Ted Unangst wrote:
On 11/3/05, Han Boetes [EMAIL PROTECTED] wrote:
Nick Holland wrote:
Han Boetes wrote:
That's not 3.8: 3.8-stable was compiled on september the 26th.
I have no idea what you are babbling about here, 3.8-stable is
only started to be maintained on release day,
On 04Nov2005 07:52, Ryan McBride [EMAIL PROTECTED] wrote:
| On Fri, Nov 04, 2005 at 05:16:22PM +1100, Cameron Simpson wrote:
| [var/[EMAIL PROTECTED] pfctl -s rules
| block return all
| pass quick proto tcp from any to any port = ssh flags S/SA keep state
| pass in quick proto
On Fri, Nov 04, 2005 at 07:22:33PM +1100, Cameron Simpson wrote:
I was imagining the keep state stuff handled that. So - for my mental
model - a packet being forwarded traverses the rules twice: once on the
way in and once on the way out?
Yes.
Well I'd reduced my test to pinging the firewall
[EMAIL PROTECTED] schrieb:
[snip]
One problem is parsing and
syntax checking of pf rules so that garbage isn't fed to for
example pfctl if that is the method one chooses.
[snip]
that's where the -n option of pfctl is for, isn't it?
How is the Layout defined???
What do you mean by defined? Are you trying to ask, what does the
bootable OpenBSD CD ROM file system contain? If yes, then you can
look at an official OpenBSD CD ROM to see the arrangement of files and
directories.
If the md5 sum of the ISO image of a custom
I'm an idiot. I was pinging with some ip-options set (route tracking)
and pf was dropping packets with such options. Not the rules at all.
Thanks for the help!
--
Cameron Simpson [EMAIL PROTECTED] DoD#743
http://www.cskk.ezoshosting.com/cs/
alt.skunks A newsgroup for enthusiasts of skunks
If you have time:
A real AMD64 machine can also run with more than 4GB of ram and do DMA
without having to bounce buffering to PCI devices. We don't do
software bounce buffering yet to cope with this deficiency in
large-memory Intel AMD64-clones.
You're talking about DMA to really high
Siju: just a quick note. From your name I don't know what part of the
world you might be in, assuming you're not in the West somewhere, and
maybe your first language is not English. I didn't intend to sound
rude or confrontational. I was going to explain why you are likely to
get a different
I am still running 3.6 on my Sun Ultra 5. If I upgrade to 3.8 will the
screen blank work like it did when I ran OBSD on an Intel box? Do I
need to know the graphics card info to get this question answered?
Jim
and who the hell are you to jab anyone?
I'm from Australia, where are you from? In Australia, taking a jab is
friendly. I don't know how else to describe it. A friendly shove? I
don't know.
And who the hell are you to question me anyway?
oh, that's right, someone who showed up on the
Hi,
during the upgrade in 3.8 i have tried to use mirrors in italy.
ftp://ftp.openbsd.it/pub/Unix/OpenBSD (Napoli)
ftp://na.mirror.garr.it/mirrors/OpenBSD (Napoli)
The first is not resolvable by the dns.
The second don't have the openbsd directory.
Cristian Del Carlo
since i've heard that the new ipsec.conf and ipsecctl command
simplify setting up vpns, i figured i would give the old way
of isakmpd.conf another pass to help me figure out the new
syntax. now that i have gone back and tried to setup isakmpd
as a tunnel between two machines on my home newtork
oops, didn't realize my attachments would get stripped. here
are the isakmpd -d -DA=10 and tcpdump outputs i mentioned in
the first message:
i've included the outputs from each instance of isakmpd and a
tcpdump from the host in between them as attachments.
isakmpd.peer-X.out:
085803.480596
On 2005-11-03 17:20:33 -0600, Daniel A. Ramaley wrote:
On Thursday 03 November 2005 08:59, Martin Schrvder wrote:
http://www.heise.de/newsticker/meldung/65660
A MacMini is cheaper and runs OBSD.
