Re: I want buy labtop ,work OpenBSD, wireless network must work
Thanks all guys, but I need guide about Asus or Sony. Can I find Asus or Sony can work great with OpenBSD? On Dec 31, 2011 9:28 AM, "Richard Thornton" wrote: > buy an i3 instead, but what is the deign flaw which cannot be fixed via > microcode updates? > > On Fri, Dec 30, 2011 at 10:16 PM, STeve Andre' wrote: > > > On 12/30/11 21:23, Kevin Chadwick wrote: > > > >> On Fri, 30 Dec 2011 04:42:43 -0500 > >> "STeve Andre'" wrote: > >> > >> It's not the newest model, but the W500 is a wonderful laptop. I > >>> am using it now. 2.8G core two > >>> > >> Should that be w500 with dual core. Core two duos have botched microcode > >> with security risks according to Theo, though I'm not sure of the > >> specifics/severity. > >> > >> > >> Yes, W500's do have that potential problem. It's a real issue, > > which makes me think that not running Windows is a grand > > idea. I'm not sure there is a solution to this. Laptops are > > special--you can't take parts out or add them as easily as a > > desktop. *sigh* > > > > --STeve Andre'
Re: I want buy labtop ,work OpenBSD, wireless network must work
Thanks all guys . Sorry for my bad English , I must use laptop , but I used labtop . For me model is very important ,for example I want know which model of Lenovo work good with OpenBSD . For example I want know Lenovo ThinkPad 7000t work good or no On Dec 30, 2011 12:28 PM, "Vitali" wrote: > On Fri, Dec 30, 2011 at 9:41 AM, Mostaf Faridi > wrote: > > Hello all guys, > > After long time I want buy labtop and I want use it in my work place , in > > my work place we have only wireless network and we do not have wire > network > > and we have linksys router and other guys connect to linksys and use > > network .other guys use Windows ,but I want use OpenBSD , and I do not > know > > which models ,I must buy .my new labtop must work in wireless network . > > Please help me which model I must buy . I can find Lenovo and Asus in > here > > and I can find some model of Sony too. > > I want use OpenBSD with GNOME and I want use it as Desktop. > > Please guide me which model I must buy ? My notebook or my labtop must > has > > 6 gigabytes of RAM and has very powerful CPU > > > > http://www.openbsd.org/faq/faq6.html#Wireless > Please, look here. There is a list of the supported WiFie devices. > > > -- > ### Coonardoo - P QP8P=P8Q P:P0 Q Q Q P=Q / The Well In The Shadow / Le > Puits > Dans L'Ombre ###
I want buy labtop ,work OpenBSD, wireless network must work
Hello all guys, After long time I want buy labtop and I want use it in my work place , in my work place we have only wireless network and we do not have wire network and we have linksys router and other guys connect to linksys and use network .other guys use Windows ,but I want use OpenBSD , and I do not know which models ,I must buy .my new labtop must work in wireless network . Please help me which model I must buy . I can find Lenovo and Asus in here and I can find some model of Sony too. I want use OpenBSD with GNOME and I want use it as Desktop. Please guide me which model I must buy ? My notebook or my labtop must has 6 gigabytes of RAM and has very powerful CPU
Re: one ADSL connection with 10 static IPs and PF
