"Damian Higgins" wrote:
Hi Stuart,
First off, thank you for the feedback you provided. Unfortunately, you
misunderstood the issue I'm encountering because you haven't read my
entire post. So, I'll try to make a brief post of the previous
message, to make it easier to read, and hope you will have
soko.tica Wrote:
Hello, list
When I tried to see pf log of my recently installed OpenBSD 4.4
desktop box, I've got the message that snaplen has been raised from 96
to 116, even when I did give it a try with -s 96.
That is normal. The snaplen is only used for listening on an interface.
When re
On 2008-11-06, Stuart Henderson wrote:
On 2008-11-05, Limaunion <[EMAIL PROTECTED]> wrote:
Hi, for some reason my OpenBSD 4.4 firewall is been able to negotiate
dhcp request although there are no rules that allow this operation.
dhcp uses BPF (like tcpdump does), this is below PF and is not
re
I have previously used two PPPoE links succesfully. The
sys/net/if_pppoe.c:pppoe_find_softc_by_session() is correct as long as
the devices are attached to different ethernet devices.
Since you have not provided any information about your configuration, I
can only make a guess. I would say tha
Joaquin Fernandez Piqueras wrote:
> The problem is that the bridge doesn't filter anything. I tried to put
> rules that block everything but only filter administration interfaces.
> The trafic still go through the bridge.
Are you perhaps using VLANs on the network you are bridging?
Are you bridgin
> > Nice, you probably want to keep the application/kernel tag name spaces
> > distinct though. Otherwise it would be easy for any local user/program
> > to mess with pf.conf generated tags and bypass filtering etc. It could
> > be as easy as adding a prefix ("APP_" ?) to all application generat
> Hey
>
> so now I changed the tagging from tcp_output to ip_output.
> I also put an pf_tag_unref to so_free and sosetopt (in case that there
> is allready a tag set).
> I couldn't see a reason for a pf_tag_unref in the so_accept because
> the socket could be reused.
> Thanks to Henning for the ide
Darrin Chandler wrote:
> On Wed, Oct 24, 2007 at 11:46:34PM -0400, Brian wrote:
>> Make sure you have restarted Firefox after making changes to
>> /etc/resolv.conf. Specifically, the application-level DNS cache will
>> contain old data if you have not restarted it. This bit me for 3
>> minutes st
L. V. Lammert <[EMAIL PROTECTED]> wrote:
>> > If not, then security issues compound due to multiple guest OSs and
>> each set
>> > of inherent vulnerabilities.
>>
>>security issues and protections do not add up like numbers.
>
> Sure they do. If I'm running Windoze as a guest OS, there are hundre
L. V. Lammert wrote:
> At 05:12 PM 10/24/2007 +0200, Henning Brauer wrote:
>>* L. V. Lammert <[EMAIL PROTECTED]> [2007-10-24 16:46]:
>> > Virtualization provides near absolute security - DOM0 is not visible to
>> > the user at all, only passing network traffic and handling kernel calls.
>> > The se
Tony Sarendal <[EMAIL PROTECTED]> wrote:
> To design a reliable IP network I would need the devices to be able to
> handle
> the desired pps rate even when that state limit is exceeded.
>
> Many routing devices have over the years achieved good performance by
> different flow caching
> methods, we
Tony Sarendal <[EMAIL PROTECTED]> wrote:
> On 10/21/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
>>
>> * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-21 14:50]:
>> > > stateless is poop.
>> > What will happen when the limit of maximum concurrent states is reached
>> ?
>> > Will it stop forwarding ne
Anton Karpov <[EMAIL PROTECTED]> wrote:
> 2007/10/10, Stuart Henderson <[EMAIL PROTECTED]>:
>>
>> On 2007/10/10 20:43, [EMAIL PROTECTED] wrote:
>> > Nice to hide your local network IP ;)
>> > Do not show it anyone!
