Jan Stary wrote:
Hi all,
last night, I installed 4.1 on the new ALIX.1C:
http://www.pcengines.ch/alix1c.htm (see dmesg at bottom).
The intended use of the box is a home router/firewall/NAT/DNS/DHCP
for my home "network" of about four computers (heterogeneous).
Everything works fine (as usual wi
On Fri, Sep 21, 2007 at 11:12:10PM -0400, [EMAIL PROTECTED] wrote:
> Douglas A. Tutty wrote:
> ...
> > I don't understand the logic of having multiple firewalls on one box.
> > If one box can handle the throughput requirements of all the NICs, why
> > not just one big firewall?
>
> There are lots
Boris Goldberg wrote:
Hello Daniel,
Just want to make sure that we are on the same page: I'm talking about
i386. It seems from below that your concern is more about amd64, but I
didn't really try it, because my CPU isn't even a Xeon.
You are 100% right. An oversight on my part here.
Douglas A. Tutty wrote:
...
> I don't understand the logic of having multiple firewalls on one box.
> If one box can handle the throughput requirements of all the NICs, why
> not just one big firewall?
There are lots of places where multiple firewalls are better than a
single firewall. If one bel
Thanks for the responses from Peter and others.
The CAVEAT seems only to apply to the USB variant - mine is a PCI:
# dmesg| grep ral0
ral0 at pci0 dev 15 function 0 "Ralink RT2560" rev 0x01: irq 5,
address 00:13:d3:6a:bb:9d
ral0: MAC/BBP RT2560 (rev 0x04), RF RT2525
I've tried setting specif
On Sat, 2007-09-22 at 00:34 +0200, Claudio Jeker wrote:
> > We are talking about OpenBSD here, and support for VRF is not there.
> That may change faster then you expect
These are great news. If the implementation will allow to assign
interfaces to different VRFs it would solve the virtual router/
On 9/20/07, Josh <[EMAIL PROTECTED]> wrote:
> Hello there.
>
> We have a bunch of obsd firewalls, 8 at the moment, all working nice and
> so forth. But we
> need to add about another 4 in there for new connections and networks,
> which means more
> machines to find room for.
>
> So basically I have
On 9/21/07, Claudio Jeker <[EMAIL PROTECTED]> wrote:
>
> On Fri, Sep 21, 2007 at 11:16:37PM +0200, Luca Corti wrote:
> > On Fri, 2007-09-21 at 20:51 +0100, Stuart Henderson wrote:
> > > On 2007/09/21 14:29, bofh wrote:
> > > > That's why god created competant network admins and NAT.
> > > And VRF.
List,
Does anyone know of an embedded single board computer, much like a
WRAP/ALIX.C, which has at least one miniPCIe slot?
having no luck on the intertubes am i right in thinking that these board
just are not suitable for 802.11n networking? considering power
requirements, bus bandwidth etc
On Fri, Sep 21, 2007 at 11:16:37PM +0200, Luca Corti wrote:
> On Fri, 2007-09-21 at 20:51 +0100, Stuart Henderson wrote:
> > On 2007/09/21 14:29, bofh wrote:
> > > That's why god created competant network admins and NAT.
> > And VRF.
>
> We are talking about OpenBSD here, and support for VRF is no
I'm seeing some sendto: No buffer space available errors along with some ssh
session hangs. The symptoms are intermitent and look a lot like this
thread.
http://monkey.org/openbsd/archive/misc/0309/msg00827.html
The system is 4.1 stable generic with the sangoma wanpipe driver. Most
traffic is mov
Hi,
I'm trying to concatenate 2 disks using ccd. With an interleave factor
of 0, as described by the man page of ccd(4), it doesn't work. An
interleave factor of 1 works, though. Also, the fstype is 4.2BSD in my
example, but there's no difference if I set it to CCD.
This resembles a bug that
On 9/21/07, bofh <[EMAIL PROTECTED]> wrote:
> Sorry, iirc it was in that link that Theo posted on core 2 errata.
> Hopefully I didn't read it incorrectly. But I disclaim everything...
there is an errata that disabling the NX bit causes it to be disabled
on both cores, but this hardly relevant. o
On Fri, 2007-09-21 at 14:29 -0500, bofh wrote:
> That's why god created competant network admins and NAT.
