Hi Guys,
I am fairly new to OpenBSD, so I just being learning from all of you.
This subject I can help out a bit. VLANs was design to separate
broadcast domains, not be a security feature. It is more of a side
effect and companies tout that it can be used for security. Newer
codes are much bet
On Sat, 24 Mar 2007 18:41:00 -0700
"Aaron Glenn" <[EMAIL PROTECTED]> wrote:
> On 3/24/07, Sylwester S. Biernacki <[EMAIL PROTECTED]> wrote:
> > Hi guys,
> >
> > I've looked over for importing bgpd status to snmp to use with
> > 'sofisticated' monitoring system. Hope somebody has similar
> > pr
Hi,
> Just looking for a recommendation on a good/cheap (but not necessarily
> fast) microatx motherboard. Or possibly, one of those via
> motherboards, but needs to fit in an atx case.
You might also look into the Jetway J7F4 series mini-itx boards. Dual
onboard re nics.
HTH... Nico
On 3/25/07, Jay Jesus Amorin <[EMAIL PROTECTED]> wrote:
>
> any site or doc about openbsd kernel configuration, info or tweak
> aside from man page?
>
> thanks
>
>
http://www.openbsd.org/faq/faq5.html#Why
Q: 5.6 - Why do I need a custom kernel?
A: Actually, you probably don't.
That said,
http://
any site or doc about openbsd kernel configuration, info or tweak
aside from man page?
thanks
Hi,
Been using OpenBSD 4.0 w/ PF for a quite a while now, everything is running
perfectly smooth, our setup is to block all incoming packets while allow all
for outbound packets as long as connections are initiated from within our
local lan. The only problem we encountered was that we can't connec
Once again, I solved my own problem 10seconds after I emailed the list. You'd
think the official FAQ would always be the first place one would look when they
encounter a problem.
http://www.openbsd.org/faq/pf/ftp.html#server
On Mon, Mar 26, 2007 at 01:30:52AM -0400, James Turner wrote:
> In the
On 3/25/07, bofh <[EMAIL PROTECTED]> wrote:
Just looking for a recommendation on a good/cheap (but not necessarily
fast) microatx motherboard. Or possibly, one of those via
motherboards, but needs to fit in an atx case.
I just put together a server with this cheap $70 PCChips V21G board:
http:
On Sun, Mar 25, 2007 at 10:36:37PM +0200, Joachim Schipper wrote:
> On Sun, Mar 25, 2007 at 09:48:35PM +0200, Karel Kulhavy wrote:
> > On Fri, Mar 23, 2007 at 03:26:25PM -0700, J.C. Roberts wrote:
> > > On Friday 23 March 2007 12:13, Tobias Weisserth wrote:
> > > > From the emails in this thread w
In the process of setting up ftpd I seem to have hit a snag. When I try to ftp
to my server from home (OpenBSD -current) all goes well until I issue the ls
command.
I get this error: "435 Can't build data connection: No such file or directory."
I
am able to ls when I connect from the server it
On 3/26/07, Todd Alan Smith <[EMAIL PROTECTED]> wrote:
http://www.newegg.com/Product/Product.aspx?Item=N82E16813138027
I've been quite happy with the machines thus far.
However, beware that the chipsets are all NVIDIA.
Thanx!
On 3/25/07, bofh <[EMAIL PROTECTED]> wrote:
Just looking for a recommendation on a good/cheap (but not necessarily
fast) microatx motherboard. Or possibly, one of those via
motherboards, but needs to fit in an atx case.
Thanx in advance.
I recently built two Windows machines for a client
usin
On 3/26/07, Adam Hawes <[EMAIL PROTECTED]> wrote:
> > If this works with a powered USB hub, then it is a result of
> > insufficient USB power from the Zaurus, during the early
> startup time.
> >
> >
> I put the usb hub out there for the single purpose of
> powering it. Only
> th eone pieve of g
> > If this works with a powered USB hub, then it is a result of
> > insufficient USB power from the Zaurus, during the early
> startup time.
> >
> >
> I put the usb hub out there for the single purpose of
> powering it. Only
> th eone pieve of gear on the hub, too, so need another idea.
