poncenby wrote:
> use qmail (http://cr.yp.to/qmail.html) as the
MTA - not sendmail.
Aaaag!!! At the risk of starting a
flame-fest, do yourself a favour, ignore this
advice and stay away from qmail. The license
issue alone should make you stop and think
first. It is about a
> On Tue, 6 Sep 2005 15:25:29 -0500, John Brooks wrote:
>
> >My office network has an adsl connection with a single static
> >ip as follows:
> >
> > 209.145.160.141/24 (gw 209.145.160.1)
> >
> >I requested additional ip's from my provider and they gave me
> >8 addresses at:
> >
> > 207.246.1
> On Tuesday, September 06, John Brooks wrote:
>
> >
> > (209.145.160.141)
> > OBSD #1 -
> > \
> > Switch DSL Modem ISP(209.145.160.1)
> > /
> > OBSD #2 -
> > (207.246.198.220)
> >
> > I was expecting that 207.246.198.
On Mon, 05 Sep 2005 15:35:19 +0200, Stephan A. Rickauer wrote:
> Well, I am thinking of using OpenBSD for our firewalls. Those I do want
> to upgrade regularly. Not because of features, but because of patches.
You will be rewarded by this choice; I am sure !
And still, I cannot understand the wr
On Tue, 6 Sep 2005, Kelly Martin wrote:
> I've got an A6 primary partition with various /usr and /var style partitions
> within. Pretty standard, but I ran out of disk space. I added a second
> primary A6 partition in the freespace of the same disk using fdisk, but
don't do this.
> Can someone w
Hello
I have the following problem, i have a CNet CWP-854 Ralink Wireless-G PCI
Adapter i have configured it on OpenBSD 3.8 Beta after some attempts i was
able to get a status to ACTIVE, however it seems that there is no connection
available, ping any clients on the same network fails same goes fo
Does anyone on the list have any comments or caveats on using OpenBSD
as a primary OS on either the Dell Precision m70 or Hewlett Packard
nc6230 notebooks? Google turns up nothing interesting on either.
regards,
aaron.glenn
Still getting the same errors as below:
131529.495890 Plcy 40 check_policy: adding authorizer [passphrase:password]
131529.495915 Plcy 40 check_policy: adding authorizer
[passphrase-md5-hex:5f4dcc3b5aa765d61d8327deb882cf99]
131529.495927 Plcy 40 check_policy: adding authorizer
[passphrase-sha1-he
I gotta ask for help or I'm gonna hose my multi-boot system.
I've got an A6 primary partition with various /usr and /var style partitions
within. Pretty standard, but I ran out of disk space. I added a second
primary A6 partition in the freespace of the same disk using fdisk, but
cannot figure out
On Tue, Aug 30, 2005 at 03:41:14PM +0200, Simon Dassow wrote:
> On Tue, Aug 30, 2005 at 03:30:01PM +0200, Miroslav Kubik wrote:
> > Is there a way how to show PID which belongs to the socket by netstat
> > command? I searched man pages but I haven't found any useful switch for my
> > need. I sear
On Tue, 6 Sep 2005 15:25:29 -0500, John Brooks wrote:
>My office network has an adsl connection with a single static
>ip as follows:
>
> 209.145.160.141/24 (gw 209.145.160.1)
>
>I requested additional ip's from my provider and they gave me
>8 addresses at:
>
> 207.246.198.216/29
>
>They are
On Tuesday, September 06, John Brooks wrote:
>
> (209.145.160.141)
> OBSD #1 -
> \
> Switch DSL Modem ISP(209.145.160.1)
> /
> OBSD #2 -
> (207.246.198.220)
>
> I was expecting that 207.246.198.217 would have been set
My office network has an adsl connection with a single static
ip as follows:
209.145.160.141/24 (gw 209.145.160.1)
I requested additional ip's from my provider and they gave me
8 addresses at:
207.246.198.216/29
They are routing all 8 of these new addresses down my adsl
'pipe'. On my OB
On 9/6/05, Cristian Del Carlo <[EMAIL PROTECTED]> wrote:
> What can i use to connect sendmail and clamd?
