Hi Folks,
I've been trying to wrap my head around a problem for a little while and
I'm getting nowhere fast so thought I'd ask the experts:
Due to a company take over I have two networks, NetA and NetB, that I
need to link together for bi directional data sharing etc. Unfortunately
both netw
On 07/09/2013 23:22, Florian Obser wrote:
On 09/07/13 21:32, Simon Slaytor wrote:
Hi Folks,
I've been trying to wrap my head around a problem for a little while and
I'm getting nowhere fast so thought I'd ask the experts:
Due to a company take over I have two networks, NetA a
Hi Folks,
I've just been upgrading some of our old war horses (Nokia IP440) to
4.2. They run Intel made BX PIII chipset motherboards, dmesg below.
Whilst not extensive the boards do have some sensor data that we grab to
check on the health of the old girls. After a fresh install of 4.2 I
not
Hi Folks,
Apologies if this appears a simple question but I'm a bit baffled. We
have a pair of firewalls, each with two units running as a HA pair via
CARP/PFSYNC etc.
All nodes use identical hardware, Nokia IP440's (Intel BX boards,
PIII6333Mhz CPU's, 256Mb RAM)
I have recently rebuilt on
Ahhh, that will be me caught with my pants down!
That will teach me I usually keep up-to-date with patches as well,
obviously too giddy getting the new code on the boxes!
Thanks for the reply.
Stuart Henderson wrote:
On 2007/12/18 11:56, Simon Slaytor wrote:
Apologies if this appears a
It would take a bit more setting up but what about pfflowd from
ports/packages and nfdump/nfsen?
I use this at work for tracking exactly what's flowing through our
firewalls i.e. which protocols by who'm to where etc.
Sounds like exactly what your after.
http://nfsen.sourceforge.net/
Richa
.
Richard Daemon wrote:
On Fri, Feb 15, 2008 at 11:17 AM, Simon Slaytor <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
It would take a bit more setting up but what about pfflowd from
ports/packages and nfdump/nfsen?
I use this at work for tracking exactly what'
ould make this BSD licensed software as a port.
:-)
It's on my todo list, as soon as time allows.
|
| On Fri, Feb 15, 2008 at 5:07 PM, Simon Slaytor <[EMAIL PROTECTED]>
wrote:
|
| > Yes I have four high availability 4.2 firewalls, 8 boxes in total all
| > sending data to a single
Tomas wrote:
Hi list,
I was wondering is there any way to send SMS messages from OpenBSD OS?
May be there is any program to do such task?
I use QPAGE on 3.6 (yes I know) and it works very well, although it uses
an older style TAP gateway via a modem as its transport so if your
looking for
Not yet, but will be by the end of today. I will post a DMESG later.
Steve B wrote:
Is anyone running OpenBSD on one of these boards? The supported platform
page does not list either the chipset or the CPU so I'm guesing it is not
supported at this time.
Steve
.
Hi Geoff,
Thanks for the reply, no I don't think it's the box, DMESG below.
Ok some test output where the IP pinged is the far end of a /30 subnet
on a dedicated 1G line rate router port of a 7609 cisco, sup 720 etc..
If I do a flood PING
# time ping -c 1000 -f 80.65.xxx.xxx
PING 8
Dorian B|ttner wrote:
Looking for openvas?
http://www.derkeiler.com/Mailing-Lists/securityfocus/pen-test/2005-11/0067.html
I've been looking at OpenVAS has anyone got it working under OpenBSD?
Hi,
First off lets clear up to things:
OSPF is an igp protocol, you would use it to share routes between your
own routers not a transit providers.
iBGP is again an igp, this time BGP will automatically talk iBGP when
talking to routers within the same AS. Your BGP sessions will
automatically
One way to do this is to have both client fw/routers running in their
own right, i.e. no carp failover.
Each router peers with one of the ISP routers via eBGP and then peers
with it's partner via iBGP.
On each router use the 'weight' option to make each router believe it's
learned routes are
restoring a session to an unreliable host.
Good point well taken though.
Stuart Henderson wrote:
On 2008-10-08, Simon Slaytor <[EMAIL PROTECTED]> wrote:
It's also important to tune the BGP dead timers as low as you can
if you do this, do it with care, it's a double-ed
I'm sure the people behind
http://chrootssh.sourceforge.net/index.php
would argue about it being impossible.
Before I saw the light and went OpenBSD I used these patches on an FC1
box and it worked like a charm, doing exactly what your after.
I've not tried to replace the OpenSSH install on
Hi Denis,
First off an IP120 and OBSD combination is a beauty, there are a couple
of gotcha's. The first and recently discussed being the reboot, or lack
off. The second being the non standard rom location for the on-board
nic's resulting in the fxp driver not being able to read the actual
I've got three 120's and six 330's all running OBSD not a problem with
any of them.