>
Are yo
Theo de Raadt wrote:
>> I have a Zaurus here (and arm architecture), and I use a device aue0 for
>> my networking. My problem is, the usb refuses to recognize the little
>> bugger, about 75% of the time. The only thing that seems to do any good
>> at all is to perform endless reboot syscles until
> I have a Zaurus here (and arm architecture), and I use a device aue0 for
> my networking. My problem is, the usb refuses to recognize the little
> bugger, about 75% of the time. The only thing that seems to do any good
> at all is to perform endless reboot syscles until the aue device is
> fina
I have a Zaurus here (and arm architecture), and I use a device aue0 for
my networking. My problem is, the usb refuses to recognize the little
bugger, about 75% of the time. The only thing that seems to do any good
at all is to perform endless reboot syscles until the aue device is
finally recogn
Just looking for a recommendation on a good/cheap (but not necessarily
fast) microatx motherboard. Or possibly, one of those via
motherboards, but needs to fit in an atx case.
Thanx in advance.
On Mar 25, 2007, at 11:34 PM, bofh wrote:
On 3/25/07, Jason Dixon <[EMAIL PROTECTED]> wrote:
> P.S. We really need more *BSD attendees at Shmoocon. If you're
> remotely interested in security, and I would assume most folks
> using OpenBSD are, you should really come out next year. Besides
>
On 3/25/07, Jason Dixon <[EMAIL PROTECTED]> wrote:
> P.S. We really need more *BSD attendees at Shmoocon. If you're
> remotely interested in security, and I would assume most folks
> using OpenBSD are, you should really come out next year. Besides
> myself and Mike Erdely, I ran into Ray Lai (
Sylwester S. Biernacki wrote:
Any chances to add that to the wishlist for next releases?
You'll have to extend net-snmp in some way for this. The easiest may be
to just write a shell script that parses bgpctl output into a MIB. The
more complicated way would be to write a proper extension/
On Sunday, March 25, 2007, at 18:55:31, Chris Jones wrote:
> Hey all,
> I know that it's possible to run GRE over and IPsec tunnel but I am
> wondering if anyone here has seen some good documentation (besides the man
> pages) or a howto on setting this up. I'm trying to config my OpenBSD
> 4.0fir
On Sunday, March 25, 2007, at 15:40:18, Claudio Jeker wrote:
> You should create a port or net-snmp flavor of these changes. I even have
> some dirty diffs to have a terse bgpctl output usable to feed into
> rrdtool. I should clean them up a bit and commit it.
Hello Claudio,
I've talked about
i'm to understand there are some folks here who use dovecot. i've got
dovecot's SASL authentication socket working fine with postfix so that
there's no need to maintain a separate set of SASL passwords for the
users on one of the mailservers i maintain. a new setup i'm working on
uses sendmail
On 3/25/07, Karel Kulhavy <[EMAIL PROTECTED]> wrote:
On Tue, Mar 20, 2007 at 10:03:14AM -0400, Dan Farrell wrote:
> On 3/19/07 4:48 PM, Marco Peereboom wrote:
> > You are so uninformed that it isn't even funny to pick on you.
>
> Karel clocks on the wrong edge and is by far the worst educated
> a
After all this talk about blob-only software... Skype is absolute
proof of why we shouldn't have blob-only software. The recent
hoo-ha about it grabbing BIOS dumps and sending them back to the
servers on X86 machines really shows that software can do nasty
things. Nobody even noticed because they
On Sun, 25 Mar 2007, Nick ! wrote:
> On 3/24/07, Ted Unangst <[EMAIL PROTECTED]> wrote:
> > On 3/21/07, Paul Irofti <[EMAIL PROTECTED]> wrote:
> > > - the fact that ftp can handle http makes me ponder what happened to
> > > the KISS principle?
> >
> > ftp is very simple. there are files on th
On Sun, Mar 25, 2007 at 10:54:55PM +0200, Luca Corti wrote:
> On Fri, 2007-03-23 at 15:14 -0600, Shane Harbour wrote:
> > Look at the "-S" option and see if that's what you want.
>
> I think you mean "-s". Yes I use it but still the clients report they
> won't sync because of the server not being
My apologies...you are right. Wasn't paying attention. I use "-s" on
all of my servers to keep them updated. I hate having them off by a lot
and am too impatient to wait for them to slowly sync themselves.
Regards,
Shane
Luca Corti wrote:
On Fri, 2007-03-23 at 15:14 -0600, Shane Harbour wr
On Fri, 2007-03-23 at 15:14 -0600, Shane Harbour wrote:
> Look at the "-S" option and see if that's what you want.
