Hi everybody,
I am trying to setup the new in-kernel pppoe on a openbsd 3.7-stable with a
custom kernel.
I followed the instructions in the man 4 pppoe. My isp gives me a dynamic
ip.
here is my hostname.pppoe (extract from the man):
Code:
pppoedev ne3
!/sbin/ifconfig ne3 up
!/usr
On Wed, Aug 03, 2005 at 11:03:34AM +1000, Rod.. Whitworth wrote:
> Somebody sent me a query asking for a justification for my proposal to
> supply a firewall/router using OpenBSD when there was thsi device:
> http://www.dlink.com/products/?pid=327 , with all its claimed bells and
> whistles.
>
> A
On Tue, 2005-08-02 at 22:09 -0400, Jim Fron wrote:
> What it does that an OBSD solution can't is be low power, cheap, and
> bought off the shelf (maybe there are off-the-shelf suppliers of OBSD
> machines, but they aren't in every strip mall in the country).
To the third of those, I agree. To th
On Tue, 2 Aug 2005 18:43:56 -0400
"Barry, Christopher" <[EMAIL PROTECTED]> wrote:
> Authpf seems to do this via ssh, but I'll need to service non-ssh
> equipped sales folk, etc. Is there a project around that provides this
> functionality, or will I need to create it?
Clicking an icon on their Wi
* Andy Bradford <[EMAIL PROTECTED]> [2005-08-02 21:36]:
> Thus said "Barry, Christopher" on Tue, 02 Aug 2005 18:43:56 EDT:
>
> > Authpf seems to do this via ssh, but I'll need to service non-ssh
> > equipped sales folk, etc. Is there a project around that provides this
> > functionality, or w
On 8/2/05, Andy Bradford <[EMAIL PROTECTED]> wrote:
>
> Thus said "Barry, Christopher" on Tue, 02 Aug 2005 18:43:56 EDT:
>
> > Authpf seems to do this via ssh, but I'll need to service non-ssh
> > equipped sales folk, etc. Is there a project around that provides this
> > functionality, or will I ne
But while we're on the subject.. Permit me a small rant... When you
can hang your IDS stuff off something in front and behind the
firewall, I think people are smoking big 'ol bags of crack when they
want to combine them.
From a security perspective it's like taking a porsche (Ope
Thus said "Barry, Christopher" on Tue, 02 Aug 2005 18:43:56 EDT:
> Authpf seems to do this via ssh, but I'll need to service non-ssh
> equipped sales folk, etc. Is there a project around that provides this
> functionality, or will I need to create it?
What about redirecting to a webpage tha
Steven M. Caesare wrote:
> Having an external cabled antenna is a significant consideration for
> me, as my OBSD box is ina rack, and remoting the antenna for my Access
> Point is necessary to get any decent coverage. Any other .11g card
> recommendations that meet this criteria welcome as well.
As I've said, read the archives. I run piles of ami's.
They work.
only gotcha with 3.7 is turn off apm on i386, or run 3_7-stable or
current where the issue is fixed.
-Bob
* Marco Peereboom <[EMAIL PROTECTED]> [2005-08-02 20:00]:
> How about ami?
>
> RAID mgmt is starting to t
On Aug 2, 2005, at 9:03 PM, Rod.. Whitworth wrote:
Anybody know what, if anything, it does that an OBSD solution doesn't/
cannot, that may be important?
Or alternatively the reverse.
What it does that an OBSD solution can't is be low power, cheap, and
bought off the shelf (maybe there are
The next firmware or os version may require the purchase of a new
appliance because these upgrades will not support your appliance. On
the other hand, you can bet that a new release of obsd/pf will not
require the purchase of new hardware.
On Tuesday 02 August 2005 08:03 pm, Rod.. Whitworth wro
Rod.. Whitworth wrote:
> Somebody sent me a query asking for a justification for my proposal to
> supply a firewall/router using OpenBSD when there was thsi device:
> http://www.dlink.com/products/?pid=327 , with all its claimed bells and
> whistles.
The DLink doesn't have failover or load balanci
Has anybody had any success with a D-Link DWL-G530 802.11g card in an
OpenBSD 3.7 box?
