Re: pf beginner: my firewall passes tcp but not icmp

On Fri, Nov 04, 2005 at 05:16:22PM +1100, Cameron Simpson wrote: > [var/[EMAIL PROTECTED]> pfctl -s rules > block return all > pass quick proto tcp from any to any port = ssh flags S/SA keep state > pass in quick proto icmp all keep state ^^ How are the packets

Re: arpbalance bug?

On Sat, Nov 05, 2005 at 04:05:17AM +1300, Josh wrote: > Is this anything to be concerned about? > > http://www.isrc.qut.edu.au/people/mbradfor/openbsd-carp-arpbalance.html Only if you use arpbalance in a situation where it really matters (as opposed to a situation where you use it because you thi

OpenBSD CDROM layout definition, Copyright Infringement.

Hi, I been asked about http://www.openbsd.org/faq/faq3.html#ISO How is the Layout defined??? maybe Nick or Theo or some other responsible person could give an authoritative answer so I can give it back to the person who asked me. If the md5 sum of the ISO image of a custom made OpenBSD CD is di

Re: / never unmounts properly

On 11/3/05, Han Boetes <[EMAIL PROTECTED]> wrote: > Nick Holland wrote: > > Han Boetes wrote: > > > That's not 3.8: 3.8-stable was compiled on september the 26th. > > > > I have no idea what you are babbling about here, 3.8-stable is > > only started to be maintained on release day, Nov. 1, and > >

Re: Problem ripping audio CD in Liteon DVD-DL drive

On Fri, Nov 04, 2005 at 03:25:48PM +1100, Tubnor, Jason B wrote: > Hi, > > I have a problem ripping an audio CD with cdparanoia. Software that I > am using is grip and cdparanoia from the 3.8 packages tree. The drive > that I have is a Liteon DVD-DL (IDE). When I put the audio CD in the > cd0

pf beginner: my firewall passes tcp but not icmp

I'm setting up an OpenBSD 3.7 firewall for the first time. I've been flailing at this all afternoon and have exhausted my ideas. My ruleset looks like this (from "pfctl -s rules"): [var/[EMAIL PROTECTED]> pfctl -s rules block return all pass quick proto tcp from any to any

arpbalance bug?

Is this anything to be concerned about? http://www.isrc.qut.edu.au/people/mbradfor/openbsd-carp-arpbalance.html

Re: preventing OS fingerprint

Hi Damien, On 04/11/2005, at 9:56 AM, Damien Miller wrote: why care? fingerprinting is such a non-issue, and spending effort to avoid it is just security through obscurity. Ignoring whether blocking NMAP scans is effective or not... I agree that it is not good to rely on obscurity. But I do

Re: USB ralink vs. PCMCIA ralink

On Thu, 03 Nov 2005 14:35:15 +0100 [EMAIL PROTECTED] wrote: > You should prefer the PCMCIA one. > The RT2500USB chipset has poor support for per-node tx rate > adaptation and is thus a bad choice for hostap mode. Well, I dont plan on using the laptop as an access point. Is the rate adaption also

Re: Problems booting with floppyC38.fs on Latitude CPx

On Thu, 03 Nov 2005 16:56:34 -0500, daniel wrote: > disk: fd0 hd0+* >>> OpenBSD/i386 BOOT 2.10 > boot> > booting fd0a:/bsd: 3306020+195116=0x356d74 > entry point at 0x100120 Don't know if this is related, booted cd38 on a Proliant and it did similarly; only after several minutes - I was already s

Problem ripping audio CD in Liteon DVD-DL drive

Hi, I have a problem ripping an audio CD with cdparanoia. Software that I am using is grip and cdparanoia from the 3.8 packages tree. The drive that I have is a Liteon DVD-DL (IDE). When I put the audio CD in the drive while grip is in operation, the CD spins up and is read, following that a DB