I think you mean "-s". Yes I use it but still the clients report they
won't sync because of the server not being synced.
ciao
Luca
On Sun, Mar 25, 2007 at 09:48:35PM +0200, Karel Kulhavy wrote:
> On Fri, Mar 23, 2007 at 03:26:25PM -0700, J.C. Roberts wrote:
> > On Friday 23 March 2007 12:13, Tobias Weisserth wrote:
> > > From the emails in this thread we know he needs it for work, so he
> > > hasn't really got a choice. The
From: "Bryan Irvine" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: Peter <[EMAIL PROTECTED]>
CC: misc@openbsd.org
Subject: Re: Postfix flavour for PostgreSQL ?
Date: Sat, 24 Mar 2007 00:56:26 -0700
On 3/23/07, Peter <[EMAIL PROTECTED]> wrote:
I see there is a postfix flavour for mysql but n
On Fri, Mar 23, 2007 at 03:26:25PM -0700, J.C. Roberts wrote:
> On Friday 23 March 2007 12:13, Tobias Weisserth wrote:
> > From the emails in this thread we know he needs it for work, so he
> > hasn't really got a choice. There's no other client to the Skype
> > network. Maybe there's a way to
On Fri, Mar 23, 2007 at 12:03:54PM -0700, J.C. Roberts wrote:
> On Friday 23 March 2007 11:35, Tobias Weisserth wrote:
> > On Mar 23, 2007, at 6:24 PM, Rafael Morales wrote:
> > > I need the shared library libasound.so.2, anybody
> > > could send to me ???, I don't have a linux box here.
> >
> > I
On Sun, 2007-03-25 at 12:44 -0400, Nick Holland wrote:
> 32M is at a point where if it isn't enough, you need a better
> machine. Tweaking the kernel to make it run "better" in 32M
> is just perfume on the pig. If that's what you need to do,
> get a less smelly pig.
Wow, I guess back in the day,
On Tue, Mar 20, 2007 at 10:03:14AM -0400, Dan Farrell wrote:
> I second that.
>
> danno
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
> Of chefren
> Sent: Monday, March 19, 2007 7:34 PM
> To: misc@openbsd.org
> Subject: Re: No Blob without Puffy
>
>
On Mar 25, 2007, at 2:28 PM, Jason Dixon wrote:
P.S. We really need more *BSD attendees at Shmoocon. If you're
remotely interested in security, and I would assume most folks
using OpenBSD are, you should really come out next year. Besides
myself and Mike Erdely, I ran into Ray Lai (OpenB
On Tue, Mar 20, 2007 at 12:43:06AM -0400, Daniel Ouellet wrote:
>
> Tell me, would you let Microsoft for example, access your servers to see
> if they work well? I don't think so. But again, you might already do
> that via BLOB. You just don't know.
Interesting story about a security breach.
On Sunday 25 March 2007 11:09, Jason Dixon wrote:
> > (Hark! -I think I hear the infamous "wooshing" sound of a quickly
> > approaching clue stick)
>
> I'm not sure of the date of this article, but it seems to cover all
> of your questions.
>
> http://www.cisco.com/en/US/products/hw/switches/ps70
On Mon, Mar 19, 2007 at 07:52:35PM -0600, Tony Abernethy wrote:
> Lars D. Nooden wrote:
> >
> > On Mon, 19 Mar 2007, Dave Anderson wrote:
> > > You've left out the extremely important fact that many vendors
> > > interpret acceptance of blobs by any "free" OS as validating their
> > > position of n
On Thursday and Friday I participated as part of the Firewall/IPS
team for Shmoocon Labs (https://www.shmoocon.org/labs.html). The
organizers brought in a Cisco ASA to handle the firewalling duties;
needless to say, I was disappointed although not entirely surprised.
While they struggled
Marco,
Thank you for your reply.
On Sun, Mar 25, 2007 at 12:52:18PM +0200, Marco Pfatschbacher wrote:
> On Fri, Mar 23, 2007 at 04:35:31PM +0100, Jeremie Le Hen wrote:
> [...]
> > - We are using stock OpenBSD 4.0 for our test.
> [...]
> > Without running ifconfig(8) too often, the convergence tim
On Mar 25, 2007, at 1:44 PM, J.C. Roberts wrote:
On Sunday 25 March 2007 09:27, Jason Dixon wrote:
The topic was in regards to VLAN security. Arp-cache poisoning, or
spoofing (as I already mentioned) has nothing to do with VLANs.
