Re: apu2 em0/dhclient problems
Den 27-01-2019 kl. 19:45 skrev trondd: On Sun, January 27, 2019 12:44 pm, Edgar Pettijohn wrote: I'm trying to replace my dieing soekris box with an apu2 dmesg below. However, I can't seem to get em0 to connect to my isp. It will work when connecting to the soekris box though. So I don't think its the interface that is the problem. But everything I try seems to rule out eachother as the problem, leaving me in a viscious cycle. I'm going to try disabling pf and after that current. If you have any other suggestions please send them. Thanks, edgar Does your ISP whitelist by MAC address? My ISP locks the connection to a certain MAC for a number of hours. Tech support can probably delete the old lease. Best regards, Mikkel
Re: Duplicate IP Address -> Spoof/Verizon???
Den 08-09-2018 kl. 14:47 skrev Pierre Emeriaud: Le sam. 8 sept. 2018 à 13:40, Jay Hart a écrit : -ifconfig -A from the router-- re1: flags=8843 mtu 1500 lladdr 00:22:4d:d1:48:d5 inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255 Some CPEs have 192.168.1.1 hardcoded as management ip address, even though they are currently used as modem/bridges. Renumber your internal subnet to some other private address space and see if the logs go away. I have seen a cheap managed switch from Zyxel that decided to live on 192.168.1.1 after a power cut... 192.168.1.1 is the default address on a lot of stuff.
Re: How to make spamd more annoying ?
OpenBSD lists wrote: Most of the spam I've received from marketing companies tends to come from send-only servers (looking at the user-agent of the sending server its some kind of Python library intended for just sending pre-formatted messages to a list of recipients). What I've done is constructed a script that while spmad is stuttering their connection, it connects back to the sending server on port 25 and executes an EHLO. If the sending server doesn't respond to the EHLO, it runs pfctl to add that server's address to a block list. That will block a LOT of legitimate e-mail also. Including semi-legitimate e-mails like this one... Why should all e-mail servers accept connections from the outside? Mikkel
Re: em0 ... cannot find mem space
Jonathan Gray wrote:
On Fri, Nov 27, 2015 at 12:56:36AM +0100, Mikkel C. Simonsen wrote:
Today I installed an Intel 82546EB dual-port NIC in a Fujitsu Siemens
Futro S400, that I plan to use as a router/firewall.
Only one of the interfaces shows up in dmesg, and it's not working after
boot. Is this a known problem, and is there a fix? Full dmesg attached.
Mikkel C. Simonsen
It sounds like your system didn't setup the pci bar correctly.
pcidump -v will give more details on that.
0x8186 is unheard of for intel pci nics.
Be warned that machines with sis chipsets are horrible, I'm glad they
stopped making them a while back.
A late follow-up. It turns out the Intel (HP) NIC damaged the system
somehow. No other PCI cards worked properly after the HP dual-port NIC
had been installed. It killed a Neoware thin client also (VIA chip set).
In an HP thin client the card does work however...
I tried an IBM dual-port NIC (Broadcom) in a different Futro S400 - this
works just fine. dmesg of the working S400 attached.
Mikkel C. Simonsen
OpenBSD 5.8 (GENERIC) #1066: Sun Aug 16 02:33:00 MDT 2015
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Athlon(tm) Processor ("AuthenticAMD" 686-class, 256KB L2
cache) 1.01 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE,MPC,MMXX,3DNOW2,3DNOW
real mem = 234307584 (223MB)
avail mem = 217321472 (207MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 05/14/08, BIOS32 rev. 0 @ 0xfaa30, SMBIOS rev.