Perhaps, if only for hints, you may want to take a look at MailDroid
that came across the list some time ago. It connects the in-base
sendmail to clamav through smtp-vilter from ports.
You'll
Alexander Bochmann wrote:
I'm successfully using smtp-vilter as milter
for clamav, but I haven't followed the latest
development on OpenBSD pthreads, and people
used to say that there's problems with the
thread implementation (search the archives
for specifics) - so going with milters might
Hello List,
I reinstalled 3.8-beta on the alpha with just the required sets and the
hostname.pppoe0 and ppp.conf files with the amap_wipeout panic still
occuring.
I tried UKC> disable amap and pkg_delete -F amap-5.1.tgz and amap-4.5.tgz
without any success.
Any ideas on solving this is much
tony sarendal wrote:
On 06/09/05, Karl Austin <[EMAIL PROTECTED]> wrote:
You've read my mind, that was going to be my next question if my issue
about having multiple communities per route was addressed (I tried
-current and it doesn't work). Soft reset, and more route information
from bgpct
Peter Huncar wrote:
> I'm using OpenBSD (3.6 now) as my web/dns/mail/whatever server
> for a couple of years. I was very satisfied until a couple of
> days ago I noticed, that my web server is not working. I
> restarted apache, everything was ok then, but after some time
> the same happened. I got
On 06/09/05, Karl Austin <[EMAIL PROTECTED]> wrote:
> tony sarendal wrote:
>
> >I've started to test bgpd to see if I can use if for a future project.
> >Are there any plans to make bgpctl show communities, originator-id and
> >cluster-list ?
> >
> >Any plans of adding route-refresh to bgpctl ? So
Hello list,
I just noticed that my USB flash memory stick stopped working after
3.7 (it's been a while since I last used it). Whereas it used to
work perfectly, any attempt to access (e.g. read the disklabel,
mount, dd, ...) the disk now just hangs the machine.
So I traced back the commit which m
Cristian Del Carlo wrote:
Hi list,
i am planning to use openbsd as mail server with sendmail and clamd as
antivirus on intel machine.
use qmail (http://cr.yp.to/qmail.html) as the MTA - not sendmail.
What can i use to connect sendmail and clamd?
I know that there are several methods : milter
Agreed! Soft-reset would be awesome and more functionality from bgpctl
wouldn't hurt. As is though I like the output style from bgpctl since it
keeps things concise.
Regards,
Joe
On 9/6/05, Karl Austin <[EMAIL PROTECTED]> wrote:
>
> tony sarendal wrote:
>
> >I've started to test bgpd to see if I
Will H. Backman wrote:
>>-Original Message-
>>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
>>
>>
>Of
>
>
>>Theo de Raadt
>>Sent: Tuesday, September 06, 2005 11:43 AM
>>To: Stephan A. Rickauer
>>Cc: misc@openbsd.org
>>Subject: Re: Lifecycle question
>>
>>
>>
>>>The
In short, I'm looking for a way to obtain multiple IP addresses via DHCP
on a single NIC. For a more elaborate explanation, see below.
I'm working on a router / firewall in a somewhat arcane network setup.
The situation is as follows: I live in a student dorm with a farily
large local 100 Mbit net
I thought I would give the latest Beta a try on a 4WAY PIII. The USB
is supposed to be disabled in the BIOS as there are no physical USB
connectors even on this box. Its a Dell 6350
---Mike
>> OpenBSD/i386 BOOT 2.10
boot>
booting hd0a:/bsd: 4846336+944176 [52+249696+230995]=0x5fb28
tony sarendal wrote:
I've started to test bgpd to see if I can use if for a future project.
Are there any plans to make bgpctl show communities, originator-id and
cluster-list ?