Re: / never unmounts properly

Nick Holland wrote: > Han Boetes wrote: > > Michael Favinsky wrote: > > > I just installed 3.8 on a server that never had OpenBSD on it. > > > > > > OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005 > > > > That's not 3.8: 3.8-stable was compiled on september the 26th. > > Yes, that *is* 3.8

Re: / never unmounts properly

Nick Holland wrote: > Han Boetes wrote: > > Michael Favinsky wrote: > > > I just installed 3.8 on a server that never had OpenBSD on it. > > > > > > OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005 > > > > That's not 3.8: 3.8-stable was compiled on september the 26th. > > Yes, that *is* 3.8

Re: / never unmounts properly

Han Boetes wrote: > Michael Favinsky wrote: >> I just installed 3.8 on a server that never had OpenBSD on it. >> >> OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005 > > That's not 3.8: 3.8-stable was compiled on september the 26th. Yes, that *is* 3.8. That *is* what is on the CDs. I hav

Re: carp incorrect hash debugging

On Thu, Nov 03, 2005 at 06:11:20PM -0500, Jon Hart wrote: >1) used to determine that a particular carp packet is intended for > you carp host? carp(4) does a number of validity checks before treating the packet a real carp packet: - was the device recieved on a interface that has a ca

Re: error : pkg_add analog-6.0.tgz / webalizer-2.01.10p2.tgz

sorry ,what a stupid question :( and thanks Steve Shockley<[EMAIL PROTECTED]> Josh Grosse<[EMAIL PROTECTED]> ^_^

Re: error : pkg_add analog-6.0.tgz / webalizer-2.01.10p2.tgz

MichaelBibby wrote: hi all: I use OpenBSD 3.8 release,but download packages from "ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/i386/";. When i install analog-6.0.tgz and webalizer-2.01.10p2.tgz,i got the same error message. i run "pkg_info -K -L PKGNAME" ,but not found lib "ttf.1

Re: error : pkg_add analog-6.0.tgz / webalizer-2.01.10p2.tgz

On Fri, Nov 04, 2005 at 09:22:41AM +0800, MichaelBibby wrote: > hi all: > I use OpenBSD 3.8 release,but download packages from > "ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/i386/";. You've missed FAQ 15.4.1: --- 15.4.1 - I'm getting all kinds of crazy errors. I just

error : pkg_add analog-6.0.tgz / webalizer-2.01.10p2.tgz

hi all: I use OpenBSD 3.8 release,but download packages from "ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/i386/";. When i install analog-6.0.tgz and webalizer-2.01.10p2.tgz,i got the same error message. i run "pkg_info -K -L PKGNAME" ,but not found lib "ttf.1.3". Is there somethi

Re: / never unmounts properly

On Thu, Nov 03, 2005 at 06:13:22PM -0700, jared r r spiegel wrote: > On Thu, Nov 03, 2005 at 04:31:56PM -0800, Michael Favinsky wrote: > > I've tried reboot, halt, even sync sync sync reboot. The bootup sequence > > still shows that / wasn't unmounted properly. > > > > Am I doing something wrong?

Re: / never unmounts properly

On Thu, Nov 03, 2005 at 04:31:56PM -0800, Michael Favinsky wrote: > I just installed 3.8 on a server that never had OpenBSD on it. Whenever I > reboot, I get a warning that / wasn't unmounted properly. This is followed > by an fsck of / and bootup goes on as normal. All other filesystems are > clea

Re: / never unmounts properly

On 11/3/05, Michael Favinsky <[EMAIL PROTECTED]> wrote: > I just installed 3.8 on a server that never had OpenBSD on it. Whenever I > reboot, I get a warning that / wasn't unmounted properly. This is followed > by an fsck of / and bootup goes on as normal. All other filesystems are > clean. > > I'v

Re: / never unmounts properly

Michael Favinsky wrote: > I just installed 3.8 on a server that never had OpenBSD on it. > > OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005 That's not 3.8: 3.8-stable was compiled on september the 26th. # Han