It's apparently an Atheros 5213 based (unless somebody has found
different with a newer rev) board. I've found a msg in the archives that
suggest the 5213 is compatible with the 5212 and this supported,
provided
On Wed, 03 Aug 2005 11:03:34 +1000
"Rod.. Whitworth" <[EMAIL PROTECTED]> wrote:
> Somebody sent me a query asking for a justification for my proposal to
> supply a firewall/router using OpenBSD when there was thsi device:
> http://www.dlink.com/products/?pid=327 , with all its claimed bells and
>
How about ami?
RAID mgmt is starting to trickle into the tree.
On Tue, Aug 02, 2005 at 08:05:21PM -0500, J.D. Bronson wrote:
> I am wondering if anyone has any recommendations for very well
> supported RAID cards (u320) for 3.7 ?
>
> I have a nice LSI card, but the mpt support is not quite ther
* Aaron Glenn <[EMAIL PROTECTED]> [2005-08-02 19:01]:
> On 8/2/05, Rod.. Whitworth <[EMAIL PROTECTED]> wrote:
> > Anybody know what, if anything, it does that an OBSD solution doesn't/
> > cannot, that may be important?
>
> Complete documentation and source code you can not only look at, but
> mod
On 8/2/05, Rod.. Whitworth <[EMAIL PROTECTED]> wrote:
> Anybody know what, if anything, it does that an OBSD solution doesn't/
> cannot, that may be important?
Complete documentation and source code you can not only look at, but
modify if you're so inclined.
aaron.glenn
Just ran into a wall with the scponly option:
"If you do use chroot(), your binary will need to be setuid."
I'll pass on that one for now...
-mike
Quoting Scott Francis <[EMAIL PROTECTED]>:
On 8/2/05, Michael C. Ibarra <[EMAIL PROTECTED]> wrote:
Hi Scott;
Ran across this one yesterday, ju
Hi ---
In a recent thread, somebody in this list recommended Greg Lehey's
"Porting UNIX Software" book as a worthwhile reading for porting
matters.
I'd like to communicate to the members of this list that Greg Lehey
has kindly made this book available online (over a year ago, it
seems), and yo
I am wondering if anyone has any recommendations for very well
supported RAID cards (u320) for 3.7 ?
I have a nice LSI card, but the mpt support is not quite there just
yet and I was hoping someone might have another suggestion - adaptec perhaps?
thanks in advance...I really want a hardware b
Somebody sent me a query asking for a justification for my proposal to
supply a firewall/router using OpenBSD when there was thsi device:
http://www.dlink.com/products/?pid=327 , with all its claimed bells and
whistles.
Anybody know what, if anything, it does that an OBSD solution doesn't/
cannot,
Does anyone know if the RICOH R5C485 chipset is YENTA compliant and/or
will work with OpenBSD/i386? I haven't found a definitive answer
Googling. I have an Engenius 802.11b card I'd like to use in a desktop
PC.
Any recommendations?
BTW, it looks like the messages from my Gmail account aren't m
Highly educational. Thanks.
I shall not taunt you a second time...
> Web-based authpf is a bad idea. See the following *archive*search* for
> the last few times this was discussed.
> http://marc.theaimsgroup.com/?l=openbsd-misc&w=2&r=2&s=authpf+web&q=b
Are there any problems known with the raidframe-device?
In my case: I've a IBM X330 with dual P3 800Mhz and 2 SCSI-HDDs.
One is about 160Gb and the other is smaler. I created a raid for the /home
but today the server stoped working. I've just remote acces so the
tecnican (a guy I know) told me the
Jason McIntyre wrote:
>> What, then, is the proper way of fixing small problems with
>> documentation, etc? At least for me, I find it difficult to make a
>> fuzz about things like these, because of their relatively unimportant
>> nature. A wiki-like system comes to mind, but as a disclaimer, I
>>
Dear folks,
i am considering integrating windows XP desktop with openbsd servers.
I am thinking with the following scenarios.
OpenBSD servers for the following services:
0) NIS;
1) NFS;
2) Kerberos;
Windows XP Professional Desktop with the following:
SFU 3.5
I wish to be able to add users on
Stefan Sczekalla-Waldschmidt wrote:
> Hi,
>
> I've googled a lot about how I simply could mirror the boot disk of my
> OpenBSD based routers.