That's not entirely accurate; though a Mac Mini will run OpenBSD, it is
not cheaper. The
Hi,
Just to say thanks to all involved. I ordered my 3.8CDs on via
OpenBSD/europe page on tuesday, and they arrived today (friday)... in
Norway. All in tact and unblemished (as usual). Great service,
thanks :-)
/Pete
Pete Vickers wrote:
Hi,
Just to say thanks to all involved. I ordered my 3.8CDs on via
OpenBSD/europe page on tuesday, and they arrived today (friday)... in
Norway. All in tact and unblemished (as usual). Great service,
thanks :-)
Me too! Great work to the entire team. I ordered my
On 11/4/05, Brandon Mercer [EMAIL PROTECTED] wrote:
Pete Vickers wrote:
Hi,
Just to say thanks to all involved. I ordered my 3.8CDs on via
OpenBSD/europe page on tuesday, and they arrived today (friday)... in
Norway. All in tact and unblemished (as usual). Great service,
thanks :-)
Today I upgraded a VPN gateway to 3.8-RELEASE. Anyway, when I put
isakmpd.conf back and tried to start it, only one VPN connection
(connected to a Linksys VPN gateway) came back up, the connection to
another OpenBSD gateway (running 3.7) could not be established. On the
other gateway, isakmpd
Brandon Mercer wrote:
Pete Vickers wrote:
Hi,
Just to say thanks to all involved. I ordered my 3.8CDs on via
OpenBSD/europe page on tuesday, and they arrived today (friday)... in
Norway. All in tact and unblemished (as usual). Great service,
thanks :-)
Me too! Great work to
That fixed it. Thanks Ted.
-Original Message-
From: Ted Unangst [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 03, 2005 5:08 PM
To: Michael Favinsky
Cc: misc@openbsd.org
Subject: Re: / never unmounts properly
On 11/3/05, Michael Favinsky [EMAIL PROTECTED] wrote:
I just installed
I am still running 3.6 on my Sun Ultra 5. If I upgrade to 3.8 will the
screen blank work like it did when I ran OBSD on an Intel box?
Installing the Oct 18th 3.8 sparc64 snapshot on an Ultra 1 ftp server
(no X), the screen didn't blank before running headless. Alf.
Hi, after reading the pf docs it is not clear for me how to configure
the firewall to route the traffic back to the gateway directly conected
to the incoming interface of the packet, something like this
ISP A ISP B
200.13.32.1 216.21.40.1
| |
|
Hello!
I have the following problem:
Filesharing users eat the whole available bandwidth and they use
lots of connections at the same time. The result is an overloaded
gateway. Locking ports doesn't help, because they do port-hopping.
My goal:
I want to create a queue which limits the
Christoph Egger wrote:
Filesharing users eat the whole available bandwidth and they use
lots of connections at the same time. The result is an overloaded
gateway. Locking ports doesn't help, because they do port-hopping.
The rough solution:
snip
The rough answer:
Queue everything into
On Fri, Nov 04, 2005 at 06:42:11PM +0100, Michiel van der Kraats wrote:
Today I upgraded a VPN gateway to 3.8-RELEASE. Anyway, when I put
isakmpd.conf back and tried to start it, only one VPN connection
(connected to a Linksys VPN gateway) came back up, the connection to
another OpenBSD
On 11/4/05, Christoph Egger [EMAIL PROTECTED] wrote:
The P2P traffic can be identified this way:
- The source IP from one client is always the same
- The client establishes lots of connections to many destination IP adresses
Use synproxy, max-src-states, and overload tables. Automagically
If your other peer is 3.7, please apply all patches.
HJ.