2.2 @ 0xf (31 entries)
bios0: vendor Phoenix Technologies, LTD version "6.00PG Rev. 4.00.0Q"
date 05/14/2008
bios0: FUJITSU SIEMENS FUTRO S400
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP SSDT
acpi0: wakeup devices USB0(S5) USB1(S5) USB2(S5) USB3(S5) AMR0(S4)
UAR1(S5) UAR2(S5) PS2M(S5) PS2K(S4) PCI0(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C1(@1 halt!), PSS
acpitz0 at acpi0: critical temperature is 100 degC
acpibtn0 at acpi0: PWRB
bios0: ROM list: 0xc/0xc000 0xcc000/0x4000! 0xd/0x1800
0xd2000/0x1000
cpu0 at mainbus0: (uniprocessor)
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: PowerNow! K7 1001 MHz: speeds: 1000 800 667 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "SiS 741 PCI" rev 0x03
sisagp0 at pchb0
agp0 at sisagp0: aperture at 0xe800, size 0x400
ppb0 at pci0 dev 1 function 0 "SiS 86C202 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "SiS 6330 VGA" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 2 function 0 "SiS 85C503 System" rev 0x25
pciide0 at pci0 dev 2 function 5 "SiS 5513 EIDE" rev 0x00: 741: DMA,
channel 0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0:
wd0: 1-sector PIO, LBA, 249MB, 511056 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 ignored (disabled)
auich0 at pci0 dev 2 function 7 "SiS 7012 AC97" rev 0xa0: irq 11,
SiS7012 AC97
ac97: codec id 0x414c4770 (Avance Logic ALC203 rev 0)
ac97: codec features headphone, 20 bit DAC, 18 bit ADC, No 3D Stereo
audio0 at auich0
ohci0 at pci0 dev 3 function 0 "SiS 5597/5598 USB" rev 0x0f: irq 15,
version 1.0, legacy support
ohci1 at pci0 dev 3 function 1 "SiS 5597/5598 USB" rev 0x0f: irq 9,
version 1.0, legacy support
ehci0 at pci0 dev 3 function 3 "SiS 7002 USB" rev 0x00: irq 3
ehci0: timed out waiting for BIOS
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "SiS EHCI root hub" rev 2.00/1.00 addr 1
bge0 at pci0 dev 7 function 0 "Broadcom BCM5704C" rev 0x10, BCM5704 B0
(0x2100): irq 10, address 00:10:18:32:eb:16
brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0
bge1 at pci0 dev 7 function 1 "Broadcom BCM5704C" rev 0x10, BCM5704 B0
(0x2100): irq 11, address 00:10:18:32:eb:17
brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0
re0 at pci0 dev 9 function 0 "Realtek 8169SC" rev 0x10: RTL8169/8110SCd
(0x1800), irq 15, address 00:90:dc:a1:a7:28
rgephy0 at re0 phy 7: RTL8169S/8110S/8211 PHY, rev. 2
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
wbsio0 at isa0 port 0x2e/2: W83697HF rev 0x12
lm1 at wbsio0 port 0x290/8: W83697HF
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 "SiS OHCI root hub" rev 1.00/1.00 addr 1
usb2 at ohci1
em0 ... cannot find mem space
Today I installed an Intel 82546EB dual-port NIC in a Fujitsu Siemens
Futro S400, that I plan to use as a router/firewall.
Only one of the interfaces shows up in dmesg, and it's not working after
boot. Is this a known problem, and is there a fix? Full dmesg attached.
Mikkel C. Simonsen
OpenBSD 5.8 (GENERIC) #1066: Sun Aug 16 02:33:00 MDT 2015
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Athlon(tm) Processor ("AuthenticAMD" 686-class, 256KB L2
cache) 1.01 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE,MPC,MMXX,3DNOW2,3DNOW
real mem = 251084800 (239MB)
avail mem = 233758720 (222MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 05/14/08, BIOS32 rev. 0 @ 0xfaa30, SMBIOS rev.
2.2 @ 0xf (31 entries)
bios0: vendor Phoenix Technologies, LTD version "6.00PG Rev. 4.00.0Q"
date 05/14/2008
bios0: FUJITSU SIEMENS FUTRO S400
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP SSDT
acpi0: wakeup devices USB0(S5) USB1(S5) USB2(S5) USB3(S5) AMR0(S4)
UAR1(S5) UAR2(S5) PS2M(S5) PS2K(S4) PCI0(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C1(@1 halt!), PSS
acpitz0 at acpi0: critical temperature is 100 degC
acpibtn0 at acpi0: PWRB
bios0: ROM list: 0xc/0xc000 0xcc000/0x4000!