You are not always in control of all things. Powerful technology is
about choice, not about one absolute right way. BTW, NAT sucks.
ciao
Luca
On Fri, 2007-09-21 at 20:51 +0100, Stuart Henderson wrote:
> On 2007/09/21 14:29, bofh wrote:
> > That's why god created competant network admins and NAT.
> And VRF.
We are talking about OpenBSD here, and support for VRF is not there.
ciao
Luca
On Fri, Sep 21, 2007 at 04:39:49PM +0200, Christoph Egger wrote:
> Which form is better (a) or b))?
>
> a)
>
> char slave[80];
> ...
>
> if (openpty(&masterfd, &slavefd, slave, NULL, NULL) < 0)
char slave[PATH_MAX] ?
I think it's a reasonable assumption that no library function
will return (on
Sorry, iirc it was in that link that Theo posted on core 2 errata.
Hopefully I didn't read it incorrectly. But I disclaim everything...
On 9/21/07, Ted Unangst <[EMAIL PROTECTED]> wrote:
> On 9/21/07, bofh <[EMAIL PROTECTED]> wrote:
> > Isn't one of the core2 bugs that nx is only honored for one
On 9/21/07, bofh <[EMAIL PROTECTED]> wrote:
> Isn't one of the core2 bugs that nx is only honored for one of the
> cores but not the other?
do you have an errata number?
On 9/21/07, Darren Spruell <[EMAIL PROTECTED]> wrote:
> Here's an entirely realistic scenario at this point:
>
> - Administrator pays loads of money for VMware ESX; for better ROI, he
> intends to replace several systems on the network with one big system
> running a number of VMs. Maybe there is a
Isn't one of the core2 bugs that nx is only honored for one of the
cores but not the other?
On 9/20/07, Ted Unangst <[EMAIL PROTECTED]> wrote:
> On 9/20/07, Darren Spruell <[EMAIL PROTECTED]> wrote:
> > On 9/20/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > > According to:
> > > http://www.
On 2007/09/21 14:29, bofh wrote:
> That's why god created competant network admins and NAT.
And VRF.
Vous avez besoin pour votre entreprise et aussi ` titre personnel de
sauvegarder vos anciens films (8, Super8, VHS, Hi8, Video8, DV et autres) et
leur donner une nouvelle jeunesse en les mettant sur DVD, ceci ` moindre co{t.
Ne cherchez plus, nous sommes l`.
Nous sommes prisents sur le marchi d
On 9/21/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
[snip]
> EM64T is supposed to run on AMD64... and it appears that the Intel chips do
> support the NXE bit since around 2005.
> Can anyone confirm that the newer ia32e chips (made after early 2005) are
> actually supporting W^X? It seems th
That's why god created competant network admins and NAT.
On 9/21/07, Luca Corti <[EMAIL PROTECTED]> wrote:
> On Fri, 2007-09-21 at 10:52 -0400, Douglas A. Tutty wrote:
> > I don't understand the logic of having multiple firewalls on one box.
> > If one box can handle the throughput requirements
Hello Daniel,
Just want to make sure that we are on the same page: I'm talking about
i386. It seems from below that your concern is more about amd64, but I
didn't really try it, because my CPU isn't even a Xeon.
Wednesday, September 19, 2007, 6:00:16 PM, you wrote:
>> I have pretty
I sent a message and it looks like it got rejected... basically I found out
that ia32e is EM64T(Intel's marketing name for it).
I was thinking it was the itanium arch which is actually ia64. But either
way...
EM64T is supposed to run on AMD64... and it appears that the Intel chips do
support t
The kid's an idiot. Set up qemu on the mandatory windows machine and run
your Ubuntu. The sentence said nothing about running an emulated OS on your
monitored OS. The kid is just a whiner "First they give me two felonies,
then they throw me in prison, and now this." As if using Windows is more
I don't use X much and instead use lots of Virtual Terminals.
Since I'm on dialup, sometimes I need to leave multiple VTs open to do
things, perhaps downloading something, or its just that I'm in the
middle of things.
How can I lock the whole virtual termial setup? lock(1) only lets me
lock th
On Fri, 2007-09-21 at 10:52 -0400, Douglas A. Tutty wrote:
> I don't understand the logic of having multiple firewalls on one box.
