On Thu, Nov 10, 2011 at 09:43:46PM +, Stuart Henderson wrote:
| sys/net80211/ieee80211_node.c r1.63 (in 5.0 but not 4.9) probably helps.
Thanks for the pointer.
--
Ryan Corder || () ASCII ribbon campaign
ryanc at greengrey.org || /\ against HTML email
http
) and ral(4) from adding timeouts if the
driver is dying and improved detaching.
Anyone know if there has been any work, as mentioned above, on this
particular
problem?
thanks.
ryanc
--
Ryan Corder || () ASCII ribbon campaign
ryanc at greengrey.org || /\ against
to 2TB logical volumes.
I've had great success with the Areca ARC-1210.
http://www.areca.com.tw/products/pcie.htm
--
Ryan Corder || () ASCII ribbon campaign
ryanc at greengrey.org || /\ against HTML email
http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEE37813
and
has been replaced by the Rev B, but packaging and specs rarely state which
one
you'll be getting. Your best bet would be the ARC-1202 or ARC-1210.
--
Ryan Corder || () ASCII ribbon campaign
ryanc at greengrey.org || /\ against HTML email
http://pgp.mit.edu:11371
answer to your problem.
--
Ryan Corder || () ASCII ribbon campaign
ryanc at greengrey.org || /\ against HTML email
http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x1CB59D69
[demime 1.01d removed an attachment of type application/pgp-signature]
experiencing this I changed out my card for one with a RT260
chip. ifconfig {down,up} works but is annoying...
thanks.
--
Ryan Corder || () ASCII ribbon campaign
ryanc at greengrey.org || /\ against HTML email
http://pgp.mit.edu:11371/pks/lookup?op=getsearch
On Mon, Jan 04, 2010 at 04:10:53PM -0800, Ryan Corder wrote:
| Yeah, why is this? Do we know what conditions these are? I ask because
| I have been experiencing this I changed out my card for one with a RT260
| chip. ifconfig {down,up} works but is annoying...
Sorry for all the typos
weeks
without ever noticing (full disclosure, it was my own fault for not setting
up sensorsd to see the failure)!
--
Ryan Corder || () ASCII ribbon campaign
ryanc at greengrey.org || /\ against HTML email
http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x1CB59D69
-stable and the
included snmpd). Can you please give me a hint into the right direction?
symon - it's in ports. It doesn't fit the SNMP bill, but it will give
you rrd files that cacti could use.
--
Ryan Corder || () ASCII ribbon campaign
ryanc at greengrey.org
On Tue, Sep 16, 2008 at 09:10:48AM +1000, Jonathan Gray wrote:
| This sounds like the new firmware, but I can't see a dmesg
| from you to figure out if this is the case for sure.
arc0 at pci2 dev 14 function 0 Areca ARC-1210 rev 0x00: apic 2 int 18 (irq 5)
arc0: 4 ports, 256MB SDRAM, firmware
On Mon, Sep 15, 2008 at 03:12:29PM +0200, Harald Dunkel wrote:
AFAICS the arc-1210 comes with a fan. Is there an integration
with sensorsd?
Not as of 4.3. The only thing I get related to my ARC-1210 out of
sensors is:
hw.sensors.arc0.drive0=online (sd0), OK
I would also like to help with
On Mon, Sep 15, 2008 at 09:41:42PM +0200, Henning Brauer wrote:
| maybe by reading the bioctl manpage? your bioctl usage is completely
| off. way off.
| (ok, I give you a treaty: bioctl arc0)
Fair enough, being a bad user is no excuse. This got my alarm reporting, but
what is with the error?
On Thu, Sep 11, 2008 at 11:49:39AM -0400, (private) HKS wrote:
| Also, tab-completion won't work, top won't work, control characters
| won't work, vim won't work, etc etc...
I'm glad someone brought up this point.
On Tue, Sep 09, 2008 at 12:11:04PM -0500, Vijay Sankar wrote:
| scrub in
| scrub out on $ext_if max-mss 1440
|
| has worked very well for me with my ISP. I am very interested in hearing
about
| other ways of dealing with DSL connectivity.
