On Fri, Nov 14, 2008 at 11:41:03AM +0100, David Vasek wrote:
> I am always getting similar transfer speeds (up to 5MB/s) under OpenBSD
> (and the same with NetBSD) with external USB hard disks too, while the
> real transfer speed under some other OS's (Linux, Windows) is around 28
> MB/s on t
On Wed, Oct 29, 2008 at 04:14:22PM -0400, Douglas A. Tutty wrote:
> I'll be setting up a new box for the house and I want to use OpenBSD for
> it, both for its security and since it will be an older box it will run
> better than with Debian.
>
> Roles:
>
> main firewall for dialup internet access
"sudo which slaptest" will tell you where in your PATH slaptest is. add that to
your root's PATH and it will work.
also, depending on you are invoking the root shell .profile might not be
executed at all.
On Fri, Oct 24, 2008 at 10:42:10AM +0200, [EMAIL PROTECTED] wrote:
>
most likelly /usr/local/sbin is not in your root's PATH, do
PATH="$PATH:/usr/local/sbin" as root and slaptest should be found.
On Thu, Oct 23, 2008 at 04:50:30PM +0200, soko.tica wrote:
> I've been trying to set OpenBSD 4.3 (release) primary domain
> controller according to howto o Danielle Mazze
ifconfig -M
On Mon, Oct 20, 2008 at 11:57:41AM +0400, Dmitrij D. Czarkoff wrote:
> Hi, all!
>
> How can I query available wireless networks in OpenBSD (the thing You do with
> "iwlist ifname scan" in linux)?
>
> --
> Dmitrij D. Czarkoff
>
> P.S.: Please cc me as I'm not on a list.
On Tue, Oct 14, 2008 at 03:22:32PM +0200, Tomas Bodzar wrote:
> Hi all,
>
> have you same "problem" ? Look at $ls -lF /bin
> There is a [* and test* ,both binaries do the same and cmp(1) says,that
> they are same.
>
> Am I missing something or it's bug?
you are missing the lesson in history in u
ktrace.
On Fri, Sep 19, 2008 at 09:41:58AM -0300, Gonzalo Lionel Rodriguez wrote:
> Hi everybody, somebody say to me what is the equivalent to 'strace' for
> OpenBSD?
>
> Regards.
>
> Gonzalo.
>
--
vi vi vi -- the number fo the beast
On Mon, Aug 25, 2008 at 11:05:38AM +1000, Mikel Lindsaar wrote:
> Hello list,
>
> I have purchased and read the book of PF (good book by the way) as
> well as the man pages, and I have a question that I have not been able
> to find a definitive answer on:
>
> "Does PF only evaluate every packet a
On Mon, Jul 28, 2008 at 09:18:39AM +0100, Charlie Clark wrote:
> openbsd misc wrote:
>> interessting point. How about dumping it to a file or something so you are
>> able to check what was loaded last time (e.g. a file with 400 under
>> /var/whatever)?
>>
>>
> What I want is, I have a script tha
On Wed, Jul 23, 2008 at 01:17:04PM -0700, Parvinder Bhasin wrote:
> Hi,
>
> I am stuck at this situation:
>
> Where I have a domain: abc.com :
>
> I would like to have user who type http://abc.com (without the www)
> redirected to a a different site for example : www.xyz.com
> Redirection for
On Wed, Jul 23, 2008 at 04:33:27PM +0900, Hari wrote:
> Hello. I just finished installing OpenBSD 4.3. The dhcp setup during
> network configuration was fine, meaning, IP address was properly
> assigned. I went ahead with the default values provided. However,
> after rebooting post installation, I
On Wed, Jul 16, 2008 at 05:10:46PM -0500, Marco Peereboom wrote:
> Yes it is. To illustrate the stupidity and pointlessness of this all.
>
> Linus is a troll, we know, who cares?
insulting anyone is IMHO hardly ever necessary/good, trolling (of known
folks, such as linus and rms) is (again IMHO)
On Wed, Jul 16, 2008 at 02:03:00PM -0500, Marco Peereboom wrote:
> debian users are masturbating amoebas
is this really necessary? and if so why?
i have a lenovo 3000 N200, and i can't seem to get sound to work. when i
play an mp3 with either mp3blaster or mplayer it seems to play just
fine, but i don't hear any sound comming from the speakers, here are
dmesg (i only added AZALIA_DEBUG option to GENERIC configuration), audioctl -a
and mixer
On Wed, Jun 4, 2008 at 5:49 AM, Matt Garman <[EMAIL PROTECTED]> wrote:
> What I'd like to do is have my OBSD box to NAT on the tun device
> (VPN tunnel). I.e., so I can use the VPN connection seamlessly from
> any system on my home network.
basically you want to route your traffic encrypted to yo
On Fri, May 23, 2008 at 1:40 PM, Zhivko Tashev <[EMAIL PROTECTED]> wrote:
> Hi,
> I'm using OpenBSD 4.2 GENERIC and postfix-2.5.20070531-sasl2-mysql (from
> ports).