I need help On Nov 27, 2011 8:58 AM, "Mostaf Faridi" wrote: > I had leased line Before and had NAT server with openBSD and before l > FreeBSD NAT before > On Nov 27, 2011 2:24 AM, "rancor" wrote: > >> What do you know? >> Den 26 nov 2011 23:44 skrev "Gholam Mostafa Faridi" < >> mostafafar...@gmail.com>: >> >>> we had Leased line before and we had 27 static IPs before , but our ISP >>> do not support is very well , and we change our ISP and we buy ADSL >>> connection with 10 static IPs , my NAT Server is OpenBSD 5 , before we >>> change our connection type from Leased line to ADSL , we have cisco 800 >>> router and Leased line connect to cisco 800 and after that we connect it to >>> our NAT server , every thing was good and it work like charm , but after >>> change connection type , ISP give us Zyxcel ADSL modem with 10 startic IP , >>> and our IPS do not say what we must do with this ADSL modem and these IPs. >>> we do not know , which mode we must use in ADSL modem , PPoE or bridge ? >>> we do not know use PPoE or Bridge mode with ADSL modem and our ISP do not >>> give us enough information , if I want make NAT server with PF with mode I >>> must set in ADSL modem ? PPoE or bridge ? >>> we do not know how we must config our NAT server , >>> we do not know we need ppp or no ? >>> we do not konw how we must config PF . >>> we have to use 10 static IPs and we can not use one static IP , because >>> of our policy . >>> which options , I must add to my PF.conf
Re: one ADSL connection with 10 static IPs and PF
I had leased line Before and had NAT server with openBSD and before l FreeBSD NAT before On Nov 27, 2011 2:24 AM, "rancor" wrote: > What do you know? > Den 26 nov 2011 23:44 skrev "Gholam Mostafa Faridi" < > mostafafar...@gmail.com>: > >> we had Leased line before and we had 27 static IPs before , but our ISP >> do not support is very well , and we change our ISP and we buy ADSL >> connection with 10 static IPs , my NAT Server is OpenBSD 5 , before we >> change our connection type from Leased line to ADSL , we have cisco 800 >> router and Leased line connect to cisco 800 and after that we connect it to >> our NAT server , every thing was good and it work like charm , but after >> change connection type , ISP give us Zyxcel ADSL modem with 10 startic IP , >> and our IPS do not say what we must do with this ADSL modem and these IPs. >> we do not know , which mode we must use in ADSL modem , PPoE or bridge ? >> we do not know use PPoE or Bridge mode with ADSL modem and our ISP do not >> give us enough information , if I want make NAT server with PF with mode I >> must set in ADSL modem ? PPoE or bridge ? >> we do not know how we must config our NAT server , >> we do not know we need ppp or no ? >> we do not konw how we must config PF . >> we have to use 10 static IPs and we can not use one static IP , because >> of our policy . >> which options , I must add to my PF.conf
Re: I want copy pf.conf from FreeBSD 8.2 to OpenBSD 5 and use it
Thanks Dear Friends
I will fix it, it is great, I have only one mistake in my new pf.conf
About private and public IPs, you says true
Can I optimiz this pf.conf?
Thanks in advance
On Nov 13, 2011 2:36 PM, "David Walker" wrote:
> Hey.
>
> On 06/11/2011, Gholam Mostafa Faridi wrote:
> >
> > NAT1= "10.10.10.194"
> >
> > paltalk1= "{ 192.168.0.20, 192.168.0.21, 192.168.0.22 }"
> >
> > match out on egress inet from !(paltalk1) to any nat-to (NAT1)
> >
> > much different is in NAT rule , and other things is simillar old pf.
> >
> > I have 27 valid IPs or static IPs , and I have to put many lines in my
> > pf.conf
> >
> >
> > I want three invalid IPs assigned to one Valid or static IP. for
> example
> > if my valid IP is 10.10.10.1 , I need these IPs 192.168.0.1 ,
> > 192.168.0.2 , 192.168.0.3 assigned to 10.10.10.1
> >
> >
> > this is my net work digram
> > |
> > |
> > |
> > |
> > 10.10.10.192/27
> > external
> >
> > OpenBSD pf firewall
> >
> > internal
> > 192.168.168.0.1/24
> > |
> > |
> > |
> > |
> >
>
>
> http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5&manpath=OpenBSD+5.0#EXAMPLES
>
> Looking really quickly this is wrong:
> > match out on egress inet from !(paltalk1) to any nat-to (NAT1)
>
> ! == NOT
> $ == MACRO
>
> match out on egress inet from ($paltalk1) to any nat-to ($NAT1)
>
> BTW, they are public and private addresses, not valid and invalid.