scrub on $ext_if reassemble tcp
scrub in on
On Wed, Aug 20, 2008 at 09:06:14AM +0200, Harald Dunkel wrote:
http://www.kernel-panic.it/openbsd/vpn/vpn3.html#vpn-3.4
http://www.openbsd.org/cgi-bin/man.cgi?query=enc
Ah, very nice. That first one is just what I was looking for. I had
the first three sections already defined,
On Thu, Aug 21, 2008 at 04:10:30PM -0700, Ryan Corder wrote:
| On Wed, Aug 20, 2008 at 09:06:14AM +0200, Harald Dunkel wrote:
| http://www.kernel-panic.it/openbsd/vpn/vpn3.html#vpn-3.4
| http://www.openbsd.org/cgi-bin/man.cgi?query=enc
|
| Ah, very nice. That first one is just what I
I'm setting up an IPSec tunnel and in PF, I'm not skipping on
enc0 (i.e. no 'set skip on enc0'). I'm curious to how direction is
specified on enc0 when routing traffic. My scenario is like this:
remote box -- (IPSec tunnel) -- OpenBSD firewall -- OpenBSD server
I want to send all my logs from
On Mon, Jul 14, 2008 at 10:06 PM, Ryan Corder [EMAIL PROTECTED] wrote:
So, is it the firmware? the definition in pcidevs? I'm just baffled
as to why the card shows up but the drives don't.
I really, really don't want to keep Linux on this machine, so _any_
help is greatly appreciated
been the addition to
control the LEDs via bioctl.
So, is it the firmware? the definition in pcidevs? I'm just baffled
as to why the card shows up but the drives don't.
I really, really don't want to keep Linux on this machine, so _any_
help is greatly appreciated.
--
Ryan Corder
[EMAIL
any thoughts? Is the RAMDISK_CD on 4.3 that much different from GENERIC? I
looked in CVS and saw that both 'arc* at pci?' and 'scsibus* at arc?'. What
am I missing?
thanks.
ryanc
--
Ryan Corder
[EMAIL PROTECTED]
On Tue, Jun 17, 2008 at 01:11:16AM -0700, Peter_APIIT wrote:
| Below is my configuration :
| /etc/mararc
| Quote:
| ipv4_bind_address=172.16.10.1
| chroot_idr = /etc/maradns
| recursive_acl=172.16.10.10
| hide_disclaimer=yes
| no_fingerprint=yes
| verbose_level=3
| timeout_seconds=3
|
On Mon, Apr 14, 2008 at 06:52:06PM -0500, Jacob Yocom-Piatt wrote:
am considering acquiring some machines with SSD drives, e.g. thinkpad X300,
and was interested to hear about any experiences with openbsd on an SSD
drive.
As of last week, the T61 is available with the same drive that comes
On Wed, Feb 20, 2008 at 08:32:31AM -0800, Rami Sik wrote:
| I would like to see what you'd suggest as a log analyzer tool(s) on a
| centralized log server running syslog-ng.
|
| I also need to use a specific tool as PF log analyzer. What do you
| suggest for that purpose?
I prefer to use a log
On Wed, Feb 20, 2008 at 11:12:06AM -0800, Kian Mohageri wrote:
| Another vote for Tenshi. Probably the best way to do it with
| syslog-ng is to have syslog-ng forward logs to Tenshi (listening on
| loopback) because otherwise Tenshi won't be able to follow the logs
| (if you organize them by
On Tue, Feb 19, 2008 at 09:42:43PM -0700, Steve B wrote:
| My employer has given me some free colo space and I thought I would take
| advantage of it to do remote system logging. Those of you here who are doing
| it, could you comment on whether you are using Syslog-NG or something else,
| and
On Wednesday, 06.02.2008 at 23:07 -0800, Joe wrote:
| Can anyone recommend a server room temperature sensor that I can use
| with openbsd?
|
| I want to monitor temperature and humidity.
|
| I hope to graph the data from the sensor.
|
| The sensor can be connected to my openbsd via usb, serial,
On Sun, Jan 27, 2008 at 12:25:40PM -0800, Lord Sporkton wrote:
| Im about to buy a small server, mostly for personal use
| looking for a 1u
|
| was hoping to find some vendors that are openbsd friendly
| if they offer more than just i386 that is a plus as im investigating
| other archs as a
I'm trying to make the banner from my mail server and the banner from spamd
sitting in front of it match, so that it appears that you are connecting to
the same machine regardless of where spamd sends you.
On my mail server, it looks like this:
220 mail.greengrey.org ESMTP smtpd
On spamd,
I'm a very happy user of both OpenBSD and GNU/Linux systems, but what
I don't get is, how is limiting a users choice in what he/she runs on
his/her system more free than one that doesn't?
Absolute freedom is to be able to do whatever the hell you want to
with no limitations placed on you
On Tue, 2007-04-10 at 07:53 -0700, Manuel Ravasio wrote:
I'm creating some shell scripts for various administrative purposes, and
I'd
really like to add some kind of command at the end of each in order to have
the pc speaker BEEP when the script is over.
