I recommend the atom 1u by supermicro. If you buy a pic riser with it you can
extend how many interfaces you have ( the board comes with two). You can get a
cheap SSD and your set. I've been running one as a firewall-vpn for two years
and it works great.
Sent from my iPhone
On Aug 9, 2013,
I second this. An atom board with ECC and a pci NiC to add the ports you need
is a great solution. I have a supermicro running and the performance is
fantastic.
I think you can get an 1u barebones for a good price
On Aug 9, 2013, at 9:27 PM, "William Ahern" wrote:
> On Fri, Aug 09, 2013 at
Hello misc,
I have an openbsd 5.1 firewall running with PF and four interfaces.
One is not active but I have on ext, one int and one dmz. I'm trying to get
qos working and I'm having issues.
My pf rules load fine but everything seems to be applied to only one queue
despite the traffic.
Now, be
Bought the last one. Just ordered thia one. Great book
Sent from my Android phone using TouchDown (www.nitrodesk.com)
-Original Message-
From: Francisco Valladolid H. [fic...@gmail.com]
Received: Sunday, 17 Mar 2013, 1:01am
To: Pablo Velasco Fernández [warlock...@gmail.com]
CC: Brandon Ta
You shouldn't have to input the actiontec MAC. I feel your pain about the
support though. It sucks.
To alleviate this put the actiontec back in. Log into it and go to the
interface and actually release the IP. After that unplug it immediately. Plug
your ONT into your BSD firewall and boot it up an
I've personally never has issues and performance is good. I've been running a
php-fpm/nginx stack with OpenBSD and VMware and performance has been great.
Only issue is the tools install. I've had issues with that but it runs fine
without it. I've also run it on KVM and found VMWare to be better. I
press error 5.2
hmm, on Thu, Dec 20, 2012 at 03:58:53PM -0500, Bentley, Dain said that
> PHP_FPm is running as the www user, but the permissions on resolv.conf is
> readable to everyone.
> Perhaps I missed installing PHP extension required?
php_fpm when installed from the ports is also
PHP_FPm is running as the www user, but the permissions on resolv.conf is
readable to everyone.
Perhaps I missed installing PHP extension required?
-Original Message-
From: Aaron [mailto:def...@gmail.com]
Sent: Thursday, December 20, 2012 3:53 PM
To: Bentley, Dain
Cc: misc
mailto:def...@gmail.com]
Sent: Thursday, December 20, 2012 3:48 PM
To: Bentley, Dain
Cc: misc@openbsd.org
Subject: Re: NGINX wordpress error 5.2
On Thu, Dec 20, 2012 at 1:45 PM, Bentley, Dain wrote:
> Hello all,
> I've configured a wordpress site on NGINX/OpenBSD 5.2/php_fpm.
> It works
Hello all,
I've configured a wordpress site on NGINX/OpenBSD 5.2/php_fpm.
It works fine but I seem to have problems installing plugins and getting
information from RSS feeds because the wordpress API can't seem to resolve
hostnames.
I suspect it has something to do with the fact NGINX is chroote
That would be great! KVM on openbsd. The joyent folks did it with
illumos/opensolaris based smartos. I would think a port to OpenBSD would be
possible.
Sent from my Android phone using TouchDown (www.nitrodesk.com)
-Original Message-
From: Jiri B [ji...@devio.us]
Received: Tuesday, 27 Nov
I've had good luck with the supermicro 1u with the intel atom processors. Add
a riser card, intel dual gig port nic, 2gigs of RAM and you have a good
machine. I also put a 32 gig SSD and I have a quiet, low power packet pusher.
I'd also drop the pfsense in favor of OpenBSD
Regards,
Dain Bentley
-
-
From: Markus Lude [markus.l...@gmx.de]
Received: Sunday, 09 Sep 2012, 9:52am
To: misc@openbsd.org [misc@openbsd.org]
Subject: Re: Snort not logging to alerts files
On Fri, Sep 07, 2012 at 11:54:07AM -0400, Bentley, Dain wrote:
> Hello Misc,
> I've installed Snort on OpenBS
Hello Misc,
I've installed Snort on OpenBSD 4.9 from source and everything installed
fine.