Re: / never unmounts properly

Michael Favinsky wrote: I just installed 3.8 on a server that never had OpenBSD on it. Whenever I reboot, I get a warning that / wasn't unmounted properly. This is followed by an fsck of / and bootup goes on as normal. All other filesystems are clean. I've tried reboot, halt, even sync sync sync

/ never unmounts properly

I just installed 3.8 on a server that never had OpenBSD on it. Whenever I reboot, I get a warning that / wasn't unmounted properly. This is followed by an fsck of / and bootup goes on as normal. All other filesystems are clean. I've tried reboot, halt, even sync sync sync reboot. The bootup sequen

DNSSEC/SSHFP, getrrsetbyname(3), and resolv.conf(5)

holy hell this OS f'ckin rocks. so i waste a day and a half because i forgot to do a 'dnssec-enable yes;' in named.conf, totally my fault. after i turn that on and setup named and my keys/zones right ( or unbreak them, after the day and a half of barking up the wrong tree... ), i fin

Re: Problems booting with floppyC38.fs on Latitude CPx

On Thu, Nov 03, 2005 at 04:56:34PM -0500, daniel wrote: > I'm unable to use floppyC38.fs to boot my laptop. > It is a Dell latitude CPx J650GT with bios A16 > I've tried different floppy disks with the same results. > I've tried floppyC38.fs from 3.8 release > I've tried floppyC38.fs from snapshots

Re: Can't make 3.7-stable release

[EMAIL PROTECTED] wrote: Hello! ...Same problem, again (it was already covered some time ago). When I run the last step in building a release (see http://www.openbsd.org/faq/faq5.html) , i.e. # make release I get a message informing me that /dev/svnd0a is full. This occurs while make is w

Re: Problems with HP dx5150/ATI Xpress 200 chipset

> I have done enough searching of mailing lists and google to know that this > chipset is problematic at the moment for BSD and for that matter linux, Really? My first time with this chipset was in April [1] when it worked but only as a bunch of "generic" or unconfigured devices. Since then I ha

Re: PERC4/DC Error

I'll start looking into this ASAP. On Thu, Nov 03, 2005 at 02:17:12PM -0700, Tom Geman wrote: > I have a backup server (Dell PowerEdge 1850) attached to the Dell > PowerVault 220S. The only function this server does is backing up remote > servers throughout the day via rsync. > > The 1850 uses

carp incorrect hash debugging

Greetings, We've all probably had or seen the carp error similar to: carp0: incorrect hash In most cases that I've seen on this and other lists it was because of something obvious like a mismatched pass or two supposed carp partners using different vhid's. I've taken a look at the code but w

Re: OpenBSD Metastore

On Thursday 03 November 2005 08:59, Martin Schrvder wrote: >On 2005-11-03 08:20:47 -0600, Jared Solomon wrote: >> "The AOpen MiniPC measures 6.5 x 6.5 x 2 inches, is powered by an >> Intel Pentium M or Celeron M processor" > >http://www.heise.de/newsticker/meldung/65660 > >A MacMini is cheaper and

Problems booting with floppyC38.fs on Latitude CPx

I'm unable to use floppyC38.fs to boot my laptop. It is a Dell latitude CPx J650GT with bios A16 I've tried different floppy disks with the same results. I've tried floppyC38.fs from 3.8 release I've tried floppyC38.fs from snapshots date 11/2/05 Using the exact same floppy i can boot my pc just fi

PERC4/DC Error

I have a backup server (Dell PowerEdge 1850) attached to the Dell PowerVault 220S. The only function this server does is backing up remote servers throughout the day via rsync. The 1850 uses RAID 1 via the embedded RAID controller (PERC 4e/Si, ami0). On this RAID 1 is a generic install of Op

Re: Can't make 3.7-stable release

On 11/3/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > # make release > > I get a message informing me that /dev/svnd0a is full. This occurs > while make is working with ramdiskC (exactly as the messages posted > last July). > A) Solution is the same as previously suggested (removing a non > c