> Postfix is configured only as SMTP transfer agent.
> Couple of days ago, postfix started generating the following error message:
> (
On Fri, May 23, 2008 at 1:37 PM, Stephan Andreas <[EMAIL PROTECTED]> wrote:
> Default is block in and out on $ext_if.
> Is it a problem with the bridge?
yes, bridges tend to do funny things. in any case add 'log' to your
default block rule and check ''tcpdump -n -e -ttt -i pflog0'' (i read
it in t
On Fri, May 23, 2008 at 9:37 AM, Marc Espie <[EMAIL PROTECTED]> wrote:
> As far as perl goes, it's about the only language that fit the bill.
> The older pkg_* were totally impossible to maintain and extend, and
> I needed a sensible script language that was in base.
at the risk of starting a flam
On Wed, May 21, 2008 at 9:36 PM, Kendall Shaw <[EMAIL PROTECTED]> wrote:
> 232 what?
2^32
--
For far too long, power has been concentrated in the hands of "root"
and his "wheel" oligarchy. We have instituted a dictatorship of the
users. All system administration functions will be handled by the
On Mon, May 12, 2008 at 6:40 AM, sonjaya <[EMAIL PROTECTED]> wrote:
> so i have some question :
> - In PIX FW cisco i just make translate ipublic to ip dmz , so how do
> it in pf without ip alias in wan interface?
AFAIK you can't. why would you want to do that?
--
For far too long, power has b
On Mon, May 5, 2008 at 8:25 AM, Parvinder Bhasin
<[EMAIL PROTECTED]> wrote:
> Hi,
>
> I was wondering if there was to get some colors inside the regular terminal
> (not Xterm or Xorg).
> I know if I alias colorls it sort of works for just listing directories and
> files but I would like to custom
On Sun, May 4, 2008 at 12:12 PM, Pieter Verberne
<[EMAIL PROTECTED]> wrote:
> Uhm, dunno what IIRC is.. But wouldn't it be just great to put anything
> like this in a file's header? :
> # This file is in public domain
> or even better:
> # public domain
>
> So IIRC requires the full license?
On Fri, Apr 18, 2008 at 3:20 PM, Jurjen Oskam <[EMAIL PROTECTED]> wrote:
> So ps does show FOO, *and* it shows the value of FOO changing after
> ten seconds.
>
what is so weird about it? you set your program an env var via env(1)
for first ten seconds it has that env var, than the putenv(3) call
On Mon, Apr 14, 2008 at 2:59 PM, Stuart Henderson <[EMAIL PROTECTED]> wrote:
> On 2008-04-14, Almir Karic <[EMAIL PROTECTED]> wrote:
> > On Sun, Apr 13, 2008 at 7:45 PM, Barry Commander
> ><[EMAIL PROTECTED]> wrote:
> >> Hi
> >> In order to
On Sun, Apr 13, 2008 at 7:45 PM, Barry Commander
<[EMAIL PROTECTED]> wrote:
> Hi
> In order to allow wireless clients both IPv4 and IPv6 access to my wireless
> access point (protected with authpf)
> do I need to have them login as authpf twice? Once with IPv4 and again with
> IPv6?
no. just a
On Sun, Apr 13, 2008 at 7:37 PM, Manuel Heckel <[EMAIL PROTECTED]> wrote:
> Hi,
>
> me again here. if it's the wrong place to ask, please tell me.
>
> i still have problems with vsftp and ssl, but i don't think it's a
> problem of vsftpd. from my intern lan everything works fine, just from
> ou
On Fri, Apr 4, 2008 at 10:07 AM, Parvinder Bhasin
<[EMAIL PROTECTED]> wrote:
> I am writing up a script to automatically increment the serial number of
> bind dns zone file , but I am running across issues doing in place
> substitution with either sed or even perl for that matter. I can do this
>
On Fri, Mar 21, 2008 at 9:27 PM, Ed Flecko <[EMAIL PROTECTED]> wrote:
> Hi folks,
> I'm reading a book on network security and it mentions "proxy
> firewalls", so I'm wondering if an OpenBSD box with Squid installed
> would fit this description? Or, are there other "proxy firewalls" the
> autho
On Wed, Mar 19, 2008 at 11:27 AM, Barry Commander
<[EMAIL PROTECTED]> wrote:
> You could still either su to the user whos files you want from root, or you
> could map their UID.