cpu0 at mainbus0: (uniprocessor)
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: PowerNow! K7 1001 MHz: speeds: 1000 800 667 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
0:7:1: mem address conflict 0x100/0x10
0:7:1: mem address conflict 0x100/0x10
0:7:1: mem address conflict 0x100/0x100
pchb0 at pci0 dev 0 function 0 "SiS 741 PCI" rev 0x03
sisagp0 at pchb0
agp0 at sisagp0: aperture at 0xe800, size 0x400
ppb0 at pci0 dev 1 function 0 "SiS 86C202 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "SiS 6330 VGA" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 2 function 0 "SiS 85C503 System" rev 0x25
pciide0 at pci0 dev 2 function 5 "SiS 5513 EIDE" rev 0x00: 741: DMA,
channel 0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0:
wd0: 1-sector PIO, LBA48, 3815MB, 7813120 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
ohci0 at pci0 dev 3 function 0 "SiS 5597/5598 USB" rev 0x0f: irq 3,
version 1.0, legacy support
ohci1 at pci0 dev 3 function 1 "SiS 5597/5598 USB" rev 0x0f: irq 5,
version 1.0, legacy support
ehci0 at pci0 dev 3 function 3 "SiS 7002 USB" rev 0x00: irq 12
ehci0: timed out waiting for BIOS
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "SiS EHCI root hub" rev 2.00z/1.00 addr 1
em0 at pci0 dev 7 function 0 "Intel 82546EB" rev 0x01: cannot find mem space
unknown vendor 0x8186 product 0x1010 (class network subclass ethernet,
rev 0x01) at pci0 dev 7 function 1 not configured
re0 at pci0 dev 9 function 0 "Realtek 8169SC" rev 0x10: RTL8169/8110SCd
(0x1800), irq 15, address 00:90:dc:a3:5e:c3
rgephy0 at re0 phy 7: RTL8169S/8110S/8211 PHY, rev. 2
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbc0: unable to establish interrupt for irq 12pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
wbsio0 at isa0 port 0x2e/2: W83697HF rev 0x12
lm1 at wbsio0 port 0x290/8: W83697HF
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 "SiS OHCI root hub" rev 1.00/1.00 addr 1
usb2 at ohci1: USB revision 1.0
uhub2 at usb2 "SiS OHCI root hub" rev 1.00/1.00 addr 1
umass0 at uhub1 port 2 configuration 1 interface 0 "TEAC TEAC FD-05PUB"
rev 1.10/0.00 addr 2
umass0: using UFI over CBI with CCI
scsibus1 at umass0: 2 targets, initiator 0
sd0 at scsibus1 targ 1 lun 0: <TEAC, FD-05PUB, 2000> ATAPI 0/direct
removable
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on wd0a (558bcbde01142a1f.a) swap on wd0b dump on wd0b
Re: # sign
Max Power wrote: which is the exact name for it? (In computer way naturally...) Havelåge - the Danish way. Best regards, Mikkel C. Simonsen
Re: Very-small fully-functional systems?
Martin Schröder wrote: 2015-03-09 9:35 GMT+01:00 Alexandre Ratchov a...@caoua.org: The RasberyPi is said (search linux audio lists) to be unusable because of the poor quality hardware. There's additional hardware that is said to work quite well: https://www.hifiberry.com/ This DAC get's I2S data through some of the GPIO pins. Is this possible to achieve somehow on OBSD supported hardware? Best regards, Mikkel C. Simonsen
Re: Very-small fully-functional systems?
Alexandre Ratchov wrote: If you know of a small, cheap, fanless, x86-compatible board available in Canada *that runs OpenBSD reasonably well*, please let me know. Otherwise I'll probably have to give the Wandboard a shot despite the slightly-too-high price. I failed to find this kind of box (tryed to build my synth as well). Most platforms I've found seem to be designed either for networking or to serve as TVs (i.e. inexistent or poor quality analog input/outputs). For now my best option is to get and old PC from the bin and to add a good pci sound card. Unfortunately this doesn't qualify as small. If small rather than very small will work, a thin client with a PCI slot would work. They usually have 800MHz+ CPUs, DIMM sockets for memory and they are cheap on eBay. Best regards, Mikkel C. Simonsen
Re: OpenBSD embedded? (was: OpenBSD 5.6-current on ASUS Chromebox)
Alan McKay wrote: This is very interesting - I've been looking at various small boxes like this to use as a home firewall. The only problem is that not many of them have 2 NICs, and the ones that do are very expensive (higher end Zotac) Does anyone know of a similar device with 2 NICs that might be suitable as a home firewall? As I have written many times - used thin clients are available in huge numbers as scrap. Many of them have a PCI or PCIe slot, so adding a second NIC is easy. I often use thin clients with a Compaq 2- or 4-port NIC. Total cost about 15-20 euros. Best regards, Mikkel C. Simonsen
