Postgres Open

Any OpenBSD users in Chicago for the Postgres Open? -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Laffs with Lennart

> This is nothing new, it has been anticipated by BSD developers a long time > ago: > http://talks.dixongroup.net/nycbsdcon2006/ Indeed, I've been proclaiming BSD dead for the last five years. Get with the times. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Remotely installing OpenBSD on dedicated server

ted server but it might be worth a look. > > I'll second that, I also have a VPS at ARP. Just need to remember > to disable mpbios on the host. +1 -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Give old laptops

le que la perfection soit atteinte non quand il n'y a plus > rien ` ajouter, mais quand il n'y a plus rien ` retrancher. ; > -- Antoine de Saint-Exupiry, Terre des hommes > > () ASCII ribbon campaign -- Against HTML e-mail > /\ http://www.asciiribbon.org -- Against proprietary attachments > -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: sysjail project

ontinued on 2009-03-03 due to flaws inherent to syscall wrapper-based security architectures. The restrictions of sysjail could be evaded by exploiting race conditions between the wrapper's security checks and kernel's execution of the syscalls.[1]" 1. http://www.watson.org/~robert/2007woot/ -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: mod_auth_pgsql trouble (SOLVED)

So user seems to be some special name. After I > renamed the row to username it suddenly worked. > > Really weird. > > Is that a bug or a feature? Someone able to enlighten me? :-) USER is a "SQL Key Word" (reserved word) in PostgreSQL. http://www.postgresql.org/d

Re: EuroBSDcon

cover speaker costs. Larger conferences should strive to pay speakers an honorarium. If you can't do the minimum, then you shouldn't have the event. Don't half-ass it. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Bridge Monitoring

in general? Off the top of my head (probably forgetting a lot): munin, symon, cacti, reconnoiter, nfsen, netflow dashboard -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: which monitoring do you use (on OpenBSD)

On Wed, Aug 11, 2010 at 10:07:53PM +0200, Jiri B. wrote: > On Tue, 10 Aug 2010 18:05:51 -0400 > Jason Dixon wrote: > > > http://omniti.com/video/noit-oscon-demo > > Sorry no flash :) > > Some screenshots should be sufficient for this products, interesting is > t

Re: which monitoring do you use (on OpenBSD)

oiter is not for everyone. It's a very powerful system, but it's not intended to be a drop-in replacement for other ECA/Trending systems. It takes time and effort to get value out of it, but it offers some Capacity Planning and Root Cause Analysis capabilities that aren't available

Re: which monitoring do you use (on OpenBSD)

badly we never would have developed either Reconnoiter or Circonus. There are some OpenBSD-Reconnoiter users in the community; if you're interested in finding out more about Reconnoiter, ask around or check out the project website. http://labs.omniti.com/labs/reconnoiter -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: OpenBSD users.

On Sun, Jul 18, 2010 at 01:07:12AM +0200, Mateusz Gierblinski wrote: > > I'm just wondering. Where are you OpenBSD users from? Your mom's bedroom. -J.

Re: BSDStats: Status Report

money, WHY they lost your money, and where it went. Money talks, polls get ignored. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: any web management gui for pf ?

On Sun, Mar 14, 2010 at 12:12:31PM +0500, ??? wrote: > 2010/3/14 Jason Dixon : > > On Sun, Mar 14, 2010 at 11:48:44AM +0500, ??? wrote: > >> we have many people who know ISA very well and all they do with ISA is > >> "publishing applications"

Re: any web management gui for pf ?

wall ui that "only allows adding correct rules", please let me know. That's some insanely smart code that knows right from wrong. Not even pf itself will keep you from shooting yourself in the foot with stupidity. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: any web management gui for pf ?

loated). I'll say it again... writing a good pf web UI is HARD. It's infinitely more complicated and prone to security problems. Reading the pf FAQ and editing pf.conf yourself is easier by geometric proportions. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

OpenBSD 4.7 pre-orders are live!

https://https.openbsd.org/cgi-bin/order?CD47=1&CD47%2b=Add -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: VLANs and security (was:network performance problems)

dsniff. They're fine if you know how to use them properly. I use them all the time in "heavy" production (whatever the fuck that means). ;-) -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Options for graphing pf rule matches