In each case I removed checkpoint and moved to OpenBSD. Saved a shed
load of money, got better performance, security and features.
'Checkpoint Rocks', only if your selling the damn thing and taking your cut!
Hi Folks,
Just a quick one as I think I'm going mad.
I've just installed 3.7 on my G4 PowerMac, smooth install not problems!
Now I've started adding GNOME 2.8 from the packages collection, however
when I try and add GNOME-SESSION-2.8.1 pkg_add complains about the
missing package GNOME-APPLETS
Ray Percival wrote:
If it is the latter there is strong evidence that IPSO (The OS on Nokia
and Checkpoint based firewalls) is derived from OpenBSD.
Nokia say that IPSO is based on FreeBSD
Do you really need to use IPsec? If not try OpenVPN (www.openvpn.org)
it's an SSL/TLS VPN, it.s VERY easy to setup works like a charm on OBSD
and is quite happy sitting behind a NAT'd Internet connection. All you
need to do is reverse PAT UDP 1194 from you router's/Firewall's external
interface
Another solution is to buy an ethernet modem that supports 'Half Bridge
Mode'. I have two such units, an ADSL Nation X-Modem and a Zoom X4.
When operating in half bridge the modem does all the PPPoA negotiation
with the DSL provider to login and obtain and IP address. Once done it
acts as a DH
J.C. Roberts wrote:
You seem to be confused on your terms. The term "PPPoA" means
Point-to-Point Protocol over ATM (Asyncronous Transfer Mode). I
seriously doubt you're running ADSL over ATM. ;-)
He could be right, in the UK PPPoE is very rare most providers instead
prefer to present their
Stuart Henderson wrote:
--On 16 August 2005 16:49 +0100, Simon Slaytor wrote:
There's a nice little racket on ebay.co.uk at the moment with someone
selling 'Nortel E20B ethernet modems' and advertising them as
operating in RFC1483 bridge mode i.e. PPPoE which they do. The
Ok, first off sorry if this is old ground or posted to the wrong list.
I've come across something a bit odd and I'd like someone who actually
knows what he's doing, not me to shed some light on what's going on.
I'm trying to connect a Windows XP Sp2 (yes I know) box to a Win2k
Server using PPT
Sorry folks being stupid!
change:
nat on xl1 proto {tcp udp icmp} from 10.190.0.0/16 to any -> 11.11.0.1
to
nat on xl1 proto {tcp udp icmp gre} from 10.190.0.0/16 to any -> 11.11.0.1
of FW1 and
nat on ste0 proto {tcp udp icmp} from 12.12.0.2 to any -> 11.11.0.10
to
nat on ste0 proto {tcp u
One point in favour of a GENERIC RAID Kernel(s), consider when a user
posts the following request for help:
'I've compiled my own kernel and Xyz is broken'
Now after being on the mailing list for a quite a while I know the stock
answer always seems to be 'drop back to GENERIC and stop playing
Hey Steve,
I have two logical external firewalls, each configured as 3.8-stable HA
pairs using PFSync, CARP, SASync etc.
One my first firewall I see exactly this with 1 VPN terminating to a
Checkpoint R60 (NGX) HA Cluster. However the VPN is 100% stable and VPN
fail over works 9 out of 10 ti
Theo's e-mail wasn't too encouraging, but I have VPN's with both a Cisco PIX
and another OpenBSD 3.8 box. The OpenBSD box is the one I'm getting the
most logs for.
-Steve S.
Odd, I rechecked my HA pair connecting to the GNAT / OBSD boxes defo no
entries in the logs.
Yes Theo's note gave me
Half Bridge mode is your friend here.
Not sure if the D-Link supports this mode however, Google is less than
helpful. Essentially in half bridge mode the modem handles the PPPoA
authentication with the ISP, as in NAT mode obtaining an IP address from
the remote provider as normal. Unlike NAT m
My understanding is that to operate in 'full bridge mode' requires pppoe
support from the provider. Which is where this thread started.
Donald J. Ankney wrote:
Has anybody done this through a full bridge? My Actiontech isn't
nearly as friendly with it's options...
I'm running 3.8-release with a pair of CARP'd firewalls, CARP0 has two
additional aliases and everythings working well.
The only difference is that in my hostname.carp0 I don't specify the VHID/PASS
etc on the alias lines.
i.e. your file is
inet 1.2.3.2 255.255.255.0 1.2.3.255 vhid 1 pass f
DDCLIENT works well for me on 3.7
riwanlky wrote:
Hi,
I will like to know if OpenBSD have the capability to update my
dynamic ip to www.dyndns.org.