> Static is something different again (does not change in contrast to
> dynamic, i.e. DHCP),
>
> > best wishes,
> > mfaridi
> >
>
> Action learning is an educational process whereby the participant
> studies their own actions and experience in order to improve
> performance. Learners acquire knowledge through actual actions and
> repetitions, rather than through traditional instruction.
>
> http://en.wikipedia.org/wiki/Action_learning
>
> To study and not think is a waste. To think and not study is dangerous.
>
> http://en.wikiquote.org/wiki/Confucius
>
> Best wishes.
Re: I want copy pf.conf from FreeBSD 8.2 to OpenBSD 5 and use it
Thanks Your guide learn me many thing .my experience with FreeBSD and OpenBSD is good .but my experience with FreeBSD is much better . In work place I run FreeBSD server for Samba and NAT and this server work good and work like charm , but I do not know why PF does not work good , if you see my conf , you see my conf does not has problem , but I do not know why this conf does not work good , and sometimes some users do not have internet and can not browse webpage but they can chat with messenger . I want migrate from FreeBSD to OpenBSD , yesterday I install OpenBSD 5 amd64 and run samba server with OpenBSD and it work good . In first step I run samba server with OpenBSD , and after this I want run NAT server with OpenBSD . And for start I want understand , is my PF.conf work in OpenBSD or no ? I hate Windows OS , and want only run all of my servers with BSD, specially OpenBSD. Thanks in advance On Nov 8, 2011 5:32 PM, "David Walker" wrote: > Mostaf Faridi wrote: > > My problem is this I do not enough time to start from scratch and make > new > > rule . > > If you were moderately familiar with OpenBSD you could have, in the > time between the start of this thread and now, read pf.conf for > OpenBSD 5.0 and written on paper or wherever a complex ruleset. > If your boss won't allocate time for this and expects you to outsource > it to the web and whatever then he's doing it wrong. > You don't have a good enough familiarity with OpenBSD (or FreeBSD) to > know where to start. Right? > > If you do plan to migrate then you should build a machine, install > OpenBSD 5.0, write a ruleset and test it. > In your workplace, testing may mean swapping the machines until > everyone complains and you swap them back and try again but doing it > the way you're doing it now (no experience, asking for copy and paste > administration, no testing) is wrong. > > > in my work place , my boss find another person can do internet > > sharing with Windows 2008 and ISA and this person say he can make best > > internet sharing server > > So you want pf on OpenBSD and don't want to see a Windows machine ... > ... but you're not interested in reading about pf on OpenBSD ... > > Who's running the current FreeBSD machine? > How come they can't understand it? > Why not troubleshoot that? > Etcetera ... > How will swapping to a new operating system be better than using the > current one which almost works? > > If you want to stay with FreeBSD you should at a minimum understand > your current ruleset (removing any non-essential lines might be a good > start) if you want to get help on it. Again though you're in the wrong > place. > Can you explain what every line in the pf.conf you sent is for? > If not, find out, if it does nothing, delete it, whatever. > > Describe your network, do you have issues with DNS, do you have a http > proxy, what tests have you done from clients, etcetera ... > Have you looked here: > > http://www.freebsd.org/cgi/man.cgi?query=pfctl&sektion=8&manpath=FreeBSD+8.2-RELEASE > So on and so forth. > > Under those circumstances, maybe Windows is the better choice. > Certainly without any relevant OpenBSD experience you're better off > with FreeBSD right? > > > I said before my my pf.conf in FreeBSD work good , but sometimes some > user > > lost internet and they can not browse web pages , but they can chat with > > paltalk , after reboot or disbable or enable PF this problem solve . > > Fine. > You have choices. > > Fix your current setup which should involve reading the FreeBSD > pf.conf documentation and talking to people on the FreeBSD lists. > Goodbye. > > Build an OpenBSD machine, in which case, talk to you when you've got a > machine running and you have some more appropriate questions. People > will help you. > > Either way you're should be willing to invest time and if you won't do > that on your own and your boss doesn't want you to do it in work time > then let the Windows people worry about it. Good times. > > Best wishes.