On Fri, Nov 04, 2005 at 07:29:50PM +0100, Tobias Walkowiak wrote:
On Fri, Nov 04, 2005 at 06:42:11PM +0100, Michiel van der Kraats wrote:
Today I upgraded a VPN gateway to 3.8-RELEASE. Anyway, when I put
isakmpd.conf back and tried to
Greets
I too have the same issue. A straight upgrade, there were only a couple of 3.7
to 3.8 syntax corrections to make. I wonder if maybe there is a minor syntax
change somewhere along the way. I am going through the isakmpd.conf and
isakmpd man pages again to see if I may have missed
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
Hans-Joerg Hoexer
Sent: Friday, November 04, 2005 2:45 PM
To: Tobias Walkowiak
Cc: [EMAIL PROTECTED]; misc@openbsd.org
Subject: Re: isakmpd: invalid next payload type RESERVED_MIN
in payload
of type
pass in on gem0 proto tcp from any to 200.13.32.2 port 80 flags S/SA
keep state
pass in on gem1 proto tcp from any to 216.21.40.2 port 25 flags S/SA
keep state
Try reply-to on these.
pass out on gem0 route-to (gem1 216.21.40.1) from gem1 to any
pass out on gem1 route-to (gem0 216.21.40.1)
On Fri, 4 Nov 2005 12:49:01 +0530, Siju George [EMAIL PROTECTED]
wrote:
Hi,
I been asked about
http://www.openbsd.org/faq/faq3.html#ISO
How is the Layout defined???
maybe Nick or Theo or some other responsible person could give an
authoritative answer so I can give it back to the person who
On Fri, Nov 04, 2005 at 08:45:21PM +0100, Hans-Joerg Hoexer wrote:
If your other peer is 3.7, please apply all patches.
of course i applied all 5 patches from 3.7. or do you have sth different in
mind?
--
tobias
Pete Vickers wrote:
Hi,
Just to say thanks to all involved. I ordered my 3.8CDs on via
OpenBSD/europe page on tuesday, and they arrived today (friday)... in
Norway. All in tact and unblemished (as usual). Great service, thanks
:-)
I even got it before I paid for it, how's that for
Hi,
sorry, I was unclear. Rebuild isakmpd after updating src/sbin/isakmpd
from CVS using the 3.7 patch branch (ie. cvs up -P -rOPENBSD_3_7).
Other workaround, disable nat-t with the -T option.
HJ.
On Fri, Nov 04, 2005 at 09:59:12PM +0100, Tobias Walkowiak wrote:
On Fri, Nov 04, 2005 at
I was looking to learn more about OpenCVS, in particular, reading the
cvsintro docs mentioned here:
http://www.opencvs.org/manual.html
Unfortunately the links are broken. Could someone drop-kick me in the
right direction? I need to (better) learn both CVS usage and CVS
setup/administration.
On Fri, Nov 04, 2005 at 10:12:35PM +0100, Hans-Joerg Hoexer wrote:
sorry, I was unclear. Rebuild isakmpd after updating src/sbin/isakmpd
from CVS using the 3.7 patch branch (ie. cvs up -P -rOPENBSD_3_7).
hm, i think i better update the other peer to 3.8, as well - although it's
550 km from
On 11/4/05, J.C. Roberts [EMAIL PROTECTED] wrote:
http://www.opencvs.org/manual.html
Unfortunately the links are broken. Could someone drop-kick me in the
right direction? I need to (better) learn both CVS usage and CVS
setup/administration.
typing things like cvs, cvs book, and cvs intro
Hi,
On Fri, Nov 04, 2005 at 10:47:59PM +0100, Tobias Walkowiak wrote:
hm, i think i better update the other peer to 3.8, as well - although it's
550 km from here ...
Other workaround, disable nat-t with the -T option.
but that only works for 3.8 isakmpd, doesn't it? what about the
On Fri, Nov 04, 2005 at 01:17:29PM -0800, J.C. Roberts wrote:
I was looking to learn more about OpenCVS, in particular, reading the
cvsintro docs mentioned here:
http://www.opencvs.org/manual.html
OpenCVS is not yet released and still under development.
Unfortunately the links are broken.
On Friday 04 November 2005 14:47, Tobias Walkowiak wrote:
Hi Tobias
Other workaround, disable nat-t with the -T option.