>> >
>> > On 10/10/07, Anton Karpov <[EMAIL PROTECTED]> wrote:
>> > > It's a kind of
On 9/6/07, asdf <[EMAIL PROTECTED]> wrote:
> --- Can Erkin Acar <[EMAIL PROTECTED]> wrote:
>
> >
> > pppoe is not included in the installation kernels. You have a few
> > choices, in order of preference:
> >
>
> But the GENERIC kernel that is install
asdf wrote:
> Is it possible to install OpenBSD on a machine connected to a DSL modemusing
> the
> PPPoE network connection? I have an old PC I'd like to use as a router for my
> new
> DSL internet service and I am pretty sure that its CD-ROM drive is
> non-functional.
pppoe is not included in
Umaxx wrote:
> hi,
>
> after upgrading my router to -current the dsl pppoe connection does not work
> anymore.
> userland ppp connects fine but freezes after K�30 seconds. freeze means the
> connection is still there no errors shown in logs and ifconfig state is normal
> but there is no more incom
Jurjen Oskam wrote:
> Hi there,
>
> I'm using OpenBSD 4.1-stable/amd64 (dmesg below). I'm setting up ipsec to
> secure my wireless network, and that seems to work great. (Great job on the
> new way to configure ipsec, by the way!)
>
> When using tcpdump on the enc0 interface, I noticed that it se
On 2007-03-28 Tamas TEVESZ wrote:
> ok, so i'm not *entirely* sure it's with pppoe(4), but as far as i can
> put bits and pieces together, it's always happening after "ifconfig
> pppoe0 down; ifconfig pppoe0 destroy" and then either "sh
> /etc/netstart pppoe0" or (the second case) starting ppp(8
Dan Farrell wrote:
> I'm running Snort 2.4.5 (the pkg) on OpenBSD 4.0 and I use a bpf filter
> file to have Snort ignore certain hosts altogether.
>
> The command I'm using is 'snort -D -i dc1 -F bpfile'
The kernel has a limit for the maximum number of filter
instructions. Currently it is set to
On Thu, Dec 21, 2006 at 02:39:50PM +, Stuart Henderson wrote:
> On 2006/12/21 15:29, Dominik Zalewski wrote:
> > In this article squid is running on the same machine as OpenBSD firewall.
> > In
> > my case I have squid running on different machine connected to LAN
> > interface.
> > My ques
On Thu, Dec 21, 2006 at 03:29:51PM +0200, Dominik Zalewski wrote:
> On Thursday 21 December 2006 15:04, Peter N. M. Hansteen wrote:
> > Dominik Zalewski <[EMAIL PROTECTED]> writes:
> > > I have OpenBSD 4.0 firewall and I would like to redirect all outgoing
> > > http requests to my squid web proxy.
Edy <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I am trying to configure spamd on the current bridge PF firewall which
> is running on OpenBSD 4.0
>
> fxp0 and fxp1 both are setup as bridge interfaces
>
> the following is the rdr rule for spamd
>
> ## Spamd Stuff
> # Table that spamd updates
> table
On Sat, Sep 02, 2006 Nick Holmes wrote:
> I'm currently in the position where I have an OpenBSD firewall (standard
> issue x86 affair), a Zyxel 660H-61 ADSL router, and two 3COM WLAN devices
> providing the necessary services. I'd very much like to consolidate and get
> one box doing the lot (av
On Monday 22 May 2006 Liviu Daia wrote:
> On 22 May 2006, Lars Hansson <[EMAIL PROTECTED]> wrote:
> > On Monday 22 May 2006 17:27, Liviu Daia wrote:
> > > Ok, let me rephrase this. How realistic will be to run an
> > > OpenBSD firewall or router without xbase a few years from now?
