On Tue, Dec 20, 2005 at 07:42:30PM +, ed wrote:
Hello,
Just a stab in the dark, does anyone have advise/experience/suggestions
for debugging firewall problems?
Every now and then I do something which is just brain dead but takes a
while to figure out, its usually a typo in my rule
Hello,
I'm running into an issue which was brought up on the list before, the
last reference I found was in 2004:
http://archive.openbsd.nu/?ml=openbsd-pfa=2004-10m=430206
I have an OpenBSD 3.8 machine.
dc0 is an internal NIC assigned 192.168.20.250
fxp0 is an external NIC assigned a.b.c.d
On Tue, Dec 20, 2005 at 07:05:45PM +0300, Sizov Alexander wrote:
Hi!
I have OpenBSD 3.8+vsftpd (from ports)+pf on my box.
pfrules:
table rusip persist file /etc/rusip
block in from any to xx.xxx.xx.xxx
pass in from rusip to xx.xxx.xx.xxx
pass in from yy.yy.yyy.yy to
I tought one of the new features of the Intel Pentium 4, was it's new
real hardware-based random number generator, I remember reading about it.
Also take a look at this:
http://www.irisa.fr/caps/projects/hipsor/HAVEGE1.0.html
If you need alot of random numbers in a short time, you are looking
We have a problem getting mail from gmail through spamd. Google's gmail
public mail service use a large number of smtp servers. The first time
gmail tries to contact our smtp, it is being greylisted on our spamd
server. The problem is the next time it tries to repeat the
transmission, it
Thus Lukas Kubin [EMAIL PROTECTED] spake on Wed, 21 Dec 2005 11:55:30
+0100:
We have a problem getting mail from gmail through spamd. Google's
gmail public mail service use a large number of smtp servers. The
first time gmail tries to contact our smtp, it is being greylisted on
our spamd
We have a problem getting mail from gmail through spamd. Google's gmail
public mail service use a large number of smtp servers. The first time
gmail tries to contact our smtp, it is being greylisted on our spamd
server. The problem is the next time it tries to repeat the
transmission, it
One easier way I have had this working is to add an additional section
to your isakmpd.conf. Something like the following. Your NAT then takes
care of the rest.
[VPN-1]
Phase= 2
ISAKMP-peer=remote
Configuration=
If you add this extra section to your isakmpd.conf, do you need to add it to
the remote site too? Does this extra section change the negotiation between the
two endpoints.
Thanks
-Urspr|ngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Auftrag
von Nick Suckling
On Wed, December 21, 2005 12:06, Reza Muhammad said:
Dear All
C Compiler cannot create executable ?
what does it mean ?
My system is OpenBSD-3.8 Generic Kernel at Intel
Pentium M Proc 1600 Mhz (IBM Think Pad T41)
Please help ...
regards
reza
http://www.openbsd.org/mail.html
/jtm
Thankyou so much Rickie, Jason,Chris, Alex and JC for the replies :-)
On 12/21/05, J. C. Roberts [EMAIL PROTECTED] wrote:
On Wed, 21 Dec 2005 02:54:23 +0530, Siju George [EMAIL PROTECTED]
wrote:
I have a new Broadband Internet connection. It uses PPPoE with a
username and password to connect
I have been using IPSec a lot on OpenBSD and Mac OS X, but switched
almost completely to OpenVPN.
As far as I'm concerned OpenVPN is far less complex, works well with
NAT (off course you can NAT-T with OpenBSD, but Mac OS for example
doesn't support that), the design looks good, is based
Joachim Schipper [EMAIL PROTECTED] writes:
pfctl -n? It should catch, at least, typos.
I had the impression ed was looking for something to do about those the
typos which do not produce a syntax error, just silly rules.
pfctl -s [mumble] supplemented with -g and -v should help. Creative use
--- Stuart Henderson [EMAIL PROTECTED] wrote:
C Compiler cannot create executable ?
what does it mean ?
My system is OpenBSD-3.8 Generic Kernel at Intel
Pentium M Proc 1600 Mhz (IBM Think Pad T41)
You should repost, including this information:
what you were trying to do when you
Hi all,
This has been asked a truck load of times in the archives but I havent
found a solution.
HP DL server fans ran flat out all the time.
Any way of slowing them up and quieting them down ?
Does the new ACPI stuff have any impact on this.
Steve
At 06:41 AM 12/21/2005, Steve Murdoch wrote:
Hi all,
This has been asked a truck load of times in the archives but I
havent found a solution.
HP DL server fans ran flat out all the time.
Any way of slowing them up and quieting them down ?
Does the new ACPI stuff have any impact on this.
No the other side does not need to know about this additional section if
you are using NAT as described.
Nick
On Wed, 2005-12-21 at 14:06 +0100, Christoph Leser wrote:
If you add this extra section to your isakmpd.conf, do you need to add it to
the remote site too? Does this extra section
--- Jens Teglhus Mxller [EMAIL PROTECTED] wrote:
On Wed, December 21, 2005 12:06, Reza Muhammad said:
Dear All
C Compiler cannot create executable ?
what does it mean ?