Any plans of adding route-refresh to bgpctl ? Something like "bgpctl
nei clear (in|out)" ?
Although I miss a few fe
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Theo de Raadt
> Sent: Tuesday, September 06, 2005 11:43 AM
> To: Stephan A. Rickauer
> Cc: misc@openbsd.org
> Subject: Re: Lifecycle question
>
> > The reason why I bother this list is that I am impress
Stephan A. Rickauer wrote:
Tobias Weingartner schrieb:
This is a systems management issue. It all depends on how you manage
your systems. Compartementalizing change, change management, etc. I
Exactly.
can recommend talking to Fritz Zaucker (tell him I sent ya). He's at
ETHZ as well (i
> The reason why I bother this list is that I am impressed of OpenBSD from
> the technical point of view. I like its consistency and purity. But in
> business environments or comparable organizations where money is an
> issue, one needs to think about system management very carefully, since
> i
On Sun, 4 Sep 2005, Shawn K. Quinn wrote:
> On Sun, 2005-09-04 at 13:57 +0200, [EMAIL PROTECTED] wrote:
> > p.s.
> > Forget about D-Link! I recomment to stay far far away of these crap.
>
> I am using a D-Link switch and it has performed acceptably so far. Their
> wireless access points might be a
Search google for openbsd vilter.
Then follow the cached link at the top of the results. The tutorial
describes pretty much what you want. Also tells you how to generate a
new sendmail.cf.
Also, update your /etc/rc* files to have sendmail use the new config
file.
vlad
On Tue, Sep 06, 2005 at 0
Ok,
thanks a lot it seems quite simple to configure.
I don't know about the configuration of sendmail. What i need to have in
sendmail.cf to work with smtp-vilter?
Thanks,
cristian
On Sep 06, 2005 03:34 PM, Stuart Henderson <[EMAIL PROTECTED]> wrote:
> --On 06 September 2005 15:13 +0200, Cris
Hi Peter,
> [Tue Sep 6 13:58:01 2005] [error] [client 84.47.4.140] (24)Too many
> open files: file permissions deny server
> access: /htdocs/apex.sk/index.html
Look at kern.maxfiles (1772 by default) and update if necessary (`man
sysctl`, `man sysctl.conf`). Also, search the archives for other
p
The problem is, that the firewall MUST run with OpenBSD !!
Thanks for answers
Stephan A. Rickauer wrote:
Nick Holland schrieb:
There are a lot of measures to how the upgrade process works out. Here
are SOME:
1) Frequency (i.e., how often do you need to do upgrades)
2) Difficulty (how much human work is involved)
3) Ugency (when an upgrade is needed, how important i
El mar, 06-09-2005 a las 15:13 +0200, Cristian Del Carlo escribis:
> Hi list,
> i am planning to use openbsd as mail server with sendmail and clamd as
> antivirus on intel machine.
> What can i use to connect sendmail and clamd?
> I know that there are several methods : milter, amavis etc...
> Th
Hi.
I'm using OpenBSD (3.6 now) as my web/dns/mail/whatever server for a couple of
years. I was very satisfied until a couple of days ago I noticed, that my web
server is not working. I restarted apache, everything was ok then, but after
some time the same happened. I got many many lines like this
There is no support for PF. If you need in-line function for an IPS, you can
take a look at a FreeBSD/snort_inline/IPFW/divert socket solution:
http://freebsd.rogness.net/snort_inline/
The snort_inline code primarily supports Linux netfilter/libpq. Also note
that snort2pf is considered Active Res
...on Tue, Sep 06, 2005 at 03:13:01PM +0200, Cristian Del Carlo wrote:
> i am planning to use openbsd as mail server with sendmail and clamd as
> antivirus on intel machine.
> What can i use to connect sendmail and clamd?
> I know that there are several methods : milter, amavis etc...
Depen
I've started to test bgpd to see if I can use if for a future project.
Are there any plans to make bgpctl show communities, originator-id and
cluster-list ?