I am currently running myDYNIPPRO on Windows to update my dynamic ip.
I want to
move to OpenBSD. I had currently running sendmail, popa3d, mr
Currently using a zoom x4 modem in half bridge mode with 3.6 stable and
haven't had any problems with dhclient obtaining a lease from the modem
so maybe it's a 3.7 thing?.
I'm just about to move to 3.7 current so this is worthwhile knowing.
Many thanks.
Nathan Gould wrote:
>Just for interest,
Why not give OpenVPN a try, works well with OpenBSD and Windows XP and
has various options for password protection along with a nice 'stealth'
mechanism preventing it from appearing to none authorised clients.
http://openvpn.net
Tomas wrote:
Hello,
Please, can someone give me a clue how to
Hi Didier,
This is not much help I know but I also suffered from the same problem
with 3.8 and interestingly enough it was also a Foxconn board, this time
however sporting a Athlon XP.
The only solution I found was to disconnect the speaker.
Unfortunately the box is currently doing firewall
Not an IP330 but I am currently running 3.6 on an IP120.
Install was done on a surrogate PC and the hard drive transfered over to
the 120 after install.
Whilst the AMD processors aren't the most spritely my little 120 is
running a 3DES VPN with PSK between it and a Checkpoint NG box and
achi
Not that particular solution but I have used several of these without
problem.
http://www.arcoide.com/disk_raidcase.php
Not tried their SATA solutions, they currently don't do one with 'hot
plug' cages but do have the following:
http://www.arcoide.com/ezraid_3.5_dd4_baymount.php
Regards
Si
Hi Folks,
Sorry but I need to ask what some will see as an obvious and stupid
question, so feel free to shoot me down in flames but please answer the
question :-)
I have a pair of 3.8 boxes, each with 3 interfaces xl0,xl1 and rl0
configured as a redundant firewall using CARP, PFSYNC and SASY
Why not use CUPS?, with the CUPS LPD daemon, works like a charm for us.
Just enable RAW and LPR Byte accounting on your Windows XP hosts. When
configuring the CUPS printer again choose a RAW device to ensure
straight pass through from your Windows PC to the printer.
I seem to remember a proble
Same issue when using the CUPS LPD daemon so it's not an LPD thing,
surprise surprise it looks like a Windows thing.
Greg Thomas wrote:
On 12/4/05, Steve Murdoch <[EMAIL PROTECTED]> wrote:
Any issues I had printing from XP went away when I enabled LPR Byte
counting in the LPR port settings
Hi Folks,
I've Googled until I'm blue in the face and checked the bug reporting
system and cannot find an answer to my problem.
I have just completed two 3.8 release installs on two different hardware
platforms, both i386 but one a Celeron D / 75xx chipset box (Gigabyte
SR147S server chassis
Going to go against the flow here and say go for OpenVPN.
This recommendation is based on the following observations:
It's easy to implement
It's secure
It's stable
By using the tls-auth option the fact that your firewall is acting as a
vpn endpoint becomes invisible to the 'net'
It easily han
Stuart Henderson wrote:
>On 2006/01/19 09:38, Simon Slaytor wrote:
>
>
>>When comparing the two vpn solutions for speed, subjectively the OpenVPN
>>feels slightly faster
>>
>>
>
>If you're using compression on OpenVPN but not on IPSEC, that
Same deal on a IP120, thankfully for me my IP120 is local, as such on
the rare occasion that I need to reboot it I simply 'halt' it then hit
the reset switch.
Hey Folks,
I've been pulling my hair out on this one for a little while now, I have
a 4.7 AMD64 release firewall based around an Intel D945GCLF using the
on-board 8101E based Realtek Nic which is connected to a Netgear
FSM726v1 L2 Managed switch.
I've been trying to configure the Firewall/Sw
;ll try this against thre re(4)
driver.
On 16/11/2010 13:53, Claudio Jeker wrote:
On Mon, Nov 15, 2010 at 11:46:25PM +, Simon Slaytor wrote:
Hey Folks,
I've been pulling my hair out on this one for a little while now, I
have a 4.7 AMD64 release firewall based around an Intel D945G
I've had ver 3.7 onwards running on a Nokia IP120 performing site to
site IPSec vpn's (3DES+PFS) without any problems.
Performance isn't huge, sadly no figures to hand but had no issues
running VOIP/ICA/MS SMB traffic etc.
On 16/11/2010 16:12, Claudiu Pruna wrote:
Hi there,
ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pcppi0 at isa0 port 0x61
midi0 at pcppi0:
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
mtrr: Pentium Pro MTRR support
vscsi0 at root
scsibus0 at vscsi0: 256 targets
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
On 16/11/2010 18:52,
49 matches
Mail list logo