> If one box can handle the throughput requirements of all the NICs, why
> not just one big firewall?
Overlapping IP address space.
ciao
Luca
Siju George wrote:
Call Failed : Problem with audio playback
It is unlikely that Skype will ever work on OpenBSD for more than
chatting, as it uses ALSA for audio output (same as Flash 9.)
That's not something compat_linux(8) can handle, only OSS audio output
is emulated.
Moritz
On 9/21/07, Pau Amaro-Seoane <[EMAIL PROTECTED]> wrote:
> www.aei.mpg.de/~pau/skype.png
>
> (BIG png, watch out, I don't want to kill your modem connection)
>
> was working fine. I installed it as an exercise and then deleted it...
> because I don't use it
>
Thanks a lot pau for the reply :-)
What
Something like iftab on debian.
On 9/21/07, Gregory Edigarov <[EMAIL PROTECTED]> wrote:
> The best thing however would be to have the ability to set the name of
> an intreface based on it's mac address, perhaps somebody is working on
> it/having it on the todo list?
>
> --
> With best regards,
>
On 9/21/07, Adam PAPAI <[EMAIL PROTECTED]> wrote:
>
> Could you please write me the procedure a little bit detailed?
>
> You downloaded the skype binary, installed the redhat-* stuff, enabled
> linux_compat and you had to copy some files from where?
>
OK :-)
I did this on a 4.1/i386.
For other ver
Hi all,
I finally found a solution to my ftp-proxy problem. The machine is a Dell
2950 with broadcom gigabit NICs, so I'm using the bnx driver included in the
generic kernel. It seems that the TCP checksum offloading causes problems
in certain cases. I found a reference to this on another me
Nick Holland wrote:
Gregory Edigarov wrote:
Hello Everybody,
Supposing I have several identical NIC's in my server, can I predict
which become int0, which become int1, etc?
A link to document explaining (or man something) would absolutely suffice.
Thank you.
Not Easily, at least if
Darren Spruell wrote:
At least in a traditional non-virtualized firewall model, the attacker
would have to pull out real exploits and attack real (secured)
services to compromise the firewall, and it wouldn't fall at the same
time as the other hosts.
Yes, these kinds of of flaws have (so far) be
On Sep 21 09:49:20, Nick Holland wrote:
> >http://www.pcengines.ch/alix1c.htm (see dmesg at bottom).
> >The intended use of the box is a home router/firewall/NAT/DNS/DHCP
> >for my home "network" of about four computers (heterogeneous).
> >Firstly, swap (i don't really mind reinstalling). Install
Jan Stary wrote:
I am concerned
about the CF wearing off. As these articles are from 2005 - do these
things still apply to newer CF cards, and should I therefore set up
a mfs? What else should I do to make the CF card live longer (noatime
comes to mind of course).
Remote sysloging
Jan Stary <[EMAIL PROTECTED]> wrote:
> last night, I installed 4.1 on the new ALIX.1C:
> http://www.pcengines.ch/alix1c.htm (see dmesg at bottom).
> The intended use of the box is a home router/firewall/NAT/DNS/DHCP
> for my home "network" of about four computers (heterogeneous).
I recently got a
> >Josh wrote:
> >>Hello there.
> >>
> >>We have a bunch of obsd firewalls, 8 at the moment, all working nice
> >>and so forth. But we
> >>need to add about another 4 in there for new connections and
> >>networks, which means more
> >>machines to find room for.
> >>
> >>So basically I have been a
On 9/21/07, Scott Wells <[EMAIL PROTECTED]> wrote:
> However, I don't fully agree with the sentiment that running a firewall
> in a virtual machine (let's be specific, VMWare ESX) guest environment.
> I'm running my firewall on a ESX 3.0.2 guest, and it works perfectly
> fine. That being said, you
> -Urspr|ngliche Nachricht-
> Von: Christoph Leser
> Gesendet: Freitag, 21. September 2007 16:44
> An: '[EMAIL PROTECTED]'
> Betreff: Re: isakmp phase 2 negotiation failed
>
>
> > w
> >#$OpenBSD: ipsec.conf,v 1.5 2006/09/14 15:10:43 hshoexer Exp $
> >#
> ># See ipsec.con
On Fri, Sep 21, 2007 at 08:53:02AM +0100, Craig Skinner wrote:
> >The One.