Re: SATA USB 3.0 PCI support
repays95...@mypacks.net wrote: I've installed OpenBSD 5.5/amd64 on an HP workstation. I'd like to add additional SATA drives and add USB 3.0 (for backup to umass) Why not get a card with an eSATA port for backup? Best regards, Mikkel C. Simonsen
Re: system resets with openbsd flash drive
Jim Rowan wrote: Hi, I'm trying to resurrect some neoware ca22 thinclient boxes, and seeing strange behavior I don't know how to interpret. What can I do next? I have used quite a few Neoware thin clients for OpenBSD (and FreeBSD) systems. I boot from an USB floppy or CD on those that support that, or connect a CD-drive to the IDE connector. In all cases I have installed on the internal flash module. Larger modules are available at low cost. Best regards, Mikkel C. Simonsen
Re: Trouble with connect to www.aeroflot.ru
Marcus MERIGHI wrote: gimliandcomp...@gmail.com (Leonov Aleksey), 2014.03.19 (Wed) 16:18 (CET): On 19.03.2014 20:32, Marcus MERIGHI wrote: gimliandcomp...@gmail.com (Leonov Aleksey), 2014.03.19 (Wed) 15:07 (CET): I can`t connect to www.aeroflot.ru from lynx on openbsd 5.4. I can connect from gentoo, windows. Anybody can connect to wwe.aeroflot.ru from openbsd 5.4? OpenBSD 5.5-beta (GENERIC.MP) #284: Mon Feb 3 07:57:32 MST 2014 ftp -o aeroflot.html www.aeroflot.ru Trying 195.8.62.76... Connected to www.aeroflot.ru. 421 Service not available, remote server has closed connection. I try http, not ftp. http connect from openbsd to aeroflot.ru end Ooops on my side. I did not mean to test ftp but just use a different client (OpenBSD's ftp(1) handles http as well) and forgot the http://: ftp -o aeroflot.html http://www.aeroflot.ru Trying 195.8.62.75... Trying 195.8.62.76... ftp: connect: connection timed out It's not an OpenBSD/Lynx specific problem. I just tried connecting with SeaMonkey (on /2), and I get a time-out also. Best regards, Mikkel C. Simonsen
Re: Trouble with connect to www.aeroflot.ru
Claus Assmann wrote: On Wed, Mar 19, 2014, Steve Shockley wrote: On 3/19/2014 12:22 PM, Leonov Aleksey wrote: I think what they filtered traffic from non windows or linux machine. I think this is the case. I'm behind a transparent http proxy (Squid) on Just for the fun of it: it works from FreeBSD 8.x and SunOS 5.10 too, so maybe it's more like only OpenBSD can't connect? If you read my previous reply, you'll see that /2 is blocked also :) Best regards, Mikkel C. Simonsen
Re: power failure resistance
Ñ Ñ Ñ ÑÑ Ñ~Ñ Ñ Ñ¢ÑªÑ,ѽ art.is...@yandex.ru wrote: Remember you don't need a traditional UPS with an inverter for such a system, just a simple battery-backup unit. Have you considered something like these? http://www.mini-box.com/picoUPS-100-12V-DC-micro-UPS-system-battery-backup-system http://www.mini-box.com/picoUPS-120-12V-DC-micro-UPS-battery-backup How to attach this to alix devices. Is there possible solderless wiring? If the Alix devices can run on 12-16V DC, like the Soekris devices, then you can connect the Mini-box UPS-devices directly. No soldering required. Best regards, Mikkel C. Simonsen
Re: Huawei E355 and OBSD as SMS gateway
Tito Mari Francis Escaño wrote: Hello everyone, I researched online for using Huawei E355 with OpenBSD as a means to create an SMS gateway, however I did not find any reliable resource on this. Can somebody also please point me to the proper direction how OBSD can be used as an SMS gateway? I have seen many references only for Linux-based systems. Hope you could help me. With gratitude, thank you very much. If the Huawei E355 attaches as a modem, you can probably just use standard AT commands to send SMSs. Otherwise a lot of modems do exist that work fine for this. The ones I have used, use a standard RS-232 interface. Best regards, Mikkel C. Simonsen
Re: Patch to remove adult content from spamd(8) man page
J. Lewis Muir wrote: If it's somehow offensive to them and can be changed in a small way not to be, then I would accept the patch to change it. Everybody wins--no big deal. If everybody adapts what they say, to what they think others want to hear, then we no longer have freedom of speach. Everybody looses. But then I live in a country that, unlike the USA, actually has freedom of speach... Best regards, Mikkel C. Simonsen
Re: Network appliance recomendation.