\b
--
Ryan Corder [EMAIL PROTECTED
On Tue, 2007-04-10 at 18:52 +0200, Almir Karic wrote:
isn't \b a backspace?
oh yeah, oops. meant to say \a I guess
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d removed an attachment of type application/pgp-signature which had
On Fri, 2007-03-16 at 11:09 +0100, Alexander Hall wrote:
Ryan Corder wrote:
alternatively, I did this and it seemed to work
pass out on bge0 from inside to { any, !outside }
pass out on bge0 from inside to { any, !llcidr }
The above is an overkill equivalent to
pass out on bge0
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
be collapsed to
block out on bge0 from inside to { outside, llcidr }
thank you, that is what I wanted to know. Does the situation require
extra block rules? The answer is yes and I know that for future
reference.
Thank you, Marco, for getting straight to the question at hand.
--
Ryan Corder
state
block out on bge0 from inside to outside keep state
block out on bge0 from inside to llcidr keep state
this accomplishes what I want, but I feel the use of more block
statements past the first one is extraneous.
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC
but on the 'pass in' rule on my internal
interface. so, shouldn't these be getting evaluated?
thanks.
ryanc
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
On Thu, 2007-03-15 at 15:32 +, Stuart Henderson wrote:
On 2007/03/15 10:25, Ryan Corder wrote:
On Thu, 2007-03-15 at 01:39 +, Stuart Henderson wrote:
feed the rule into pfctl -nvf - and see how it's expanded.
basically what you would expect...
pass out on bge0 from inside
tables
so it's probably more work to maintain.
which is too bad.
alternatively, I did this and it seemed to work
pass out on bge0 from inside to { any, !outside }
pass out on bge0 from inside to { any, !llcidr }
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219-
port on the 10.0.3.0/24 subnet. the way the
two pass rules are written, I was thinking that I would be able to
connect to anything EXCEPT the subnets listed in outside and others.
what am I missing here?
thanks.
ryanc
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219
and you get a system where the users are
authenticated against Kerberos but denied otherwise unless the
explictely have a password set in /etc/passwd.
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d removed an attachment of type application
,
PasswordAuthentication, and PubkeyAuthentication can all be set to 'no'
to turn them off. However, I would suggest that you leave at least one
alterntive authentication method on in case your Kerberos ever gets
hosed or the time on your machine(s) get out of sync.
later.
ryanc
--
Ryan Corder [EMAIL
On Mon, 2007-03-12 at 17:06 -0300, Gustavo Rios wrote:
He is still able to login. I believed since KerberosAuthentication
no he should not login.
What am i during wrong ?
it is probably using GSSAPIAuthentication and not KerberosAuthentcation.
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer
On Wed, 2007-02-21 at 20:05 -0700, Darren Spruell wrote:
On 2/21/07, Ryan Corder [EMAIL PROTECTED] wrote:
does anyone know why GSSAPI authentication has been disabled on the port
of msmtp in 4.0?
Might be a good question for ports@ and (if not ports@) the maintainer.
good point, thanks
does anyone know why GSSAPI authentication has been disabled on the port
of msmtp in 4.0?
thanks.
ryanc
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name
rule defined and there to be no chance that a later rule can
alter it, add the 'quick' keyword.
later.
ryanc
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name
ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr on $int_if inet proto tcp from any to any port 21 - 127.0.0.1 8021
anchor ftp-proxy/*
pass out on $ext_if proto tcp from ($ext_if) to any port 21 keep state
---
is anyone else experiencing anything similar?
TIA.
ryanc
--
Ryan
shed some light on why the
server is disconnecting you.
later.
ryanc
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
night, it was, but not since the move
of 4.0.
is there something different about the way that the 4.0 ftp-proxy
translates that would make the 3.8 ftp-proxy not act the same?
TIA,
ryanc
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d
the
benefits of a ticket system.
later.
ryanc
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
the enc0
interface, but the regular bge0 default interface.
or am I completely wrong on this one?
TIA,
ryanc
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name
host VPN? Since
I'm not routing two different networks across the VPN, there is nothing
easy to test like pinging a host on the other end of the tunnel.
TIA.
ryanc
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d removed an attachment
one
computer to another. if you can't find one, i can send a link later today.
now, I got the tunnel setup just fine using just ipsec.conf. I was just
curios if there was a quick and simple way to to test traffic through
the tunnel since it is just a host to host configuration.
--
Ryan Corder
gathered, this should have been really
easy to do...I just think I'm to that point where even if there was
something really wrong staring back at me I wouldn't see it because I've
been looking at the same stuff for too long now.
please help.
ryanc
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer
of
that via the anchors?
thanks in advance.
ryanc
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
] post.
it is read on login and displays to you whether there were any login
failures since your last successful one. there is no tool that I know
of to read it directly
ttyC0
X]E
probably they last TTY you logged in on.
later.
ryanc
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys
they are meant to handle a higher load.
slow PCI bus + cheap NIC = high interrupt load == slow throughput.
later.
ryanc
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name
? is your time
synced (within 5 min.) with the Kerberos server?