It works fine, I have multiple offices with data and VOIP traffic running
through separate tunnels, the -T has allowed the other 3.8.upgrades to wait
until Monday.
Thanks
I am trying to display a login banner prior to login.
With freebsd, this can be done by adding
:if=/pathtosomefile: to the default setting of
gettytab. I did a man on gettytab and saw that
OpenBSD's implementation does not support if.
Anyone been successful in doing this? I am trying to
heya,
i tried this setup with IPV4 addresses on the same subnet (10.0.3.1 and
10.0.3.2) and it worked fine, i.e. i tcpdump -i enc0 and see encapsulated
packets. this leaves me wondering what it is about my prior setup that made it
not work.
i saw no appreciable difference in the outputs from
J.C. Roberts wrote:
I was looking to learn more about OpenCVS, in particular, reading the
While OpenCVS isn't ready, yet, reading the contents of the cvs-guide
package (located in books/cvs-guide in the ports tree) is very
educational. OpenCVS will probably work in similar ways (I haven't
Hi:
Is OpenBSD 3.8 compatible with the optical
DVD-RW/CD-RW CF-VDM291U MultiDrive for the CF-29
ToughBook?
--- Jared Solomon [EMAIL PROTECTED] wrote:
Hello,
Here is the dmesg for my Panasonic Toughbook CF-72.
When booting the
install cd, I had to disable ahc else the boot would
Hi every one.
im a newbe with OpenBSD,
I just wan to know how to set my route table as i want during the boot
process.
in fact this is my route table
$ netstat -rn
---
Routing tables
Internet:
Destination
Siju George wrote:
Hi,
I been asked about
http://www.openbsd.org/faq/faq3.html#ISO
How is the Layout defined???
maybe Nick or Theo or some other responsible person could give an
authoritative answer so I can give it back to the person who asked me.
If the md5 sum of the ISO image of
Anon Y. Mous [EMAIL PROTECTED] wrote:
Hi:
Is OpenBSD 3.8 compatible with the optical
DVD-RW/CD-RW CF-VDM291U MultiDrive for the CF-29
ToughBook?
Probably. Has anyone run into an ATAPI DVD/CDROM in the past 5 years that
didn't work? (At least the basic functionality?)
Hi there.
Can someone tell me why during boot my wd1 hd is seen with the correct
number of sectors and after fdisk sees only half of them?
[EMAIL PROTECTED]:/etc$ dmesg |grep wd1 |grep sectors fdisk wd1 |grep
Sectors
wd1: 32-sector PIO, LBA, 9768MB, 20005650 sectors
Disk: wd1 geometry:
On Fri, Nov 04, 2005 at 02:57:35AM +, Ryan McBride wrote:
On Thu, Nov 03, 2005 at 06:11:20PM -0500, Jon Hart wrote:
1) used to determine that a particular carp packet is intended for
you carp host?
carp(4) does a number of validity checks before treating the packet a
real
Hello!
I was searching i can't find answer.
I got OpenBSD 3.7 with default Apache (chrooted) i'm using ftp
server fdrom base system enabled by inetd.
I would like to make users not be able to read anything except their
own /home/user folder /var/www/users/user folder.
How can i do that with
If you wish to produce your own custom ISO, then you have pretty much only 2
options:
1 - just dump the distribution and installer on a CD
2 - come up with your own logical layout, perhaps a new installer or other
value-added extras, i have considered this myself but would not want to take
Read the FAQ..put the users home dirs in /var/www and setup anonyumous ftp yet
define the users and it works well. BTW you don't need inetd, just run ftpd as
a daemon.
Marcin Wilk([EMAIL PROTECTED])@Sat, Nov 05, 2005 at 02:04:18AM +0100:
Hello!
I was searching i can't find answer.
I got
Allie D wrote:
Read the FAQ..put the users home dirs in /var/www and setup anonyumous ftp yet
define the users and it works well. BTW you don't need inetd, just run ftpd as
a daemon.
Marcin Wilk([EMAIL PROTECTED])@Sat, Nov 05, 2005 at 02:04:18AM +0100:
Hello!