On Mon, Feb 15, 2010 at 06:57:06PM -0800, Brian Keefer wrote: > On Feb 15, 2010, at 3:29 PM, Jason Dixon wrote: > > > On Mon, Feb 15, 2010 at 03:00:59PM -0800, Brian Keefer wrote: > >> Hello, > >> > >> I'm wondering what other folks are using to g

Re: Options for graphing pf rule matches

nts (or representative traffic of a large event) but is not useful for trending or regression analysis. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: routing and pf at 10Gbps

On Wed, Feb 10, 2010 at 07:57:44PM +, Mike Williams wrote: > Really, nobody firewalls at multi-Gbps? I know some folks at NASA that use OpenBSD firewalls that would make your head spin. And yes, that means "multi-Gbps". -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Measuring network data?

today > between 2pm ~ 5pm? There are any number of tools that do this, typically using SNMP or NetFlow accounting protocols. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Announcing: JigglyPuffBSD

of OpenBSD, we're proud of our heritage. We've taken great pains to craft our regex with performance and precision in mind. Copyrights have been rewritten and attributions vanquished. This is not your grandfather's BSD. We're American and damn proud of it. http://jigglypuffbsd.

Re: ComixWall terminated

On Sat, Dec 12, 2009 at 03:12:34PM -0200, dark knight neo wrote: > Yes .. > You have all the reason . Seriously, STFU. Take it offlist with individuals if you still have questions. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: ComixWall terminated [WAS: ComixWall 4.6 released, December 8, 2009]

hey are not "cooperative" projects. OpenBSD doesn't need ComixWall. OpenBSD is Free, Functional and Secure(*). (*) And easy. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: ComixWall terminated [WAS: ComixWall 4.6 released, December 8, 2009]

m not taking sides, but how exactly are you "trying to help"? The few times I've seen you post to misc@ have been to promote your own fork of OpenBSD, or to ask for help in getting your own stuff running. How exactly does this help the _OpenBSD_project_? -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: OpenBSD blog software

, and only if they truly make it a better piece of software. Focus is on maintainability and security. But it's here to stay. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Changing the NIC on installed system?

in OpenBSD-4.5 It identifies them at boot. Just rename your hostname.XX file accordingly and update any service configurations (e.g. pf, dhcpd) that may rely on the interface name. HTH. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

OpenBSD blog software

e the last you hear about it from me. ;) -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Please use this to convert people to OpenBSD

would be the OpenBSD Journal. Why don't you submit a story? P.S. Today's promotion of liveusb-openbsd is bordering on zealotry. Zealotry is stupid and attracts users we don't want in the first place. P.P.S. I think I need to go blog about this now. http://blogsum.obfuscurit

Re: POOR support for layer 7 security in OBSD. Options or another OS?

top of my head: relayd(8) authpf(8) net/snort www/mod_security Indeed, mod_security is only currently available for apache-1.3. But I think the lack of modsecurity-2.x is only because nobody has stepped up to complete the port, not because of any technical hurdles. HTH. -- Jason Dixon

Re: pf n00b

ren't distratcted by World Domination (TM) like some other operating systems. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Script to ping, traceroute a destination and record the time

disconnect happens for a few minutes only. > > Can any one help me get a script to do that? If you can't whip this up yourself in a matter of 2 minutes they have the wrong person debugging it. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: decreasing the size of the distribution

ler than the baseXX, etcXX and manXX sets? These easily fit on a few hundered MB. What modern flash disk won't fit this? Seriously, stop overthinking it. If you primary goal is to use flash (not necessarily to remove files), look at something like flashrd. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Forum engine

tool for the job or how to configure and secure it appropriately for production use." > And if they really piss you off, you could always write your own. Oh please don't. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Using all mod_perl in chrooted Apache, what needs to be inside?

I do not know of a way to bypass the "wonderful" dynamic loading stuff. > I would love to though. ktrace. Welcome to hell. ;) -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Using all mod_perl in chrooted Apache, what needs to be inside?

On Wed, Oct 07, 2009 at 10:28:19AM -0400, Jason Dixon wrote: > On Wed, Oct 07, 2009 at 07:59:42AM -0500, Chris Bennett wrote: > > After seeing Jason Dixon's suggestion to use mod_perl to solve chroot > > problem, I am going to setup a test server on my laptop while traveling.

