ould fix you up. As long as you're
>> not redirecting you can turn logging on specific rules and see why
>> they're blocking as well if that doesn't fix your issue.
>>
>> Andres Salazar wrote:
>>> Hello,
>>>
>>> Yes it loaded properly.
Hello,
Yes it loaded properly. Yes I had missied the macro for the external
NIC it is included in the original ruleset. t_externa = "fxp0"
This is the result for pfctl -sr:
match in all scrub (no-df)
block drop all
pass out all flags S/SA keep state
pass out quick on fxp0 inet proto tcp from (f
Hello all.
I have a ruleset where iam explicitly allowing incoming connections
on port 22.. (default is block log all) .. for some weird reason
they are getting blocked
log says: Apr 21 17:09:49.105052 rule 1/(match) block in on fxp0:
my.client.ip.here.54711 > my.server.ip.here.22: S
299965829
Hello..
Iam trying to use systat for identifying if when my applications/db
runs there is an IO bottleneck. Linux systat shows more info and it
seems there are more examples on the net.. but even though with BSDs
iostat i dont know how to make sense of all these numbers.
I ran it this way:
syst
Hello,
I have a very simple relayd config:
## Macros
#
relayd_addr="xx.xx.xx.xx"
relayd_port="81"
web_port="80"
table { xx.xx.xx.xx }
## Global Options
#
# Interval in seconds at which the back-end hosts
# will be checked (default: 10 seconds)
interval 10
# Timeout for back-end servers to re
Hello,
I dont have obj on ram, or /tmp . Iam using make build.
Thank you
Andres
On Mon, Mar 1, 2010 at 5:48 AM, Marc Espie wrote:
> On Sun, Feb 28, 2010 at 11:02:37AM -0600, Andres Salazar wrote:
>> Hello,
>>
>> Iam confused on the different result I get when I compi
On Sun, Feb 28, 2010 at 11:10 AM, Bret S. Lambert
wrote:
>> Iam going to use these machines for database and Iam very concerned
>> about these results
>
> Honestly, you'd do better asking that on a list dedicated to whatever
> database you're going to be running.
>
> In addition to helping you cho
Hello,
Iam confused on the different result I get when I compile userland on
any machine better then a Dual Core 2.5Ghz 2GB RAM 160GB 7200 SATA /
SATA ii
On some machines I get a compile time of 45min, other machines 30min..
and the best of the case I get 30min. Sometimes that machine that
take
at 3:36 PM, Marco Peereboom wrote:
> Your disks are still wd so io sucks. Use -current.
>
> On Tue, Feb 23, 2010 at 03:22:28PM -0600, Andres Salazar wrote:
>> Hello,
>>
>> I had a R201 running in 4.6 i386 stable..I was told this configuration
>> was very new.. s
Hello,
I had a R201 running in 4.6 i386 stable..I was told this configuration
was very new.. so I got a new box this time its a PowerEdge is R200
without any special PCI SATA controller. With 2 SATA II Hard Disks.
BIOS Sata setting is set to be in ATA Mode (its either this or OFF).
Either after
Why would that be , Marco? What special about this hardware?
On Tue, Feb 23, 2010 at 10:15 AM, Marco Peereboom wrote:
> You need -current to have a fighting chance with that server.
>
> On Tue, Feb 23, 2010 at 09:10:45AM -0600, Andres Salazar wrote:
>> Hello,
>>
>> I
Hello,
I have 2 SATA drives without an additional SATA controller on this
box. I have tried this in ATA Mode, and also in AHCI mode. Disk reads
are 50% higher. Userland compilation takes 55min when the usual on
other similar hardware is 35 min.
Could somebody check my dmesg and comment? It bring
Greetings.
I have a R210 DELL with a built in Broadcom NetXtreme II BCM5716
1000Base-T being recognized with bnx instead of bge .. iam having
problems starting the network within the OPenBSD 4.6 installer.
I noticed that the manual for bge says:
The bge driver provides support for various NICs
Hello,
Is it possible to do some rule in pf to simulate 300ms of latency?
This is for testing purposes.
A plus would be to simulate 1% packet loss.
Many Thanks!!
Hello,
Iam looking for ways to encrypt my entire filesystem, but it must be
with AES 256bits... Ive bene searching and I deduce that the only
option I have is using softraid, however iam unable to find any
tutorial or guide. Anybody know if this is possible, if I have any
other option (with 256 AES
I just tried on a new install in 4.5, and still no go.
Help is appreciated.
upperlimit 40Kb)
queue bulk bandwidth 80% priority 1 qlimit 500 hfsc (realtime 120Kb
upperlimit 120Kb default)
But I still cannot accomplish what I need.