Re: preventing OS fingerprint

On Thu, 3 Nov 2005, Gustavo Rios wrote: Dear gentleman, i have an obsd firewall and would like to prevent external entities discovering that firewall is openbsd, is that possible? why care? fingerprinting is such a non-issue, and spending effort to avoid it is just security through obscurity

Re: ibook+openbsd3.8

Thanks for everything guys :) Best regards Atte. Eder

FYI: new mailing list anti-spam measures

The mailing list server is now using several blacklists from the SORBS project (http://www.sorbs.net) to prevent spam. So far it is using the SORBS zombie, spam, web form and dialup blacklists. This does mean that people sending mail from a dynamic IP address (cable modem, dynamic DSL or dialup)

Re: ibook+openbsd3.8

On Thu, 3 Nov 2005 08:24:25 +0100 Han Boetes <[EMAIL PROTECTED]> spake: > Otto Moerbeek wrote: > > On Thu, 3 Nov 2005, Eder M. G. A. wrote: > > > I have installed OpenBSD 3.8 on my ibook G4, all fine, but i > > > can't switch to another console, just can use ttyC0, i tried > > > different methods

Can't make 3.7-stable release

Hello! ...Same problem, again (it was already covered some time ago). When I run the last step in building a release (see http://www.openbsd.org/faq/faq5.html) , i.e. # make release I get a message informing me that /dev/svnd0a is full. This occurs while make is working with ramdiskC (exact

Re: IBM xSeries 336 - atapiscsi/pciide bug

On Thu, 03 Nov 2005 16:22:53 +1300 Stephen Nelson <[EMAIL PROTECTED]> wrote: > Thanks for your prompt reply. I misunderstood you last time, I thought > you were suggesting that one of the drives was defective. > I tried swapping the CDROM, but the x336 are 1U rackmounted servers, > and they use cu

Re: preventing OS fingerprint

On Thu, 03 Nov 2005 16:32:13 +0100 Hans van Leeuwen <[EMAIL PROTECTED]> wrote: > Gustavo Rios wrote: > > >Dear gentleman, > > > >i have an obsd firewall and would like to prevent external entities > >discovering that firewall is openbsd, is that possible? > > > >Thanks a lot for your time and coo

Re: After installing scsi card, cdrecord stops working.

From: Marc L'Heureux [mailto:[EMAIL PROTECTED] > >> I used to have dev=/dev/cd0c:0,0,0 but looking at my dmesg > I thought I might > >> have to change it to dev=/dev/cd0c:0,1,1. Providing > different options to > >> cdrecord does not help, it still bails > > > > It should be dev=/dev/rcd0c:$BUS,

Re: After installing scsi card, cdrecord stops working.

I used to have dev=/dev/cd0c:0,0,0 but looking at my dmesg I thought I might have to change it to dev=/dev/cd0c:0,1,1. Providing different options to cdrecord does not help, it still bails It should be dev=/dev/rcd0c:$BUS,0,0 - where $BUS is the scsi bus number, 1 in your case. -Otto

Re: After installing scsi card, cdrecord stops working

> > I have been running 3.6 for about a year on my server. I > > have a backup > > solution that writes to an ide-cdrw 4 times a day. A month ago I > > installed a scsi card to hook up a newly acquired tape drive. > > My cdrw > > backups have been failing since. > > > > I did not change an

Re: After installing scsi card, cdrecord stops working.

On Thu, 3 Nov 2005, Marc L'Heureux wrote: > I have been running 3.6 for about a year on my server. I have a backup > solution that writes to an ide-cdrw 4 times a day. A month ago I installed a > scsi card to hook up a newly acquired tape drive. My cdrw backups have been > failing since. > > I

Re: After installing scsi card, cdrecord stops working.

> I have been running 3.6 for about a year on my server. I > have a backup > solution that writes to an ide-cdrw 4 times a day. A month ago I > installed a scsi card to hook up a newly acquired tape drive. > My cdrw > backups have been failing since. > > I did not change any kernel setting

[Straying OT] Re: preventing OS fingerprint

Hi Gustavo, > Right now, i am running into bussiness. I would like my client to get > focused into the solution only. I don't want to give him a chance to > compare my proposal to other. In the years I have been in business myself, I have noticed that unless you are as open as you can be about wh

Re: Commell Systems: EMB-564 Series, distributor in Europe?