Any plans of adding route-refresh to bgpctl ? Something like "bgpctl
nei clear (in|out)" ?
Although I miss a few features it is really nice
Do you search for something like this?
http://www.thinknerd.org/~ssc/wiki/doku.php?id=snort2pf
-Original Message-
From: Florian [mailto:[EMAIL PROTECTED]
Sent: dinsdag 6 september 2005 15:20
To: misc@openbsd.org
Subject: Snort-Inline with OpenBSD
Hello community
I tried to install Snor
> Now my question: Is there any way to install snort with inline functionality
> ??
i dont know, snort inline need netfilter API.
you can to use snortsam. -> http://www.snortsam.net
--On 06 September 2005 15:13 +0200, Cristian Del Carlo wrote:
i am planning to use openbsd as mail server with sendmail and clamd
as antivirus on intel machine. What can i use to connect sendmail and
clamd?
/usr/ports/mail/smtp-vilter works nicely, but if users should normally
receive most at
Cristian Del Carlo schrieb:
What can i use to connect sendmail and clamd?
We use clamsmtp on linux. Don't know whether it is available for OpenBSD...
Anyway: http://memberwebs.com/nielsen/software/clamsmtp/
--
Stephan A. Rickauer
Institut f|r Neuroinformatik
Cristian Del Carlo wrote:
Hi list,
i am planning to use openbsd as mail server with sendmail and clamd as
antivirus on intel machine.
What can i use to connect sendmail and clamd?
smtp-vilter, which is in ports.
I know that there are several methods : milter, amavis etc...
Thanks,
Cristian
Hello community
I tried to install Snort_Inline on my OpenBSD-firewall.
But in the ports-collection only snort is implemented.
when I try to compile / configure the sources from www.snort.org with
--enable-inline
I get an error that a "libipq.h" is missing. Its a file for iptables under
linux.
Now
Hi list,
i am planning to use openbsd as mail server with sendmail and clamd as
antivirus on intel machine.
What can i use to connect sendmail and clamd?
I know that there are several methods : milter, amavis etc...
Thanks,
Cristian Del Carlo
It is enabled at all times but on OpenBSD, it is not used until
needed. See also "swapctl -l" and swapctl(8).
Andreas
On 06/09/05, Joco Salvatti <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I have a OpenBSD system acting as a firewall. When I use the "top" command I
> see
> that the swap space is
--On 06 September 2005 09:36 -0300, JoC#o Salvatti wrote:
I have a OpenBSD system acting as a firewall. When I use the "top"
command I see that the swap space is not being used.
Typically, one would hope that a firewall doesn't have to swap...
I'd like to know
if the swap space is only enabl
Hi all,
I have a OpenBSD system acting as a firewall. When I use the "top" command I see
that the swap space is not being used. I'd like to know if the swap space is
only enabled when the system needs it or if it's enabled just when the system
comes up.
Thanks
--
Joco Salvatti
Undergraduating in
Ingo Schwarze wrote:
By the way, in case you are looking for serious intrusion
detection, you should not rely on /etc/security anyway, but
install (and maintain!) some real intrusion detection system.
Yours,
Ingo
Agreed. Even storing hashes off site it wouldn't be difficult to get
around
Stephan A. Rickauer wrote:
> Nick Holland schrieb:
...
>> Yes, OpenBSD had new releases every six months, and only supports a
>> previous release with patches for one past release, so your frequency is
>> going to be higher. So, at the outside, you are looking at an upgrade
>
> Ok, that is the ke
--On 06 September 2005 10:16 +0200, Stephan A. Rickauer wrote:
>There is one thing I still don't understand. What effort is it to
>deliver patches (not backports) longer than just a few month - given
>that the overall amount of patches per release is low with OpenBSD
>anyway... let's say you have
On Tue, Sep 06, 2005 at 11:00:34AM +0100, Stuart Henderson wrote:
> There doesn't have to be so much difference, actually. With OpenBSD an
> upgrade is usually pretty straightforward. The main part of the process
> (boot from bsd.rd, run the 'upgrade' process) can equally be used for
> patches a
--On 06 September 2005 10:16 +0200, Stephan A. Rickauer wrote:
There is one thing I still don't understand. What effort is it to
deliver patches (not backports) longer than just a few month - given
that the overall amount of patches per release is low with OpenBSD
anyway... let's say you have fo
Stuart Henderson schrieb:
# pfctl -sr -vv
Cool!