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
machines instead of via SSH. The console is still the default,
as in keyboard/monitor setup.
thanks.
ryanc
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
on Gentoo) acts a little different
as it seems to take over once the machine has finished booting.
so I guess I'm just SOL?
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name
be as
secure (if you can call FTP secure) as your custom authentication
program is.
hope this helps.
ryanc
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
it's quick connect and transfer hoping that you are
running IIS, only to be told from your webserver to try again correctly.
later.
ryanc
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d removed an attachment of type application/pgp
On Wed, 2006-08-23 at 21:53 -0700, Edward Ray wrote:
It has been awhile since I used ports, and have not kept up on the latest
OpenBSD stuff. What and where are packages?
everything that is in ports, just compiled for you already. check your
local mirror.
later.
ryanc
--
Ryan Corder [EMAIL
on $ext_if inet from bad_hosts
pass in on $ext_if proto tcp from any to any port 80 \
flags S/SA synproxy state (max-src-conn 100, \
max-src-conn-rate 15/5, \
overload bad_hosts flush)
later.
ryanc
--
Ryan Corder [EMAIL PROTECTED
it, but it
wouldn't suprise me if it were.
later.
ryanc
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
:
auth-defaults:auth=krb5-or-pwd,skey
this is assuming you want to fallback on a password in your shadow
file and then onto skey. Of course, make sure you have Kerberos set up
properly in your /etc/kerberosV/krb5.conf file.
later.
ryanc
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys
exist. The best solution for a more secure wireless network
is for you to implement a WEP-encrypted environment and establish
a VPN over it.
later.
ryanc
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d removed an attachment of type
script
that allows you to create an image.
later.
ryanc
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
On Thu, 2006-08-03 at 23:27 +1000, Shane J Pearson wrote:
What about an open wireless network, which does not allow anything to
be routed out of the OpenBSD WAP unless it is authpf authorised. Then
only VPN traffic.
exactly...that would be ideal.
--
Ryan Corder [EMAIL PROTECTED]
Systems
idea? I don't want to
switch to
freebsd...
no, it is a limitation of the software used to create the image, not
OpenBSD. It collects C/H/S information as part of the build, therefore
will only work with a CF of that size.
maybe time to roll your own.
--
Ryan Corder [EMAIL PROTECTED]
Systems
of that. Let the user handle setting up the individual CF
cards and just provide an image of the hard drive contents to be
flashed over via dd.
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d removed an attachment of type application/pgp
not
work as web browsers don't tend to know anything about passive
mode FTP and instead use active mode for everything.
later.
ryanc
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
for a 5 minute difference in
time on the communicating hosts but can be changed with the 'clockskew'
setting in your krb5.conf.
later.
ryanc
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
Matthias Kilian wrote:
Indeed, very secure. If I've physical access to your laptop, all I
need is a screwdriver to open it, pull out the disk and connect it
to another machine.
not *completely* related, but I have the following alias that I use
to start X from the console:
alias
'lo all.
i recently ran into a small issue with ftp-proxy running on my
firewall...I definately know this is a misconfiguration problem
as I have had this working as of yesterday. when I attempt to
connect to a FTP site from behind the firewall, I do get an
initial connection, but then am
On Thu, 2005-06-02 at 12:40 -0700, Steven Bowers wrote:
[snip]
call a Nexgate 1041 which is close to what I'm looking for, but would
prefer one of the low power VIA boards instead.
Commell board (or with case) at bwi.com:
http://bwi.com/product/10533/
later.
ryanc
On Mon, 2005-05-16 at 22:34 +0200, Stefan Kell wrote:
Hi,
I would change the sshd-port from 22 to something different. This way the
attack would run into nirvana.
ListenAddress your.ip.address:new_port
And of course disallow root access in sshd_conf.
PermitRootLogin no
ryanc
On Wed, 2005-05-11 at 16:02 -0600, Diana Eichert wrote:
I purchased mine from http://www.bwi.com/ . Bob was always very helpful
in getting any questions I had answered.
thanks!
ryanc
On Wed, 2005-05-11 at 19:53 +0900, Mark Uemura wrote:
I purchased the Commell board in a case designed for it, there is an
access panel for the CF socket. The PCI slot becomes unusable in the
case. The board I purchased also uses the Intel NIC's for 3/100M 1/1G
NICs. We purchased these
79 matches
Mail list logo