Andres
On Wed, Dec 9, 2009 at 2:01 PM, Bryan S. Leaman wrote:
> Andres Salazar wrote:
>>
>> Hello,
>>
>> For some
Hello,
In this case the queue "bulk" is the one set as "default" and indeed I
do see the traffic passing through it with the command you gave me.
Please advise.
Thanks
Andres
Hello,
For some reason I cannot get this to work properly... We have a
1Megabyte/sec connection, and I want this box to be capped at up to
200KiloBytes/sec .
However everytime I try, it just always ends up using the entire link.
If I modify it to 1Kb , it ends up using around 80Kilobytes/sec .
Hello,
I Have dhcp enabled on my LAN which assigns an IP according to the
clients MAC address, however if a user wanted to be malicious he can
statically assign any IP to his NIC.
Isnt there anyway I can force my ARP tables to only allow IPs to be
assigned if the MAC address matches?
Thanks
And
Hello,
I have experienced that even though I set up 3 servers in
/etc/resolv.conf , if the first one gets slow apparently it will not
utilize the others untill it is completely down. Is there anyway to
actually force the OS to pick another resolver if one of them is very
slow?
Thank you
Andres
Hey guys,
I know it is possible to route an interface to another gateway via
route-to. But what If I want to loadbalance specific IPs to specific
gateways in my box? Is this possible?
Thank you
--Andres
Hello all,
I have three machines that have a integrated NIC. Dmesg says they are :
nfe0 at pci0 dev 7 function 0 "NVIDIA MCP61 LAN" rev 0xa2: apic 2 int
10 (irq 10), address 00:0f:ea:63:41:fd
rlphy0 at nfe0 phy 1: RTL8201L 10/100 PHY, rev. 1
However, all of them when a download is initiated t
Dorian,
Thank you. I take it for granted that "match" is for 4.6 . Thats fine.
What is the difference passing it onto netcat, then doing it directly?
Aside from this I also need to redirect a range of ports (1500-2000)..
and I think the issue would get more difficult if i do it with this
method.
Hello guys,
I have the following rules .. iam trying to put the IP of the PF box
into the browser and have it get the page thats on 208.99.249.95.
When I do that the connection just hangs and doesnt give me any content.
cat /etc/pf.conf
## Macros
## TABLES
## GLOBAL OPTIONS
## TRAFFIC NORMALIZAT
Hello,
What is the best practice when building a new machine, or why would
one prefer one aside from the other:
a.) Compile kernel and userland from a recent -stable src checkout
or b.) Apply all the errata from http://www.openbsd.org/errata45.html ?
Both are equivalent is this correct?
Thank
Hello,
Iam sure other people have run into the same dilemma whereas some
macros dont work on a KVM
Brands tested: Lantronix SLS / Raritan dominion KX2 232
Macros are being received by the system as you can do the ctrl alt f2
macro which changes the current terminal - this works.
I do not know
Hello,
During the past week two boxes two boxes on the same network have
stopped responding, they carry OpenBSD 4.5 i386 and I have logged at
every possible log to find out why this occurs however I havent been
able to spot anything unusual. All of the sudden they just stop
responding requests.
W
ls -la /bin pretty much says that the permissions and ownership are
the same for mv, cp, cat, ls
I dont think its a permission/ownerhsip issue.
Please advise.
On Fri, Aug 14, 2009 at 11:18 AM,# ls -la
total 14192
drwxr-xr-x 2 root wheel1024 Aug 4 11:58 .
drwxr-xr-x 14 root wheel 51
I have also tried using the user www and executing the script.. it
works fine.. It just doesnt work via the web.
On Fri, Aug 14, 2009 at 11:04 AM, Andres Salazar wrote:
> Yes, iam sorry typo I meant i disabled chroot with -u
>
> i went over the php.ini and there is nothing
Yes, iam sorry typo I meant i disabled chroot with -u
i went over the php.ini and there is nothing listed in disable_functions
Please advise. thanks
Hello,
I have a script that is being called from the web , it invokes the
system() function and I try to test running some system commands to
see if they are properly invoked.
Apache is running without jail (-d) due to special needs.
mv and cp do not display any output (this do not execute), wh
Hello,
Environment: OpenBSD 4.5 stable , generic MP kernel. Dmesg here:
http://pastebin.com/m5f5e96fe
Summary: We have a special need to use Apache 2 with PHP5 and before
the ports where updated from php5.2.6 and apache 2.2.9 this procedure
worked 100% before and now even in a new install just by
in the php.ini ?