--On 03 November 2005 18:12 +0100, Didier Wiroth wrote: Does someone know if this product can be purchased in europe: http://www.commell-sys.com/Product/IPC/EMB-564.htm I recently saw this boxes in a presentation available on www.openbsd-support.com.

Re: preventing OS fingerprint

Gustavo Rios wrote: Dear gentleman, i have an obsd firewall and would like to prevent external entities discovering that firewall is openbsd, is that possible? Thanks a lot for your time and cooperation. Or you can take the complicated approach and use the Wafter. A kernel module to do wha

After installing scsi card, cdrecord stops working.

I have been running 3.6 for about a year on my server. I have a backup solution that writes to an ide-cdrw 4 times a day. A month ago I installed a scsi card to hook up a newly acquired tape drive. My cdrw backups have been failing since. I did not change any kernel settings (that I recall)

Re: quad ethernet on netra x1 (SOLVED)

Miguel wrote: Miguel wrote: Hi, i have some problems with my quad ethernet in a netra x1 firewall, this is not the first time i face this, some months ago i had the very same problem, i was able to fix it following this excelent instructions: http://marc.theaimsgroup.com/?l=openbsd-sparc&m

Re: preventing OS fingerprint

On Thu, Nov 03, 2005 at 01:48:56PM -0200, Gustavo Rios wrote: > Right now, i am running into bussiness. I would like my client to get > focused into the solution only. I don't want to give him a chance to > compare my proposal to other. > > that's why. Now *there*'s a noble goal... Anyway, you d

Re: perl interface to pf?

On Thursday 03 November 2005 13:49, you wrote: > I'd rather > rely on ssh, keys, sudo, and scripts to do it. Erm, perl scripts ARE scripts!

Re: perl interface to pf?

-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Wernig Sent: den 3 november 2005 14:17 To: Jesper Louis Andersen Cc: John N. Brahy; misc@openbsd.org Subject: Re: perl interface to pf? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jesper Louis Ander

Re: 3.8 -- svnserve on inet6 only

Dominique Jacquel <[EMAIL PROTECTED]> writes: > Hi, > > I have just installed 3.8 from the CD :-) and FTPed all packages from > ftp.kd85.com. It all went well but I am having a strange problem with > subversion. svnserve does not seem to bind to inet but only to inet6. This is a known issue with s

Re: PPTP in 3.7

Here is my working info on 3.7. I am running Openbsd 3.7 stable with Generic kern. I am running latest stable version of poptop I run pf on this system My clients are windows 2000+ but this would work with windows 98 but We do not desire 9x junk... We are running a custom client that we built bec

smartmontools (smartd) kills system [trace/gdb]

Hi again Followup on first mail with only trace/gdb info: GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to

Commell Systems: EMB-564 Series, distributor in Europe?

Hello, Does someone know if this product can be purchased in europe: http://www.commell-sys.com/Product/IPC/EMB-564.htm I recently saw this boxes in a presentation available on www.openbsd-support.com. Thanks for replying Didier

Re: 3.8 -- svnserve on inet6 only

Dominique Jacquel wrote: Hi, I have just installed 3.8 from the CD :-) and FTPed all packages from ftp.kd85.com. It all went well but I am having a strange problem with subversion. svnserve does not seem to bind to inet but only to inet6. Yes, this is known. By default svnserve will only lis

Re: Problems with HP dx5150/ATI Xpress 200 chipset

--On 02 November 2005 15:19 -0800, Jeffrey Williams wrote: I have recently purchased a number HP DX5150 SFF desktops with idea of using them as basic infrastructure servers (e.g. DNS, DHCP, and firewall). I prefer to use -stable versions of FreeBSD and OpenBSD. A few general thoughts (no know