Francisco Valladolid H. wrote: I need recommendations for a network appliance in rack mode with flash storage and five rj45 ports. RJ45 ports? 100Mbit? Gigabit? Can anyone recommended a solution for my needs ? If 100Mbit is fine, go with a Mini-ITX board and a 4-port Ethernet card in the PCI slot. Best regards, Mikkel C. Simonsen
Re: faxing
Peter Fraser wrote: I would like to know if anyone has done something similar or any good suggestions on what I should do to get faxing to work Connect the existing fax to a Linksys PAP2 (or whatever the current model is called), use the g711 codec, setup the PAP2 correctly, and faxing will work great. No need for a separate phone line anymore. Best regards, Mikkel C. Simonsen
Re: bootable OpenBSD USB stick from windows?
Heptas Torres wrote: On 2/12/13, Jan Stary h...@stare.cz wrote: On Feb 11 23:55:30, hepta...@gmail.com wrote: On 2/11/13, Jiri B ji...@devio.us wrote: On Mon, Feb 11, 2013 at 10:51:29PM +, Heptas Torres wrote: Hello I have an old laptop with no CD-ROM but can boot from USB. Given that I only have access to a windows machine to burn an iso image, do you know of an easy way (e.g. some windows programa) to create a bootable OpenBSD USB stick which I can then use to install OpenBSD on my old laptop? -heptas Install OpenBSD on your usb stick on this Windows machine, How to do that exactly from windows when I cannot boot OpenBSD on that machine? why can't you? because I don't have an OpenBSD booting media (the laptop has no CD-ROM, and I don't have bootable USB drive with OpenBSD - that's where I'm trying to get to). -heptas If you want it easy and simple, just buy a USB floppy drive and one disk - why make it more complicated? Best regards, Mikkel C. Simonsen
Re: Running OpenBSD on Raspberry Pi
Loïc BLOT wrote: It's a shame not to port OpenBSD on a Raspberry PI. I would like to a make a cheap firewall router box at home with this. Buy a used thin client on ebay. Better performance, less hassle and more flexibility. And it's cheaper than your beloved Raspberry Pi! And as a bonus, you can install the wireless card in the box. The Raspberry Pi is a nice toy, but it's still just a toy - in my opinion. Best regards, Mikkel C. Simonsen
Re: spam filtering misc spams
David Diggles wrote: I'm interested in hearing about peoples experiences with spam filtering the spam emails that make it through to misc. Mostly non-english. I have been using SpamAssassin and training it, yet the bayes in default weightings are not enough to get the misc spams into my spam box... in fact many still autolearn as ham. I use bogofilter, and it tags almost all spam from this mailing list as spam. There is an occasional false positive also though... Best regards, Mikkel C. Simonsen
Re: [SPAM]: Re: (no subject)
Eric Oyen wrote: is it me or does there seem to be a lot more spam on the lists of late? Bogofilter removes almost all the spam for me. But when somebody replies to it, the spam does get through ;) Best regards, Mikkel C. Simonsen
Re: cpu choice for firewall
Joe S wrote: I'm looking to build a new mini-itx firewall based on OpenBSD and would like to get some advice on CPU selection. I use 800MHz Via C3s or 266MHz Geodes for 15/15 links. Both work great. Best regards, Mikkel C. Simonsen
Re: German Government claims to be able to break PGP and SSH
Peter Laufenberg wrote: What do you guys think about the reliability of the news (unfortunatelly in German only) on www.golem.de My German's rusty but the follow-up article quoting Symantec mentions spyware/keylogging, which has been the traditional technique used in in the past. Yes, that's what the Bundestrojaner is for :) Best regards, Mikkel C. Simonsen
Re: one ADSL connection with 10 static IPs and PF
Mostaf Faridi wrote: I need help Then call your ISP and ask them to help you. Nobody else can. If they can't help you, get a better ISP. Best regards, Mikkel C. Simonsen
Re: I hate Spam
OpenBSD MailingList wrote: and receive a lot of spam mail through the lists. I only receive a couple a day - no problem at all. Just wondering how other subscribers solving this mather ? I use the messages that pass through for training bogofilter :) Best regards, Mikkel C. Simonsen
Re: Specs for a firewall.