> Both would allow you access to other users files.
yep, welcome to the wonderful world of NFS :-), a toy such as kerber
On Wed, Mar 19, 2008 at 11:12 AM, Barry Commander
<[EMAIL PROTECTED]> wrote:
> Doesn't NFS mean restricting root access on each client in order to prevent
> people accessing other files? Is there a way (short of restricting root
> access)
> to prevent this?
>
RTFM. -maproot is what you want, s
On Mon, Mar 17, 2008 at 11:26 PM, Dave Beckstrom <[EMAIL PROTECTED]> wrote:
> Hi Everyone,
>
> I have an OpenBSD 3.3 transparently bridged packet filtering firewall. I
> would like to enable a VPN connection through the firewall into a Win2K3
> server that sits behind the firewall.
>
> I am fi
On Tue, Mar 11, 2008 at 8:59 AM, Sunnz <[EMAIL PROTECTED]> wrote:
> 2008/3/11, Karl Karlsson <[EMAIL PROTECTED]>:
>
> >
> > Just use the same uid/gid on the client as you have in your export file.
> > As simple as that.
> >
> >
>
>
> But... the user account on the clients already has their o
i would like to thanks you two, thanks :-)
''use the bridge, luke'' was the hint i needed, i found everything
else on google and in the relevant man pages.
the firewall is mostly already configured, it will soon be replacing
our current linux router, the firewall rules are *much much much* more
On Fri, Mar 7, 2008 at 12:53 PM, Stuart Henderson <[EMAIL PROTECTED]> wrote:
> > hm, maybe i misunderstanding the concept of a bridge, but from
> > what i read you can assign an IP to $ext_if, and bridge (and filter
> > off course) the $dmz_if to $ext_if ? where is the extra IP wasted?
>
>
On Thu, Mar 6, 2008 at 1:39 AM, Stuart Henderson <[EMAIL PROTECTED]> wrote:
>
> On 2008-03-05, Stuart Henderson <[EMAIL PROTECTED]> wrote:
> > On 2008-03-05, Jussi Peltola <[EMAIL PROTECTED]> wrote:
> >> On Wed, Mar 05, 2008 at 11:28:16AM +, Stuart Henderson wrote:
> >>> There are ways, but
On Wed, Mar 5, 2008 at 12:43 PM, Jussi Peltola <[EMAIL PROTECTED]> wrote:
> On Wed, Mar 05, 2008 at 11:28:16AM +, Stuart Henderson wrote:
> > There are ways, but they're hacks, and harder to get right than NAT or
> > asking for another address. (And if you're already using NAT, you'll be
> >
On Wed, Mar 5, 2008 at 11:04 AM, Stuart Henderson <[EMAIL PROTECTED]> wrote:
> On 2008-03-05, Almir Karic <[EMAIL PROTECTED]> wrote:
> > this is the deal, i am designing the network and i have some
> > questions, regarding route (OBSD 4.2) setup. the relevant interfac
this is the deal, i am designing the network and i have some
questions, regarding route (OBSD 4.2) setup. the relevant interfaces
are $dmz_if (uplink for the servers in DMZ) and $ext_if the router
uplink.
the idea is to save one external IP by NOT assigning an external IP to
the $dmz_if, is it pos
i did all the things reccommanded by the summary section of raidctl(8)
(i even tried changing the 'a' partition to 'e', to be the same as in
the man page, no luck), i also tried following
http://unixsadm.blogspot.com/2007/10/openbsd-raidframe-mirror-software-raid.html
no change either.
my GENERIC.
pf is probably the problem, 'keep state' is assumed unless
explicitelly stated otherwise.
On 7/6/07, Heinrich Rebehn <[EMAIL PROTECTED]> wrote:
Hello list,
after using ipsec for some years now, i never experienced an upgrade
breaking it. But after after moving to 4.1 (new install) i can not g
On 6/29/07, Brian Candler <[EMAIL PROTECTED]> wrote:
Given that your on-board LAN isn't working either, maybe the motherboard has
a serious fault. But you might not be able to return it until you can prove
that *Windows* can't find any network cards either :-)
that's simple, create a screen se
On 6/29/07, Daniel Ouellet <[EMAIL PROTECTED]> wrote:
Almir Karic wrote:
> if you have trully big setups you might wanna look at ldap, from what
> i've heard/read it should perform well under heavy read intensive
> operations.
