Re: ftp-proxy

On 2007/08/20 23:29, John Nietzsche wrote: > i have just setted up a new natted firewall server after some period > of inactivity. I got surprised with the new ftp-proxy utility! > > Now, it writes new pf rules, the prior one did not! I feel like > unconfortable by the current ftp-proxy approach,

pf rdr pass query

List, I'm running 4.1 GENERIC and am having trouble with redirecting traffic. my openbsd box has a static public address on fxp0 and an 10/8 address on fxp1. there is a box behind openbsd with 10.0.0.250 and is listening on tcp/. any connections for ext_ip on tcp/ needs redirecting to

Re: pf rdr pass query

I got it working by putting a filter rule in like... pass on $int_if inet proto tcp from any to $int_nb port $prt_nb keep state however the faq seems to me to say if you include 'pass' in the rdr rule then a corresponding filter rule is not required. perhaps i need a lie down... if anyone ca

Re: ftp-proxy

--- John Nietzsche <[EMAIL PROTECTED]> wrote: > i have just setted up a new natted firewall server after some period > of inactivity. I got surprised with the new ftp-proxy utility! > > Now, it writes new pf rules, the prior one did not! I feel like > unconfortable by the current ftp-proxy approa

Re: ftp-proxy

On 2007/08/21 07:37, Juan Miscaro wrote: > --- John Nietzsche <[EMAIL PROTECTED]> wrote: > > > i have just setted up a new natted firewall server after some period > > of inactivity. I got surprised with the new ftp-proxy utility! > > > > Now, it writes new pf rules, the prior one did not! I feel

Re: ftp-proxy

On Tuesday 21 August 2007, Stuart Henderson wrote: > in -current ftp-proxy can add tags, you can then pass the traffic > using a rule that matches those tags (e.g. "tagged ftpproxy") and set > a label on that pass rule. Hello, Was actually looking at that last night but it didn't work the way I e

Re: ftp-proxy

On 2007/08/21 10:15, Chris Smith wrote: > On Tuesday 21 August 2007, Stuart Henderson wrote: > > in -current ftp-proxy can add tags, you can then pass the traffic > > using a rule that matches those tags (e.g. "tagged ftpproxy") and set > > a label on that pass rule. > > Hello, > > Was actually l

route-to problems

Hello, and please help me retain what little hair I still have left :) Basic scenario - 5 interfaces, 3 outside (public), 2 inside (private). At this point I'm not trying to load balance just use different routes to the outside world depending upon the source inside address. I have tried differ

Re: route-to problems

Just correcting the tables names (they do match, regardless of what I previously typed). On Tuesday 21 August 2007, Chris Smith wrote: Hello, and please help me retain what little hair I still have left :) > Basic scenario - 5 interfaces, 3 outside (public), 2 inside (private). > At this point I'

Re: route-to problems

On 2007/08/21 11:26, Chris Smith wrote: > > Interfaces and gateways (att is default route and does work always "Since translation occurs before filtering the filter engine will see packets as they look after any addresses and ports have been translated." conversely, the translation rule

Re: route-to problems

On Tuesday 21 August 2007, Stuart Henderson wrote: > "Since translation occurs before filtering the filter engine will see > packets as they look after any addresses and ports have been > translated." I have read that in the docs but how to reconcile it with the ruleset on http://openbsd.org/

Re: ospfd: some machines stuck in 2-WAY/OTHER

Hi, On Mon, 20.08.2007 at 15:15:15 +0200, Claudio Jeker <[EMAIL PROTECTED]> wrote: > This is perfectly fine. Only the DR and BDR routers 10.0.0.6 and 10.0.0.4 > will have full connections with all other routers. All others (state > OTHER) will remain in 2-WAY (as in we have to way communication bu

Re: 10G cards for 4.2

On Mon, 20 Aug 2007, Chris Cappuccio wrote: These cards are in the $5000 range and if you are lighting up fiber then you need some xenpaks that start around $1000 to $15000 ea. (If you want to light up strands from, say, Lansing to Ann Arbor, you would be using the $15000 part at each end, one

Re: spamd problems

Edgars MakEa wrote: Hi! Some days ago spamd just started to GREY all incoming connections even if IP address already was a WHITE. Any ideas for waht and where to look? OpenBSD 4.0 Generic those ar my firewall rules: rdr pass on $ext_if proto tcp from to port 25 \ -> 127.0.0.1 port 802

