Re: Precisions on ZFS (was: Millions of files in /var/www & inode / out of space issue.)
Yeah, can I order one? This thread is hilariously funny! I even managed to get an entire car full of people laughing by reading it to them from my mobile. Long live OpenBSD and long live ZFS - I love you both! On 22 Feb 2013, at 16:18, Brian Callahan wrote: > On 2/22/2013 8:02 AM, Ted Unangst wrote: >> On Fri, Feb 22, 2013 at 06:42, Eric Furman wrote: >>> Until your name is on this list; >>> http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/geo/openbsd-developers/files/OpenBSD >>> >>> YOU ARE NOT A DEVELOPER. > > I'm making this into a shirt. > > ~Brian
Re: Versioning file system?
ZFS or UFS snapshots, FreeBSD. On 29 Apr 2013, at 19:54, Xianwen Chen wrote: > Hi fellas, > > I'm looking for a versioning file system or a comparative implementation. The > idea is that I want to store file changes for some periods of time. I also > want to be able to delete earliest few periods' file changes when the > harddisk is almost full. > > I couldn't find information on availability of versioning file system in > OpenBSD. Did I missi something? > > Kind regards, > > Xianwen
npppd security
Hi, I'm running 5.5 release, all patches applied. I have a few questions about npppd running in combination with isakmpd. If npppd tunnel listen address can't be changed and l2tp-ipsec-require isn't supported, then how is one supposed to secure the npppd service from dictionary attacks from the entire world? Ideal would be to do certificate authentication to isakmpd and then password authentication to npppd that is running on an internal IP. Is this ever going to be possible? Thanks, Mike
Re: npppd security
Quoting YASUOKA Masahiko :
You can change the listen address by npppd.conf:
tunnel L2TP protocol l2tp {
listen on xxx.xxx.xxx.xxx
}
So npppd.conf(5) is not accurate (states that changing listener
address is not currently supported):
--
BUGS
The current version of npppd(8) does not support adding or removing
tunnel settings or changing listener settings (listen address, port and
l2tp-ipsec-require).
--
l2tp-ipsec-require isn't supported yet, but we can refuse L2TP without
IPsec packerts by pf.
So, would this be the best way to do it, then, assuming a default block rule:
pass in quick on enc0 proto udp from any to any port 1701 keep state
Thanks,
Mike
Re: OpenSMTPD routing incoming mail
Quoting Martijn Rijkeboer :
Hi,
I'm trying to migrate our Postfix setup to OpenSMTPD. The setup consists of
two MX servers that run Spamd and that forward the incoming mail to a
internal mail server that contains the mailboxes. In Postfix a transport
map is used to accomplish this. Is it possible to create the same setup with
OpenSMTPD? The servers are running OpenBSD 5.5 AMD64.
Kind regards,
Martijn Rijkeboer
# OpenSMTPD configuration for email gateway/relay
# only listen on loopback because spamd is handling the initial connections
# and Pf is redirecting them to loopback
listen on lo0
# this is not important as we are only a relay, just here by default
table aliases db:/etc/mail/aliases.db
# the full list of our mail-enabled domains
table domains { foo.com, bar.net, vvv.com }
# incoming mail for our domains is relayed to "i-mail" server
accept from any for domain relay hostname i-mail
# authenticated users are treated as if they are local
accept from local for any relay
-mike
Re: OpenSMTPD routing incoming mail
Quoting Martijn Rijkeboer : Hi, # incoming mail for our domains is relayed to "i-mail" server accept from any for domain relay hostname i-mail But this will also relay non existing mailboxes. Any suggestions for that? Sure, put your list of addresses in spamd.alloweddomains (yes, it's also for email addresses, not just domain names). You can generate the list with an LDAP search or whatever and then scp it to your spamd box. Not very difficult at all and it will cut down your spam even further. -mike
Re: OpenSMTPD routing incoming mail
Quoting Gregory Edigarov : my solution would be: accept from any for domain d1.com virtual relay hostname i-mail This is doing the same work for half the benefit, i.e. you build the list anyway but don't integrate it with spamd. -mike
Re: LAN vs VLAN interface performance
Quoting ML mail : I have four /24 subnets and currently have one subnet per ethernet interface (1Gbit/s) on my openbsd firewall. Now I was wondering if in terms of performance (especially latency/pps) it is better to have one subnet per ethernet interface like I have now or to have the four subnets on one single interface using vlan interfaces? I haven't noticed any difference myself. Note here that I would also be using the trunk interface to aggregate two 10 Gbit/s interfaces for redundancy. So my four VLANs would be inside a trunk interface. OSPF combined with ECMP is a more robust and flexible solution than trunking IMO.
Re: Why .cshrc and .profile in / ?
Quoting worik : In a fresh(ish) OpenBSD installation I note .cshrc and .profile in /. Why? bin:*:3:7:Binaries Commands and Source:/:/sbin/nologin
Re: Where is my memory?
Quoting Tristan PILAT : Hi folks, I'm running out of memory on a server causing packets drop and out of memory errors. I'm trying to found out what's exactly using the memory. There are few apps running on it, mainly bgpd, bind, and pf with lots of rules. Here is the top: load averages: 1.33, 1.46, 1.58 42 processes: 41 idle, 1 on processor CPU0 states: 1.5% user, 0.0% nice, 0.0% system, 6.2% interrupt, 92.3% idle CPU1 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU2 states: 6.1% user, 0.0% nice, 1.5% system, 0.0% interrupt, 92.4% idle CPU3 states: 1.5% user, 0.0% nice, 1.5% system, 0.0% interrupt, 97.0% idle Memory: Real: 240M/1925M act/tot Free: 44M Cache: 179M Swap: 0K/0K Have you tried running without the mp kernel? I know, it sounds like a waste on an mp machine, but just sayin'... -mike
Re: Lenovo Y510P status on OpenBSD amd64 -current
Quoting bodie : 6) Wired LAN not supported Any hints for points 6 and 7? I read through your dmesg twice but didn't see anything related to wired lan. OTOH, my eyes don't always work so well when they're dry after having been lasered. What is the name of your wired LAN device? And that inteldrm, something else... -mike