Unless either of you have anything relevant to add with regards
On Sunday 25 March 2007 09:27, Jason Dixon wrote:
> On Mar 25, 2007, at 12:21 PM, J.C. Roberts wrote:
> > On Sunday 25 March 2007 08:41, Jason Dixon wrote:
> >> On Mar 25, 2007, at 11:24 AM, bofh wrote:
> >>> On 3/25/07, Jason Dixon <[EMAIL PROTECTED]> wrote:
> Disabling DTP, which should be d
I ran into some kernel panics (watchdog reset) with GRE + ESP/Transport
(or ESP+GRE) back in the day. It was related to MTU assumptions etc.
There was a sendbug(8) related to it. Google "seklecki gre ipsec
openbsd"
http://archives.neohapsis.com/archives/openbsd/2006-01/0623.html
etc...
On Su
hi
what about :
- file manager
http://rox.sourceforge.net/desktop/about_rox
- ftp client
http://www.wxftp.seul.org/help/intro.html#what
regards,
mike
2007/3/25, Paul de Weerd <[EMAIL PROTECTED]>:
>
> On Sun, Mar 25, 2007 at 10:33:25AM -0400, Nick ! wrote:
> | On 3/24/07, Ted Unangst <[EMAIL PROT
Hey all,
I know that it's possible to run GRE over and IPsec tunnel but I am
wondering if anyone here has seen some good documentation (besides the man
pages) or a howto on setting this up. I'm trying to config my OpenBSD
4.0firewall to interop with a route-based VPN network with a mix of
Fortigat
Shawn K. Quinn wrote:
> On Fri, 2007-03-23 at 10:49 -0400, Douglas Allan Tutty wrote:
>> On Fri, Mar 23, 2007 at 06:56:32AM -0500, Shawn K. Quinn wrote:
>> > On Wed, 2007-03-21 at 22:37 -0400, Douglas Allan Tutty wrote:
>> > > Hello,
>> > >
>> > > I've got a 486DX4-100 with 32 MB ram, ISA bus, wit
On Mar 25, 2007, at 12:21 PM, J.C. Roberts wrote:
On Sunday 25 March 2007 08:41, Jason Dixon wrote:
On Mar 25, 2007, at 11:24 AM, bofh wrote:
On 3/25/07, Jason Dixon <[EMAIL PROTECTED]> wrote:
Disabling DTP, which should be done anyways, will prevent VLAN
hopping. I'm not sure what "arp-base
On Sunday 25 March 2007 08:41, Jason Dixon wrote:
> On Mar 25, 2007, at 11:24 AM, bofh wrote:
> > On 3/25/07, Jason Dixon <[EMAIL PROTECTED]> wrote:
> >> Disabling DTP, which should be done anyways, will prevent VLAN
> >> hopping. I'm not sure what "arp-based thing" you're referring to
> >> that w
On Fri, 2007-03-23 at 10:49 -0400, Douglas Allan Tutty wrote:
> On Fri, Mar 23, 2007 at 06:56:32AM -0500, Shawn K. Quinn wrote:
> > On Wed, 2007-03-21 at 22:37 -0400, Douglas Allan Tutty wrote:
> > > Hello,
> > >
> > > I've got a 486DX4-100 with 32 MB ram, ISA bus, with two drives: 840 MB
> > > an
On Mar 25, 2007, at 11:24 AM, bofh wrote:
On 3/25/07, Jason Dixon <[EMAIL PROTECTED]> wrote:
Disabling DTP, which should be done anyways, will prevent VLAN
hopping. I'm not sure what "arp-based thing" you're referring to
that wasn't fixed 5-6 years ago. Perhaps you're referring to arp
spoofin
On Sun, Mar 25, 2007 at 10:33:25AM -0400, Nick ! wrote:
| On 3/24/07, Ted Unangst <[EMAIL PROTECTED]> wrote:
| >On 3/21/07, Paul Irofti <[EMAIL PROTECTED]> wrote:
| >> - the fact that ftp can handle http makes me ponder what happened to
| >> the KISS principle?
| >
| >ftp is very simple. there
Henning Brauer a icrit :
* Sylwester S. Biernacki <[EMAIL PROTECTED]> [2007-03-25 10:52]:
Any chances to add that to the wishlist for next releases?