I was searching i can't find
On Fri, 04 Nov 2005 19:09:32 -0500, Nick Holland
[EMAIL PROTECTED] wrote:
In short, if you are wondering if you are too close, you probably are.
If you spent some time and effort to put something together that has
some of your own thought and planning, you might be just fine.
(heh. funny how
Not out of the box you can't. I'd rather run an audited piece of software
that's less secure but chroots a user than a band-aid that could open yourself
up to other problems.
Bob Ababurko([EMAIL PROTECTED])@Fri, Nov 04, 2005 at 08:51:52PM -0500:
Allie D wrote:
Read the FAQ..put the users home
On Sat, 5 Nov 2005, Marcin Wilk wrote:
Hello!
I was searching i can't find answer.
I got OpenBSD 3.7 with default Apache (chrooted) i'm using ftp
server fdrom base system enabled by inetd.
I would like to make users not be able to read anything except their
own /home/user folder
I got new hard drive. Western Digital 200gb on sata. I connected it to
my pc and I run disklabel
then I run newfs and after that I mounted it and I saw
/dev/wd1a 183G7.8T347G 4602%/mnt/wd1
so I was traying to run fsck -f /dev/wd1a and what I saw? is :
`--# fsck_ffs -fy
Riccardo Giuntoli wrote:
Hi there.
Can someone tell me why during boot my wd1 hd is seen with the correct
number of sectors and after fdisk sees only half of them?
Yeah.
Because Something's Wrong.
Since you apparently knew what I need to know to give you that
diagnosis, I'm sure you will be
I forgot to add dmesg
OpenBSD 3.8-stable (ROBAL) #0: Tue Nov 1 00:08:26 EST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/ROBAL
cpu0: Intel(R) Pentium(R) 4 CPU 2.40GHz (GenuineIntel 686-class) 2.40 GHz
cpu0:
Pawel portman Kilian wrote:
and also when I do fsck -df /dev/wd1a it makes coredumps but I
can't read them if someone will want the coredump of fsck_ffs I
can put on website
You forgot to add the errormessage that went with them:
``zsh: 2970 floating point exception (core dumped) fsck_ffs
On 11/5/05, J.C. Roberts [EMAIL PROTECTED] wrote:
On Fri, 4 Nov 2005 12:49:01 +0530, Siju George [EMAIL PROTECTED]
wrote:
Hi,
I been asked about
http://www.openbsd.org/faq/faq3.html#ISO
How is the Layout defined???
maybe Nick or Theo or some other responsible person could give an
Hi Nick,
On 05/11/2005, at 11:09 AM, Nick Holland wrote:
If you publish a book, and I duplicate it in every way EXCEPT that I
change one character in one location, or the color of the cover, or
insert a page with the text, THIS PAGE INTENTIONALLY LEFT (almost)
BLANK, I can argue that it is a
Hi,
I want to implement an OpenBSD based bridge with three interfaces (and a fourth
one only for management access).
The bridge should dispatch the incoming traffic on eth0 to either eth1 or eth2
based on the MAC Address of the ingress packet. If the sender's MAC address is
**known** (already
On Sat, 5 Nov 2005, Han Boetes wrote:
Pawel portman Kilian wrote:
and also when I do fsck -df /dev/wd1a it makes coredumps but I
can't read them if someone will want the coredump of fsck_ffs I
can put on website
You forgot to add the errormessage that went with them:
``zsh: 2970
- This mail is a HTML mail. Not all elements could be shown in plain text
mode. -
to see how to get a free video ipod check this out! it works just search on
google and you will se what other people think
http://www.YourFreeVideoiPods.com/index.php?ref=1659363
Otto Moerbeek wrote:
Han, you are confusing matters.
Who is saying that's the same problem. Do not jump to
conclusions.
I get exactly the same errormessage and also coredumps. Looks
suspiciously much like it's the same problem.
The OP problem is probably a disklabel problem (it's marked
66 matches
Mail list logo