Re: I want copy pf.conf from FreeBSD 8.2 to OpenBSD 5 and use it
Thanks My problem is this I do not enough time to start from scratch and make new rule .in my work place , my boss find another person can do internet sharing with Windows 2008 and ISA and this person say he can make best internet sharing server , I said before my my pf.conf in FreeBSD work good , but sometimes some user lost internet and they can not browse web pages , but they can chat with paltalk , after reboot or disbable or enable PF this problem solve . I think I have mistakes or problems in my PF.conf . So after search in Google , I see PF version in FreeBSD is so old , so I decided move from FreeBSD to openBSD . I wish my PF work good in OpenBSD Thanks in advance. On Nov 8, 2011 3:38 PM, "David Walker" wrote: > Mostaf Faridi wrote: > > Thanks > > Your 3 way is good . I choose number 3 . > > Please note carefully how number 3 works ... > > *You* either have to track between FreeBSD then and OpenBSD now ... two > different trees over however many years ... > ... or track between FreeBSD then, whatever pf they imported from > OpenBSD then and do method 2 over any number of OpenBSD releases ... > > Note the asterisks - *You* > Please let me know how it goes. > ... method 1 is far simpler and better suited to your circumstances. > If you *try* method 1 (asterisks) you'll probably get pretty far on > your own and get enough help after that to get it working. > One rule at a time ... > > Trying to do method 3 by yourself or asking others to help you or > asking others to do it all for you ... is not as good as method 1 ... > > > I have pf.conf from FreeBSD and it > > work good for me over 3 months. But sometimes it dose not work good , I > > said my problem in first email . > > I avoided that bit. It was the lack of paragraphs. > Yet you want to use it as a foundation for an OpenBSD pf.conf ... > This is problematic ... maybe you could start again from scratch? > See method 1 ... > > > I want only understand : is this pf.conf work great in opnbsd or no ? > > If it's designed for FreeBSD ... and doesn't work in FreeBSD ... it's > not realistic to think it might somehow work in OpenBSD. > > I'm not sure if your english is a problem for you but you're way off > course. > > Best wishes.
Re: I want copy pf.conf from FreeBSD 8.2 to OpenBSD 5 and use it
Thanks Your 3 way is good . I choose number 3 . I have pf.conf from FreeBSD and it work good for me over 3 months. But sometimes it dose not work good , I said my problem in first email . I want only understand : is this pf.conf work great in opnbsd or no ? And I want find my mistake if I have in pf.conf I want know is this pf.conf has problems or no ? Thanks all guys help me to solve this problem On Nov 8, 2011 1:18 PM, "David Walker" wrote: > Mostaf Faridi wrote: > > Thanks all guys > > Sorry for my bad English I , only understand is this pf.conf work in > > openbsd 5 or no .? Which part I must edit and change it > > Is this pf.conf is correct ? > > Thanks in advance > > You're doing it wrong. > > Three ways you could write a pf.conf for OpenBSD ... > > 1. > ... start from scratch (start from nothing). > Read the documentation