I won't stop you from putting sth on a wishlist, but I can guarantee
you I won't be working on anything snmp-mib related for openbgpd (well,
On 3/25/07, Jason Dixon <[EMAIL PROTECTED]> wrote:
Disabling DTP, which should be done anyways, will prevent VLAN
hopping. I'm not sure what "arp-based thing" you're referring to
that wasn't fixed 5-6 years ago. Perhaps you're referring to arp
spoofing, which has nothing to do with VLANs. Plea
On Mar 25, 2007, at 10:38 AM, bofh wrote:
On 3/25/07, Jason Dixon <[EMAIL PROTECTED]> wrote:
It works fine if you're using secure VLANs. But if you have the
money for a VLAN-capable switch, you might as well use dedicated
interfaces. But it *can* be done easily and securely.
But isn't the h
On 3/24/07, Ted Unangst <[EMAIL PROTECTED]> wrote:
On 3/21/07, Paul Irofti <[EMAIL PROTECTED]> wrote:
> - the fact that ftp can handle http makes me ponder what happened to
> the KISS principle?
ftp is very simple. there are files on the internet. i want them on
my computer. ftp puts them
On 3/25/07, Jason Dixon <[EMAIL PROTECTED]> wrote:
It works fine if you're using secure VLANs. But if you have the
money for a VLAN-capable switch, you might as well use dedicated
interfaces. But it *can* be done easily and securely.
But isn't the hope then that there's no "leakage" and that
On Mar 25, 2007, at 9:27 AM, Igor Sobrado wrote:
Hi Lachlan.
What you are looking for is usually called "router on a stick".
Perhaps you can use some binat rules to specify bidirectional
mappings between external netblocks and the internal aliases.
Don't know why you are doing it, however. Th
On Sun, Mar 25, 2007 at 10:41:06AM +0200, Sylwester S. Biernacki wrote:
> On Saturday, March 24, 2007, at 23:49:12, misc@openbsd.org wrote:
>
> > sophisticated montoring system with snmp,that is kind of an oxymoron,
> > isn't it...
>
> > there's no such thing as far as I am aware of.
>
>
> Hel
Hi Lachlan.
What you are looking for is usually called "router on a stick".
Perhaps you can use some binat rules to specify bidirectional
mappings between external netblocks and the internal aliases.
Don't know why you are doing it, however. The only time I made
a "router on a stick" was on my C
On Mar 25, 2007, at 7:48 AM, Lachlan Gunn wrote:
Hi,
What would be the recommended way to route traffic between two subnets
with only one NIC?
I currently have one NIC plugged into a switch that contains two
subnets. I would like the NIC to have two IP addresses, one on each
subnet, that it w
Hello.
I have a soekris net4801 embedded computer. This computer currently
runs OpenBSD 4.0. There are two internal drives on it: an enhanced
availability Hitachi Travelstar E7K100 (ready for 24/7 use) and a
SanDisk SDCFB-1024 CF card that is being used as installation media
and net4801 document
Hi,
What would be the recommended way to route traffic between two subnets
with only one NIC?
I currently have one NIC plugged into a switch that contains two
subnets. I would like the NIC to have two IP addresses, one on each
subnet, that it will route traffic between. I have tried creating a
* Sylwester S. Biernacki <[EMAIL PROTECTED]> [2007-03-25 10:52]:
> Any chances to add that to the wishlist for next releases?
I won't stop you from putting sth on a wishlist, but I can guarantee
you I won't be working on anything snmp-mib related for openbgpd (well,
unless somebody pays me so
On Fri, Mar 23, 2007 at 12:38:44PM +1200, Nigel Roberts wrote:
[...]
> You can see when the state change happens. The backup host advertises
> with advskew of 100, advbase of 2 and promptly decides it's the master
> until the next advertisment arrives from the machine that really
> should be the ma
On Fri, Mar 23, 2007 at 04:35:31PM +0100, Jeremie Le Hen wrote:
[...]
> - We are using stock OpenBSD 4.0 for our test.
[...]
> Without running ifconfig(8) too often, the convergence time is a
> few seconds but we managed to increase the delay up to 2 minutes
> with this trick.
This is fixed in 4.
On Sat, Mar 24, 2007 at 07:40:18PM -0400, Brian A. Seklecki wrote:
> Does anyone have a personal archive that they can export via MUA and
> share? Is there a way to ask Majordomo for it (playing with the 'get'
> command now)
>
> I'm doing some number crunching and analysis and I'd like a few ye
On Saturday, March 24, 2007, at 23:49:12, misc@openbsd.org wrote:
> sophisticated montoring system with snmp,that is kind of an oxymoron,
> isn't it...
> there's no such thing as far as I am aware of.
Hello Henning,
it's not exactly what you think :P
I've to configure such system and type
69 matches
Mail list logo