My system is OpenBSD-3.8 Generic Kernel at Intel
Pentium M Proc 1600 Mhz (IBM Think Pad T41)
Please help ...
On Wed, December 21, 2005 14:45, Reza Muhammad said:
--- Jens Teglhus Mxller [EMAIL PROTECTED] wrote:
On Wed, December 21, 2005 12:06, Reza Muhammad said:
Dear All
C Compiler cannot create executable ?
what does it mean ?
My system is OpenBSD-3.8 Generic Kernel at Intel
Pentium M
Actually, the correct thing to do is to make one match with a single
letter and the other match with two or more letters. I chose to
make eject match e. This resolves the ambiguity.
- todd
On Wed, Dec 21, 2005 at 03:13:10PM +0100, Peter N. M. Hansteen wrote:
Joachim Schipper [EMAIL PROTECTED] writes:
pfctl -n? It should catch, at least, typos.
I had the impression ed was looking for something to do about those the
typos which do not produce a syntax error, just silly rules.
* Lukas Kubin [EMAIL PROTECTED] [051221 05:59]:
We have a problem getting mail from gmail through spamd. Google's gmail
public mail service use a large number of smtp servers. The first time
gmail tries to contact our smtp, it is being greylisted on our spamd
server. The problem is the next
Does this imply that I must not mention VPN-2 in the isakmpd.conf Connections
statement?
Thanks for your help.
-Urspr|ngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Auftrag
von Nick Suckling
Gesendet: Mittwoch, 21. Dezember 2005 15:32
An: misc@openbsd.org
On Wed, 21 Dec 2005, Christoph Leser wrote:
Does this imply that I must not mention VPN-2 in the isakmpd.conf Connections
statement?
Thanks for your help.
I tried with and without and didn't get it working either way. I think if
you do not include it in your Connections statement then it
I have a fair amount of experience networking in Windows 2000, Linux
Red Hat, and FreeBSD, but I am a relative newbie to OpenBSD, just
setting up my first practice machine, which is still basically a
typical default installation.
I have an SBC DSL connection, non-static IP (Netopia Cayman
On Wed, Dec 21, 2005 at 11:31:07AM -0600, Robert C Wittig wrote:
I re-wrote /etc/resolv.conf with the nameserver values that my
Modem/Router describes as DNS-1 and DNS-2, and as soon as I saved the
file, lynx, whois, etc., worked fast like a rocket, when domain names
were used, so obviously,
I came across
http://www.kb.cert.org/vuls/id/226364
which describes some vulnerablities in IKE Protocol V1 implementations.
That page state ( that is at least what I read from it ) that it is unknown
whether OpenBSD is affected or not.
Is anything known about this issue? Should I care about
On Wed, Dec 21, 2005 at 08:55:39PM +0100, Christoph Leser wrote:
I came across
http://www.kb.cert.org/vuls/id/226364
which describes some vulnerablities in IKE Protocol V1 implementations.
That page state ( that is at least what I read from it ) that it is unknown
whether OpenBSD is
Bug Hunting 101 - Finding The Alpha Bug
I've been told that The alpha bug has been around for quite some time
and no one has been able to find or fix it. I've also been told looking
for this bug has driven a few developers to drink, well, probably drink
more is a better description. Anyhow, since
On 12/21/05, Christoph Leser [EMAIL PROTECTED] wrote:
I came across
http://www.kb.cert.org/vuls/id/226364
which describes some vulnerablities in IKE Protocol V1 implementations.
That page state ( that is at least what I read from it ) that it is unknown
whether OpenBSD is affected or not.
OpenBSD 3.8 release.
I'm getting the same errors as this thread:
http://archives.neohapsis.com/archives/openbsd/2005-11/1980.html
I'm trying to use as many defaults as possible in this test setup, and
sha1 is not being chosen by the defaults. Any ideas?
Here is my ipsec.conf (yes, key values
Hi,
As far as I can tell, the bug smells like a race condition of some sort
and if my wild guess is correct, it will be difficult to reproduce
consistently. With some (but not all) race conditions, you can increase
the chance of triggering them by increasing loads. Since I want the race
On your question, this is what I have used form my IPSec tunnel's nat:
Internal network 192.168.8.0/24
Remote network 192.168.1.0/24
vpnip=192.168.1.1
scrub in
nat on enc0 from { gem0, gem0:network } - $vpnip
Together with:
# cat /etc/hostname.enc0
up
!ipsecadm flow -out -require -proto esp
On Wed, 21 Dec 2005 22:46:00 +0100 (CET), Siegbert Marschall
[EMAIL PROTECTED] wrote:
Hi,
As far as I can tell, the bug smells like a race condition of some sort
and if my wild guess is correct, it will be difficult to reproduce
consistently. With some (but not all) race conditions, you can
Robert C Wittig wrote:
snip/
So I wrote a shell script that, when run, will re-write
/etc/resolv.conf with the current working DNS-1 and DNS-2 values, that
I can run after boot, to replace the faulty info that is being place
in /etc/resolv.conf, during bootup... but the 'fix' only works for 30
hi folks,
i've a sun ultra 5 running openbsd 3.5 with a 5 port levelone
switch ethernet card without any problems.
the card runs also on a intel pc with openbsd 3.8 without
any problems.
now i've a sun netra t1 105 with openbsd 3.8 with the same
card and i've problems.
ifconfig vr0 up
now i've a sun netra t1 105 with openbsd 3.8 with the same
card and i've problems.
irq swizzling is broken on the t1 on OpenBSD. Cards requiring an irq
mostly won't work right, it is possible to work around for some cards
in ofw which you'll find some info in the sparc@ archives.