Re: Using all mod_perl in chrooted Apache, what needs to be inside?

ove > inside chroot? In most cases, nothing. But I left my mind-reading beanie at home, so there's a reasonable chance you might try to do something I hadn't foreseen. In that case, you might need to put something in the chroot. Definitive enough for you? ;) -- Jason Dixon

Re: Logging when interfaces go down

On Sep 18, 2009, at 9:37 AM, Ian Chard wrote: Hi, Is it possible to log, or in some other way capture the event, when network interfaces go down? Ifstated(8) -J.

Re: Anyone heard from Jason Dixon lately?

ACK -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: OT: Laptop advice. SSD costs.

gt; > Disks are cheap, really cheap right now... Disks for the X40/X41 are not at all cheap. These are a very rare breed, hence the discussion and frustration of many X40/X41 owners. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Recommended Switches for Trunking?

ne is now sold as Brocade FastIron. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: openbsd and ethernet tap (port replication)

t; media: Ethernet autoselect (1000baseT full-duplex,rxpause) > status: active $ sudo ifconfig em0 up -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Bind ntpd on certain interface?

e else, baby. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: boot disk ???

lmost always a bad idea. Especially OpenBSD. If it's the right system for them, they'll usually find it on their own. Nobody here wants (or deserves) this sort of unprovoked nonsense. The OpenBSD community is a very fun and helpful bunch. But we're not good at suffering fools or assholes. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Is there an imap vulnerability under attack?

x27;t you check with your IMAP software project/vendor? Last time I looked there was no imapd in base. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: PF: 3 NICS. 1 WAN, 2 LAN. How to manage each LAN open ports individually?

terfaces allowing traffic inbound and outbound, you're there. ;) -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: PF: 3 NICS. 1 WAN, 2 LAN. How to manage each LAN open ports individually?

:network to any \ port 53 pass in on $int_if2 inet proto tcp from $int_if2:network to any \ port { 22 53 80 443 } pass in on $int_if2 inet proto udp from $int_if2:network to any \ port 53 -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: PF: 3 NICS. 1 WAN, 2 LAN. How to manage each LAN open ports individually?

; > itself, you'll probably want to add something for this. Add a pass rule for outbound traffic from the firewall itself. Adjust for any additional services that it should be able to reach. pass out on $ext_if inet proto { tcp udp } from ($ext_if) to any port 53 -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: PF: 3 NICS. 1 WAN, 2 LAN. How to manage each LAN open ports individually?

rt { 53 80 } pass out on $ext_if inet proto udp from $int_if:network to any \ port 53 pass out on $ext_if inet proto tcp from $int_if2:network to any \ port { 22 53 80 443 } pass out on $ext_if inet proto udp from $int_if2:network to any \ port 53 -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: PF: 3 NICS. 1 WAN, 2 LAN. How to manage each LAN open ports individually?

essary, and b) you've never allowed any traffic from your internal interfaces. Honestly, I don't know *what* you're trying to accomplish because your description doesn't match anything in your ruleset. Perhaps you can describe again what you're trying to do and what the differences are supposed to be between $int_if and $int_if2. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: pfctl no longer showing table details in 4.5

in our tables, just the date the > table was last cleared. You need the "counters" option for each table. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: how to debug 'starting network' hangs

On Wed, Jun 17, 2009 at 11:25:51AM -0700, David Newman wrote: > On 6/16/09 10:07 PM, Jason Dixon wrote: > > > I would suggest booting into single-user and using netstart for each of > > the physical and carp interfaces until you find out where your > > misconfiguration is.

Re: how to debug 'starting network' hangs

On Tue, Jun 16, 2009 at 09:42:06PM -0700, David Newman wrote: > On 6/16/09 4:36 PM, Jason Dixon wrote: > > > > Why are you starting your network interfaces and adding routes in > > rc.local? > > I maintain these systems, but did not do the initial setup or > confi

Re: how to debug 'starting network' hangs

c. You've given us no information about your hostname.* files. How could we possibly help diagnose problems starting your network? > ps. FWIW I've pasted the contents of /etc/rc.local below. Addresses and > passwords have been obfuscated. Why are you starting your network interf

Re: Translating dst_port (but not dst_addr) with PF?