--
Stephan A. Rickauer
Institut f|r Neuroinformatik
Universitdt / ETH Z|rich
Winterthurerstriasse 190
CH-8057 Z|rich
Tel: +41 44 635 30 50
Sek: +41 44 635 30 52
Fax: +41 44 635 30 53
http://www.ini.ethz.
--On 06 September 2005 11:29 +0200, Stephan A. Rickauer wrote:
I am now trying to find out, what 'rule 267' should be and found
posts regarding 'pfctl -s rules'. My problem is, that rule number 267
has absolutely nothing to do with the line logged above.
# pfctl -sr -vv
Andreas Kahari schrieb:
I have a "scrub all fragment reassemble" showing up on the first line
of "pfctl -s rules". The rules are numbered from 0 (zero). Therefore
I need to add 2 to the line number of the pfctl output to get the
right rule.
Thanks Andreas, that explanation fixes my problem as
I have a "scrub all fragment reassemble" showing up on the first line
of "pfctl -s rules". The rules are numbered from 0 (zero). Therefore
I need to add 2 to the line number of the pfctl output to get the
right rule.
The log entry
Sep 04 21:45:56.156323 rule 8/(match) pass in on fxp0:
xxx.xxx.x
On Tue, Sep 06, 2005 at 12:25:23AM -0500, Andrew Daugherity wrote:
> ===
> a) biomask e74d netmask ff4d ttymask ffef
...
this are the interrupt masks (on i386) for the levels IPL_BIO,
IPL_NET and IPL_TTY after autoconfiguration has finished. They
will be modified again when clock and rtc are init
On 9/6/05, Stephan A. Rickauer <[EMAIL PROTECTED]> wrote:
> The reason why I bother this list is that I am impressed of OpenBSD from
> the technical point of view. I like its consistency and purity. But in
> business environments or comparable organizations where money is an
> issue, one needs to t
My 'tcpdump -n -e -i pflog0' generates lines like these:
11:22:12.538707 rule 267/(match) block in on em0: 172.16.2.97.32790 >
225.4.5.6.6001: udp 341 [ttl 1]
I am now trying to find out, what 'rule 267' should be and found posts
regarding 'pfctl -s rules'. My problem is, that rule number 26
Tobias Weingartner schrieb:
This is a systems management issue. It all depends on how you manage
your systems. Compartementalizing change, change management, etc. I
Exactly.
can recommend talking to Fritz Zaucker (tell him I sent ya). He's at
ETHZ as well (in EE I think). His team, along
Nick Holland schrieb:
There are a lot of measures to how the upgrade process works out. Here
are SOME:
1) Frequency (i.e., how often do you need to do upgrades)
2) Difficulty (how much human work is involved)
3) Ugency (when an upgrade is needed, how important is it that it
is done *NOW*
On 9/6/05, Stephan A. Rickauer <[EMAIL PROTECTED]> wrote:
> Not to mention that upgrades with other OS's are even painful _with_ HA
> setup ...
>
> As an Insitute we have limited resources in terms of personal AND money.
> Therefore, I am forced to rethink any strategy twice. Thanks to all
> comm
Abraham Al-Saleh schrieb:
I am already in love with it, since I plan to use it as a HA-firewall
using carp and pfsync. Problem here is just that it looks as if I had to
reinstall it all year ...
If that's the case, then you just take one down, upgrade it, bring it
back online, take the other d
66 matches
Mail list logo