> >
>
> The one gonad.
>
> Get a proper email account you cowardly faggot.
Lets not get into WW II morale-boosting songs :)
Doug.
--- Stefan Sczekalla-Waldschmidt <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I tryed to set up spamd on OpenBSD4.1
>
> but after "preloading" the database at /var/db/spamd
>
> using:
>
> isabsd # /usr/libexec/spamd-setup -d
> Getting http://www.openbsd.org/spamd/nixspam.gz
> blacklist nixspam 39960 e
www.aei.mpg.de/~pau/skype.png
(BIG png, watch out, I don't want to kill your modem connection)
was working fine. I installed it as an exercise and then deleted it...
because I don't use it
Cheers,
Pau
2007/9/21, Siju George <[EMAIL PROTECTED]>:
> On 9/20/07, Siju George <[EMAIL PROTECTED]> wro
Jan Stary wrote:
Hi all,
last night, I installed 4.1 on the new ALIX.1C:
http://www.pcengines.ch/alix1c.htm (see dmesg at bottom).
The intended use of the box is a home router/firewall/NAT/DNS/DHCP
for my home "network" of about four computers (heterogeneous).
Everything works fine (as usual wi
On 2007/09/21 08:01, Jeremy C. Reed wrote:
> On Fri, 21 Sep 2007, Stefan Sczekalla-Waldschmidt wrote:
>
> > isabsd # /usr/libexec/spamd-setup -d
>
> See your pf(4) table
This changed in 4.1; unless you use -b, it's no longer
necessary to keep the blacklist in a PF table.
It sounds to me like the comments here are largely appropriate,
virtualizing firewalls in the limited context that has been explained
probably isn't a real good idea...at least due to perceived load.
Additionally, if there are that many fireuwalls being ran, instead of
numerous interfaces in a
On 9/21/07, Kent Watsen <[EMAIL PROTECTED]> wrote:
>
> Some commercial firewalls (i.e. Juniper/NetScreen ScreenOS-based gear)
> have been offering virtual-systems for years now. I think the negative
> comments received here may be appropriate when sharing the system with
> non-secure guest OSs, bu
On Fri, 21 Sep 2007, Stefan Sczekalla-Waldschmidt wrote:
> isabsd # /usr/libexec/spamd-setup -d
See your pf(4) table
pfctl -t spamd -T show | wc -l
pfctl -t spamd -T show | tail
> spamdb does not show any entries ...
>
> isabsd # spamdb
That is unrelated. spamdb only touches the hash datab
Hi,
I tryed to set up spamd on OpenBSD4.1
but after "preloading" the database at /var/db/spamd
using:
isabsd # /usr/libexec/spamd-setup -d
Getting http://www.openbsd.org/spamd/nixspam.gz
blacklist nixspam 39960 entries
whitelist override 40138 entries
Getting http://www.openbsd.org/spamd/chinac
Some commercial firewalls (i.e. Juniper/NetScreen ScreenOS-based gear)
have been offering virtual-systems for years now. I think the negative
comments received here may be appropriate when sharing the system with
non-secure guest OSs, but it seems that it might be alright if its
nothing but fi
> -Urspr|ngliche Nachricht-
> Von: Christoph Leser
> Gesendet: Freitag, 21. September 2007 12:58
> An: 'n0g0013'
> Betreff: AW: isakmp phase 2 negotiation failed
>
>
> -Urspr|ngliche Nachricht-
> Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Auftrag
> von n0g0013
> Gesende
Hi all,
last night, I installed 4.1 on the new ALIX.1C:
http://www.pcengines.ch/alix1c.htm (see dmesg at bottom).
The intended use of the box is a home router/firewall/NAT/DNS/DHCP
for my home "network" of about four computers (heterogeneous).
Everything works fine (as usual with OpenBSD), but
th
Gregory Edigarov wrote:
> Hello Everybody,
>
> Supposing I have several identical NIC's in my server, can I predict
> which become int0, which become int1, etc?
>
> A link to document explaining (or man something) would absolutely suffice.
> Thank you.