On Mon, Jun 15, 2009 at 04:52:17PM -0700, Matthew Dempsky wrote: > On Mon, Jun 15, 2009 at 2:52 PM, Jason Dixon wrote: > > One of our internal customers asked me to setup a bypass rule for some > > outbound SMTP tests so that they could send to a specific high port > > (e.

Translating dst_port (but not dst_addr) with PF?

their test systems to a variety of external vendor systems to test compliance. Using a designated "bypass port" will make it easy on them to test with any of their systems. If there's no way to do this with PF we'll just have to set aside a pool of addresses to bypass the existi

Re: Change source IP to enable pass through VPN

ver "dump ${DOW}ufa - /home | /usr/local/bin/bzip2" | \ dd of=/backups/dumps/server-home-${DOW}-${DATE}.bz2 ssh r...@server "dump ${DOW}ufa - /var | /usr/local/bin/bzip2" | \ dd of=/backups/dumps/server-var-${DOW}-${DATE}.bz2 -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: carp active/active works only as failover

On Thu, Jun 11, 2009 at 07:21:25PM +0200, Federico wrote: > Jason Dixon wrote: > > >> I'm not able to obtain both carp interfaces work in a load balanced way. > > > > http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yes&numbers=6084 > > Dang, thank

Re: carp active/active works only as failover

. > > I'm not able to obtain both carp interfaces work in a load balanced way. http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yes&numbers=6084 -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Fan mail!

t; > and I see the blue console messages come up. I was like, woah, very cool. > > Thats a good start to the week! > > Stalker mail! :) I saw Todd Miller (millert@) in the bathroom this morning! P.S. We work in the same office. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Detailed usage graphs w/PF

ol, per port) usage reporting? I also see > that pfflowd is marked as broken due to pfsync changes. I suspect this > means I'll need to use 4.4 if I want to use pfflowd... Thanks! You don't need pfflowd any longer. man 4 pflow -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: amd64/grub package?

On Sat, May 30, 2009 at 11:05:26AM -0400, Donald Allen wrote: > On Sat, May 30, 2009 at 9:58 AM, Jason Dixon wrote: > > On Sat, May 30, 2009 at 09:10:58AM -0400, Donald Allen wrote: > >> > >> So, I'd like to ask why grub is apparently unsupported on the amd6

Re: Wireless help, please

own to work and you'll be left with the thing(s) that don't. Examples: - OpenBSD wireless connectivity (as a client) - OpenBSD wired connectivity - Mac wired connectivity - Mac wireless connectivity (to a different WAP) - etc... -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: amd64/grub package?

-booted with Windows and something else and where the Windows > version of the mbr is no longer present. I'd be happy to provide the > documentation for the procedure to add to the install guide, if the > developers are interested. Save yourself some headaches. Use GAG. http://gag

Re: OpenBSD ESXi VMware image on Soekris Net5501

HAHAHAHAHAHA *whew* Thanks, I needed that. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Failing over all CARP interfaces

another avenue > I'm overlooking? Search for "carpdemote" in ifconfig(8). -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: OpenBSD ESXi VMware image on Soekris Net5501

elf two inexpensive systems (5501's are ok) and run them in a failover configuration. You have redundancy and the flexiblity to alternate between releases. Without the headache of middleware patches, an unsupported configuration, etc. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: old and new pf tandem test ---help

=article&sid=20090220014805 This will get you all of the related stories: http://undeadly.org/cgi?action=search&mode=&thres=&method=and&sort=revtime&query=redesign+pfsync -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: OpenVPN destroys tun

On Wed, May 06, 2009 at 06:26:30PM -0300, Giancarlo Razzolini wrote: > Jason Dixon escreveu: >> >> I appreciate your digging into the code. That was above and beyond, >> even if it doesn't really do me any good. >> > Well, it can't always be eleg

Re: OpenVPN destroys tun

I just wanted a simple question to a simple answer. Not the same old "jeez, you should try this instead". > An attitude like that deserves a response akin to "Use the source Luke" and > no more. We all have good and bad days. I've been offering free (hopeful