When I configure the following rules I see alerts generated:
# cat /etc/snort/snort.conf
include /etc/snort/rules/icmp.rules
# cat /etc/snort/rules/icmp.rules
alert icmp any any -> any any (msg:"ICMP Packet
Hello Misc,
I'm having a small issue with my iked.conf on my openbsd 4.9 firewall. I have
the following config and it works fine:
Ikev2 "laptop" passive esp \
From 192.168.10.0/24 to 1.1.1.0/24 local any peer any \
srcid xxx.xxx.xxx.xxx \
config add
I see that now
It appears after browsing through the lists more a.change was.comitted
sometime in May or June that fixed the issue.
Regards,
Dain Bentley
-Original Message-
From: Mike Belopuhov [m...@crypt.org.ru]
Received: Friday, 27 Jul 2012, 6:54am
To: Bentley, Dain [dbent...@nas.edu
Hello fellow OpenBSD users,
I've run into a of couple issues with setting up and IKE IPSEC VPN with a
windows 7 native client. Now I've ran through the lists and have found a
solution to get it working somewhat how I'd like it working.
I currently have this in my iked.conf:
ikev2 passive esp \
You'll find the atom performance is good. I have an atom 330 with 2 gigs of
RAM and dual on board NICs with another PCI NIC and it runs great. I also have
openvpn in bridge mode and squid running and no hiccups ar all.
Regards,
Dain Bentley
-Original Message-
From: David Diggles [da...@el
Damn auto-correct
Regards,
Dain Bentley
-Original Message-
From: Josh Grosse [j...@jggimi.homeip.net]
Received: Tuesday, 07 Feb 2012, 10:22am
To: Bentley, Dain [dbent...@nas.edu]
Subject: Re: Backup Redundancy Etcetera
"Bentley, Dain" wrote:
>and yo
I second Bacula. It runs on pretty much any OS and has tons of options and is
very configurable. You could run it on an OpenBSD server and back up you
windows and OpenBSD clients. If you have enough disk space back up your
clients to disk and migrate to tape for offsite. The windows client is also
Drop the RAID 5 and go with a RAID 10 as you were talking about but add a hot
spare if you can. RAID 10 doesn't have a parity bit which slows down write
times. But if a disk is bad and isn't replaced you can have a bad day. Hot
spares have saved my butt more than once.
Regards,
Dain Bentley
-
2012 3:04 PM
To: Bentley, Dain
Cc: misc@openbsd.org
Subject: Re: PF Snort tutorial
2012/1/3 Bentley, Dain mailto:dbent...@nas.edu>>
I've been looking around for a good tutorial on implementing snort with PF
and
everything I see is old, does anyone know of or have implemented a solution
I've been looking around for a good tutorial on implementing snort with PF and
everything I see is old, does anyone know of or have implemented a solution
using an IDS/IPS with PF on the same box? If possible I'd like snort of some
other IDS inspect packets and have pf drop them based on the fact
Thanks, that helped. I got it to connect.
From: richardtoo...@paradise.net.nz [richardtoo...@paradise.net.nz]
Sent: Tuesday, December 13, 2011 7:50 PM
To: Bentley, Dain
Cc: misc@openbsd.org; richardtoo...@paradise.net.nz
Subject: Re: PHP SQLite connection
packaged third party tools if I can help it.
From: joshua stein [j...@openbsd.org]
Sent: Tuesday, December 13, 2011 6:08 PM
To: Bentley, Dain
Subject: Re: PHP SQLite connection in OpenBSD
> PDO driverssqlite2
>
> Here is the code I a
Same error when run from command-line. I should also add this is 4.9 not 5.0.
Sorry I didn't input that info earlier.
-Original Message-
From: richardtoo...@paradise.net.nz [mailto:richardtoo...@paradise.net.nz]
Sent: Tuesday, December 13, 2011 3:35 PM
To: Bentley, Dain
Cc:
Hello all, I'm trying to connect to a sqlite database with PHP and I'm having
an issue of "driver not found". I've installed php from packages and and have
installed the php_sqlite package and configured the module for apache.