>
> The intention is not to have the harddisk as a single point of failure.
heh. you are likely in for a rude surprise.
('course, by definition, RAID mea
Web-based authpf is a bad idea. See the following *archive*search* for
the last few times this was discussed.
http://marc.theaimsgroup.com/?l=openbsd-misc&w=2&r=2&s=authpf+web&q=b
That being said I do not know of anyone insane enough to publically
admit to creating a web interface for authpf. Furt
On Wednesday 03 of August 2005 00:43, Barry, Christopher wrote:
> Greetings everyone,
>
> I've got a parallel untrusted network that services conference
> rooms, visitor cubes and wireless access points that is serviced by dual
> OBSD 3.7 firewalls using carp and pfsync.
>
> What I woul
Greetings everyone,
I've got a parallel untrusted network that services conference
rooms, visitor cubes and wireless access points that is serviced by dual
OBSD 3.7 firewalls using carp and pfsync.
What I would like to do is to allow clients to get an IP, and
then when they open t
Does anyone know if the RICOH R5C485 chipset is YENTA compliant and/or
will work with OpenBSD/i386? I haven't found a definitive answer
Googling. I have a Senao 802.11b card I'd like to use in a desktop
PC.
Any recommendations?
Thanks,
Greg
> Do you think that I must disable AH in sysctl.conf?
>
> net.inet.ah.enable=0
>
> Only this? I can't try this now because I'm not at office. I'll try it
> tomorow...
> Thanks,
> Helio.
> Yes, you can use that setting to disable AH. Also, you need to make
> sure that your NAT routers are forwar
>> I am implementing an FTP server and need it to use SSL/TLS. I
>> know ftpd doesn't support this, and was wondering if anyone had any
>> suggestions on an alternative. I know SFTP exists, but that is not
an
>> option, as the clients are not going to change. I know pure-ftpd
>> supports th
Just in case you don't know, "scponly" works great.
In our datacenter we need to give users access to "ftp"
but we also need a secure access. Since the users are not allowed to
gain SSH access we use the "scponly" solution.
I did not know that, and will look into t
It would be sweet if "we" could just simply set the users shell
to
usr/bin/false to prevent ssh while still allowing scp/sftp. I've
got a
hunch doing this involves non-trival code changes.
That's what I was lead to believe as well. My users will never be
connecting anonym
[EMAIL PROTECTED] wrote:
[very long...]
I haven't followed this thread thoroughly, but systrace(1) is part of
the base system.
regards,
Andreas
On Tue, Aug 02, 2005 at 07:24:55PM +0200, Sven Ingebrigt Ulland wrote:
>
> I certainly agree, and I think the general issue is quite interesting:
> Things like these aren't very essential to the OS (compared to big
> advances in hardware support, for example), but I believe they matter
> quite a b
On Tue, Aug 02, 2005 at 01:05:41PM -0400, Will H. Backman wrote:
>
> There are paragraphs that describe the list of fields, such as:
> The GROUP field is the group that the user will
> The CLASS field is used by login(1) and other programs...
> The CHANGE field is the number in seconds...
> Th
Do you really need to use IPsec? If not try OpenVPN (www.openvpn.org)
it's an SSL/TLS VPN, it.s VERY easy to setup works like a charm on OBSD
and is quite happy sitting behind a NAT'd Internet connection. All you
need to do is reverse PAT UDP 1194 from you router's/Firewall's external
interface
> another potential problem with FTPS vs. SFTP is
> firewalling. SFTP needs just one port, FTPS needs
> several, as its really just 'good' ole ftp. And I
> would certainly be curious how you would proxy an
> encrypted ftp connection
>
> -Matt
You're right but there's no official Solution for
On Tue, Aug 02, 2005 at 01:05:41PM -0400, Will H. Backman wrote:
> > > I'm not sure how to fix it, but...
> > > Looking at "man 5 passwd", each field is bold in the narrative
> > > description except for the paragraph that explains the home_dir.