Re: preventing OS fingerprint

Right now, i am running into bussiness. I would like my client to get focused into the solution only. I don't want to give him a chance to compare my proposal to other. that's why. 2005/11/3, Hans van Leeuwen <[EMAIL PROTECTED]>: > Gustavo Rios wrote: > > >Dear gentleman, > > > >i have an obsd fi

Problems with HP dx5150/ATI Xpress 200 chipset

I have recently purchased a number HP DX5150 SFF desktops with idea of using them as basic infrastructure servers (e.g. DNS, DHCP, and firewall). I prefer to use -stable versions of FreeBSD and OpenBSD. Following are the specs on the boxes: HP dx5150 AMD Sempron 3000+ ATI Radeon Xpress 200 ch

Re: preventing OS fingerprint

Gustavo Rios wrote: Dear gentleman, i have an obsd firewall and would like to prevent external entities discovering that firewall is openbsd, is that possible? Thanks a lot for your time and cooperation. I use the following line in pf to prevent nmap scan, including -O: block in quick log

Re: OpenBSD Metastore

On 2005-11-03 08:20:47 -0600, Jared Solomon wrote: > "The AOpen MiniPC measures 6.5 x 6.5 x 2 inches, is powered by an > Intel Pentium M or Celeron M processor" http://www.heise.de/newsticker/meldung/65660 A MacMini is cheaper and runs OBSD. Best Martin -- http://www.tm.

Re: Problems with static vpn

Zitat von Joachim Schipper <[EMAIL PROTECTED]>: On Thu, Nov 03, 2005 at 10:24:15AM +0100, Andreas Krummrich wrote: Hello, my OpenBSD 3.7 box at home establishes a static pptp connection to my companies vpn server. From any client at home, I can ping any server in the company. But I can't ping

Re: Problems with static vpn

On Thu, Nov 03, 2005 at 10:24:15AM +0100, Andreas Krummrich wrote: > Hello, > > my OpenBSD 3.7 box at home establishes a static pptp connection to my > companies vpn server. > From any client at home, I can ping any server in the company. But I > can't ping any client at home from the company. > I

preventing OS fingerprint

Dear gentleman, i have an obsd firewall and would like to prevent external entities discovering that firewall is openbsd, is that possible? Thanks a lot for your time and cooperation.

smartmontools (smartd) kills system

Hi all [20051019 snap i386] Running smartd on a SCSI/U320 based single-disk system kills the system at once! - dmesg further down. (sysctl hw.disknames=sd0,cd0,fd0) Snip of /etc/smartd.conf [...] #DEVICESCAN /dev/sd0c /dev/sd0c -m [EMAIL PROTECTED] -M test /dev/sd0c -d scsi -H -l error -l se

OpenBSD Metastore

http://www.linuxdevices.com/news/NS8464432110.html This looks like something cool to add. "The AOpen MiniPC measures 6.5 x 6.5 x 2 inches, is powered by an Intel Pentium M or Celeron M processor" -- The only way to keep your health is to eat what you don't want, drink what you don't like, and do

Re: PPTP in 3.7

Thanks all for the help, but I am still getting stuck at the error: PPP: tun0: Warning: chat script failed PPTP: log[decaps_hdlc:pptp_gre.c:129]: short read (0): invalid argument I am using the stock ppp.conf sample file with the below text appended and values changed to match my environment, but

3.8 -- svnserve on inet6 only

Hi, I have just installed 3.8 from the CD :-) and FTPed all packages from ftp.kd85.com. It all went well but I am having a strange problem with subversion. svnserve does not seem to bind to inet but only to inet6. I do a simple sudo svnserve -d -r /my/repos netstat -a -n -f inet | grep :3960

Re: perl interface to pf?