Extremely r
On 10/02/06, Damon McMahon <[EMAIL PROTECTED]> wrote:
> Greetings,
>
> I'm having trouble getting pppoe(4) to establish a connection from my
> OpenBSD 3.7 RELEASE (+ errata patches) box to my ISP through a Netgear
> DG632 in bridge mode. I can successfully establish a connection using
> pppoe(8) a
Claudio Jeker wrote:
> On Wed, Nov 02, 2005 at 04:42:12PM +0100, Henning Brauer wrote:
> > * Dulmandakh Sukhbaatar <[EMAIL PROTECTED]> [2005-11-02 05:25]:
> > > I'm new to OBSD, and configured in-kernel pppoe as my internet gateway.
> > > I found out that with userland pppoe automatic reconnect is
Antoine Jacoutot wrote:
> Jason McIntyre wrote:
>> my hostname.pppoe0 file does this without problem. i guess the problem
>> is you specify an exact ip, but a wildcard for your gateway.
>
> Sorry about that. I was not very clear. In fact, I also tried to set the
> gateway to a fixed IP, but it do
You possibly have other/previous pppoe sessions not being
terminated correctly. The reason is that, the kernel pppoe
does not terminate unknown sessions (ie. not handled by itself).
see pppoe(4) manual page for details, compiling a kernel
with PPPOE_TERM_UNKNOWN_SESSIONS option may help.
Can
Talmage wrote:
> I'm planning on implementing a OpenBSD all-in-one router/firewall/
> PPPoE_client/VPN_server and have been having issues getting the in-
> kernel PPPoE to work which is the first thing I'm working on. I've
> checked the pppoe(4) manpages but still haven't been able to get it
ed <[EMAIL PROTECTED]> wrote:
> Thats good, thanks, I thought tcpdump was IP layer only, because of
> the name.
While tcpdump is not IP layer only, pf is. So you will not be able
to see ARP packets or ethernet addresses when reading pflog.
Can
> On Tue, 13 Sep 2005 14:38:09 +0300
> Huzeyfe Onal
Mike P <[EMAIL PROTECTED]> wrote:
> Hello,
>
> The pppoe solution has spreaded into my area as i saw
> on many providers. I setup a computer with openbsd 3.7
> to act as a router togheter with pf and nat
> capabilities.
>
> After all the settings i did this computer is acting
> very strange. The
Melameth, Daniel D. wrote:
> > Note that, if debugging is turned on, it would not go above 1.5Mb/s,
> > due to excessive amount of logging, make sure that you do not somehow
> > turn debug on by default.
>
> It is definitely not on by default.
ok, just wanted to make sure.
> > Another thing to
Melameth, Daniel D. wrote:
> I've looked into this further and still cannot determine where the issue
> lies. Based on some advice, I unplugged the OpenBSD machine and setup a
> Windows XP machine instead. The Windows native PPPoE client was able to
> download at 5.5Mb/s and the OpenBSD machine
William Fletcher wrote:
> Hi,
>
> I setup /etc/hostname.pppoe0 as specified in pppoe(4), I fixed the scrub
> thing so it would
> allow IP changes on the interface. The NAT works, everything works 100%,
> except
> for when the ISP drops the connection or if I turn off the "modem" I'm using
> as
Theo de Raadt wrote:
[snip]
> > 2. Will hostname.pppoe be able to handle special cases like Jens' #
> > character in the username without any special devices, will quotes
> > (single, double, or otherwise) handle it, or will those people need to
> > rely on the userland driver for the moment?
>
Jason Ackley wrote:
> Can you try turning on the debug flag to pppoe0 ?
Good advice, debug mode gives lots of useful output
also tcpdump on the parent interface, eg. 'tcpdump -nei fxp0 no ip'
helps.
> I just tested this in a lab setup and it would not connect unless the
> debug flag was set on th
Josh Grosse wrote:
[snip]
> I have a VT8235 southbridge chip, providing integrated AC97 audio.I
> just want 2-channel (stereo) output, but am only able to obtain
> left-channel output from the soundcard. I'm running 3.7-release, and
> of course its using the auvia(4) driver.
[snip]
> ac97: co
37 matches
Mail list logo