> >
> > which bit exactly do you think should be mar
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Jason McIntyre
> Sent: Tuesday, August 02, 2005 12:36 PM
> To: misc@openbsd.org
> Subject: Re: man 5 passwd fix
>
> On Tue, Aug 02, 2005 at 10:00:45AM -0400, Will H. Backman wrote:
> > I'm not sure how
another potential problem with FTPS vs. SFTP is
firewalling. SFTP needs just one port, FTPS needs
several, as its really just 'good' ole ftp. And I
would certainly be curious how you would proxy an
encrypted ftp connection
-Matt
On Tue, Aug 02, 2005 at 10:00:45AM -0400, Will H. Backman wrote:
> I'm not sure how to fix it, but...
> Looking at "man 5 passwd", each field is bold in the narrative
> description except for the paragraph that explains the home_dir. I'm
> using 3.7.
> --
which bit exactly do you think should be
hi,
can somebody tell me how i get qemu with tun-device working under
openbsd? qemu -user-net is working fine - but i want multiple interfaces
with different subnets...
i'm not very familiar with tun/tap devices.
here is what i've tried (both - installed qemu system and host are
openbsd 3.7-stabl
On 2005-08-02 17:13, Stefan Sczekalla-Waldschmidt wrote:
Hi,
I've googled a lot about how I simply could mirror the boot disk of my
OpenBSD based routers.
The intention is not to have the harddisk as a single point of failure.
I've seen a rather interesting documentation on how to do this usin
Votre courrier ` 'cps-users-fr' dont l'objet est
RETURNED MAIL: DATA FORMAT ERROR
est en attente jusqu'` ce que le modirateur de la liste puisse le
consulter pour approbation.
La raison de cette mise en attente :
Envoi par un non-abonni sur une liste reservie aux abonnis
Le message ser
Hi,
I've googled a lot about how I simply could mirror the boot disk of my
OpenBSD based routers.
The intention is not to have the harddisk as a single point of failure.
I've seen a rather interesting documentation on how to do this using
raidframe at:
http://wiki.abstrakt.ch/bin/view/HOWTOs/Ope
I misunderstood your implementation. NAT on router_{4,5} is likely the
culprit - if it is doing NAT. If can pull the NAT functionality in to
the OBSD boxen, and make router_{4,5} simply route, then this would
work. You will need ideally 3 'real' IPs on the Internet for each site
to do this though,
On Mon, 01 Aug 2005 20:15:04 -0400, Steve Shockley
<[EMAIL PROTECTED]> wrote:
>J.C. Roberts wrote:
>> I don't mean to be confrontational but personally I didn't think there
>> was any point in securing anon/public access?
>
>Does FTP in SSL/TLS verify certificates? It could be used to verify
>th
pf would work fine, maybe with a tarpit-like (as in spamd-setup?). Not
sure if I want to be bothered with entertaining others though ;-) -mike
Quoting Scott Francis <[EMAIL PROTECTED]>:
On 8/2/05, Michael C. Ibarra <[EMAIL PROTECTED]> wrote:
Hi Scott;
Ran across this one yesterday, just wa
I'm not sure how to fix it, but...
Looking at "man 5 passwd", each field is bold in the narrative
description except for the paragraph that explains the home_dir. I'm
using 3.7.
--
Will Backman - Network Administrator
Coastal Enterprises, Inc.
http://www.ceimaine.org
> -Original Message-
> From: Helio Santana [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, August 02, 2005 8:59 AM
> To: misc@openbsd.org
> Subject: VPN behind a router
>
> Hi,
> first excuse my english, please.
>
> I'm trying to make a VPN between 2 computers with OpenBSD behind a
> router t
On 8/2/05, Michael C. Ibarra <[EMAIL PROTECTED]> wrote:
> Hi Scott;
>
> Ran across this one yesterday, just wasn't sure how secure it is as
> sftp-only. So far it looks like this will be what I may use, throwing
> in tcp-wrappers.
not a lot of difference between scp and sftp (aside from sftp bei
Hi Scott;
Ran across this one yesterday, just wasn't sure how secure it is as
sftp-only. So far it looks like this will be what I may use, throwing
in tcp-wrappers.