that comes with that release, in this case the > pf.conf man page for OpenBSD 5.0 ... > > http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5&manpath=OpenBSD+5.0 > Read a vendor supplied FAQ ... for additional help ... if it relates > to that release. > In this case: > http://www.openbsd.org/faq/pf/index.html > If you are careful and do your homework you might have the odd > question and then you can search the archives, do a Google, post to > misc@ and so on. See here: > http://www.openbsd.org/mail.html > Dumping an entire pf.conf isn't part of this process. > > 2. > ... you go from one OpenBSD release to another OpenBSD release. > For example OpenBSD 4.9 to OpenBSD 5.0 ... and use this: > http://www.openbsd.org/plus50.html > Everything to do with pf.conf (e.g. the first item on that page) > should prompt you to examine your existing rules and see if they need > modifying ... referring to the pf.conf man page, which is probably > good practice anyway. > Note, that requires a working pf.conf from the same vendor (e.g. an > existing ruleset from OpenBSD) and a willingness to follow the dots > (i.e. the plus pages) ... > Dumping an entire pf.conf isn't part of this process either. > > 3. > Use a pf.conf from a different release ... and a different operating > system ... > You either have to track between FreeBSD then and OpenBSD now ... two > different trees over however many years ... > ... or track between FreeBSD then, whatever pf they imported from > OpenBSD then and do method 2 over any number of OpenBSD releases ... > > Sometimes starting from scratch is the way to go. > > If you can get a new pf.conf from a FreeBSD one without too much > confusion you should still understand it anyway to apply it to your > real ruleset as opposed to your copy paste example ... see method 1. > > Regardless, dumping a large conf and asking people to "fix" it for you > without any evidence you've tried yourself won't fly around here. > Copy and paste administration will only lead to misery or reading man > pages anyway or both ... > > Apart from the lack of paragraphs in your first mail your english is fine. > > Best wishes.
Re: I want copy pf.conf from FreeBSD 8.2 to OpenBSD 5 and use it
Thanks all guys
Sorry for my bad English I , only understand is this pf.conf work in
openbsd 5 or no .? Which part I must edit and change it
Is this pf.conf is correct ?
Thanks in advance
On Nov 8, 2011 7:35 AM, "John Tate" wrote:
> There is only one way to do a job like this: Write down what it does in
> clear English (or your own language), and do the whole thing from scratch.
> It will only be tediously slow for the first half of the job.
>
> On Wed, Nov 2, 2011 at 10:29 AM, Gholam Mostafa Faridi <
> mostafafar...@gmail.com> wrote:
>
>> Hi
>> In work place , we have over 24 computer and all of them are windows and
>> , I have NAT server . this NAT server use FreeBSD 8.2 AMD 64 , and I use PF
>> for NAT with FreeBSD 8.2 . after many search in google , I find this pf.conf
>>
>>
>> ns# cat /usr/local/pf/pf.conf
>> # $FreeBSD: src/share/examples/pf/faq-example1,v 1.1 2004/09/14 01:07:18
>> mlaier Exp $
>> # $OpenBSD: faq-example1,v 1.2 2003/08/06 16:04:45 henning Exp $