Re: OpenVPN destroys tun

On Wed, May 06, 2009 at 06:04:19PM -0300, Giancarlo Razzolini wrote: > Jason Dixon escreveu: >> > Well, my rude friend, i guess you'll have to accept my suggestion > because you're simply stuck with it. I shouldn't but, i took a little > time and dove in

Re: OpenVPN destroys tun

penVPN bind to an existing tun device. Thanks for the roundabout answer. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: OpenVPN destroys tun

On Wed, May 06, 2009 at 11:51:19PM +0400, Vadim Zhukov wrote: > On Wednesday 06 May 2009 23:34:52 Jason Dixon wrote: > > > > I'm specifying "dev tun0". Per the openvpn(8) man page, dev-type > > should only be used "if the TUN/TAP device used with

Re: OpenVPN destroys tun

On Wed, May 06, 2009 at 11:43:15PM +0400, Vadim Zhukov wrote: > On Wednesday 06 May 2009 23:18:31 Jason Dixon wrote: > > > > Having OpenVPN create the tun device does me no good. I'd still have > > to re-load pf/altq after the file descriptor is created. > > Str

Re: OpenVPN destroys tun

On Wed, May 06, 2009 at 04:29:10PM -0300, Giancarlo Razzolini wrote: > Jason Dixon escreveu: >> So apparently OpenVPN is a douche of an application by >> destroying/recreating any tun devices you ask it to bind to. This >> causes havoc with pf/altq if you queue on those tun i

Re: OpenVPN destroys tun

On Wed, May 06, 2009 at 03:21:16PM -0400, Mark Shroyer wrote: > On Wed, May 06, 2009 at 11:20:43AM -0400, Jason Dixon wrote: > > So apparently OpenVPN is a douche of an application by > > destroying/recreating any tun devices you ask it to bind to. This > > causes havoc with

Re: OpenVPN destroys tun

On Wed, May 06, 2009 at 11:14:21PM +0400, Vadim Zhukov wrote: > On Wednesday 06 May 2009 21:39:15 Jason Dixon wrote: > > On Wed, May 06, 2009 at 08:48:06PM +0400, Vadim Zhukov wrote: > > > On Wednesday 06 May 2009 19:20:43 Jason Dixon wrote: > > > > So appare

Re: OpenVPN destroys tun

On Wed, May 06, 2009 at 08:48:06PM +0400, Vadim Zhukov wrote: > On Wednesday 06 May 2009 19:20:43 Jason Dixon wrote: > > So apparently OpenVPN is a douche of an application by > > destroying/recreating any tun devices you ask it to bind to. This > > causes havoc with pf/altq

OpenVPN destroys tun

n existing tun(4) interface but nobody had any useful answers (besides "use the up/down scripts")... yeah, thanks. Has anyone here used OpenVPN in server mode and overcome this? Thanks, -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Migration from IPTABLES to PF

On Mon, May 04, 2009 at 04:14:45PM -0400, Mark Shroyer wrote: > On Mon, May 04, 2009 at 04:46:16PM -0300, Gonzalo Lionel Rodriguez wrote: > > jaja OMG... i love PF and OpenBSD. > > > > 2009/5/4 Jason Dixon : > > > LOL, you ain't seen nothing yet. Look at the &q

Re: Migration from IPTABLES to PF

On Mon, May 04, 2009 at 04:34:55PM -0300, Gonzalo Lionel Rodriguez wrote: > 2009/5/4 Marco Peereboom : > > MY EYES!!! make it stop bleeding!!! > > jajajaja i think the same. grrr LOL, you ain't seen nothing yet. Look at the "extended version" he just sent out.