Hello Tobias,
Wednesday, December 21, 2005, 1:00:08 PM, you wrote:
TU To fix these values locally, take a look at dhclient.conf(5), especially
TU at the supersede option and domain-name-servers.
Right now 'dhclient.conf' is completely commented out.
Would adding the line:
supercede
the defaults are hmac-sha2-256 and aesctr which uses a 160 bit key.
On Wed, Dec 21, 2005 at 03:25:26PM -0500, Will H. Backman wrote:
OpenBSD 3.8 release.
I'm getting the same errors as this thread:
http://archives.neohapsis.com/archives/openbsd/2005-11/1980.html
I'm trying to use as many
Hello,
Does anyone have any news on VIA C7, or VIA EPIA platform in general?
The current offers are so outdated, they still don't offer gigabit
ethernet in most solutions, and the things that are offered are indeed
overpriced (whereas VIA C3 is supposed to be a really cheap solution,
it looks
On Wed, 2005-12-21 at 23:20 +, Stuart Henderson wrote:
now i've a sun netra t1 105 with openbsd 3.8 with the same
card and i've problems.
irq swizzling is broken on the t1 on OpenBSD. Cards requiring an irq
mostly won't work right, it is possible to work around for some cards
in ofw
I don't make any exceptions. I tell users sending me email to
repeatedly submit the message or contact the relevant support staff to
fix their servers. Obviously this is never going to cause Yahoo and
Google to change their email strategy... But I relish the challenge.
I'm a purist at
On Wed, 2005-12-21 at 23:20 +, Stuart Henderson wrote:
now i've a sun netra t1 105 with openbsd 3.8 with the same
card and i've problems.
irq swizzling is broken on the t1 on OpenBSD. Cards requiring an irq
mostly won't work right, it is possible to work around for some cards
Hello Fred,
Wednesday, December 21, 2005, 4:49:51 PM, you wrote:
FC You could put your local changes in /etc/resolv.conf.tail - thus when
FC resolv.conf is overwritten your local changes will be preserved.
Yep, thanks!
Another listmember suggested this to me off-list, and I did it, and it
has
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stuart Henderson
Sent: Wednesday, December 21, 2005 4:55 PM
To: Thomas Bvrnert
Cc: misc@openbsd.org
Subject: Re: vr0 interrupt_vector: spurious vector 7c3 at pil 7 sparc64
On Wed, 2005-12-21 at 23:20 +,
I know this is going to be OT, but since this bug seems to deal with only
OpenBSD on alpha, possibly in locore.s and does not seem to affect netbsd,
that I might point out a coincidental, but most likely unrelated bug.
After kde starts, the file /tmp/.X11-unix/X0 is created and assigned
to the kde user with world rw privileges.
This vulnerability can be removed by executing
chmod 700 /tmp/.X11-unix/X0
in a konsole session immediately after kde initializes.
Also, kde does not chown /dev/[tp]typ* files
I work for an ISP
It shows. Disagree off-list please.
Constantine A. Murenin [EMAIL PROTECTED] wrote:
Does anyone have any news on VIA C7, or VIA EPIA platform in general?
The C7 (Esther) looks like a wet dream for an IPsec gateway, but I
can't find any evidence that it actually exists. Apart from VIAs
pages, a web search only turns up press
It seems that only root can access /dev/rcd0c when using tools such as
cdrdao, cdda2wav and cdparanoia, even when the user is in the operator
group:
$ cdparanoia -v -d /dev/rcd0c -B
Checking /dev/rcd0c for cdrom...
Testing /dev/rcd0c for SCSI interface
generic device:
yeah, that's how X works.
On 12/21/05, Dave Feustel [EMAIL PROTECTED] wrote:
After kde starts, the file /tmp/.X11-unix/X0 is created and assigned
to the kde user with world rw privileges.
This vulnerability can be removed by executing
chmod 700 /tmp/.X11-unix/X0
in a konsole
On Wed, Dec 21, 2005 at 10:26:38PM -0700, Ludwig Mises wrote:
It seems that only root can access /dev/rcd0c when using tools such as
cdrdao, cdda2wav and cdparanoia, even when the user is in the operator
group:
$ cdparanoia -v -d /dev/rcd0c -B
Checking /dev/rcd0c for cdrom...
52 matches
Mail list logo