>> # Edited by: mfaridi
>>
>> MACROS
>>
>>
>> ext_if = "sk0"
>> int_if = "re0"
>> External_net= "10.10.10.192/27"
>> Local_net = "192.168.0.0/24"
>> Local_Web = "192.168.0.10"
>> Local_Srv = "192.168.0.1"
>> Prtcol = "{ tcp, udp }"
>> Admin_IP= "{ 10.10.10.192/27, 11.11.11.0/21, 12.12.12.0/18 }"
>> ICMP_Types = "{ echorep, unreach, squench, echoreq, timex }"
>>
>> #Define ports for common internet services
>> #TCP_SRV = "{ 25, 53, 80, 110, 143, 443, 465, 587, 993, 995, 8443
>> }"
>> #UDP_SRV = "{ 53 }"
>> TCP_SRV = "{ 80, 443 }"
>> UDP_SRV = "{ }"
>> Samba_TCP = "{ 139, 445 }"
>> Samba_UDP = "{ 137, 138 }"
>>
>>
>> SERVER = "10.10.10.200"
>> NAT1= "10.10.10.194"
>> NAT2= "10.10.10.195"
>> NAT3= "10.10.10.196"
>> NAT4= "10.10.10.197"
>> NAT5= "10.10.10.198"
>> NAT6= "10.10.10.199"
>> NAT7= "10.10.10.201"
>> NAT8= "10.10.10.202"
>> NAT9= "10.10.10.203"
>> NAT10 = "10.10.10.204"
>> NAT11 = "10.10.10.205"
>> NAT12 = "10.10.10.206"
>> NAT13 = "10.10.10.207"
>> NAT14 = "10.10.10.208"
>> NAT15 = "10.10.10.209"
>> NAT16 = "10.10.10.210"
>> NAT17 = "10.10.10.211"
>> NAT18 = "10.10.10.212"
>> NAT19 = "10.10.10.213"
>> NAT20 = "10.10.10.214"
>> NAT21 = "10.10.10.215"
>> NAT22 = "10.10.10.216"
>> NAT23 = "10.10.10.217"
>> NAT24 = "10.10.10.218"
>> NAT25 = "10.10.10.219"
>>
>> All IP of Groups which can be connect to Internet
>> paltalk1= "{ 192.168.0.20, 192.168.0.21, 192.168.0.22 }"
>> paltalk2= "{ 192.168.0.23, 192.168.0.24, 192.168.0.25 }"
>> paltalk3= "{ 192.168.0.26, 192.168.0.27, 192.168.0.28,
>> 192.168.0.29 }"
>> webdsgn1= "{ 192.168.0.30, 192.168.0.31, 192.168.0.32 }"
>> webdsgn2= "{ 192.168.0.33, 192.168.0.34, 192.168.0.35 }"
>> webdsgn3= "{ 192.168.0.36, 192.168.0.37, 192.168.0.38 }"
>> webdsgn4= "{ 192.168.0.39, 192.168.0.40, 192.168.0.41 }"
>> webdsgn5= "{ 192.168.0.42, 192.168.0.43, 192.168.0.44 }"
>> webdsgn6= "{ 192.168.0.45, 192.168.0.46, 192.168.0.47 }"
>> webdsgn7= "{ 192.168.0.48, 192.168.0.49, 192.168.0.50 }"
>> webdsgn8= "{ 192.168.0.51, 192.168.0.52, 192.168.0.53,
>> 192.168.0.54 }"
>> rased1 = "{ 192.168.0.60, 192.168.0.61, 192.168.0.62 }"
>> rased2 = "{ 192.168.0.63, 192.168.0.64, 192.168.0.65 }"
>> rased3 = "{ 192.168.0.66, 192.168.0.67, 192.168.0.68 }"
>> rased4 = "{ 192.168.0.69, 192.168.0.70 }"
>> rased5 = "{ 192.168.0.200, 192.168.0.201, 192.168.0.202,
>> 192.168.0.203, 192.168.0.204, 192.168.0.205 }"
>> rased6 = "{ 192.168.0.206, 192.168.0.207, 192.168.0.208,
>> 192.168.0.209, 192.168.0.210, 192.168.0.211 }"
>> rased7 = "{ 192.168.0.212, 192.168.0.213, 192.168.0.214,
>> 192.168.0.215, 192.168.0.216, 192.168.0.217 }"
>> rased8 = "{ 192.168.0.218, 192.168.0.219, 192.168.0.220,
>> 192.168.0.221, 192.168.0.222, 192.168.0.223, 192.168.0.224, 192.168.0.225
>> }"
>> admin1 = "{ 192.168.0.55, 192.168.0.56, 192.168.0.57 }"
>> admin2 = "{ 192.168.0.58, 192.168.0.59 }"
>>
>> ### TABLES
>>
>>
>> #Define privileged network address sets
>> table const { 127.0.0.0/8, 192.168.0.0/16, 13.13.0.0/12,
>> 10.0.0.0/8, 0.0.0.0/8, \
>> 14.14.0.0/16, 192.0.2.0/24, 15.15.15.0/23,
>> 224.0.0.0/3 }
>> table persist file "/usr/local/pf/Network/blocklist.lst"
>> table persist file "/usr/local/pf/Network/hackers.lst"
>>
>> #Define Favou