Re: Migration from IPTABLES to PF

.cgi?query=pf.conf I made a quick review of your ruleset. I gave up after a few PgDn's. I belive it's in your best interests to contact someone that provides commercial support. http://www.openbsd.org/support.html On a good day, someone might step up and help you with this. But I w

Re: Recovering data from OpenBSD drive using OSX

On Fri, May 01, 2009 at 06:13:38PM -0400, bofh wrote: > On 5/1/09, Jason Dixon wrote: > > On Fri, May 01, 2009 at 02:50:48PM -0700, jebyrnes wrote: > >> Hello, all. I have a question. A long time ago in college I ran an > >> openBSD > >> server. It w

Re: Recovering data from OpenBSD drive using OSX

be able to access these drives? Are their any utilities that would > help in this? It's been a while since I hacked around at this level, so > would appreciate any advice you all could give. Thanks. Find an external USB enclosure. Toss them in. Connect it. Boot OpenBSD in a virtua

DCBSDCon 2009 Videos

y more multimedia work in OS X. :) -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Multiple layers of NAT

to interface 3 and get a response, but not to 4. > I can ping (and everything else) from LAN A to interface 4 and the Internet. > > I've searched around a bit and see there is something wrong (in general) > with "double NAT" It's a simple matter of: * does the route exist * does the firewall allow it Verify that both are true. Monitor your traffic with tcpdump as needed. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: slow httpd on 4.4

ation (dmesg, ifconfig, httpd.conf) so people can spend their time helping, not guessing. Thanks, -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Sun X4140 support?

On Thu, Apr 16, 2009 at 07:52:25AM +0200, Otto Moerbeek wrote: > On Thu, Apr 16, 2009 at 07:47:14AM +0200, Henning Brauer wrote: > > > * Jason Dixon [2009-04-16 07:18]: > > > We had a spare set of servers available, so I went back to the lab and > > > reproduce

Re: Sun X4140 support?

rate and not a user (or systat) error. Perhaps this will help others with their purchasing decisions. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Games

ust wanna get this job done", and "Lost my mind, it's > > such a waste of time". > > Nah, its Systemagic. ;-) +1 -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: [semi-OT] Can anyone recommend an OpenBSD-compatible colour laser printer?

ect (and I believe JCR) then I can highly recommend the Brother HL-2170W. It's inexpensive and has worked great for me with OpenBSD. Comes with wireless *and* wired networking. http://www.brother-usa.com/Printer/ModelDetail.aspx?ProductID=hl2170W -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: love me love me, fool me fool me

On Wed, Apr 01, 2009 at 05:50:17PM +0200, frantisek holop wrote: > hey there, > > so no 1st of april fools this year, hm? > > how about we start a big flamewar about something? > oh wait... One is enough. > happy fools' day fools! :] Meh. -- Jason Dixon

Re: openbsd in virtualization

ttings. As few as 32 when you're playing Halo. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Ramifications of blocking SYN+FIN TCP packets

On Wed, Mar 11, 2009 at 01:04:34PM -0400, David Goldsmith wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Jason Dixon wrote: > > > > S/SAFR > > > > I just had to deal with this on our customer's PCI scan. Don't argue > &g

Re: Ramifications of blocking SYN+FIN TCP packets

On Wed, Mar 11, 2009 at 10:54:18AM -0400, Jason Dixon wrote: > On Wed, Mar 11, 2009 at 10:42:38AM -0400, Stuart VanZee wrote: > > I understand that this might annoy a few of you, If it does > > please accept my apologies. > > > > The place I work is required to hav

Re: Ramifications of blocking SYN+FIN TCP packets

> Does anyone see a way that this would come back to bite me on > the ass later? S/SAFR I just had to deal with this on our customer's PCI scan. Don't argue with the logic, just do it. :) -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: Where is "Secure by default" ?

if I was looking to deploy > an OpenBSD system. I'm worried that some are getting complacent about > OpenBSD's security here... > > Maybe it's a troll. Maybe not. Can we afford to be turning away > potential users on the off chance? As a community, we don

Re: PF Seems To Reload Its Default Rules Unexpectedly

r" before and after this supposedly takes place. And "uptime" to prove it hasn't been rebooted. And "grep pf /etc/rc.conf.local" so we can see how you're starting it. In other words, *useful information*. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: How do I monitor my PF based firewall?

On Wed, Mar 04, 2009 at 02:55:46PM +0100, Falk Brockerhoff - smartTERRA GmbH wrote: > Am 04.03.2009 um 14:46 schrieb Jason Dixon: > >> Other people use the PF-MIB patch to net-snmp. We don't need that >> functionality. We like to monitor the following for our PF firewal

  1   2   3   4   5   6   >