The PDO driver seems to be installed as evidenced by my php info page:
This "discussion" does not contribute to either furthering peoples knowledge
of OpenBSD, or provide any technical guidance. Can we just let bygones be
bygones and move on and stop spamming the list with this nonsense
Regards,
Dain Bentley
-Original Message-
From: Nomen Nescio [nob...@dizu
I second that. I run an atom 330 with two gigs of RAM and two 500gig drives in
a raid for development server at home is a 1u case. It performs great and its
low power
Regards,
Dain Bentley
-Original Message-
From: Jason Crawford [ja...@purebsd.net]
Received: Wednesday, 30 Nov 2011, 12:33p
No it will not. The version in FreeBSD is older and thus the syntax has
changed. Read the pf faq on the OpenBSD website. Also why are you running
samba on your firewall?
Sent from my Android phone using TouchDown (www.nitrodesk.com)
-Original Message-
From: Mostaf Faridi [mostafafar...@gm
Would I need the quick though? I would think you want pf to keep evaluating
the rules after they enter the int interface.
From: Adriaan [misc.adri...@gmail.com]
Sent: Monday, November 07, 2011 6:09 PM
To: Bentley, Dain
Cc: Patrick Lamaiziere; misc
: misc@openbsd.org; Bentley, Dain
Subject: Re: PF.CONF - with DMZ and packet tagging example
Le Mon, 7 Nov 2011 16:58:29 -0500,
"Bentley, Dain" a icrit :
Hello,
> block in on $ext from
> #NAT INBOUND TO DMZ
> pass in on $ext proto tcp from any to any port $web_services rdr-
; Bentley, Dain
Subject: Re: PF.CONF - with DMZ and packet tagging example
Le Mon, 7 Nov 2011 16:58:29 -0500,
"Bentley, Dain" a icrit :
Hello,
> block in on $ext from
> #NAT INBOUND TO DMZ
> pass in on $ext proto tcp from any to any port $web_services rdr-to
> $webserver
Hello all,
With the help of the PF Faq on the OpenBSD website, The Book of PF (2nd
Edition) and of course from the nice folks here on this mailing list I have a
pf.conf someone might find useful.
This configuration file is for an OpenBSD box with three interfaces assuming
you want one interface for
In the case of the LAN_INET and the LAN_DMZ wouldn't one need to apply the
quick rule?
If you ping a DMZ server from the internal net, pass in on $int_if from
$int_net tag LAN_INET on it will be tagged with LAN_INET. However, because the
quick option isn't inserted in the rule pf will keep evaluat
http://www.openbsd.org/faq/pf/tagging.html
From: Axton [axton.gr...@gmail.com]
Sent: Thursday, November 03, 2011 2:51 PM
To: Bentley, Dain
Cc: Stuart Henderson; misc@openbsd.org
Subject: Re: Packet Tagging issues with NAT in pf OBSD 4.9
On Thu, Nov 3, 2011 at 1
Hello Axton...cool name by the way.
I noticed the match statements work for me as well, Perhaps it is required?
From: Axton [axton.gr...@gmail.com]
Sent: Thursday, November 03, 2011 2:06 PM
To: Bentley, Dain
Cc: Stuart Henderson; misc@openbsd.org
Subject
Hello Stuart and thanks for your reply.
It still doesn't help, this seems to work but I'm not sure if this is a good
config:
# NAT RULES
match out on $ext tagged LAN nat-to ($ext)
# BLOCKING AND PACKET TAGGING
pass in on $int from $int_net tag LAN
#pass in on $int tag LAN
block out on $ext from
Hi, thanks for replying
I was looking to use packet tagging though.
-Original Message-
From: Wesley M. [mailto:open...@e-solutions.re]
Sent: Thursday, November 03, 2011 6:20 AM
To: Bentley, Dain
Cc: misc@openbsd.org
Subject: Re: Packet Tagging issues with NAT in pf OBSD 4.9
Take a look at this:
http://www.packetmischief.ca/openbsd-compact-flash-firewall/
http://blog.spoofed.org/2007/12/openbsd-on-soekris-cheaters-guide.html
It's about installing on a flash card but how to mount filesystems to memory
is in there.
___t_
From: owner
Hello all,
I recently stood up an OpenBSD server to replace and older ASA. I read the
faq and was interested in the packet tagging aspect because I have a DMZ and
it makes the rule set seem more readable to my brain..
In any case I have the following taken from the PF faqs on the OpenBSD
website
41 matches
Mail list logo