I always see a lots of LDAP talks and some docu
On 6/29/07, Daniel Ouellet <[EMAIL PROTECTED]> wrote:
>> 3) Mail setups
>>
>> I can find lots of setups with virtual mailusers. I have been
>> succesfully using a Courier-imap/Postfix/MySQL setup for several years
>> now, connected to a webbased mailmanagement tool.
>> If I was to drop all that i
On 6/29/07, Matt <[EMAIL PROTECTED]> wrote:
2) Chroot jails / limited shells - do's and don'ts
I understand the implications of chroot jails. I understand they are not
worth the risk. Which is a shame really as they bring certain
functionality (or limits if you will) that I would consider nice t
On 6/27/07, Theo de Raadt <[EMAIL PROTECTED]> wrote:
At this time, I cannot recommend purchase of any machines based on the
Intel Core 2 until these issues are dealt with (which I suspect will
take more than a year). Intel must be come more transparent.
(While here, I would like to say that AMD
x11/xfce4
On 6/25/07, Alex Kwan <[EMAIL PROTECTED]> wrote:
Hello,
I wanted to use xfce for my systems' windows manager, which packages are
must required? (I have install the X base).
thanks!
Alex
--
almir
On 6/21/07, Jeff Santos <[EMAIL PROTECTED]> wrote:
1. Is this address an IPv6 one? Can I find out who is asking for
it and why?
ugghh, named log? tcpdump?
2. How can I tell named not to deal with IPv6?
an ugly workaround would be to block all ipv6 traffic on named port.
--
almir
last time i checked the only port of obsd to xen was foo (far from
production ready).
On 6/19/07, David Greenberg <[EMAIL PROTECTED]> wrote:
Where can I find this project, or more specifically a working kernel
source/binary image or an entire Xen domU image? Thanks!
David
--
almir
env -i is your friend.
On 6/16/07, Mackan <[EMAIL PROTECTED]> wrote:
Hi list!
How do you guys restart apache (apachectl stop / start) without
having all the current shell variables show up in phpinfo() that
is exported in the shell?
Mackan
--
almir
egrep '[EMAIL PROTECTED],4}$' mail.txt
##<-- you want this, it get's the lines you posted.
On 6/14/07, OBSD <[EMAIL PROTECTED]> wrote:
Hi Almir,
your suggestion does not work completely.
What?
It misses the
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
I had the same issue as I used
c
On 6/14/07, OBSD <[EMAIL PROTECTED]> wrote:
Hi All,
thanks for all the suggestions.
With this it works:
cat mail.txt | egrep "[EMAIL PROTECTED]" | egrep "\.[a-zA-Z]{2,4}$"
It is probably possible to avoid the last egrep but I have not find out how.
egrep '[EMAIL PROTECTED],4}$' mail.txt
b
Is this normal, or have I done something wrong.
this is normal.
--
almir
I am rather unexperienced in this field so any advice is highly appreciated!
(including other relatively safe php4+php5 methods that might work on
OpenBSD)
both lighttpd and apache allow you to have both php4 and php5 side by
side. in apache one has to be a FCGI process the other can be either
On 6/8/07, Rico Secada <[EMAIL PROTECTED]> wrote:
Taking a certification doesn't prove anything imho. And the way that they
focus on the 4 different BSD's.. you could have someone being an expert
in OpenBSD yet he has never used DragonflyBSD, would this make him less
interesting to hire for a BSD
On 6/5/07, Marc Espie <[EMAIL PROTECTED]> wrote:
On Mon, Jun 04, 2007 at 11:45:27PM +0200, Almir Karic wrote:
> >I don't see any -i option documented in the sed manpage.
>
> -i on some seds (gsed, ssed, FBSD sed, maybe others) means ''in
> place''
\> This works indeed. But better use the additional quotes around $1. Just
get used to them, because $1 could contain IFS characters.
true, but in this case it doesn't really matter how shell splits words :)
>i am cheating tho, and have sh symlinked to bash.
Why?
i learnt to use bash,
> >...-exec sh -c 'something with $1' {} \; is fully safe as well.
sh -c 'echo foo"$1"bar' baz
-> foobar
Seems not.
a typo, sorry, it should be sh -c 'echo foo$1bar' -- baz
i am cheating tho, and have sh symlinked to bash.
