 as i am using a network in which i dont have control
over users PC  cannot use service authentication i am
stuck with ip  mac filtering.
what do you recommend, at this time all my network is
on a single subnet.


*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Best firewall for OpenBSD ?

[S t i n g r a y]

I want to use OpenBSD as the network firewall of my
network.
Now which firewall should i use ? i heard people say
pf is outdated use IP Filter instead.
what you recommend ?

regards

*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

pf firewall question

[S t i n g r a y]

Now what i want to know , maybe is O T in this list
but what is the diffrence , i mean pf in openBSD is
refered to as a firewall for home or small offices ?
why is that , i mean what is the criteria of an
enterprise firewall what is the diffrence between pf 
MS ISA / cisco pix or checkpoint ? 
performance ? stability or features ?

regards


*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Port collection missing...

[S t i n g r a y]

Well i just installed my First OpenBSD BOX :) feels
good !!! but to install packages i cannot find ports
collection in /usr how can i get them ? i am using 3.7
version.

regards


*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: Why advocate Old daemon book?

[Thordur I. Bjornsson]

js  [EMAIL PROTECTED] wrote on Fri 28.Apr'06 at  2:41:07 +0900

 A silly question.
 
 I wonder why http://www.openbsd.org/books.html still recommend old
 daemon book, The Design and Implementation of the 4.4 BSD Operating
 System?
 As most of you know, there's newer version, The Design and
 Implementation of the FreeBSD Operating System.
 
 Is there any reason not to reccomend this new one?
 
 Thanks in advance.

What part of The Design and Implementation of the FreeBSD Operating System.
confuses you ?

-- 
Thordur I. Bjornsson
Humppa!