Thanks
Andres
On Wed, Aug 5, 2009 at 11:06 PM, Bryan wrote:
> On Wed, Aug 5, 2009 at 20:25, Andres Salazar wrote:
>> Hello,
>>
>> OpenBSD 4.5 stable
>>
>> I have done the following:
>>
>> cd /usr/ports/www/php5/core; make; make instal
Hello,
OpenBSD 4.5 stable
I have done the following:
cd /usr/ports/www/php5/core; make; make install;
cd /usr/ports/www/php5/extensions; make; make intall;
That according to pkg_info installed:
php5-core-5.2.10server-side HTML-embedded scripting language
php5-extensions-5.2.10 informationa
ide? Where is the traffic actually going "in"?
> pass in on $int_if2 inet proto udp from $int_if2:network to any \
> port 53
Thank you.
Andres
On Sun, Jul 26, 2009 at 6:36 PM, Jason Dixon wrote:
> On Sun, Jul 26, 2009 at 01:16:02PM -0500, Andres Salazar wrote:
>>
lp is much appreciated.
Andres
On Sun, Jul 26, 2009 at 1:05 AM, patrick keshishian
wrote:
> On Sat, Jul 25, 2009 at 9:23 PM, Jason Dixon wrote:
>> On Sat, Jul 25, 2009 at 09:41:45PM -0500, Andres Salazar wrote:
>>> Hello OpenBSD-misc,
>>>
>>> I have a newbie questi
allowing it for both $int_if and $int_if2 , thus the following
port restriction rules are not getting evaluated.
Full ruleset is here:
http://pastebin.com/d3f292c50
Andres
On Sun, Jul 26, 2009 at 12:32 PM, Jason Dixon wrote:
> On Sun, Jul 26, 2009 at 12:14:53PM -0500, Andres Salazar wr
think there is some conflict with the rules and NAT, as the firewall once
the packets are NATed then it doesnt recognize the real source? Iam
confused.
Thank you
Andres
On Sun, Jul 26, 2009 at 1:16 AM, Jason Dixon wrote:
> On Sun, Jul 26, 2009 at 12:58:08AM -0500, Andres Salazar wrote:
&
I apologize that my ruleset isnt very clear. Iam trying to put together a
ruleset that will allow the following access:
Outbound port 80 (web) & 53 (domain) from users at $int_if via $ext_if
Outbound port 80 (web) & 53 (domain) & 443 (ssl) & 22 (ssh) from $int_if2
via $ext_if
Thank you for the he
Hello OpenBSD-misc,
I have a newbie question in pf that Ive been trying to debug on what would
be wrong with my ruleset. Iam trying to have the users that are on $int_if
only have ports 80 & 52 opened out, and users on $int_if be able to have
less restrictions and more ports out. So far I have som
Hello,
Iam using OBSD 4.5, and i tried to install Nagios nagios-3.0.6p1 (also
tried nagios-3.0.6p1-chroot) from packages.. and Ive noticed that after the
install the WebGUI files are missing and there is no instruction whatsoever
if one should need to get these from somewhere else..? (the faq on
On Sat, Jul 11, 2009 at 1:54 AM, Jan-Erik Skata wrote
>
> Yes, you should use the SMP kernel on multicore CPUs aswell. I have usually
> just moved /bsd.mp onto /bsd and rebooted.
> Otherwise only one CPU and/or core will be used.
Ok, however since this is Symmetric MultiProcessing then I wouldnt
Hello community,
I have two boxes:
Quad Core Processor with 4GB RAM
Dual Xeon 3.0 Ghz with 2GB of RAM
I have heard contradicting information as far as I can use both the MP and
the REGULAR kernel (i386 or amd64) and that both would give me the same
performance..
Isnt it true that If i apply t
I would like to ask the OBSD community if someone can recommend me a good
supported interface for Asterisk on OBSD.
I have heard that FreePBX is really a pain to configure because it assumes a
linux environment.
Please anybody share their experience?
Thank you.
Andres
access to the outside!!
So at the end, anybody can share if they have gotten to work fto-proxy with
block all?
Thanks
Andres
On Tue, May 26, 2009 at 5:51 PM, Andres Salazar wrote:
> Hello,
>
> Before posting I acknowledge I have read the FAQ.. based on that this is my
> PF config:
>
Hello,
Before posting I acknowledge I have read the FAQ.. based on that this is my
PF config:
t_externa = "re0"
set block-policy drop
set loginterface $t_externa
set limit states 10
set limit frags 30
set limit src-nodes 5
set optimization aggressive
set skip on lo0
set debug urgent
Hello,
Before posting I acklowedge I have read the FAQ.. based on that this is my
PF config:
t_externa = "re0"
set block-policy drop
set loginterface $t_externa
set limit states 10
set limit frags 30
set limit src-nodes 5
set optimization aggressive
set skip on lo0
set debug urgent
48 matches
Mail list logo