On Nov 3, 2005, at 8:17 AM, Markus Wernig wrote: Well, the only use that came to my mind was a perl daemon running on the FW that accepts rule updates from a remote client. While that can be done with other means (ssh, sh scripts), i can imagine that a perl class for manipulating pf rules w

Re: USB ralink vs. PCMCIA ralink

You should prefer the PCMCIA one. The RT2500USB chipset has poor support for per-node tx rate adaptation and is thus a bad choice for hostap mode. Damien | I have a hard time making up my mind which is better: | a USB ralink wireless (Surecom EP-9001G) or a PCMCIA ralink | wireless (Surecom EP-94

Re: bgpd.conf md5sig, iBGP and redistributing routes to/from ospf

Jesper Louis Andersen wrote: per engelbrecht wrote: Q: setting up iBGP I've used our own AS as 'remote-as' but can't find a 'no synchronization' option for this connection. Do I need it at all. Been poking around in /usr/src/usr.sbin/bgpd without solving it, but it's needed in zebra and Cisco

Re: perl interface to pf?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jesper Louis Andersen wrote: > John N. Brahy wrote: > >> Is there a perl interface to pf? > No, and it would be totally insane to build one. Well, the only use that came to my mind was a perl daemon running on the FW that accepts rule updates from

回覆： OPENVPN - openssl question

Is there any difference between openssl 0.9.7d and openssl 0.9.7g. ? The said http used 0.9.7d but mine is 0.9.7g. clarence --- man Chan <[EMAIL PROTECTED]> ;!!G > hello, > > For the past week, I am trying to get information to > setup a sceure way for my obsd(3.8)AP <---> XP. I > find the fol

Re: bgpd.conf md5sig, iBGP and redistributing routes to/from ospf

per engelbrecht wrote: Q: setting up iBGP I've used our own AS as 'remote-as' but can't find a 'no synchronization' option for this connection. Do I need it at all. Been poking around in /usr/src/usr.sbin/bgpd without solving it, but it's needed in zebra and Cisco IOS hence the question. A: ?

Re: perl interface to pf?

John N. Brahy wrote: Is there a perl interface to pf? No, and it would be totally insane to build one. PF is not a low-level assembly language for expressing ioctl(2) calls. It is an LALR(1) grammar for specifying firewall policies. Because of its high abstraction level compared to said asse

USB ralink vs. PCMCIA ralink

I have a hard time making up my mind which is better: a USB ralink wireless (Surecom EP-9001G) or a PCMCIA ralink wireless (Surecom EP-9428G). According to "man ral" they're both supported so this question isnt about diffrent chipset but about what bus type is preferable: USB or PCMCIA. Or if the S

Re: PPTP in 3.7

/usr/ports/net/poptop works excellently. pf needs to allow protocol 47 and tcp 1723 plus need to allow traffic for specific tunnels created tun0 tun1 etc. Generally the client will determine whether to use the created link as default route. If using windows check the tcp/ip properties and ad

Re: device timeout when mounting cd

Hello all, I can reproduce same error on my machine. CD does not work. Everything ends with timeouts. Best regards, Lukas On Po, 2005-10-31 at 09:49 +1300, Stephen Nelson wrote: > How did you go fixing your problems with the 336? I have a couple of > 336 machines that I want to boot from CD as f

Ralink 802.11g PCI wireless cards

In case anyone from .uk is interested, www.scan.co.uk are currently selling a couple of Ralink RT2560 based 802.11g wireless cards (supported under OpenBSD by ral(4)): Edimax EW-7128G 54Mbps Wireless PCI Card (http://www.scan.co.uk/Products/ProductInfo.asp?WebProductID=152539) Gigabyte GN W

OPENVPN - openssl question

hello, For the past week, I am trying to get information to setup a sceure way for my obsd(3.8)AP <---> XP. I find the following document: http://www50.brinkster.com/dachee/OpenVPN.htm Is there anyone try this out successfully ? As I was stopped at the OpenSSL CA & Certificates. The error is l

Problems with static vpn

Hello, my OpenBSD 3.7 box at home establishes a static pptp connection to my companies vpn server. >From any client at home, I can ping any server in the company. But I can't ping any client at home from the company. I have to ping a client at work, from any client at home, in order to access my c