Re: spamd: sync and db backup/restore

Jacob Yocom-Piatt wrote: swapped out a spamd host last night and ended up doing some ksh scripting to get the spamdb up to date on the new machine. also have connected the old host with the new one using the sync (-y & -Y) options for spamd and spamlogd, and these options are working fine and a

Re: spamd: sync and db backup/restore

Olli Hauer wrote: Jacob Yocom-Piatt wrote: swapped out a spamd host last night and ended up doing some ksh scripting to get the spamdb up to date on the new machine. also have connected the old host with the new one using the sync (-y & -Y) options for spamd and spamlogd, and these options are

Re: 10G cards for 4.2

I have a simple doubt: Can openbsd sustain I/O at 10 Gb/s (or even close to that) on a network card ? On 8/21/07, ACP <[EMAIL PROTECTED]> wrote: > On Mon, 20 Aug 2007, Chris Cappuccio wrote: > > > These cards are in the $5000 range and if you are lighting up fiber then > > you need some xenpaks th

setting dscp or tos bits

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm setting up ALTQ and hfsc to prioritize VoIP traffic. The pf.conf(5) says pf uses TOS values to assign packets to queues. Question: Can OpenBSD and/or pf itself set TOS and/or DSCP values? Only some of my VoIP gear does DSCP marking. Also, I not

Re: 10G cards for 4.2

On Tue, Aug 21, 2007 at 04:15:23PM -0300, John Nietzsche wrote: > I have a simple doubt: Can openbsd sustain I/O at 10 Gb/s (or even > close to that) on a network card ? > First we need drivers and equipment then we can tell you what OpenBSD is capable of. It also depends what you are looking for

Re: serial console device

Here is the content of /etc/ttys file. do you see any mistake ? -bash-3.2$ grep -v none /etc/ttys # # $OpenBSD: ttys,v 1.17 2002/06/09 06:15:14 todd Exp $ # # name getty typestatus comments # console "/usr/libexec/getty Pc" vt220 off secure t

Re: spamd: sync and db backup/restore

Jacob Yocom-Piatt wrote: Olli Hauer wrote: Jacob Yocom-Piatt wrote: swapped out a spamd host last night and ended up doing some ksh scripting to get the spamdb up to date on the new machine. also have connected the old host with the new one using the sync (-y & -Y) options for spamd and spaml

Re: serial console device

Me again, Trying to play with the serial port to see if I can get it to work, I just saw my box does not seem to care of /etc/boot.conf : when I "set timeout 20" (plus stty com0 9600 & set tty com0), my machine still decides to boot after 5 seconds. So, my computer really does sorcerer-ish things

Route traffic through gateway having two links

Hi all, I have a OpenBSD machine working as a gateway and which has two data links, an adsl (sis0 192.158.254.254) and an E1 (rl0 10.3.0.68). There is a machine in the private network (10.3.0.62) that needs a route through the adsl link. I have configured NAT using the following command: nat on s

Re: serial console device

Hello, it's me again, for an end. IT WAS THE CABLE /o\ I bought a cable in a shop, specially asking the guy there if it would fit to connect 2 pc to acces them using console control software, and he told me he used that same cable for his own lab test. And it appears the cable I made myself last

4.2-beta _oss_ioctl/ossaudio

My tv applications were working fine with the 4.1-snapshots, but suddenly stopped working on 4.2-beta. Both fxtv and xawtv has image but no sound. Only xawtv tells me $ xawtv & [2] 32414 $ This is xawtv-3.94, running on OpenBSD/i386 (4.2) xawtv:/usr/local/lib/xawtv/snd-oss.so: undefined symbol '

Re: setting dscp or tos bits

On a related note, I work with some equipment that uses TOS values and some that uses DSCP. When you see a TOS value in tcpdump (0x68 for instance) just divide by 4 to get the DSCP (and throw away any remainder.) The DSCP value uses the same field in the IP packet as TOS, but ignores the last bit

Care to Multiply?

Your Friend BENEFITING JOB OFFER FROM JAMES wants you to be his contact on Multiply. Check it out: http://multiply.com/si/hL9EPPnUxs3VuGzNZ2k3gQ Personal message from BENEFITING JOB OFFER FROM JAMES: URGENT:BENEFITING JOB OFFER Dear Sir/Madam, Top of the day to you as you receive this e-mail.

Re: serial console device

On Wed, 22 Aug 2007, nicodache wrote: > Hello, it's me again, for an end. > > IT WAS THE CABLE /o\ > > I bought a cable in a shop, specially asking the guy there if it would > fit to connect 2 pc to acces them using console control software, and > he told me he used that same cable for his own l