Nick Holland wrote: DO NOT jump on the Alix/Soekris/Other-wacko-low-power-low-performing-specialty hardware train until you know what you are doing. It is good to see that people aren't automatically recommending Soekris for everything (the answer is Soekris. What's your question?) so much anymore... unfortunately, now it's Alix. Stick to standard computers until you are really comfortable with OpenBSD (or ANY OS you are planning on using). I like the Soekris systems, but they aren't cheap... A cheap option is old thin clients (Neoware, Igel, HP etc). Many of the older ones (often available on eBay), come with something like 256MB RAM, 512MB flash and a PCI slot for a second NIC. They work well for firewalls, they are silent and consume small amounts of power (a bit more than Soekris/Alix though). Best regards, Mikkel C. Simonsen
Re: pf and altq setup
I posted on the pf mailing list originally, but the very aggresive spam
filter will not allow me to post a follow-up. I guess there are some pf
users on this list also :)
My original post can be found here:
http://marc.info/?l=openbsd-pfm=129740086511664w=2
Stuart Henderson wrote:
Basically don't use queues named foo_in and foo_out, just use
a single name foo, defined with queue foo on $tdcif and queue
foo on $sirif. See the list archives for more; this has come up
several times.
If using separate names is wrong, why does the sample in the pf FAQ use
that method?
But I tried making this change, and many others. I could get either the
incoming or outgoing traffic to pass through the correct queues, but not
both at the same time.
The final version (so far) uses only pass out, and no pass in rules. I
also had to add no state to all the rules, to get the traffic through
the queues.
How much performance penalty do you get by not using states? The CPU of
the system is an 800MHz Via Ezra, so it should be fast enough I guess.
Is it possible to get it working with states?
The new config is included below.
And another question. How do you subscribe to this list? Every subscribe
request I have sent (to the address listed on benzedrine.cx), gets
rejected as spam...
Best regards,
Mikkel C. Simonsen
sirif=fxp0
tdcif=fxp1
table web const {1.2.3.171, 1.2.3.164}
table post const {1.2.3.165, 1.2.3.168}
table sirocco const {1.2.3.172}
table sir const {1.2.3.160/28}
table dns const {1.2.3.170, 1.2.3.164}
table dina const {1.2.3.162}
altq on $tdcif hfsc bandwidth 10.5Mb queue { voip_out, dns_out,
bulk_out, web_out, mail_out }
queue voip_out on $tdcif bandwidth 5% priority 7 qlimit 500 hfsc
(realtime 5%)
queue dns_out on $tdcif bandwidth 5% priority 6 qlimit 500 hfsc
(realtime 5%)
queue web_out on $tdcif bandwidth 40% priority 5 qlimit 500 hfsc
(realtime 30%)
queue mail_out on $tdcif bandwidth 25% priority 3 qlimit 500 hfsc
(upperlimit 50%)
queue bulk_out on $tdcif bandwidth 25% priority 4 qlimit 500 hfsc
(upperlimit 50% default)
altq on $sirif hfsc bandwidth 13.5Mb queue { voip_in, dns_in, bulk_in,
web_in, mail_in }
queue voip_in on $sirif bandwidth 4% priority 7 qlimit 500 hfsc
(realtime 4%)
queue dns_in on $sirif bandwidth 5% priority 6 qlimit 500 hfsc
(realtime 5%)
queue web_in on $sirif bandwidth 20% priority 5 qlimit 500 hfsc
(realtime 15%)
queue mail_in on $sirif bandwidth 41% priority 3 qlimit 500 hfsc
(upperlimit 50%)
queue bulk_in on $sirif bandwidth 30% priority 4 qlimit 500 hfsc
(upperlimit 50% default)
set skip on lo
set skip on rl0
# Trafik IND
pass in quick proto tcp from 2.105.54.144/29 to any port telnet queue
bulk_in
block in quick on $tdcif proto tcp to web port smtp
block in quick on $tdcif proto tcp to sirocco port 500
block in quick on $tdcif proto tcp to post port 275
block in quick on $tdcif proto tcp to any port telnet
block in quick on $tdcif proto tcp to any port 717
block in quick on $tdcif proto tcp from 89.104.217.210 to 1.2.3.165 port
smtp
pass out quick on $sirif proto udp from any to dina queue voip_in no state
pass out quick on $sirif proto { tcp, udp } from any to dns port
domain queue dns_in no state
pass out quick on $sirif proto tcp from any to web port {80, 443}
queue web_in no state
pass out quick on $sirif proto tcp from any to post queue mail_in no state
pass in quick queue bulk_in no state
# Trafik UD
pass out quick on $tdcif proto udp from dina to any queue voip_out no
state
pass out quick on $tdcif proto tcp from web to any queue web_out no state
pass out quick on $tdcif from dns to any queue dns_out no state
pass out quick on $tdcif proto tcp from post to any queue mail_out no
state
pass out quick queue bulk_out no state