Not Easily, at least if you are referring
On 20.09-19:17, Daniel Ouellet wrote:
[ ... ]
> Do, as you see fit, but my advise to you, wouldn't be to help trying to
> get it up as is now, but first run 4.1, then try the new way of doing
> it. I think that would be much better spend of time.
thanks for the advice. unfortunately both system
Tried and as before it stuck at 75Hz resulting in 1280x1024. Some time
ago I've somewhere read that on linux with Xorg 7.2 someone also had
this problem (I don't know if I can call it "same problem", it has
widescreen LCD, i810 driver) and solved it by updating i810 driver,
xrandr to 1.2 and so
Well to answer my question apparently I could use inetd to also do
port forwarding which is included in base and really easy to do. After
figuring that out I was suddenly able to figure out my pf problems and
got pf to port forward correctly also.
Thanks guys,
- Jake
On 9/21/07, Peter N. M. Hanst
I've now reached the french alps by bike. I will soon cycle beside the mediterranean sea near the coast. I have taken some pictures and written some about my expedition. If you're interested you can point your brower too the following address:
http://www.narfstrom.se
Friendly regards from Grenob
On 2007/09/21 11:12, Marian Hettwer wrote:
>> route add som.eth.in.g and you're set
>>
> This would basically mean, if som.eth.in.g is let's say 123.123.123.123,
> that every connection to that destination goes through my pppoe uplink.
> Right?
Yes.
> Isn't there a way to say something lik
Gregory Edigarov schrieb:
Marian Hettwer wrote:
Hi All,
Question is:
How do I fiddle around with my routing table, that basically the wget
running on my router is using sis2 (with the pppoe uplink), while the
rest (my existing working lan) is still using sis0 with my good-guys
cable modem
Like Darrin suggested try matching Modelines and Modes :
On xorg.conf
Enable only this (comment the rest of the modellines) :
Modeline "1680x1050_60.00" 147.14 1680 1784 1968 2256 1050 1051
1054 1087 -HSync +Vsync
Modify the screen section :
Section "Screen"
Identifier "Screen0"
Marian Hettwer wrote:
Hi All,
Question is:
How do I fiddle around with my routing table, that basically the wget running
on my router is using sis2 (with the pppoe uplink), while the rest (my existing
working lan) is still using sis0 with my good-guys cable modem uplink?
just do:
route ad
Henning Brauer wrote:
* Craig Skinner <[EMAIL PROTECTED]> [2007-09-21 10:02]:
Maybe there is need for an additional group for other functions that are
now more common?
halter? :)
For a while I supported Sun's Netconnect service, which is a fancy
Nagios for Solaris. It watches the logs for
Hello Everybody,
Supposing I have several identical NIC's in my server, can I predict
which become int0, which become int1, etc?
A link to document explaining (or man something) would absolutely suffice.
Thank you.
--
With best regards,
Gregory Edigarov
"Jake Conk" <[EMAIL PROTECTED]> writes:
> I added this rdr rule to my pf.conf:
>
> rdr on $ext_if proto tcp from any to any port ftp -> 192.168.10.9 port ftp
FTP is a special case. Like Jason pointed out, you most likely need
to hook ftp-proxy into your configuration.
- P
--
Peter N. M. Hanst
* Craig Skinner <[EMAIL PROTECTED]> [2007-09-21 10:02]:
> Maybe there is need for an additional group for other functions that are
> now more common?
halter? :)
--
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DN
Darren Spruell wrote:
On 9/20/07, Nick Holland <[EMAIL PROTECTED]> wrote:
Can someone please inform me if this is a really bad idea or not,
ideally with some nice reasoning?
Anyone who told you VM technology and security had anything to do with
each other was full of doo-doo.
I'll echo Nick
The One.
The one gonad.
Get a proper email account you cowardly faggot.
Matthew Szudzik wrote:
I don't know the history of the operator group, but it almost seems as if
it dates back to the days when BSD ran on mainframes whose only form of
removable media was a tape drive. Of course, computers are being used
much differently nowadays, so it makes sense to updat
Gregory Edigarov wrote:
Just an update: I've made /usr/xobj directory, then run the same
command again, with same result.
read the README file, under the "hopeless case section"...
that helped me (I am a hopeless case, too, but not hopless ;)
OK, thanks, guys. It worked. And sorry fo
71 matches
Mail list logo