Thanks,
-mike
Quoting Scott Francis <[EMAIL PROTECTED]>:
On 8/1/05, Michael C. Ibarra <[EMAIL PROTECTED]> wrote:
[snip]
I
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Helio Santana
> Sent: Tuesday, August 02, 2005 8:58 AM
> To: misc@openbsd.org
> Subject: VPN behind a router
>
> Hi,
> first excuse my english, please.
>
> I'm trying to make a VPN between 2 computers
On 8/1/05, Michael C. Ibarra <[EMAIL PROTECTED]> wrote:
[snip]
> I am currently migrating/upgrading an entire farm of servers from
> RedHat Linux & Solaris to current and one of the roadblocks I am
> encountering is setting a chrooted sftp. I am aware of chroot.sf, but
> am looking for a solution
I can't agree more with you. But my real problem is that I'm trying to
get my OpenBSD NAT/Firewall to connect to my Wireless ISP with a 54Mbit
Wlan card.
The problem is that they are using hidden ssid, mac-address filtering,
Dhcp and a login system based on a web page + DNS redirection.
A have t
Hi,
first excuse my english, please.
I'm trying to make a VPN between 2 computers with OpenBSD behind a
router that connected to internet (See schema)
Private LAN4 -- OBSD_4 Router_4 Internet Router_5
- OBSD_5 Private LAN5
Every OBSD has 2 net cards 1 connected to rou
On Mon, Jul 25, 2005 at 09:36:58AM +0200, Marc Winiger wrote:
> Hi
>
> On wi(4) wlan cards it is possible to get the desired nwid with
> WI_RID_DESIRED_SSID, independent whether the card is associated to an
> access point or not.
>
it's a useless button, you can do it with SIOCG80211NWID as wel
I wish I could chime in and let you know more specifics about your
question, but I want to let you know my experience with wireless and
just leave it at that. Maybe someone can actually help you with your
question.
Either way, what I've found is that hiding your ssid from the world
does nothing ex
http://winscp.sf.net
I do not see any reason why not. See (inline) attachments. Apply both.
And maybe reply to the list if it is working (or not)?
regards,
Bolke
Mark Redding wrote:
>Hi,
>
>would it be possible to share these patches. I've been having similar
>problems with the U530 on generic kernels ( 3.5, 3.6
Hi.
I'm have problems to connect to a AP with hidden ssid.
As soon as I unhides the ssid my OpenBSD client can connect and when I
hides the ssid on the AP again, my client drops the connection!?
Why is that?
I'm using OpenBSD snapshot (from 31/7) and a Ralink rt2500 pccard (Level
One WPC-03
ALERT!
This e-mail, in its original form, contained one or more attached files that
were infected with a virus, worm, or other type of security threat. This e-mail
was sent from a Road Runner IP address. As part of our continuing initiative to
stop the spread of malicious viruses, Road Runner s
Hi,
would it be possible to share these patches. I've been having similar
problems with the U530 on generic kernels ( 3.5, 3.6 ). I would love
patches that work against release if possible.
Regards,
Mark
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> On Beha
Federico,
The combined patch works. The single patch (eg the second you sent) did
not by itself. I have attached the dmesg of both. Please note that the
patches have been applied to 3.6 en the kernel is not Generic as I do
not have a system currently around with 3.7/current and a cardbus slot.
Hello everybody.
I just wanted to say thank and hi to everybody in the OpenBSD tent on WTH.
Wim: we left pretty early on the monday so we didn't get a chance to
say thanks in person and say good bye. Thank you for everything, it
was a great organized event :)
It was pretty fun to see on WTH, I saw
I use iperf ( http://dast.nlanr.net/Projects/Iperf/ ) to do measurements...
-Oorspronkelijk bericht-
Van: conchita alvarez [mailto:[EMAIL PROTECTED]
Verzonden: maandag 21 maart 2005 18:52
Aan: misc@openbsd.org
Onderwerp: network monitoring
My name is conchita alvarez. I have frame relay
On Mon, 1 Aug 2005, Robert Hish wrote:
> I have never noticed these before in the dmesg, but recently my openbsd server
> has been hanging on fdc0 for longer then usual on boot, and immediately
> following fdc0 is biomask, netmask, ttymask, each followed with a hex. Just
> curious what this is?
a
71 matches
Mail list logo