--
almir
A completely safe solution would be writing a small script:
#! /bin/sh
exec sed s/old/new/ < "$1" > "$1".new
and using find . -type f -name \*.htm -exec /path/to/script {} \;
or find . -type f -name \*.htm -print0 | xargs -0 -L 1 -r /path/to/script
...-exec sh -c 'something with $1' {} \; is f
Find . -name "*.htm" -exec 'sed s/old/new/' > '{}'.new
the above command is probably a sytnax error, due to unterminated
-exec (add \; at the end to fix this), that apart that command should
look for a command 'sed s/old/new/' (note: it should NOT invoke sed
command with s/old/new/ argument).
anyone managed to get obsd to run as xen guest OS? care to share how?
the only document i found is
http://ropersonline.com/openbsd/xen/openbsd-xen-howto , and well:
xen:/home/vserver/obsd# hg clone http://hg.recoil.org/openbsd-xen-sys.hg
requesting all changes
abort: HTTP Error 500: Internal
On 4/21/07, Soner Tari <[EMAIL PROTECTED]> wrote:
I guess the OP means, for example, Ubuntu-like setting, where there is a
root account of course but you cannot log in as root (actually, you can
drop to root shell in single user mode or by sudo -i). I believe this
hopefully serves the purpose of
considered nfs over kerberos?
On 4/17/07, Pete Vickers <[EMAIL PROTECTED]> wrote:
try web DAV - works a treat for me on OpenBSD with linux, Mac &
windows clients...
/pete
On 17 Apr 2007, at 2:28 AM, Rico Secada wrote:
> Hi all.
>
> At work I am experiencing with setting up some distributed
On 4/10/07, Ryan Corder <[EMAIL PROTECTED]> wrote:
On Tue, 2007-04-10 at 07:53 -0700, Manuel Ravasio wrote:
> I'm creating some shell scripts for various administrative purposes, and
I'd
> really like to add some kind of command at the end of each in order to have
> the pc speaker BEEP when the s
use route tables, set the getaway 10.30.9.253 for the subnet on which
your other office is, and use your ISP's getaway as default getaway.
you can manipulate route tables with route(8).
On 3/19/07, Ricardo Lucas <[EMAIL PROTECTED]> wrote:
Hello ppl from misc,
I have an issue, I have a little
why do you bother asking questions if you are not willing to accept answers?
you either need:
pass out on bge0 from
block out on bge0 from to { , }
or:
block quick out on bge0 from to { , }
pass out on bge0 from
alternatively you could have a combined table containing both
outside and
On 3/16/07, Ryan Corder <[EMAIL PROTECTED]> wrote:
On Fri, 2007-03-16 at 11:09 +0100, Alexander Hall wrote:
> Ryan Corder wrote:
>
> > alternatively, I did this and it seemed to work
> >
> > pass out on bge0 from to { any, ! }
> > pass out on bge0 from to { any, ! }
>
> The above is an overkill
is this a second remote hole in default install?
--
almir
On 3/5/07, Toni Mueller <[EMAIL PROTECTED]> wrote:
Hi,
On Thu, 22.02.2007 at 22:36:21 +0100, Joachim Schipper <[EMAIL PROTECTED]>
wrote:
> Just filtering aggressively using pf works as well, of course.
it depends. My current impression is that if you can get away with
having the TCP stack reje
some ips won't be availible to ''average''
human beings (private ip ranges, broadcast adresses, router
adresses...), also enterprise will grab crapload of ips for business
needs.
On 1/28/07, Michael Jensen <[EMAIL PROTECTED]> wrote:
On 1/28/07, Almir Karic &l
they said the SAME thing about ipv4 :/
65536 x the total number of possible 48-bit MAC addresses.
irrelevant.
--
almir
whats sad is how many people will never let go of NAT after they migrate
to ipv6.
why not start saving ipv6 adresses at the begening?
--
almir
Maybe use permissions, diff user on each site, chmod to disallow
writing from other users?
that would solve the problem, but i have no idea how to achive it, and
google doesn't seem to like me :/. any hints?
--
almir
what i would like to achieve is that on a shared host if bad guys (tm)
break into one site they can't get to other sites.
is this possible? i've been looking at su-exec but it is for cgi
scripts only :/, what other options there are?
AFAIK chroot is not the correct answer to my question as it pr
it will be proccessed in ''another way''.
192.168.0.0/16 means ''any ip adress which has first 16 bits the same
as 192.168.0.0''. and first 16 bits in this case are ''192.162''.
On 1/9/07, Artyom Goryainov <[EMAIL PROTECTED]> wrote:
And when I write for example local_net=192.168.0.0/16 will it
74 matches
Mail list logo